print{.visible-print{display:block!important}table.visible-print{display:table}tr.visible-print{display:table-row!important}th.visible-print,td.visible-print{display:table-cell!important}}.visible-print-block{display:none!important}@media print{.visible-print-block{display:block!important}}.visible-print-inline{display:none!important}@media print{.visible-print-inline{display:inline!important}}.visible-print-inline-block{display:none!important}@media print{.visible-print-inline-block{display:inline-block!important}}@media print{.hidden-print{display:none!important}} - + +

Mnemonic Code Converter








For more info see the BIP39 spec


You can enter an existing BIP39 mnemonic, or generate a new random one. Typing your own twelve words will probably not work how you expect, since the words require a particular structure (the last word is a checksum).


+ For more info see the + BIP39 spec. +

+ +
+ Generate a random mnemonic, or enter your own below: + + + words +
+ +
+ +
- +
- +
- +
- - - - -
+ +
+ +
+ +
+ +
- +
- + +
+ @@ -88,9 +289,15 @@

Derivation Path

@@ -98,27 +305,30 @@

For more info see the BIP44 spec


+ For more info see the + BIP44 spec. +

- +
- +
@@ -126,16 +336,46 @@
- + +

The account extended keys can be used for importing to most BIP44 compatible wallets, such as mycelium or electrum.

+ +
+ +
+ +
+ +
+ +

The BIP32 derivation path and extended keys are the basis for the derived addresses.

- +
@@ -145,28 +385,181 @@

For more info see the BIP32 spec


+ For more info see the + BIP32 spec +

+ +
+ +
- +
+ +
+ +
+ +

+ Use path m/0'/0' with hardened addresses. +


+ For more info see the + Bitcoin Core BIP32 implementation +

+ +

+ Use path m/0'/0. +


+ For more info see + MultiBit HD +

+ +

+ Use path m/44'/0'/0'. + Only enter the xpub extended key into block explorer search fields, never the xprv key. +


+ Can be used with: + blockchain.info +

+ +
+ +

+ For more info see the + BIP49 spec. +

+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ +

The account extended keys can be used for importing to most BIP49 compatible wallets.

+ +
+ +
+ +
+ +
+ +

The BIP32 derivation path and extended keys are the basis for the derived addresses.

+ +
+ +
- +
- +
- +
- +
@@ -178,144 +571,119 @@

Derived Addresses


Note these addreses are derived from the BIP32 Extended Key


Note these addreses are derived from the BIP32 Extended Key

+ - - - - - - + + + + + +
- Index   - + Path   + +
+ Address   +
- Address   - + Public Key   +
- Private Key   - + Private Key   +
- Show next + Show more rows: - +

More info


BIP39 Mnemonic code for generating deterministic keys



More info


BIP39 Mnemonic code for generating deterministic keys


Read more at the official BIP39 spec


BIP32 Hierarchical Deterministic Wallets



BIP32 Hierarchical Deterministic Wallets


Read more at the official BIP32 spec - and see the demo at +


+ See the demo at bip32.org


BIP44 Multi-Account Hierarchy for Deterministic Wallets



BIP44 Multi-Account Hierarchy for Deterministic Wallets


Read more at the official BIP44 spec


Private Keys


Private Keys

- Use private keys at - brainwallet.org, - but be careful - it can be easy to make mistakes if you - don't know what you're doing + + Use private keys at + brainwallet.org. + + Be careful - it can be easy to make mistakes if you don't know what you're doing.

- -
- -

Derived Addresses


Note these addreses are derived from the BIP32 Extended Key

- - - - - - - - - - - - - -
- Index   - -
- Address   - -
- Private Key   - -
- Show next - - - -
- -

More info


BIP39 Mnemonic code for generating deterministic keys



- Read more at the - official BIP39 spec + + Entropy values must be sourced from a + strong source of randomness. + + This means flipping a fair coin, rolling a fair dice, noise measurements etc. + + Do NOT use phrases from books, lyrics from songs, your birthday or steet address, + keyboard mashing, or anything you think is random, because chances are overwhelming it isn't + random enough for the needs of this tool. +


BIP32 Hierarchical Deterministic Wallets

- Read more at the - official BIP32 spec - and see the demo at - bip32.org + Do not store entropy.


BIP44 Multi-Account Hierarchy for Deterministic Wallets

- Read more at the - official BIP44 spec + Storing entropy (such as keeping a deck of cards in a specific shuffled order) is unreliable compared to storing a mnemonic. + Instead of storing entropy, store the mnemonic generated from the entropy. + Steganography may be beneficial when storing the mnemonic. +


+ + The random mnemonic generator on this page uses a + cryptographically secure random number generator. + + The built in random generator can generally be trusted more than your own intuition about randomness. + If cryptographic randomness isn't available in your browser, this page will show a warning and the generate button will not work. + In that case you might choose to use your own source of entropy. +


+ You are not a good source of entropy.


Private Keys



- Use private keys at - brainwallet.org, - but be careful - it can be easy to make mistakes if you - don't know what you're doing + Please refer to the software license for more detail. +


The software is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the software.

@@ -324,24 +692,24 @@

Offline Usage


Offline Usage



You can use this tool without having to be online.



In your browser, select file save-as, and save this page as a file.



Double-click that file to open it in a browser on any offline computer.

- Alternatively, download it from - - https://github.com/dcpos/bip39 - + Alternatively, download the file from the repository + - + https://github.com/iancoleman/bip39 +

@@ -351,16 +719,17 @@

This project is 100% open-source code


This project is 100% open-source code

- Get the source code at - - - https://github.com/dcpos/bip39 + Get the source code from the repository + - + + https://github.com/iancoleman/bip39





BitcoinJS - @@ -377,9 +746,9 @@

- asmCrypto - - - https://github.com/vibornoff/asmcrypto.js + sjcl - + + https://github.com/bitwiseshiftleft/sjcl

@@ -402,2571 +771,4683 @@
+ + + +(function (global) { + "use strict"; - - + // Set this to always override native implementations, for testing + // the polyfill in browsers with partial/full ES2015 support. + var OVERRIDE_NATIVE_FOR_TESTING = false; - - + + + + + + + +// For UTF-8, a replacement character for each buffered byte of a (partial) +// character needs to be added to the output. +function utf8End(buf) { + var r = buf && buf.length ? this.write(buf) : ''; + if (this.lastNeed) return r + '\ufffd'.repeat(this.lastTotal - this.lastNeed); + return r; +} - - + } + + return name + ': ' + str; +} + + +function reduceToSingleString(output, base, braces) { + var numLinesEst = 0; + var length = output.reduce(function(prev, cur) { + numLinesEst++; + if (cur.indexOf('\n') >= 0) numLinesEst++; + return prev + cur.replace(/\u001b\[\d\d?m/g, '').length + 1; + }, 0); + + if (length > 60) { + return braces[0] + + (base === '' ? '' : base + '\n ') + + ' ' + + output.join(',\n ') + + ' ' + + braces[1]; + } + + return braces[0] + base + ' ' + output.join(', ') + ' ' + braces[1]; +} + + +// NOTE: These type checking functions intentionally don't use `instanceof` +// because it is fragile and can be easily faked with `Object.create()`. +function isArray(ar) { + return Array.isArray(ar); +} +exports.isArray = isArray; + +function isBoolean(arg) { + return typeof arg === 'boolean'; +} +exports.isBoolean = isBoolean; + +function isNull(arg) { + return arg === null; +} +exports.isNull = isNull; + +function isNullOrUndefined(arg) { + return arg == null; +} +exports.isNullOrUndefined = isNullOrUndefined; + +function isNumber(arg) { + return typeof arg === 'number'; +} +exports.isNumber = isNumber; + +function isString(arg) { + return typeof arg === 'string'; +} +exports.isString = isString; + +function isSymbol(arg) { + return typeof arg === 'symbol'; +} +exports.isSymbol = isSymbol; + +function isUndefined(arg) { + return arg === void 0; +} +exports.isUndefined = isUndefined; + +function isRegExp(re) { + return isObject(re) && objectToString(re) === '[object RegExp]'; +} +exports.isRegExp = isRegExp; + +function isObject(arg) { + return typeof arg === 'object' && arg !== null; +} +exports.isObject = isObject; + +function isDate(d) { + return isObject(d) && objectToString(d) === '[object Date]'; +} +exports.isDate = isDate; + +function isError(e) { + return isObject(e) && + (objectToString(e) === '[object Error]' || e instanceof Error); +} +exports.isError = isError; + +function isFunction(arg) { + return typeof arg === 'function'; +} +exports.isFunction = isFunction; + +function isPrimitive(arg) { + return arg === null || + typeof arg === 'boolean' || + typeof arg === 'number' || + typeof arg === 'string' || + typeof arg === 'symbol' || // ES6 symbol + typeof arg === 'undefined'; +} +exports.isPrimitive = isPrimitive; + +exports.isBuffer = require('./support/isBuffer'); + +function objectToString(o) { + return Object.prototype.toString.call(o); +} + + +function pad(n) { + return n < 10 ? '0' + n.toString(10) : n.toString(10); +} + + +var months = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', + 'Oct', 'Nov', 'Dec']; + +// 26 Feb 16:19:34 +function timestamp() { + var d = new Date(); + var time = [pad(d.getHours()), + pad(d.getMinutes()), + pad(d.getSeconds())].join(':'); + return [d.getDate(), months[d.getMonth()], time].join(' '); +} + + +// log is just a thin wrapper to console.log that prepends a timestamp +exports.log = function() { + console.log('%s - %s', timestamp(), exports.format.apply(exports, arguments)); +}; + + +/** + * Inherit the prototype methods from one constructor into another. + * + * The Function.prototype.inherits from lang.js rewritten as a standalone + * function (not on Function.prototype). NOTE: If this file is to be loaded + * during bootstrapping this function needs to be rewritten using some native + * functions as prototype setup using normal JavaScript does not work as + * expected during bootstrapping (see mirror.js in r114903). + * + * @param {function} ctor Constructor function which needs to inherit the + * prototype. + * @param {function} superCtor Constructor function to inherit prototype from. + */ +exports.inherits = require('inherits'); + +exports._extend = function(origin, add) { + // Don't do anything if add isn't an object + if (!add || !isObject(add)) return origin; + + var keys = Object.keys(add); + var i = keys.length; + while (i--) { + origin[keys[i]] = add[keys[i]]; + } + return origin; +}; + +function hasOwnProperty(obj, prop) { + return Object.prototype.hasOwnProperty.call(obj, prop); +} + +}).call(this,require('_process'),typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {}) +},{"./support/isBuffer":31,"_process":12,"inherits":30}],33:[function(require,module,exports){ +module.exports = { + base58: require('bs58'), + bitcoin: require('bitcoinjs-lib'), + ecurve: require('ecurve'), + BigInteger: require('bigi') +} + +},{"bigi":37,"bitcoinjs-lib":50,"bs58":79,"ecurve":89}],34:[function(require,module,exports){ +// base-x encoding +// Forked from https://github.com/cryptocoinjs/bs58 +// Originally written by Mike Hearn for BitcoinJ +// Copyright (c) 2011 Google Inc +// Ported to JavaScript by Stefan Thomas +// Merged Buffer refactorings from base58-native by Stephen Pair +// Copyright (c) 2013 BitPay Inc + +var Buffer = require('safe-buffer').Buffer + +module.exports = function base (ALPHABET) { + var ALPHABET_MAP = {} + var BASE = ALPHABET.length + var LEADER = ALPHABET.charAt(0) + + // pre-compute lookup table + for (var z = 0; z < ALPHABET.length; z++) { + var x = ALPHABET.charAt(z) + + if (ALPHABET_MAP[x] !== undefined) throw new TypeError(x + ' is ambiguous') + ALPHABET_MAP[x] = z + } + + function encode (source) { + if (source.length === 0) return '' + + var digits = [0] + for (var i = 0; i < source.length; ++i) { + for (var j = 0, carry = source[i]; j < digits.length; ++j) { + carry += digits[j] << 8 + digits[j] = carry % BASE + carry = (carry / BASE) | 0 + } + + while (carry > 0) { + digits.push(carry % BASE) + carry = (carry / BASE) | 0 + } + } + + var string = '' + + // deal with leading zeros + for (var k = 0; source[k] === 0 && k < source.length - 1; ++k) string += ALPHABET[0] + // convert digits to a string + for (var q = digits.length - 1; q >= 0; --q) string += ALPHABET[digits[q]] + + return string + } + + function decodeUnsafe (string) { + if (string.length === 0) return Buffer.allocUnsafe(0) + + var bytes = [0] + for (var i = 0; i < string.length; i++) { + var value = ALPHABET_MAP[string[i]] + if (value === undefined) return + + for (var j = 0, carry = value; j < bytes.length; ++j) { + carry += bytes[j] * BASE + bytes[j] = carry & 0xff + carry >>= 8 + } + + while (carry > 0) { + bytes.push(carry & 0xff) + carry >>= 8 + } + } + + // deal with leading zeros + for (var k = 0; string[k] === LEADER && k < string.length - 1; ++k) { + bytes.push(0) + } + + return Buffer.from(bytes.reverse()) + } + + function decode (string) { + var buffer = decodeUnsafe(string) + if (buffer) return buffer + + throw new Error('Non-base' + BASE + ' character') + } + + return { + encode: encode, + decodeUnsafe: decodeUnsafe, + decode: decode + } +} + +},{"safe-buffer":98}],35:[function(require,module,exports){ +// (public) Constructor +function BigInteger(a, b, c) { + if (!(this instanceof BigInteger)) + return new BigInteger(a, b, c) + + if (a != null) { + if ("number" == typeof a) this.fromNumber(a, b, c) + else if (b == null && "string" != typeof a) this.fromString(a, 256) + else this.fromString(a, b) + } +} + +var proto = BigInteger.prototype + +// duck-typed isBigInteger +proto.__bigi = require('../package.json').version +BigInteger.isBigInteger = function (obj, check_ver) { + return obj && obj.__bigi && (!check_ver || obj.__bigi === proto.__bigi) +} + +// Bits per digit +var dbits + +// am: Compute w_j += (x*this_i), propagate carries, +// c is initial carry, returns final carry. +// c < 3*dvalue, x < 2*dvalue, this_i < dvalue +// We need to select the fastest one that works in this environment. + +// am1: use a single mult and divide to get the high bits, +// max digit bits should be 26 because +// max internal value = 2*dvalue^2-2*dvalue (< 2^53) +function am1(i, x, w, j, c, n) { + while (--n >= 0) { + var v = x * this[i++] + w[j] + c + c = Math.floor(v / 0x4000000) + w[j++] = v & 0x3ffffff + } + return c +} +// am2 avoids a big mult-and-extract completely. +// Max digit bits should be <= 30 because we do bitwise ops +// on values up to 2*hdvalue^2-hdvalue-1 (< 2^31) +function am2(i, x, w, j, c, n) { + var xl = x & 0x7fff, + xh = x >> 15 + while (--n >= 0) { + var l = this[i] & 0x7fff + var h = this[i++] >> 15 + var m = xh * l + h * xl + l = xl * l + ((m & 0x7fff) << 15) + w[j] + (c & 0x3fffffff) + c = (l >>> 30) + (m >>> 15) + xh * h + (c >>> 30) + w[j++] = l & 0x3fffffff + } + return c +} +// Alternately, set max digit bits to 28 since some +// browsers slow down when dealing with 32-bit numbers. +function am3(i, x, w, j, c, n) { + var xl = x & 0x3fff, + xh = x >> 14 + while (--n >= 0) { + var l = this[i] & 0x3fff + var h = this[i++] >> 14 + var m = xh * l + h * xl + l = xl * l + ((m & 0x3fff) << 14) + w[j] + c + c = (l >> 28) + (m >> 14) + xh * h + w[j++] = l & 0xfffffff + } + return c +} + +// wtf? +BigInteger.prototype.am = am1 +dbits = 26 + +BigInteger.prototype.DB = dbits +BigInteger.prototype.DM = ((1 << dbits) - 1) +var DV = BigInteger.prototype.DV = (1 << dbits) + +var BI_FP = 52 +BigInteger.prototype.FV = Math.pow(2, BI_FP) +BigInteger.prototype.F1 = BI_FP - dbits +BigInteger.prototype.F2 = 2 * dbits - BI_FP + +// Digit conversions +var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz" +var BI_RC = new Array() +var rr, vv +rr = "0".charCodeAt(0) +for (vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv +rr = "a".charCodeAt(0) +for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv +rr = "A".charCodeAt(0) +for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv + +function int2char(n) { + return BI_RM.charAt(n) +} + +function intAt(s, i) { + var c = BI_RC[s.charCodeAt(i)] + return (c == null) ? -1 : c +} + +// (protected) copy this to r +function bnpCopyTo(r) { + for (var i = this.t - 1; i >= 0; --i) r[i] = this[i] + r.t = this.t + r.s = this.s +} + +// (protected) set from integer value x, -DV <= x < DV +function bnpFromInt(x) { + this.t = 1 + this.s = (x < 0) ? -1 : 0 + if (x > 0) this[0] = x + else if (x < -1) this[0] = x + DV + else this.t = 0 +} + +// return bigint initialized to value +function nbv(i) { + var r = new BigInteger() + r.fromInt(i) + return r +} + +// (protected) set from string and radix +function bnpFromString(s, b) { + var self = this + + var k + if (b == 16) k = 4 + else if (b == 8) k = 3 + else if (b == 256) k = 8; // byte array + else if (b == 2) k = 1 + else if (b == 32) k = 5 + else if (b == 4) k = 2 + else { + self.fromRadix(s, b) + return + } + self.t = 0 + self.s = 0 + var i = s.length, + mi = false, + sh = 0 + while (--i >= 0) { + var x = (k == 8) ? s[i] & 0xff : intAt(s, i) + if (x < 0) { + if (s.charAt(i) == "-") mi = true + continue + } + mi = false + if (sh == 0) + self[self.t++] = x + else if (sh + k > self.DB) { + self[self.t - 1] |= (x & ((1 << (self.DB - sh)) - 1)) << sh + self[self.t++] = (x >> (self.DB - sh)) + } else + self[self.t - 1] |= x << sh + sh += k + if (sh >= self.DB) sh -= self.DB + } + if (k == 8 && (s[0] & 0x80) != 0) { + self.s = -1 + if (sh > 0) self[self.t - 1] |= ((1 << (self.DB - sh)) - 1) << sh + } + self.clamp() + if (mi) BigInteger.ZERO.subTo(self, self) +} + +// (protected) clamp off excess high words +function bnpClamp() { + var c = this.s & this.DM + while (this.t > 0 && this[this.t - 1] == c)--this.t +} + +// (public) return string representation in given radix +function bnToString(b) { + var self = this + if (self.s < 0) return "-" + self.negate() + .toString(b) + var k + if (b == 16) k = 4 + else if (b == 8) k = 3 + else if (b == 2) k = 1 + else if (b == 32) k = 5 + else if (b == 4) k = 2 + else return self.toRadix(b) + var km = (1 << k) - 1, + d, m = false, + r = "", + i = self.t + var p = self.DB - (i * self.DB) % k + if (i-- > 0) { + if (p < self.DB && (d = self[i] >> p) > 0) { + m = true + r = int2char(d) + } + while (i >= 0) { + if (p < k) { + d = (self[i] & ((1 << p) - 1)) << (k - p) + d |= self[--i] >> (p += self.DB - k) + } else { + d = (self[i] >> (p -= k)) & km + if (p <= 0) { + p += self.DB + --i + } + } + if (d > 0) m = true + if (m) r += int2char(d) + } + } + return m ? r : "0" +} + +// (public) -this +function bnNegate() { + var r = new BigInteger() + BigInteger.ZERO.subTo(this, r) + return r +} + +// (public) |this| +function bnAbs() { + return (this.s < 0) ? this.negate() : this +} + +// (public) return + if this > a, - if this < a, 0 if equal +function bnCompareTo(a) { + var r = this.s - a.s + if (r != 0) return r + var i = this.t + r = i - a.t + if (r != 0) return (this.s < 0) ? -r : r + while (--i >= 0) + if ((r = this[i] - a[i]) != 0) return r + return 0 +} + +// returns bit length of the integer x +function nbits(x) { + var r = 1, + t + if ((t = x >>> 16) != 0) { + x = t + r += 16 + } + if ((t = x >> 8) != 0) { + x = t + r += 8 + } + if ((t = x >> 4) != 0) { + x = t + r += 4 + } + if ((t = x >> 2) != 0) { + x = t + r += 2 + } + if ((t = x >> 1) != 0) { + x = t + r += 1 + } + return r +} + +// (public) return the number of bits in "this" +function bnBitLength() { + if (this.t <= 0) return 0 + return this.DB * (this.t - 1) + nbits(this[this.t - 1] ^ (this.s & this.DM)) +} + +// (public) return the number of bytes in "this" +function bnByteLength() { + return this.bitLength() >> 3 +} + +// (protected) r = this << n*DB +function bnpDLShiftTo(n, r) { + var i + for (i = this.t - 1; i >= 0; --i) r[i + n] = this[i] + for (i = n - 1; i >= 0; --i) r[i] = 0 + r.t = this.t + n + r.s = this.s +} + +// (protected) r = this >> n*DB +function bnpDRShiftTo(n, r) { + for (var i = n; i < this.t; ++i) r[i - n] = this[i] + r.t = Math.max(this.t - n, 0) + r.s = this.s +} + +// (protected) r = this << n +function bnpLShiftTo(n, r) { + var self = this + var bs = n % self.DB + var cbs = self.DB - bs + var bm = (1 << cbs) - 1 + var ds = Math.floor(n / self.DB), + c = (self.s << bs) & self.DM, + i + for (i = self.t - 1; i >= 0; --i) { + r[i + ds + 1] = (self[i] >> cbs) | c + c = (self[i] & bm) << bs + } + for (i = ds - 1; i >= 0; --i) r[i] = 0 + r[ds] = c + r.t = self.t + ds + 1 + r.s = self.s + r.clamp() +} + +// (protected) r = this >> n +function bnpRShiftTo(n, r) { + var self = this + r.s = self.s + var ds = Math.floor(n / self.DB) + if (ds >= self.t) { + r.t = 0 + return + } + var bs = n % self.DB + var cbs = self.DB - bs + var bm = (1 << bs) - 1 + r[0] = self[ds] >> bs + for (var i = ds + 1; i < self.t; ++i) { + r[i - ds - 1] |= (self[i] & bm) << cbs + r[i - ds] = self[i] >> bs + } + if (bs > 0) r[self.t - ds - 1] |= (self.s & bm) << cbs + r.t = self.t - ds + r.clamp() +} + +// (protected) r = this - a +function bnpSubTo(a, r) { + var self = this + var i = 0, + c = 0, + m = Math.min(a.t, self.t) + while (i < m) { + c += self[i] - a[i] + r[i++] = c & self.DM + c >>= self.DB + } + if (a.t < self.t) { + c -= a.s + while (i < self.t) { + c += self[i] + r[i++] = c & self.DM + c >>= self.DB + } + c += self.s + } else { + c += self.s + while (i < a.t) { + c -= a[i] + r[i++] = c & self.DM + c >>= self.DB + } + c -= a.s + } + r.s = (c < 0) ? -1 : 0 + if (c < -1) r[i++] = self.DV + c + else if (c > 0) r[i++] = c + r.t = i + r.clamp() +} + +// (protected) r = this * a, r != this,a (HAC 14.12) +// "this" should be the larger one if appropriate. +function bnpMultiplyTo(a, r) { + var x = this.abs(), + y = a.abs() + var i = x.t + r.t = i + y.t + while (--i >= 0) r[i] = 0 + for (i = 0; i < y.t; ++i) r[i + x.t] = x.am(0, y[i], r, i, 0, x.t) + r.s = 0 + r.clamp() + if (this.s != a.s) BigInteger.ZERO.subTo(r, r) +} + +// (protected) r = this^2, r != this (HAC 14.16) +function bnpSquareTo(r) { + var x = this.abs() + var i = r.t = 2 * x.t + while (--i >= 0) r[i] = 0 + for (i = 0; i < x.t - 1; ++i) { + var c = x.am(i, x[i], r, 2 * i, 0, 1) + if ((r[i + x.t] += x.am(i + 1, 2 * x[i], r, 2 * i + 1, c, x.t - i - 1)) >= x.DV) { + r[i + x.t] -= x.DV + r[i + x.t + 1] = 1 + } + } + if (r.t > 0) r[r.t - 1] += x.am(i, x[i], r, 2 * i, 0, 1) + r.s = 0 + r.clamp() +} + +// (protected) divide this by m, quotient and remainder to q, r (HAC 14.20) +// r != q, this != m. q or r may be null. +function bnpDivRemTo(m, q, r) { + var self = this + var pm = m.abs() + if (pm.t <= 0) return + var pt = self.abs() + if (pt.t < pm.t) { + if (q != null) q.fromInt(0) + if (r != null) self.copyTo(r) + return + } + if (r == null) r = new BigInteger() + var y = new BigInteger(), + ts = self.s, + ms = m.s + var nsh = self.DB - nbits(pm[pm.t - 1]); // normalize modulus + if (nsh > 0) { + pm.lShiftTo(nsh, y) + pt.lShiftTo(nsh, r) + } else { + pm.copyTo(y) + pt.copyTo(r) + } + var ys = y.t + var y0 = y[ys - 1] + if (y0 == 0) return + var yt = y0 * (1 << self.F1) + ((ys > 1) ? y[ys - 2] >> self.F2 : 0) + var d1 = self.FV / yt, + d2 = (1 << self.F1) / yt, + e = 1 << self.F2 + var i = r.t, + j = i - ys, + t = (q == null) ? new BigInteger() : q + y.dlShiftTo(j, t) + if (r.compareTo(t) >= 0) { + r[r.t++] = 1 + r.subTo(t, r) + } + BigInteger.ONE.dlShiftTo(ys, t) + t.subTo(y, y); // "negative" y so we can replace sub with am later + while (y.t < ys) y[y.t++] = 0 + while (--j >= 0) { + // Estimate quotient digit + var qd = (r[--i] == y0) ? self.DM : Math.floor(r[i] * d1 + (r[i - 1] + e) * d2) + if ((r[i] += y.am(0, qd, r, j, 0, ys)) < qd) { // Try it out + y.dlShiftTo(j, t) + r.subTo(t, r) + while (r[i] < --qd) r.subTo(t, r) + } + } + if (q != null) { + r.drShiftTo(ys, q) + if (ts != ms) BigInteger.ZERO.subTo(q, q) + } + r.t = ys + r.clamp() + if (nsh > 0) r.rShiftTo(nsh, r); // Denormalize remainder + if (ts < 0) BigInteger.ZERO.subTo(r, r) +} + +// (public) this mod a +function bnMod(a) { + var r = new BigInteger() + this.abs() + .divRemTo(a, null, r) + if (this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r, r) + return r +} + +// Modular reduction using "classic" algorithm +function Classic(m) { + this.m = m +} + +function cConvert(x) { + if (x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m) + else return x +} + +function cRevert(x) { + return x +} + +function cReduce(x) { + x.divRemTo(this.m, null, x) +} + +function cMulTo(x, y, r) { + x.multiplyTo(y, r) + this.reduce(r) +} + +function cSqrTo(x, r) { + x.squareTo(r) + this.reduce(r) +} + +Classic.prototype.convert = cConvert +Classic.prototype.revert = cRevert +Classic.prototype.reduce = cReduce +Classic.prototype.mulTo = cMulTo +Classic.prototype.sqrTo = cSqrTo + +// (protected) return "-1/this % 2^DB"; useful for Mont. reduction +// justification: +// xy == 1 (mod m) +// xy = 1+km +// xy(2-xy) = (1+km)(1-km) +// x[y(2-xy)] = 1-k^2m^2 +// x[y(2-xy)] == 1 (mod m^2) +// if y is 1/x mod m, then y(2-xy) is 1/x mod m^2 +// should reduce x and y(2-xy) by m^2 at each step to keep size bounded. +// JS multiply "overflows" differently from C/C++, so care is needed here. +function bnpInvDigit() { + if (this.t < 1) return 0 + var x = this[0] + if ((x & 1) == 0) return 0 + var y = x & 3; // y == 1/x mod 2^2 + y = (y * (2 - (x & 0xf) * y)) & 0xf; // y == 1/x mod 2^4 + y = (y * (2 - (x & 0xff) * y)) & 0xff; // y == 1/x mod 2^8 + y = (y * (2 - (((x & 0xffff) * y) & 0xffff))) & 0xffff; // y == 1/x mod 2^16 + // last step - calculate inverse mod DV directly + // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints + y = (y * (2 - x * y % this.DV)) % this.DV; // y == 1/x mod 2^dbits + // we really want the negative inverse, and -DV < y < DV + return (y > 0) ? this.DV - y : -y +} + +// Montgomery reduction +function Montgomery(m) { + this.m = m + this.mp = m.invDigit() + this.mpl = this.mp & 0x7fff + this.mph = this.mp >> 15 + this.um = (1 << (m.DB - 15)) - 1 + this.mt2 = 2 * m.t +} + +// xR mod m +function montConvert(x) { + var r = new BigInteger() + x.abs() + .dlShiftTo(this.m.t, r) + r.divRemTo(this.m, null, r) + if (x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r, r) + return r +} + +// x/R mod m +function montRevert(x) { + var r = new BigInteger() + x.copyTo(r) + this.reduce(r) + return r +} + +// x = x/R mod m (HAC 14.32) +function montReduce(x) { + while (x.t <= this.mt2) // pad x so am has enough room later + x[x.t++] = 0 + for (var i = 0; i < this.m.t; ++i) { + // faster way of calculating u0 = x[i]*mp mod DV + var j = x[i] & 0x7fff + var u0 = (j * this.mpl + (((j * this.mph + (x[i] >> 15) * this.mpl) & this.um) << 15)) & x.DM + // use am to combine the multiply-shift-add into one call + j = i + this.m.t + x[j] += this.m.am(0, u0, x, i, 0, this.m.t) + // propagate carry + while (x[j] >= x.DV) { + x[j] -= x.DV + x[++j]++ + } + } + x.clamp() + x.drShiftTo(this.m.t, x) + if (x.compareTo(this.m) >= 0) x.subTo(this.m, x) +} + +// r = "x^2/R mod m"; x != r +function montSqrTo(x, r) { + x.squareTo(r) + this.reduce(r) +} + +// r = "xy/R mod m"; x,y != r +function montMulTo(x, y, r) { + x.multiplyTo(y, r) + this.reduce(r) +} + +Montgomery.prototype.convert = montConvert +Montgomery.prototype.revert = montRevert +Montgomery.prototype.reduce = montReduce +Montgomery.prototype.mulTo = montMulTo +Montgomery.prototype.sqrTo = montSqrTo + +// (protected) true iff this is even +function bnpIsEven() { + return ((this.t > 0) ? (this[0] & 1) : this.s) == 0 +} + +// (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79) +function bnpExp(e, z) { + if (e > 0xffffffff || e < 1) return BigInteger.ONE + var r = new BigInteger(), + r2 = new BigInteger(), + g = z.convert(this), + i = nbits(e) - 1 + g.copyTo(r) + while (--i >= 0) { + z.sqrTo(r, r2) + if ((e & (1 << i)) > 0) z.mulTo(r2, g, r) + else { + var t = r + r = r2 + r2 = t + } + } + return z.revert(r) +} + +// (public) this^e % m, 0 <= e < 2^32 +function bnModPowInt(e, m) { + var z + if (e < 256 || m.isEven()) z = new Classic(m) + else z = new Montgomery(m) + return this.exp(e, z) +} + +// protected +proto.copyTo = bnpCopyTo +proto.fromInt = bnpFromInt +proto.fromString = bnpFromString +proto.clamp = bnpClamp +proto.dlShiftTo = bnpDLShiftTo +proto.drShiftTo = bnpDRShiftTo +proto.lShiftTo = bnpLShiftTo +proto.rShiftTo = bnpRShiftTo +proto.subTo = bnpSubTo +proto.multiplyTo = bnpMultiplyTo +proto.squareTo = bnpSquareTo +proto.divRemTo = bnpDivRemTo +proto.invDigit = bnpInvDigit +proto.isEven = bnpIsEven +proto.exp = bnpExp + +// public +proto.toString = bnToString +proto.negate = bnNegate +proto.abs = bnAbs +proto.compareTo = bnCompareTo +proto.bitLength = bnBitLength +proto.byteLength = bnByteLength +proto.mod = bnMod +proto.modPowInt = bnModPowInt + +// (public) +function bnClone() { + var r = new BigInteger() + this.copyTo(r) + return r +} + +// (public) return value as integer +function bnIntValue() { + if (this.s < 0) { + if (this.t == 1) return this[0] - this.DV + else if (this.t == 0) return -1 + } else if (this.t == 1) return this[0] + else if (this.t == 0) return 0 + // assumes 16 < DB < 32 + return ((this[1] & ((1 << (32 - this.DB)) - 1)) << this.DB) | this[0] +} + +// (public) return value as byte +function bnByteValue() { + return (this.t == 0) ? this.s : (this[0] << 24) >> 24 +} + +// (public) return value as short (assumes DB>=16) +function bnShortValue() { + return (this.t == 0) ? this.s : (this[0] << 16) >> 16 +} + +// (protected) return x s.t. r^x < DV +function bnpChunkSize(r) { + return Math.floor(Math.LN2 * this.DB / Math.log(r)) +} + +// (public) 0 if this == 0, 1 if this > 0 +function bnSigNum() { + if (this.s < 0) return -1 + else if (this.t <= 0 || (this.t == 1 && this[0] <= 0)) return 0 + else return 1 +} + +// (protected) convert to radix string +function bnpToRadix(b) { + if (b == null) b = 10 + if (this.signum() == 0 || b < 2 || b > 36) return "0" + var cs = this.chunkSize(b) + var a = Math.pow(b, cs) + var d = nbv(a), + y = new BigInteger(), + z = new BigInteger(), + r = "" + this.divRemTo(d, y, z) + while (y.signum() > 0) { + r = (a + z.intValue()) + .toString(b) + .substr(1) + r + y.divRemTo(d, y, z) + } + return z.intValue() + .toString(b) + r +} + +// (protected) convert from radix string +function bnpFromRadix(s, b) { + var self = this + self.fromInt(0) + if (b == null) b = 10 + var cs = self.chunkSize(b) + var d = Math.pow(b, cs), + mi = false, + j = 0, + w = 0 + for (var i = 0; i < s.length; ++i) { + var x = intAt(s, i) + if (x < 0) { + if (s.charAt(i) == "-" && self.signum() == 0) mi = true + continue + } + w = b * w + x + if (++j >= cs) { + self.dMultiply(d) + self.dAddOffset(w, 0) + j = 0 + w = 0 + } + } + if (j > 0) { + self.dMultiply(Math.pow(b, j)) + self.dAddOffset(w, 0) + } + if (mi) BigInteger.ZERO.subTo(self, self) +} + +// (protected) alternate constructor +function bnpFromNumber(a, b, c) { + var self = this + if ("number" == typeof b) { + // new BigInteger(int,int,RNG) + if (a < 2) self.fromInt(1) + else { + self.fromNumber(a, c) + if (!self.testBit(a - 1)) // force MSB set + self.bitwiseTo(BigInteger.ONE.shiftLeft(a - 1), op_or, self) + if (self.isEven()) self.dAddOffset(1, 0); // force odd + while (!self.isProbablePrime(b)) { + self.dAddOffset(2, 0) + if (self.bitLength() > a) self.subTo(BigInteger.ONE.shiftLeft(a - 1), self) + } + } + } else { + // new BigInteger(int,RNG) + var x = new Array(), + t = a & 7 + x.length = (a >> 3) + 1 + b.nextBytes(x) + if (t > 0) x[0] &= ((1 << t) - 1) + else x[0] = 0 + self.fromString(x, 256) + } +} + +// (public) convert to bigendian byte array +function bnToByteArray() { + var self = this + var i = self.t, + r = new Array() + r[0] = self.s + var p = self.DB - (i * self.DB) % 8, + d, k = 0 + if (i-- > 0) { + if (p < self.DB && (d = self[i] >> p) != (self.s & self.DM) >> p) + r[k++] = d | (self.s << (self.DB - p)) + while (i >= 0) { + if (p < 8) { + d = (self[i] & ((1 << p) - 1)) << (8 - p) + d |= self[--i] >> (p += self.DB - 8) + } else { + d = (self[i] >> (p -= 8)) & 0xff + if (p <= 0) { + p += self.DB + --i + } + } + if ((d & 0x80) != 0) d |= -256 + if (k === 0 && (self.s & 0x80) != (d & 0x80))++k + if (k > 0 || d != self.s) r[k++] = d + } + } + return r +} + +function bnEquals(a) { + return (this.compareTo(a) == 0) +} + +function bnMin(a) { + return (this.compareTo(a) < 0) ? this : a +} + +function bnMax(a) { + return (this.compareTo(a) > 0) ? this : a +} + +// (protected) r = this op a (bitwise) +function bnpBitwiseTo(a, op, r) { + var self = this + var i, f, m = Math.min(a.t, self.t) + for (i = 0; i < m; ++i) r[i] = op(self[i], a[i]) + if (a.t < self.t) { + f = a.s & self.DM + for (i = m; i < self.t; ++i) r[i] = op(self[i], f) + r.t = self.t + } else { + f = self.s & self.DM + for (i = m; i < a.t; ++i) r[i] = op(f, a[i]) + r.t = a.t + } + r.s = op(self.s, a.s) + r.clamp() +} + +// (public) this & a +function op_and(x, y) { + return x & y +} + +function bnAnd(a) { + var r = new BigInteger() + this.bitwiseTo(a, op_and, r) + return r +} + +// (public) this | a +function op_or(x, y) { + return x | y +} + +function bnOr(a) { + var r = new BigInteger() + this.bitwiseTo(a, op_or, r) + return r +} + +// (public) this ^ a +function op_xor(x, y) { + return x ^ y +} + +function bnXor(a) { + var r = new BigInteger() + this.bitwiseTo(a, op_xor, r) + return r +} + +// (public) this & ~a +function op_andnot(x, y) { + return x & ~y +} + +function bnAndNot(a) { + var r = new BigInteger() + this.bitwiseTo(a, op_andnot, r) + return r +} + +// (public) ~this +function bnNot() { + var r = new BigInteger() + for (var i = 0; i < this.t; ++i) r[i] = this.DM & ~this[i] + r.t = this.t + r.s = ~this.s + return r +} + +// (public) this << n +function bnShiftLeft(n) { + var r = new BigInteger() + if (n < 0) this.rShiftTo(-n, r) + else this.lShiftTo(n, r) + return r +} + +// (public) this >> n +function bnShiftRight(n) { + var r = new BigInteger() + if (n < 0) this.lShiftTo(-n, r) + else this.rShiftTo(n, r) + return r +} + +// return index of lowest 1-bit in x, x < 2^31 +function lbit(x) { + if (x == 0) return -1 + var r = 0 + if ((x & 0xffff) == 0) { + x >>= 16 + r += 16 + } + if ((x & 0xff) == 0) { + x >>= 8 + r += 8 + } + if ((x & 0xf) == 0) { + x >>= 4 + r += 4 + } + if ((x & 3) == 0) { + x >>= 2 + r += 2 + } + if ((x & 1) == 0)++r + return r +} + +// (public) returns index of lowest 1-bit (or -1 if none) +function bnGetLowestSetBit() { + for (var i = 0; i < this.t; ++i) + if (this[i] != 0) return i * this.DB + lbit(this[i]) + if (this.s < 0) return this.t * this.DB + return -1 +} + +// return number of 1 bits in x +function cbit(x) { + var r = 0 + while (x != 0) { + x &= x - 1 + ++r + } + return r +} + +// (public) return number of set bits +function bnBitCount() { + var r = 0, + x = this.s & this.DM + for (var i = 0; i < this.t; ++i) r += cbit(this[i] ^ x) + return r +} + +// (public) true iff nth bit is set +function bnTestBit(n) { + var j = Math.floor(n / this.DB) + if (j >= this.t) return (this.s != 0) + return ((this[j] & (1 << (n % this.DB))) != 0) +} + +// (protected) this op (1<>= self.DB + } + if (a.t < self.t) { + c += a.s + while (i < self.t) { + c += self[i] + r[i++] = c & self.DM + c >>= self.DB + } + c += self.s + } else { + c += self.s + while (i < a.t) { + c += a[i] + r[i++] = c & self.DM + c >>= self.DB + } + c += a.s + } + r.s = (c < 0) ? -1 : 0 + if (c > 0) r[i++] = c + else if (c < -1) r[i++] = self.DV + c + r.t = i + r.clamp() +} + +// (public) this + a +function bnAdd(a) { + var r = new BigInteger() + this.addTo(a, r) + return r +} + +// (public) this - a +function bnSubtract(a) { + var r = new BigInteger() + this.subTo(a, r) + return r +} + +// (public) this * a +function bnMultiply(a) { + var r = new BigInteger() + this.multiplyTo(a, r) + return r +} + +// (public) this^2 +function bnSquare() { + var r = new BigInteger() + this.squareTo(r) + return r +} + +// (public) this / a +function bnDivide(a) { + var r = new BigInteger() + this.divRemTo(a, r, null) + return r +} + +// (public) this % a +function bnRemainder(a) { + var r = new BigInteger() + this.divRemTo(a, null, r) + return r +} + +// (public) [this/a,this%a] +function bnDivideAndRemainder(a) { + var q = new BigInteger(), + r = new BigInteger() + this.divRemTo(a, q, r) + return new Array(q, r) +} + +// (protected) this *= n, this >= 0, 1 < n < DV +function bnpDMultiply(n) { + this[this.t] = this.am(0, n - 1, this, 0, 0, this.t) + ++this.t + this.clamp() +} + +// (protected) this += n << w words, this >= 0 +function bnpDAddOffset(n, w) { + if (n == 0) return + while (this.t <= w) this[this.t++] = 0 + this[w] += n + while (this[w] >= this.DV) { + this[w] -= this.DV + if (++w >= this.t) this[this.t++] = 0 + ++this[w] + } +} + +// A "null" reducer +function NullExp() {} + +function nNop(x) { + return x +} + +function nMulTo(x, y, r) { + x.multiplyTo(y, r) +} + +function nSqrTo(x, r) { + x.squareTo(r) +} + +NullExp.prototype.convert = nNop +NullExp.prototype.revert = nNop +NullExp.prototype.mulTo = nMulTo +NullExp.prototype.sqrTo = nSqrTo + +// (public) this^e +function bnPow(e) { + return this.exp(e, new NullExp()) +} + +// (protected) r = lower n words of "this * a", a.t <= n +// "this" should be the larger one if appropriate. +function bnpMultiplyLowerTo(a, n, r) { + var i = Math.min(this.t + a.t, n) + r.s = 0; // assumes a,this >= 0 + r.t = i + while (i > 0) r[--i] = 0 + var j + for (j = r.t - this.t; i < j; ++i) r[i + this.t] = this.am(0, a[i], r, i, 0, this.t) + for (j = Math.min(a.t, n); i < j; ++i) this.am(0, a[i], r, i, 0, n - i) + r.clamp() +} + +// (protected) r = "this * a" without lower n words, n > 0 +// "this" should be the larger one if appropriate. +function bnpMultiplyUpperTo(a, n, r) { + --n + var i = r.t = this.t + a.t - n + r.s = 0; // assumes a,this >= 0 + while (--i >= 0) r[i] = 0 + for (i = Math.max(n - this.t, 0); i < a.t; ++i) + r[this.t + i - n] = this.am(n - i, a[i], r, 0, 0, this.t + i - n) + r.clamp() + r.drShiftTo(1, r) +} + +// Barrett modular reduction +function Barrett(m) { + // setup Barrett + this.r2 = new BigInteger() + this.q3 = new BigInteger() + BigInteger.ONE.dlShiftTo(2 * m.t, this.r2) + this.mu = this.r2.divide(m) + this.m = m +} + +function barrettConvert(x) { + if (x.s < 0 || x.t > 2 * this.m.t) return x.mod(this.m) + else if (x.compareTo(this.m) < 0) return x + else { + var r = new BigInteger() + x.copyTo(r) + this.reduce(r) + return r + } +} + +function barrettRevert(x) { + return x +} + +// x = x mod m (HAC 14.42) +function barrettReduce(x) { + var self = this + x.drShiftTo(self.m.t - 1, self.r2) + if (x.t > self.m.t + 1) { + x.t = self.m.t + 1 + x.clamp() + } + self.mu.multiplyUpperTo(self.r2, self.m.t + 1, self.q3) + self.m.multiplyLowerTo(self.q3, self.m.t + 1, self.r2) + while (x.compareTo(self.r2) < 0) x.dAddOffset(1, self.m.t + 1) + x.subTo(self.r2, x) + while (x.compareTo(self.m) >= 0) x.subTo(self.m, x) +} + +// r = x^2 mod m; x != r +function barrettSqrTo(x, r) { + x.squareTo(r) + this.reduce(r) +} + +// r = x*y mod m; x,y != r +function barrettMulTo(x, y, r) { + x.multiplyTo(y, r) + this.reduce(r) +} + +Barrett.prototype.convert = barrettConvert +Barrett.prototype.revert = barrettRevert +Barrett.prototype.reduce = barrettReduce +Barrett.prototype.mulTo = barrettMulTo +Barrett.prototype.sqrTo = barrettSqrTo + +// (public) this^e % m (HAC 14.85) +function bnModPow(e, m) { + var i = e.bitLength(), + k, r = nbv(1), + z + if (i <= 0) return r + else if (i < 18) k = 1 + else if (i < 48) k = 3 + else if (i < 144) k = 4 + else if (i < 768) k = 5 + else k = 6 + if (i < 8) + z = new Classic(m) + else if (m.isEven()) + z = new Barrett(m) + else + z = new Montgomery(m) + + // precomputation + var g = new Array(), + n = 3, + k1 = k - 1, + km = (1 << k) - 1 + g[1] = z.convert(this) + if (k > 1) { + var g2 = new BigInteger() + z.sqrTo(g[1], g2) + while (n <= km) { + g[n] = new BigInteger() + z.mulTo(g2, g[n - 2], g[n]) + n += 2 + } + } + + var j = e.t - 1, + w, is1 = true, + r2 = new BigInteger(), + t + i = nbits(e[j]) - 1 + while (j >= 0) { + if (i >= k1) w = (e[j] >> (i - k1)) & km + else { + w = (e[j] & ((1 << (i + 1)) - 1)) << (k1 - i) + if (j > 0) w |= e[j - 1] >> (this.DB + i - k1) + } + + n = k + while ((w & 1) == 0) { + w >>= 1 + --n + } + if ((i -= n) < 0) { + i += this.DB + --j + } + if (is1) { // ret == 1, don't bother squaring or multiplying it + g[w].copyTo(r) + is1 = false + } else { + while (n > 1) { + z.sqrTo(r, r2) + z.sqrTo(r2, r) + n -= 2 + } + if (n > 0) z.sqrTo(r, r2) + else { + t = r + r = r2 + r2 = t + } + z.mulTo(r2, g[w], r) + } + + while (j >= 0 && (e[j] & (1 << i)) == 0) { + z.sqrTo(r, r2) + t = r + r = r2 + r2 = t + if (--i < 0) { + i = this.DB - 1 + --j + } + } + } + return z.revert(r) +} + +// (public) gcd(this,a) (HAC 14.54) +function bnGCD(a) { + var x = (this.s < 0) ? this.negate() : this.clone() + var y = (a.s < 0) ? a.negate() : a.clone() + if (x.compareTo(y) < 0) { + var t = x + x = y + y = t + } + var i = x.getLowestSetBit(), + g = y.getLowestSetBit() + if (g < 0) return x + if (i < g) g = i + if (g > 0) { + x.rShiftTo(g, x) + y.rShiftTo(g, y) + } + while (x.signum() > 0) { + if ((i = x.getLowestSetBit()) > 0) x.rShiftTo(i, x) + if ((i = y.getLowestSetBit()) > 0) y.rShiftTo(i, y) + if (x.compareTo(y) >= 0) { + x.subTo(y, x) + x.rShiftTo(1, x) + } else { + y.subTo(x, y) + y.rShiftTo(1, y) + } + } + if (g > 0) y.lShiftTo(g, y) + return y +} + +// (protected) this % n, n < 2^26 +function bnpModInt(n) { + if (n <= 0) return 0 + var d = this.DV % n, + r = (this.s < 0) ? n - 1 : 0 + if (this.t > 0) + if (d == 0) r = this[0] % n + else + for (var i = this.t - 1; i >= 0; --i) r = (d * r + this[i]) % n + return r +} + +// (public) 1/this % m (HAC 14.61) +function bnModInverse(m) { + var ac = m.isEven() + if (this.signum() === 0) throw new Error('division by zero') + if ((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO + var u = m.clone(), + v = this.clone() + var a = nbv(1), + b = nbv(0), + c = nbv(0), + d = nbv(1) + while (u.signum() != 0) { + while (u.isEven()) { + u.rShiftTo(1, u) + if (ac) { + if (!a.isEven() || !b.isEven()) { + a.addTo(this, a) + b.subTo(m, b) + } + a.rShiftTo(1, a) + } else if (!b.isEven()) b.subTo(m, b) + b.rShiftTo(1, b) + } + while (v.isEven()) { + v.rShiftTo(1, v) + if (ac) { + if (!c.isEven() || !d.isEven()) { + c.addTo(this, c) + d.subTo(m, d) + } + c.rShiftTo(1, c) + } else if (!d.isEven()) d.subTo(m, d) + d.rShiftTo(1, d) + } + if (u.compareTo(v) >= 0) { + u.subTo(v, u) + if (ac) a.subTo(c, a) + b.subTo(d, b) + } else { + v.subTo(u, v) + if (ac) c.subTo(a, c) + d.subTo(b, d) + } + } + if (v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO + while (d.compareTo(m) >= 0) d.subTo(m, d) + while (d.signum() < 0) d.addTo(m, d) + return d +} + +var lowprimes = [ + 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, + 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, + 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, + 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, + 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, + 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, + 613, 617, 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, + 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, + 821, 823, 827, 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, + 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, 991, 997 +] + +var lplim = (1 << 26) / lowprimes[lowprimes.length - 1] + +// (public) test primality with certainty >= 1-.5^t +function bnIsProbablePrime(t) { + var i, x = this.abs() + if (x.t == 1 && x[0] <= lowprimes[lowprimes.length - 1]) { + for (i = 0; i < lowprimes.length; ++i) + if (x[0] == lowprimes[i]) return true + return false + } + if (x.isEven()) return false + i = 1 + while (i < lowprimes.length) { + var m = lowprimes[i], + j = i + 1 + while (j < lowprimes.length && m < lplim) m *= lowprimes[j++] + m = x.modInt(m) + while (i < j) if (m % lowprimes[i++] == 0) return false + } + return x.millerRabin(t) +} + +// (protected) true if probably prime (HAC 4.24, Miller-Rabin) +function bnpMillerRabin(t) { + var n1 = this.subtract(BigInteger.ONE) + var k = n1.getLowestSetBit() + if (k <= 0) return false + var r = n1.shiftRight(k) + t = (t + 1) >> 1 + if (t > lowprimes.length) t = lowprimes.length + var a = new BigInteger(null) + var j, bases = [] + for (var i = 0; i < t; ++i) { + for (;;) { + j = lowprimes[Math.floor(Math.random() * lowprimes.length)] + if (bases.indexOf(j) == -1) break + } + bases.push(j) + a.fromInt(j) + var y = a.modPow(r, this) + if (y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) { + var j = 1 + while (j++ < k && y.compareTo(n1) != 0) { + y = y.modPowInt(2, this) + if (y.compareTo(BigInteger.ONE) == 0) return false + } + if (y.compareTo(n1) != 0) return false + } + } + return true +} + +// protected +proto.chunkSize = bnpChunkSize +proto.toRadix = bnpToRadix +proto.fromRadix = bnpFromRadix +proto.fromNumber = bnpFromNumber +proto.bitwiseTo = bnpBitwiseTo +proto.changeBit = bnpChangeBit +proto.addTo = bnpAddTo +proto.dMultiply = bnpDMultiply +proto.dAddOffset = bnpDAddOffset +proto.multiplyLowerTo = bnpMultiplyLowerTo +proto.multiplyUpperTo = bnpMultiplyUpperTo +proto.modInt = bnpModInt +proto.millerRabin = bnpMillerRabin + +// public +proto.clone = bnClone +proto.intValue = bnIntValue +proto.byteValue = bnByteValue +proto.shortValue = bnShortValue +proto.signum = bnSigNum +proto.toByteArray = bnToByteArray +proto.equals = bnEquals +proto.min = bnMin +proto.max = bnMax +proto.and = bnAnd +proto.or = bnOr +proto.xor = bnXor +proto.andNot = bnAndNot +proto.not = bnNot +proto.shiftLeft = bnShiftLeft +proto.shiftRight = bnShiftRight +proto.getLowestSetBit = bnGetLowestSetBit +proto.bitCount = bnBitCount +proto.testBit = bnTestBit +proto.setBit = bnSetBit +proto.clearBit = bnClearBit +proto.flipBit = bnFlipBit +proto.add = bnAdd +proto.subtract = bnSubtract +proto.multiply = bnMultiply +proto.divide = bnDivide +proto.remainder = bnRemainder +proto.divideAndRemainder = bnDivideAndRemainder +proto.modPow = bnModPow +proto.modInverse = bnModInverse +proto.pow = bnPow +proto.gcd = bnGCD +proto.isProbablePrime = bnIsProbablePrime + +// JSBN-specific extension +proto.square = bnSquare + +// constants +BigInteger.ZERO = nbv(0) +BigInteger.ONE = nbv(1) +BigInteger.valueOf = nbv + +module.exports = BigInteger + +},{"../package.json":38}],36:[function(require,module,exports){ +(function (Buffer){ +// FIXME: Kind of a weird way to throw exceptions, consider removing +var assert = require('assert') +var BigInteger = require('./bigi') + +/** + * Turns a byte array into a big integer. + * + * This function will interpret a byte array as a big integer in big + * endian notation. + */ +BigInteger.fromByteArrayUnsigned = function(byteArray) { + // BigInteger expects a DER integer conformant byte array + if (byteArray[0] & 0x80) { + return new BigInteger([0].concat(byteArray)) + } + + return new BigInteger(byteArray) +} + +/** + * Returns a byte array representation of the big integer. + * + * This returns the absolute of the contained value in big endian + * form. A value of zero results in an empty array. + */ +BigInteger.prototype.toByteArrayUnsigned = function() { + var byteArray = this.toByteArray() + return byteArray[0] === 0 ? byteArray.slice(1) : byteArray +} + +BigInteger.fromDERInteger = function(byteArray) { + return new BigInteger(byteArray) +} + +/* + * Converts BigInteger to a DER integer representation. + * + * The format for this value uses the most significant bit as a sign + * bit. If the most significant bit is already set and the integer is + * positive, a 0x00 is prepended. + * + * Examples: + * + * 0 => 0x00 + * 1 => 0x01 + * -1 => 0xff + * 127 => 0x7f + * -127 => 0x81 + * 128 => 0x0080 + * -128 => 0x80 + * 255 => 0x00ff + * -255 => 0xff01 + * 16300 => 0x3fac + * -16300 => 0xc054 + * 62300 => 0x00f35c + * -62300 => 0xff0ca4 +*/ +BigInteger.prototype.toDERInteger = BigInteger.prototype.toByteArray + +BigInteger.fromBuffer = function(buffer) { + // BigInteger expects a DER integer conformant byte array + if (buffer[0] & 0x80) { + var byteArray = Array.prototype.slice.call(buffer) + + return new BigInteger([0].concat(byteArray)) + } + + return new BigInteger(buffer) +} + +BigInteger.fromHex = function(hex) { + if (hex === '') return BigInteger.ZERO + + assert.equal(hex, hex.match(/^[A-Fa-f0-9]+/), 'Invalid hex string') + assert.equal(hex.length % 2, 0, 'Incomplete hex') + return new BigInteger(hex, 16) +} + +BigInteger.prototype.toBuffer = function(size) { + var byteArray = this.toByteArrayUnsigned() + var zeros = [] + + var padding = size - byteArray.length + while (zeros.length < padding) zeros.push(0) + + return new Buffer(zeros.concat(byteArray)) +} + +BigInteger.prototype.toHex = function(size) { + return this.toBuffer(size).toString('hex') +} + +}).call(this,require("buffer").Buffer) +},{"./bigi":35,"assert":1,"buffer":4}],37:[function(require,module,exports){ +var BigInteger = require('./bigi') + +//addons +require('./convert') + +module.exports = BigInteger +},{"./bigi":35,"./convert":36}],38:[function(require,module,exports){ +module.exports={ + "_args": [ + [ + "bigi", + "/home/ian/git/bitcoin/bitcoinjs-lib-browser" + ] + ], + "_from": "bigi@latest", + "_id": "bigi@1.4.2", + "_inCache": true, + "_installable": true, + "_location": "/bigi", + "_nodeVersion": "6.1.0", + "_npmOperationalInternal": { + "host": "packages-12-west.internal.npmjs.com", + "tmp": "tmp/bigi-1.4.2.tgz_1469584192413_0.6801238611806184" + }, + "_npmUser": { + "email": "jprichardson@gmail.com", + "name": "jprichardson" + }, + "_npmVersion": "3.8.6", + "_phantomChildren": {}, + "_requested": { + "name": "bigi", + "raw": "bigi", + "rawSpec": "", + "scope": null, + "spec": "latest", + "type": "tag" + }, + "_requiredBy": [ + "#USER", + "/bitcoinjs-lib", + "/ecurve" + ], + "_resolved": "https://registry.npmjs.org/bigi/-/bigi-1.4.2.tgz", + "_shasum": "9c665a95f88b8b08fc05cfd731f561859d725825", + "_shrinkwrap": null, + "_spec": "bigi", + "_where": "/home/ian/git/bitcoin/bitcoinjs-lib-browser", + "bugs": { + "url": "https://github.com/cryptocoinjs/bigi/issues" + }, + "dependencies": {}, + "description": "Big integers.", + "devDependencies": { + "coveralls": "^2.11.2", + "istanbul": "^0.3.5", + "jshint": "^2.5.1", + "mocha": "^2.1.0", + "mochify": "^2.1.0" + }, + "directories": {}, + "dist": { + "shasum": "9c665a95f88b8b08fc05cfd731f561859d725825", + "tarball": "https://registry.npmjs.org/bigi/-/bigi-1.4.2.tgz" + }, + "gitHead": "c25308081c896ff84702303722bf5ecd8b3f78e3", + "homepage": "https://github.com/cryptocoinjs/bigi#readme", + "keywords": [ + "cryptography", + "math", + "bitcoin", + "arbitrary", + "precision", + "arithmetic", + "big", + "integer", + "int", + "number", + "biginteger", + "bigint", + "bignumber", + "decimal", + "float" + ], + "main": "./lib/index.js", + "maintainers": [ + { + "email": "boydb@midnightdesign.ws", + "name": "midnightlightning" + }, + { + "email": "sidazhang89@gmail.com", + "name": "sidazhang" + }, + { + "email": "npm@shesek.info", + "name": "nadav" + }, + { + "email": "jprichardson@gmail.com", + "name": "jprichardson" + } + ], + "name": "bigi", + "optionalDependencies": {}, + "readme": "ERROR: No README data found!", + "repository": { + "type": "git", + "url": "git+https://github.com/cryptocoinjs/bigi.git" + }, + "scripts": { + "browser-test": "mochify --wd -R spec", + "coverage": "istanbul cover ./node_modules/.bin/_mocha -- --reporter list test/*.js", + "coveralls": "npm run-script coverage && node ./node_modules/.bin/coveralls < coverage/lcov.info", + "jshint": "jshint --config jshint.json lib/*.js ; true", + "test": "_mocha -- test/*.js", + "unit": "mocha" + }, + "testling": { + "browsers": [ + "ie/9..latest", + "firefox/latest", + "chrome/latest", + "safari/6.0..latest", + "iphone/6.0..latest", + "android-browser/4.2..latest" + ], + "files": "test/*.js", + "harness": "mocha" + }, + "version": "1.4.2" +} + +},{}],39:[function(require,module,exports){ +// Reference https://github.com/bitcoin/bips/blob/master/bip-0066.mediawiki +// Format: 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-length] [S] +// NOTE: SIGHASH byte ignored AND restricted, truncate before use + +var Buffer = require('safe-buffer').Buffer + +function check (buffer) { + if (buffer.length < 8) return false + if (buffer.length > 72) return false + if (buffer[0] !== 0x30) return false + if (buffer[1] !== buffer.length - 2) return false + if (buffer[2] !== 0x02) return false + + var lenR = buffer[3] + if (lenR === 0) return false + if (5 + lenR >= buffer.length) return false + if (buffer[4 + lenR] !== 0x02) return false + + var lenS = buffer[5 + lenR] + if (lenS === 0) return false + if ((6 + lenR + lenS) !== buffer.length) return false + + if (buffer[4] & 0x80) return false + if (lenR > 1 && (buffer[4] === 0x00) && !(buffer[5] & 0x80)) return false + + if (buffer[lenR + 6] & 0x80) return false + if (lenS > 1 && (buffer[lenR + 6] === 0x00) && !(buffer[lenR + 7] & 0x80)) return false + return true +} + +function decode (buffer) { + if (buffer.length < 8) throw new Error('DER sequence length is too short') + if (buffer.length > 72) throw new Error('DER sequence length is too long') + if (buffer[0] !== 0x30) throw new Error('Expected DER sequence') + if (buffer[1] !== buffer.length - 2) throw new Error('DER sequence length is invalid') + if (buffer[2] !== 0x02) throw new Error('Expected DER integer') + + var lenR = buffer[3] + if (lenR === 0) throw new Error('R length is zero') + if (5 + lenR >= buffer.length) throw new Error('R length is too long') + if (buffer[4 + lenR] !== 0x02) throw new Error('Expected DER integer (2)') + + var lenS = buffer[5 + lenR] + if (lenS === 0) throw new Error('S length is zero') + if ((6 + lenR + lenS) !== buffer.length) throw new Error('S length is invalid') + + if (buffer[4] & 0x80) throw new Error('R value is negative') + if (lenR > 1 && (buffer[4] === 0x00) && !(buffer[5] & 0x80)) throw new Error('R value excessively padded') + + if (buffer[lenR + 6] & 0x80) throw new Error('S value is negative') + if (lenS > 1 && (buffer[lenR + 6] === 0x00) && !(buffer[lenR + 7] & 0x80)) throw new Error('S value excessively padded') + + // non-BIP66 - extract R, S values + return { + r: buffer.slice(4, 4 + lenR), + s: buffer.slice(6 + lenR) + } +} + +/* + * Expects r and s to be positive DER integers. + * + * The DER format uses the most significant bit as a sign bit (& 0x80). + * If the significant bit is set AND the integer is positive, a 0x00 is prepended. + * + * Examples: + * + * 0 => 0x00 + * 1 => 0x01 + * -1 => 0xff + * 127 => 0x7f + * -127 => 0x81 + * 128 => 0x0080 + * -128 => 0x80 + * 255 => 0x00ff + * -255 => 0xff01 + * 16300 => 0x3fac + * -16300 => 0xc054 + * 62300 => 0x00f35c + * -62300 => 0xff0ca4 +*/ +function encode (r, s) { + var lenR = r.length + var lenS = s.length + if (lenR === 0) throw new Error('R length is zero') + if (lenS === 0) throw new Error('S length is zero') + if (lenR > 33) throw new Error('R length is too long') + if (lenS > 33) throw new Error('S length is too long') + if (r[0] & 0x80) throw new Error('R value is negative') + if (s[0] & 0x80) throw new Error('S value is negative') + if (lenR > 1 && (r[0] === 0x00) && !(r[1] & 0x80)) throw new Error('R value excessively padded') + if (lenS > 1 && (s[0] === 0x00) && !(s[1] & 0x80)) throw new Error('S value excessively padded') + + var signature = Buffer.allocUnsafe(6 + lenR + lenS) + + // 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-length] [S] + signature[0] = 0x30 + signature[1] = signature.length - 2 + signature[2] = 0x02 + signature[3] = r.length + r.copy(signature, 4) + signature[4 + lenR] = 0x02 + signature[5 + lenR] = s.length + s.copy(signature, 6 + lenR) + + return signature +} + +module.exports = { + check: check, + decode: decode, + encode: encode +} + +},{"safe-buffer":98}],40:[function(require,module,exports){ +module.exports={ + "OP_FALSE": 0, + "OP_0": 0, + "OP_PUSHDATA1": 76, + "OP_PUSHDATA2": 77, + "OP_PUSHDATA4": 78, + "OP_1NEGATE": 79, + "OP_RESERVED": 80, + "OP_1": 81, + "OP_TRUE": 81, + "OP_2": 82, + "OP_3": 83, + "OP_4": 84, + "OP_5": 85, + "OP_6": 86, + "OP_7": 87, + "OP_8": 88, + "OP_9": 89, + "OP_10": 90, + "OP_11": 91, + "OP_12": 92, + "OP_13": 93, + "OP_14": 94, + "OP_15": 95, + "OP_16": 96, + + "OP_NOP": 97, + "OP_VER": 98, + "OP_IF": 99, + "OP_NOTIF": 100, + "OP_VERIF": 101, + "OP_VERNOTIF": 102, + "OP_ELSE": 103, + "OP_ENDIF": 104, + "OP_VERIFY": 105, + "OP_RETURN": 106, + + "OP_TOALTSTACK": 107, + "OP_FROMALTSTACK": 108, + "OP_2DROP": 109, + "OP_2DUP": 110, + "OP_3DUP": 111, + "OP_2OVER": 112, + "OP_2ROT": 113, + "OP_2SWAP": 114, + "OP_IFDUP": 115, + "OP_DEPTH": 116, + "OP_DROP": 117, + "OP_DUP": 118, + "OP_NIP": 119, + "OP_OVER": 120, + "OP_PICK": 121, + "OP_ROLL": 122, + "OP_ROT": 123, + "OP_SWAP": 124, + "OP_TUCK": 125, + + "OP_CAT": 126, + "OP_SUBSTR": 127, + "OP_LEFT": 128, + "OP_RIGHT": 129, + "OP_SIZE": 130, + + "OP_INVERT": 131, + "OP_AND": 132, + "OP_OR": 133, + "OP_XOR": 134, + "OP_EQUAL": 135, + "OP_EQUALVERIFY": 136, + "OP_RESERVED1": 137, + "OP_RESERVED2": 138, + + "OP_1ADD": 139, + "OP_1SUB": 140, + "OP_2MUL": 141, + "OP_2DIV": 142, + "OP_NEGATE": 143, + "OP_ABS": 144, + "OP_NOT": 145, + "OP_0NOTEQUAL": 146, + "OP_ADD": 147, + "OP_SUB": 148, + "OP_MUL": 149, + "OP_DIV": 150, + "OP_MOD": 151, + "OP_LSHIFT": 152, + "OP_RSHIFT": 153, + + "OP_BOOLAND": 154, + "OP_BOOLOR": 155, + "OP_NUMEQUAL": 156, + "OP_NUMEQUALVERIFY": 157, + "OP_NUMNOTEQUAL": 158, + "OP_LESSTHAN": 159, + "OP_GREATERTHAN": 160, + "OP_LESSTHANOREQUAL": 161, + "OP_GREATERTHANOREQUAL": 162, + "OP_MIN": 163, + "OP_MAX": 164, + + "OP_WITHIN": 165, + + "OP_RIPEMD160": 166, + "OP_SHA1": 167, + "OP_SHA256": 168, + "OP_HASH160": 169, + "OP_HASH256": 170, + "OP_CODESEPARATOR": 171, + "OP_CHECKSIG": 172, + "OP_CHECKSIGVERIFY": 173, + "OP_CHECKMULTISIG": 174, + "OP_CHECKMULTISIGVERIFY": 175, + + "OP_NOP1": 176, + "OP_NOP2": 177, + "OP_CHECKLOCKTIMEVERIFY": 177, + + "OP_NOP3": 178, + "OP_NOP4": 179, + "OP_NOP5": 180, + "OP_NOP6": 181, + "OP_NOP7": 182, + "OP_NOP8": 183, + "OP_NOP9": 184, + "OP_NOP10": 185, + + "OP_PUBKEYHASH": 253, + "OP_PUBKEY": 254, + "OP_INVALIDOPCODE": 255 +} + +},{}],41:[function(require,module,exports){ +var OPS = require('./index.json') + +var map = {} +for (var op in OPS) { + var code = OPS[op] + map[code] = op +} + +module.exports = map + +},{"./index.json":40}],42:[function(require,module,exports){ +var Buffer = require('safe-buffer').Buffer +var bs58check = require('bs58check') +var bscript = require('./script') +var networks = require('./networks') +var typeforce = require('typeforce') +var types = require('./types') + +function fromBase58Check (address) { + var payload = bs58check.decode(address) + if (payload.length < 21) throw new TypeError(address + ' is too short') + if (payload.length > 21) throw new TypeError(address + ' is too long') + + var version = payload.readUInt8(0) + var hash = payload.slice(1) + + return { hash: hash, version: version } +} + +function toBase58Check (hash, version) { + typeforce(types.tuple(types.Hash160bit, types.UInt8), arguments) + + var payload = Buffer.allocUnsafe(21) + payload.writeUInt8(version, 0) + hash.copy(payload, 1) + + return bs58check.encode(payload) +} + +function fromOutputScript (outputScript, network) { + network = network || networks.bitcoin + + if (bscript.pubKeyHash.output.check(outputScript)) return toBase58Check(bscript.compile(outputScript).slice(3, 23), network.pubKeyHash) + if (bscript.scriptHash.output.check(outputScript)) return toBase58Check(bscript.compile(outputScript).slice(2, 22), network.scriptHash) + + throw new Error(bscript.toASM(outputScript) + ' has no matching Address') +} + +function toOutputScript (address, network) { + network = network || networks.bitcoin + + var decode = fromBase58Check(address) + if (decode.version === network.pubKeyHash) return bscript.pubKeyHash.output.encode(decode.hash) + if (decode.version === network.scriptHash) return bscript.scriptHash.output.encode(decode.hash) + + throw new Error(address + ' has no matching Script') +} + +module.exports = { + fromBase58Check: fromBase58Check, + fromOutputScript: fromOutputScript, + toBase58Check: toBase58Check, + toOutputScript: toOutputScript +} + +},{"./networks":51,"./script":52,"./types":78,"bs58check":80,"safe-buffer":98,"typeforce":109}],43:[function(require,module,exports){ +var Buffer = require('safe-buffer').Buffer +var bcrypto = require('./crypto') +var fastMerkleRoot = require('merkle-lib/fastRoot') +var typeforce = require('typeforce') +var types = require('./types') +var varuint = require('varuint-bitcoin') + +var Transaction = require('./transaction') + +function Block () { + this.version = 1 + this.prevHash = null + this.merkleRoot = null + this.timestamp = 0 + this.bits = 0 + this.nonce = 0 +} + +Block.fromBuffer = function (buffer) { + if (buffer.length < 80) throw new Error('Buffer too small (< 80 bytes)') + + var offset = 0 + function readSlice (n) { + offset += n + return buffer.slice(offset - n, offset) + } + + function readUInt32 () { + var i = buffer.readUInt32LE(offset) + offset += 4 + return i + } + + function readInt32 () { + var i = buffer.readInt32LE(offset) + offset += 4 + return i + } + + var block = new Block() + block.version = readInt32() + block.prevHash = readSlice(32) + block.merkleRoot = readSlice(32) + block.timestamp = readUInt32() + block.bits = readUInt32() + block.nonce = readUInt32() + + if (buffer.length === 80) return block + + function readVarInt () { + var vi = varuint.decode(buffer, offset) + offset += varuint.decode.bytes + return vi + } + + function readTransaction () { + var tx = Transaction.fromBuffer(buffer.slice(offset), true) + offset += tx.byteLength() + return tx + } + + var nTransactions = readVarInt() + block.transactions = [] + + for (var i = 0; i < nTransactions; ++i) { + var tx = readTransaction() + block.transactions.push(tx) + } + + return block +} + +Block.prototype.byteLength = function (headersOnly) { + if (headersOnly || !this.transactions) return 80 + + return 80 + varuint.encodingLength(this.transactions.length) + this.transactions.reduce(function (a, x) { + return a + x.byteLength() + }, 0) +} + +Block.fromHex = function (hex) { + return Block.fromBuffer(Buffer.from(hex, 'hex')) +} + +Block.prototype.getHash = function () { + return bcrypto.hash256(this.toBuffer(true)) +} + +Block.prototype.getId = function () { + return this.getHash().reverse().toString('hex') +} + +Block.prototype.getUTCDate = function () { + var date = new Date(0) // epoch + date.setUTCSeconds(this.timestamp) + + return date +} + +// TODO: buffer, offset compatibility +Block.prototype.toBuffer = function (headersOnly) { + var buffer = Buffer.allocUnsafe(this.byteLength(headersOnly)) + + var offset = 0 + function writeSlice (slice) { + slice.copy(buffer, offset) + offset += slice.length + } + + function writeInt32 (i) { + buffer.writeInt32LE(i, offset) + offset += 4 + } + function writeUInt32 (i) { + buffer.writeUInt32LE(i, offset) + offset += 4 + } + + writeInt32(this.version) + writeSlice(this.prevHash) + writeSlice(this.merkleRoot) + writeUInt32(this.timestamp) + writeUInt32(this.bits) + writeUInt32(this.nonce) + + if (headersOnly || !this.transactions) return buffer + + varuint.encode(this.transactions.length, buffer, offset) + offset += varuint.encode.bytes + + this.transactions.forEach(function (tx) { + var txSize = tx.byteLength() // TODO: extract from toBuffer? + tx.toBuffer(buffer, offset) + offset += txSize + }) + + return buffer +} + +Block.prototype.toHex = function (headersOnly) { + return this.toBuffer(headersOnly).toString('hex') +} + +Block.calculateTarget = function (bits) { + var exponent = ((bits & 0xff000000) >> 24) - 3 + var mantissa = bits & 0x007fffff + var target = Buffer.alloc(32, 0) + target.writeUInt32BE(mantissa, 28 - exponent) + return target +} + +Block.calculateMerkleRoot = function (transactions) { + typeforce([{ getHash: types.Function }], transactions) + if (transactions.length === 0) throw TypeError('Cannot compute merkle root for zero transactions') + + var hashes = transactions.map(function (transaction) { + return transaction.getHash() + }) + + return fastMerkleRoot(hashes, bcrypto.hash256) +} + +Block.prototype.checkMerkleRoot = function () { + if (!this.transactions) return false + + var actualMerkleRoot = Block.calculateMerkleRoot(this.transactions) + return this.merkleRoot.compare(actualMerkleRoot) === 0 +} + +Block.prototype.checkProofOfWork = function () { + var hash = this.getHash().reverse() + var target = Block.calculateTarget(this.bits) + + return hash.compare(target) <= 0 +} + +module.exports = Block + +},{"./crypto":45,"./transaction":76,"./types":78,"merkle-lib/fastRoot":94,"safe-buffer":98,"typeforce":109,"varuint-bitcoin":111}],44:[function(require,module,exports){ +var pushdata = require('pushdata-bitcoin') +var varuint = require('varuint-bitcoin') + +// https://github.com/feross/buffer/blob/master/index.js#L1127 +function verifuint (value, max) { + if (typeof value !== 'number') throw new Error('cannot write a non-number as a number') + if (value < 0) throw new Error('specified a negative value for writing an unsigned value') + if (value > max) throw new Error('RangeError: value out of range') + if (Math.floor(value) !== value) throw new Error('value has a fractional component') +} + +function readUInt64LE (buffer, offset) { + var a = buffer.readUInt32LE(offset) + var b = buffer.readUInt32LE(offset + 4) + b *= 0x100000000 + + verifuint(b + a, 0x001fffffffffffff) + + return b + a +} + +function writeUInt64LE (buffer, value, offset) { + verifuint(value, 0x001fffffffffffff) + + buffer.writeInt32LE(value & -1, offset) + buffer.writeUInt32LE(Math.floor(value / 0x100000000), offset + 4) + return offset + 8 +} + +// TODO: remove in 4.0.0? +function readVarInt (buffer, offset) { + var result = varuint.decode(buffer, offset) + + return { + number: result, + size: varuint.decode.bytes + } +} + +// TODO: remove in 4.0.0? +function writeVarInt (buffer, number, offset) { + varuint.encode(number, buffer, offset) + return varuint.encode.bytes +} + +module.exports = { + pushDataSize: pushdata.encodingLength, + readPushDataInt: pushdata.decode, + readUInt64LE: readUInt64LE, + readVarInt: readVarInt, + varIntBuffer: varuint.encode, + varIntSize: varuint.encodingLength, + writePushDataInt: pushdata.encode, + writeUInt64LE: writeUInt64LE, + writeVarInt: writeVarInt +} + +},{"pushdata-bitcoin":95,"varuint-bitcoin":111}],45:[function(require,module,exports){ +var createHash = require('create-hash') + +function ripemd160 (buffer) { + return createHash('rmd160').update(buffer).digest() +} + +function sha1 (buffer) { + return createHash('sha1').update(buffer).digest() +} + +function sha256 (buffer) { + return createHash('sha256').update(buffer).digest() +} + +function hash160 (buffer) { + return ripemd160(sha256(buffer)) +} + +function hash256 (buffer) { + return sha256(sha256(buffer)) +} + +module.exports = { + hash160: hash160, + hash256: hash256, + ripemd160: ripemd160, + sha1: sha1, + sha256: sha256 +} + +},{"create-hash":82}],46:[function(require,module,exports){ +var Buffer = require('safe-buffer').Buffer +var createHmac = require('create-hmac') +var typeforce = require('typeforce') +var types = require('./types') + +var BigInteger = require('bigi') +var ECSignature = require('./ecsignature') + +var ZERO = Buffer.alloc(1, 0) +var ONE = Buffer.alloc(1, 1) + +var ecurve = require('ecurve') +var secp256k1 = ecurve.getCurveByName('secp256k1') + +// https://tools.ietf.org/html/rfc6979#section-3.2 +function deterministicGenerateK (hash, x, checkSig) { + typeforce(types.tuple( + types.Hash256bit, + types.Buffer256bit, + types.Function + ), arguments) + + // Step A, ignored as hash already provided + // Step B + // Step C + var k = Buffer.alloc(32, 0) + var v = Buffer.alloc(32, 1) + + // Step D + k = createHmac('sha256', k) + .update(v) + .update(ZERO) + .update(x) + .update(hash) + .digest() + + // Step E + v = createHmac('sha256', k).update(v).digest() + + // Step F + k = createHmac('sha256', k) + .update(v) + .update(ONE) + .update(x) + .update(hash) + .digest() + + // Step G + v = createHmac('sha256', k).update(v).digest() + + // Step H1/H2a, ignored as tlen === qlen (256 bit) + // Step H2b + v = createHmac('sha256', k).update(v).digest() + + var T = BigInteger.fromBuffer(v) + + // Step H3, repeat until T is within the interval [1, n - 1] and is suitable for ECDSA + while (T.signum() <= 0 || T.compareTo(secp256k1.n) >= 0 || !checkSig(T)) { + k = createHmac('sha256', k) + .update(v) + .update(ZERO) + .digest() + + v = createHmac('sha256', k).update(v).digest() + + // Step H1/H2a, again, ignored as tlen === qlen (256 bit) + // Step H2b again + v = createHmac('sha256', k).update(v).digest() + T = BigInteger.fromBuffer(v) + } + + return T +} + +var N_OVER_TWO = secp256k1.n.shiftRight(1) + +function sign (hash, d) { + typeforce(types.tuple(types.Hash256bit, types.BigInt), arguments) + + var x = d.toBuffer(32) + var e = BigInteger.fromBuffer(hash) + var n = secp256k1.n + var G = secp256k1.G + + var r, s + deterministicGenerateK(hash, x, function (k) { + var Q = G.multiply(k) + + if (secp256k1.isInfinity(Q)) return false + + r = Q.affineX.mod(n) + if (r.signum() === 0) return false + + s = k.modInverse(n).multiply(e.add(d.multiply(r))).mod(n) + if (s.signum() === 0) return false + + return true + }) + + // enforce low S values, see bip62: 'low s values in signatures' + if (s.compareTo(N_OVER_TWO) > 0) { + s = n.subtract(s) + } + + return new ECSignature(r, s) +} + +function verify (hash, signature, Q) { + typeforce(types.tuple( + types.Hash256bit, + types.ECSignature, + types.ECPoint + ), arguments) + + var n = secp256k1.n + var G = secp256k1.G + + var r = signature.r + var s = signature.s + + // 1.4.1 Enforce r and s are both integers in the interval [1, n − 1] + if (r.signum() <= 0 || r.compareTo(n) >= 0) return false + if (s.signum() <= 0 || s.compareTo(n) >= 0) return false + + // 1.4.2 H = Hash(M), already done by the user + // 1.4.3 e = H + var e = BigInteger.fromBuffer(hash) + + // Compute s^-1 + var sInv = s.modInverse(n) + + // 1.4.4 Compute u1 = es^−1 mod n + // u2 = rs^−1 mod n + var u1 = e.multiply(sInv).mod(n) + var u2 = r.multiply(sInv).mod(n) + + // 1.4.5 Compute R = (xR, yR) + // R = u1G + u2Q + var R = G.multiplyTwo(u1, Q, u2) + + // 1.4.5 (cont.) Enforce R is not at infinity + if (secp256k1.isInfinity(R)) return false + + // 1.4.6 Convert the field element R.x to an integer + var xR = R.affineX + + // 1.4.7 Set v = xR mod n + var v = xR.mod(n) + + // 1.4.8 If v = r, output "valid", and if v != r, output "invalid" + return v.equals(r) +} + +module.exports = { + deterministicGenerateK: deterministicGenerateK, + sign: sign, + verify: verify, + + // TODO: remove + __curve: secp256k1 +} + +},{"./ecsignature":48,"./types":78,"bigi":37,"create-hmac":85,"ecurve":89,"safe-buffer":98,"typeforce":109}],47:[function(require,module,exports){ +var baddress = require('./address') +var bcrypto = require('./crypto') +var ecdsa = require('./ecdsa') +var randomBytes = require('randombytes') +var typeforce = require('typeforce') +var types = require('./types') +var wif = require('wif') + +var NETWORKS = require('./networks') +var BigInteger = require('bigi') + +var ecurve = require('ecurve') +var secp256k1 = ecdsa.__curve + +function ECPair (d, Q, options) { + if (options) { + typeforce({ + compressed: types.maybe(types.Boolean), + network: types.maybe(types.Network) + }, options) + } + + options = options || {} + + if (d) { + if (d.signum() <= 0) throw new Error('Private key must be greater than 0') + if (d.compareTo(secp256k1.n) >= 0) throw new Error('Private key must be less than the curve order') + if (Q) throw new TypeError('Unexpected publicKey parameter') + + this.d = d + } else { + typeforce(types.ECPoint, Q) + + this.__Q = Q + } + + this.compressed = options.compressed === undefined ? true : options.compressed + this.network = options.network || NETWORKS.bitcoin +} + +Object.defineProperty(ECPair.prototype, 'Q', { + get: function () { + if (!this.__Q && this.d) { + this.__Q = secp256k1.G.multiply(this.d) + } + + return this.__Q + } +}) + +ECPair.fromPublicKeyBuffer = function (buffer, network) { + var Q = ecurve.Point.decodeFrom(secp256k1, buffer) + + return new ECPair(null, Q, { + compressed: Q.compressed, + network: network + }) +} + +ECPair.fromWIF = function (string, network) { + var decoded = wif.decode(string) + var version = decoded.version + + // list of networks? + if (types.Array(network)) { + network = network.filter(function (x) { + return version === x.wif + }).pop() + + if (!network) throw new Error('Unknown network version') + + // otherwise, assume a network object (or default to bitcoin) + } else { + network = network || NETWORKS.bitcoin + + if (version !== network.wif) throw new Error('Invalid network version') + } + + var d = BigInteger.fromBuffer(decoded.privateKey) + + return new ECPair(d, null, { + compressed: decoded.compressed, + network: network + }) +} + +ECPair.makeRandom = function (options) { + options = options || {} + + var rng = options.rng || randomBytes + + var d + do { + var buffer = rng(32) + typeforce(types.Buffer256bit, buffer) + + d = BigInteger.fromBuffer(buffer) + } while (d.signum() <= 0 || d.compareTo(secp256k1.n) >= 0) + + return new ECPair(d, null, options) +} + +ECPair.prototype.getAddress = function () { + return baddress.toBase58Check(bcrypto.hash160(this.getPublicKeyBuffer()), this.getNetwork().pubKeyHash) +} + +ECPair.prototype.getNetwork = function () { + return this.network +} + +ECPair.prototype.getPublicKeyBuffer = function () { + return this.Q.getEncoded(this.compressed) +} + +ECPair.prototype.sign = function (hash) { + if (!this.d) throw new Error('Missing private key') + + return ecdsa.sign(hash, this.d) +} + +ECPair.prototype.toWIF = function () { + if (!this.d) throw new Error('Missing private key') + + return wif.encode(this.network.wif, this.d.toBuffer(32), this.compressed) +} + +ECPair.prototype.verify = function (hash, signature) { + return ecdsa.verify(hash, signature, this.Q) +} + +module.exports = ECPair + +},{"./address":42,"./crypto":45,"./ecdsa":46,"./networks":51,"./types":78,"bigi":37,"ecurve":89,"randombytes":96,"typeforce":109,"wif":112}],48:[function(require,module,exports){ +(function (Buffer){ +var bip66 = require('bip66') +var typeforce = require('typeforce') +var types = require('./types') + +var BigInteger = require('bigi') + +function ECSignature (r, s) { + typeforce(types.tuple(types.BigInt, types.BigInt), arguments) + + this.r = r + this.s = s +} + +ECSignature.parseCompact = function (buffer) { + if (buffer.length !== 65) throw new Error('Invalid signature length') + + var flagByte = buffer.readUInt8(0) - 27 + if (flagByte !== (flagByte & 7)) throw new Error('Invalid signature parameter') + + var compressed = !!(flagByte & 4) + var recoveryParam = flagByte & 3 + + var r = BigInteger.fromBuffer(buffer.slice(1, 33)) + var s = BigInteger.fromBuffer(buffer.slice(33)) + + return { + compressed: compressed, + i: recoveryParam, + signature: new ECSignature(r, s) + } +} + +ECSignature.fromDER = function (buffer) { + var decode = bip66.decode(buffer) + var r = BigInteger.fromDERInteger(decode.r) + var s = BigInteger.fromDERInteger(decode.s) + + return new ECSignature(r, s) +} + +// BIP62: 1 byte hashType flag (only 0x01, 0x02, 0x03, 0x81, 0x82 and 0x83 are allowed) +ECSignature.parseScriptSignature = function (buffer) { + var hashType = buffer.readUInt8(buffer.length - 1) + var hashTypeMod = hashType & ~0x80 + + if (hashTypeMod <= 0x00 || hashTypeMod >= 0x04) throw new Error('Invalid hashType ' + hashType) + + return { + signature: ECSignature.fromDER(buffer.slice(0, -1)), + hashType: hashType + } +} + +ECSignature.prototype.toCompact = function (i, compressed) { + if (compressed) { + i += 4 + } + + i += 27 + + var buffer = Buffer.alloc(65) + buffer.writeUInt8(i, 0) + this.r.toBuffer(32).copy(buffer, 1) + this.s.toBuffer(32).copy(buffer, 33) + + return buffer +} + +ECSignature.prototype.toDER = function () { + var r = Buffer.from(this.r.toDERInteger()) + var s = Buffer.from(this.s.toDERInteger()) + + return bip66.encode(r, s) +} + +ECSignature.prototype.toScriptSignature = function (hashType) { + var hashTypeMod = hashType & ~0x80 + if (hashTypeMod <= 0 || hashTypeMod >= 4) throw new Error('Invalid hashType ' + hashType) + + var hashTypeBuffer = Buffer.alloc(1) + hashTypeBuffer.writeUInt8(hashType, 0) + + return Buffer.concat([this.toDER(), hashTypeBuffer]) +} + +module.exports = ECSignature + +}).call(this,require("buffer").Buffer) +},{"./types":78,"bigi":37,"bip66":39,"buffer":4,"typeforce":109}],49:[function(require,module,exports){ +var Buffer = require('safe-buffer').Buffer +var base58check = require('bs58check') +var bcrypto = require('./crypto') +var createHmac = require('create-hmac') +var typeforce = require('typeforce') +var types = require('./types') +var NETWORKS = require('./networks') + +var BigInteger = require('bigi') +var ECPair = require('./ecpair') + +var ecurve = require('ecurve') +var curve = ecurve.getCurveByName('secp256k1') + +function HDNode (keyPair, chainCode) { + typeforce(types.tuple('ECPair', types.Buffer256bit), arguments) + + if (!keyPair.compressed) throw new TypeError('BIP32 only allows compressed keyPairs') + + this.keyPair = keyPair + this.chainCode = chainCode + this.depth = 0 + this.index = 0 + this.parentFingerprint = 0x00000000 +} + +HDNode.HIGHEST_BIT = 0x80000000 +HDNode.LENGTH = 78 +HDNode.MASTER_SECRET = Buffer.from('Bitcoin seed', 'utf8') + +HDNode.fromSeedBuffer = function (seed, network) { + typeforce(types.tuple(types.Buffer, types.maybe(types.Network)), arguments) + + if (seed.length < 16) throw new TypeError('Seed should be at least 128 bits') + if (seed.length > 64) throw new TypeError('Seed should be at most 512 bits') + + var I = createHmac('sha512', HDNode.MASTER_SECRET).update(seed).digest() + var IL = I.slice(0, 32) + var IR = I.slice(32) + + // In case IL is 0 or >= n, the master key is invalid + // This is handled by the ECPair constructor + var pIL = BigInteger.fromBuffer(IL) + var keyPair = new ECPair(pIL, null, { + network: network + }) + + return new HDNode(keyPair, IR) +} + +HDNode.fromSeedHex = function (hex, network) { + return HDNode.fromSeedBuffer(Buffer.from(hex, 'hex'), network) +} + +HDNode.fromBase58 = function (string, networks) { + var buffer = base58check.decode(string) + if (buffer.length !== 78) throw new Error('Invalid buffer length') + + // 4 bytes: version bytes + var version = buffer.readUInt32BE(0) + var network + + // list of networks? + if (Array.isArray(networks)) { + network = networks.filter(function (x) { + return version === x.bip32.private || + version === x.bip32.public + }).pop() + + if (!network) throw new Error('Unknown network version') + + // otherwise, assume a network object (or default to bitcoin) + } else { + network = networks || NETWORKS.bitcoin + } + + if (version !== network.bip32.private && + version !== network.bip32.public) throw new Error('Invalid network version') + + // 1 byte: depth: 0x00 for master nodes, 0x01 for level-1 descendants, ... + var depth = buffer[4] + + // 4 bytes: the fingerprint of the parent's key (0x00000000 if master key) + var parentFingerprint = buffer.readUInt32BE(5) + if (depth === 0) { + if (parentFingerprint !== 0x00000000) throw new Error('Invalid parent fingerprint') + } + + // 4 bytes: child number. This is the number i in xi = xpar/i, with xi the key being serialized. + // This is encoded in MSB order. (0x00000000 if master key) + var index = buffer.readUInt32BE(9) + if (depth === 0 && index !== 0) throw new Error('Invalid index') + + // 32 bytes: the chain code + var chainCode = buffer.slice(13, 45) + var keyPair + + // 33 bytes: private key data (0x00 + k) + if (version === network.bip32.private) { + if (buffer.readUInt8(45) !== 0x00) throw new Error('Invalid private key') + + var d = BigInteger.fromBuffer(buffer.slice(46, 78)) + keyPair = new ECPair(d, null, { network: network }) + + // 33 bytes: public key data (0x02 + X or 0x03 + X) + } else { + var Q = ecurve.Point.decodeFrom(curve, buffer.slice(45, 78)) + // Q.compressed is assumed, if somehow this assumption is broken, `new HDNode` will throw + + // Verify that the X coordinate in the public point corresponds to a point on the curve. + // If not, the extended public key is invalid. + curve.validate(Q) + + keyPair = new ECPair(null, Q, { network: network }) + } + + var hd = new HDNode(keyPair, chainCode) + hd.depth = depth + hd.index = index + hd.parentFingerprint = parentFingerprint + + return hd +} + +HDNode.prototype.getAddress = function () { + return this.keyPair.getAddress() +} + +HDNode.prototype.getIdentifier = function () { + return bcrypto.hash160(this.keyPair.getPublicKeyBuffer()) +} + +HDNode.prototype.getFingerprint = function () { + return this.getIdentifier().slice(0, 4) +} + +HDNode.prototype.getNetwork = function () { + return this.keyPair.getNetwork() +} + +HDNode.prototype.getPublicKeyBuffer = function () { + return this.keyPair.getPublicKeyBuffer() +} + +HDNode.prototype.neutered = function () { + var neuteredKeyPair = new ECPair(null, this.keyPair.Q, { + network: this.keyPair.network + }) + + var neutered = new HDNode(neuteredKeyPair, this.chainCode) + neutered.depth = this.depth + neutered.index = this.index + neutered.parentFingerprint = this.parentFingerprint + + return neutered +} + +HDNode.prototype.sign = function (hash) { + return this.keyPair.sign(hash) +} + +HDNode.prototype.verify = function (hash, signature) { + return this.keyPair.verify(hash, signature) +} + +HDNode.prototype.toBase58 = function (__isPrivate) { + if (__isPrivate !== undefined) throw new TypeError('Unsupported argument in 2.0.0') + + // Version + var network = this.keyPair.network + var version = (!this.isNeutered()) ? network.bip32.private : network.bip32.public + var buffer = Buffer.allocUnsafe(78) + + // 4 bytes: version bytes + buffer.writeUInt32BE(version, 0) + + // 1 byte: depth: 0x00 for master nodes, 0x01 for level-1 descendants, .... + buffer.writeUInt8(this.depth, 4) + + // 4 bytes: the fingerprint of the parent's key (0x00000000 if master key) + buffer.writeUInt32BE(this.parentFingerprint, 5) + + // 4 bytes: child number. This is the number i in xi = xpar/i, with xi the key being serialized. + // This is encoded in big endian. (0x00000000 if master key) + buffer.writeUInt32BE(this.index, 9) + + // 32 bytes: the chain code + this.chainCode.copy(buffer, 13) + + // 33 bytes: the public key or private key data + if (!this.isNeutered()) { + // 0x00 + k for private keys + buffer.writeUInt8(0, 45) + this.keyPair.d.toBuffer(32).copy(buffer, 46) + + // 33 bytes: the public key + } else { + // X9.62 encoding for public keys + this.keyPair.getPublicKeyBuffer().copy(buffer, 45) + } + + return base58check.encode(buffer) +} + +// https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#child-key-derivation-ckd-functions +HDNode.prototype.derive = function (index) { + typeforce(types.UInt32, index) + + var isHardened = index >= HDNode.HIGHEST_BIT + var data = Buffer.allocUnsafe(37) + + // Hardened child + if (isHardened) { + if (this.isNeutered()) throw new TypeError('Could not derive hardened child key') + + // data = 0x00 || ser256(kpar) || ser32(index) + data[0] = 0x00 + this.keyPair.d.toBuffer(32).copy(data, 1) + data.writeUInt32BE(index, 33) + + // Normal child + } else { + // data = serP(point(kpar)) || ser32(index) + // = serP(Kpar) || ser32(index) + this.keyPair.getPublicKeyBuffer().copy(data, 0) + data.writeUInt32BE(index, 33) + } + + var I = createHmac('sha512', this.chainCode).update(data).digest() + var IL = I.slice(0, 32) + var IR = I.slice(32) + + var pIL = BigInteger.fromBuffer(IL) + + // In case parse256(IL) >= n, proceed with the next value for i + if (pIL.compareTo(curve.n) >= 0) { + return this.derive(index + 1) + } + + // Private parent key -> private child key + var derivedKeyPair + if (!this.isNeutered()) { + // ki = parse256(IL) + kpar (mod n) + var ki = pIL.add(this.keyPair.d).mod(curve.n) + + // In case ki == 0, proceed with the next value for i + if (ki.signum() === 0) { + return this.derive(index + 1) + } + + derivedKeyPair = new ECPair(ki, null, { + network: this.keyPair.network + }) + + // Public parent key -> public child key + } else { + // Ki = point(parse256(IL)) + Kpar + // = G*IL + Kpar + var Ki = curve.G.multiply(pIL).add(this.keyPair.Q) + + // In case Ki is the point at infinity, proceed with the next value for i + if (curve.isInfinity(Ki)) { + return this.derive(index + 1) + } + + derivedKeyPair = new ECPair(null, Ki, { + network: this.keyPair.network + }) + } + + var hd = new HDNode(derivedKeyPair, IR) + hd.depth = this.depth + 1 + hd.index = index + hd.parentFingerprint = this.getFingerprint().readUInt32BE(0) + + return hd +} + +HDNode.prototype.deriveHardened = function (index) { + typeforce(types.UInt31, index) + + // Only derives hardened private keys by default + return this.derive(index + HDNode.HIGHEST_BIT) +} + +// Private === not neutered +// Public === neutered +HDNode.prototype.isNeutered = function () { + return !(this.keyPair.d) +} + +HDNode.prototype.derivePath = function (path) { + typeforce(types.BIP32Path, path) + + var splitPath = path.split('/') + if (splitPath[0] === 'm') { + if (this.parentFingerprint) { + throw new Error('Not a master node') + } + + splitPath = splitPath.slice(1) + } + + return splitPath.reduce(function (prevHd, indexStr) { + var index + if (indexStr.slice(-1) === "'") { + index = parseInt(indexStr.slice(0, -1), 10) + return prevHd.deriveHardened(index) + } else { + index = parseInt(indexStr, 10) + return prevHd.derive(index) + } + }, this) +} + +module.exports = HDNode + +},{"./crypto":45,"./ecpair":47,"./networks":51,"./types":78,"bigi":37,"bs58check":80,"create-hmac":85,"ecurve":89,"safe-buffer":98,"typeforce":109}],50:[function(require,module,exports){ +module.exports = { + Block: require('./block'), + ECPair: require('./ecpair'), + ECSignature: require('./ecsignature'), + HDNode: require('./hdnode'), + Transaction: require('./transaction'), + TransactionBuilder: require('./transaction_builder'), + + address: require('./address'), + bufferutils: require('./bufferutils'), // TODO: remove in 4.0.0 + crypto: require('./crypto'), + networks: require('./networks'), + opcodes: require('bitcoin-ops'), + script: require('./script') +} + +},{"./address":42,"./block":43,"./bufferutils":44,"./crypto":45,"./ecpair":47,"./ecsignature":48,"./hdnode":49,"./networks":51,"./script":52,"./transaction":76,"./transaction_builder":77,"bitcoin-ops":40}],51:[function(require,module,exports){ +// https://en.bitcoin.it/wiki/List_of_address_prefixes +// Dogecoin BIP32 is a proposed standard: https://bitcointalk.org/index.php?topic=409731 + +module.exports = { + bitcoin: { + messagePrefix: '\x18Bitcoin Signed Message:\n', + bip32: { + public: 0x0488b21e, + private: 0x0488ade4 + }, + pubKeyHash: 0x00, + scriptHash: 0x05, + wif: 0x80 + }, + testnet: { + messagePrefix: '\x18Bitcoin Signed Message:\n', + bip32: { + public: 0x043587cf, + private: 0x04358394 + }, + pubKeyHash: 0x6f, + scriptHash: 0xc4, + wif: 0xef + }, + litecoin: { + messagePrefix: '\x19Litecoin Signed Message:\n', + bip32: { + public: 0x0488b21e, + private: 0x0488ade4, + }, + pubKeyHash: 0x30, + scriptHash: 0x32, + wif: 0xb0 + }, + litecoinLtub: { + messagePrefix: '\x19Litecoin Signed Message:\n', + bip32: { + public: 0x019da462, + private: 0x019d9cfe + }, + pubKeyHash: 0x30, + scriptHash: 0x32, + wif: 0xb0 + } +} + +},{}],52:[function(require,module,exports){ +var Buffer = require('safe-buffer').Buffer +var bip66 = require('bip66') +var pushdata = require('pushdata-bitcoin') +var typeforce = require('typeforce') +var types = require('./types') +var scriptNumber = require('./script_number') + +var OPS = require('bitcoin-ops') +var REVERSE_OPS = require('bitcoin-ops/map') +var OP_INT_BASE = OPS.OP_RESERVED // OP_1 - 1 + +function isOPInt (value) { + return types.Number(value) && + ((value === OPS.OP_0) || + (value >= OPS.OP_1 && value <= OPS.OP_16) || + (value === OPS.OP_1NEGATE)) +} + +function isPushOnlyChunk (value) { + return types.Buffer(value) || isOPInt(value) +} + +function isPushOnly (value) { + return types.Array(value) && value.every(isPushOnlyChunk) +} + +function compile (chunks) { + // TODO: remove me + if (Buffer.isBuffer(chunks)) return chunks + + typeforce(types.Array, chunks) + + var bufferSize = chunks.reduce(function (accum, chunk) { + // data chunk + if (Buffer.isBuffer(chunk)) { + // adhere to BIP62.3, minimal push policy + if (chunk.length === 1 && (chunk[0] === 0x81 || (chunk[0] >= 1 && chunk[0] <= 16))) { + return accum + 1 + } + + return accum + pushdata.encodingLength(chunk.length) + chunk.length + } + + // opcode + return accum + 1 + }, 0.0) + + var buffer = Buffer.allocUnsafe(bufferSize) + var offset = 0 + + chunks.forEach(function (chunk) { + // data chunk + if (Buffer.isBuffer(chunk)) { + // adhere to BIP62.3, minimal push policy + if (chunk.length === 1 && chunk[0] >= 1 && chunk[0] <= 16) { + var opcode = OP_INT_BASE + chunk[0] + buffer.writeUInt8(opcode, offset) + offset += 1 + return + } + + if (chunk.length === 1 && chunk[0] === 0x81) { + buffer.writeUInt8(OPS.OP_1NEGATE, offset) + offset += 1 + return + } + + offset += pushdata.encode(buffer, chunk.length, offset) + + chunk.copy(buffer, offset) + offset += chunk.length + + // opcode + } else { + buffer.writeUInt8(chunk, offset) + offset += 1 + } + }) + + if (offset !== buffer.length) throw new Error('Could not decode chunks') + return buffer +} + +function decompile (buffer) { + // TODO: remove me + if (types.Array(buffer)) return buffer + + typeforce(types.Buffer, buffer) + + var chunks = [] + var i = 0 + + while (i < buffer.length) { + var opcode = buffer[i] + + // data chunk + if ((opcode > OPS.OP_0) && (opcode <= OPS.OP_PUSHDATA4)) { + var d = pushdata.decode(buffer, i) + + // did reading a pushDataInt fail? empty script + if (d === null) return [] + i += d.size + + // attempt to read too much data? empty script + if (i + d.number > buffer.length) return [] + + var data = buffer.slice(i, i + d.number) + i += d.number + + chunks.push(data) + + // opcode + } else { + chunks.push(opcode) + + i += 1 + } + } + + return chunks +} + +function toASM (chunks) { + if (Buffer.isBuffer(chunks)) { + chunks = decompile(chunks) + } + + return chunks.map(function (chunk) { + // data? + if (Buffer.isBuffer(chunk)) return chunk.toString('hex') + + // opcode! + return REVERSE_OPS[chunk] + }).join(' ') +} + +function fromASM (asm) { + typeforce(types.String, asm) + + return compile(asm.split(' ').map(function (chunkStr) { + // opcode? + if (OPS[chunkStr] !== undefined) return OPS[chunkStr] + typeforce(types.Hex, chunkStr) + + // data! + return Buffer.from(chunkStr, 'hex') + })) +} + +function toStack (chunks) { + chunks = decompile(chunks) + typeforce(isPushOnly, chunks) + + return chunks.map(function (op) { + if (Buffer.isBuffer(op)) return op + if (op === OPS.OP_0) return Buffer.allocUnsafe(0) + + return scriptNumber.encode(op - OP_INT_BASE) + }) +} + +function isCanonicalPubKey (buffer) { + if (!Buffer.isBuffer(buffer)) return false + if (buffer.length < 33) return false + + switch (buffer[0]) { + case 0x02: + case 0x03: + return buffer.length === 33 + case 0x04: + return buffer.length === 65 + } + + return false +} + +function isDefinedHashType (hashType) { + var hashTypeMod = hashType & ~0x80 + +// return hashTypeMod > SIGHASH_ALL && hashTypeMod < SIGHASH_SINGLE + return hashTypeMod > 0x00 && hashTypeMod < 0x04 +} + +function isCanonicalSignature (buffer) { + if (!Buffer.isBuffer(buffer)) return false + if (!isDefinedHashType(buffer[buffer.length - 1])) return false + + return bip66.check(buffer.slice(0, -1)) +} + +module.exports = { + compile: compile, + decompile: decompile, + fromASM: fromASM, + toASM: toASM, + toStack: toStack, + + number: require('./script_number'), + + isCanonicalPubKey: isCanonicalPubKey, + isCanonicalSignature: isCanonicalSignature, + isPushOnly: isPushOnly, + isDefinedHashType: isDefinedHashType +} + +var templates = require('./templates') +for (var key in templates) { + module.exports[key] = templates[key] +} + +},{"./script_number":53,"./templates":54,"./types":78,"bip66":39,"bitcoin-ops":40,"bitcoin-ops/map":41,"pushdata-bitcoin":95,"safe-buffer":98,"typeforce":109}],53:[function(require,module,exports){ +var Buffer = require('safe-buffer').Buffer + +function decode (buffer, maxLength, minimal) { + maxLength = maxLength || 4 + minimal = minimal === undefined ? true : minimal + + var length = buffer.length + if (length === 0) return 0 + if (length > maxLength) throw new TypeError('Script number overflow') + if (minimal) { + if ((buffer[length - 1] & 0x7f) === 0) { + if (length <= 1 || (buffer[length - 2] & 0x80) === 0) throw new Error('Non-minimally encoded script number') + } + } + + // 40-bit + if (length === 5) { + var a = buffer.readUInt32LE(0) + var b = buffer.readUInt8(4) + + if (b & 0x80) return -(((b & ~0x80) * 0x100000000) + a) + return (b * 0x100000000) + a + } + + var result = 0 + + // 32-bit / 24-bit / 16-bit / 8-bit + for (var i = 0; i < length; ++i) { + result |= buffer[i] << (8 * i) + } + + if (buffer[length - 1] & 0x80) return -(result & ~(0x80 << (8 * (length - 1)))) + return result +} + +function scriptNumSize (i) { + return i > 0x7fffffff ? 5 + : i > 0x7fffff ? 4 + : i > 0x7fff ? 3 + : i > 0x7f ? 2 + : i > 0x00 ? 1 + : 0 +} + +function encode (number) { + var value = Math.abs(number) + var size = scriptNumSize(value) + var buffer = Buffer.allocUnsafe(size) + var negative = number < 0 + + for (var i = 0; i < size; ++i) { + buffer.writeUInt8(value & 0xff, i) + value >>= 8 + } + + if (buffer[size - 1] & 0x80) { + buffer.writeUInt8(negative ? 0x80 : 0x00, size - 1) + } else if (negative) { + buffer[size - 1] |= 0x80 + } + + return buffer +} + +module.exports = { + decode: decode, + encode: encode +} + +},{"safe-buffer":98}],54:[function(require,module,exports){ +var decompile = require('../script').decompile +var multisig = require('./multisig') +var nullData = require('./nulldata') +var pubKey = require('./pubkey') +var pubKeyHash = require('./pubkeyhash') +var scriptHash = require('./scripthash') +var witnessPubKeyHash = require('./witnesspubkeyhash') +var witnessScriptHash = require('./witnessscripthash') +var witnessCommitment = require('./witnesscommitment') + +var types = { + MULTISIG: 'multisig', + NONSTANDARD: 'nonstandard', + NULLDATA: 'nulldata', + P2PK: 'pubkey', + P2PKH: 'pubkeyhash', + P2SH: 'scripthash', + P2WPKH: 'witnesspubkeyhash', + P2WSH: 'witnessscripthash', + WITNESS_COMMITMENT: 'witnesscommitment' +} + +function classifyOutput (script) { + if (witnessPubKeyHash.output.check(script)) return types.P2WPKH + if (witnessScriptHash.output.check(script)) return types.P2WSH + if (pubKeyHash.output.check(script)) return types.P2PKH + if (scriptHash.output.check(script)) return types.P2SH + + // XXX: optimization, below functions .decompile before use + var chunks = decompile(script) + if (multisig.output.check(chunks)) return types.MULTISIG + if (pubKey.output.check(chunks)) return types.P2PK + if (witnessCommitment.output.check(chunks)) return types.WITNESS_COMMITMENT + if (nullData.output.check(chunks)) return types.NULLDATA + + return types.NONSTANDARD +} + +function classifyInput (script, allowIncomplete) { + // XXX: optimization, below functions .decompile before use + var chunks = decompile(script) + + if (pubKeyHash.input.check(chunks)) return types.P2PKH + if (scriptHash.input.check(chunks, allowIncomplete)) return types.P2SH + if (multisig.input.check(chunks, allowIncomplete)) return types.MULTISIG + if (pubKey.input.check(chunks)) return types.P2PK + + return types.NONSTANDARD +} + +function classifyWitness (script, allowIncomplete) { + // XXX: optimization, below functions .decompile before use + var chunks = decompile(script) + + if (witnessPubKeyHash.input.check(chunks)) return types.P2WPKH + if (witnessScriptHash.input.check(chunks, allowIncomplete)) return types.P2WSH + + return types.NONSTANDARD +} + +module.exports = { + classifyInput: classifyInput, + classifyOutput: classifyOutput, + classifyWitness: classifyWitness, + multisig: multisig, + nullData: nullData, + pubKey: pubKey, + pubKeyHash: pubKeyHash, + scriptHash: scriptHash, + witnessPubKeyHash: witnessPubKeyHash, + witnessScriptHash: witnessScriptHash, + witnessCommitment: witnessCommitment, + types: types +} + +},{"../script":52,"./multisig":55,"./nulldata":58,"./pubkey":59,"./pubkeyhash":62,"./scripthash":65,"./witnesscommitment":68,"./witnesspubkeyhash":70,"./witnessscripthash":73}],55:[function(require,module,exports){ +module.exports = { + input: require('./input'), + output: require('./output') +} + +},{"./input":56,"./output":57}],56:[function(require,module,exports){ +// OP_0 [signatures ...] + +var Buffer = require('safe-buffer').Buffer +var bscript = require('../../script') +var typeforce = require('typeforce') +var OPS = require('bitcoin-ops') + +function partialSignature (value) { + return value === OPS.OP_0 || bscript.isCanonicalSignature(value) +} + +function check (script, allowIncomplete) { + var chunks = bscript.decompile(script) + if (chunks.length < 2) return false + if (chunks[0] !== OPS.OP_0) return false + + if (allowIncomplete) { + return chunks.slice(1).every(partialSignature) + } + + return chunks.slice(1).every(bscript.isCanonicalSignature) +} +check.toJSON = function () { return 'multisig input' } + +var EMPTY_BUFFER = Buffer.allocUnsafe(0) + +function encodeStack (signatures, scriptPubKey) { + typeforce([partialSignature], signatures) + + if (scriptPubKey) { + var scriptData = bscript.multisig.output.decode(scriptPubKey) + + if (signatures.length < scriptData.m) { + throw new TypeError('Not enough signatures provided') + } + + if (signatures.length > scriptData.pubKeys.length) { + throw new TypeError('Too many signatures provided') + } + } + + return [].concat(EMPTY_BUFFER, signatures) +} + +function encode (signatures, scriptPubKey) { + return bscript.compile(encodeStack(signatures, scriptPubKey)) +} + +function decodeStack (stack, allowIncomplete) { + typeforce(check, stack, allowIncomplete) + return stack.slice(1) +} + +function decode (buffer, allowIncomplete) { + var stack = bscript.decompile(buffer) + return decodeStack(stack, allowIncomplete) +} + +module.exports = { + check: check, + decode: decode, + decodeStack: decodeStack, + encode: encode, + encodeStack: encodeStack +} + +},{"../../script":52,"bitcoin-ops":40,"safe-buffer":98,"typeforce":109}],57:[function(require,module,exports){ +// m [pubKeys ...] n OP_CHECKMULTISIG + +var bscript = require('../../script') +var types = require('../../types') +var typeforce = require('typeforce') +var OPS = require('bitcoin-ops') +var OP_INT_BASE = OPS.OP_RESERVED // OP_1 - 1 + +function check (script, allowIncomplete) { + var chunks = bscript.decompile(script) + + if (chunks.length < 4) return false + if (chunks[chunks.length - 1] !== OPS.OP_CHECKMULTISIG) return false + if (!types.Number(chunks[0])) return false + if (!types.Number(chunks[chunks.length - 2])) return false + var m = chunks[0] - OP_INT_BASE + var n = chunks[chunks.length - 2] - OP_INT_BASE + + if (m <= 0) return false + if (n > 16) return false + if (m > n) return false + if (n !== chunks.length - 3) return false + if (allowIncomplete) return true + + var keys = chunks.slice(1, -2) + return keys.every(bscript.isCanonicalPubKey) +} +check.toJSON = function () { return 'multi-sig output' } + +function encode (m, pubKeys) { + typeforce({ + m: types.Number, + pubKeys: [bscript.isCanonicalPubKey] + }, { + m: m, + pubKeys: pubKeys + }) + + var n = pubKeys.length + if (n < m) throw new TypeError('Not enough pubKeys provided') + + return bscript.compile([].concat( + OP_INT_BASE + m, + pubKeys, + OP_INT_BASE + n, + OPS.OP_CHECKMULTISIG + )) +} + +function decode (buffer, allowIncomplete) { + var chunks = bscript.decompile(buffer) + typeforce(check, chunks, allowIncomplete) + + return { + m: chunks[0] - OP_INT_BASE, + pubKeys: chunks.slice(1, -2) + } +} + +module.exports = { + check: check, + decode: decode, + encode: encode +} + +},{"../../script":52,"../../types":78,"bitcoin-ops":40,"typeforce":109}],58:[function(require,module,exports){ +// OP_RETURN {data} + +var bscript = require('../script') +var types = require('../types') +var typeforce = require('typeforce') +var OPS = require('bitcoin-ops') + +function check (script) { + var buffer = bscript.compile(script) + + return buffer.length > 1 && + buffer[0] === OPS.OP_RETURN +} +check.toJSON = function () { return 'null data output' } + +function encode (data) { + typeforce(types.Buffer, data) + + return bscript.compile([OPS.OP_RETURN, data]) +} + +function decode (buffer) { + typeforce(check, buffer) + + return buffer.slice(2) +} + +module.exports = { + output: { + check: check, + decode: decode, + encode: encode + } +} + +},{"../script":52,"../types":78,"bitcoin-ops":40,"typeforce":109}],59:[function(require,module,exports){ +arguments[4][55][0].apply(exports,arguments) +},{"./input":60,"./output":61,"dup":55}],60:[function(require,module,exports){ +// {signature} + +var bscript = require('../../script') +var types = require('../../types') +var typeforce = require('typeforce') + +function check (script) { + var chunks = bscript.decompile(script) + + return chunks.length === 1 && + bscript.isCanonicalSignature(chunks[0]) +} +check.toJSON = function () { return 'pubKey input' } + +function encodeStack (signature) { + typeforce(types.Buffer, signature) + return [signature] +} + +function encode (signature) { + return bscript.compile(encodeStack(signature)) +} + +function decodeStack (stack) { + typeforce(check, stack) + return stack[0] +} + +function decode (buffer) { + var stack = bscript.decompile(buffer) + return decodeStack(stack) +} + +module.exports = { + check: check, + decode: decode, + decodeStack: decodeStack, + encode: encode, + encodeStack: encodeStack +} + +},{"../../script":52,"../../types":78,"typeforce":109}],61:[function(require,module,exports){ +// {pubKey} OP_CHECKSIG + +var bscript = require('../../script') +var typeforce = require('typeforce') +var OPS = require('bitcoin-ops') + +function check (script) { + var chunks = bscript.decompile(script) + + return chunks.length === 2 && + bscript.isCanonicalPubKey(chunks[0]) && + chunks[1] === OPS.OP_CHECKSIG +} +check.toJSON = function () { return 'pubKey output' } + +function encode (pubKey) { + typeforce(bscript.isCanonicalPubKey, pubKey) + + return bscript.compile([pubKey, OPS.OP_CHECKSIG]) +} + +function decode (buffer) { + var chunks = bscript.decompile(buffer) + typeforce(check, chunks) + + return chunks[0] +} + +module.exports = { + check: check, + decode: decode, + encode: encode +} + +},{"../../script":52,"bitcoin-ops":40,"typeforce":109}],62:[function(require,module,exports){ +arguments[4][55][0].apply(exports,arguments) +},{"./input":63,"./output":64,"dup":55}],63:[function(require,module,exports){ +// {signature} {pubKey} + +var bscript = require('../../script') +var types = require('../../types') +var typeforce = require('typeforce') + +function check (script) { + var chunks = bscript.decompile(script) + + return chunks.length === 2 && + bscript.isCanonicalSignature(chunks[0]) && + bscript.isCanonicalPubKey(chunks[1]) +} +check.toJSON = function () { return 'pubKeyHash input' } + +function encodeStack (signature, pubKey) { + typeforce({ + signature: types.Buffer, pubKey: types.Buffer + }, { + signature: signature, pubKey: pubKey + }) + + return [signature, pubKey] +} + +function encode (signature, pubKey) { + return bscript.compile(encodeStack(signature, pubKey)) +} + +function decodeStack (stack) { + typeforce(check, stack) + + return { + signature: stack[0], + pubKey: stack[1] + } +} + +function decode (buffer) { + var stack = bscript.decompile(buffer) + return decodeStack(stack) +} + +module.exports = { + check: check, + decode: decode, + decodeStack: decodeStack, + encode: encode, + encodeStack: encodeStack +} + +},{"../../script":52,"../../types":78,"typeforce":109}],64:[function(require,module,exports){ +// OP_DUP OP_HASH160 {pubKeyHash} OP_EQUALVERIFY OP_CHECKSIG + +var bscript = require('../../script') +var types = require('../../types') +var typeforce = require('typeforce') +var OPS = require('bitcoin-ops') + +function check (script) { + var buffer = bscript.compile(script) + + return buffer.length === 25 && + buffer[0] === OPS.OP_DUP && + buffer[1] === OPS.OP_HASH160 && + buffer[2] === 0x14 && + buffer[23] === OPS.OP_EQUALVERIFY && + buffer[24] === OPS.OP_CHECKSIG +} +check.toJSON = function () { return 'pubKeyHash output' } + +function encode (pubKeyHash) { + typeforce(types.Hash160bit, pubKeyHash) + + return bscript.compile([ + OPS.OP_DUP, + OPS.OP_HASH160, + pubKeyHash, + OPS.OP_EQUALVERIFY, + OPS.OP_CHECKSIG + ]) +} + +function decode (buffer) { + typeforce(check, buffer) + + return buffer.slice(3, 23) +} + +module.exports = { + check: check, + decode: decode, + encode: encode +} + +},{"../../script":52,"../../types":78,"bitcoin-ops":40,"typeforce":109}],65:[function(require,module,exports){ +arguments[4][55][0].apply(exports,arguments) +},{"./input":66,"./output":67,"dup":55}],66:[function(require,module,exports){ +// {serialized scriptPubKey script} + +var Buffer = require('safe-buffer').Buffer +var bscript = require('../../script') +var typeforce = require('typeforce') + +function check (script, allowIncomplete) { + var chunks = bscript.decompile(script) + if (chunks.length < 1) return false + + var lastChunk = chunks[chunks.length - 1] + if (!Buffer.isBuffer(lastChunk)) return false + + var scriptSigChunks = bscript.decompile(bscript.compile(chunks.slice(0, -1))) + var redeemScriptChunks = bscript.decompile(lastChunk) + + // is redeemScript a valid script? + if (redeemScriptChunks.length === 0) return false + + // is redeemScriptSig push only? + if (!bscript.isPushOnly(scriptSigChunks)) return false + + var inputType = bscript.classifyInput(scriptSigChunks, allowIncomplete) + var outputType = bscript.classifyOutput(redeemScriptChunks) + if (chunks.length === 1) { + return outputType === bscript.types.P2WSH || outputType === bscript.types.P2WPKH + } + return inputType === outputType +} +check.toJSON = function () { return 'scriptHash input' } + +function encodeStack (redeemScriptStack, redeemScript) { + var serializedScriptPubKey = bscript.compile(redeemScript) + + return [].concat(redeemScriptStack, serializedScriptPubKey) +} + +function encode (redeemScriptSig, redeemScript) { + var redeemScriptStack = bscript.decompile(redeemScriptSig) + + return bscript.compile(encodeStack(redeemScriptStack, redeemScript)) +} + +function decodeStack (stack) { + typeforce(check, stack) + + return { + redeemScriptStack: stack.slice(0, -1), + redeemScript: stack[stack.length - 1] + } +} + +function decode (buffer) { + var stack = bscript.decompile(buffer) + var result = decodeStack(stack) + result.redeemScriptSig = bscript.compile(result.redeemScriptStack) + delete result.redeemScriptStack + return result +} + +module.exports = { + check: check, + decode: decode, + decodeStack: decodeStack, + encode: encode, + encodeStack: encodeStack +} + +},{"../../script":52,"safe-buffer":98,"typeforce":109}],67:[function(require,module,exports){ +// OP_HASH160 {scriptHash} OP_EQUAL + +var bscript = require('../../script') +var types = require('../../types') +var typeforce = require('typeforce') +var OPS = require('bitcoin-ops') + +function check (script) { + var buffer = bscript.compile(script) + + return buffer.length === 23 && + buffer[0] === OPS.OP_HASH160 && + buffer[1] === 0x14 && + buffer[22] === OPS.OP_EQUAL +} +check.toJSON = function () { return 'scriptHash output' } + +function encode (scriptHash) { + typeforce(types.Hash160bit, scriptHash) + + return bscript.compile([OPS.OP_HASH160, scriptHash, OPS.OP_EQUAL]) +} + +function decode (buffer) { + typeforce(check, buffer) + + return buffer.slice(2, 22) +} + +module.exports = { + check: check, + decode: decode, + encode: encode +} + +},{"../../script":52,"../../types":78,"bitcoin-ops":40,"typeforce":109}],68:[function(require,module,exports){ +module.exports = { + output: require('./output') +} + +},{"./output":69}],69:[function(require,module,exports){ +// OP_RETURN {aa21a9ed} {commitment} + +var Buffer = require('safe-buffer').Buffer +var bscript = require('../../script') +var types = require('../../types') +var typeforce = require('typeforce') +var OPS = require('bitcoin-ops') + +var HEADER = Buffer.from('aa21a9ed', 'hex') + +function check (script) { + var buffer = bscript.compile(script) + + return buffer.length > 37 && + buffer[0] === OPS.OP_RETURN && + buffer[1] === 0x24 && + buffer.slice(2, 6).equals(HEADER) +} + +check.toJSON = function () { return 'Witness commitment output' } + +function encode (commitment) { + typeforce(types.Hash256bit, commitment) + + var buffer = Buffer.allocUnsafe(36) + HEADER.copy(buffer, 0) + commitment.copy(buffer, 4) + + return bscript.compile([OPS.OP_RETURN, buffer]) +} + +function decode (buffer) { + typeforce(check, buffer) + + return bscript.decompile(buffer)[1].slice(4, 36) +} + +module.exports = { + check: check, + decode: decode, + encode: encode +} + +},{"../../script":52,"../../types":78,"bitcoin-ops":40,"safe-buffer":98,"typeforce":109}],70:[function(require,module,exports){ +arguments[4][55][0].apply(exports,arguments) +},{"./input":71,"./output":72,"dup":55}],71:[function(require,module,exports){ +// {signature} {pubKey} + +var pkh = require('../pubkeyhash/input') + +module.exports = { + check: pkh.check, + decodeStack: pkh.decodeStack, + encodeStack: pkh.encodeStack +} + +},{"../pubkeyhash/input":63}],72:[function(require,module,exports){ +// OP_0 {pubKeyHash} + +var bscript = require('../../script') +var types = require('../../types') +var typeforce = require('typeforce') +var OPS = require('bitcoin-ops') + +function check (script) { + var buffer = bscript.compile(script) + + return buffer.length === 22 && + buffer[0] === OPS.OP_0 && + buffer[1] === 0x14 +} +check.toJSON = function () { return 'Witness pubKeyHash output' } + +function encode (pubKeyHash) { + typeforce(types.Hash160bit, pubKeyHash) + + return bscript.compile([OPS.OP_0, pubKeyHash]) +} + +function decode (buffer) { + typeforce(check, buffer) + + return buffer.slice(2) +} + +module.exports = { + check: check, + decode: decode, + encode: encode +} + +},{"../../script":52,"../../types":78,"bitcoin-ops":40,"typeforce":109}],73:[function(require,module,exports){ +arguments[4][55][0].apply(exports,arguments) +},{"./input":74,"./output":75,"dup":55}],74:[function(require,module,exports){ +// {signature} {pubKey} + +var p2sh = require('../scripthash/input') + +module.exports = { + check: p2sh.check, + decodeStack: p2sh.decodeStack, + encodeStack: p2sh.encodeStack +} + +},{"../scripthash/input":66}],75:[function(require,module,exports){ +// OP_0 {scriptHash} + +var bscript = require('../../script') +var types = require('../../types') +var typeforce = require('typeforce') +var OPS = require('bitcoin-ops') + +function check (script) { + var buffer = bscript.compile(script) + + return buffer.length === 34 && + buffer[0] === OPS.OP_0 && + buffer[1] === 0x20 +} +check.toJSON = function () { return 'Witness scriptHash output' } + +function encode (scriptHash) { + typeforce(types.Hash256bit, scriptHash) + + return bscript.compile([OPS.OP_0, scriptHash]) +} + +function decode (buffer) { + typeforce(check, buffer) + + return buffer.slice(2) +} + +module.exports = { + check: check, + decode: decode, + encode: encode +} + +},{"../../script":52,"../../types":78,"bitcoin-ops":40,"typeforce":109}],76:[function(require,module,exports){ +var Buffer = require('safe-buffer').Buffer +var bcrypto = require('./crypto') +var bscript = require('./script') +var bufferutils = require('./bufferutils') +var opcodes = require('bitcoin-ops') +var typeforce = require('typeforce') +var types = require('./types') +var varuint = require('varuint-bitcoin') + +function varSliceSize (someScript) { + var length = someScript.length + + return varuint.encodingLength(length) + length +} + +function vectorSize (someVector) { + var length = someVector.length + + return varuint.encodingLength(length) + someVector.reduce(function (sum, witness) { + return sum + varSliceSize(witness) + }, 0) +} + +function Transaction () { + this.version = 1 + this.locktime = 0 + this.ins = [] + this.outs = [] +} + +Transaction.DEFAULT_SEQUENCE = 0xffffffff +Transaction.SIGHASH_ALL = 0x01 +Transaction.SIGHASH_NONE = 0x02 +Transaction.SIGHASH_SINGLE = 0x03 +Transaction.SIGHASH_ANYONECANPAY = 0x80 +Transaction.ADVANCED_TRANSACTION_MARKER = 0x00 +Transaction.ADVANCED_TRANSACTION_FLAG = 0x01 + +var EMPTY_SCRIPT = Buffer.allocUnsafe(0) +var EMPTY_WITNESS = [] +var ZERO = Buffer.from('0000000000000000000000000000000000000000000000000000000000000000', 'hex') +var ONE = Buffer.from('0000000000000000000000000000000000000000000000000000000000000001', 'hex') +var VALUE_UINT64_MAX = Buffer.from('ffffffffffffffff', 'hex') +var BLANK_OUTPUT = { + script: EMPTY_SCRIPT, + valueBuffer: VALUE_UINT64_MAX +} + +Transaction.fromBuffer = function (buffer, __noStrict) { + var offset = 0 + function readSlice (n) { + offset += n + return buffer.slice(offset - n, offset) + } + + function readUInt32 () { + var i = buffer.readUInt32LE(offset) + offset += 4 + return i + } + + function readInt32 () { + var i = buffer.readInt32LE(offset) + offset += 4 + return i + } + + function readUInt64 () { + var i = bufferutils.readUInt64LE(buffer, offset) + offset += 8 + return i + } + + function readVarInt () { + var vi = varuint.decode(buffer, offset) + offset += varuint.decode.bytes + return vi + } + + function readVarSlice () { + return readSlice(readVarInt()) + } + + function readVector () { + var count = readVarInt() + var vector = [] + for (var i = 0; i < count; i++) vector.push(readVarSlice()) + return vector + } + + var tx = new Transaction() + tx.version = readInt32() + + var marker = buffer.readUInt8(offset) + var flag = buffer.readUInt8(offset + 1) + + var hasWitnesses = false + if (marker === Transaction.ADVANCED_TRANSACTION_MARKER && + flag === Transaction.ADVANCED_TRANSACTION_FLAG) { + offset += 2 + hasWitnesses = true + } + + var vinLen = readVarInt() + for (var i = 0; i < vinLen; ++i) { + tx.ins.push({ + hash: readSlice(32), + index: readUInt32(), + script: readVarSlice(), + sequence: readUInt32(), + witness: EMPTY_WITNESS + }) + } + + var voutLen = readVarInt() + for (i = 0; i < voutLen; ++i) { + tx.outs.push({ + value: readUInt64(), + script: readVarSlice() + }) + } + + if (hasWitnesses) { + for (i = 0; i < vinLen; ++i) { + tx.ins[i].witness = readVector() + } + + // was this pointless? + if (!tx.hasWitnesses()) throw new Error('Transaction has superfluous witness data') + } + + tx.locktime = readUInt32() + + if (__noStrict) return tx + if (offset !== buffer.length) throw new Error('Transaction has unexpected data') + + return tx +} + +Transaction.fromHex = function (hex) { + return Transaction.fromBuffer(Buffer.from(hex, 'hex')) +} + +Transaction.isCoinbaseHash = function (buffer) { + typeforce(types.Hash256bit, buffer) + for (var i = 0; i < 32; ++i) { + if (buffer[i] !== 0) return false + } + return true +} + +Transaction.prototype.isCoinbase = function () { + return this.ins.length === 1 && Transaction.isCoinbaseHash(this.ins[0].hash) +} + +Transaction.prototype.addInput = function (hash, index, sequence, scriptSig) { + typeforce(types.tuple( + types.Hash256bit, + types.UInt32, + types.maybe(types.UInt32), + types.maybe(types.Buffer) + ), arguments) + + if (types.Null(sequence)) { + sequence = Transaction.DEFAULT_SEQUENCE + } + + // Add the input and return the input's index + return (this.ins.push({ + hash: hash, + index: index, + script: scriptSig || EMPTY_SCRIPT, + sequence: sequence, + witness: EMPTY_WITNESS + }) - 1) +} + +Transaction.prototype.addOutput = function (scriptPubKey, value) { + typeforce(types.tuple(types.Buffer, types.Satoshi), arguments) + + // Add the output and return the output's index + return (this.outs.push({ + script: scriptPubKey, + value: value + }) - 1) +} + +Transaction.prototype.hasWitnesses = function () { + return this.ins.some(function (x) { + return x.witness.length !== 0 + }) +} + +Transaction.prototype.weight = function () { + var base = this.__byteLength(false) + var total = this.__byteLength(true) + return base * 3 + total +} + +Transaction.prototype.virtualSize = function () { + return Math.ceil(this.weight() / 4) +} + +Transaction.prototype.byteLength = function () { + return this.__byteLength(true) +} + +Transaction.prototype.__byteLength = function (__allowWitness) { + var hasWitnesses = __allowWitness && this.hasWitnesses() + + return ( + (hasWitnesses ? 10 : 8) + + varuint.encodingLength(this.ins.length) + + varuint.encodingLength(this.outs.length) + + this.ins.reduce(function (sum, input) { return sum + 40 + varSliceSize(input.script) }, 0) + + this.outs.reduce(function (sum, output) { return sum + 8 + varSliceSize(output.script) }, 0) + + (hasWitnesses ? this.ins.reduce(function (sum, input) { return sum + vectorSize(input.witness) }, 0) : 0) + ) +} + +Transaction.prototype.clone = function () { + var newTx = new Transaction() + newTx.version = this.version + newTx.locktime = this.locktime + + newTx.ins = this.ins.map(function (txIn) { + return { + hash: txIn.hash, + index: txIn.index, + script: txIn.script, + sequence: txIn.sequence, + witness: txIn.witness + } + }) + + newTx.outs = this.outs.map(function (txOut) { + return { + script: txOut.script, + value: txOut.value + } + }) + + return newTx +} + +/** + * Hash transaction for signing a specific input. + * + * Bitcoin uses a different hash for each signed transaction input. + * This method copies the transaction, makes the necessary changes based on the + * hashType, and then hashes the result. + * This hash can then be used to sign the provided transaction input. + */ +Transaction.prototype.hashForSignature = function (inIndex, prevOutScript, hashType) { + typeforce(types.tuple(types.UInt32, types.Buffer, /* types.UInt8 */ types.Number), arguments) + + // https://github.com/bitcoin/bitcoin/blob/master/src/test/sighash_tests.cpp#L29 + if (inIndex >= this.ins.length) return ONE + + // ignore OP_CODESEPARATOR + var ourScript = bscript.compile(bscript.decompile(prevOutScript).filter(function (x) { + return x !== opcodes.OP_CODESEPARATOR + })) + + var txTmp = this.clone() + + // SIGHASH_NONE: ignore all outputs? (wildcard payee) + if ((hashType & 0x1f) === Transaction.SIGHASH_NONE) { + txTmp.outs = [] + + // ignore sequence numbers (except at inIndex) + txTmp.ins.forEach(function (input, i) { + if (i === inIndex) return + + input.sequence = 0 + }) + + // SIGHASH_SINGLE: ignore all outputs, except at the same index? + } else if ((hashType & 0x1f) === Transaction.SIGHASH_SINGLE) { + // https://github.com/bitcoin/bitcoin/blob/master/src/test/sighash_tests.cpp#L60 + if (inIndex >= this.outs.length) return ONE + + // truncate outputs after + txTmp.outs.length = inIndex + 1 + + // "blank" outputs before + for (var i = 0; i < inIndex; i++) { + txTmp.outs[i] = BLANK_OUTPUT + } + + // ignore sequence numbers (except at inIndex) + txTmp.ins.forEach(function (input, y) { + if (y === inIndex) return + + input.sequence = 0 + }) + } + + // SIGHASH_ANYONECANPAY: ignore inputs entirely? + if (hashType & Transaction.SIGHASH_ANYONECANPAY) { + txTmp.ins = [txTmp.ins[inIndex]] + txTmp.ins[0].script = ourScript + + // SIGHASH_ALL: only ignore input scripts + } else { + // "blank" others input scripts + txTmp.ins.forEach(function (input) { input.script = EMPTY_SCRIPT }) + txTmp.ins[inIndex].script = ourScript + } + + // serialize and hash + var buffer = Buffer.allocUnsafe(txTmp.__byteLength(false) + 4) + buffer.writeInt32LE(hashType, buffer.length - 4) + txTmp.__toBuffer(buffer, 0, false) + + return bcrypto.hash256(buffer) +} + +Transaction.prototype.hashForWitnessV0 = function (inIndex, prevOutScript, value, hashType) { + typeforce(types.tuple(types.UInt32, types.Buffer, types.Satoshi, types.UInt32), arguments) + + var tbuffer, toffset + function writeSlice (slice) { toffset += slice.copy(tbuffer, toffset) } + function writeUInt32 (i) { toffset = tbuffer.writeUInt32LE(i, toffset) } + function writeUInt64 (i) { toffset = bufferutils.writeUInt64LE(tbuffer, i, toffset) } + function writeVarInt (i) { + varuint.encode(i, tbuffer, toffset) + toffset += varuint.encode.bytes + } + function writeVarSlice (slice) { writeVarInt(slice.length); writeSlice(slice) } + + var hashOutputs = ZERO + var hashPrevouts = ZERO + var hashSequence = ZERO + + if (!(hashType & Transaction.SIGHASH_ANYONECANPAY)) { + tbuffer = Buffer.allocUnsafe(36 * this.ins.length) + toffset = 0 + + this.ins.forEach(function (txIn) { + writeSlice(txIn.hash) + writeUInt32(txIn.index) + }) + + hashPrevouts = bcrypto.hash256(tbuffer) + } + + if (!(hashType & Transaction.SIGHASH_ANYONECANPAY) && + (hashType & 0x1f) !== Transaction.SIGHASH_SINGLE && + (hashType & 0x1f) !== Transaction.SIGHASH_NONE) { + tbuffer = Buffer.allocUnsafe(4 * this.ins.length) + toffset = 0 + + this.ins.forEach(function (txIn) { + writeUInt32(txIn.sequence) + }) + + hashSequence = bcrypto.hash256(tbuffer) + } + + if ((hashType & 0x1f) !== Transaction.SIGHASH_SINGLE && + (hashType & 0x1f) !== Transaction.SIGHASH_NONE) { + var txOutsSize = this.outs.reduce(function (sum, output) { + return sum + 8 + varSliceSize(output.script) + }, 0) + + tbuffer = Buffer.allocUnsafe(txOutsSize) + toffset = 0 + + this.outs.forEach(function (out) { + writeUInt64(out.value) + writeVarSlice(out.script) + }) + + hashOutputs = bcrypto.hash256(tbuffer) + } else if ((hashType & 0x1f) === Transaction.SIGHASH_SINGLE && inIndex < this.outs.length) { + var output = this.outs[inIndex] + + tbuffer = Buffer.allocUnsafe(8 + varSliceSize(output.script)) + toffset = 0 + writeUInt64(output.value) + writeVarSlice(output.script) + + hashOutputs = bcrypto.hash256(tbuffer) + } + + tbuffer = Buffer.allocUnsafe(156 + varSliceSize(prevOutScript)) + toffset = 0 + + var input = this.ins[inIndex] + writeUInt32(this.version) + writeSlice(hashPrevouts) + writeSlice(hashSequence) + writeSlice(input.hash) + writeUInt32(input.index) + writeVarSlice(prevOutScript) + writeUInt64(value) + writeUInt32(input.sequence) + writeSlice(hashOutputs) + writeUInt32(this.locktime) + writeUInt32(hashType) + return bcrypto.hash256(tbuffer) +} + +Transaction.prototype.getHash = function () { + return bcrypto.hash256(this.__toBuffer(undefined, undefined, false)) +} + +Transaction.prototype.getId = function () { + // transaction hash's are displayed in reverse order + return this.getHash().reverse().toString('hex') +} + +Transaction.prototype.toBuffer = function (buffer, initialOffset) { + return this.__toBuffer(buffer, initialOffset, true) +} + +Transaction.prototype.__toBuffer = function (buffer, initialOffset, __allowWitness) { + if (!buffer) buffer = Buffer.allocUnsafe(this.__byteLength(__allowWitness)) + + var offset = initialOffset || 0 + function writeSlice (slice) { offset += slice.copy(buffer, offset) } + function writeUInt8 (i) { offset = buffer.writeUInt8(i, offset) } + function writeUInt32 (i) { offset = buffer.writeUInt32LE(i, offset) } + function writeInt32 (i) { offset = buffer.writeInt32LE(i, offset) } + function writeUInt64 (i) { offset = bufferutils.writeUInt64LE(buffer, i, offset) } + function writeVarInt (i) { + varuint.encode(i, buffer, offset) + offset += varuint.encode.bytes + } + function writeVarSlice (slice) { writeVarInt(slice.length); writeSlice(slice) } + function writeVector (vector) { writeVarInt(vector.length); vector.forEach(writeVarSlice) } + + writeInt32(this.version) + + var hasWitnesses = __allowWitness && this.hasWitnesses() + + if (hasWitnesses) { + writeUInt8(Transaction.ADVANCED_TRANSACTION_MARKER) + writeUInt8(Transaction.ADVANCED_TRANSACTION_FLAG) + } + + writeVarInt(this.ins.length) + + this.ins.forEach(function (txIn) { + writeSlice(txIn.hash) + writeUInt32(txIn.index) + writeVarSlice(txIn.script) + writeUInt32(txIn.sequence) + }) + + writeVarInt(this.outs.length) + this.outs.forEach(function (txOut) { + if (!txOut.valueBuffer) { + writeUInt64(txOut.value) + } else { + writeSlice(txOut.valueBuffer) + } + + writeVarSlice(txOut.script) + }) + + if (hasWitnesses) { + this.ins.forEach(function (input) { + writeVector(input.witness) + }) + } + + writeUInt32(this.locktime) + + // avoid slicing unless necessary + if (initialOffset !== undefined) return buffer.slice(initialOffset, offset) + return buffer +} + +Transaction.prototype.toHex = function () { + return this.toBuffer().toString('hex') +} + +Transaction.prototype.setInputScript = function (index, scriptSig) { + typeforce(types.tuple(types.Number, types.Buffer), arguments) + + this.ins[index].script = scriptSig +} + +Transaction.prototype.setWitness = function (index, witness) { + typeforce(types.tuple(types.Number, [types.Buffer]), arguments) + + this.ins[index].witness = witness +} + +module.exports = Transaction + +},{"./bufferutils":44,"./crypto":45,"./script":52,"./types":78,"bitcoin-ops":40,"safe-buffer":98,"typeforce":109,"varuint-bitcoin":111}],77:[function(require,module,exports){ +var Buffer = require('safe-buffer').Buffer +var baddress = require('./address') +var bcrypto = require('./crypto') +var bscript = require('./script') +var networks = require('./networks') +var ops = require('bitcoin-ops') +var typeforce = require('typeforce') +var types = require('./types') +var scriptTypes = bscript.types +var SIGNABLE = [bscript.types.P2PKH, bscript.types.P2PK, bscript.types.MULTISIG] +var P2SH = SIGNABLE.concat([bscript.types.P2WPKH, bscript.types.P2WSH]) + +var ECPair = require('./ecpair') +var ECSignature = require('./ecsignature') +var Transaction = require('./transaction') + +function extractChunks (type, chunks, script) { + var pubKeys = [] + var signatures = [] + switch (type) { + case scriptTypes.P2PKH: + // if (redeemScript) throw new Error('Nonstandard... P2SH(P2PKH)') + pubKeys = chunks.slice(1) + signatures = chunks.slice(0, 1) + break + + case scriptTypes.P2PK: + pubKeys[0] = script ? bscript.pubKey.output.decode(script) : undefined + signatures = chunks.slice(0, 1) + break + + case scriptTypes.MULTISIG: + if (script) { + var multisig = bscript.multisig.output.decode(script) + pubKeys = multisig.pubKeys + } + + signatures = chunks.slice(1).map(function (chunk) { + return chunk.length === 0 ? undefined : chunk + }) + break + } + + return { + pubKeys: pubKeys, + signatures: signatures + } +} +function expandInput (scriptSig, witnessStack) { + if (scriptSig.length === 0 && witnessStack.length === 0) return {} + + var prevOutScript + var prevOutType + var scriptType + var script + var redeemScript + var witnessScript + var witnessScriptType + var redeemScriptType + var witness = false + var p2wsh = false + var p2sh = false + var witnessProgram + var chunks + + var scriptSigChunks = bscript.decompile(scriptSig) + var sigType = bscript.classifyInput(scriptSigChunks, true) + if (sigType === scriptTypes.P2SH) { + p2sh = true + redeemScript = scriptSigChunks[scriptSigChunks.length - 1] + redeemScriptType = bscript.classifyOutput(redeemScript) + prevOutScript = bscript.scriptHash.output.encode(bcrypto.hash160(redeemScript)) + prevOutType = scriptTypes.P2SH + script = redeemScript + } + + var classifyWitness = bscript.classifyWitness(witnessStack) + if (classifyWitness === scriptTypes.P2WSH) { + witnessScript = witnessStack[witnessStack.length - 1] + witnessScriptType = bscript.classifyOutput(witnessScript) + p2wsh = true + if (scriptSig.length === 0) { + prevOutScript = bscript.witnessScriptHash.output.encode(bcrypto.sha256(witnessScript)) + prevOutType = scriptTypes.P2WSH + if (typeof redeemScript !== 'undefined') { + throw new Error('Redeem script given when unnecessary') + } + // bare witness + } else { + if (!redeemScript) { + throw new Error('No redeemScript provided for P2WSH, but scriptSig non-empty') + } + witnessProgram = bscript.witnessScriptHash.output.encode(bcrypto.sha256(witnessScript)) + if (!redeemScript.equals(witnessProgram)) { + throw new Error('Redeem script didn\'t match witnessScript') + } + } + + if (SIGNABLE.indexOf(bscript.classifyOutput(witnessScript)) === -1) { + throw new Error('unsupported witness script') + } + script = witnessScript + scriptType = witnessScriptType + chunks = witnessStack.slice(0, -1) + } else if (classifyWitness === scriptTypes.P2WPKH) { + var key = witnessStack[witnessStack.length - 1] + var keyHash = bcrypto.hash160(key) + if (scriptSig.length === 0) { + prevOutScript = bscript.witnessPubKeyHash.output.encode(keyHash) + prevOutType = scriptTypes.P2WPKH + if (typeof redeemScript !== 'undefined') { + throw new Error('Redeem script given when unnecessary') + } + } else { + if (!redeemScript) { + throw new Error('No redeemScript provided for P2WPKH, but scriptSig wasn\'t empty') + } + witnessProgram = bscript.witnessPubKeyHash.output.encode(keyHash) + if (!redeemScript.equals(witnessProgram)) { + throw new Error('Redeem script did not have the right witness program') + } + } + + scriptType = scriptTypes.P2PKH + chunks = witnessStack + } else if (redeemScript) { + if (P2SH.indexOf(redeemScriptType) === -1) { + throw new Error('Bad redeemscript!') + } + + script = redeemScript + scriptType = redeemScriptType + chunks = scriptSigChunks.slice(0, -1) + } else { + prevOutType = scriptType = bscript.classifyInput(scriptSig) + chunks = scriptSigChunks + } + + var expanded = extractChunks(scriptType, chunks, script) + + var result = { + pubKeys: expanded.pubKeys, + signatures: expanded.signatures, + prevOutScript: prevOutScript, + prevOutType: prevOutType, + signType: scriptType, + signScript: script, + witness: Boolean(witness) + } + + if (p2sh) { + result.redeemScript = redeemScript + result.redeemScriptType = redeemScriptType + } + + if (p2wsh) { + result.witnessScript = witnessScript + result.witnessScriptType = witnessScriptType + } + + return result +} + +// could be done in expandInput, but requires the original Transaction for hashForSignature +function fixMultisigOrder (input, transaction, vin) { + if (input.redeemScriptType !== scriptTypes.MULTISIG || !input.redeemScript) return + if (input.pubKeys.length === input.signatures.length) return + + var unmatched = input.signatures.concat() + + input.signatures = input.pubKeys.map(function (pubKey) { + var keyPair = ECPair.fromPublicKeyBuffer(pubKey) + var match + + // check for a signature + unmatched.some(function (signature, i) { + // skip if undefined || OP_0 + if (!signature) return false + + // TODO: avoid O(n) hashForSignature + var parsed = ECSignature.parseScriptSignature(signature) + var hash = transaction.hashForSignature(vin, input.redeemScript, parsed.hashType) + + // skip if signature does not match pubKey + if (!keyPair.verify(hash, parsed.signature)) return false + + // remove matched signature from unmatched + unmatched[i] = undefined + match = signature + + return true + }) + + return match + }) +} + +function expandOutput (script, scriptType, ourPubKey) { + typeforce(types.Buffer, script) + + var scriptChunks = bscript.decompile(script) + if (!scriptType) { + scriptType = bscript.classifyOutput(script) + } + + var pubKeys = [] + + switch (scriptType) { + // does our hash160(pubKey) match the output scripts? + case scriptTypes.P2PKH: + if (!ourPubKey) break + + var pkh1 = scriptChunks[2] + var pkh2 = bcrypto.hash160(ourPubKey) + if (pkh1.equals(pkh2)) pubKeys = [ourPubKey] + break + + // does our hash160(pubKey) match the output scripts? + case scriptTypes.P2WPKH: + if (!ourPubKey) break + + var wpkh1 = scriptChunks[1] + var wpkh2 = bcrypto.hash160(ourPubKey) + if (wpkh1.equals(wpkh2)) pubKeys = [ourPubKey] + break + + case scriptTypes.P2PK: + pubKeys = scriptChunks.slice(0, 1) + break + + case scriptTypes.MULTISIG: + pubKeys = scriptChunks.slice(1, -2) + break + + default: return { scriptType: scriptType } + } + + return { + pubKeys: pubKeys, + scriptType: scriptType, + signatures: pubKeys.map(function () { return undefined }) + } +} + +function checkP2shInput (input, redeemScriptHash) { + if (input.prevOutType) { + if (input.prevOutType !== scriptTypes.P2SH) throw new Error('PrevOutScript must be P2SH') + + var prevOutScriptScriptHash = bscript.decompile(input.prevOutScript)[1] + if (!prevOutScriptScriptHash.equals(redeemScriptHash)) throw new Error('Inconsistent hash160(RedeemScript)') + } +} + +function checkP2WSHInput (input, witnessScriptHash) { + if (input.prevOutType) { + if (input.prevOutType !== scriptTypes.P2WSH) throw new Error('PrevOutScript must be P2WSH') + + var scriptHash = bscript.decompile(input.prevOutScript)[1] + if (!scriptHash.equals(witnessScriptHash)) throw new Error('Inconsistent sha25(WitnessScript)') + } +} + +function prepareInput (input, kpPubKey, redeemScript, witnessValue, witnessScript) { + var expanded + var prevOutType + var prevOutScript + + var p2sh = false + var p2shType + var redeemScriptHash + + var witness = false + var p2wsh = false + var witnessType + var witnessScriptHash + + var signType + var signScript + + if (redeemScript && witnessScript) { + redeemScriptHash = bcrypto.hash160(redeemScript) + witnessScriptHash = bcrypto.sha256(witnessScript) + checkP2shInput(input, redeemScriptHash) + + if (!redeemScript.equals(bscript.witnessScriptHash.output.encode(witnessScriptHash))) throw new Error('Witness script inconsistent with redeem script') + + expanded = expandOutput(witnessScript, undefined, kpPubKey) + if (!expanded.pubKeys) throw new Error('WitnessScript not supported "' + bscript.toASM(redeemScript) + '"') + prevOutType = bscript.types.P2SH + prevOutScript = bscript.scriptHash.output.encode(redeemScriptHash) + p2sh = witness = p2wsh = true + p2shType = bscript.types.P2WSH + signType = witnessType = expanded.scriptType + signScript = witnessScript + } else if (redeemScript) { + redeemScriptHash = bcrypto.hash160(redeemScript) + checkP2shInput(input, redeemScriptHash) + + expanded = expandOutput(redeemScript, undefined, kpPubKey) + if (!expanded.pubKeys) throw new Error('RedeemScript not supported "' + bscript.toASM(redeemScript) + '"') + + prevOutType = bscript.types.P2SH + prevOutScript = bscript.scriptHash.output.encode(redeemScriptHash) + p2sh = true + signType = p2shType = expanded.scriptType + signScript = redeemScript + witness = signType === bscript.types.P2WPKH + } else if (witnessScript) { + witnessScriptHash = bcrypto.sha256(witnessScript) + checkP2WSHInput(input, witnessScriptHash) + + expanded = expandOutput(witnessScript, undefined, kpPubKey) + if (!expanded.pubKeys) throw new Error('WitnessScript not supported "' + bscript.toASM(redeemScript) + '"') + + prevOutType = bscript.types.P2WSH + prevOutScript = bscript.witnessScriptHash.output.encode(witnessScriptHash) + witness = p2wsh = true + signType = witnessType = expanded.scriptType + signScript = witnessScript + } else if (input.prevOutType) { + // embedded scripts are not possible without a redeemScript + if (input.prevOutType === scriptTypes.P2SH || + input.prevOutType === scriptTypes.P2WSH) { + throw new Error('PrevOutScript is ' + input.prevOutType + ', requires redeemScript') + } + + prevOutType = input.prevOutType + prevOutScript = input.prevOutScript + expanded = expandOutput(input.prevOutScript, input.prevOutType, kpPubKey) + if (!expanded.pubKeys) return + + witness = (input.prevOutType === scriptTypes.P2WPKH) + signType = prevOutType + signScript = prevOutScript + } else { + prevOutScript = bscript.pubKeyHash.output.encode(bcrypto.hash160(kpPubKey)) + expanded = expandOutput(prevOutScript, scriptTypes.P2PKH, kpPubKey) + prevOutType = scriptTypes.P2PKH + witness = false + signType = prevOutType + signScript = prevOutScript + } + + if (witness && !types.Satoshi(witnessValue)) { + throw new Error('Input was witness but not given witness value') + } + + if (signType === scriptTypes.P2WPKH) { + signScript = bscript.pubKeyHash.output.encode(bscript.witnessPubKeyHash.output.decode(signScript)) + } + + if (p2sh) { + input.redeemScript = redeemScript + input.redeemScriptType = p2shType + } + + if (p2wsh) { + input.witnessScript = witnessScript + input.witnessScriptType = witnessType + } + + input.pubKeys = expanded.pubKeys + input.signatures = expanded.signatures + input.signScript = signScript + input.signType = signType + input.prevOutScript = prevOutScript + input.prevOutType = prevOutType + input.witness = witness +} + +function buildStack (type, signatures, pubKeys, allowIncomplete) { + if (type === scriptTypes.P2PKH) { + if (signatures.length === 1 && Buffer.isBuffer(signatures[0]) && pubKeys.length === 1) return bscript.pubKeyHash.input.encodeStack(signatures[0], pubKeys[0]) + } else if (type === scriptTypes.P2PK) { + if (signatures.length === 1 && Buffer.isBuffer(signatures[0])) return bscript.pubKey.input.encodeStack(signatures[0]) + } else if (type === scriptTypes.MULTISIG) { + if (signatures.length > 0) { + signatures = signatures.map(function (signature) { + return signature || ops.OP_0 + }) + if (!allowIncomplete) { + // remove blank signatures + signatures = signatures.filter(function (x) { return x !== ops.OP_0 }) + } + + return bscript.multisig.input.encodeStack(signatures /* see if it's necessary first */) + } + } else { + throw new Error('Not yet supported') + } + + if (!allowIncomplete) throw new Error('Not enough signatures provided') + + return [] +} + +function buildInput (input, allowIncomplete) { + var scriptType = input.prevOutType + var sig = [] + var witness = [] + if (SIGNABLE.indexOf(scriptType) !== -1) { + sig = buildStack(scriptType, input.signatures, input.pubKeys, allowIncomplete) + } + + var p2sh = false + if (scriptType === bscript.types.P2SH) { + // We can remove this error later when we have a guarantee prepareInput + // rejects unsignable scripts - it MUST be signable at this point. + if (P2SH.indexOf(input.redeemScriptType) === -1) { + throw new Error('Impossible to sign this type') + } + p2sh = true + if (SIGNABLE.indexOf(input.redeemScriptType) !== -1) { + sig = buildStack(input.redeemScriptType, input.signatures, input.pubKeys, allowIncomplete) + } + // If it wasn't SIGNABLE, it's witness, defer to that + scriptType = input.redeemScriptType + } + + if (scriptType === bscript.types.P2WPKH) { + // P2WPKH is a special case of P2PKH + witness = buildStack(bscript.types.P2PKH, input.signatures, input.pubKeys, allowIncomplete) + } else if (scriptType === bscript.types.P2WSH) { + // We can remove this check later + if (SIGNABLE.indexOf(input.witnessScriptType) !== -1) { + witness = buildStack(input.witnessScriptType, input.signatures, input.pubKeys, allowIncomplete) + witness.push(input.witnessScript) + } else { + // We can remove this error later when we have a guarantee prepareInput + // rejects unsignble scripts - it MUST be signable at this point. + throw new Error() + } + + scriptType = input.witnessScriptType + } + + // append redeemScript if necessary + if (p2sh) { + sig.push(input.redeemScript) + } + + return { + type: scriptType, + script: bscript.compile(sig), + witness: witness + } +} + +function TransactionBuilder (network, maximumFeeRate) { + this.prevTxMap = {} + this.network = network || networks.bitcoin + + // WARNING: This is __NOT__ to be relied on, its just another potential safety mechanism (safety in-depth) + this.maximumFeeRate = maximumFeeRate || 1000 + + this.inputs = [] + this.tx = new Transaction() +} + +TransactionBuilder.prototype.setLockTime = function (locktime) { + typeforce(types.UInt32, locktime) + + // if any signatures exist, throw + if (this.inputs.some(function (input) { + if (!input.signatures) return false + + return input.signatures.some(function (s) { return s }) + })) { + throw new Error('No, this would invalidate signatures') + } + + this.tx.locktime = locktime +} + +TransactionBuilder.prototype.setVersion = function (version) { + typeforce(types.UInt32, version) + + // XXX: this might eventually become more complex depending on what the versions represent + this.tx.version = version +} + +TransactionBuilder.fromTransaction = function (transaction, network) { + var txb = new TransactionBuilder(network) + + // Copy transaction fields + txb.setVersion(transaction.version) + txb.setLockTime(transaction.locktime) + + // Copy outputs (done first to avoid signature invalidation) + transaction.outs.forEach(function (txOut) { + txb.addOutput(txOut.script, txOut.value) + }) + + // Copy inputs + transaction.ins.forEach(function (txIn) { + txb.__addInputUnsafe(txIn.hash, txIn.index, { + sequence: txIn.sequence, + script: txIn.script, + witness: txIn.witness + }) + }) + + // fix some things not possible through the public API + txb.inputs.forEach(function (input, i) { + fixMultisigOrder(input, transaction, i) + }) + + return txb +} + +TransactionBuilder.prototype.addInput = function (txHash, vout, sequence, prevOutScript) { + if (!this.__canModifyInputs()) { + throw new Error('No, this would invalidate signatures') + } + + var value + + // is it a hex string? + if (typeof txHash === 'string') { + // transaction hashs's are displayed in reverse order, un-reverse it + txHash = Buffer.from(txHash, 'hex').reverse() + + // is it a Transaction object? + } else if (txHash instanceof Transaction) { + var txOut = txHash.outs[vout] + prevOutScript = txOut.script + value = txOut.value + + txHash = txHash.getHash() + } + + return this.__addInputUnsafe(txHash, vout, { + sequence: sequence, + prevOutScript: prevOutScript, + value: value + }) +} + +TransactionBuilder.prototype.__addInputUnsafe = function (txHash, vout, options) { + if (Transaction.isCoinbaseHash(txHash)) { + throw new Error('coinbase inputs not supported') + } + + var prevTxOut = txHash.toString('hex') + ':' + vout + if (this.prevTxMap[prevTxOut] !== undefined) throw new Error('Duplicate TxOut: ' + prevTxOut) + + var input = {} + + // derive what we can from the scriptSig + if (options.script !== undefined) { + input = expandInput(options.script, options.witness || []) + } + + // if an input value was given, retain it + if (options.value !== undefined) { + input.value = options.value + } + + // derive what we can from the previous transactions output script + if (!input.prevOutScript && options.prevOutScript) { + var prevOutType + + if (!input.pubKeys && !input.signatures) { + var expanded = expandOutput(options.prevOutScript) + + if (expanded.pubKeys) { + input.pubKeys = expanded.pubKeys + input.signatures = expanded.signatures + } + + prevOutType = expanded.scriptType + } + + input.prevOutScript = options.prevOutScript + input.prevOutType = prevOutType || bscript.classifyOutput(options.prevOutScript) + } + + var vin = this.tx.addInput(txHash, vout, options.sequence, options.scriptSig) + this.inputs[vin] = input + this.prevTxMap[prevTxOut] = vin + + return vin +} + +TransactionBuilder.prototype.addOutput = function (scriptPubKey, value) { + if (!this.__canModifyOutputs()) { + throw new Error('No, this would invalidate signatures') + } + + // Attempt to get a script if it's a base58 address string + if (typeof scriptPubKey === 'string') { + scriptPubKey = baddress.toOutputScript(scriptPubKey, this.network) + } + + return this.tx.addOutput(scriptPubKey, value) +} + +TransactionBuilder.prototype.build = function () { + return this.__build(false) +} +TransactionBuilder.prototype.buildIncomplete = function () { + return this.__build(true) +} + +TransactionBuilder.prototype.__build = function (allowIncomplete) { + if (!allowIncomplete) { + if (!this.tx.ins.length) throw new Error('Transaction has no inputs') + if (!this.tx.outs.length) throw new Error('Transaction has no outputs') + } + + var tx = this.tx.clone() + // Create script signatures from inputs + this.inputs.forEach(function (input, i) { + var scriptType = input.witnessScriptType || input.redeemScriptType || input.prevOutType + if (!scriptType && !allowIncomplete) throw new Error('Transaction is not complete') + var result = buildInput(input, allowIncomplete) + + // skip if no result + if (!allowIncomplete) { + if (SIGNABLE.indexOf(result.type) === -1 && result.type !== bscript.types.P2WPKH) { + throw new Error(result.type + ' not supported') + } + } + + tx.setInputScript(i, result.script) + tx.setWitness(i, result.witness) + }) + + if (!allowIncomplete) { + // do not rely on this, its merely a last resort + if (this.__overMaximumFees(tx.byteLength())) { + throw new Error('Transaction has absurd fees') + } + } + + return tx +} + +function canSign (input) { + return input.prevOutScript !== undefined && + input.signScript !== undefined && + input.pubKeys !== undefined && + input.signatures !== undefined && + input.signatures.length === input.pubKeys.length && + input.pubKeys.length > 0 && + input.witness !== undefined +} + +TransactionBuilder.prototype.sign = function (vin, keyPair, redeemScript, hashType, witnessValue, witnessScript) { + if (keyPair.network !== this.network) throw new Error('Inconsistent network') + if (!this.inputs[vin]) throw new Error('No input at index: ' + vin) + hashType = hashType || Transaction.SIGHASH_ALL + + var input = this.inputs[vin] + + // if redeemScript was previously provided, enforce consistency + if (input.redeemScript !== undefined && + redeemScript && + !input.redeemScript.equals(redeemScript)) { + throw new Error('Inconsistent redeemScript') + } + + var kpPubKey = keyPair.getPublicKeyBuffer() + if (!canSign(input)) { + prepareInput(input, kpPubKey, redeemScript, witnessValue, witnessScript) + if (!canSign(input)) throw Error(input.prevOutType + ' not supported') + } + + // ready to sign + var signatureHash + if (input.witness) { + signatureHash = this.tx.hashForWitnessV0(vin, input.signScript, witnessValue, hashType) + } else { + signatureHash = this.tx.hashForSignature(vin, input.signScript, hashType) + } + // enforce in order signing of public keys + var signed = input.pubKeys.some(function (pubKey, i) { + if (!kpPubKey.equals(pubKey)) return false + if (input.signatures[i]) throw new Error('Signature already exists') + + input.signatures[i] = keyPair.sign(signatureHash).toScriptSignature(hashType) + return true + }) + + if (!signed) throw new Error('Key pair cannot sign for this input') +} + +function signatureHashType (buffer) { + return buffer.readUInt8(buffer.length - 1) +} + +TransactionBuilder.prototype.__canModifyInputs = function () { + return this.inputs.every(function (input) { + // any signatures? + if (input.signatures === undefined) return true + + return input.signatures.every(function (signature) { + if (!signature) return true + var hashType = signatureHashType(signature) + + // if SIGHASH_ANYONECANPAY is set, signatures would not + // be invalidated by more inputs + return hashType & Transaction.SIGHASH_ANYONECANPAY + }) + }) +} + +TransactionBuilder.prototype.__canModifyOutputs = function () { + var nInputs = this.tx.ins.length + var nOutputs = this.tx.outs.length + + return this.inputs.every(function (input) { + if (input.signatures === undefined) return true + + return input.signatures.every(function (signature) { + if (!signature) return true + var hashType = signatureHashType(signature) + + var hashTypeMod = hashType & 0x1f + if (hashTypeMod === Transaction.SIGHASH_NONE) return true + if (hashTypeMod === Transaction.SIGHASH_SINGLE) { + // if SIGHASH_SINGLE is set, and nInputs > nOutputs + // some signatures would be invalidated by the addition + // of more outputs + return nInputs <= nOutputs + } + }) + }) +} + +TransactionBuilder.prototype.__overMaximumFees = function (bytes) { + // not all inputs will have .value defined + var incoming = this.inputs.reduce(function (a, x) { return a + (x.value >>> 0) }, 0) + + // but all outputs do, and if we have any input value + // we can immediately determine if the outputs are too small + var outgoing = this.tx.outs.reduce(function (a, x) { return a + x.value }, 0) + var fee = incoming - outgoing + var feeRate = fee / bytes + + return feeRate > this.maximumFeeRate +} + +module.exports = TransactionBuilder + +},{"./address":42,"./crypto":45,"./ecpair":47,"./ecsignature":48,"./networks":51,"./script":52,"./transaction":76,"./types":78,"bitcoin-ops":40,"safe-buffer":98,"typeforce":109}],78:[function(require,module,exports){ +var typeforce = require('typeforce') + +var UINT31_MAX = Math.pow(2, 31) - 1 +function UInt31 (value) { + return typeforce.UInt32(value) && value <= UINT31_MAX +} + +function BIP32Path (value) { + return typeforce.String(value) && value.match(/^(m\/)?(\d+'?\/)*\d+'?$/) +} +BIP32Path.toJSON = function () { return 'BIP32 derivation path' } + +var SATOSHI_MAX = 21 * 1e14 +function Satoshi (value) { + return typeforce.UInt53(value) && value <= SATOSHI_MAX +} + +// external dependent types +var BigInt = typeforce.quacksLike('BigInteger') +var ECPoint = typeforce.quacksLike('Point') + +// exposed, external API +var ECSignature = typeforce.compile({ r: BigInt, s: BigInt }) +var Network = typeforce.compile({ + messagePrefix: typeforce.oneOf(typeforce.Buffer, typeforce.String), + bip32: { + public: typeforce.UInt32, + private: typeforce.UInt32 + }, + pubKeyHash: typeforce.UInt8, + scriptHash: typeforce.UInt8, + wif: typeforce.UInt8 +}) + +// extend typeforce types with ours +var types = { + BigInt: BigInt, + BIP32Path: BIP32Path, + Buffer256bit: typeforce.BufferN(32), + ECPoint: ECPoint, + ECSignature: ECSignature, + Hash160bit: typeforce.BufferN(20), + Hash256bit: typeforce.BufferN(32), + Network: Network, + Satoshi: Satoshi, + UInt31: UInt31 +} + +for (var typeName in typeforce) { + types[typeName] = typeforce[typeName] +} + +module.exports = types + +},{"typeforce":109}],79:[function(require,module,exports){ +var basex = require('base-x') +var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz' + +module.exports = basex(ALPHABET) + +},{"base-x":34}],80:[function(require,module,exports){ +(function (Buffer){ +'use strict' + +var base58 = require('bs58') +var createHash = require('create-hash') + +// SHA256(SHA256(buffer)) +function sha256x2 (buffer) { + var tmp = createHash('sha256').update(buffer).digest() + return createHash('sha256').update(tmp).digest() +} + +// Encode a buffer as a base58-check encoded string +function encode (payload) { + var checksum = sha256x2(payload) + + return base58.encode(Buffer.concat([ + payload, + checksum + ], payload.length + 4)) +} + +function decodeRaw (buffer) { + var payload = buffer.slice(0, -4) + var checksum = buffer.slice(-4) + var newChecksum = sha256x2(payload) + + if (checksum[0] ^ newChecksum[0] | + checksum[1] ^ newChecksum[1] | + checksum[2] ^ newChecksum[2] | + checksum[3] ^ newChecksum[3]) return + + return payload +} + +// Decode a base58-check encoded string to a buffer, no result if checksum is wrong +function decodeUnsafe (string) { + var buffer = base58.decodeUnsafe(string) + if (!buffer) return + + return decodeRaw(buffer) +} + +function decode (string) { + var buffer = base58.decode(string) + var payload = decodeRaw(buffer) + if (!payload) throw new Error('Invalid checksum') + return payload +} + +module.exports = { + encode: encode, + decode: decode, + decodeUnsafe: decodeUnsafe +} + +}).call(this,require("buffer").Buffer) +},{"bs58":79,"buffer":4,"create-hash":82}],81:[function(require,module,exports){ +var Buffer = require('safe-buffer').Buffer +var Transform = require('stream').Transform +var StringDecoder = require('string_decoder').StringDecoder +var inherits = require('inherits') + +function CipherBase (hashMode) { + Transform.call(this) + this.hashMode = typeof hashMode === 'string' + if (this.hashMode) { + this[hashMode] = this._finalOrDigest + } else { + this.final = this._finalOrDigest + } + if (this._final) { + this.__final = this._final + this._final = null + } + this._decoder = null + this._encoding = null +} +inherits(CipherBase, Transform) + +CipherBase.prototype.update = function (data, inputEnc, outputEnc) { + if (typeof data === 'string') { + data = Buffer.from(data, inputEnc) + } + + var outData = this._update(data) + if (this.hashMode) return this + + if (outputEnc) { + outData = this._toString(outData, outputEnc) + } + + return outData +} + +CipherBase.prototype.setAutoPadding = function () {} +CipherBase.prototype.getAuthTag = function () { + throw new Error('trying to get auth tag in unsupported state') +} + +CipherBase.prototype.setAuthTag = function () { + throw new Error('trying to set auth tag in unsupported state') +} + +CipherBase.prototype.setAAD = function () { + throw new Error('trying to set aad in unsupported state') +} + +CipherBase.prototype._transform = function (data, _, next) { + var err + try { + if (this.hashMode) { + this._update(data) + } else { + this.push(this._update(data)) + } + } catch (e) { + err = e + } finally { + next(err) + } +} +CipherBase.prototype._flush = function (done) { + var err + try { + this.push(this.__final()) + } catch (e) { + err = e + } + + done(err) +} +CipherBase.prototype._finalOrDigest = function (outputEnc) { + var outData = this.__final() || Buffer.alloc(0) + if (outputEnc) { + outData = this._toString(outData, outputEnc, true) + } + return outData +} + +CipherBase.prototype._toString = function (value, enc, fin) { + if (!this._decoder) { + this._decoder = new StringDecoder(enc) + this._encoding = enc + } + + if (this._encoding !== enc) throw new Error('can\'t switch encodings') + + var out = this._decoder.write(value) + if (fin) { + out += this._decoder.end() + } + + return out +} + +module.exports = CipherBase + +},{"inherits":93,"safe-buffer":98,"stream":27,"string_decoder":28}],82:[function(require,module,exports){ +(function (Buffer){ +'use strict' +var inherits = require('inherits') +var md5 = require('./md5') +var RIPEMD160 = require('ripemd160') +var sha = require('sha.js') + +var Base = require('cipher-base') + +function HashNoConstructor (hash) { + Base.call(this, 'digest') + + this._hash = hash + this.buffers = [] +} + +inherits(HashNoConstructor, Base) + +HashNoConstructor.prototype._update = function (data) { + this.buffers.push(data) +} + +HashNoConstructor.prototype._final = function () { + var buf = Buffer.concat(this.buffers) + var r = this._hash(buf) + this.buffers = null + + return r +} + +function Hash (hash) { + Base.call(this, 'digest') + + this._hash = hash +} + +inherits(Hash, Base) + +Hash.prototype._update = function (data) { + this._hash.update(data) +} + +Hash.prototype._final = function () { + return this._hash.digest() +} + +module.exports = function createHash (alg) { + alg = alg.toLowerCase() + if (alg === 'md5') return new HashNoConstructor(md5) + if (alg === 'rmd160' || alg === 'ripemd160') return new Hash(new RIPEMD160()) + + return new Hash(sha(alg)) +} + +}).call(this,require("buffer").Buffer) +},{"./md5":84,"buffer":4,"cipher-base":81,"inherits":93,"ripemd160":97,"sha.js":100}],83:[function(require,module,exports){ +(function (Buffer){ +'use strict' +var intSize = 4 +var zeroBuffer = new Buffer(intSize) +zeroBuffer.fill(0) + +var charSize = 8 +var hashSize = 16 + +function toArray (buf) { + if ((buf.length % intSize) !== 0) { + var len = buf.length + (intSize - (buf.length % intSize)) + buf = Buffer.concat([buf, zeroBuffer], len) + } + + var arr = new Array(buf.length >>> 2) + for (var i = 0, j = 0; i < buf.length; i += intSize, j++) { + arr[j] = buf.readInt32LE(i) + } + + return arr +} + +module.exports = function hash (buf, fn) { + var arr = fn(toArray(buf), buf.length * charSize) + buf = new Buffer(hashSize) + for (var i = 0; i < arr.length; i++) { + buf.writeInt32LE(arr[i], i << 2, true) + } + return buf +} + +}).call(this,require("buffer").Buffer) +},{"buffer":4}],84:[function(require,module,exports){ +'use strict' +/* + * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message + * Digest Algorithm, as defined in RFC 1321. + * Version 2.1 Copyright (C) Paul Johnston 1999 - 2002. + * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet + * Distributed under the BSD License + * See http://pajhome.org.uk/crypt/md5 for more info. + */ + +var makeHash = require('./make-hash') + +/* + * Calculate the MD5 of an array of little-endian words, and a bit length + */ +function core_md5 (x, len) { + /* append padding */ + x[len >> 5] |= 0x80 << ((len) % 32) + x[(((len + 64) >>> 9) << 4) + 14] = len + + var a = 1732584193 + var b = -271733879 + var c = -1732584194 + var d = 271733878 + + for (var i = 0; i < x.length; i += 16) { + var olda = a + var oldb = b + var oldc = c + var oldd = d + + a = md5_ff(a, b, c, d, x[i + 0], 7, -680876936) + d = md5_ff(d, a, b, c, x[i + 1], 12, -389564586) + c = md5_ff(c, d, a, b, x[i + 2], 17, 606105819) + b = md5_ff(b, c, d, a, x[i + 3], 22, -1044525330) + a = md5_ff(a, b, c, d, x[i + 4], 7, -176418897) + d = md5_ff(d, a, b, c, x[i + 5], 12, 1200080426) + c = md5_ff(c, d, a, b, x[i + 6], 17, -1473231341) + b = md5_ff(b, c, d, a, x[i + 7], 22, -45705983) + a = md5_ff(a, b, c, d, x[i + 8], 7, 1770035416) + d = md5_ff(d, a, b, c, x[i + 9], 12, -1958414417) + c = md5_ff(c, d, a, b, x[i + 10], 17, -42063) + b = md5_ff(b, c, d, a, x[i + 11], 22, -1990404162) + a = md5_ff(a, b, c, d, x[i + 12], 7, 1804603682) + d = md5_ff(d, a, b, c, x[i + 13], 12, -40341101) + c = md5_ff(c, d, a, b, x[i + 14], 17, -1502002290) + b = md5_ff(b, c, d, a, x[i + 15], 22, 1236535329) + + a = md5_gg(a, b, c, d, x[i + 1], 5, -165796510) + d = md5_gg(d, a, b, c, x[i + 6], 9, -1069501632) + c = md5_gg(c, d, a, b, x[i + 11], 14, 643717713) + b = md5_gg(b, c, d, a, x[i + 0], 20, -373897302) + a = md5_gg(a, b, c, d, x[i + 5], 5, -701558691) + d = md5_gg(d, a, b, c, x[i + 10], 9, 38016083) + c = md5_gg(c, d, a, b, x[i + 15], 14, -660478335) + b = md5_gg(b, c, d, a, x[i + 4], 20, -405537848) + a = md5_gg(a, b, c, d, x[i + 9], 5, 568446438) + d = md5_gg(d, a, b, c, x[i + 14], 9, -1019803690) + c = md5_gg(c, d, a, b, x[i + 3], 14, -187363961) + b = md5_gg(b, c, d, a, x[i + 8], 20, 1163531501) + a = md5_gg(a, b, c, d, x[i + 13], 5, -1444681467) + d = md5_gg(d, a, b, c, x[i + 2], 9, -51403784) + c = md5_gg(c, d, a, b, x[i + 7], 14, 1735328473) + b = md5_gg(b, c, d, a, x[i + 12], 20, -1926607734) + + a = md5_hh(a, b, c, d, x[i + 5], 4, -378558) + d = md5_hh(d, a, b, c, x[i + 8], 11, -2022574463) + c = md5_hh(c, d, a, b, x[i + 11], 16, 1839030562) + b = md5_hh(b, c, d, a, x[i + 14], 23, -35309556) + a = md5_hh(a, b, c, d, x[i + 1], 4, -1530992060) + d = md5_hh(d, a, b, c, x[i + 4], 11, 1272893353) + c = md5_hh(c, d, a, b, x[i + 7], 16, -155497632) + b = md5_hh(b, c, d, a, x[i + 10], 23, -1094730640) + a = md5_hh(a, b, c, d, x[i + 13], 4, 681279174) + d = md5_hh(d, a, b, c, x[i + 0], 11, -358537222) + c = md5_hh(c, d, a, b, x[i + 3], 16, -722521979) + b = md5_hh(b, c, d, a, x[i + 6], 23, 76029189) + a = md5_hh(a, b, c, d, x[i + 9], 4, -640364487) + d = md5_hh(d, a, b, c, x[i + 12], 11, -421815835) + c = md5_hh(c, d, a, b, x[i + 15], 16, 530742520) + b = md5_hh(b, c, d, a, x[i + 2], 23, -995338651) + + a = md5_ii(a, b, c, d, x[i + 0], 6, -198630844) + d = md5_ii(d, a, b, c, x[i + 7], 10, 1126891415) + c = md5_ii(c, d, a, b, x[i + 14], 15, -1416354905) + b = md5_ii(b, c, d, a, x[i + 5], 21, -57434055) + a = md5_ii(a, b, c, d, x[i + 12], 6, 1700485571) + d = md5_ii(d, a, b, c, x[i + 3], 10, -1894986606) + c = md5_ii(c, d, a, b, x[i + 10], 15, -1051523) + b = md5_ii(b, c, d, a, x[i + 1], 21, -2054922799) + a = md5_ii(a, b, c, d, x[i + 8], 6, 1873313359) + d = md5_ii(d, a, b, c, x[i + 15], 10, -30611744) + c = md5_ii(c, d, a, b, x[i + 6], 15, -1560198380) + b = md5_ii(b, c, d, a, x[i + 13], 21, 1309151649) + a = md5_ii(a, b, c, d, x[i + 4], 6, -145523070) + d = md5_ii(d, a, b, c, x[i + 11], 10, -1120210379) + c = md5_ii(c, d, a, b, x[i + 2], 15, 718787259) + b = md5_ii(b, c, d, a, x[i + 9], 21, -343485551) + + a = safe_add(a, olda) + b = safe_add(b, oldb) + c = safe_add(c, oldc) + d = safe_add(d, oldd) + } + + return [a, b, c, d] +} + +/* + * These functions implement the four basic operations the algorithm uses. + */ +function md5_cmn (q, a, b, x, s, t) { + return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s), b) +} + +function md5_ff (a, b, c, d, x, s, t) { + return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t) +} + +function md5_gg (a, b, c, d, x, s, t) { + return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t) +} + +function md5_hh (a, b, c, d, x, s, t) { + return md5_cmn(b ^ c ^ d, a, b, x, s, t) +} + +function md5_ii (a, b, c, d, x, s, t) { + return md5_cmn(c ^ (b | (~d)), a, b, x, s, t) +} + +/* + * Add integers, wrapping at 2^32. This uses 16-bit operations internally + * to work around bugs in some JS interpreters. + */ +function safe_add (x, y) { + var lsw = (x & 0xFFFF) + (y & 0xFFFF) + var msw = (x >> 16) + (y >> 16) + (lsw >> 16) + return (msw << 16) | (lsw & 0xFFFF) +} + +/* + * Bitwise rotate a 32-bit number to the left. + */ +function bit_rol (num, cnt) { + return (num << cnt) | (num >>> (32 - cnt)) +} + +module.exports = function md5 (buf) { + return makeHash(buf, core_md5) +} + +},{"./make-hash":83}],85:[function(require,module,exports){ +'use strict' +var inherits = require('inherits') +var Legacy = require('./legacy') +var Base = require('cipher-base') +var Buffer = require('safe-buffer').Buffer +var md5 = require('create-hash/md5') +var RIPEMD160 = require('ripemd160') + +var sha = require('sha.js') + +var ZEROS = Buffer.alloc(128) + +function Hmac (alg, key) { + Base.call(this, 'digest') + if (typeof key === 'string') { + key = Buffer.from(key) + } + + var blocksize = (alg === 'sha512' || alg === 'sha384') ? 128 : 64 + + this._alg = alg + this._key = key + if (key.length > blocksize) { + var hash = alg === 'rmd160' ? new RIPEMD160() : sha(alg) + key = hash.update(key).digest() + } else if (key.length < blocksize) { + key = Buffer.concat([key, ZEROS], blocksize) + } + + var ipad = this._ipad = Buffer.allocUnsafe(blocksize) + var opad = this._opad = Buffer.allocUnsafe(blocksize) + + for (var i = 0; i < blocksize; i++) { + ipad[i] = key[i] ^ 0x36 + opad[i] = key[i] ^ 0x5C + } + this._hash = alg === 'rmd160' ? new RIPEMD160() : sha(alg) + this._hash.update(ipad) +} + +inherits(Hmac, Base) + +Hmac.prototype._update = function (data) { + this._hash.update(data) +} + +Hmac.prototype._final = function () { + var h = this._hash.digest() + var hash = this._alg === 'rmd160' ? new RIPEMD160() : sha(this._alg) + return hash.update(this._opad).update(h).digest() +} + +module.exports = function createHmac (alg, key) { + alg = alg.toLowerCase() + if (alg === 'rmd160' || alg === 'ripemd160') { + return new Hmac('rmd160', key) + } + if (alg === 'md5') { + return new Legacy(md5, key) + } + return new Hmac(alg, key) +} + +},{"./legacy":86,"cipher-base":81,"create-hash/md5":84,"inherits":93,"ripemd160":97,"safe-buffer":98,"sha.js":100}],86:[function(require,module,exports){ +'use strict' +var inherits = require('inherits') +var Buffer = require('safe-buffer').Buffer + +var Base = require('cipher-base') + +var ZEROS = Buffer.alloc(128) +var blocksize = 64 + +function Hmac (alg, key) { + Base.call(this, 'digest') + if (typeof key === 'string') { + key = Buffer.from(key) + } + + this._alg = alg + this._key = key + + if (key.length > blocksize) { + key = alg(key) + } else if (key.length < blocksize) { + key = Buffer.concat([key, ZEROS], blocksize) + } + + var ipad = this._ipad = Buffer.allocUnsafe(blocksize) + var opad = this._opad = Buffer.allocUnsafe(blocksize) + + for (var i = 0; i < blocksize; i++) { + ipad[i] = key[i] ^ 0x36 + opad[i] = key[i] ^ 0x5C + } + + this._hash = [ipad] +} + +inherits(Hmac, Base) + +Hmac.prototype._update = function (data) { + this._hash.push(data) +} + +Hmac.prototype._final = function () { + var h = this._alg(Buffer.concat(this._hash)) + return this._alg(Buffer.concat([this._opad, h])) +} +module.exports = Hmac + +},{"cipher-base":81,"inherits":93,"safe-buffer":98}],87:[function(require,module,exports){ +var assert = require('assert') +var BigInteger = require('bigi') + +var Point = require('./point') + +function Curve (p, a, b, Gx, Gy, n, h) { + this.p = p + this.a = a + this.b = b + this.G = Point.fromAffine(this, Gx, Gy) + this.n = n + this.h = h + + this.infinity = new Point(this, null, null, BigInteger.ZERO) + + // result caching + this.pOverFour = p.add(BigInteger.ONE).shiftRight(2) + + // determine size of p in bytes + this.pLength = Math.floor((this.p.bitLength() + 7) / 8) +} + +Curve.prototype.pointFromX = function (isOdd, x) { + var alpha = x.pow(3).add(this.a.multiply(x)).add(this.b).mod(this.p) + var beta = alpha.modPow(this.pOverFour, this.p) // XXX: not compatible with all curves + + var y = beta + if (beta.isEven() ^ !isOdd) { + y = this.p.subtract(y) // -y % p + } + + return Point.fromAffine(this, x, y) +} + +Curve.prototype.isInfinity = function (Q) { + if (Q === this.infinity) return true + + return Q.z.signum() === 0 && Q.y.signum() !== 0 +} + +Curve.prototype.isOnCurve = function (Q) { + if (this.isInfinity(Q)) return true + + var x = Q.affineX + var y = Q.affineY + var a = this.a + var b = this.b + var p = this.p + + // Check that xQ and yQ are integers in the interval [0, p - 1] + if (x.signum() < 0 || x.compareTo(p) >= 0) return false + if (y.signum() < 0 || y.compareTo(p) >= 0) return false + + // and check that y^2 = x^3 + ax + b (mod p) + var lhs = y.square().mod(p) + var rhs = x.pow(3).add(a.multiply(x)).add(b).mod(p) + return lhs.equals(rhs) +} + +/** + * Validate an elliptic curve point. + * + * See SEC 1, section Elliptic Curve Public Key Validation Primitive + */ +Curve.prototype.validate = function (Q) { + // Check Q != O + assert(!this.isInfinity(Q), 'Point is at infinity') + assert(this.isOnCurve(Q), 'Point is not on the curve') + + // Check nQ = O (where Q is a scalar multiple of G) + var nQ = Q.multiply(this.n) + assert(this.isInfinity(nQ), 'Point is not a scalar multiple of G') + + return true +} + +module.exports = Curve + +},{"./point":91,"assert":1,"bigi":37}],88:[function(require,module,exports){ +module.exports={ + "secp128r1": { + "p": "fffffffdffffffffffffffffffffffff", + "a": "fffffffdfffffffffffffffffffffffc", + "b": "e87579c11079f43dd824993c2cee5ed3", + "n": "fffffffe0000000075a30d1b9038a115", + "h": "01", + "Gx": "161ff7528b899b2d0c28607ca52c5b86", + "Gy": "cf5ac8395bafeb13c02da292dded7a83" + }, + "secp160k1": { + "p": "fffffffffffffffffffffffffffffffeffffac73", + "a": "00", + "b": "07", + "n": "0100000000000000000001b8fa16dfab9aca16b6b3", + "h": "01", + "Gx": "3b4c382ce37aa192a4019e763036f4f5dd4d7ebb", + "Gy": "938cf935318fdced6bc28286531733c3f03c4fee" + }, + "secp160r1": { + "p": "ffffffffffffffffffffffffffffffff7fffffff", + "a": "ffffffffffffffffffffffffffffffff7ffffffc", + "b": "1c97befc54bd7a8b65acf89f81d4d4adc565fa45", + "n": "0100000000000000000001f4c8f927aed3ca752257", + "h": "01", + "Gx": "4a96b5688ef573284664698968c38bb913cbfc82", + "Gy": "23a628553168947d59dcc912042351377ac5fb32" + }, + "secp192k1": { + "p": "fffffffffffffffffffffffffffffffffffffffeffffee37", + "a": "00", + "b": "03", + "n": "fffffffffffffffffffffffe26f2fc170f69466a74defd8d", + "h": "01", + "Gx": "db4ff10ec057e9ae26b07d0280b7f4341da5d1b1eae06c7d", + "Gy": "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d" + }, + "secp192r1": { + "p": "fffffffffffffffffffffffffffffffeffffffffffffffff", + "a": "fffffffffffffffffffffffffffffffefffffffffffffffc", + "b": "64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", + "n": "ffffffffffffffffffffffff99def836146bc9b1b4d22831", + "h": "01", + "Gx": "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012", + "Gy": "07192b95ffc8da78631011ed6b24cdd573f977a11e794811" + }, + "secp256k1": { + "p": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "a": "00", + "b": "07", + "n": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "h": "01", + "Gx": "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798", + "Gy": "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8" + }, + "secp256r1": { + "p": "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + "a": "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", + "b": "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", + "n": "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + "h": "01", + "Gx": "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", + "Gy": "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" + } +} + +},{}],89:[function(require,module,exports){ +var Point = require('./point') +var Curve = require('./curve') + +var getCurveByName = require('./names') + +module.exports = { + Curve: Curve, + Point: Point, + getCurveByName: getCurveByName +} + +},{"./curve":87,"./names":90,"./point":91}],90:[function(require,module,exports){ +var BigInteger = require('bigi') + +var curves = require('./curves.json') +var Curve = require('./curve') + +function getCurveByName (name) { + var curve = curves[name] + if (!curve) return null + + var p = new BigInteger(curve.p, 16) + var a = new BigInteger(curve.a, 16) + var b = new BigInteger(curve.b, 16) + var n = new BigInteger(curve.n, 16) + var h = new BigInteger(curve.h, 16) + var Gx = new BigInteger(curve.Gx, 16) + var Gy = new BigInteger(curve.Gy, 16) + + return new Curve(p, a, b, Gx, Gy, n, h) +} + +module.exports = getCurveByName + +},{"./curve":87,"./curves.json":88,"bigi":37}],91:[function(require,module,exports){ +(function (Buffer){ +var assert = require('assert') +var BigInteger = require('bigi') + +var THREE = BigInteger.valueOf(3) + +function Point (curve, x, y, z) { + assert.notStrictEqual(z, undefined, 'Missing Z coordinate') + + this.curve = curve + this.x = x + this.y = y + this.z = z + this._zInv = null + + this.compressed = true +} + +Object.defineProperty(Point.prototype, 'zInv', { + get: function () { + if (this._zInv === null) { + this._zInv = this.z.modInverse(this.curve.p) + } + + return this._zInv + } +}) + +Object.defineProperty(Point.prototype, 'affineX', { + get: function () { + return this.x.multiply(this.zInv).mod(this.curve.p) + } +}) + +Object.defineProperty(Point.prototype, 'affineY', { + get: function () { + return this.y.multiply(this.zInv).mod(this.curve.p) + } +}) + +Point.fromAffine = function (curve, x, y) { + return new Point(curve, x, y, BigInteger.ONE) +} + +Point.prototype.equals = function (other) { + if (other === this) return true + if (this.curve.isInfinity(this)) return this.curve.isInfinity(other) + if (this.curve.isInfinity(other)) return this.curve.isInfinity(this) + + // u = Y2 * Z1 - Y1 * Z2 + var u = other.y.multiply(this.z).subtract(this.y.multiply(other.z)).mod(this.curve.p) + + if (u.signum() !== 0) return false + + // v = X2 * Z1 - X1 * Z2 + var v = other.x.multiply(this.z).subtract(this.x.multiply(other.z)).mod(this.curve.p) + + return v.signum() === 0 +} + +Point.prototype.negate = function () { + var y = this.curve.p.subtract(this.y) + + return new Point(this.curve, this.x, y, this.z) +} + +Point.prototype.add = function (b) { + if (this.curve.isInfinity(this)) return b + if (this.curve.isInfinity(b)) return this + + var x1 = this.x + var y1 = this.y + var x2 = b.x + var y2 = b.y + + // u = Y2 * Z1 - Y1 * Z2 + var u = y2.multiply(this.z).subtract(y1.multiply(b.z)).mod(this.curve.p) + // v = X2 * Z1 - X1 * Z2 + var v = x2.multiply(this.z).subtract(x1.multiply(b.z)).mod(this.curve.p) + + if (v.signum() === 0) { + if (u.signum() === 0) { + return this.twice() // this == b, so double + } + + return this.curve.infinity // this = -b, so infinity + } + + var v2 = v.square() + var v3 = v2.multiply(v) + var x1v2 = x1.multiply(v2) + var zu2 = u.square().multiply(this.z) + + // x3 = v * (z2 * (z1 * u^2 - 2 * x1 * v^2) - v^3) + var x3 = zu2.subtract(x1v2.shiftLeft(1)).multiply(b.z).subtract(v3).multiply(v).mod(this.curve.p) + // y3 = z2 * (3 * x1 * u * v^2 - y1 * v^3 - z1 * u^3) + u * v^3 + var y3 = x1v2.multiply(THREE).multiply(u).subtract(y1.multiply(v3)).subtract(zu2.multiply(u)).multiply(b.z).add(u.multiply(v3)).mod(this.curve.p) + // z3 = v^3 * z1 * z2 + var z3 = v3.multiply(this.z).multiply(b.z).mod(this.curve.p) + + return new Point(this.curve, x3, y3, z3) +} + +Point.prototype.twice = function () { + if (this.curve.isInfinity(this)) return this + if (this.y.signum() === 0) return this.curve.infinity + + var x1 = this.x + var y1 = this.y + + var y1z1 = y1.multiply(this.z).mod(this.curve.p) + var y1sqz1 = y1z1.multiply(y1).mod(this.curve.p) + var a = this.curve.a + + // w = 3 * x1^2 + a * z1^2 + var w = x1.square().multiply(THREE) + + if (a.signum() !== 0) { + w = w.add(this.z.square().multiply(a)) + } + + w = w.mod(this.curve.p) + // x3 = 2 * y1 * z1 * (w^2 - 8 * x1 * y1^2 * z1) + var x3 = w.square().subtract(x1.shiftLeft(3).multiply(y1sqz1)).shiftLeft(1).multiply(y1z1).mod(this.curve.p) + // y3 = 4 * y1^2 * z1 * (3 * w * x1 - 2 * y1^2 * z1) - w^3 + var y3 = w.multiply(THREE).multiply(x1).subtract(y1sqz1.shiftLeft(1)).shiftLeft(2).multiply(y1sqz1).subtract(w.pow(3)).mod(this.curve.p) + // z3 = 8 * (y1 * z1)^3 + var z3 = y1z1.pow(3).shiftLeft(3).mod(this.curve.p) + + return new Point(this.curve, x3, y3, z3) +} + +// Simple NAF (Non-Adjacent Form) multiplication algorithm +// TODO: modularize the multiplication algorithm +Point.prototype.multiply = function (k) { + if (this.curve.isInfinity(this)) return this + if (k.signum() === 0) return this.curve.infinity + + var e = k + var h = e.multiply(THREE) + + var neg = this.negate() + var R = this + + for (var i = h.bitLength() - 2; i > 0; --i) { + var hBit = h.testBit(i) + var eBit = e.testBit(i) + + R = R.twice() + + if (hBit !== eBit) { + R = R.add(hBit ? this : neg) + } + } + + return R +} + +// Compute this*j + x*k (simultaneous multiplication) +Point.prototype.multiplyTwo = function (j, x, k) { + var i = Math.max(j.bitLength(), k.bitLength()) - 1 + var R = this.curve.infinity + var both = this.add(x) + + while (i >= 0) { + var jBit = j.testBit(i) + var kBit = k.testBit(i) + + R = R.twice() + + if (jBit) { + if (kBit) { + R = R.add(both) + } else { + R = R.add(this) + } + } else if (kBit) { + R = R.add(x) + } + --i + } + + return R +} + +Point.prototype.getEncoded = function (compressed) { + if (compressed == null) compressed = this.compressed + if (this.curve.isInfinity(this)) return new Buffer('00', 'hex') // Infinity point encoded is simply '00' + + var x = this.affineX + var y = this.affineY + var byteLength = this.curve.pLength + var buffer + + // 0x02/0x03 | X + if (compressed) { + buffer = new Buffer(1 + byteLength) + buffer.writeUInt8(y.isEven() ? 0x02 : 0x03, 0) + + // 0x04 | X | Y + } else { + buffer = new Buffer(1 + byteLength + byteLength) + buffer.writeUInt8(0x04, 0) + + y.toBuffer(byteLength).copy(buffer, 1 + byteLength) + } + + x.toBuffer(byteLength).copy(buffer, 1) + + return buffer +} + +Point.decodeFrom = function (curve, buffer) { + var type = buffer.readUInt8(0) + var compressed = (type !== 4) + + var byteLength = Math.floor((curve.p.bitLength() + 7) / 8) + var x = BigInteger.fromBuffer(buffer.slice(1, 1 + byteLength)) + + var Q + if (compressed) { + assert.equal(buffer.length, byteLength + 1, 'Invalid sequence length') + assert(type === 0x02 || type === 0x03, 'Invalid sequence tag') + + var isOdd = (type === 0x03) + Q = curve.pointFromX(isOdd, x) + } else { + assert.equal(buffer.length, 1 + byteLength + byteLength, 'Invalid sequence length') + + var y = BigInteger.fromBuffer(buffer.slice(1 + byteLength)) + Q = Point.fromAffine(curve, x, y) + } + + Q.compressed = compressed + return Q +} + +Point.prototype.toString = function () { + if (this.curve.isInfinity(this)) return '(INFINITY)' + + return '(' + this.affineX.toString() + ',' + this.affineY.toString() + ')' +} + +module.exports = Point + +}).call(this,require("buffer").Buffer) +},{"assert":1,"bigi":37,"buffer":4}],92:[function(require,module,exports){ +(function (Buffer){ +'use strict' +var Transform = require('stream').Transform +var inherits = require('inherits') + +function HashBase (blockSize) { + Transform.call(this) + + this._block = new Buffer(blockSize) + this._blockSize = blockSize + this._blockOffset = 0 + this._length = [0, 0, 0, 0] + + this._finalized = false +} + +inherits(HashBase, Transform) + +HashBase.prototype._transform = function (chunk, encoding, callback) { + var error = null + try { + if (encoding !== 'buffer') chunk = new Buffer(chunk, encoding) + this.update(chunk) + } catch (err) { + error = err + } + + callback(error) +} + +HashBase.prototype._flush = function (callback) { + var error = null + try { + this.push(this._digest()) + } catch (err) { + error = err + } + + callback(error) +} + +HashBase.prototype.update = function (data, encoding) { + if (!Buffer.isBuffer(data) && typeof data !== 'string') throw new TypeError('Data must be a string or a buffer') + if (this._finalized) throw new Error('Digest already called') + if (!Buffer.isBuffer(data)) data = new Buffer(data, encoding || 'binary') + + // consume data + var block = this._block + var offset = 0 + while (this._blockOffset + data.length - offset >= this._blockSize) { + for (var i = this._blockOffset; i < this._blockSize;) block[i++] = data[offset++] + this._update() + this._blockOffset = 0 + } + while (offset < data.length) block[this._blockOffset++] = data[offset++] + + // update length + for (var j = 0, carry = data.length * 8; carry > 0; ++j) { + this._length[j] += carry + carry = (this._length[j] / 0x0100000000) | 0 + if (carry > 0) this._length[j] -= 0x0100000000 * carry + } + + return this +} + +HashBase.prototype._update = function (data) { + throw new Error('_update is not implemented') +} + +HashBase.prototype.digest = function (encoding) { + if (this._finalized) throw new Error('Digest already called') + this._finalized = true + + var digest = this._digest() + if (encoding !== undefined) digest = digest.toString(encoding) + return digest +} + +HashBase.prototype._digest = function () { + throw new Error('_digest is not implemented') +} + +module.exports = HashBase + +}).call(this,require("buffer").Buffer) +},{"buffer":4,"inherits":93,"stream":27}],93:[function(require,module,exports){ +arguments[4][8][0].apply(exports,arguments) +},{"dup":8}],94:[function(require,module,exports){ +(function (Buffer){ +// constant-space merkle root calculation algorithm +module.exports = function fastRoot (values, digestFn) { + if (!Array.isArray(values)) throw TypeError('Expected values Array') + if (typeof digestFn !== 'function') throw TypeError('Expected digest Function') + + var length = values.length + var results = values.concat() + + while (length > 1) { + var j = 0 + + for (var i = 0; i < length; i += 2, ++j) { + var left = results[i] + var right = i + 1 === length ? left : results[i + 1] + var data = Buffer.concat([left, right]) + + results[j] = digestFn(data) + } + + length = j + } + + return results[0] +} + +}).call(this,require("buffer").Buffer) +},{"buffer":4}],95:[function(require,module,exports){ +var OPS = require('bitcoin-ops') + +function encodingLength (i) { + return i < OPS.OP_PUSHDATA1 ? 1 + : i <= 0xff ? 2 + : i <= 0xffff ? 3 + : 5 +} + +function encode (buffer, number, offset) { + var size = encodingLength(number) + + // ~6 bit + if (size === 1) { + buffer.writeUInt8(number, offset) + + // 8 bit + } else if (size === 2) { + buffer.writeUInt8(OPS.OP_PUSHDATA1, offset) + buffer.writeUInt8(number, offset + 1) + + // 16 bit + } else if (size === 3) { + buffer.writeUInt8(OPS.OP_PUSHDATA2, offset) + buffer.writeUInt16LE(number, offset + 1) + + // 32 bit + } else { + buffer.writeUInt8(OPS.OP_PUSHDATA4, offset) + buffer.writeUInt32LE(number, offset + 1) + } + + return size +} + +function decode (buffer, offset) { + var opcode = buffer.readUInt8(offset) + var number, size + + // ~6 bit + if (opcode < OPS.OP_PUSHDATA1) { + number = opcode + size = 1 + + // 8 bit + } else if (opcode === OPS.OP_PUSHDATA1) { + if (offset + 2 > buffer.length) return null + number = buffer.readUInt8(offset + 1) + size = 2 + + // 16 bit + } else if (opcode === OPS.OP_PUSHDATA2) { + if (offset + 3 > buffer.length) return null + number = buffer.readUInt16LE(offset + 1) + size = 3 + + // 32 bit + } else { + if (offset + 5 > buffer.length) return null + if (opcode !== OPS.OP_PUSHDATA4) throw new Error('Unexpected opcode') + + number = buffer.readUInt32LE(offset + 1) + size = 5 + } + + return { + opcode: opcode, + number: number, + size: size + } +} + +module.exports = { + encodingLength: encodingLength, + encode: encode, + decode: decode +} + +},{"bitcoin-ops":40}],96:[function(require,module,exports){ +(function (process,global){ +'use strict' + +function oldBrowser () { + throw new Error('secure random number generation not supported by this browser\nuse chrome, FireFox or Internet Explorer 11') +} + +var Buffer = require('safe-buffer').Buffer +var crypto = global.crypto || global.msCrypto + +if (crypto && crypto.getRandomValues) { + module.exports = randomBytes +} else { + module.exports = oldBrowser +} + +function randomBytes (size, cb) { + // phantomjs needs to throw + if (size > 65536) throw new Error('requested too many random bytes') + // in case browserify isn't using the Uint8Array version + var rawBytes = new global.Uint8Array(size) + + // This will not work in older browsers. + // See https://developer.mozilla.org/en-US/docs/Web/API/window.crypto.getRandomValues + if (size > 0) { // getRandomValues fails on IE if size == 0 + crypto.getRandomValues(rawBytes) + } + + // XXX: phantomjs doesn't like a buffer being passed here + var bytes = Buffer.from(rawBytes.buffer) + + if (typeof cb === 'function') { + return process.nextTick(function () { + cb(null, bytes) + }) + } + + return bytes +} + +}).call(this,require('_process'),typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {}) +},{"_process":12,"safe-buffer":98}],97:[function(require,module,exports){ +(function (Buffer){ +'use strict' +var inherits = require('inherits') +var HashBase = require('hash-base') + +function RIPEMD160 () { + HashBase.call(this, 64) + + // state + this._a = 0x67452301 + this._b = 0xefcdab89 + this._c = 0x98badcfe + this._d = 0x10325476 + this._e = 0xc3d2e1f0 +} + +inherits(RIPEMD160, HashBase) + +RIPEMD160.prototype._update = function () { + var m = new Array(16) + for (var i = 0; i < 16; ++i) m[i] = this._block.readInt32LE(i * 4) + + var al = this._a + var bl = this._b + var cl = this._c + var dl = this._d + var el = this._e + + // Mj = 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 + // K = 0x00000000 + // Sj = 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8 + al = fn1(al, bl, cl, dl, el, m[0], 0x00000000, 11); cl = rotl(cl, 10) + el = fn1(el, al, bl, cl, dl, m[1], 0x00000000, 14); bl = rotl(bl, 10) + dl = fn1(dl, el, al, bl, cl, m[2], 0x00000000, 15); al = rotl(al, 10) + cl = fn1(cl, dl, el, al, bl, m[3], 0x00000000, 12); el = rotl(el, 10) + bl = fn1(bl, cl, dl, el, al, m[4], 0x00000000, 5); dl = rotl(dl, 10) + al = fn1(al, bl, cl, dl, el, m[5], 0x00000000, 8); cl = rotl(cl, 10) + el = fn1(el, al, bl, cl, dl, m[6], 0x00000000, 7); bl = rotl(bl, 10) + dl = fn1(dl, el, al, bl, cl, m[7], 0x00000000, 9); al = rotl(al, 10) + cl = fn1(cl, dl, el, al, bl, m[8], 0x00000000, 11); el = rotl(el, 10) + bl = fn1(bl, cl, dl, el, al, m[9], 0x00000000, 13); dl = rotl(dl, 10) + al = fn1(al, bl, cl, dl, el, m[10], 0x00000000, 14); cl = rotl(cl, 10) + el = fn1(el, al, bl, cl, dl, m[11], 0x00000000, 15); bl = rotl(bl, 10) + dl = fn1(dl, el, al, bl, cl, m[12], 0x00000000, 6); al = rotl(al, 10) + cl = fn1(cl, dl, el, al, bl, m[13], 0x00000000, 7); el = rotl(el, 10) + bl = fn1(bl, cl, dl, el, al, m[14], 0x00000000, 9); dl = rotl(dl, 10) + al = fn1(al, bl, cl, dl, el, m[15], 0x00000000, 8); cl = rotl(cl, 10) + + // Mj = 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8 + // K = 0x5a827999 + // Sj = 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12 + el = fn2(el, al, bl, cl, dl, m[7], 0x5a827999, 7); bl = rotl(bl, 10) + dl = fn2(dl, el, al, bl, cl, m[4], 0x5a827999, 6); al = rotl(al, 10) + cl = fn2(cl, dl, el, al, bl, m[13], 0x5a827999, 8); el = rotl(el, 10) + bl = fn2(bl, cl, dl, el, al, m[1], 0x5a827999, 13); dl = rotl(dl, 10) + al = fn2(al, bl, cl, dl, el, m[10], 0x5a827999, 11); cl = rotl(cl, 10) + el = fn2(el, al, bl, cl, dl, m[6], 0x5a827999, 9); bl = rotl(bl, 10) + dl = fn2(dl, el, al, bl, cl, m[15], 0x5a827999, 7); al = rotl(al, 10) + cl = fn2(cl, dl, el, al, bl, m[3], 0x5a827999, 15); el = rotl(el, 10) + bl = fn2(bl, cl, dl, el, al, m[12], 0x5a827999, 7); dl = rotl(dl, 10) + al = fn2(al, bl, cl, dl, el, m[0], 0x5a827999, 12); cl = rotl(cl, 10) + el = fn2(el, al, bl, cl, dl, m[9], 0x5a827999, 15); bl = rotl(bl, 10) + dl = fn2(dl, el, al, bl, cl, m[5], 0x5a827999, 9); al = rotl(al, 10) + cl = fn2(cl, dl, el, al, bl, m[2], 0x5a827999, 11); el = rotl(el, 10) + bl = fn2(bl, cl, dl, el, al, m[14], 0x5a827999, 7); dl = rotl(dl, 10) + al = fn2(al, bl, cl, dl, el, m[11], 0x5a827999, 13); cl = rotl(cl, 10) + el = fn2(el, al, bl, cl, dl, m[8], 0x5a827999, 12); bl = rotl(bl, 10) + + // Mj = 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12 + // K = 0x6ed9eba1 + // Sj = 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5 + dl = fn3(dl, el, al, bl, cl, m[3], 0x6ed9eba1, 11); al = rotl(al, 10) + cl = fn3(cl, dl, el, al, bl, m[10], 0x6ed9eba1, 13); el = rotl(el, 10) + bl = fn3(bl, cl, dl, el, al, m[14], 0x6ed9eba1, 6); dl = rotl(dl, 10) + al = fn3(al, bl, cl, dl, el, m[4], 0x6ed9eba1, 7); cl = rotl(cl, 10) + el = fn3(el, al, bl, cl, dl, m[9], 0x6ed9eba1, 14); bl = rotl(bl, 10) + dl = fn3(dl, el, al, bl, cl, m[15], 0x6ed9eba1, 9); al = rotl(al, 10) + cl = fn3(cl, dl, el, al, bl, m[8], 0x6ed9eba1, 13); el = rotl(el, 10) + bl = fn3(bl, cl, dl, el, al, m[1], 0x6ed9eba1, 15); dl = rotl(dl, 10) + al = fn3(al, bl, cl, dl, el, m[2], 0x6ed9eba1, 14); cl = rotl(cl, 10) + el = fn3(el, al, bl, cl, dl, m[7], 0x6ed9eba1, 8); bl = rotl(bl, 10) + dl = fn3(dl, el, al, bl, cl, m[0], 0x6ed9eba1, 13); al = rotl(al, 10) + cl = fn3(cl, dl, el, al, bl, m[6], 0x6ed9eba1, 6); el = rotl(el, 10) + bl = fn3(bl, cl, dl, el, al, m[13], 0x6ed9eba1, 5); dl = rotl(dl, 10) + al = fn3(al, bl, cl, dl, el, m[11], 0x6ed9eba1, 12); cl = rotl(cl, 10) + el = fn3(el, al, bl, cl, dl, m[5], 0x6ed9eba1, 7); bl = rotl(bl, 10) + dl = fn3(dl, el, al, bl, cl, m[12], 0x6ed9eba1, 5); al = rotl(al, 10) + + // Mj = 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2 + // K = 0x8f1bbcdc + // Sj = 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12 + cl = fn4(cl, dl, el, al, bl, m[1], 0x8f1bbcdc, 11); el = rotl(el, 10) + bl = fn4(bl, cl, dl, el, al, m[9], 0x8f1bbcdc, 12); dl = rotl(dl, 10) + al = fn4(al, bl, cl, dl, el, m[11], 0x8f1bbcdc, 14); cl = rotl(cl, 10) + el = fn4(el, al, bl, cl, dl, m[10], 0x8f1bbcdc, 15); bl = rotl(bl, 10) + dl = fn4(dl, el, al, bl, cl, m[0], 0x8f1bbcdc, 14); al = rotl(al, 10) + cl = fn4(cl, dl, el, al, bl, m[8], 0x8f1bbcdc, 15); el = rotl(el, 10) + bl = fn4(bl, cl, dl, el, al, m[12], 0x8f1bbcdc, 9); dl = rotl(dl, 10) + al = fn4(al, bl, cl, dl, el, m[4], 0x8f1bbcdc, 8); cl = rotl(cl, 10) + el = fn4(el, al, bl, cl, dl, m[13], 0x8f1bbcdc, 9); bl = rotl(bl, 10) + dl = fn4(dl, el, al, bl, cl, m[3], 0x8f1bbcdc, 14); al = rotl(al, 10) + cl = fn4(cl, dl, el, al, bl, m[7], 0x8f1bbcdc, 5); el = rotl(el, 10) + bl = fn4(bl, cl, dl, el, al, m[15], 0x8f1bbcdc, 6); dl = rotl(dl, 10) + al = fn4(al, bl, cl, dl, el, m[14], 0x8f1bbcdc, 8); cl = rotl(cl, 10) + el = fn4(el, al, bl, cl, dl, m[5], 0x8f1bbcdc, 6); bl = rotl(bl, 10) + dl = fn4(dl, el, al, bl, cl, m[6], 0x8f1bbcdc, 5); al = rotl(al, 10) + cl = fn4(cl, dl, el, al, bl, m[2], 0x8f1bbcdc, 12); el = rotl(el, 10) + + // Mj = 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13 + // K = 0xa953fd4e + // Sj = 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 + bl = fn5(bl, cl, dl, el, al, m[4], 0xa953fd4e, 9); dl = rotl(dl, 10) + al = fn5(al, bl, cl, dl, el, m[0], 0xa953fd4e, 15); cl = rotl(cl, 10) + el = fn5(el, al, bl, cl, dl, m[5], 0xa953fd4e, 5); bl = rotl(bl, 10) + dl = fn5(dl, el, al, bl, cl, m[9], 0xa953fd4e, 11); al = rotl(al, 10) + cl = fn5(cl, dl, el, al, bl, m[7], 0xa953fd4e, 6); el = rotl(el, 10) + bl = fn5(bl, cl, dl, el, al, m[12], 0xa953fd4e, 8); dl = rotl(dl, 10) + al = fn5(al, bl, cl, dl, el, m[2], 0xa953fd4e, 13); cl = rotl(cl, 10) + el = fn5(el, al, bl, cl, dl, m[10], 0xa953fd4e, 12); bl = rotl(bl, 10) + dl = fn5(dl, el, al, bl, cl, m[14], 0xa953fd4e, 5); al = rotl(al, 10) + cl = fn5(cl, dl, el, al, bl, m[1], 0xa953fd4e, 12); el = rotl(el, 10) + bl = fn5(bl, cl, dl, el, al, m[3], 0xa953fd4e, 13); dl = rotl(dl, 10) + al = fn5(al, bl, cl, dl, el, m[8], 0xa953fd4e, 14); cl = rotl(cl, 10) + el = fn5(el, al, bl, cl, dl, m[11], 0xa953fd4e, 11); bl = rotl(bl, 10) + dl = fn5(dl, el, al, bl, cl, m[6], 0xa953fd4e, 8); al = rotl(al, 10) + cl = fn5(cl, dl, el, al, bl, m[15], 0xa953fd4e, 5); el = rotl(el, 10) + bl = fn5(bl, cl, dl, el, al, m[13], 0xa953fd4e, 6); dl = rotl(dl, 10) + + var ar = this._a + var br = this._b + var cr = this._c + var dr = this._d + var er = this._e + + // M'j = 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12 + // K' = 0x50a28be6 + // S'j = 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6 + ar = fn5(ar, br, cr, dr, er, m[5], 0x50a28be6, 8); cr = rotl(cr, 10) + er = fn5(er, ar, br, cr, dr, m[14], 0x50a28be6, 9); br = rotl(br, 10) + dr = fn5(dr, er, ar, br, cr, m[7], 0x50a28be6, 9); ar = rotl(ar, 10) + cr = fn5(cr, dr, er, ar, br, m[0], 0x50a28be6, 11); er = rotl(er, 10) + br = fn5(br, cr, dr, er, ar, m[9], 0x50a28be6, 13); dr = rotl(dr, 10) + ar = fn5(ar, br, cr, dr, er, m[2], 0x50a28be6, 15); cr = rotl(cr, 10) + er = fn5(er, ar, br, cr, dr, m[11], 0x50a28be6, 15); br = rotl(br, 10) + dr = fn5(dr, er, ar, br, cr, m[4], 0x50a28be6, 5); ar = rotl(ar, 10) + cr = fn5(cr, dr, er, ar, br, m[13], 0x50a28be6, 7); er = rotl(er, 10) + br = fn5(br, cr, dr, er, ar, m[6], 0x50a28be6, 7); dr = rotl(dr, 10) + ar = fn5(ar, br, cr, dr, er, m[15], 0x50a28be6, 8); cr = rotl(cr, 10) + er = fn5(er, ar, br, cr, dr, m[8], 0x50a28be6, 11); br = rotl(br, 10) + dr = fn5(dr, er, ar, br, cr, m[1], 0x50a28be6, 14); ar = rotl(ar, 10) + cr = fn5(cr, dr, er, ar, br, m[10], 0x50a28be6, 14); er = rotl(er, 10) + br = fn5(br, cr, dr, er, ar, m[3], 0x50a28be6, 12); dr = rotl(dr, 10) + ar = fn5(ar, br, cr, dr, er, m[12], 0x50a28be6, 6); cr = rotl(cr, 10) + + // M'j = 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2 + // K' = 0x5c4dd124 + // S'j = 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11 + er = fn4(er, ar, br, cr, dr, m[6], 0x5c4dd124, 9); br = rotl(br, 10) + dr = fn4(dr, er, ar, br, cr, m[11], 0x5c4dd124, 13); ar = rotl(ar, 10) + cr = fn4(cr, dr, er, ar, br, m[3], 0x5c4dd124, 15); er = rotl(er, 10) + br = fn4(br, cr, dr, er, ar, m[7], 0x5c4dd124, 7); dr = rotl(dr, 10) + ar = fn4(ar, br, cr, dr, er, m[0], 0x5c4dd124, 12); cr = rotl(cr, 10) + er = fn4(er, ar, br, cr, dr, m[13], 0x5c4dd124, 8); br = rotl(br, 10) + dr = fn4(dr, er, ar, br, cr, m[5], 0x5c4dd124, 9); ar = rotl(ar, 10) + cr = fn4(cr, dr, er, ar, br, m[10], 0x5c4dd124, 11); er = rotl(er, 10) + br = fn4(br, cr, dr, er, ar, m[14], 0x5c4dd124, 7); dr = rotl(dr, 10) + ar = fn4(ar, br, cr, dr, er, m[15], 0x5c4dd124, 7); cr = rotl(cr, 10) + er = fn4(er, ar, br, cr, dr, m[8], 0x5c4dd124, 12); br = rotl(br, 10) + dr = fn4(dr, er, ar, br, cr, m[12], 0x5c4dd124, 7); ar = rotl(ar, 10) + cr = fn4(cr, dr, er, ar, br, m[4], 0x5c4dd124, 6); er = rotl(er, 10) + br = fn4(br, cr, dr, er, ar, m[9], 0x5c4dd124, 15); dr = rotl(dr, 10) + ar = fn4(ar, br, cr, dr, er, m[1], 0x5c4dd124, 13); cr = rotl(cr, 10) + er = fn4(er, ar, br, cr, dr, m[2], 0x5c4dd124, 11); br = rotl(br, 10) + + // M'j = 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13 + // K' = 0x6d703ef3 + // S'j = 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5 + dr = fn3(dr, er, ar, br, cr, m[15], 0x6d703ef3, 9); ar = rotl(ar, 10) + cr = fn3(cr, dr, er, ar, br, m[5], 0x6d703ef3, 7); er = rotl(er, 10) + br = fn3(br, cr, dr, er, ar, m[1], 0x6d703ef3, 15); dr = rotl(dr, 10) + ar = fn3(ar, br, cr, dr, er, m[3], 0x6d703ef3, 11); cr = rotl(cr, 10) + er = fn3(er, ar, br, cr, dr, m[7], 0x6d703ef3, 8); br = rotl(br, 10) + dr = fn3(dr, er, ar, br, cr, m[14], 0x6d703ef3, 6); ar = rotl(ar, 10) + cr = fn3(cr, dr, er, ar, br, m[6], 0x6d703ef3, 6); er = rotl(er, 10) + br = fn3(br, cr, dr, er, ar, m[9], 0x6d703ef3, 14); dr = rotl(dr, 10) + ar = fn3(ar, br, cr, dr, er, m[11], 0x6d703ef3, 12); cr = rotl(cr, 10) + er = fn3(er, ar, br, cr, dr, m[8], 0x6d703ef3, 13); br = rotl(br, 10) + dr = fn3(dr, er, ar, br, cr, m[12], 0x6d703ef3, 5); ar = rotl(ar, 10) + cr = fn3(cr, dr, er, ar, br, m[2], 0x6d703ef3, 14); er = rotl(er, 10) + br = fn3(br, cr, dr, er, ar, m[10], 0x6d703ef3, 13); dr = rotl(dr, 10) + ar = fn3(ar, br, cr, dr, er, m[0], 0x6d703ef3, 13); cr = rotl(cr, 10) + er = fn3(er, ar, br, cr, dr, m[4], 0x6d703ef3, 7); br = rotl(br, 10) + dr = fn3(dr, er, ar, br, cr, m[13], 0x6d703ef3, 5); ar = rotl(ar, 10) + + // M'j = 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14 + // K' = 0x7a6d76e9 + // S'j = 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8 + cr = fn2(cr, dr, er, ar, br, m[8], 0x7a6d76e9, 15); er = rotl(er, 10) + br = fn2(br, cr, dr, er, ar, m[6], 0x7a6d76e9, 5); dr = rotl(dr, 10) + ar = fn2(ar, br, cr, dr, er, m[4], 0x7a6d76e9, 8); cr = rotl(cr, 10) + er = fn2(er, ar, br, cr, dr, m[1], 0x7a6d76e9, 11); br = rotl(br, 10) + dr = fn2(dr, er, ar, br, cr, m[3], 0x7a6d76e9, 14); ar = rotl(ar, 10) + cr = fn2(cr, dr, er, ar, br, m[11], 0x7a6d76e9, 14); er = rotl(er, 10) + br = fn2(br, cr, dr, er, ar, m[15], 0x7a6d76e9, 6); dr = rotl(dr, 10) + ar = fn2(ar, br, cr, dr, er, m[0], 0x7a6d76e9, 14); cr = rotl(cr, 10) + er = fn2(er, ar, br, cr, dr, m[5], 0x7a6d76e9, 6); br = rotl(br, 10) + dr = fn2(dr, er, ar, br, cr, m[12], 0x7a6d76e9, 9); ar = rotl(ar, 10) + cr = fn2(cr, dr, er, ar, br, m[2], 0x7a6d76e9, 12); er = rotl(er, 10) + br = fn2(br, cr, dr, er, ar, m[13], 0x7a6d76e9, 9); dr = rotl(dr, 10) + ar = fn2(ar, br, cr, dr, er, m[9], 0x7a6d76e9, 12); cr = rotl(cr, 10) + er = fn2(er, ar, br, cr, dr, m[7], 0x7a6d76e9, 5); br = rotl(br, 10) + dr = fn2(dr, er, ar, br, cr, m[10], 0x7a6d76e9, 15); ar = rotl(ar, 10) + cr = fn2(cr, dr, er, ar, br, m[14], 0x7a6d76e9, 8); er = rotl(er, 10) + + // M'j = 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 + // K' = 0x00000000 + // S'j = 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 + br = fn1(br, cr, dr, er, ar, m[12], 0x00000000, 8); dr = rotl(dr, 10) + ar = fn1(ar, br, cr, dr, er, m[15], 0x00000000, 5); cr = rotl(cr, 10) + er = fn1(er, ar, br, cr, dr, m[10], 0x00000000, 12); br = rotl(br, 10) + dr = fn1(dr, er, ar, br, cr, m[4], 0x00000000, 9); ar = rotl(ar, 10) + cr = fn1(cr, dr, er, ar, br, m[1], 0x00000000, 12); er = rotl(er, 10) + br = fn1(br, cr, dr, er, ar, m[5], 0x00000000, 5); dr = rotl(dr, 10) + ar = fn1(ar, br, cr, dr, er, m[8], 0x00000000, 14); cr = rotl(cr, 10) + er = fn1(er, ar, br, cr, dr, m[7], 0x00000000, 6); br = rotl(br, 10) + dr = fn1(dr, er, ar, br, cr, m[6], 0x00000000, 8); ar = rotl(ar, 10) + cr = fn1(cr, dr, er, ar, br, m[2], 0x00000000, 13); er = rotl(er, 10) + br = fn1(br, cr, dr, er, ar, m[13], 0x00000000, 6); dr = rotl(dr, 10) + ar = fn1(ar, br, cr, dr, er, m[14], 0x00000000, 5); cr = rotl(cr, 10) + er = fn1(er, ar, br, cr, dr, m[0], 0x00000000, 15); br = rotl(br, 10) + dr = fn1(dr, er, ar, br, cr, m[3], 0x00000000, 13); ar = rotl(ar, 10) + cr = fn1(cr, dr, er, ar, br, m[9], 0x00000000, 11); er = rotl(er, 10) + br = fn1(br, cr, dr, er, ar, m[11], 0x00000000, 11); dr = rotl(dr, 10) + + // change state + var t = (this._b + cl + dr) | 0 + this._b = (this._c + dl + er) | 0 + this._c = (this._d + el + ar) | 0 + this._d = (this._e + al + br) | 0 + this._e = (this._a + bl + cr) | 0 + this._a = t +} + +RIPEMD160.prototype._digest = function () { + // create padding and handle blocks + this._block[this._blockOffset++] = 0x80 + if (this._blockOffset > 56) { + this._block.fill(0, this._blockOffset, 64) + this._update() + this._blockOffset = 0 + } + + this._block.fill(0, this._blockOffset, 56) + this._block.writeUInt32LE(this._length[0], 56) + this._block.writeUInt32LE(this._length[1], 60) + this._update() + + // produce result + var buffer = new Buffer(20) + buffer.writeInt32LE(this._a, 0) + buffer.writeInt32LE(this._b, 4) + buffer.writeInt32LE(this._c, 8) + buffer.writeInt32LE(this._d, 12) + buffer.writeInt32LE(this._e, 16) + return buffer +} + +function rotl (x, n) { + return (x << n) | (x >>> (32 - n)) +} + +function fn1 (a, b, c, d, e, m, k, s) { + return (rotl((a + (b ^ c ^ d) + m + k) | 0, s) + e) | 0 +} + +function fn2 (a, b, c, d, e, m, k, s) { + return (rotl((a + ((b & c) | ((~b) & d)) + m + k) | 0, s) + e) | 0 +} + +function fn3 (a, b, c, d, e, m, k, s) { + return (rotl((a + ((b | (~c)) ^ d) + m + k) | 0, s) + e) | 0 +} + +function fn4 (a, b, c, d, e, m, k, s) { + return (rotl((a + ((b & d) | (c & (~d))) + m + k) | 0, s) + e) | 0 +} + +function fn5 (a, b, c, d, e, m, k, s) { + return (rotl((a + (b ^ (c | (~d))) + m + k) | 0, s) + e) | 0 +} + +module.exports = RIPEMD160 + +}).call(this,require("buffer").Buffer) +},{"buffer":4,"hash-base":92,"inherits":93}],98:[function(require,module,exports){ +arguments[4][26][0].apply(exports,arguments) +},{"buffer":4,"dup":26}],99:[function(require,module,exports){ +(function (Buffer){ +// prototype class for hash functions +function Hash (blockSize, finalSize) { + this._block = new Buffer(blockSize) + this._finalSize = finalSize + this._blockSize = blockSize + this._len = 0 + this._s = 0 +} + +Hash.prototype.update = function (data, enc) { + if (typeof data === 'string') { + enc = enc || 'utf8' + data = new Buffer(data, enc) + } + + var l = this._len += data.length + var s = this._s || 0 + var f = 0 + var buffer = this._block + + while (s < l) { + var t = Math.min(data.length, f + this._blockSize - (s % this._blockSize)) + var ch = (t - f) + + for (var i = 0; i < ch; i++) { + buffer[(s % this._blockSize) + i] = data[i + f] + } + + s += ch + f += ch + + if ((s % this._blockSize) === 0) { + this._update(buffer) + } + } + this._s = s + + return this +} + +Hash.prototype.digest = function (enc) { + // Suppose the length of the message M, in bits, is l + var l = this._len * 8 + + // Append the bit 1 to the end of the message + this._block[this._len % this._blockSize] = 0x80 + + // and then k zero bits, where k is the smallest non-negative solution to the equation (l + 1 + k) === finalSize mod blockSize + this._block.fill(0, this._len % this._blockSize + 1) + + if (l % (this._blockSize * 8) >= this._finalSize * 8) { + this._update(this._block) + this._block.fill(0) + } + + // to this append the block which is equal to the number l written in binary + // TODO: handle case where l is > Math.pow(2, 29) + this._block.writeInt32BE(l, this._blockSize - 4) + + var hash = this._update(this._block) || this._hash() + + return enc ? hash.toString(enc) : hash +} + +Hash.prototype._update = function () { + throw new Error('_update must be implemented by subclass') +} + +module.exports = Hash + +}).call(this,require("buffer").Buffer) +},{"buffer":4}],100:[function(require,module,exports){ +var exports = module.exports = function SHA (algorithm) { + algorithm = algorithm.toLowerCase() + + var Algorithm = exports[algorithm] + if (!Algorithm) throw new Error(algorithm + ' is not supported (we accept pull requests)') + + return new Algorithm() +} + +exports.sha = require('./sha') +exports.sha1 = require('./sha1') +exports.sha224 = require('./sha224') +exports.sha256 = require('./sha256') +exports.sha384 = require('./sha384') +exports.sha512 = require('./sha512') + +},{"./sha":101,"./sha1":102,"./sha224":103,"./sha256":104,"./sha384":105,"./sha512":106}],101:[function(require,module,exports){ +(function (Buffer){ +/* + * A JavaScript implementation of the Secure Hash Algorithm, SHA-0, as defined + * in FIPS PUB 180-1 + * This source code is derived from sha1.js of the same repository. + * The difference between SHA-0 and SHA-1 is just a bitwise rotate left + * operation was added. + */ + +var inherits = require('inherits') +var Hash = require('./hash') + +var K = [ + 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc | 0, 0xca62c1d6 | 0 +] + +var W = new Array(80) + +function Sha () { + this.init() + this._w = W + + Hash.call(this, 64, 56) +} + +inherits(Sha, Hash) + +Sha.prototype.init = function () { + this._a = 0x67452301 + this._b = 0xefcdab89 + this._c = 0x98badcfe + this._d = 0x10325476 + this._e = 0xc3d2e1f0 + + return this +} + +function rotl5 (num) { + return (num << 5) | (num >>> 27) +} + +function rotl30 (num) { + return (num << 30) | (num >>> 2) +} + +function ft (s, b, c, d) { + if (s === 0) return (b & c) | ((~b) & d) + if (s === 2) return (b & c) | (b & d) | (c & d) + return b ^ c ^ d +} + +Sha.prototype._update = function (M) { + var W = this._w + + var a = this._a | 0 + var b = this._b | 0 + var c = this._c | 0 + var d = this._d | 0 + var e = this._e | 0 + + for (var i = 0; i < 16; ++i) W[i] = M.readInt32BE(i * 4) + for (; i < 80; ++i) W[i] = W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16] + + for (var j = 0; j < 80; ++j) { + var s = ~~(j / 20) + var t = (rotl5(a) + ft(s, b, c, d) + e + W[j] + K[s]) | 0 + + e = d + d = c + c = rotl30(b) + b = a + a = t + } + + this._a = (a + this._a) | 0 + this._b = (b + this._b) | 0 + this._c = (c + this._c) | 0 + this._d = (d + this._d) | 0 + this._e = (e + this._e) | 0 +} + +Sha.prototype._hash = function () { + var H = new Buffer(20) + + H.writeInt32BE(this._a | 0, 0) + H.writeInt32BE(this._b | 0, 4) + H.writeInt32BE(this._c | 0, 8) + H.writeInt32BE(this._d | 0, 12) + H.writeInt32BE(this._e | 0, 16) + + return H +} + +module.exports = Sha + +}).call(this,require("buffer").Buffer) +},{"./hash":99,"buffer":4,"inherits":93}],102:[function(require,module,exports){ +(function (Buffer){ +/* + * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined + * in FIPS PUB 180-1 + * Version 2.1a Copyright Paul Johnston 2000 - 2002. + * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet + * Distributed under the BSD License + * See http://pajhome.org.uk/crypt/md5 for details. + */ + +var inherits = require('inherits') +var Hash = require('./hash') + +var K = [ + 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc | 0, 0xca62c1d6 | 0 +] + +var W = new Array(80) + +function Sha1 () { + this.init() + this._w = W + + Hash.call(this, 64, 56) +} + +inherits(Sha1, Hash) + +Sha1.prototype.init = function () { + this._a = 0x67452301 + this._b = 0xefcdab89 + this._c = 0x98badcfe + this._d = 0x10325476 + this._e = 0xc3d2e1f0 + + return this +} + +function rotl1 (num) { + return (num << 1) | (num >>> 31) +} + +function rotl5 (num) { + return (num << 5) | (num >>> 27) +} + +function rotl30 (num) { + return (num << 30) | (num >>> 2) +} + +function ft (s, b, c, d) { + if (s === 0) return (b & c) | ((~b) & d) + if (s === 2) return (b & c) | (b & d) | (c & d) + return b ^ c ^ d +} + +Sha1.prototype._update = function (M) { + var W = this._w + + var a = this._a | 0 + var b = this._b | 0 + var c = this._c | 0 + var d = this._d | 0 + var e = this._e | 0 + + for (var i = 0; i < 16; ++i) W[i] = M.readInt32BE(i * 4) + for (; i < 80; ++i) W[i] = rotl1(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16]) + + for (var j = 0; j < 80; ++j) { + var s = ~~(j / 20) + var t = (rotl5(a) + ft(s, b, c, d) + e + W[j] + K[s]) | 0 + + e = d + d = c + c = rotl30(b) + b = a + a = t + } + + this._a = (a + this._a) | 0 + this._b = (b + this._b) | 0 + this._c = (c + this._c) | 0 + this._d = (d + this._d) | 0 + this._e = (e + this._e) | 0 +} + +Sha1.prototype._hash = function () { + var H = new Buffer(20) + + H.writeInt32BE(this._a | 0, 0) + H.writeInt32BE(this._b | 0, 4) + H.writeInt32BE(this._c | 0, 8) + H.writeInt32BE(this._d | 0, 12) + H.writeInt32BE(this._e | 0, 16) + + return H +} + +module.exports = Sha1 + +}).call(this,require("buffer").Buffer) +},{"./hash":99,"buffer":4,"inherits":93}],103:[function(require,module,exports){ +(function (Buffer){ +/** + * A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined + * in FIPS 180-2 + * Version 2.2-beta Copyright Angel Marin, Paul Johnston 2000 - 2009. + * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet + * + */ + +var inherits = require('inherits') +var Sha256 = require('./sha256') +var Hash = require('./hash') + +var W = new Array(64) + +function Sha224 () { + this.init() + + this._w = W // new Array(64) + + Hash.call(this, 64, 56) +} + +inherits(Sha224, Sha256) + +Sha224.prototype.init = function () { + this._a = 0xc1059ed8 + this._b = 0x367cd507 + this._c = 0x3070dd17 + this._d = 0xf70e5939 + this._e = 0xffc00b31 + this._f = 0x68581511 + this._g = 0x64f98fa7 + this._h = 0xbefa4fa4 + + return this +} + +Sha224.prototype._hash = function () { + var H = new Buffer(28) + + H.writeInt32BE(this._a, 0) + H.writeInt32BE(this._b, 4) + H.writeInt32BE(this._c, 8) + H.writeInt32BE(this._d, 12) + H.writeInt32BE(this._e, 16) + H.writeInt32BE(this._f, 20) + H.writeInt32BE(this._g, 24) + + return H +} + +module.exports = Sha224 + +}).call(this,require("buffer").Buffer) +},{"./hash":99,"./sha256":104,"buffer":4,"inherits":93}],104:[function(require,module,exports){ +(function (Buffer){ +/** + * A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined + * in FIPS 180-2 + * Version 2.2-beta Copyright Angel Marin, Paul Johnston 2000 - 2009. + * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet + * + */ + +var inherits = require('inherits') +var Hash = require('./hash') + +var K = [ + 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, + 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, + 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, + 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, + 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC, + 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, + 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, + 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967, + 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, + 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, + 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, + 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, + 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, + 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, + 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, + 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2 +] + +var W = new Array(64) + +function Sha256 () { + this.init() + + this._w = W // new Array(64) + + Hash.call(this, 64, 56) +} + +inherits(Sha256, Hash) + +Sha256.prototype.init = function () { + this._a = 0x6a09e667 + this._b = 0xbb67ae85 + this._c = 0x3c6ef372 + this._d = 0xa54ff53a + this._e = 0x510e527f + this._f = 0x9b05688c + this._g = 0x1f83d9ab + this._h = 0x5be0cd19 + + return this +} + +function ch (x, y, z) { + return z ^ (x & (y ^ z)) +} + +function maj (x, y, z) { + return (x & y) | (z & (x | y)) +} + +function sigma0 (x) { + return (x >>> 2 | x << 30) ^ (x >>> 13 | x << 19) ^ (x >>> 22 | x << 10) +} + +function sigma1 (x) { + return (x >>> 6 | x << 26) ^ (x >>> 11 | x << 21) ^ (x >>> 25 | x << 7) +} + +function gamma0 (x) { + return (x >>> 7 | x << 25) ^ (x >>> 18 | x << 14) ^ (x >>> 3) +} + +function gamma1 (x) { + return (x >>> 17 | x << 15) ^ (x >>> 19 | x << 13) ^ (x >>> 10) +} + +Sha256.prototype._update = function (M) { + var W = this._w + + var a = this._a | 0 + var b = this._b | 0 + var c = this._c | 0 + var d = this._d | 0 + var e = this._e | 0 + var f = this._f | 0 + var g = this._g | 0 + var h = this._h | 0 + + for (var i = 0; i < 16; ++i) W[i] = M.readInt32BE(i * 4) + for (; i < 64; ++i) W[i] = (gamma1(W[i - 2]) + W[i - 7] + gamma0(W[i - 15]) + W[i - 16]) | 0 + + for (var j = 0; j < 64; ++j) { + var T1 = (h + sigma1(e) + ch(e, f, g) + K[j] + W[j]) | 0 + var T2 = (sigma0(a) + maj(a, b, c)) | 0 + + h = g + g = f + f = e + e = (d + T1) | 0 + d = c + c = b + b = a + a = (T1 + T2) | 0 + } + + this._a = (a + this._a) | 0 + this._b = (b + this._b) | 0 + this._c = (c + this._c) | 0 + this._d = (d + this._d) | 0 + this._e = (e + this._e) | 0 + this._f = (f + this._f) | 0 + this._g = (g + this._g) | 0 + this._h = (h + this._h) | 0 +} + +Sha256.prototype._hash = function () { + var H = new Buffer(32) + + H.writeInt32BE(this._a, 0) + H.writeInt32BE(this._b, 4) + H.writeInt32BE(this._c, 8) + H.writeInt32BE(this._d, 12) + H.writeInt32BE(this._e, 16) + H.writeInt32BE(this._f, 20) + H.writeInt32BE(this._g, 24) + H.writeInt32BE(this._h, 28) + + return H +} + +module.exports = Sha256 + +}).call(this,require("buffer").Buffer) +},{"./hash":99,"buffer":4,"inherits":93}],105:[function(require,module,exports){ +(function (Buffer){ +var inherits = require('inherits') +var SHA512 = require('./sha512') +var Hash = require('./hash') + +var W = new Array(160) + +function Sha384 () { + this.init() + this._w = W + + Hash.call(this, 128, 112) +} + +inherits(Sha384, SHA512) + +Sha384.prototype.init = function () { + this._ah = 0xcbbb9d5d + this._bh = 0x629a292a + this._ch = 0x9159015a + this._dh = 0x152fecd8 + this._eh = 0x67332667 + this._fh = 0x8eb44a87 + this._gh = 0xdb0c2e0d + this._hh = 0x47b5481d + + this._al = 0xc1059ed8 + this._bl = 0x367cd507 + this._cl = 0x3070dd17 + this._dl = 0xf70e5939 + this._el = 0xffc00b31 + this._fl = 0x68581511 + this._gl = 0x64f98fa7 + this._hl = 0xbefa4fa4 + + return this +} + +Sha384.prototype._hash = function () { + var H = new Buffer(48) + + function writeInt64BE (h, l, offset) { + H.writeInt32BE(h, offset) + H.writeInt32BE(l, offset + 4) + } + + writeInt64BE(this._ah, this._al, 0) + writeInt64BE(this._bh, this._bl, 8) + writeInt64BE(this._ch, this._cl, 16) + writeInt64BE(this._dh, this._dl, 24) + writeInt64BE(this._eh, this._el, 32) + writeInt64BE(this._fh, this._fl, 40) + + return H +} + +module.exports = Sha384 + +}).call(this,require("buffer").Buffer) +},{"./hash":99,"./sha512":106,"buffer":4,"inherits":93}],106:[function(require,module,exports){ +(function (Buffer){ +var inherits = require('inherits') +var Hash = require('./hash') + +var K = [ + 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd, + 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc, + 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019, + 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118, + 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe, + 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2, + 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1, + 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694, + 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3, + 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65, + 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483, + 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5, + 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210, + 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4, + 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725, + 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70, + 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926, + 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df, + 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8, + 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b, + 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001, + 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30, + 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910, + 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8, + 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53, + 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8, + 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb, + 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3, + 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60, + 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec, + 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9, + 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b, + 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207, + 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178, + 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6, + 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b, + 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493, + 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c, + 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a, + 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817 +] + +var W = new Array(160) + +function Sha512 () { + this.init() + this._w = W + + Hash.call(this, 128, 112) +} + +inherits(Sha512, Hash) + +Sha512.prototype.init = function () { + this._ah = 0x6a09e667 + this._bh = 0xbb67ae85 + this._ch = 0x3c6ef372 + this._dh = 0xa54ff53a + this._eh = 0x510e527f + this._fh = 0x9b05688c + this._gh = 0x1f83d9ab + this._hh = 0x5be0cd19 + + this._al = 0xf3bcc908 + this._bl = 0x84caa73b + this._cl = 0xfe94f82b + this._dl = 0x5f1d36f1 + this._el = 0xade682d1 + this._fl = 0x2b3e6c1f + this._gl = 0xfb41bd6b + this._hl = 0x137e2179 + + return this +} + +function Ch (x, y, z) { + return z ^ (x & (y ^ z)) +} + +function maj (x, y, z) { + return (x & y) | (z & (x | y)) +} + +function sigma0 (x, xl) { + return (x >>> 28 | xl << 4) ^ (xl >>> 2 | x << 30) ^ (xl >>> 7 | x << 25) +} + +function sigma1 (x, xl) { + return (x >>> 14 | xl << 18) ^ (x >>> 18 | xl << 14) ^ (xl >>> 9 | x << 23) +} + +function Gamma0 (x, xl) { + return (x >>> 1 | xl << 31) ^ (x >>> 8 | xl << 24) ^ (x >>> 7) +} + +function Gamma0l (x, xl) { + return (x >>> 1 | xl << 31) ^ (x >>> 8 | xl << 24) ^ (x >>> 7 | xl << 25) +} + +function Gamma1 (x, xl) { + return (x >>> 19 | xl << 13) ^ (xl >>> 29 | x << 3) ^ (x >>> 6) +} + +function Gamma1l (x, xl) { + return (x >>> 19 | xl << 13) ^ (xl >>> 29 | x << 3) ^ (x >>> 6 | xl << 26) +} + +function getCarry (a, b) { + return (a >>> 0) < (b >>> 0) ? 1 : 0 +} + +Sha512.prototype._update = function (M) { + var W = this._w + + var ah = this._ah | 0 + var bh = this._bh | 0 + var ch = this._ch | 0 + var dh = this._dh | 0 + var eh = this._eh | 0 + var fh = this._fh | 0 + var gh = this._gh | 0 + var hh = this._hh | 0 + + var al = this._al | 0 + var bl = this._bl | 0 + var cl = this._cl | 0 + var dl = this._dl | 0 + var el = this._el | 0 + var fl = this._fl | 0 + var gl = this._gl | 0 + var hl = this._hl | 0 + + for (var i = 0; i < 32; i += 2) { + W[i] = M.readInt32BE(i * 4) + W[i + 1] = M.readInt32BE(i * 4 + 4) + } + for (; i < 160; i += 2) { + var xh = W[i - 15 * 2] + var xl = W[i - 15 * 2 + 1] + var gamma0 = Gamma0(xh, xl) + var gamma0l = Gamma0l(xl, xh) + + xh = W[i - 2 * 2] + xl = W[i - 2 * 2 + 1] + var gamma1 = Gamma1(xh, xl) + var gamma1l = Gamma1l(xl, xh) + + // W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16] + var Wi7h = W[i - 7 * 2] + var Wi7l = W[i - 7 * 2 + 1] + + var Wi16h = W[i - 16 * 2] + var Wi16l = W[i - 16 * 2 + 1] + + var Wil = (gamma0l + Wi7l) | 0 + var Wih = (gamma0 + Wi7h + getCarry(Wil, gamma0l)) | 0 + Wil = (Wil + gamma1l) | 0 + Wih = (Wih + gamma1 + getCarry(Wil, gamma1l)) | 0 + Wil = (Wil + Wi16l) | 0 + Wih = (Wih + Wi16h + getCarry(Wil, Wi16l)) | 0 + + W[i] = Wih + W[i + 1] = Wil + } + + for (var j = 0; j < 160; j += 2) { + Wih = W[j] + Wil = W[j + 1] + + var majh = maj(ah, bh, ch) + var majl = maj(al, bl, cl) + + var sigma0h = sigma0(ah, al) + var sigma0l = sigma0(al, ah) + var sigma1h = sigma1(eh, el) + var sigma1l = sigma1(el, eh) + + // t1 = h + sigma1 + ch + K[j] + W[j] + var Kih = K[j] + var Kil = K[j + 1] + + var chh = Ch(eh, fh, gh) + var chl = Ch(el, fl, gl) + + var t1l = (hl + sigma1l) | 0 + var t1h = (hh + sigma1h + getCarry(t1l, hl)) | 0 + t1l = (t1l + chl) | 0 + t1h = (t1h + chh + getCarry(t1l, chl)) | 0 + t1l = (t1l + Kil) | 0 + t1h = (t1h + Kih + getCarry(t1l, Kil)) | 0 + t1l = (t1l + Wil) | 0 + t1h = (t1h + Wih + getCarry(t1l, Wil)) | 0 + + // t2 = sigma0 + maj + var t2l = (sigma0l + majl) | 0 + var t2h = (sigma0h + majh + getCarry(t2l, sigma0l)) | 0 + + hh = gh + hl = gl + gh = fh + gl = fl + fh = eh + fl = el + el = (dl + t1l) | 0 + eh = (dh + t1h + getCarry(el, dl)) | 0 + dh = ch + dl = cl + ch = bh + cl = bl + bh = ah + bl = al + al = (t1l + t2l) | 0 + ah = (t1h + t2h + getCarry(al, t1l)) | 0 + } + + this._al = (this._al + al) | 0 + this._bl = (this._bl + bl) | 0 + this._cl = (this._cl + cl) | 0 + this._dl = (this._dl + dl) | 0 + this._el = (this._el + el) | 0 + this._fl = (this._fl + fl) | 0 + this._gl = (this._gl + gl) | 0 + this._hl = (this._hl + hl) | 0 + + this._ah = (this._ah + ah + getCarry(this._al, al)) | 0 + this._bh = (this._bh + bh + getCarry(this._bl, bl)) | 0 + this._ch = (this._ch + ch + getCarry(this._cl, cl)) | 0 + this._dh = (this._dh + dh + getCarry(this._dl, dl)) | 0 + this._eh = (this._eh + eh + getCarry(this._el, el)) | 0 + this._fh = (this._fh + fh + getCarry(this._fl, fl)) | 0 + this._gh = (this._gh + gh + getCarry(this._gl, gl)) | 0 + this._hh = (this._hh + hh + getCarry(this._hl, hl)) | 0 +} + +Sha512.prototype._hash = function () { + var H = new Buffer(64) + + function writeInt64BE (h, l, offset) { + H.writeInt32BE(h, offset) + H.writeInt32BE(l, offset + 4) + } + + writeInt64BE(this._ah, this._al, 0) + writeInt64BE(this._bh, this._bl, 8) + writeInt64BE(this._ch, this._cl, 16) + writeInt64BE(this._dh, this._dl, 24) + writeInt64BE(this._eh, this._el, 32) + writeInt64BE(this._fh, this._fl, 40) + writeInt64BE(this._gh, this._gl, 48) + writeInt64BE(this._hh, this._hl, 56) + + return H +} + +module.exports = Sha512 + +}).call(this,require("buffer").Buffer) +},{"./hash":99,"buffer":4,"inherits":93}],107:[function(require,module,exports){ +var inherits = require('inherits') +var native = require('./native') + +function TfTypeError (type, value, valueTypeName) { + this.__error = Error.call(this) + this.__type = type + this.__value = value + this.__valueTypeName = valueTypeName + + var message + Object.defineProperty(this, 'message', { + enumerable: true, + get: function () { + if (message) return message + + valueTypeName = valueTypeName || getValueTypeName(value) + message = tfErrorString(type, value, valueTypeName) + + return message + } + }) +} + +function TfPropertyTypeError (type, property, label, value, error, valueTypeName) { + this.__error = error || Error.call(this) + this.__label = label + this.__property = property + this.__type = type + this.__value = value + this.__valueTypeName = valueTypeName + + var message + Object.defineProperty(this, 'message', { + enumerable: true, + get: function () { + if (message) return message + if (type) { + valueTypeName = valueTypeName || getValueTypeName(value) + message = tfPropertyErrorString(type, label, property, value, valueTypeName) + } else { + message = 'Unexpected property "' + property + '"' + } + + return message + } + }) +} + +// inherit from Error, assign stack +[TfTypeError, TfPropertyTypeError].forEach(function (tfErrorType) { + inherits(tfErrorType, Error) + Object.defineProperty(tfErrorType, 'stack', { + get: function () { return this.__error.stack } + }) +}) + +function tfCustomError (expected, actual) { + return new TfTypeError(expected, {}, actual) +} + +function tfSubError (e, property, label) { + // sub child? + if (e instanceof TfPropertyTypeError) { + property = property + '.' + e.__property + label = e.__label + + return new TfPropertyTypeError( + e.__type, property, label, e.__value, e.__error, e.__valueTypeName + ) + } + + // child? + if (e instanceof TfTypeError) { + return new TfPropertyTypeError( + e.__type, property, label, e.__value, e.__error, e.__valueTypeName + ) + } + + return e +} + +function getTypeName (fn) { + return fn.name || fn.toString().match(/function (.*?)\s*\(/)[1] +} + +function getValueTypeName (value) { + return native.Nil(value) ? '' : getTypeName(value.constructor) +} + +function getValue (value) { + if (native.Function(value)) return '' + if (native.String(value)) return JSON.stringify(value) + if (value && native.Object(value)) return '' + return value +} + +function tfJSON (type) { + if (native.Function(type)) return type.toJSON ? type.toJSON() : getTypeName(type) + if (native.Array(type)) return 'Array' + if (type && native.Object(type)) return 'Object' + + return type !== undefined ? type : '' +} + +function tfErrorString (type, value, valueTypeName) { + var valueJson = getValue(value) + + return 'Expected ' + tfJSON(type) + ', got' + + (valueTypeName !== '' ? ' ' + valueTypeName : '') + + (valueJson !== '' ? ' ' + valueJson : '') +} + +function tfPropertyErrorString (type, label, name, value, valueTypeName) { + var description = '" of type ' + if (label === 'key') description = '" with key type ' + + return tfErrorString('property "' + tfJSON(name) + description + tfJSON(type), value, valueTypeName) +} + +module.exports = { + TfTypeError: TfTypeError, + TfPropertyTypeError: TfPropertyTypeError, + tfCustomError: tfCustomError, + tfSubError: tfSubError, + tfJSON: tfJSON, + getValueTypeName: getValueTypeName +} + +},{"./native":110,"inherits":93}],108:[function(require,module,exports){ +(function (Buffer){ +var NATIVE = require('./native') +var ERRORS = require('./errors') + +function _Buffer (value) { + return Buffer.isBuffer(value) +} + +function Hex (value) { + return typeof value === 'string' && /^([0-9a-f]{2})+$/i.test(value) +} + +function _LengthN (type, length) { + var name = type.toJSON() + + function Length (value) { + if (!type(value)) return false + if (value.length === length) return true + + throw ERRORS.tfCustomError(name + '(Length: ' + length + ')', name + '(Length: ' + value.length + ')') + } + Length.toJSON = function () { return name } + + return Length +} + +var _ArrayN = _LengthN.bind(null, NATIVE.Array) +var _BufferN = _LengthN.bind(null, _Buffer) +var _HexN = _LengthN.bind(null, Hex) + +var UINT53_MAX = Math.pow(2, 53) - 1 + +function Finite (value) { + return typeof value === 'number' && isFinite(value) +} +function Int8 (value) { return ((value << 24) >> 24) === value } +function Int16 (value) { return ((value << 16) >> 16) === value } +function Int32 (value) { return (value | 0) === value } +function UInt8 (value) { return (value & 0xff) === value } +function UInt16 (value) { return (value & 0xffff) === value } +function UInt32 (value) { return (value >>> 0) === value } +function UInt53 (value) { + return typeof value === 'number' && + value >= 0 && + value <= UINT53_MAX && + Math.floor(value) === value +} + +var types = { + ArrayN: _ArrayN, + Buffer: _Buffer, + BufferN: _BufferN, + Finite: Finite, + Hex: Hex, + HexN: _HexN, + Int8: Int8, + Int16: Int16, + Int32: Int32, + UInt8: UInt8, + UInt16: UInt16, + UInt32: UInt32, + UInt53: UInt53 +} + +for (var typeName in types) { + types[typeName].toJSON = function (t) { + return t + }.bind(null, typeName) +} + +module.exports = types + +}).call(this,{"isBuffer":require("../../../../../.nvm/versions/node/v6.0.0/lib/node_modules/browserify/node_modules/is-buffer/index.js")}) +},{"../../../../../.nvm/versions/node/v6.0.0/lib/node_modules/browserify/node_modules/is-buffer/index.js":9,"./errors":107,"./native":110}],109:[function(require,module,exports){ +var ERRORS = require('./errors') +var NATIVE = require('./native') + +// short-hand +var tfJSON = ERRORS.tfJSON +var TfTypeError = ERRORS.TfTypeError +var TfPropertyTypeError = ERRORS.TfPropertyTypeError +var tfSubError = ERRORS.tfSubError +var getValueTypeName = ERRORS.getValueTypeName + +var TYPES = { + arrayOf: function arrayOf (type) { + type = compile(type) + + function _arrayOf (array, strict) { + if (!NATIVE.Array(array)) return false + + return array.every(function (value, i) { + try { + return typeforce(type, value, strict) + } catch (e) { + throw tfSubError(e, i) + } + }) + } + _arrayOf.toJSON = function () { return '[' + tfJSON(type) + ']' } + + return _arrayOf + }, + + maybe: function maybe (type) { + type = compile(type) + + function _maybe (value, strict) { + return NATIVE.Nil(value) || type(value, strict, maybe) + } + _maybe.toJSON = function () { return '?' + tfJSON(type) } + + return _maybe + }, + + map: function map (propertyType, propertyKeyType) { + propertyType = compile(propertyType) + if (propertyKeyType) propertyKeyType = compile(propertyKeyType) + + function _map (value, strict) { + if (!NATIVE.Object(value, strict)) return false + if (NATIVE.Nil(value, strict)) return false + + for (var propertyName in value) { + try { + if (propertyKeyType) { + typeforce(propertyKeyType, propertyName, strict) + } + } catch (e) { + throw tfSubError(e, propertyName, 'key') + } + + try { + var propertyValue = value[propertyName] + typeforce(propertyType, propertyValue, strict) + } catch (e) { + throw tfSubError(e, propertyName) + } + } + + return true + } + + if (propertyKeyType) { + _map.toJSON = function () { + return '{' + tfJSON(propertyKeyType) + ': ' + tfJSON(propertyType) + '}' + } + } else { + _map.toJSON = function () { return '{' + tfJSON(propertyType) + '}' } + } + + return _map + }, + + object: function object (uncompiled) { + var type = {} + + for (var typePropertyName in uncompiled) { + type[typePropertyName] = compile(uncompiled[typePropertyName]) + } + + function _object (value, strict) { + if (!NATIVE.Object(value)) return false + if (NATIVE.Nil(value)) return false + + var propertyName + + try { + for (propertyName in type) { + var propertyType = type[propertyName] + var propertyValue = value[propertyName] + + typeforce(propertyType, propertyValue, strict) + } + } catch (e) { + throw tfSubError(e, propertyName) + } + + if (strict) { + for (propertyName in value) { + if (type[propertyName]) continue + + throw new TfPropertyTypeError(undefined, propertyName) + } + } + + return true + } + _object.toJSON = function () { return tfJSON(type) } + + return _object + }, + + oneOf: function oneOf () { + var types = [].slice.call(arguments).map(compile) + + function _oneOf (value, strict) { + return types.some(function (type) { + try { + return typeforce(type, value, strict) + } catch (e) { + return false + } + }) + } + _oneOf.toJSON = function () { return types.map(tfJSON).join('|') } + + return _oneOf + }, + + quacksLike: function quacksLike (type) { + function _quacksLike (value) { + return type === getValueTypeName(value) + } + _quacksLike.toJSON = function () { return type } + + return _quacksLike + }, + + tuple: function tuple () { + var types = [].slice.call(arguments).map(compile) + + function _tuple (values, strict) { + return types.every(function (type, i) { + try { + return typeforce(type, values[i], strict) + } catch (e) { + throw tfSubError(e, i) + } + }) && (!strict || values.length === arguments.length) + } + _tuple.toJSON = function () { return '(' + types.map(tfJSON).join(', ') + ')' } + + return _tuple + }, + + value: function value (expected) { + function _value (actual) { + return actual === expected + } + _value.toJSON = function () { return expected } + + return _value + } +} + +function compile (type) { + if (NATIVE.String(type)) { + if (type[0] === '?') return TYPES.maybe(compile(type.slice(1))) + + return NATIVE[type] || TYPES.quacksLike(type) + } else if (type && NATIVE.Object(type)) { + if (NATIVE.Array(type)) return TYPES.arrayOf(compile(type[0])) + + return TYPES.object(type) + } else if (NATIVE.Function(type)) { + return type + } + + return TYPES.value(type) +} + +function typeforce (type, value, strict, surrogate) { + if (NATIVE.Function(type)) { + if (type(value, strict)) return true + + throw new TfTypeError(surrogate || type, value) + } + + // JIT + return typeforce(compile(type), value, strict) +} + +// assign types to typeforce function +for (var typeName in NATIVE) { + typeforce[typeName] = NATIVE[typeName] +} + +for (typeName in TYPES) { + typeforce[typeName] = TYPES[typeName] +} + +var EXTRA = require('./extra') +for (typeName in EXTRA) { + typeforce[typeName] = EXTRA[typeName] +} + +// async wrapper +function __async (type, value, strict, callback) { + // default to falsy strict if using shorthand overload + if (typeof strict === 'function') return __async(type, value, false, strict) + + try { + typeforce(type, value, strict) + } catch (e) { + return callback(e) + } + + callback() +} + +typeforce.async = __async +typeforce.compile = compile +typeforce.TfTypeError = TfTypeError +typeforce.TfPropertyTypeError = TfPropertyTypeError + +module.exports = typeforce + +},{"./errors":107,"./extra":108,"./native":110}],110:[function(require,module,exports){ +var types = { + Array: function (value) { return value !== null && value !== undefined && value.constructor === Array }, + Boolean: function (value) { return typeof value === 'boolean' }, + Function: function (value) { return typeof value === 'function' }, + Nil: function (value) { return value === undefined || value === null }, + Number: function (value) { return typeof value === 'number' }, + Object: function (value) { return typeof value === 'object' }, + String: function (value) { return typeof value === 'string' }, + '': function () { return true } +} + +// TODO: deprecate +types.Null = types.Nil + +for (var typeName in types) { + types[typeName].toJSON = function (t) { + return t + }.bind(null, typeName) +} + +module.exports = types + +},{}],111:[function(require,module,exports){ +(function (Buffer){ +'use strict' + +// Number.MAX_SAFE_INTEGER +var MAX_SAFE_INTEGER = 9007199254740991 + +function checkUInt53 (n) { + if (n < 0 || n > MAX_SAFE_INTEGER || n % 1 !== 0) throw new RangeError('value out of range') +} + +function encode (number, buffer, offset) { + checkUInt53(number) + + if (!buffer) buffer = new Buffer(encodingLength(number)) + if (!Buffer.isBuffer(buffer)) throw new TypeError('buffer must be a Buffer instance') + if (!offset) offset = 0 + + // 8 bit + if (number < 0xfd) { + buffer.writeUInt8(number, offset) + encode.bytes = 1 + + // 16 bit + } else if (number <= 0xffff) { + buffer.writeUInt8(0xfd, offset) + buffer.writeUInt16LE(number, offset + 1) + encode.bytes = 3 + + // 32 bit + } else if (number <= 0xffffffff) { + buffer.writeUInt8(0xfe, offset) + buffer.writeUInt32LE(number, offset + 1) + encode.bytes = 5 + + // 64 bit + } else { + buffer.writeUInt8(0xff, offset) + buffer.writeUInt32LE(number >>> 0, offset + 1) + buffer.writeUInt32LE((number / 0x100000000) | 0, offset + 5) + encode.bytes = 9 + } + + return buffer +} + +function decode (buffer, offset) { + if (!Buffer.isBuffer(buffer)) throw new TypeError('buffer must be a Buffer instance') + if (!offset) offset = 0 + + var first = buffer.readUInt8(offset) + + // 8 bit + if (first < 0xfd) { + decode.bytes = 1 + return first + + // 16 bit + } else if (first === 0xfd) { + decode.bytes = 3 + return buffer.readUInt16LE(offset + 1) + + // 32 bit + } else if (first === 0xfe) { + decode.bytes = 5 + return buffer.readUInt32LE(offset + 1) + + // 64 bit + } else { + decode.bytes = 9 + var lo = buffer.readUInt32LE(offset + 1) + var hi = buffer.readUInt32LE(offset + 5) + var number = hi * 0x0100000000 + lo + checkUInt53(number) + + return number + } +} + +function encodingLength (number) { + checkUInt53(number) + + return ( + number < 0xfd ? 1 + : number <= 0xffff ? 3 + : number <= 0xffffffff ? 5 + : 9 + ) +} + +module.exports = { encode: encode, decode: decode, encodingLength: encodingLength } + +}).call(this,require("buffer").Buffer) +},{"buffer":4}],112:[function(require,module,exports){ +(function (Buffer){ +var bs58check = require('bs58check') + +function decodeRaw (buffer, version) { + // check version only if defined + if (version !== undefined && buffer[0] !== version) throw new Error('Invalid network version') + + // uncompressed + if (buffer.length === 33) { + return { + version: buffer[0], + privateKey: buffer.slice(1, 33), + compressed: false + } + } + + // invalid length + if (buffer.length !== 34) throw new Error('Invalid WIF length') + + // invalid compression flag + if (buffer[33] !== 0x01) throw new Error('Invalid compression flag') + + return { + version: buffer[0], + privateKey: buffer.slice(1, 33), + compressed: true + } +} + +function encodeRaw (version, privateKey, compressed) { + var result = new Buffer(compressed ? 34 : 33) + + result.writeUInt8(version, 0) + privateKey.copy(result, 1) + + if (compressed) { + result[33] = 0x01 + } + + return result +} + +function decode (string, version) { + return decodeRaw(bs58check.decode(string), version) +} + +function encode (version, privateKey, compressed) { + if (typeof version === 'number') return bs58check.encode(encodeRaw(version, privateKey, compressed)) + + return bs58check.encode( + encodeRaw( + version.version, + version.privateKey, + version.compressed + ) + ) +} + +module.exports = { + decode: decode, + decodeRaw: decodeRaw, + encode: encode, + encodeRaw: encodeRaw +} + +}).call(this,require("buffer").Buffer) +},{"bs58check":80,"buffer":4}]},{},[33])(33) +}); + + + + + + + + + + + + + + + + - - + + +