npm - @cardanowall/crypto-core - Versions diffs - 0.0.0 - Mend

@cardanowall/crypto-core 0.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (81) hide show

package/dist/hash.cjs ADDED Viewed

@@ -0,0 +1,165 @@
+'use strict';
+var sha2_js = require('@noble/hashes/sha2.js');
+var blake2_js = require('@noble/hashes/blake2.js');
+var hashWasm = require('hash-wasm');
+// src/hash/sha-256.ts
+function sha256(input) {
+  return sha2_js.sha256(input);
+}
+function blake2b256(input) {
+  return blake2_js.blake2b(input, { dkLen: 32 });
+}
+function blake2b224(input) {
+  return blake2_js.blake2b(input, { dkLen: 28 });
+}
+function dualHash(input) {
+  return {
+    sha256: sha256(input),
+    blake2b256: blake2b256(input)
+  };
+}
+async function dualHashStream(source) {
+  const [sha, blake] = await Promise.all([hashWasm.createSHA256(), hashWasm.createBLAKE2b(256)]);
+  sha.init();
+  blake.init();
+  for await (const chunk of source) {
+    sha.update(chunk);
+    blake.update(chunk);
+  }
+  return {
+    sha256: sha.digest("binary"),
+    blake2b256: blake.digest("binary")
+  };
+}
+// src/util/compare-ct.ts
+function compareCt(a, b) {
+  if (a.length !== b.length) return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++) diff |= a[i] ^ b[i];
+  return diff === 0;
+}
+// src/hash/merkle-sha2-256.ts
+var MERKLE_ALG_ID = "rfc9162-sha256";
+var LEAF_PREFIX = 0;
+var NODE_PREFIX = 1;
+var DIGEST_LENGTH = 32;
+function validateLeaves(leaves, fnName) {
+  if (leaves.length === 0) {
+    throw new Error(`${fnName}: empty leaf list (n == 0 is forbidden by RFC 9162 \xA72.1.1)`);
+  }
+  for (let i = 0; i < leaves.length; i++) {
+    const leaf = leaves[i];
+    if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) {
+      throw new Error(
+        `${fnName}: leaf[${i}] must be a Uint8Array(${DIGEST_LENGTH}); got length ${leaf instanceof Uint8Array ? leaf.length : "non-Uint8Array"}`
+      );
+    }
+  }
+}
+function merkleSha2256Root(leaves) {
+  validateLeaves(leaves, "merkleSha2256Root");
+  return mthRecursive(leaves, 0, leaves.length);
+}
+function merkleSha2256InclusionProof(leaves, index) {
+  validateLeaves(leaves, "merkleSha2256InclusionProof");
+  if (!Number.isInteger(index) || index < 0 || index >= leaves.length) {
+    throw new Error(
+      `merkleSha2256InclusionProof: index ${index} out of range [0, ${leaves.length})`
+    );
+  }
+  return auditPath(leaves, index, 0, leaves.length);
+}
+function merkleSha2256VerifyInclusion(leaf, index, treeSize, proof, root) {
+  if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) return false;
+  if (!(root instanceof Uint8Array) || root.length !== DIGEST_LENGTH) return false;
+  if (!Number.isInteger(index) || !Number.isInteger(treeSize) || treeSize < 1 || index < 0 || index >= treeSize) {
+    return false;
+  }
+  for (let i = 0; i < proof.length; i++) {
+    const sibling = proof[i];
+    if (!(sibling instanceof Uint8Array) || sibling.length !== DIGEST_LENGTH) {
+      return false;
+    }
+  }
+  if (treeSize === 1) {
+    if (proof.length !== 0 || index !== 0) return false;
+    return compareCt(hashLeaf(leaf), root);
+  }
+  let h = hashLeaf(leaf);
+  let sn = index;
+  let fn = treeSize - 1;
+  for (let i = 0; i < proof.length; i++) {
+    if (fn === 0) return false;
+    const sibling = proof[i];
+    if ((sn & 1) === 1 || sn === fn) {
+      h = hashNode(sibling, h);
+      while ((sn & 1) === 0 && sn !== 0) {
+        sn >>>= 1;
+        fn >>>= 1;
+      }
+    } else {
+      h = hashNode(h, sibling);
+    }
+    sn >>>= 1;
+    fn >>>= 1;
+  }
+  if (fn !== 0) return false;
+  return compareCt(h, root);
+}
+function largestPow2Lt(n) {
+  let k = 1;
+  while (k * 2 < n) k *= 2;
+  return k;
+}
+function hashLeaf(d) {
+  const buf = new Uint8Array(1 + d.length);
+  buf[0] = LEAF_PREFIX;
+  buf.set(d, 1);
+  return sha2_js.sha256(buf);
+}
+function hashNode(left, right) {
+  const buf = new Uint8Array(1 + left.length + right.length);
+  buf[0] = NODE_PREFIX;
+  buf.set(left, 1);
+  buf.set(right, 1 + left.length);
+  return sha2_js.sha256(buf);
+}
+function mthRecursive(leaves, start, end) {
+  const n = end - start;
+  if (n === 1) {
+    return hashLeaf(leaves[start]);
+  }
+  const k = largestPow2Lt(n);
+  const left = mthRecursive(leaves, start, start + k);
+  const right = mthRecursive(leaves, start + k, end);
+  return hashNode(left, right);
+}
+function auditPath(leaves, i, start, end) {
+  const n = end - start;
+  if (n === 1) return [];
+  const k = largestPow2Lt(n);
+  if (i < k) {
+    const subPath2 = auditPath(leaves, i, start, start + k);
+    subPath2.push(mthRecursive(leaves, start + k, end));
+    return subPath2;
+  }
+  const subPath = auditPath(leaves, i - k, start + k, end);
+  subPath.push(mthRecursive(leaves, start, start + k));
+  return subPath;
+}
+exports.MERKLE_ALG_ID = MERKLE_ALG_ID;
+exports.blake2b224 = blake2b224;
+exports.blake2b256 = blake2b256;
+exports.dualHash = dualHash;
+exports.dualHashStream = dualHashStream;
+exports.merkleSha2256InclusionProof = merkleSha2256InclusionProof;
+exports.merkleSha2256Root = merkleSha2256Root;
+exports.merkleSha2256VerifyInclusion = merkleSha2256VerifyInclusion;
+exports.sha256 = sha256;
+//# sourceMappingURL=hash.cjs.map
+//# sourceMappingURL=hash.cjs.map

package/dist/hash.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/hash/sha-256.ts","../src/hash/blake2b-256.ts","../src/hash/dual-hash.ts","../src/util/compare-ct.ts","../src/hash/merkle-sha2-256.ts"],"names":["nobleSha256","blake2b","createSHA256","createBLAKE2b","sha256","subPath"],"mappings":";;;;;;;AAEO,SAAS,OAAO,KAAA,EAA+B;AACpD,EAAA,OAAOA,eAAY,KAAK,CAAA;AAC1B;ACFO,SAAS,WAAW,KAAA,EAA+B;AACxD,EAAA,OAAOC,iBAAA,CAAQ,KAAA,EAAO,EAAE,KAAA,EAAO,IAAI,CAAA;AACrC;AAOO,SAAS,WAAW,KAAA,EAA+B;AACxD,EAAA,OAAOA,iBAAA,CAAQ,KAAA,EAAO,EAAE,KAAA,EAAO,IAAI,CAAA;AACrC;ACHO,SAAS,SAAS,KAAA,EAAmC;AAC1D,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,OAAO,KAAK,CAAA;AAAA,IACpB,UAAA,EAAY,WAAW,KAAK;AAAA,GAC9B;AACF;AAEA,eAAsB,eAAe,MAAA,EAA4D;AAC/F,EAAA,MAAM,CAAC,GAAA,EAAK,KAAK,CAAA,GAAI,MAAM,OAAA,CAAQ,GAAA,CAAI,CAACC,qBAAA,EAAa,EAAGC,sBAAA,CAAc,GAAG,CAAC,CAAC,CAAA;AAC3E,EAAA,GAAA,CAAI,IAAA,EAAK;AACT,EAAA,KAAA,CAAM,IAAA,EAAK;AACX,EAAA,WAAA,MAAiB,SAAS,MAAA,EAAQ;AAChC,IAAA,GAAA,CAAI,OAAO,KAAK,CAAA;AAChB,IAAA,KAAA,CAAM,OAAO,KAAK,CAAA;AAAA,EACpB;AACA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA;AAAA,IAC3B,UAAA,EAAY,KAAA,CAAM,MAAA,CAAO,QAAQ;AAAA,GACnC;AACF;;;ACxBO,SAAS,SAAA,CAAU,GAAe,CAAA,EAAwB;AAC/D,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ,OAAO,KAAA;AAClC,EAAA,IAAI,IAAA,GAAO,CAAA;AAIX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,MAAA,EAAQ,CAAA,EAAA,EAAK,IAAA,IAAS,CAAA,CAAE,CAAC,CAAA,GAAgB,CAAA,CAAE,CAAC,CAAA;AAClE,EAAA,OAAO,IAAA,KAAS,CAAA;AAClB;;;ACGO,IAAM,aAAA,GAAgB;AAE7B,IAAM,WAAA,GAAc,CAAA;AACpB,IAAM,WAAA,GAAc,CAAA;AACpB,IAAM,aAAA,GAAgB,EAAA;AAEtB,SAAS,cAAA,CAAe,QAAmC,MAAA,EAAsB;AAC/E,EAAA,IAAI,MAAA,CAAO,WAAW,CAAA,EAAG;AACvB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,MAAM,CAAA,6DAAA,CAA4D,CAAA;AAAA,EACvF;AACA,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,MAAM,IAAA,GAAO,OAAO,CAAC,CAAA;AACrB,IAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,WAAW,aAAA,EAAe;AAClE,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,EAAG,MAAM,CAAA,OAAA,EAAU,CAAC,CAAA,uBAAA,EAA0B,aAAa,CAAA,cAAA,EACzD,IAAA,YAAgB,UAAA,GAAa,IAAA,CAAK,MAAA,GAAS,gBAC7C,CAAA;AAAA,OACF;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,kBAAkB,MAAA,EAA+C;AAC/E,EAAA,cAAA,CAAe,QAAQ,mBAAmB,CAAA;AAC1C,EAAA,OAAO,YAAA,CAAa,MAAA,EAAQ,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA;AAC9C;AAEO,SAAS,2BAAA,CACd,QACA,KAAA,EACc;AACd,EAAA,cAAA,CAAe,QAAQ,6BAA6B,CAAA;AACpD,EAAA,IAAI,CAAC,OAAO,SAAA,CAAU,KAAK,KAAK,KAAA,GAAQ,CAAA,IAAK,KAAA,IAAS,MAAA,CAAO,MAAA,EAAQ;AACnE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,mCAAA,EAAsC,KAAK,CAAA,kBAAA,EAAqB,MAAA,CAAO,MAAM,CAAA,CAAA;AAAA,KAC/E;AAAA,EACF;AACA,EAAA,OAAO,SAAA,CAAU,MAAA,EAAQ,KAAA,EAAO,CAAA,EAAG,OAAO,MAAM,CAAA;AAClD;AAcO,SAAS,4BAAA,CACd,IAAA,EACA,KAAA,EACA,QAAA,EACA,OACA,IAAA,EACS;AACT,EAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,MAAA,KAAW,eAAe,OAAO,KAAA;AAC3E,EAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,MAAA,KAAW,eAAe,OAAO,KAAA;AAC3E,EAAA,IACE,CAAC,MAAA,CAAO,SAAA,CAAU,KAAK,KACvB,CAAC,MAAA,CAAO,SAAA,CAAU,QAAQ,KAC1B,QAAA,GAAW,CAAA,IACX,KAAA,GAAQ,CAAA,IACR,SAAS,QAAA,EACT;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,IAAA,IAAI,EAAE,OAAA,YAAmB,UAAA,CAAA,IAAe,OAAA,CAAQ,WAAW,aAAA,EAAe;AACxE,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,IAAI,aAAa,CAAA,EAAG;AAClB,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,IAAK,KAAA,KAAU,GAAG,OAAO,KAAA;AAC9C,IAAA,OAAO,SAAA,CAAU,QAAA,CAAS,IAAI,CAAA,EAAG,IAAI,CAAA;AAAA,EACvC;AAEA,EAAA,IAAI,CAAA,GAAI,SAAS,IAAI,CAAA;AACrB,EAAA,IAAI,EAAA,GAAK,KAAA;AACT,EAAA,IAAI,KAAK,QAAA,GAAW,CAAA;AACpB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,IAAI,EAAA,KAAO,GAAG,OAAO,KAAA;AACrB,IAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,IAAA,IAAA,CAAK,EAAA,GAAK,CAAA,MAAO,CAAA,IAAK,EAAA,KAAO,EAAA,EAAI;AAC/B,MAAA,CAAA,GAAI,QAAA,CAAS,SAAS,CAAC,CAAA;AACvB,MAAA,OAAA,CAAQ,EAAA,GAAK,CAAA,MAAO,CAAA,IAAK,EAAA,KAAO,CAAA,EAAG;AACjC,QAAA,EAAA,MAAQ,CAAA;AACR,QAAA,EAAA,MAAQ,CAAA;AAAA,MACV;AAAA,IACF,CAAA,MAAO;AACL,MAAA,CAAA,GAAI,QAAA,CAAS,GAAG,OAAO,CAAA;AAAA,IACzB;AACA,IAAA,EAAA,MAAQ,CAAA;AACR,IAAA,EAAA,MAAQ,CAAA;AAAA,EACV;AACA,EAAA,IAAI,EAAA,KAAO,GAAG,OAAO,KAAA;AACrB,EAAA,OAAO,SAAA,CAAU,GAAG,IAAI,CAAA;AAC1B;AAEA,SAAS,cAAc,CAAA,EAAmB;AACxC,EAAA,IAAI,CAAA,GAAI,CAAA;AACR,EAAA,OAAO,CAAA,GAAI,CAAA,GAAI,CAAA,EAAG,CAAA,IAAK,CAAA;AACvB,EAAA,OAAO,CAAA;AACT;AAEA,SAAS,SAAS,CAAA,EAA2B;AAC3C,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,CAAA,GAAI,EAAE,MAAM,CAAA;AACvC,EAAA,GAAA,CAAI,CAAC,CAAA,GAAI,WAAA;AACT,EAAA,GAAA,CAAI,GAAA,CAAI,GAAG,CAAC,CAAA;AACZ,EAAA,OAAOC,eAAO,GAAG,CAAA;AACnB;AAEA,SAAS,QAAA,CAAS,MAAkB,KAAA,EAA+B;AACjE,EAAA,MAAM,MAAM,IAAI,UAAA,CAAW,IAAI,IAAA,CAAK,MAAA,GAAS,MAAM,MAAM,CAAA;AACzD,EAAA,GAAA,CAAI,CAAC,CAAA,GAAI,WAAA;AACT,EAAA,GAAA,CAAI,GAAA,CAAI,MAAM,CAAC,CAAA;AACf,EAAA,GAAA,CAAI,GAAA,CAAI,KAAA,EAAO,CAAA,GAAI,IAAA,CAAK,MAAM,CAAA;AAC9B,EAAA,OAAOA,eAAO,GAAG,CAAA;AACnB;AAEA,SAAS,YAAA,CAAa,MAAA,EAAmC,KAAA,EAAe,GAAA,EAAyB;AAC/F,EAAA,MAAM,IAAI,GAAA,GAAM,KAAA;AAChB,EAAA,IAAI,MAAM,CAAA,EAAG;AACX,IAAA,OAAO,QAAA,CAAS,MAAA,CAAO,KAAK,CAAe,CAAA;AAAA,EAC7C;AACA,EAAA,MAAM,CAAA,GAAI,cAAc,CAAC,CAAA;AACzB,EAAA,MAAM,IAAA,GAAO,YAAA,CAAa,MAAA,EAAQ,KAAA,EAAO,QAAQ,CAAC,CAAA;AAClD,EAAA,MAAM,KAAA,GAAQ,YAAA,CAAa,MAAA,EAAQ,KAAA,GAAQ,GAAG,GAAG,CAAA;AACjD,EAAA,OAAO,QAAA,CAAS,MAAM,KAAK,CAAA;AAC7B;AAEA,SAAS,SAAA,CACP,MAAA,EACA,CAAA,EACA,KAAA,EACA,GAAA,EACc;AACd,EAAA,MAAM,IAAI,GAAA,GAAM,KAAA;AAChB,EAAA,IAAI,CAAA,KAAM,CAAA,EAAG,OAAO,EAAC;AACrB,EAAA,MAAM,CAAA,GAAI,cAAc,CAAC,CAAA;AACzB,EAAA,IAAI,IAAI,CAAA,EAAG;AACT,IAAA,MAAMC,WAAU,SAAA,CAAU,MAAA,EAAQ,CAAA,EAAG,KAAA,EAAO,QAAQ,CAAC,CAAA;AACrD,IAAAA,SAAQ,IAAA,CAAK,YAAA,CAAa,QAAQ,KAAA,GAAQ,CAAA,EAAG,GAAG,CAAC,CAAA;AACjD,IAAA,OAAOA,QAAAA;AAAA,EACT;AACA,EAAA,MAAM,UAAU,SAAA,CAAU,MAAA,EAAQ,IAAI,CAAA,EAAG,KAAA,GAAQ,GAAG,GAAG,CAAA;AACvD,EAAA,OAAA,CAAQ,KAAK,YAAA,CAAa,MAAA,EAAQ,KAAA,EAAO,KAAA,GAAQ,CAAC,CAAC,CAAA;AACnD,EAAA,OAAO,OAAA;AACT","file":"hash.cjs","sourcesContent":["import { sha256 as nobleSha256 } from '@noble/hashes/sha2.js';\n\nexport function sha256(input: Uint8Array): Uint8Array {\n return nobleSha256(input);\n}\n","import { blake2b } from '@noble/hashes/blake2.js';\n\nexport function blake2b256(input: Uint8Array): Uint8Array {\n return blake2b(input, { dkLen: 32 });\n}\n\n// CIP-19 stake-address derivation, used for the wallet path-2 signer binding,\n// requires the 28-byte BLAKE2b digest of the signer's Ed25519 public key.\n// The Cardano ledger encodes stake addresses as\n// `network_header_byte || Blake2b-224(stake_vk)`\n// per CIP-19, so this output length is fixed by spec.\nexport function blake2b224(input: Uint8Array): Uint8Array {\n return blake2b(input, { dkLen: 28 });\n}\n","import { createSHA256, createBLAKE2b } from 'hash-wasm';\n\nimport { sha256 } from './sha-256';\nimport { blake2b256 } from './blake2b-256';\n\nexport interface DualHashOutput {\n sha256: Uint8Array;\n blake2b256: Uint8Array;\n}\n\nexport function dualHash(input: Uint8Array): DualHashOutput {\n return {\n sha256: sha256(input),\n blake2b256: blake2b256(input),\n };\n}\n\nexport async function dualHashStream(source: AsyncIterable<Uint8Array>): Promise<DualHashOutput> {\n const [sha, blake] = await Promise.all([createSHA256(), createBLAKE2b(256)]);\n sha.init();\n blake.init();\n for await (const chunk of source) {\n sha.update(chunk);\n blake.update(chunk);\n }\n return {\n sha256: sha.digest('binary') as Uint8Array,\n blake2b256: blake.digest('binary') as Uint8Array,\n };\n}\n","// Isomorphic constant-time byte-equality. crypto-core is browser-safe by\n// design, so we cannot import `node:crypto.timingSafeEqual` — webpack rejects\n// the `node:` scheme in the browser bundle. A pure-JS XOR loop is constant-time\n// for equal-length inputs; length mismatch is a deliberate early-return (the\n// API surface itself leaks length, same as node's timingSafeEqual which throws).\nexport function compareCt(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n let diff = 0;\n // Lengths are equal and `i` stays in-bounds, so both indexes are always\n // defined — no nullish guard is needed (and one would read as a guard for\n // an impossible case).\n for (let i = 0; i < a.length; i++) diff |= (a[i] as number) ^ (b[i] as number);\n return diff === 0;\n}\n","// RFC 9162 §2.1.1 binary Merkle tree under SHA-256.\n// This implements the algorithm tier identified on the wire as the\n// `rfc9162-sha256` OPT-INFO; the record's `merkle[]` field carries the proof.\n//\n// Construction (RFC 9162 §2.1.1):\n// - Single leaf: MTH({d_0}) = SHA-256(0x00 || d_0)\n// - Internal node: MTH(L) = SHA-256(0x01 || MTH(L[0:k]) || MTH(L[k:n]))\n// where k = largest power of 2 strictly less than n.\n// - Empty trees (n == 0) are FORBIDDEN.\n// - The 0x00 leaf / 0x01 internal prefixes prevent the CVE-2012-2459\n// leaf-vs-internal collision family.\n\nimport { sha256 } from '@noble/hashes/sha2.js';\n\nimport { compareCt } from '../util/compare-ct';\n\nexport const MERKLE_ALG_ID = 'rfc9162-sha256' as const;\n\nconst LEAF_PREFIX = 0x00;\nconst NODE_PREFIX = 0x01;\nconst DIGEST_LENGTH = 32;\n\nfunction validateLeaves(leaves: ReadonlyArray<Uint8Array>, fnName: string): void {\n if (leaves.length === 0) {\n throw new Error(`${fnName}: empty leaf list (n == 0 is forbidden by RFC 9162 §2.1.1)`);\n }\n for (let i = 0; i < leaves.length; i++) {\n const leaf = leaves[i];\n if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) {\n throw new Error(\n `${fnName}: leaf[${i}] must be a Uint8Array(${DIGEST_LENGTH}); got length ${\n leaf instanceof Uint8Array ? leaf.length : 'non-Uint8Array'\n }`,\n );\n }\n }\n}\n\nexport function merkleSha2256Root(leaves: ReadonlyArray<Uint8Array>): Uint8Array {\n validateLeaves(leaves, 'merkleSha2256Root');\n return mthRecursive(leaves, 0, leaves.length);\n}\n\nexport function merkleSha2256InclusionProof(\n leaves: ReadonlyArray<Uint8Array>,\n index: number,\n): Uint8Array[] {\n validateLeaves(leaves, 'merkleSha2256InclusionProof');\n if (!Number.isInteger(index) || index < 0 || index >= leaves.length) {\n throw new Error(\n `merkleSha2256InclusionProof: index ${index} out of range [0, ${leaves.length})`,\n );\n }\n return auditPath(leaves, index, 0, leaves.length);\n}\n\n/**\n * Verify an inclusion proof per RFC 9162 §2.1.3.2 (iterative form).\n *\n * `proof` is ordered leaf-to-root: `proof[0]` is the sibling at the leaf\n * level, `proof[m-1]` is the top-level sibling. The fold uses the\n * `sn`/`fn` tracking from RFC 9162: `sn` is the leaf index within the\n * current subtree, `fn` is (subtree_size - 1). At each step, `sn` odd\n * OR `sn == fn` means the current node is a right child (sibling on\n * the left); otherwise it is a left child (sibling on the right).\n * Both shift right by one each iteration. This handles non-power-of-2\n * sizes including the \"promote a lone right subtree\" cases.\n */\nexport function merkleSha2256VerifyInclusion(\n leaf: Uint8Array,\n index: number,\n treeSize: number,\n proof: ReadonlyArray<Uint8Array>,\n root: Uint8Array,\n): boolean {\n if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) return false;\n if (!(root instanceof Uint8Array) || root.length !== DIGEST_LENGTH) return false;\n if (\n !Number.isInteger(index) ||\n !Number.isInteger(treeSize) ||\n treeSize < 1 ||\n index < 0 ||\n index >= treeSize\n ) {\n return false;\n }\n for (let i = 0; i < proof.length; i++) {\n const sibling = proof[i];\n if (!(sibling instanceof Uint8Array) || sibling.length !== DIGEST_LENGTH) {\n return false;\n }\n }\n\n if (treeSize === 1) {\n if (proof.length !== 0 || index !== 0) return false;\n return compareCt(hashLeaf(leaf), root);\n }\n\n let h = hashLeaf(leaf);\n let sn = index;\n let fn = treeSize - 1;\n for (let i = 0; i < proof.length; i++) {\n if (fn === 0) return false;\n const sibling = proof[i] as Uint8Array;\n if ((sn & 1) === 1 || sn === fn) {\n h = hashNode(sibling, h);\n while ((sn & 1) === 0 && sn !== 0) {\n sn >>>= 1;\n fn >>>= 1;\n }\n } else {\n h = hashNode(h, sibling);\n }\n sn >>>= 1;\n fn >>>= 1;\n }\n if (fn !== 0) return false;\n return compareCt(h, root);\n}\n\nfunction largestPow2Lt(n: number): number {\n let k = 1;\n while (k * 2 < n) k *= 2;\n return k;\n}\n\nfunction hashLeaf(d: Uint8Array): Uint8Array {\n const buf = new Uint8Array(1 + d.length);\n buf[0] = LEAF_PREFIX;\n buf.set(d, 1);\n return sha256(buf);\n}\n\nfunction hashNode(left: Uint8Array, right: Uint8Array): Uint8Array {\n const buf = new Uint8Array(1 + left.length + right.length);\n buf[0] = NODE_PREFIX;\n buf.set(left, 1);\n buf.set(right, 1 + left.length);\n return sha256(buf);\n}\n\nfunction mthRecursive(leaves: ReadonlyArray<Uint8Array>, start: number, end: number): Uint8Array {\n const n = end - start;\n if (n === 1) {\n return hashLeaf(leaves[start] as Uint8Array);\n }\n const k = largestPow2Lt(n);\n const left = mthRecursive(leaves, start, start + k);\n const right = mthRecursive(leaves, start + k, end);\n return hashNode(left, right);\n}\n\nfunction auditPath(\n leaves: ReadonlyArray<Uint8Array>,\n i: number,\n start: number,\n end: number,\n): Uint8Array[] {\n const n = end - start;\n if (n === 1) return [];\n const k = largestPow2Lt(n);\n if (i < k) {\n const subPath = auditPath(leaves, i, start, start + k);\n subPath.push(mthRecursive(leaves, start + k, end));\n return subPath;\n }\n const subPath = auditPath(leaves, i - k, start + k, end);\n subPath.push(mthRecursive(leaves, start, start + k));\n return subPath;\n}\n"]}

package/dist/hash.d.cts ADDED Viewed

@@ -0,0 +1,30 @@
+declare function sha256(input: Uint8Array): Uint8Array;
+declare function blake2b256(input: Uint8Array): Uint8Array;
+declare function blake2b224(input: Uint8Array): Uint8Array;
+interface DualHashOutput {
+    sha256: Uint8Array;
+    blake2b256: Uint8Array;
+}
+declare function dualHash(input: Uint8Array): DualHashOutput;
+declare function dualHashStream(source: AsyncIterable<Uint8Array>): Promise<DualHashOutput>;
+declare const MERKLE_ALG_ID: "rfc9162-sha256";
+declare function merkleSha2256Root(leaves: ReadonlyArray<Uint8Array>): Uint8Array;
+declare function merkleSha2256InclusionProof(leaves: ReadonlyArray<Uint8Array>, index: number): Uint8Array[];
+/**
+ * Verify an inclusion proof per RFC 9162 §2.1.3.2 (iterative form).
+ *
+ * `proof` is ordered leaf-to-root: `proof[0]` is the sibling at the leaf
+ * level, `proof[m-1]` is the top-level sibling. The fold uses the
+ * `sn`/`fn` tracking from RFC 9162: `sn` is the leaf index within the
+ * current subtree, `fn` is (subtree_size - 1). At each step, `sn` odd
+ * OR `sn == fn` means the current node is a right child (sibling on
+ * the left); otherwise it is a left child (sibling on the right).
+ * Both shift right by one each iteration. This handles non-power-of-2
+ * sizes including the "promote a lone right subtree" cases.
+ */
+declare function merkleSha2256VerifyInclusion(leaf: Uint8Array, index: number, treeSize: number, proof: ReadonlyArray<Uint8Array>, root: Uint8Array): boolean;
+export { type DualHashOutput, MERKLE_ALG_ID, blake2b224, blake2b256, dualHash, dualHashStream, merkleSha2256InclusionProof, merkleSha2256Root, merkleSha2256VerifyInclusion, sha256 };

package/dist/hash.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+declare function sha256(input: Uint8Array): Uint8Array;
+declare function blake2b256(input: Uint8Array): Uint8Array;
+declare function blake2b224(input: Uint8Array): Uint8Array;
+interface DualHashOutput {
+    sha256: Uint8Array;
+    blake2b256: Uint8Array;
+}
+declare function dualHash(input: Uint8Array): DualHashOutput;
+declare function dualHashStream(source: AsyncIterable<Uint8Array>): Promise<DualHashOutput>;
+declare const MERKLE_ALG_ID: "rfc9162-sha256";
+declare function merkleSha2256Root(leaves: ReadonlyArray<Uint8Array>): Uint8Array;
+declare function merkleSha2256InclusionProof(leaves: ReadonlyArray<Uint8Array>, index: number): Uint8Array[];
+/**
+ * Verify an inclusion proof per RFC 9162 §2.1.3.2 (iterative form).
+ *
+ * `proof` is ordered leaf-to-root: `proof[0]` is the sibling at the leaf
+ * level, `proof[m-1]` is the top-level sibling. The fold uses the
+ * `sn`/`fn` tracking from RFC 9162: `sn` is the leaf index within the
+ * current subtree, `fn` is (subtree_size - 1). At each step, `sn` odd
+ * OR `sn == fn` means the current node is a right child (sibling on
+ * the left); otherwise it is a left child (sibling on the right).
+ * Both shift right by one each iteration. This handles non-power-of-2
+ * sizes including the "promote a lone right subtree" cases.
+ */
+declare function merkleSha2256VerifyInclusion(leaf: Uint8Array, index: number, treeSize: number, proof: ReadonlyArray<Uint8Array>, root: Uint8Array): boolean;
+export { type DualHashOutput, MERKLE_ALG_ID, blake2b224, blake2b256, dualHash, dualHashStream, merkleSha2256InclusionProof, merkleSha2256Root, merkleSha2256VerifyInclusion, sha256 };

package/dist/hash.js ADDED Viewed

@@ -0,0 +1,155 @@
+import { sha256 as sha256$1 } from '@noble/hashes/sha2.js';
+import { blake2b } from '@noble/hashes/blake2.js';
+import { createSHA256, createBLAKE2b } from 'hash-wasm';
+// src/hash/sha-256.ts
+function sha256(input) {
+  return sha256$1(input);
+}
+function blake2b256(input) {
+  return blake2b(input, { dkLen: 32 });
+}
+function blake2b224(input) {
+  return blake2b(input, { dkLen: 28 });
+}
+function dualHash(input) {
+  return {
+    sha256: sha256(input),
+    blake2b256: blake2b256(input)
+  };
+}
+async function dualHashStream(source) {
+  const [sha, blake] = await Promise.all([createSHA256(), createBLAKE2b(256)]);
+  sha.init();
+  blake.init();
+  for await (const chunk of source) {
+    sha.update(chunk);
+    blake.update(chunk);
+  }
+  return {
+    sha256: sha.digest("binary"),
+    blake2b256: blake.digest("binary")
+  };
+}
+// src/util/compare-ct.ts
+function compareCt(a, b) {
+  if (a.length !== b.length) return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++) diff |= a[i] ^ b[i];
+  return diff === 0;
+}
+// src/hash/merkle-sha2-256.ts
+var MERKLE_ALG_ID = "rfc9162-sha256";
+var LEAF_PREFIX = 0;
+var NODE_PREFIX = 1;
+var DIGEST_LENGTH = 32;
+function validateLeaves(leaves, fnName) {
+  if (leaves.length === 0) {
+    throw new Error(`${fnName}: empty leaf list (n == 0 is forbidden by RFC 9162 \xA72.1.1)`);
+  }
+  for (let i = 0; i < leaves.length; i++) {
+    const leaf = leaves[i];
+    if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) {
+      throw new Error(
+        `${fnName}: leaf[${i}] must be a Uint8Array(${DIGEST_LENGTH}); got length ${leaf instanceof Uint8Array ? leaf.length : "non-Uint8Array"}`
+      );
+    }
+  }
+}
+function merkleSha2256Root(leaves) {
+  validateLeaves(leaves, "merkleSha2256Root");
+  return mthRecursive(leaves, 0, leaves.length);
+}
+function merkleSha2256InclusionProof(leaves, index) {
+  validateLeaves(leaves, "merkleSha2256InclusionProof");
+  if (!Number.isInteger(index) || index < 0 || index >= leaves.length) {
+    throw new Error(
+      `merkleSha2256InclusionProof: index ${index} out of range [0, ${leaves.length})`
+    );
+  }
+  return auditPath(leaves, index, 0, leaves.length);
+}
+function merkleSha2256VerifyInclusion(leaf, index, treeSize, proof, root) {
+  if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) return false;
+  if (!(root instanceof Uint8Array) || root.length !== DIGEST_LENGTH) return false;
+  if (!Number.isInteger(index) || !Number.isInteger(treeSize) || treeSize < 1 || index < 0 || index >= treeSize) {
+    return false;
+  }
+  for (let i = 0; i < proof.length; i++) {
+    const sibling = proof[i];
+    if (!(sibling instanceof Uint8Array) || sibling.length !== DIGEST_LENGTH) {
+      return false;
+    }
+  }
+  if (treeSize === 1) {
+    if (proof.length !== 0 || index !== 0) return false;
+    return compareCt(hashLeaf(leaf), root);
+  }
+  let h = hashLeaf(leaf);
+  let sn = index;
+  let fn = treeSize - 1;
+  for (let i = 0; i < proof.length; i++) {
+    if (fn === 0) return false;
+    const sibling = proof[i];
+    if ((sn & 1) === 1 || sn === fn) {
+      h = hashNode(sibling, h);
+      while ((sn & 1) === 0 && sn !== 0) {
+        sn >>>= 1;
+        fn >>>= 1;
+      }
+    } else {
+      h = hashNode(h, sibling);
+    }
+    sn >>>= 1;
+    fn >>>= 1;
+  }
+  if (fn !== 0) return false;
+  return compareCt(h, root);
+}
+function largestPow2Lt(n) {
+  let k = 1;
+  while (k * 2 < n) k *= 2;
+  return k;
+}
+function hashLeaf(d) {
+  const buf = new Uint8Array(1 + d.length);
+  buf[0] = LEAF_PREFIX;
+  buf.set(d, 1);
+  return sha256$1(buf);
+}
+function hashNode(left, right) {
+  const buf = new Uint8Array(1 + left.length + right.length);
+  buf[0] = NODE_PREFIX;
+  buf.set(left, 1);
+  buf.set(right, 1 + left.length);
+  return sha256$1(buf);
+}
+function mthRecursive(leaves, start, end) {
+  const n = end - start;
+  if (n === 1) {
+    return hashLeaf(leaves[start]);
+  }
+  const k = largestPow2Lt(n);
+  const left = mthRecursive(leaves, start, start + k);
+  const right = mthRecursive(leaves, start + k, end);
+  return hashNode(left, right);
+}
+function auditPath(leaves, i, start, end) {
+  const n = end - start;
+  if (n === 1) return [];
+  const k = largestPow2Lt(n);
+  if (i < k) {
+    const subPath2 = auditPath(leaves, i, start, start + k);
+    subPath2.push(mthRecursive(leaves, start + k, end));
+    return subPath2;
+  }
+  const subPath = auditPath(leaves, i - k, start + k, end);
+  subPath.push(mthRecursive(leaves, start, start + k));
+  return subPath;
+}
+export { MERKLE_ALG_ID, blake2b224, blake2b256, dualHash, dualHashStream, merkleSha2256InclusionProof, merkleSha2256Root, merkleSha2256VerifyInclusion, sha256 };
+//# sourceMappingURL=hash.js.map
+//# sourceMappingURL=hash.js.map

package/dist/hash.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/hash/sha-256.ts","../src/hash/blake2b-256.ts","../src/hash/dual-hash.ts","../src/util/compare-ct.ts","../src/hash/merkle-sha2-256.ts"],"names":["nobleSha256","sha256","subPath"],"mappings":";;;;;AAEO,SAAS,OAAO,KAAA,EAA+B;AACpD,EAAA,OAAOA,SAAY,KAAK,CAAA;AAC1B;ACFO,SAAS,WAAW,KAAA,EAA+B;AACxD,EAAA,OAAO,OAAA,CAAQ,KAAA,EAAO,EAAE,KAAA,EAAO,IAAI,CAAA;AACrC;AAOO,SAAS,WAAW,KAAA,EAA+B;AACxD,EAAA,OAAO,OAAA,CAAQ,KAAA,EAAO,EAAE,KAAA,EAAO,IAAI,CAAA;AACrC;ACHO,SAAS,SAAS,KAAA,EAAmC;AAC1D,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,OAAO,KAAK,CAAA;AAAA,IACpB,UAAA,EAAY,WAAW,KAAK;AAAA,GAC9B;AACF;AAEA,eAAsB,eAAe,MAAA,EAA4D;AAC/F,EAAA,MAAM,CAAC,GAAA,EAAK,KAAK,CAAA,GAAI,MAAM,OAAA,CAAQ,GAAA,CAAI,CAAC,YAAA,EAAa,EAAG,aAAA,CAAc,GAAG,CAAC,CAAC,CAAA;AAC3E,EAAA,GAAA,CAAI,IAAA,EAAK;AACT,EAAA,KAAA,CAAM,IAAA,EAAK;AACX,EAAA,WAAA,MAAiB,SAAS,MAAA,EAAQ;AAChC,IAAA,GAAA,CAAI,OAAO,KAAK,CAAA;AAChB,IAAA,KAAA,CAAM,OAAO,KAAK,CAAA;AAAA,EACpB;AACA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA;AAAA,IAC3B,UAAA,EAAY,KAAA,CAAM,MAAA,CAAO,QAAQ;AAAA,GACnC;AACF;;;ACxBO,SAAS,SAAA,CAAU,GAAe,CAAA,EAAwB;AAC/D,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ,OAAO,KAAA;AAClC,EAAA,IAAI,IAAA,GAAO,CAAA;AAIX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,MAAA,EAAQ,CAAA,EAAA,EAAK,IAAA,IAAS,CAAA,CAAE,CAAC,CAAA,GAAgB,CAAA,CAAE,CAAC,CAAA;AAClE,EAAA,OAAO,IAAA,KAAS,CAAA;AAClB;;;ACGO,IAAM,aAAA,GAAgB;AAE7B,IAAM,WAAA,GAAc,CAAA;AACpB,IAAM,WAAA,GAAc,CAAA;AACpB,IAAM,aAAA,GAAgB,EAAA;AAEtB,SAAS,cAAA,CAAe,QAAmC,MAAA,EAAsB;AAC/E,EAAA,IAAI,MAAA,CAAO,WAAW,CAAA,EAAG;AACvB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,MAAM,CAAA,6DAAA,CAA4D,CAAA;AAAA,EACvF;AACA,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,MAAM,IAAA,GAAO,OAAO,CAAC,CAAA;AACrB,IAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,WAAW,aAAA,EAAe;AAClE,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,EAAG,MAAM,CAAA,OAAA,EAAU,CAAC,CAAA,uBAAA,EAA0B,aAAa,CAAA,cAAA,EACzD,IAAA,YAAgB,UAAA,GAAa,IAAA,CAAK,MAAA,GAAS,gBAC7C,CAAA;AAAA,OACF;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,kBAAkB,MAAA,EAA+C;AAC/E,EAAA,cAAA,CAAe,QAAQ,mBAAmB,CAAA;AAC1C,EAAA,OAAO,YAAA,CAAa,MAAA,EAAQ,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA;AAC9C;AAEO,SAAS,2BAAA,CACd,QACA,KAAA,EACc;AACd,EAAA,cAAA,CAAe,QAAQ,6BAA6B,CAAA;AACpD,EAAA,IAAI,CAAC,OAAO,SAAA,CAAU,KAAK,KAAK,KAAA,GAAQ,CAAA,IAAK,KAAA,IAAS,MAAA,CAAO,MAAA,EAAQ;AACnE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,mCAAA,EAAsC,KAAK,CAAA,kBAAA,EAAqB,MAAA,CAAO,MAAM,CAAA,CAAA;AAAA,KAC/E;AAAA,EACF;AACA,EAAA,OAAO,SAAA,CAAU,MAAA,EAAQ,KAAA,EAAO,CAAA,EAAG,OAAO,MAAM,CAAA;AAClD;AAcO,SAAS,4BAAA,CACd,IAAA,EACA,KAAA,EACA,QAAA,EACA,OACA,IAAA,EACS;AACT,EAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,MAAA,KAAW,eAAe,OAAO,KAAA;AAC3E,EAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,MAAA,KAAW,eAAe,OAAO,KAAA;AAC3E,EAAA,IACE,CAAC,MAAA,CAAO,SAAA,CAAU,KAAK,KACvB,CAAC,MAAA,CAAO,SAAA,CAAU,QAAQ,KAC1B,QAAA,GAAW,CAAA,IACX,KAAA,GAAQ,CAAA,IACR,SAAS,QAAA,EACT;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,IAAA,IAAI,EAAE,OAAA,YAAmB,UAAA,CAAA,IAAe,OAAA,CAAQ,WAAW,aAAA,EAAe;AACxE,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,IAAI,aAAa,CAAA,EAAG;AAClB,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,IAAK,KAAA,KAAU,GAAG,OAAO,KAAA;AAC9C,IAAA,OAAO,SAAA,CAAU,QAAA,CAAS,IAAI,CAAA,EAAG,IAAI,CAAA;AAAA,EACvC;AAEA,EAAA,IAAI,CAAA,GAAI,SAAS,IAAI,CAAA;AACrB,EAAA,IAAI,EAAA,GAAK,KAAA;AACT,EAAA,IAAI,KAAK,QAAA,GAAW,CAAA;AACpB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,IAAI,EAAA,KAAO,GAAG,OAAO,KAAA;AACrB,IAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,IAAA,IAAA,CAAK,EAAA,GAAK,CAAA,MAAO,CAAA,IAAK,EAAA,KAAO,EAAA,EAAI;AAC/B,MAAA,CAAA,GAAI,QAAA,CAAS,SAAS,CAAC,CAAA;AACvB,MAAA,OAAA,CAAQ,EAAA,GAAK,CAAA,MAAO,CAAA,IAAK,EAAA,KAAO,CAAA,EAAG;AACjC,QAAA,EAAA,MAAQ,CAAA;AACR,QAAA,EAAA,MAAQ,CAAA;AAAA,MACV;AAAA,IACF,CAAA,MAAO;AACL,MAAA,CAAA,GAAI,QAAA,CAAS,GAAG,OAAO,CAAA;AAAA,IACzB;AACA,IAAA,EAAA,MAAQ,CAAA;AACR,IAAA,EAAA,MAAQ,CAAA;AAAA,EACV;AACA,EAAA,IAAI,EAAA,KAAO,GAAG,OAAO,KAAA;AACrB,EAAA,OAAO,SAAA,CAAU,GAAG,IAAI,CAAA;AAC1B;AAEA,SAAS,cAAc,CAAA,EAAmB;AACxC,EAAA,IAAI,CAAA,GAAI,CAAA;AACR,EAAA,OAAO,CAAA,GAAI,CAAA,GAAI,CAAA,EAAG,CAAA,IAAK,CAAA;AACvB,EAAA,OAAO,CAAA;AACT;AAEA,SAAS,SAAS,CAAA,EAA2B;AAC3C,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,CAAA,GAAI,EAAE,MAAM,CAAA;AACvC,EAAA,GAAA,CAAI,CAAC,CAAA,GAAI,WAAA;AACT,EAAA,GAAA,CAAI,GAAA,CAAI,GAAG,CAAC,CAAA;AACZ,EAAA,OAAOC,SAAO,GAAG,CAAA;AACnB;AAEA,SAAS,QAAA,CAAS,MAAkB,KAAA,EAA+B;AACjE,EAAA,MAAM,MAAM,IAAI,UAAA,CAAW,IAAI,IAAA,CAAK,MAAA,GAAS,MAAM,MAAM,CAAA;AACzD,EAAA,GAAA,CAAI,CAAC,CAAA,GAAI,WAAA;AACT,EAAA,GAAA,CAAI,GAAA,CAAI,MAAM,CAAC,CAAA;AACf,EAAA,GAAA,CAAI,GAAA,CAAI,KAAA,EAAO,CAAA,GAAI,IAAA,CAAK,MAAM,CAAA;AAC9B,EAAA,OAAOA,SAAO,GAAG,CAAA;AACnB;AAEA,SAAS,YAAA,CAAa,MAAA,EAAmC,KAAA,EAAe,GAAA,EAAyB;AAC/F,EAAA,MAAM,IAAI,GAAA,GAAM,KAAA;AAChB,EAAA,IAAI,MAAM,CAAA,EAAG;AACX,IAAA,OAAO,QAAA,CAAS,MAAA,CAAO,KAAK,CAAe,CAAA;AAAA,EAC7C;AACA,EAAA,MAAM,CAAA,GAAI,cAAc,CAAC,CAAA;AACzB,EAAA,MAAM,IAAA,GAAO,YAAA,CAAa,MAAA,EAAQ,KAAA,EAAO,QAAQ,CAAC,CAAA;AAClD,EAAA,MAAM,KAAA,GAAQ,YAAA,CAAa,MAAA,EAAQ,KAAA,GAAQ,GAAG,GAAG,CAAA;AACjD,EAAA,OAAO,QAAA,CAAS,MAAM,KAAK,CAAA;AAC7B;AAEA,SAAS,SAAA,CACP,MAAA,EACA,CAAA,EACA,KAAA,EACA,GAAA,EACc;AACd,EAAA,MAAM,IAAI,GAAA,GAAM,KAAA;AAChB,EAAA,IAAI,CAAA,KAAM,CAAA,EAAG,OAAO,EAAC;AACrB,EAAA,MAAM,CAAA,GAAI,cAAc,CAAC,CAAA;AACzB,EAAA,IAAI,IAAI,CAAA,EAAG;AACT,IAAA,MAAMC,WAAU,SAAA,CAAU,MAAA,EAAQ,CAAA,EAAG,KAAA,EAAO,QAAQ,CAAC,CAAA;AACrD,IAAAA,SAAQ,IAAA,CAAK,YAAA,CAAa,QAAQ,KAAA,GAAQ,CAAA,EAAG,GAAG,CAAC,CAAA;AACjD,IAAA,OAAOA,QAAAA;AAAA,EACT;AACA,EAAA,MAAM,UAAU,SAAA,CAAU,MAAA,EAAQ,IAAI,CAAA,EAAG,KAAA,GAAQ,GAAG,GAAG,CAAA;AACvD,EAAA,OAAA,CAAQ,KAAK,YAAA,CAAa,MAAA,EAAQ,KAAA,EAAO,KAAA,GAAQ,CAAC,CAAC,CAAA;AACnD,EAAA,OAAO,OAAA;AACT","file":"hash.js","sourcesContent":["import { sha256 as nobleSha256 } from '@noble/hashes/sha2.js';\n\nexport function sha256(input: Uint8Array): Uint8Array {\n return nobleSha256(input);\n}\n","import { blake2b } from '@noble/hashes/blake2.js';\n\nexport function blake2b256(input: Uint8Array): Uint8Array {\n return blake2b(input, { dkLen: 32 });\n}\n\n// CIP-19 stake-address derivation, used for the wallet path-2 signer binding,\n// requires the 28-byte BLAKE2b digest of the signer's Ed25519 public key.\n// The Cardano ledger encodes stake addresses as\n// `network_header_byte || Blake2b-224(stake_vk)`\n// per CIP-19, so this output length is fixed by spec.\nexport function blake2b224(input: Uint8Array): Uint8Array {\n return blake2b(input, { dkLen: 28 });\n}\n","import { createSHA256, createBLAKE2b } from 'hash-wasm';\n\nimport { sha256 } from './sha-256';\nimport { blake2b256 } from './blake2b-256';\n\nexport interface DualHashOutput {\n sha256: Uint8Array;\n blake2b256: Uint8Array;\n}\n\nexport function dualHash(input: Uint8Array): DualHashOutput {\n return {\n sha256: sha256(input),\n blake2b256: blake2b256(input),\n };\n}\n\nexport async function dualHashStream(source: AsyncIterable<Uint8Array>): Promise<DualHashOutput> {\n const [sha, blake] = await Promise.all([createSHA256(), createBLAKE2b(256)]);\n sha.init();\n blake.init();\n for await (const chunk of source) {\n sha.update(chunk);\n blake.update(chunk);\n }\n return {\n sha256: sha.digest('binary') as Uint8Array,\n blake2b256: blake.digest('binary') as Uint8Array,\n };\n}\n","// Isomorphic constant-time byte-equality. crypto-core is browser-safe by\n// design, so we cannot import `node:crypto.timingSafeEqual` — webpack rejects\n// the `node:` scheme in the browser bundle. A pure-JS XOR loop is constant-time\n// for equal-length inputs; length mismatch is a deliberate early-return (the\n// API surface itself leaks length, same as node's timingSafeEqual which throws).\nexport function compareCt(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n let diff = 0;\n // Lengths are equal and `i` stays in-bounds, so both indexes are always\n // defined — no nullish guard is needed (and one would read as a guard for\n // an impossible case).\n for (let i = 0; i < a.length; i++) diff |= (a[i] as number) ^ (b[i] as number);\n return diff === 0;\n}\n","// RFC 9162 §2.1.1 binary Merkle tree under SHA-256.\n// This implements the algorithm tier identified on the wire as the\n// `rfc9162-sha256` OPT-INFO; the record's `merkle[]` field carries the proof.\n//\n// Construction (RFC 9162 §2.1.1):\n// - Single leaf: MTH({d_0}) = SHA-256(0x00 || d_0)\n// - Internal node: MTH(L) = SHA-256(0x01 || MTH(L[0:k]) || MTH(L[k:n]))\n// where k = largest power of 2 strictly less than n.\n// - Empty trees (n == 0) are FORBIDDEN.\n// - The 0x00 leaf / 0x01 internal prefixes prevent the CVE-2012-2459\n// leaf-vs-internal collision family.\n\nimport { sha256 } from '@noble/hashes/sha2.js';\n\nimport { compareCt } from '../util/compare-ct';\n\nexport const MERKLE_ALG_ID = 'rfc9162-sha256' as const;\n\nconst LEAF_PREFIX = 0x00;\nconst NODE_PREFIX = 0x01;\nconst DIGEST_LENGTH = 32;\n\nfunction validateLeaves(leaves: ReadonlyArray<Uint8Array>, fnName: string): void {\n if (leaves.length === 0) {\n throw new Error(`${fnName}: empty leaf list (n == 0 is forbidden by RFC 9162 §2.1.1)`);\n }\n for (let i = 0; i < leaves.length; i++) {\n const leaf = leaves[i];\n if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) {\n throw new Error(\n `${fnName}: leaf[${i}] must be a Uint8Array(${DIGEST_LENGTH}); got length ${\n leaf instanceof Uint8Array ? leaf.length : 'non-Uint8Array'\n }`,\n );\n }\n }\n}\n\nexport function merkleSha2256Root(leaves: ReadonlyArray<Uint8Array>): Uint8Array {\n validateLeaves(leaves, 'merkleSha2256Root');\n return mthRecursive(leaves, 0, leaves.length);\n}\n\nexport function merkleSha2256InclusionProof(\n leaves: ReadonlyArray<Uint8Array>,\n index: number,\n): Uint8Array[] {\n validateLeaves(leaves, 'merkleSha2256InclusionProof');\n if (!Number.isInteger(index) || index < 0 || index >= leaves.length) {\n throw new Error(\n `merkleSha2256InclusionProof: index ${index} out of range [0, ${leaves.length})`,\n );\n }\n return auditPath(leaves, index, 0, leaves.length);\n}\n\n/**\n * Verify an inclusion proof per RFC 9162 §2.1.3.2 (iterative form).\n *\n * `proof` is ordered leaf-to-root: `proof[0]` is the sibling at the leaf\n * level, `proof[m-1]` is the top-level sibling. The fold uses the\n * `sn`/`fn` tracking from RFC 9162: `sn` is the leaf index within the\n * current subtree, `fn` is (subtree_size - 1). At each step, `sn` odd\n * OR `sn == fn` means the current node is a right child (sibling on\n * the left); otherwise it is a left child (sibling on the right).\n * Both shift right by one each iteration. This handles non-power-of-2\n * sizes including the \"promote a lone right subtree\" cases.\n */\nexport function merkleSha2256VerifyInclusion(\n leaf: Uint8Array,\n index: number,\n treeSize: number,\n proof: ReadonlyArray<Uint8Array>,\n root: Uint8Array,\n): boolean {\n if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) return false;\n if (!(root instanceof Uint8Array) || root.length !== DIGEST_LENGTH) return false;\n if (\n !Number.isInteger(index) ||\n !Number.isInteger(treeSize) ||\n treeSize < 1 ||\n index < 0 ||\n index >= treeSize\n ) {\n return false;\n }\n for (let i = 0; i < proof.length; i++) {\n const sibling = proof[i];\n if (!(sibling instanceof Uint8Array) || sibling.length !== DIGEST_LENGTH) {\n return false;\n }\n }\n\n if (treeSize === 1) {\n if (proof.length !== 0 || index !== 0) return false;\n return compareCt(hashLeaf(leaf), root);\n }\n\n let h = hashLeaf(leaf);\n let sn = index;\n let fn = treeSize - 1;\n for (let i = 0; i < proof.length; i++) {\n if (fn === 0) return false;\n const sibling = proof[i] as Uint8Array;\n if ((sn & 1) === 1 || sn === fn) {\n h = hashNode(sibling, h);\n while ((sn & 1) === 0 && sn !== 0) {\n sn >>>= 1;\n fn >>>= 1;\n }\n } else {\n h = hashNode(h, sibling);\n }\n sn >>>= 1;\n fn >>>= 1;\n }\n if (fn !== 0) return false;\n return compareCt(h, root);\n}\n\nfunction largestPow2Lt(n: number): number {\n let k = 1;\n while (k * 2 < n) k *= 2;\n return k;\n}\n\nfunction hashLeaf(d: Uint8Array): Uint8Array {\n const buf = new Uint8Array(1 + d.length);\n buf[0] = LEAF_PREFIX;\n buf.set(d, 1);\n return sha256(buf);\n}\n\nfunction hashNode(left: Uint8Array, right: Uint8Array): Uint8Array {\n const buf = new Uint8Array(1 + left.length + right.length);\n buf[0] = NODE_PREFIX;\n buf.set(left, 1);\n buf.set(right, 1 + left.length);\n return sha256(buf);\n}\n\nfunction mthRecursive(leaves: ReadonlyArray<Uint8Array>, start: number, end: number): Uint8Array {\n const n = end - start;\n if (n === 1) {\n return hashLeaf(leaves[start] as Uint8Array);\n }\n const k = largestPow2Lt(n);\n const left = mthRecursive(leaves, start, start + k);\n const right = mthRecursive(leaves, start + k, end);\n return hashNode(left, right);\n}\n\nfunction auditPath(\n leaves: ReadonlyArray<Uint8Array>,\n i: number,\n start: number,\n end: number,\n): Uint8Array[] {\n const n = end - start;\n if (n === 1) return [];\n const k = largestPow2Lt(n);\n if (i < k) {\n const subPath = auditPath(leaves, i, start, start + k);\n subPath.push(mthRecursive(leaves, start + k, end));\n return subPath;\n }\n const subPath = auditPath(leaves, i - k, start + k, end);\n subPath.push(mthRecursive(leaves, start, start + k));\n return subPath;\n}\n"]}