{"version":3,"file":"ed25519.cjs","sources":["../../../../src/utils/checkAddressOnCurve/ed25519.ts"],"sourcesContent":["/**!\r\n * noble-ed25519\r\n *\r\n * The MIT License (MIT)\r\n *\r\n * Copyright (c) 2019 Paul Miller (https://paulmillr.com)\r\n *\r\n * Permission is hereby granted, free of charge, to any person obtaining a copy\r\n * of this software and associated documentation files (the “Software”), to deal\r\n * in the Software without restriction, including without limitation the rights\r\n * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\r\n * copies of the Software, and to permit persons to whom the Software is\r\n * furnished to do so, subject to the following conditions:\r\n *\r\n * The above copyright notice and this permission notice shall be included in\r\n * all copies or substantial portions of the Software.\r\n *\r\n * THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\r\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\r\n * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\r\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\r\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\r\n * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\r\n * THE SOFTWARE.\r\n */\r\nconst D =\r\n  37095705934669439343138083508754565189542113879843219016388785533085940283555n;\r\nconst P =\r\n  57896044618658097711785492504343953926634992332820282019728792003956564819949n; // 2n ** 255n - 19n;  ed25519 is twisted edwards curve\r\nconst RM1 =\r\n  19681161376707505956807079304988542015446066515923890162744021073123829784752n; // √-1\r\n\r\n// mod division\r\nfunction mod(a: bigint): bigint {\r\n  const r = a % P;\r\n  return r >= 0n ? r : P + r;\r\n}\r\n\r\nfunction pow2(x: bigint, power: bigint): bigint {\r\n  // pow2(x, 4) == x^(2^4)\r\n  let r = x;\r\n  while (power-- > 0n) {\r\n    r *= r;\r\n    r %= P;\r\n  }\r\n  return r;\r\n}\r\n\r\nfunction pow_2_252_3(x: bigint): bigint {\r\n  // x^(2^252-3) unrolled util for square root\r\n  const x2 = (x * x) % P; // x^2,       bits 1\r\n  const b2 = (x2 * x) % P; // x^3,       bits 11\r\n  const b4 = (pow2(b2, 2n) * b2) % P; // x^(2^4-1), bits 1111\r\n  const b5 = (pow2(b4, 1n) * x) % P; // x^(2^5-1), bits 11111\r\n  const b10 = (pow2(b5, 5n) * b5) % P; // x^(2^10)\r\n  const b20 = (pow2(b10, 10n) * b10) % P; // x^(2^20)\r\n  const b40 = (pow2(b20, 20n) * b20) % P; // x^(2^40)\r\n  const b80 = (pow2(b40, 40n) * b40) % P; // x^(2^80)\r\n  const b160 = (pow2(b80, 80n) * b80) % P; // x^(2^160)\r\n  const b240 = (pow2(b160, 80n) * b80) % P; // x^(2^240)\r\n  const b250 = (pow2(b240, 10n) * b10) % P; // x^(2^250)\r\n  const pow_p_5_8 = (pow2(b250, 2n) * x) % P; // < To pow to (p+3)/8, multiply it by x.\r\n  return pow_p_5_8;\r\n}\r\nfunction uvRatio(u: bigint, v: bigint): bigint | null {\r\n  // for sqrt comp\r\n  const v3 = mod(v * v * v); // v³\r\n  const v7 = mod(v3 * v3 * v); // v⁷\r\n  const pow = pow_2_252_3(u * v7); // (uv⁷)^(p-5)/8\r\n  let x = mod(u * v3 * pow); // (uv³)(uv⁷)^(p-5)/8\r\n  const vx2 = mod(v * x * x); // vx²\r\n  const root1 = x; // First root candidate\r\n  const root2 = mod(x * RM1); // Second root candidate; RM1 is √-1\r\n  const useRoot1 = vx2 === u; // If vx² = u (mod p), x is a square root\r\n  const useRoot2 = vx2 === mod(-u); // If vx² = -u, set x <-- x * 2^((p-1)/4)\r\n  const noRoot = vx2 === mod(-u * RM1); // There is no valid root, vx² = -u√-1\r\n  if (useRoot1) x = root1;\r\n  if (useRoot2 || noRoot) x = root2; // We return root2 anyway, for const-time\r\n  if ((mod(x) & 1n) === 1n) x = mod(-x); // edIsNegative\r\n  if (!useRoot1 && !useRoot2) {\r\n    return null;\r\n  }\r\n  return x;\r\n}\r\n\r\n// https://datatracker.ietf.org/doc/html/rfc8032#section-5.1.3\r\nexport function _pointIsOnCurve(y: bigint, lastByte: number): boolean {\r\n  const y2 = mod(y * y); // y²\r\n  const u = mod(y2 - 1n); // u=y²-1\r\n  const v = mod(D * y2 + 1n);\r\n  const x = uvRatio(u, v); // (uv³)(uv⁷)^(p-5)/8; square root\r\n  if (x === null) {\r\n    return false;\r\n  }\r\n  const isLastByteOdd = (lastByte & 0x80) !== 0; // x_0, last bit\r\n  if (x === 0n && isLastByteOdd) {\r\n    return false;\r\n  }\r\n  return true;\r\n}\r\n"],"names":["P","RM1","mod","a","r","pow2","x","power","uvRatio","u","v","v3","pow","b2","b4","b5","b10","b20","b40","b80","b160","b240","b250","pow_2_252_3","vx2","root1","root2","useRoot1","useRoot2","noRoot","y","lastByte","y2"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;GAyBA,MAEMA,EACJ,+EACIC,EACJ,+EAGF,SAASC,EAAIC,GACX,MAAMC,EAAID,EAAIH,EACd,OAAOI,GAAK,GAAKA,EAAIJ,EAAII,CAC3B,CAEA,SAASC,EAAKC,EAAWC,GAEvB,IAAIH,EAAIE,EACR,KAAOC,KAAU,IACfH,GAAKA,EACLA,GAAKJ,EAEP,OAAOI,CACT,CAkBA,SAASI,EAAQC,EAAWC,GAE1B,MAAMC,EAAKT,EAAIQ,EAAIA,EAAIA,GAEjBE,EApBR,SAAqBN,GAEnB,MACMO,EADMP,EAAIA,EAAKN,EACJM,EAAKN,EAChBc,EAAMT,EAAKQ,EAAI,IAAMA,EAAMb,EAC3Be,EAAMV,EAAKS,EAAI,IAAMR,EAAKN,EAC1BgB,EAAOX,EAAKU,EAAI,IAAMA,EAAMf,EAC5BiB,EAAOZ,EAAKW,EAAK,KAAOA,EAAOhB,EAC/BkB,EAAOb,EAAKY,EAAK,KAAOA,EAAOjB,EAC/BmB,EAAOd,EAAKa,EAAK,KAAOA,EAAOlB,EAC/BoB,EAAQf,EAAKc,EAAK,KAAOA,EAAOnB,EAChCqB,EAAQhB,EAAKe,EAAM,KAAOD,EAAOnB,EACjCsB,EAAQjB,EAAKgB,EAAM,KAAOL,EAAOhB,EAEvC,OADmBK,EAAKiB,EAAM,IAAMhB,EAAKN,CAE3C,CAKcuB,CAAYd,EADbP,EAAIS,EAAKA,EAAKD,IAEzB,IAAIJ,EAAIJ,EAAIO,EAAIE,EAAKC,GACrB,MAAMY,EAAMtB,EAAIQ,EAAIJ,EAAIA,GAClBmB,EAAQnB,EACRoB,EAAQxB,EAAII,EAAIL,GAChB0B,EAAWH,IAAQf,EACnBmB,EAAWJ,IAAQtB,GAAKO,GACxBoB,EAASL,IAAQtB,GAAKO,EAAIR,GAIhC,OAHI0B,IAAUrB,EAAImB,IACdG,GAAYC,KAAQvB,EAAIoB,GACN,MAAR,GAATxB,EAAII,MAAiBA,EAAIJ,GAAKI,IAC9BqB,GAAaC,EAGXtB,EAFE,IAGX,yBAGgB,SAAgBwB,EAAWC,GACzC,MAAMC,EAAK9B,EAAI4B,EAAIA,GAGbxB,EAAIE,EAFAN,EAAI8B,EAAK,IACT9B,EA/DV,+EA+DkB8B,EAAK,KAEvB,OAAU,OAAN1B,IAIM,KAANA,OAD8B,IAAXyB,GAKzB"}