@1money/protocol-ts-sdk 1.0.14

package/es/utils/index.js

@@ -0,0 +1,841 @@
+import {hexToBytes as hexToBytes$1,stringToBytes,keccak256,bytesToHex as bytesToHex$1,numberToHex,stringToHex,boolToHex}from'viem';import {encode}from'@ethereumjs/rlp';/**
+ * Derives the token account address given the wallet address and mint address.
+ *
+ * Address is 20 byte, 160 bits. Let's say if we want to support 50 billion
+ * accounts on 1money. That's about 36 bits. There are 124 bits remaining. In
+ * other words, the collision probability is 1/2^124, which is very very low.
+ * So, we will be fine to just use the hash of the wallet address and mint
+ * address to derive the token account address.
+ *
+ * @param walletAddress - The wallet address (20 bytes)
+ * @param mintAddress - The mint address (20 bytes)
+ * @returns The derived token account address
+ */
+function deriveTokenAddress(walletAddress, mintAddress) {
+    const walletBytes = walletAddress.startsWith('0x')
+        ? hexToBytes$1(walletAddress)
+        : stringToBytes(walletAddress);
+    const mintBytes = mintAddress.startsWith('0x')
+        ? hexToBytes$1(mintAddress)
+        : stringToBytes(mintAddress);
+    const combined = new Uint8Array(walletBytes.length + mintBytes.length);
+    combined.set(walletBytes, 0);
+    combined.set(mintBytes, walletBytes.length);
+    const hashHex = keccak256(combined);
+    const hashBytes = hexToBytes$1(hashHex);
+    const addressBytes = hashBytes.slice(12);
+    return bytesToHex$1(addressBytes);
+}// concurrent
+function safePromiseAll(arr) {
+    // @ts-expect-error
+    if (!arr || !arr.length)
+        return Promise.resolve([]);
+    return Promise.all(arr);
+}
+// serial
+async function safePromiseLine(arr) {
+    if (!arr || !arr.length)
+        return [];
+    const res = [];
+    for (let i = 0; i < arr.length; i++) {
+        try {
+            res.push(await arr[i](i));
+        }
+        catch (e) {
+            // ignore
+        }
+    }
+    return res;
+}function _typeof(ele) {
+    if (typeof ele !== 'object')
+        return (typeof ele).toLowerCase();
+    const typeStr = Object.prototype.toString.call(ele);
+    return typeStr.slice(8, typeStr.length - 1).toLowerCase();
+}/*! noble-secp256k1 - MIT License (c) 2019 Paul Miller (paulmillr.com) */
+/**
+ * 4KB JS implementation of secp256k1 ECDSA / Schnorr signatures & ECDH.
+ * Compliant with RFC6979 & BIP340.
+ * @module
+ */
+/**
+ * Curve params. secp256k1 is short weierstrass / koblitz curve. Equation is y² == x³ + ax + b.
+ * * P = `2n**256n-2n**32n-2n**977n` // field over which calculations are done
+ * * N = `2n**256n - 0x14551231950b75fc4402da1732fc9bebfn` // group order, amount of curve points
+ * * h = `1n` // cofactor
+ * * a = `0n` // equation param
+ * * b = `7n` // equation param
+ * * Gx, Gy are coordinates of Generator / base point
+ */
+const secp256k1_CURVE = {
+    p: 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2fn,
+    n: 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141n,
+    b: 7n,
+    Gx: 0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798n,
+    Gy: 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8n,
+};
+const { p: P, n: N, Gx, Gy, b: _b } = secp256k1_CURVE;
+const L = 32; // field / group byte length
+const L2 = 64;
+// Helpers and Precomputes sections are reused between libraries
+// ## Helpers
+// ----------
+// error helper, messes-up stack trace
+const err = (m = '') => {
+    throw new Error(m);
+};
+const isBig = (n) => typeof n === 'bigint'; // is big integer
+const isStr = (s) => typeof s === 'string'; // is string
+const isBytes = (a) => a instanceof Uint8Array || (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array');
+/** assert is Uint8Array (of specific length) */
+const abytes = (a, l) => !isBytes(a) || (typeof l === 'number' && l > 0 && a.length !== l)
+    ? err('Uint8Array expected')
+    : a;
+/** create Uint8Array */
+const u8n = (len) => new Uint8Array(len);
+const u8fr = (buf) => Uint8Array.from(buf);
+const padh = (n, pad) => n.toString(16).padStart(pad, '0');
+const bytesToHex = (b) => Array.from(abytes(b))
+    .map((e) => padh(e, 2))
+    .join('');
+const C = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 }; // ASCII characters
+const _ch = (ch) => {
+    if (ch >= C._0 && ch <= C._9)
+        return ch - C._0; // '2' => 50-48
+    if (ch >= C.A && ch <= C.F)
+        return ch - (C.A - 10); // 'B' => 66-(65-10)
+    if (ch >= C.a && ch <= C.f)
+        return ch - (C.a - 10); // 'b' => 98-(97-10)
+    return;
+};
+const hexToBytes = (hex) => {
+    const e = 'hex invalid';
+    if (!isStr(hex))
+        return err(e);
+    const hl = hex.length;
+    const al = hl / 2;
+    if (hl % 2)
+        return err(e);
+    const array = u8n(al);
+    for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
+        // treat each char as ASCII
+        const n1 = _ch(hex.charCodeAt(hi)); // parse first char, multiply it by 16
+        const n2 = _ch(hex.charCodeAt(hi + 1)); // parse second char
+        if (n1 === undefined || n2 === undefined)
+            return err(e);
+        array[ai] = n1 * 16 + n2; // example: 'A9' => 10*16 + 9
+    }
+    return array;
+};
+/** normalize hex or ui8a to ui8a */
+const toU8 = (a, len) => abytes(isStr(a) ? hexToBytes(a) : u8fr(abytes(a)), len);
+const cr = () => globalThis?.crypto; // WebCrypto is available in all modern environments
+const subtle = () => cr()?.subtle ?? err('crypto.subtle must be defined');
+// prettier-ignore
+const concatBytes = (...arrs) => {
+    const r = u8n(arrs.reduce((sum, a) => sum + abytes(a).length, 0)); // create u8a of summed length
+    let pad = 0; // walk through each array,
+    arrs.forEach(a => { r.set(a, pad); pad += a.length; }); // ensure they have proper type
+    return r;
+};
+/** WebCrypto OS-level CSPRNG (random number generator). Will throw when not available. */
+const randomBytes = (len = L) => {
+    const c = cr();
+    return c.getRandomValues(u8n(len));
+};
+const big = BigInt;
+const arange = (n, min, max, msg = 'bad number: out of range') => isBig(n) && min <= n && n < max ? n : err(msg);
+/** modular division */
+const M = (a, b = P) => {
+    const r = a % b;
+    return r >= 0n ? r : b + r;
+};
+const modN = (a) => M(a, N);
+/** Modular inversion using eucledian GCD (non-CT). No negative exponent for now. */
+// prettier-ignore
+const invert = (num, md) => {
+    if (num === 0n || md <= 0n)
+        err('no inverse n=' + num + ' mod=' + md);
+    let a = M(num, md), b = md, x = 0n, u = 1n;
+    while (a !== 0n) {
+        const q = b / a, r = b % a;
+        const m = x - u * q;
+        b = a, a = r, x = u, u = m;
+    }
+    return b === 1n ? M(x, md) : err('no inverse'); // b is gcd at this point
+};
+const apoint = (p) => (p instanceof Point ? p : err('Point expected'));
+// ## End of Helpers
+// -----------------
+/** secp256k1 formula. Koblitz curves are subclass of weierstrass curves with a=0, making it x³+b */
+const koblitz = (x) => M(M(x * x) * x + _b);
+/** assert is field element or 0 */
+const afield0 = (n) => arange(n, 0n, P);
+/** assert is field element */
+const afield = (n) => arange(n, 1n, P);
+/** assert is group elem */
+const agroup = (n) => arange(n, 1n, N);
+const isEven = (y) => (y & 1n) === 0n;
+/** create Uint8Array of byte n */
+const u8of = (n) => Uint8Array.of(n);
+const getPrefix = (y) => u8of(isEven(y) ? 0x02 : 0x03);
+/** lift_x from BIP340 calculates square root. Validates x, then validates root*root. */
+const lift_x = (x) => {
+    // Let c = x³ + 7 mod p. Fail if x ≥ p. (also fail if x < 1)
+    const c = koblitz(afield(x));
+    // c = √y
+    // y = c^((p+1)/4) mod p
+    // This formula works for fields p = 3 mod 4 -- a special, fast case.
+    // Paper: "Square Roots from 1;24,51,10 to Dan Shanks".
+    let r = 1n;
+    for (let num = c, e = (P + 1n) / 4n; e > 0n; e >>= 1n) {
+        // powMod: modular exponentiation.
+        if (e & 1n)
+            r = (r * num) % P; // Uses exponentiation by squaring.
+        num = (num * num) % P; // Not constant-time.
+    }
+    return M(r * r) === c ? r : err('sqrt invalid'); // check if result is valid
+};
+/** Point in 3d xyz projective coordinates. 3d takes less inversions than 2d. */
+class Point {
+    static BASE;
+    static ZERO;
+    px;
+    py;
+    pz;
+    constructor(px, py, pz) {
+        this.px = afield0(px);
+        this.py = afield(py); // y can't be 0 in Projective
+        this.pz = afield0(pz);
+        Object.freeze(this);
+    }
+    /** Convert Uint8Array or hex string to Point. */
+    static fromBytes(bytes) {
+        abytes(bytes);
+        let p = undefined;
+        // First byte is prefix, rest is data. There are 2 kinds: compressed & uncompressed:
+        // * [0x02 or 0x03][32-byte x coordinate]
+        // * [0x04]        [32-byte x coordinate][32-byte y coordinate]
+        const head = bytes[0];
+        const tail = bytes.subarray(1);
+        const x = sliceBytesNumBE(tail, 0, L);
+        const len = bytes.length;
+        // Compressed 33-byte point, 0x02 or 0x03 prefix
+        if (len === L + 1 && [0x02, 0x03].includes(head)) {
+            // Equation is y² == x³ + ax + b. We calculate y from x.
+            // y = √y²; there are two solutions: y, -y. Determine proper solution based on prefix
+            let y = lift_x(x);
+            const evenY = isEven(y);
+            const evenH = isEven(big(head));
+            if (evenH !== evenY)
+                y = M(-y);
+            p = new Point(x, y, 1n);
+        }
+        // Uncompressed 65-byte point, 0x04 prefix
+        if (len === L2 + 1 && head === 0x04)
+            p = new Point(x, sliceBytesNumBE(tail, L, L2), 1n);
+        // Validate point
+        return p ? p.assertValidity() : err('bad point: not on curve');
+    }
+    /** Equality check: compare points P&Q. */
+    equals(other) {
+        const { px: X1, py: Y1, pz: Z1 } = this;
+        const { px: X2, py: Y2, pz: Z2 } = apoint(other); // checks class equality
+        const X1Z2 = M(X1 * Z2);
+        const X2Z1 = M(X2 * Z1);
+        const Y1Z2 = M(Y1 * Z2);
+        const Y2Z1 = M(Y2 * Z1);
+        return X1Z2 === X2Z1 && Y1Z2 === Y2Z1;
+    }
+    is0() {
+        return this.equals(I);
+    }
+    /** Flip point over y coordinate. */
+    negate() {
+        return new Point(this.px, M(-this.py), this.pz);
+    }
+    /** Point doubling: P+P, complete formula. */
+    double() {
+        return this.add(this);
+    }
+    /**
+     * Point addition: P+Q, complete, exception-free formula
+     * (Renes-Costello-Batina, algo 1 of [2015/1060](https://eprint.iacr.org/2015/1060)).
+     * Cost: `12M + 0S + 3*a + 3*b3 + 23add`.
+     */
+    // prettier-ignore
+    add(other) {
+        const { px: X1, py: Y1, pz: Z1 } = this;
+        const { px: X2, py: Y2, pz: Z2 } = apoint(other);
+        const a = 0n;
+        const b = _b;
+        let X3 = 0n, Y3 = 0n, Z3 = 0n;
+        const b3 = M(b * 3n);
+        let t0 = M(X1 * X2), t1 = M(Y1 * Y2), t2 = M(Z1 * Z2), t3 = M(X1 + Y1); // step 1
+        let t4 = M(X2 + Y2); // step 5
+        t3 = M(t3 * t4);
+        t4 = M(t0 + t1);
+        t3 = M(t3 - t4);
+        t4 = M(X1 + Z1);
+        let t5 = M(X2 + Z2); // step 10
+        t4 = M(t4 * t5);
+        t5 = M(t0 + t2);
+        t4 = M(t4 - t5);
+        t5 = M(Y1 + Z1);
+        X3 = M(Y2 + Z2); // step 15
+        t5 = M(t5 * X3);
+        X3 = M(t1 + t2);
+        t5 = M(t5 - X3);
+        Z3 = M(a * t4);
+        X3 = M(b3 * t2); // step 20
+        Z3 = M(X3 + Z3);
+        X3 = M(t1 - Z3);
+        Z3 = M(t1 + Z3);
+        Y3 = M(X3 * Z3);
+        t1 = M(t0 + t0); // step 25
+        t1 = M(t1 + t0);
+        t2 = M(a * t2);
+        t4 = M(b3 * t4);
+        t1 = M(t1 + t2);
+        t2 = M(t0 - t2); // step 30
+        t2 = M(a * t2);
+        t4 = M(t4 + t2);
+        t0 = M(t1 * t4);
+        Y3 = M(Y3 + t0);
+        t0 = M(t5 * t4); // step 35
+        X3 = M(t3 * X3);
+        X3 = M(X3 - t0);
+        t0 = M(t3 * t1);
+        Z3 = M(t5 * Z3);
+        Z3 = M(Z3 + t0); // step 40
+        return new Point(X3, Y3, Z3);
+    }
+    /**
+     * Point-by-scalar multiplication. Scalar must be in range 1 <= n < CURVE.n.
+     * Uses {@link wNAF} for base point.
+     * Uses fake point to mitigate side-channel leakage.
+     * @param n scalar by which point is multiplied
+     * @param safe safe mode guards against timing attacks; unsafe mode is faster
+     */
+    multiply(n, safe = true) {
+        if (!safe && n === 0n)
+            return I;
+        agroup(n);
+        if (n === 1n)
+            return this;
+        if (this.equals(G))
+            return wNAF(n).p;
+        // init result point & fake point
+        let p = I;
+        let f = G;
+        for (let d = this; n > 0n; d = d.double(), n >>= 1n) {
+            // if bit is present, add to point
+            // if not present, add to fake, for timing safety
+            if (n & 1n)
+                p = p.add(d);
+            else if (safe)
+                f = f.add(d);
+        }
+        return p;
+    }
+    /** Convert point to 2d xy affine point. (X, Y, Z) ∋ (x=X/Z, y=Y/Z) */
+    toAffine() {
+        const { px: x, py: y, pz: z } = this;
+        // fast-paths for ZERO point OR Z=1
+        if (this.equals(I))
+            return { x: 0n, y: 0n };
+        if (z === 1n)
+            return { x, y };
+        const iz = invert(z, P);
+        // (Z * Z^-1) must be 1, otherwise bad math
+        if (M(z * iz) !== 1n)
+            err('inverse invalid');
+        // x = X*Z^-1; y = Y*Z^-1
+        return { x: M(x * iz), y: M(y * iz) };
+    }
+    /** Checks if the point is valid and on-curve. */
+    assertValidity() {
+        const { x, y } = this.toAffine(); // convert to 2d xy affine point.
+        afield(x); // must be in range 1 <= x,y < P
+        afield(y);
+        // y² == x³ + ax + b, equation sides must be equal
+        return M(y * y) === koblitz(x) ? this : err('bad point: not on curve');
+    }
+    /** Converts point to 33/65-byte Uint8Array. */
+    toBytes(isCompressed = true) {
+        const { x, y } = this.assertValidity().toAffine();
+        const x32b = numTo32b(x);
+        if (isCompressed)
+            return concatBytes(getPrefix(y), x32b);
+        return concatBytes(u8of(0x04), x32b, numTo32b(y));
+    }
+    /** Create 3d xyz point from 2d xy. (0, 0) => (0, 1, 0), not (0, 0, 1) */
+    static fromAffine(ap) {
+        const { x, y } = ap;
+        return x === 0n && y === 0n ? I : new Point(x, y, 1n);
+    }
+    toHex(isCompressed) {
+        return bytesToHex(this.toBytes(isCompressed));
+    }
+    static fromPrivateKey(k) {
+        return G.multiply(toPrivScalar(k));
+    }
+    static fromHex(hex) {
+        return Point.fromBytes(toU8(hex));
+    }
+    get x() {
+        return this.toAffine().x;
+    }
+    get y() {
+        return this.toAffine().y;
+    }
+    toRawBytes(isCompressed) {
+        return this.toBytes(isCompressed);
+    }
+}
+/** Generator / base point */
+const G = new Point(Gx, Gy, 1n);
+/** Identity / zero point */
+const I = new Point(0n, 1n, 0n);
+// Static aliases
+Point.BASE = G;
+Point.ZERO = I;
+/** `Q = u1⋅G + u2⋅R`. Verifies Q is not ZERO. Unsafe: non-CT. */
+const doubleScalarMulUns = (R, u1, u2) => {
+    return G.multiply(u1, false).add(R.multiply(u2, false)).assertValidity();
+};
+const bytesToNumBE = (b) => big('0x' + (bytesToHex(b) || '0'));
+const sliceBytesNumBE = (b, from, to) => bytesToNumBE(b.subarray(from, to));
+const B256 = 2n ** 256n; // secp256k1 is weierstrass curve. Equation is x³ + ax + b.
+/** Number to 32b. Must be 0 <= num < B256. validate, pad, to bytes. */
+const numTo32b = (num) => hexToBytes(padh(arange(num, 0n, B256), L2));
+/** Normalize private key to scalar (bigint). Verifies scalar is in range 1<s<N */
+const toPrivScalar = (pr) => {
+    const num = isBig(pr) ? pr : bytesToNumBE(toU8(pr, L));
+    return arange(num, 1n, N, 'private key invalid 3');
+};
+/** For Signature malleability, validates sig.s is bigger than N/2. */
+const highS = (n) => n > N >> 1n;
+/** ECDSA Signature class. Supports only compact 64-byte representation, not DER. */
+class Signature {
+    r;
+    s;
+    recovery;
+    constructor(r, s, recovery) {
+        this.r = agroup(r); // 1 <= r < N
+        this.s = agroup(s); // 1 <= s < N
+        if (recovery != null)
+            this.recovery = recovery;
+        Object.freeze(this);
+    }
+    /** Create signature from 64b compact (r || s) representation. */
+    static fromBytes(b) {
+        abytes(b, L2);
+        const r = sliceBytesNumBE(b, 0, L);
+        const s = sliceBytesNumBE(b, L, L2);
+        return new Signature(r, s);
+    }
+    toBytes() {
+        const { r, s } = this;
+        return concatBytes(numTo32b(r), numTo32b(s));
+    }
+    /** Copy signature, with newly added recovery bit. */
+    addRecoveryBit(bit) {
+        return new Signature(this.r, this.s, bit);
+    }
+    hasHighS() {
+        return highS(this.s);
+    }
+    toCompactRawBytes() {
+        return this.toBytes();
+    }
+    toCompactHex() {
+        return bytesToHex(this.toBytes());
+    }
+    recoverPublicKey(msg) {
+        return recoverPublicKey(this, msg);
+    }
+    static fromCompact(hex) {
+        return Signature.fromBytes(toU8(hex, L2));
+    }
+    assertValidity() {
+        return this;
+    }
+    normalizeS() {
+        const { r, s, recovery } = this;
+        return highS(s) ? new Signature(r, modN(-s), recovery) : this;
+    }
+}
+/**
+ * RFC6979: ensure ECDSA msg is X bytes, convert to BigInt.
+ * RFC suggests optional truncating via bits2octets.
+ * FIPS 186-4 4.6 suggests the leftmost min(nBitLen, outLen) bits,
+ * which matches bits2int. bits2int can produce res>N.
+ */
+const bits2int = (bytes) => {
+    const delta = bytes.length * 8 - 256;
+    if (delta > 1024)
+        err('msg invalid'); // our CUSTOM check, "just-in-case": prohibit long inputs
+    const num = bytesToNumBE(bytes);
+    return delta > 0 ? num >> big(delta) : num;
+};
+/** int2octets can't be used; pads small msgs with 0: BAD for truncation as per RFC vectors */
+const bits2int_modN = (bytes) => modN(bits2int(abytes(bytes)));
+const signOpts = { lowS: true };
+// RFC6979 signature generation, preparation step.
+const prepSig = (msgh, priv, opts = signOpts) => {
+    if (['der', 'recovered', 'canonical'].some((k) => k in opts))
+        // legacy opts
+        err('option not supported');
+    let { lowS, extraEntropy } = opts; // generates low-s sigs by default
+    if (lowS == null)
+        lowS = true; // RFC6979 3.2: we skip step A
+    const i2o = numTo32b; // int to octets
+    const h1i = bits2int_modN(toU8(msgh)); // msg bigint
+    const h1o = i2o(h1i); // msg octets
+    const d = toPrivScalar(priv); // validate private key, convert to bigint
+    const seed = [i2o(d), h1o]; // Step D of RFC6979 3.2
+    /** RFC6979 3.6: additional k' (optional). See {@link ExtraEntropy}. */
+    // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k')
+    if (extraEntropy)
+        seed.push(extraEntropy === true ? randomBytes(L) : toU8(extraEntropy));
+    const m = h1i; // convert msg to bigint
+    // Converts signature params into point w r/s, checks result for validity.
+    // To transform k => Signature:
+    // q = k⋅G
+    // r = q.x mod n
+    // s = k^-1(m + rd) mod n
+    const k2sig = (kBytes) => {
+        // RFC 6979 Section 3.2, step 3: k = bits2int(T)
+        // Important: all mod() calls here must be done over N
+        const k = bits2int(kBytes);
+        if (!(1n <= k && k < N))
+            return; // Check 0 < k < CURVE.n
+        const q = G.multiply(k).toAffine(); // q = k⋅G
+        const r = modN(q.x); // r = q.x mod n
+        if (r === 0n)
+            return;
+        const ik = invert(k, N); // k^-1 mod n, NOT mod P
+        const s = modN(ik * modN(m + modN(d * r))); // s = k^-1(m + rd) mod n
+        if (s === 0n)
+            return;
+        let normS = s; // normalized S
+        let recovery = (q.x === r ? 0 : 2) | Number(q.y & 1n); // recovery bit (2 or 3, when q.x > n)
+        if (lowS && highS(s)) {
+            // if lowS was passed, ensure s is always
+            normS = modN(-s); // in the bottom half of CURVE.n
+            recovery ^= 1;
+        }
+        return new Signature(r, normS, recovery); // use normS, not s
+    };
+    return { seed: concatBytes(...seed), k2sig };
+};
+// HMAC-DRBG from NIST 800-90. Minimal, non-full-spec - used for RFC6979 signatures.
+const hmacDrbg = (asynchronous) => {
+    let v = u8n(L); // Steps B, C of RFC6979 3.2: set hashLen
+    let k = u8n(L); // In our case, it's always equal to L
+    let i = 0; // Iterations counter, will throw when over max
+    const NULL = u8n(0);
+    const reset = () => {
+        v.fill(1);
+        k.fill(0);
+        i = 0;
+    };
+    const max = 1000;
+    const _e = 'drbg: tried 1000 values';
+    {
+        // asynchronous=true
+        // h = hmac(K || V || ...)
+        const h = (...b) => etc.hmacSha256Async(k, v, ...b);
+        const reseed = async (seed = NULL) => {
+            // HMAC-DRBG reseed() function. Steps D-G
+            k = await h(u8of(0x00), seed); // k = hmac(K || V || 0x00 || seed)
+            v = await h(); // v = hmac(K || V)
+            if (seed.length === 0)
+                return;
+            k = await h(u8of(0x01), seed); // k = hmac(K || V || 0x01 || seed)
+            v = await h(); // v = hmac(K || V)
+        };
+        // HMAC-DRBG generate() function
+        const gen = async () => {
+            if (i++ >= max)
+                err(_e);
+            v = await h(); // v = hmac(K || V)
+            return v; // this diverges from noble-curves: we don't allow arbitrary output len!
+        };
+        // Do not reuse returned fn for more than 1 sig:
+        // 1) it's slower (JIT screws up). 2. unsafe (async race conditions)
+        return async (seed, pred) => {
+            reset();
+            await reseed(seed); // Steps D-G
+            let res = undefined; // Step H: grind until k is in [1..n-1]
+            while (!(res = pred(await gen())))
+                await reseed(); // test predicate until it returns ok
+            reset();
+            return res;
+        };
+    }
+};
+/**
+ * Sign a msg hash using secp256k1. Async.
+ * Follows [SEC1](https://secg.org/sec1-v2.pdf) 4.1.2 & RFC6979.
+ * It's suggested to enable hedging ({@link ExtraEntropy}) to prevent fault attacks.
+ * @param msgh - message HASH, not message itself e.g. sha256(message)
+ * @param priv - private key
+ * @param opts - `lowS: true` prevents malleability, `extraEntropy: true` enables hedging
+ */
+const signAsync = async (msgh, priv, opts = signOpts) => {
+    // Re-run drbg until k2sig returns ok
+    const { seed, k2sig } = prepSig(msgh, priv, opts);
+    const sig = await hmacDrbg()(seed, k2sig);
+    return sig;
+};
+/**
+ * ECDSA public key recovery. Requires msg hash and recovery id.
+ * Follows [SEC1](https://secg.org/sec1-v2.pdf) 4.1.6.
+ */
+const recoverPublicKey = (sig, msgh) => {
+    const { r, s, recovery } = sig;
+    // 0 or 1 recovery id determines sign of "y" coordinate.
+    // 2 or 3 means q.x was >N.
+    if (![0, 1, 2, 3].includes(recovery))
+        err('recovery id invalid');
+    const h = bits2int_modN(toU8(msgh, L)); // Truncate hash
+    const radj = recovery === 2 || recovery === 3 ? r + N : r;
+    afield(radj); // ensure q.x is still a field element
+    const head = getPrefix(big(recovery)); // head is 0x02 or 0x03
+    const Rb = concatBytes(head, numTo32b(radj)); // concat head + r
+    const R = Point.fromBytes(Rb);
+    const ir = invert(radj, N); // r^-1
+    const u1 = modN(-h * ir); // -hr^-1
+    const u2 = modN(s * ir); // sr^-1
+    return doubleScalarMulUns(R, u1, u2); // (sr^-1)R-(hr^-1)G = -(hr^-1)G + (sr^-1)
+};
+// FIPS 186 B.4.1 compliant key generation produces private keys with modulo bias being neglible.
+// takes >N+8 bytes, returns (hash mod n-1)+1
+const hashToPrivateKey = (hash) => {
+    hash = toU8(hash);
+    if (hash.length < L + 8 || hash.length > 1024)
+        err('expected 40-1024b');
+    const num = M(bytesToNumBE(hash), N - 1n);
+    return numTo32b(num + 1n);
+};
+const _sha = 'SHA-256';
+/** Math, hex, byte helpers. Not in `utils` because utils share API with noble-curves. */
+const etc = {
+    hexToBytes: hexToBytes,
+    bytesToHex: bytesToHex,
+    concatBytes: concatBytes,
+    bytesToNumberBE: bytesToNumBE,
+    numberToBytesBE: numTo32b,
+    mod: M,
+    invert: invert, // math utilities
+    hmacSha256Async: async (key, ...msgs) => {
+        const s = subtle();
+        const name = 'HMAC';
+        const k = await s.importKey('raw', key, { name, hash: { name: _sha } }, false, ['sign']);
+        return u8n(await s.sign(name, k, concatBytes(...msgs)));
+    },
+    hmacSha256Sync: undefined, // For TypeScript. Actual logic is below
+    hashToPrivateKey: hashToPrivateKey,
+    randomBytes: randomBytes,
+};
+// ## Precomputes
+// --------------
+const W = 8; // W is window size
+const scalarBits = 256;
+const pwindows = Math.ceil(scalarBits / W) + 1; // 33 for W=8
+const pwindowSize = 2 ** (W - 1); // 128 for W=8
+const precompute = () => {
+    const points = [];
+    let p = G;
+    let b = p;
+    for (let w = 0; w < pwindows; w++) {
+        b = p;
+        points.push(b);
+        for (let i = 1; i < pwindowSize; i++) {
+            b = b.add(p);
+            points.push(b);
+        } // i=1, bc we skip 0
+        p = b.double();
+    }
+    return points;
+};
+let Gpows = undefined; // precomputes for base point G
+// const-time negate
+const ctneg = (cnd, p) => {
+    const n = p.negate();
+    return cnd ? n : p;
+};
+/**
+ * Precomputes give 12x faster getPublicKey(), 10x sign(), 2x verify() by
+ * caching multiples of G (base point). Cache is stored in 32MB of RAM.
+ * Any time `G.multiply` is done, precomputes are used.
+ * Not used for getSharedSecret, which instead multiplies random pubkey `P.multiply`.
+ *
+ * w-ary non-adjacent form (wNAF) precomputation method is 10% slower than windowed method,
+ * but takes 2x less RAM. RAM reduction is possible by utilizing `.subtract`.
+ *
+ * !! Precomputes can be disabled by commenting-out call of the wNAF() inside Point#multiply().
+ */
+const wNAF = (n) => {
+    const comp = Gpows || (Gpows = precompute());
+    let p = I;
+    let f = G; // f must be G, or could become I in the end
+    const pow_2_w = 2 ** W; // 256 for W=8
+    const maxNum = pow_2_w; // 256 for W=8
+    const mask = big(pow_2_w - 1); // 255 for W=8 == mask 0b11111111
+    const shiftBy = big(W); // 8 for W=8
+    for (let w = 0; w < pwindows; w++) {
+        let wbits = Number(n & mask); // extract W bits.
+        n >>= shiftBy; // shift number by W bits.
+        if (wbits > pwindowSize) {
+            wbits -= maxNum;
+            n += 1n;
+        } // split if bits > max: +224 => 256-32
+        const off = w * pwindowSize;
+        const offF = off; // offsets, evaluate both
+        const offP = off + Math.abs(wbits) - 1;
+        const isEven = w % 2 !== 0; // conditions, evaluate both
+        const isNeg = wbits < 0;
+        if (wbits === 0) {
+            // off == I: can't add it. Adding random offF instead.
+            f = f.add(ctneg(isEven, comp[offF])); // bits are 0: add garbage to fake point
+        }
+        else {
+            p = p.add(ctneg(isNeg, comp[offP])); // bits are 1: add to result point
+        }
+    }
+    return { p, f }; // return both real and fake points for JIT
+};/**
+ * RLP encode a payload into a digest
+ * @param payload Payload to encode
+ * @returns RLP encoded payload
+ */
+function encodePayload(payload) {
+    if (_typeof(payload) === 'array') {
+        const formatted = payload.map((v) => {
+            if (_typeof(v) === 'string') {
+                if (/^0x[0-9a-fA-F]+$/.test(v)) {
+                    // hex-encoded data → raw bytes
+                    return hexToBytes$1(v);
+                }
+                else if (!isNaN(+v)) {
+                    // number-like string → hex → bytes
+                    return v === '0' ? new Uint8Array([]) : hexToBytes$1(numberToHex(+v));
+                }
+                else {
+                    // plain string → UTF-8 bytes
+                    return new TextEncoder().encode(v);
+                }
+            }
+            else if (_typeof(v) === 'number' || _typeof(v) === 'bigint') {
+                // produce minimal hex, then arrayify
+                return v === 0 || v === BigInt(0) ? new Uint8Array([]) : hexToBytes$1(numberToHex(v));
+            }
+            else if (_typeof(v) === 'boolean') {
+                return v ? Uint8Array.from([1]) : new Uint8Array([]);
+            }
+            else {
+                return v;
+            }
+        });
+        return encode(formatted);
+    }
+    if (_typeof(payload) === 'boolean') {
+        return encode(payload ? Uint8Array.from([1]) : new Uint8Array([]));
+    }
+    return encode(payload);
+}
+/**
+ * Sign a message using the provided private key
+ * @param payload Payload to sign
+ * @param privateKey Private key to sign with
+ * @returns Signature object with r, s, v components
+ */
+async function signMessage(payload, privateKey) {
+    const encoded = encodePayload(payload);
+    const digestHex = keccak256(encoded);
+    const digest = hexToBytes$1(digestHex);
+    const privateKeyBytes = hexToBytes$1(privateKey);
+    const signature = await signAsync(digest, privateKeyBytes, { lowS: true });
+    const compact = signature.toCompactRawBytes();
+    const rBytes = compact.subarray(0, 32);
+    const sBytes = compact.subarray(32, 64);
+    return {
+        r: bytesToHex$1(rBytes),
+        s: bytesToHex$1(sBytes),
+        v: signature.recovery,
+    };
+}
+function toHex(value) {
+    const type = _typeof(value);
+    try {
+        switch (type) {
+            case 'boolean':
+                return boolToHex(value);
+            case 'number':
+            case 'bigint':
+                return numberToHex(value);
+            case 'string':
+                if (!isNaN(+value))
+                    return numberToHex(+value);
+                return stringToHex(value);
+            case 'uint8array':
+            case 'uint16array':
+            case 'uint32array':
+            case 'int8array':
+            case 'int16array':
+            case 'int32array':
+            case 'arraybuffer':
+                return bytesToHex$1(value);
+            case 'array':
+                if (value.length === 0)
+                    return '0x';
+                else if (value.every(item => typeof item === 'number'))
+                    return bytesToHex$1(Uint8Array.from(value));
+                else
+                    return bytesToHex$1(stringToBytes(JSON.stringify(value)));
+            default:
+                return bytesToHex$1(stringToBytes(JSON.stringify(value)));
+        }
+    }
+    catch (e) {
+        console.error('[1Money toHex]: ', e);
+        return '0x';
+    }
+}function encodeRlpListHeader(length) {
+    if (length < 56) {
+        // Short list: single byte prefix
+        return Uint8Array.from([0xc0 + length]);
+    }
+    else {
+        // Long list: prefix 0xf7 + length of length + actual length bytes
+        const lenBytes = [];
+        let temp = length;
+        while (temp > 0) {
+            lenBytes.unshift(temp & 0xff);
+            temp >>= 8;
+        }
+        return Uint8Array.from([0xf7 + lenBytes.length, ...lenBytes]);
+    }
+}
+function calcTxHash(payload, signature) {
+    const pEncode = encodePayload(payload);
+    const vEncode = encode(typeof signature.v === 'boolean'
+        ? signature.v
+            ? Uint8Array.from([1])
+            : new Uint8Array([])
+        : BigInt(signature.v));
+    const rEncode = encode(hexToBytes$1(signature.r));
+    const sEncode = encode(hexToBytes$1(signature.s));
+    const vrsBytes = new Uint8Array(vEncode.length + rEncode.length + sEncode.length);
+    vrsBytes.set(vEncode, 0);
+    vrsBytes.set(rEncode, vEncode.length);
+    vrsBytes.set(sEncode, vEncode.length + rEncode.length);
+    const header = encodeRlpListHeader(pEncode.length + vrsBytes.length);
+    const encoded = new Uint8Array(header.length + pEncode.length + vrsBytes.length);
+    encoded.set(header, 0);
+    encoded.set(pEncode, header.length);
+    encoded.set(vrsBytes, header.length + pEncode.length);
+    return keccak256(encoded);
+}export{_typeof,calcTxHash,deriveTokenAddress,encodePayload,safePromiseAll,safePromiseLine,signMessage,toHex};