@cardanowall/crypto-core 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. package/dist/cbor.d.cts +6 -2
  2. package/dist/cbor.d.ts +6 -2
  3. package/dist/hash.cjs +10 -1
  4. package/dist/hash.cjs.map +1 -1
  5. package/dist/hash.d.cts +8 -1
  6. package/dist/hash.d.ts +8 -1
  7. package/dist/hash.js +10 -2
  8. package/dist/hash.js.map +1 -1
  9. package/dist/index.cjs +2123 -409
  10. package/dist/index.cjs.map +1 -1
  11. package/dist/index.d.cts +4 -5
  12. package/dist/index.d.ts +4 -5
  13. package/dist/index.js +2098 -400
  14. package/dist/index.js.map +1 -1
  15. package/dist/sealed-poe.cjs +1959 -332
  16. package/dist/sealed-poe.cjs.map +1 -1
  17. package/dist/sealed-poe.d.cts +141 -62
  18. package/dist/sealed-poe.d.ts +141 -62
  19. package/dist/sealed-poe.js +1940 -324
  20. package/dist/sealed-poe.js.map +1 -1
  21. package/dist/seed-derive.cjs +195 -0
  22. package/dist/seed-derive.cjs.map +1 -1
  23. package/dist/seed-derive.d.cts +12 -1
  24. package/dist/seed-derive.d.ts +12 -1
  25. package/dist/seed-derive.js +192 -1
  26. package/dist/seed-derive.js.map +1 -1
  27. package/package.json +1 -1
  28. package/dist/canonical-DHeJLYDR.d.cts +0 -7
  29. package/dist/canonical-DHeJLYDR.d.ts +0 -7
package/dist/cbor.d.cts CHANGED
@@ -1,4 +1,8 @@
1
- export { C as CanonicalCborValue, d as decodeCanonicalCbor, e as encodeCanonicalCbor } from './canonical-DHeJLYDR.cjs';
1
+ type CanonicalCborValue = null | boolean | number | bigint | string | Uint8Array | readonly CanonicalCborValue[] | {
2
+ readonly [key: string]: CanonicalCborValue;
3
+ } | ReadonlyMap<string | number, CanonicalCborValue>;
4
+ declare function encodeCanonicalCbor(value: CanonicalCborValue): Uint8Array;
5
+ declare function decodeCanonicalCbor(bytes: Uint8Array): unknown;
2
6
 
3
7
  type CanonicalCborErrorCode = 'MALFORMED_CBOR';
4
8
  declare class CanonicalCborError extends Error {
@@ -10,4 +14,4 @@ declare class CanonicalCborError extends Error {
10
14
 
11
15
  declare function decodeCbor(bytes: Uint8Array): unknown;
12
16
 
13
- export { CanonicalCborError, type CanonicalCborErrorCode, decodeCbor };
17
+ export { CanonicalCborError, type CanonicalCborErrorCode, type CanonicalCborValue, decodeCanonicalCbor, decodeCbor, encodeCanonicalCbor };
package/dist/cbor.d.ts CHANGED
@@ -1,4 +1,8 @@
1
- export { C as CanonicalCborValue, d as decodeCanonicalCbor, e as encodeCanonicalCbor } from './canonical-DHeJLYDR.js';
1
+ type CanonicalCborValue = null | boolean | number | bigint | string | Uint8Array | readonly CanonicalCborValue[] | {
2
+ readonly [key: string]: CanonicalCborValue;
3
+ } | ReadonlyMap<string | number, CanonicalCborValue>;
4
+ declare function encodeCanonicalCbor(value: CanonicalCborValue): Uint8Array;
5
+ declare function decodeCanonicalCbor(bytes: Uint8Array): unknown;
2
6
 
3
7
  type CanonicalCborErrorCode = 'MALFORMED_CBOR';
4
8
  declare class CanonicalCborError extends Error {
@@ -10,4 +14,4 @@ declare class CanonicalCborError extends Error {
10
14
 
11
15
  declare function decodeCbor(bytes: Uint8Array): unknown;
12
16
 
13
- export { CanonicalCborError, type CanonicalCborErrorCode, decodeCbor };
17
+ export { CanonicalCborError, type CanonicalCborErrorCode, type CanonicalCborValue, decodeCanonicalCbor, decodeCbor, encodeCanonicalCbor };
package/dist/hash.cjs CHANGED
@@ -1,13 +1,21 @@
1
1
  'use strict';
2
2
 
3
+ var hashWasm = require('hash-wasm');
3
4
  var sha2_js = require('@noble/hashes/sha2.js');
4
5
  var blake2_js = require('@noble/hashes/blake2.js');
5
- var hashWasm = require('hash-wasm');
6
6
 
7
7
  // src/hash/sha-256.ts
8
8
  function sha256(input) {
9
9
  return sha2_js.sha256(input);
10
10
  }
11
+ async function sha256Stream(source) {
12
+ const hasher = await hashWasm.createSHA256();
13
+ hasher.init();
14
+ for await (const chunk of source) {
15
+ hasher.update(chunk);
16
+ }
17
+ return hasher.digest("binary");
18
+ }
11
19
  function blake2b256(input) {
12
20
  return blake2_js.blake2b(input, { dkLen: 32 });
13
21
  }
@@ -161,5 +169,6 @@ exports.merkleSha2256InclusionProof = merkleSha2256InclusionProof;
161
169
  exports.merkleSha2256Root = merkleSha2256Root;
162
170
  exports.merkleSha2256VerifyInclusion = merkleSha2256VerifyInclusion;
163
171
  exports.sha256 = sha256;
172
+ exports.sha256Stream = sha256Stream;
164
173
  //# sourceMappingURL=hash.cjs.map
165
174
  //# sourceMappingURL=hash.cjs.map
package/dist/hash.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/hash/sha-256.ts","../src/hash/blake2b-256.ts","../src/hash/dual-hash.ts","../src/util/compare-ct.ts","../src/hash/merkle-sha2-256.ts"],"names":["nobleSha256","blake2b","createSHA256","createBLAKE2b","sha256","subPath"],"mappings":";;;;;;;AAEO,SAAS,OAAO,KAAA,EAA+B;AACpD,EAAA,OAAOA,eAAY,KAAK,CAAA;AAC1B;ACFO,SAAS,WAAW,KAAA,EAA+B;AACxD,EAAA,OAAOC,iBAAA,CAAQ,KAAA,EAAO,EAAE,KAAA,EAAO,IAAI,CAAA;AACrC;AAOO,SAAS,WAAW,KAAA,EAA+B;AACxD,EAAA,OAAOA,iBAAA,CAAQ,KAAA,EAAO,EAAE,KAAA,EAAO,IAAI,CAAA;AACrC;ACHO,SAAS,SAAS,KAAA,EAAmC;AAC1D,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,OAAO,KAAK,CAAA;AAAA,IACpB,UAAA,EAAY,WAAW,KAAK;AAAA,GAC9B;AACF;AAEA,eAAsB,eAAe,MAAA,EAA4D;AAC/F,EAAA,MAAM,CAAC,GAAA,EAAK,KAAK,CAAA,GAAI,MAAM,OAAA,CAAQ,GAAA,CAAI,CAACC,qBAAA,EAAa,EAAGC,sBAAA,CAAc,GAAG,CAAC,CAAC,CAAA;AAC3E,EAAA,GAAA,CAAI,IAAA,EAAK;AACT,EAAA,KAAA,CAAM,IAAA,EAAK;AACX,EAAA,WAAA,MAAiB,SAAS,MAAA,EAAQ;AAChC,IAAA,GAAA,CAAI,OAAO,KAAK,CAAA;AAChB,IAAA,KAAA,CAAM,OAAO,KAAK,CAAA;AAAA,EACpB;AACA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA;AAAA,IAC3B,UAAA,EAAY,KAAA,CAAM,MAAA,CAAO,QAAQ;AAAA,GACnC;AACF;;;ACxBO,SAAS,SAAA,CAAU,GAAe,CAAA,EAAwB;AAC/D,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ,OAAO,KAAA;AAClC,EAAA,IAAI,IAAA,GAAO,CAAA;AAIX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,MAAA,EAAQ,CAAA,EAAA,EAAK,IAAA,IAAS,CAAA,CAAE,CAAC,CAAA,GAAgB,CAAA,CAAE,CAAC,CAAA;AAClE,EAAA,OAAO,IAAA,KAAS,CAAA;AAClB;;;ACGO,IAAM,aAAA,GAAgB;AAE7B,IAAM,WAAA,GAAc,CAAA;AACpB,IAAM,WAAA,GAAc,CAAA;AACpB,IAAM,aAAA,GAAgB,EAAA;AAEtB,SAAS,cAAA,CAAe,QAAmC,MAAA,EAAsB;AAC/E,EAAA,IAAI,MAAA,CAAO,WAAW,CAAA,EAAG;AACvB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,MAAM,CAAA,6DAAA,CAA4D,CAAA;AAAA,EACvF;AACA,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,MAAM,IAAA,GAAO,OAAO,CAAC,CAAA;AACrB,IAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,WAAW,aAAA,EAAe;AAClE,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,EAAG,MAAM,CAAA,OAAA,EAAU,CAAC,CAAA,uBAAA,EAA0B,aAAa,CAAA,cAAA,EACzD,IAAA,YAAgB,UAAA,GAAa,IAAA,CAAK,MAAA,GAAS,gBAC7C,CAAA;AAAA,OACF;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,kBAAkB,MAAA,EAA+C;AAC/E,EAAA,cAAA,CAAe,QAAQ,mBAAmB,CAAA;AAC1C,EAAA,OAAO,YAAA,CAAa,MAAA,EAAQ,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA;AAC9C;AAEO,SAAS,2BAAA,CACd,QACA,KAAA,EACc;AACd,EAAA,cAAA,CAAe,QAAQ,6BAA6B,CAAA;AACpD,EAAA,IAAI,CAAC,OAAO,SAAA,CAAU,KAAK,KAAK,KAAA,GAAQ,CAAA,IAAK,KAAA,IAAS,MAAA,CAAO,MAAA,EAAQ;AACnE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,mCAAA,EAAsC,KAAK,CAAA,kBAAA,EAAqB,MAAA,CAAO,MAAM,CAAA,CAAA;AAAA,KAC/E;AAAA,EACF;AACA,EAAA,OAAO,SAAA,CAAU,MAAA,EAAQ,KAAA,EAAO,CAAA,EAAG,OAAO,MAAM,CAAA;AAClD;AAcO,SAAS,4BAAA,CACd,IAAA,EACA,KAAA,EACA,QAAA,EACA,OACA,IAAA,EACS;AACT,EAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,MAAA,KAAW,eAAe,OAAO,KAAA;AAC3E,EAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,MAAA,KAAW,eAAe,OAAO,KAAA;AAC3E,EAAA,IACE,CAAC,MAAA,CAAO,SAAA,CAAU,KAAK,KACvB,CAAC,MAAA,CAAO,SAAA,CAAU,QAAQ,KAC1B,QAAA,GAAW,CAAA,IACX,KAAA,GAAQ,CAAA,IACR,SAAS,QAAA,EACT;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,IAAA,IAAI,EAAE,OAAA,YAAmB,UAAA,CAAA,IAAe,OAAA,CAAQ,WAAW,aAAA,EAAe;AACxE,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,IAAI,aAAa,CAAA,EAAG;AAClB,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,IAAK,KAAA,KAAU,GAAG,OAAO,KAAA;AAC9C,IAAA,OAAO,SAAA,CAAU,QAAA,CAAS,IAAI,CAAA,EAAG,IAAI,CAAA;AAAA,EACvC;AAEA,EAAA,IAAI,CAAA,GAAI,SAAS,IAAI,CAAA;AACrB,EAAA,IAAI,EAAA,GAAK,KAAA;AACT,EAAA,IAAI,KAAK,QAAA,GAAW,CAAA;AACpB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,IAAI,EAAA,KAAO,GAAG,OAAO,KAAA;AACrB,IAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,IAAA,IAAA,CAAK,EAAA,GAAK,CAAA,MAAO,CAAA,IAAK,EAAA,KAAO,EAAA,EAAI;AAC/B,MAAA,CAAA,GAAI,QAAA,CAAS,SAAS,CAAC,CAAA;AACvB,MAAA,OAAA,CAAQ,EAAA,GAAK,CAAA,MAAO,CAAA,IAAK,EAAA,KAAO,CAAA,EAAG;AACjC,QAAA,EAAA,MAAQ,CAAA;AACR,QAAA,EAAA,MAAQ,CAAA;AAAA,MACV;AAAA,IACF,CAAA,MAAO;AACL,MAAA,CAAA,GAAI,QAAA,CAAS,GAAG,OAAO,CAAA;AAAA,IACzB;AACA,IAAA,EAAA,MAAQ,CAAA;AACR,IAAA,EAAA,MAAQ,CAAA;AAAA,EACV;AACA,EAAA,IAAI,EAAA,KAAO,GAAG,OAAO,KAAA;AACrB,EAAA,OAAO,SAAA,CAAU,GAAG,IAAI,CAAA;AAC1B;AAEA,SAAS,cAAc,CAAA,EAAmB;AACxC,EAAA,IAAI,CAAA,GAAI,CAAA;AACR,EAAA,OAAO,CAAA,GAAI,CAAA,GAAI,CAAA,EAAG,CAAA,IAAK,CAAA;AACvB,EAAA,OAAO,CAAA;AACT;AAEA,SAAS,SAAS,CAAA,EAA2B;AAC3C,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,CAAA,GAAI,EAAE,MAAM,CAAA;AACvC,EAAA,GAAA,CAAI,CAAC,CAAA,GAAI,WAAA;AACT,EAAA,GAAA,CAAI,GAAA,CAAI,GAAG,CAAC,CAAA;AACZ,EAAA,OAAOC,eAAO,GAAG,CAAA;AACnB;AAEA,SAAS,QAAA,CAAS,MAAkB,KAAA,EAA+B;AACjE,EAAA,MAAM,MAAM,IAAI,UAAA,CAAW,IAAI,IAAA,CAAK,MAAA,GAAS,MAAM,MAAM,CAAA;AACzD,EAAA,GAAA,CAAI,CAAC,CAAA,GAAI,WAAA;AACT,EAAA,GAAA,CAAI,GAAA,CAAI,MAAM,CAAC,CAAA;AACf,EAAA,GAAA,CAAI,GAAA,CAAI,KAAA,EAAO,CAAA,GAAI,IAAA,CAAK,MAAM,CAAA;AAC9B,EAAA,OAAOA,eAAO,GAAG,CAAA;AACnB;AAEA,SAAS,YAAA,CAAa,MAAA,EAAmC,KAAA,EAAe,GAAA,EAAyB;AAC/F,EAAA,MAAM,IAAI,GAAA,GAAM,KAAA;AAChB,EAAA,IAAI,MAAM,CAAA,EAAG;AACX,IAAA,OAAO,QAAA,CAAS,MAAA,CAAO,KAAK,CAAe,CAAA;AAAA,EAC7C;AACA,EAAA,MAAM,CAAA,GAAI,cAAc,CAAC,CAAA;AACzB,EAAA,MAAM,IAAA,GAAO,YAAA,CAAa,MAAA,EAAQ,KAAA,EAAO,QAAQ,CAAC,CAAA;AAClD,EAAA,MAAM,KAAA,GAAQ,YAAA,CAAa,MAAA,EAAQ,KAAA,GAAQ,GAAG,GAAG,CAAA;AACjD,EAAA,OAAO,QAAA,CAAS,MAAM,KAAK,CAAA;AAC7B;AAEA,SAAS,SAAA,CACP,MAAA,EACA,CAAA,EACA,KAAA,EACA,GAAA,EACc;AACd,EAAA,MAAM,IAAI,GAAA,GAAM,KAAA;AAChB,EAAA,IAAI,CAAA,KAAM,CAAA,EAAG,OAAO,EAAC;AACrB,EAAA,MAAM,CAAA,GAAI,cAAc,CAAC,CAAA;AACzB,EAAA,IAAI,IAAI,CAAA,EAAG;AACT,IAAA,MAAMC,WAAU,SAAA,CAAU,MAAA,EAAQ,CAAA,EAAG,KAAA,EAAO,QAAQ,CAAC,CAAA;AACrD,IAAAA,SAAQ,IAAA,CAAK,YAAA,CAAa,QAAQ,KAAA,GAAQ,CAAA,EAAG,GAAG,CAAC,CAAA;AACjD,IAAA,OAAOA,QAAAA;AAAA,EACT;AACA,EAAA,MAAM,UAAU,SAAA,CAAU,MAAA,EAAQ,IAAI,CAAA,EAAG,KAAA,GAAQ,GAAG,GAAG,CAAA;AACvD,EAAA,OAAA,CAAQ,KAAK,YAAA,CAAa,MAAA,EAAQ,KAAA,EAAO,KAAA,GAAQ,CAAC,CAAC,CAAA;AACnD,EAAA,OAAO,OAAA;AACT","file":"hash.cjs","sourcesContent":["import { sha256 as nobleSha256 } from '@noble/hashes/sha2.js';\n\nexport function sha256(input: Uint8Array): Uint8Array {\n return nobleSha256(input);\n}\n","import { blake2b } from '@noble/hashes/blake2.js';\n\nexport function blake2b256(input: Uint8Array): Uint8Array {\n return blake2b(input, { dkLen: 32 });\n}\n\n// CIP-19 stake-address derivation, used for the wallet path-2 signer binding,\n// requires the 28-byte BLAKE2b digest of the signer's Ed25519 public key.\n// The Cardano ledger encodes stake addresses as\n// `network_header_byte || Blake2b-224(stake_vk)`\n// per CIP-19, so this output length is fixed by spec.\nexport function blake2b224(input: Uint8Array): Uint8Array {\n return blake2b(input, { dkLen: 28 });\n}\n","import { createSHA256, createBLAKE2b } from 'hash-wasm';\n\nimport { sha256 } from './sha-256';\nimport { blake2b256 } from './blake2b-256';\n\nexport interface DualHashOutput {\n sha256: Uint8Array;\n blake2b256: Uint8Array;\n}\n\nexport function dualHash(input: Uint8Array): DualHashOutput {\n return {\n sha256: sha256(input),\n blake2b256: blake2b256(input),\n };\n}\n\nexport async function dualHashStream(source: AsyncIterable<Uint8Array>): Promise<DualHashOutput> {\n const [sha, blake] = await Promise.all([createSHA256(), createBLAKE2b(256)]);\n sha.init();\n blake.init();\n for await (const chunk of source) {\n sha.update(chunk);\n blake.update(chunk);\n }\n return {\n sha256: sha.digest('binary') as Uint8Array,\n blake2b256: blake.digest('binary') as Uint8Array,\n };\n}\n","// Isomorphic constant-time byte-equality. crypto-core is browser-safe by\n// design, so we cannot import `node:crypto.timingSafeEqual` — webpack rejects\n// the `node:` scheme in the browser bundle. A pure-JS XOR loop is constant-time\n// for equal-length inputs; length mismatch is a deliberate early-return (the\n// API surface itself leaks length, same as node's timingSafeEqual which throws).\nexport function compareCt(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n let diff = 0;\n // Lengths are equal and `i` stays in-bounds, so both indexes are always\n // defined — no nullish guard is needed (and one would read as a guard for\n // an impossible case).\n for (let i = 0; i < a.length; i++) diff |= (a[i] as number) ^ (b[i] as number);\n return diff === 0;\n}\n","// RFC 9162 §2.1.1 binary Merkle tree under SHA-256.\n// This implements the algorithm tier identified on the wire as the\n// `rfc9162-sha256` OPT-INFO; the record's `merkle[]` field carries the proof.\n//\n// Construction (RFC 9162 §2.1.1):\n// - Single leaf: MTH({d_0}) = SHA-256(0x00 || d_0)\n// - Internal node: MTH(L) = SHA-256(0x01 || MTH(L[0:k]) || MTH(L[k:n]))\n// where k = largest power of 2 strictly less than n.\n// - Empty trees (n == 0) are FORBIDDEN.\n// - The 0x00 leaf / 0x01 internal prefixes prevent the CVE-2012-2459\n// leaf-vs-internal collision family.\n\nimport { sha256 } from '@noble/hashes/sha2.js';\n\nimport { compareCt } from '../util/compare-ct';\n\nexport const MERKLE_ALG_ID = 'rfc9162-sha256' as const;\n\nconst LEAF_PREFIX = 0x00;\nconst NODE_PREFIX = 0x01;\nconst DIGEST_LENGTH = 32;\n\nfunction validateLeaves(leaves: ReadonlyArray<Uint8Array>, fnName: string): void {\n if (leaves.length === 0) {\n throw new Error(`${fnName}: empty leaf list (n == 0 is forbidden by RFC 9162 §2.1.1)`);\n }\n for (let i = 0; i < leaves.length; i++) {\n const leaf = leaves[i];\n if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) {\n throw new Error(\n `${fnName}: leaf[${i}] must be a Uint8Array(${DIGEST_LENGTH}); got length ${\n leaf instanceof Uint8Array ? leaf.length : 'non-Uint8Array'\n }`,\n );\n }\n }\n}\n\nexport function merkleSha2256Root(leaves: ReadonlyArray<Uint8Array>): Uint8Array {\n validateLeaves(leaves, 'merkleSha2256Root');\n return mthRecursive(leaves, 0, leaves.length);\n}\n\nexport function merkleSha2256InclusionProof(\n leaves: ReadonlyArray<Uint8Array>,\n index: number,\n): Uint8Array[] {\n validateLeaves(leaves, 'merkleSha2256InclusionProof');\n if (!Number.isInteger(index) || index < 0 || index >= leaves.length) {\n throw new Error(\n `merkleSha2256InclusionProof: index ${index} out of range [0, ${leaves.length})`,\n );\n }\n return auditPath(leaves, index, 0, leaves.length);\n}\n\n/**\n * Verify an inclusion proof per RFC 9162 §2.1.3.2 (iterative form).\n *\n * `proof` is ordered leaf-to-root: `proof[0]` is the sibling at the leaf\n * level, `proof[m-1]` is the top-level sibling. The fold uses the\n * `sn`/`fn` tracking from RFC 9162: `sn` is the leaf index within the\n * current subtree, `fn` is (subtree_size - 1). At each step, `sn` odd\n * OR `sn == fn` means the current node is a right child (sibling on\n * the left); otherwise it is a left child (sibling on the right).\n * Both shift right by one each iteration. This handles non-power-of-2\n * sizes including the \"promote a lone right subtree\" cases.\n */\nexport function merkleSha2256VerifyInclusion(\n leaf: Uint8Array,\n index: number,\n treeSize: number,\n proof: ReadonlyArray<Uint8Array>,\n root: Uint8Array,\n): boolean {\n if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) return false;\n if (!(root instanceof Uint8Array) || root.length !== DIGEST_LENGTH) return false;\n if (\n !Number.isInteger(index) ||\n !Number.isInteger(treeSize) ||\n treeSize < 1 ||\n index < 0 ||\n index >= treeSize\n ) {\n return false;\n }\n for (let i = 0; i < proof.length; i++) {\n const sibling = proof[i];\n if (!(sibling instanceof Uint8Array) || sibling.length !== DIGEST_LENGTH) {\n return false;\n }\n }\n\n if (treeSize === 1) {\n if (proof.length !== 0 || index !== 0) return false;\n return compareCt(hashLeaf(leaf), root);\n }\n\n let h = hashLeaf(leaf);\n let sn = index;\n let fn = treeSize - 1;\n for (let i = 0; i < proof.length; i++) {\n if (fn === 0) return false;\n const sibling = proof[i] as Uint8Array;\n if ((sn & 1) === 1 || sn === fn) {\n h = hashNode(sibling, h);\n while ((sn & 1) === 0 && sn !== 0) {\n sn >>>= 1;\n fn >>>= 1;\n }\n } else {\n h = hashNode(h, sibling);\n }\n sn >>>= 1;\n fn >>>= 1;\n }\n if (fn !== 0) return false;\n return compareCt(h, root);\n}\n\nfunction largestPow2Lt(n: number): number {\n let k = 1;\n while (k * 2 < n) k *= 2;\n return k;\n}\n\nfunction hashLeaf(d: Uint8Array): Uint8Array {\n const buf = new Uint8Array(1 + d.length);\n buf[0] = LEAF_PREFIX;\n buf.set(d, 1);\n return sha256(buf);\n}\n\nfunction hashNode(left: Uint8Array, right: Uint8Array): Uint8Array {\n const buf = new Uint8Array(1 + left.length + right.length);\n buf[0] = NODE_PREFIX;\n buf.set(left, 1);\n buf.set(right, 1 + left.length);\n return sha256(buf);\n}\n\nfunction mthRecursive(leaves: ReadonlyArray<Uint8Array>, start: number, end: number): Uint8Array {\n const n = end - start;\n if (n === 1) {\n return hashLeaf(leaves[start] as Uint8Array);\n }\n const k = largestPow2Lt(n);\n const left = mthRecursive(leaves, start, start + k);\n const right = mthRecursive(leaves, start + k, end);\n return hashNode(left, right);\n}\n\nfunction auditPath(\n leaves: ReadonlyArray<Uint8Array>,\n i: number,\n start: number,\n end: number,\n): Uint8Array[] {\n const n = end - start;\n if (n === 1) return [];\n const k = largestPow2Lt(n);\n if (i < k) {\n const subPath = auditPath(leaves, i, start, start + k);\n subPath.push(mthRecursive(leaves, start + k, end));\n return subPath;\n }\n const subPath = auditPath(leaves, i - k, start + k, end);\n subPath.push(mthRecursive(leaves, start, start + k));\n return subPath;\n}\n"]}
1
+ {"version":3,"sources":["../src/hash/sha-256.ts","../src/hash/blake2b-256.ts","../src/hash/dual-hash.ts","../src/util/compare-ct.ts","../src/hash/merkle-sha2-256.ts"],"names":["nobleSha256","createSHA256","blake2b","createBLAKE2b","sha256","subPath"],"mappings":";;;;;;;AAGO,SAAS,OAAO,KAAA,EAA+B;AACpD,EAAA,OAAOA,eAAY,KAAK,CAAA;AAC1B;AAQA,eAAsB,aAAa,MAAA,EAAwD;AACzF,EAAA,MAAM,MAAA,GAAS,MAAMC,qBAAA,EAAa;AAClC,EAAA,MAAA,CAAO,IAAA,EAAK;AACZ,EAAA,WAAA,MAAiB,SAAS,MAAA,EAAQ;AAChC,IAAA,MAAA,CAAO,OAAO,KAAK,CAAA;AAAA,EACrB;AACA,EAAA,OAAO,MAAA,CAAO,OAAO,QAAQ,CAAA;AAC/B;AClBO,SAAS,WAAW,KAAA,EAA+B;AACxD,EAAA,OAAOC,iBAAA,CAAQ,KAAA,EAAO,EAAE,KAAA,EAAO,IAAI,CAAA;AACrC;AAOO,SAAS,WAAW,KAAA,EAA+B;AACxD,EAAA,OAAOA,iBAAA,CAAQ,KAAA,EAAO,EAAE,KAAA,EAAO,IAAI,CAAA;AACrC;ACHO,SAAS,SAAS,KAAA,EAAmC;AAC1D,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,OAAO,KAAK,CAAA;AAAA,IACpB,UAAA,EAAY,WAAW,KAAK;AAAA,GAC9B;AACF;AAEA,eAAsB,eAAe,MAAA,EAA4D;AAC/F,EAAA,MAAM,CAAC,GAAA,EAAK,KAAK,CAAA,GAAI,MAAM,OAAA,CAAQ,GAAA,CAAI,CAACD,qBAAAA,EAAa,EAAGE,sBAAA,CAAc,GAAG,CAAC,CAAC,CAAA;AAC3E,EAAA,GAAA,CAAI,IAAA,EAAK;AACT,EAAA,KAAA,CAAM,IAAA,EAAK;AACX,EAAA,WAAA,MAAiB,SAAS,MAAA,EAAQ;AAChC,IAAA,GAAA,CAAI,OAAO,KAAK,CAAA;AAChB,IAAA,KAAA,CAAM,OAAO,KAAK,CAAA;AAAA,EACpB;AACA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA;AAAA,IAC3B,UAAA,EAAY,KAAA,CAAM,MAAA,CAAO,QAAQ;AAAA,GACnC;AACF;;;ACxBO,SAAS,SAAA,CAAU,GAAe,CAAA,EAAwB;AAC/D,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ,OAAO,KAAA;AAClC,EAAA,IAAI,IAAA,GAAO,CAAA;AAIX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,MAAA,EAAQ,CAAA,EAAA,EAAK,IAAA,IAAS,CAAA,CAAE,CAAC,CAAA,GAAgB,CAAA,CAAE,CAAC,CAAA;AAClE,EAAA,OAAO,IAAA,KAAS,CAAA;AAClB;;;ACGO,IAAM,aAAA,GAAgB;AAE7B,IAAM,WAAA,GAAc,CAAA;AACpB,IAAM,WAAA,GAAc,CAAA;AACpB,IAAM,aAAA,GAAgB,EAAA;AAEtB,SAAS,cAAA,CAAe,QAAmC,MAAA,EAAsB;AAC/E,EAAA,IAAI,MAAA,CAAO,WAAW,CAAA,EAAG;AACvB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,MAAM,CAAA,6DAAA,CAA4D,CAAA;AAAA,EACvF;AACA,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,MAAM,IAAA,GAAO,OAAO,CAAC,CAAA;AACrB,IAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,WAAW,aAAA,EAAe;AAClE,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,EAAG,MAAM,CAAA,OAAA,EAAU,CAAC,CAAA,uBAAA,EAA0B,aAAa,CAAA,cAAA,EACzD,IAAA,YAAgB,UAAA,GAAa,IAAA,CAAK,MAAA,GAAS,gBAC7C,CAAA;AAAA,OACF;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,kBAAkB,MAAA,EAA+C;AAC/E,EAAA,cAAA,CAAe,QAAQ,mBAAmB,CAAA;AAC1C,EAAA,OAAO,YAAA,CAAa,MAAA,EAAQ,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA;AAC9C;AAEO,SAAS,2BAAA,CACd,QACA,KAAA,EACc;AACd,EAAA,cAAA,CAAe,QAAQ,6BAA6B,CAAA;AACpD,EAAA,IAAI,CAAC,OAAO,SAAA,CAAU,KAAK,KAAK,KAAA,GAAQ,CAAA,IAAK,KAAA,IAAS,MAAA,CAAO,MAAA,EAAQ;AACnE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,mCAAA,EAAsC,KAAK,CAAA,kBAAA,EAAqB,MAAA,CAAO,MAAM,CAAA,CAAA;AAAA,KAC/E;AAAA,EACF;AACA,EAAA,OAAO,SAAA,CAAU,MAAA,EAAQ,KAAA,EAAO,CAAA,EAAG,OAAO,MAAM,CAAA;AAClD;AAcO,SAAS,4BAAA,CACd,IAAA,EACA,KAAA,EACA,QAAA,EACA,OACA,IAAA,EACS;AACT,EAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,MAAA,KAAW,eAAe,OAAO,KAAA;AAC3E,EAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,MAAA,KAAW,eAAe,OAAO,KAAA;AAC3E,EAAA,IACE,CAAC,MAAA,CAAO,SAAA,CAAU,KAAK,KACvB,CAAC,MAAA,CAAO,SAAA,CAAU,QAAQ,KAC1B,QAAA,GAAW,CAAA,IACX,KAAA,GAAQ,CAAA,IACR,SAAS,QAAA,EACT;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,IAAA,IAAI,EAAE,OAAA,YAAmB,UAAA,CAAA,IAAe,OAAA,CAAQ,WAAW,aAAA,EAAe;AACxE,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,IAAI,aAAa,CAAA,EAAG;AAClB,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,IAAK,KAAA,KAAU,GAAG,OAAO,KAAA;AAC9C,IAAA,OAAO,SAAA,CAAU,QAAA,CAAS,IAAI,CAAA,EAAG,IAAI,CAAA;AAAA,EACvC;AAEA,EAAA,IAAI,CAAA,GAAI,SAAS,IAAI,CAAA;AACrB,EAAA,IAAI,EAAA,GAAK,KAAA;AACT,EAAA,IAAI,KAAK,QAAA,GAAW,CAAA;AACpB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,IAAI,EAAA,KAAO,GAAG,OAAO,KAAA;AACrB,IAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,IAAA,IAAA,CAAK,EAAA,GAAK,CAAA,MAAO,CAAA,IAAK,EAAA,KAAO,EAAA,EAAI;AAC/B,MAAA,CAAA,GAAI,QAAA,CAAS,SAAS,CAAC,CAAA;AACvB,MAAA,OAAA,CAAQ,EAAA,GAAK,CAAA,MAAO,CAAA,IAAK,EAAA,KAAO,CAAA,EAAG;AACjC,QAAA,EAAA,MAAQ,CAAA;AACR,QAAA,EAAA,MAAQ,CAAA;AAAA,MACV;AAAA,IACF,CAAA,MAAO;AACL,MAAA,CAAA,GAAI,QAAA,CAAS,GAAG,OAAO,CAAA;AAAA,IACzB;AACA,IAAA,EAAA,MAAQ,CAAA;AACR,IAAA,EAAA,MAAQ,CAAA;AAAA,EACV;AACA,EAAA,IAAI,EAAA,KAAO,GAAG,OAAO,KAAA;AACrB,EAAA,OAAO,SAAA,CAAU,GAAG,IAAI,CAAA;AAC1B;AAEA,SAAS,cAAc,CAAA,EAAmB;AACxC,EAAA,IAAI,CAAA,GAAI,CAAA;AACR,EAAA,OAAO,CAAA,GAAI,CAAA,GAAI,CAAA,EAAG,CAAA,IAAK,CAAA;AACvB,EAAA,OAAO,CAAA;AACT;AAEA,SAAS,SAAS,CAAA,EAA2B;AAC3C,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,CAAA,GAAI,EAAE,MAAM,CAAA;AACvC,EAAA,GAAA,CAAI,CAAC,CAAA,GAAI,WAAA;AACT,EAAA,GAAA,CAAI,GAAA,CAAI,GAAG,CAAC,CAAA;AACZ,EAAA,OAAOC,eAAO,GAAG,CAAA;AACnB;AAEA,SAAS,QAAA,CAAS,MAAkB,KAAA,EAA+B;AACjE,EAAA,MAAM,MAAM,IAAI,UAAA,CAAW,IAAI,IAAA,CAAK,MAAA,GAAS,MAAM,MAAM,CAAA;AACzD,EAAA,GAAA,CAAI,CAAC,CAAA,GAAI,WAAA;AACT,EAAA,GAAA,CAAI,GAAA,CAAI,MAAM,CAAC,CAAA;AACf,EAAA,GAAA,CAAI,GAAA,CAAI,KAAA,EAAO,CAAA,GAAI,IAAA,CAAK,MAAM,CAAA;AAC9B,EAAA,OAAOA,eAAO,GAAG,CAAA;AACnB;AAEA,SAAS,YAAA,CAAa,MAAA,EAAmC,KAAA,EAAe,GAAA,EAAyB;AAC/F,EAAA,MAAM,IAAI,GAAA,GAAM,KAAA;AAChB,EAAA,IAAI,MAAM,CAAA,EAAG;AACX,IAAA,OAAO,QAAA,CAAS,MAAA,CAAO,KAAK,CAAe,CAAA;AAAA,EAC7C;AACA,EAAA,MAAM,CAAA,GAAI,cAAc,CAAC,CAAA;AACzB,EAAA,MAAM,IAAA,GAAO,YAAA,CAAa,MAAA,EAAQ,KAAA,EAAO,QAAQ,CAAC,CAAA;AAClD,EAAA,MAAM,KAAA,GAAQ,YAAA,CAAa,MAAA,EAAQ,KAAA,GAAQ,GAAG,GAAG,CAAA;AACjD,EAAA,OAAO,QAAA,CAAS,MAAM,KAAK,CAAA;AAC7B;AAEA,SAAS,SAAA,CACP,MAAA,EACA,CAAA,EACA,KAAA,EACA,GAAA,EACc;AACd,EAAA,MAAM,IAAI,GAAA,GAAM,KAAA;AAChB,EAAA,IAAI,CAAA,KAAM,CAAA,EAAG,OAAO,EAAC;AACrB,EAAA,MAAM,CAAA,GAAI,cAAc,CAAC,CAAA;AACzB,EAAA,IAAI,IAAI,CAAA,EAAG;AACT,IAAA,MAAMC,WAAU,SAAA,CAAU,MAAA,EAAQ,CAAA,EAAG,KAAA,EAAO,QAAQ,CAAC,CAAA;AACrD,IAAAA,SAAQ,IAAA,CAAK,YAAA,CAAa,QAAQ,KAAA,GAAQ,CAAA,EAAG,GAAG,CAAC,CAAA;AACjD,IAAA,OAAOA,QAAAA;AAAA,EACT;AACA,EAAA,MAAM,UAAU,SAAA,CAAU,MAAA,EAAQ,IAAI,CAAA,EAAG,KAAA,GAAQ,GAAG,GAAG,CAAA;AACvD,EAAA,OAAA,CAAQ,KAAK,YAAA,CAAa,MAAA,EAAQ,KAAA,EAAO,KAAA,GAAQ,CAAC,CAAC,CAAA;AACnD,EAAA,OAAO,OAAA;AACT","file":"hash.cjs","sourcesContent":["import { createSHA256 } from 'hash-wasm';\nimport { sha256 as nobleSha256 } from '@noble/hashes/sha2.js';\n\nexport function sha256(input: Uint8Array): Uint8Array {\n return nobleSha256(input);\n}\n\n/**\n * Stream a source through an incremental SHA-256 and return the 32-byte digest,\n * never holding more than one chunk in memory. Use this when the input is too\n * large to buffer (a multi-gigabyte file read in slices), where `sha256(input)`\n * would force the whole input into a single array first.\n */\nexport async function sha256Stream(source: AsyncIterable<Uint8Array>): Promise<Uint8Array> {\n const hasher = await createSHA256();\n hasher.init();\n for await (const chunk of source) {\n hasher.update(chunk);\n }\n return hasher.digest('binary') as Uint8Array;\n}\n","import { blake2b } from '@noble/hashes/blake2.js';\n\nexport function blake2b256(input: Uint8Array): Uint8Array {\n return blake2b(input, { dkLen: 32 });\n}\n\n// CIP-19 stake-address derivation, used for the wallet path-2 signer binding,\n// requires the 28-byte BLAKE2b digest of the signer's Ed25519 public key.\n// The Cardano ledger encodes stake addresses as\n// `network_header_byte || Blake2b-224(stake_vk)`\n// per CIP-19, so this output length is fixed by spec.\nexport function blake2b224(input: Uint8Array): Uint8Array {\n return blake2b(input, { dkLen: 28 });\n}\n","import { createSHA256, createBLAKE2b } from 'hash-wasm';\n\nimport { sha256 } from './sha-256';\nimport { blake2b256 } from './blake2b-256';\n\nexport interface DualHashOutput {\n sha256: Uint8Array;\n blake2b256: Uint8Array;\n}\n\nexport function dualHash(input: Uint8Array): DualHashOutput {\n return {\n sha256: sha256(input),\n blake2b256: blake2b256(input),\n };\n}\n\nexport async function dualHashStream(source: AsyncIterable<Uint8Array>): Promise<DualHashOutput> {\n const [sha, blake] = await Promise.all([createSHA256(), createBLAKE2b(256)]);\n sha.init();\n blake.init();\n for await (const chunk of source) {\n sha.update(chunk);\n blake.update(chunk);\n }\n return {\n sha256: sha.digest('binary') as Uint8Array,\n blake2b256: blake.digest('binary') as Uint8Array,\n };\n}\n","// Isomorphic constant-time byte-equality. crypto-core is browser-safe by\n// design, so we cannot import `node:crypto.timingSafeEqual` — webpack rejects\n// the `node:` scheme in the browser bundle. A pure-JS XOR loop is constant-time\n// for equal-length inputs; length mismatch is a deliberate early-return (the\n// API surface itself leaks length, same as node's timingSafeEqual which throws).\nexport function compareCt(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n let diff = 0;\n // Lengths are equal and `i` stays in-bounds, so both indexes are always\n // defined — no nullish guard is needed (and one would read as a guard for\n // an impossible case).\n for (let i = 0; i < a.length; i++) diff |= (a[i] as number) ^ (b[i] as number);\n return diff === 0;\n}\n","// RFC 9162 §2.1.1 binary Merkle tree under SHA-256.\n// This implements the algorithm tier identified on the wire as the\n// `rfc9162-sha256` OPT-INFO; the record's `merkle[]` field carries the proof.\n//\n// Construction (RFC 9162 §2.1.1):\n// - Single leaf: MTH({d_0}) = SHA-256(0x00 || d_0)\n// - Internal node: MTH(L) = SHA-256(0x01 || MTH(L[0:k]) || MTH(L[k:n]))\n// where k = largest power of 2 strictly less than n.\n// - Empty trees (n == 0) are FORBIDDEN.\n// - The 0x00 leaf / 0x01 internal prefixes prevent the CVE-2012-2459\n// leaf-vs-internal collision family.\n\nimport { sha256 } from '@noble/hashes/sha2.js';\n\nimport { compareCt } from '../util/compare-ct';\n\nexport const MERKLE_ALG_ID = 'rfc9162-sha256' as const;\n\nconst LEAF_PREFIX = 0x00;\nconst NODE_PREFIX = 0x01;\nconst DIGEST_LENGTH = 32;\n\nfunction validateLeaves(leaves: ReadonlyArray<Uint8Array>, fnName: string): void {\n if (leaves.length === 0) {\n throw new Error(`${fnName}: empty leaf list (n == 0 is forbidden by RFC 9162 §2.1.1)`);\n }\n for (let i = 0; i < leaves.length; i++) {\n const leaf = leaves[i];\n if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) {\n throw new Error(\n `${fnName}: leaf[${i}] must be a Uint8Array(${DIGEST_LENGTH}); got length ${\n leaf instanceof Uint8Array ? leaf.length : 'non-Uint8Array'\n }`,\n );\n }\n }\n}\n\nexport function merkleSha2256Root(leaves: ReadonlyArray<Uint8Array>): Uint8Array {\n validateLeaves(leaves, 'merkleSha2256Root');\n return mthRecursive(leaves, 0, leaves.length);\n}\n\nexport function merkleSha2256InclusionProof(\n leaves: ReadonlyArray<Uint8Array>,\n index: number,\n): Uint8Array[] {\n validateLeaves(leaves, 'merkleSha2256InclusionProof');\n if (!Number.isInteger(index) || index < 0 || index >= leaves.length) {\n throw new Error(\n `merkleSha2256InclusionProof: index ${index} out of range [0, ${leaves.length})`,\n );\n }\n return auditPath(leaves, index, 0, leaves.length);\n}\n\n/**\n * Verify an inclusion proof per RFC 9162 §2.1.3.2 (iterative form).\n *\n * `proof` is ordered leaf-to-root: `proof[0]` is the sibling at the leaf\n * level, `proof[m-1]` is the top-level sibling. The fold uses the\n * `sn`/`fn` tracking from RFC 9162: `sn` is the leaf index within the\n * current subtree, `fn` is (subtree_size - 1). At each step, `sn` odd\n * OR `sn == fn` means the current node is a right child (sibling on\n * the left); otherwise it is a left child (sibling on the right).\n * Both shift right by one each iteration. This handles non-power-of-2\n * sizes including the \"promote a lone right subtree\" cases.\n */\nexport function merkleSha2256VerifyInclusion(\n leaf: Uint8Array,\n index: number,\n treeSize: number,\n proof: ReadonlyArray<Uint8Array>,\n root: Uint8Array,\n): boolean {\n if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) return false;\n if (!(root instanceof Uint8Array) || root.length !== DIGEST_LENGTH) return false;\n if (\n !Number.isInteger(index) ||\n !Number.isInteger(treeSize) ||\n treeSize < 1 ||\n index < 0 ||\n index >= treeSize\n ) {\n return false;\n }\n for (let i = 0; i < proof.length; i++) {\n const sibling = proof[i];\n if (!(sibling instanceof Uint8Array) || sibling.length !== DIGEST_LENGTH) {\n return false;\n }\n }\n\n if (treeSize === 1) {\n if (proof.length !== 0 || index !== 0) return false;\n return compareCt(hashLeaf(leaf), root);\n }\n\n let h = hashLeaf(leaf);\n let sn = index;\n let fn = treeSize - 1;\n for (let i = 0; i < proof.length; i++) {\n if (fn === 0) return false;\n const sibling = proof[i] as Uint8Array;\n if ((sn & 1) === 1 || sn === fn) {\n h = hashNode(sibling, h);\n while ((sn & 1) === 0 && sn !== 0) {\n sn >>>= 1;\n fn >>>= 1;\n }\n } else {\n h = hashNode(h, sibling);\n }\n sn >>>= 1;\n fn >>>= 1;\n }\n if (fn !== 0) return false;\n return compareCt(h, root);\n}\n\nfunction largestPow2Lt(n: number): number {\n let k = 1;\n while (k * 2 < n) k *= 2;\n return k;\n}\n\nfunction hashLeaf(d: Uint8Array): Uint8Array {\n const buf = new Uint8Array(1 + d.length);\n buf[0] = LEAF_PREFIX;\n buf.set(d, 1);\n return sha256(buf);\n}\n\nfunction hashNode(left: Uint8Array, right: Uint8Array): Uint8Array {\n const buf = new Uint8Array(1 + left.length + right.length);\n buf[0] = NODE_PREFIX;\n buf.set(left, 1);\n buf.set(right, 1 + left.length);\n return sha256(buf);\n}\n\nfunction mthRecursive(leaves: ReadonlyArray<Uint8Array>, start: number, end: number): Uint8Array {\n const n = end - start;\n if (n === 1) {\n return hashLeaf(leaves[start] as Uint8Array);\n }\n const k = largestPow2Lt(n);\n const left = mthRecursive(leaves, start, start + k);\n const right = mthRecursive(leaves, start + k, end);\n return hashNode(left, right);\n}\n\nfunction auditPath(\n leaves: ReadonlyArray<Uint8Array>,\n i: number,\n start: number,\n end: number,\n): Uint8Array[] {\n const n = end - start;\n if (n === 1) return [];\n const k = largestPow2Lt(n);\n if (i < k) {\n const subPath = auditPath(leaves, i, start, start + k);\n subPath.push(mthRecursive(leaves, start + k, end));\n return subPath;\n }\n const subPath = auditPath(leaves, i - k, start + k, end);\n subPath.push(mthRecursive(leaves, start, start + k));\n return subPath;\n}\n"]}
package/dist/hash.d.cts CHANGED
@@ -1,4 +1,11 @@
1
1
  declare function sha256(input: Uint8Array): Uint8Array;
2
+ /**
3
+ * Stream a source through an incremental SHA-256 and return the 32-byte digest,
4
+ * never holding more than one chunk in memory. Use this when the input is too
5
+ * large to buffer (a multi-gigabyte file read in slices), where `sha256(input)`
6
+ * would force the whole input into a single array first.
7
+ */
8
+ declare function sha256Stream(source: AsyncIterable<Uint8Array>): Promise<Uint8Array>;
2
9
 
3
10
  declare function blake2b256(input: Uint8Array): Uint8Array;
4
11
  declare function blake2b224(input: Uint8Array): Uint8Array;
@@ -27,4 +34,4 @@ declare function merkleSha2256InclusionProof(leaves: ReadonlyArray<Uint8Array>,
27
34
  */
28
35
  declare function merkleSha2256VerifyInclusion(leaf: Uint8Array, index: number, treeSize: number, proof: ReadonlyArray<Uint8Array>, root: Uint8Array): boolean;
29
36
 
30
- export { type DualHashOutput, MERKLE_ALG_ID, blake2b224, blake2b256, dualHash, dualHashStream, merkleSha2256InclusionProof, merkleSha2256Root, merkleSha2256VerifyInclusion, sha256 };
37
+ export { type DualHashOutput, MERKLE_ALG_ID, blake2b224, blake2b256, dualHash, dualHashStream, merkleSha2256InclusionProof, merkleSha2256Root, merkleSha2256VerifyInclusion, sha256, sha256Stream };
package/dist/hash.d.ts CHANGED
@@ -1,4 +1,11 @@
1
1
  declare function sha256(input: Uint8Array): Uint8Array;
2
+ /**
3
+ * Stream a source through an incremental SHA-256 and return the 32-byte digest,
4
+ * never holding more than one chunk in memory. Use this when the input is too
5
+ * large to buffer (a multi-gigabyte file read in slices), where `sha256(input)`
6
+ * would force the whole input into a single array first.
7
+ */
8
+ declare function sha256Stream(source: AsyncIterable<Uint8Array>): Promise<Uint8Array>;
2
9
 
3
10
  declare function blake2b256(input: Uint8Array): Uint8Array;
4
11
  declare function blake2b224(input: Uint8Array): Uint8Array;
@@ -27,4 +34,4 @@ declare function merkleSha2256InclusionProof(leaves: ReadonlyArray<Uint8Array>,
27
34
  */
28
35
  declare function merkleSha2256VerifyInclusion(leaf: Uint8Array, index: number, treeSize: number, proof: ReadonlyArray<Uint8Array>, root: Uint8Array): boolean;
29
36
 
30
- export { type DualHashOutput, MERKLE_ALG_ID, blake2b224, blake2b256, dualHash, dualHashStream, merkleSha2256InclusionProof, merkleSha2256Root, merkleSha2256VerifyInclusion, sha256 };
37
+ export { type DualHashOutput, MERKLE_ALG_ID, blake2b224, blake2b256, dualHash, dualHashStream, merkleSha2256InclusionProof, merkleSha2256Root, merkleSha2256VerifyInclusion, sha256, sha256Stream };
package/dist/hash.js CHANGED
@@ -1,11 +1,19 @@
1
+ import { createSHA256, createBLAKE2b } from 'hash-wasm';
1
2
  import { sha256 as sha256$1 } from '@noble/hashes/sha2.js';
2
3
  import { blake2b } from '@noble/hashes/blake2.js';
3
- import { createSHA256, createBLAKE2b } from 'hash-wasm';
4
4
 
5
5
  // src/hash/sha-256.ts
6
6
  function sha256(input) {
7
7
  return sha256$1(input);
8
8
  }
9
+ async function sha256Stream(source) {
10
+ const hasher = await createSHA256();
11
+ hasher.init();
12
+ for await (const chunk of source) {
13
+ hasher.update(chunk);
14
+ }
15
+ return hasher.digest("binary");
16
+ }
9
17
  function blake2b256(input) {
10
18
  return blake2b(input, { dkLen: 32 });
11
19
  }
@@ -150,6 +158,6 @@ function auditPath(leaves, i, start, end) {
150
158
  return subPath;
151
159
  }
152
160
 
153
- export { MERKLE_ALG_ID, blake2b224, blake2b256, dualHash, dualHashStream, merkleSha2256InclusionProof, merkleSha2256Root, merkleSha2256VerifyInclusion, sha256 };
161
+ export { MERKLE_ALG_ID, blake2b224, blake2b256, dualHash, dualHashStream, merkleSha2256InclusionProof, merkleSha2256Root, merkleSha2256VerifyInclusion, sha256, sha256Stream };
154
162
  //# sourceMappingURL=hash.js.map
155
163
  //# sourceMappingURL=hash.js.map
package/dist/hash.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/hash/sha-256.ts","../src/hash/blake2b-256.ts","../src/hash/dual-hash.ts","../src/util/compare-ct.ts","../src/hash/merkle-sha2-256.ts"],"names":["nobleSha256","sha256","subPath"],"mappings":";;;;;AAEO,SAAS,OAAO,KAAA,EAA+B;AACpD,EAAA,OAAOA,SAAY,KAAK,CAAA;AAC1B;ACFO,SAAS,WAAW,KAAA,EAA+B;AACxD,EAAA,OAAO,OAAA,CAAQ,KAAA,EAAO,EAAE,KAAA,EAAO,IAAI,CAAA;AACrC;AAOO,SAAS,WAAW,KAAA,EAA+B;AACxD,EAAA,OAAO,OAAA,CAAQ,KAAA,EAAO,EAAE,KAAA,EAAO,IAAI,CAAA;AACrC;ACHO,SAAS,SAAS,KAAA,EAAmC;AAC1D,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,OAAO,KAAK,CAAA;AAAA,IACpB,UAAA,EAAY,WAAW,KAAK;AAAA,GAC9B;AACF;AAEA,eAAsB,eAAe,MAAA,EAA4D;AAC/F,EAAA,MAAM,CAAC,GAAA,EAAK,KAAK,CAAA,GAAI,MAAM,OAAA,CAAQ,GAAA,CAAI,CAAC,YAAA,EAAa,EAAG,aAAA,CAAc,GAAG,CAAC,CAAC,CAAA;AAC3E,EAAA,GAAA,CAAI,IAAA,EAAK;AACT,EAAA,KAAA,CAAM,IAAA,EAAK;AACX,EAAA,WAAA,MAAiB,SAAS,MAAA,EAAQ;AAChC,IAAA,GAAA,CAAI,OAAO,KAAK,CAAA;AAChB,IAAA,KAAA,CAAM,OAAO,KAAK,CAAA;AAAA,EACpB;AACA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA;AAAA,IAC3B,UAAA,EAAY,KAAA,CAAM,MAAA,CAAO,QAAQ;AAAA,GACnC;AACF;;;ACxBO,SAAS,SAAA,CAAU,GAAe,CAAA,EAAwB;AAC/D,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ,OAAO,KAAA;AAClC,EAAA,IAAI,IAAA,GAAO,CAAA;AAIX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,MAAA,EAAQ,CAAA,EAAA,EAAK,IAAA,IAAS,CAAA,CAAE,CAAC,CAAA,GAAgB,CAAA,CAAE,CAAC,CAAA;AAClE,EAAA,OAAO,IAAA,KAAS,CAAA;AAClB;;;ACGO,IAAM,aAAA,GAAgB;AAE7B,IAAM,WAAA,GAAc,CAAA;AACpB,IAAM,WAAA,GAAc,CAAA;AACpB,IAAM,aAAA,GAAgB,EAAA;AAEtB,SAAS,cAAA,CAAe,QAAmC,MAAA,EAAsB;AAC/E,EAAA,IAAI,MAAA,CAAO,WAAW,CAAA,EAAG;AACvB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,MAAM,CAAA,6DAAA,CAA4D,CAAA;AAAA,EACvF;AACA,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,MAAM,IAAA,GAAO,OAAO,CAAC,CAAA;AACrB,IAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,WAAW,aAAA,EAAe;AAClE,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,EAAG,MAAM,CAAA,OAAA,EAAU,CAAC,CAAA,uBAAA,EAA0B,aAAa,CAAA,cAAA,EACzD,IAAA,YAAgB,UAAA,GAAa,IAAA,CAAK,MAAA,GAAS,gBAC7C,CAAA;AAAA,OACF;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,kBAAkB,MAAA,EAA+C;AAC/E,EAAA,cAAA,CAAe,QAAQ,mBAAmB,CAAA;AAC1C,EAAA,OAAO,YAAA,CAAa,MAAA,EAAQ,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA;AAC9C;AAEO,SAAS,2BAAA,CACd,QACA,KAAA,EACc;AACd,EAAA,cAAA,CAAe,QAAQ,6BAA6B,CAAA;AACpD,EAAA,IAAI,CAAC,OAAO,SAAA,CAAU,KAAK,KAAK,KAAA,GAAQ,CAAA,IAAK,KAAA,IAAS,MAAA,CAAO,MAAA,EAAQ;AACnE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,mCAAA,EAAsC,KAAK,CAAA,kBAAA,EAAqB,MAAA,CAAO,MAAM,CAAA,CAAA;AAAA,KAC/E;AAAA,EACF;AACA,EAAA,OAAO,SAAA,CAAU,MAAA,EAAQ,KAAA,EAAO,CAAA,EAAG,OAAO,MAAM,CAAA;AAClD;AAcO,SAAS,4BAAA,CACd,IAAA,EACA,KAAA,EACA,QAAA,EACA,OACA,IAAA,EACS;AACT,EAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,MAAA,KAAW,eAAe,OAAO,KAAA;AAC3E,EAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,MAAA,KAAW,eAAe,OAAO,KAAA;AAC3E,EAAA,IACE,CAAC,MAAA,CAAO,SAAA,CAAU,KAAK,KACvB,CAAC,MAAA,CAAO,SAAA,CAAU,QAAQ,KAC1B,QAAA,GAAW,CAAA,IACX,KAAA,GAAQ,CAAA,IACR,SAAS,QAAA,EACT;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,IAAA,IAAI,EAAE,OAAA,YAAmB,UAAA,CAAA,IAAe,OAAA,CAAQ,WAAW,aAAA,EAAe;AACxE,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,IAAI,aAAa,CAAA,EAAG;AAClB,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,IAAK,KAAA,KAAU,GAAG,OAAO,KAAA;AAC9C,IAAA,OAAO,SAAA,CAAU,QAAA,CAAS,IAAI,CAAA,EAAG,IAAI,CAAA;AAAA,EACvC;AAEA,EAAA,IAAI,CAAA,GAAI,SAAS,IAAI,CAAA;AACrB,EAAA,IAAI,EAAA,GAAK,KAAA;AACT,EAAA,IAAI,KAAK,QAAA,GAAW,CAAA;AACpB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,IAAI,EAAA,KAAO,GAAG,OAAO,KAAA;AACrB,IAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,IAAA,IAAA,CAAK,EAAA,GAAK,CAAA,MAAO,CAAA,IAAK,EAAA,KAAO,EAAA,EAAI;AAC/B,MAAA,CAAA,GAAI,QAAA,CAAS,SAAS,CAAC,CAAA;AACvB,MAAA,OAAA,CAAQ,EAAA,GAAK,CAAA,MAAO,CAAA,IAAK,EAAA,KAAO,CAAA,EAAG;AACjC,QAAA,EAAA,MAAQ,CAAA;AACR,QAAA,EAAA,MAAQ,CAAA;AAAA,MACV;AAAA,IACF,CAAA,MAAO;AACL,MAAA,CAAA,GAAI,QAAA,CAAS,GAAG,OAAO,CAAA;AAAA,IACzB;AACA,IAAA,EAAA,MAAQ,CAAA;AACR,IAAA,EAAA,MAAQ,CAAA;AAAA,EACV;AACA,EAAA,IAAI,EAAA,KAAO,GAAG,OAAO,KAAA;AACrB,EAAA,OAAO,SAAA,CAAU,GAAG,IAAI,CAAA;AAC1B;AAEA,SAAS,cAAc,CAAA,EAAmB;AACxC,EAAA,IAAI,CAAA,GAAI,CAAA;AACR,EAAA,OAAO,CAAA,GAAI,CAAA,GAAI,CAAA,EAAG,CAAA,IAAK,CAAA;AACvB,EAAA,OAAO,CAAA;AACT;AAEA,SAAS,SAAS,CAAA,EAA2B;AAC3C,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,CAAA,GAAI,EAAE,MAAM,CAAA;AACvC,EAAA,GAAA,CAAI,CAAC,CAAA,GAAI,WAAA;AACT,EAAA,GAAA,CAAI,GAAA,CAAI,GAAG,CAAC,CAAA;AACZ,EAAA,OAAOC,SAAO,GAAG,CAAA;AACnB;AAEA,SAAS,QAAA,CAAS,MAAkB,KAAA,EAA+B;AACjE,EAAA,MAAM,MAAM,IAAI,UAAA,CAAW,IAAI,IAAA,CAAK,MAAA,GAAS,MAAM,MAAM,CAAA;AACzD,EAAA,GAAA,CAAI,CAAC,CAAA,GAAI,WAAA;AACT,EAAA,GAAA,CAAI,GAAA,CAAI,MAAM,CAAC,CAAA;AACf,EAAA,GAAA,CAAI,GAAA,CAAI,KAAA,EAAO,CAAA,GAAI,IAAA,CAAK,MAAM,CAAA;AAC9B,EAAA,OAAOA,SAAO,GAAG,CAAA;AACnB;AAEA,SAAS,YAAA,CAAa,MAAA,EAAmC,KAAA,EAAe,GAAA,EAAyB;AAC/F,EAAA,MAAM,IAAI,GAAA,GAAM,KAAA;AAChB,EAAA,IAAI,MAAM,CAAA,EAAG;AACX,IAAA,OAAO,QAAA,CAAS,MAAA,CAAO,KAAK,CAAe,CAAA;AAAA,EAC7C;AACA,EAAA,MAAM,CAAA,GAAI,cAAc,CAAC,CAAA;AACzB,EAAA,MAAM,IAAA,GAAO,YAAA,CAAa,MAAA,EAAQ,KAAA,EAAO,QAAQ,CAAC,CAAA;AAClD,EAAA,MAAM,KAAA,GAAQ,YAAA,CAAa,MAAA,EAAQ,KAAA,GAAQ,GAAG,GAAG,CAAA;AACjD,EAAA,OAAO,QAAA,CAAS,MAAM,KAAK,CAAA;AAC7B;AAEA,SAAS,SAAA,CACP,MAAA,EACA,CAAA,EACA,KAAA,EACA,GAAA,EACc;AACd,EAAA,MAAM,IAAI,GAAA,GAAM,KAAA;AAChB,EAAA,IAAI,CAAA,KAAM,CAAA,EAAG,OAAO,EAAC;AACrB,EAAA,MAAM,CAAA,GAAI,cAAc,CAAC,CAAA;AACzB,EAAA,IAAI,IAAI,CAAA,EAAG;AACT,IAAA,MAAMC,WAAU,SAAA,CAAU,MAAA,EAAQ,CAAA,EAAG,KAAA,EAAO,QAAQ,CAAC,CAAA;AACrD,IAAAA,SAAQ,IAAA,CAAK,YAAA,CAAa,QAAQ,KAAA,GAAQ,CAAA,EAAG,GAAG,CAAC,CAAA;AACjD,IAAA,OAAOA,QAAAA;AAAA,EACT;AACA,EAAA,MAAM,UAAU,SAAA,CAAU,MAAA,EAAQ,IAAI,CAAA,EAAG,KAAA,GAAQ,GAAG,GAAG,CAAA;AACvD,EAAA,OAAA,CAAQ,KAAK,YAAA,CAAa,MAAA,EAAQ,KAAA,EAAO,KAAA,GAAQ,CAAC,CAAC,CAAA;AACnD,EAAA,OAAO,OAAA;AACT","file":"hash.js","sourcesContent":["import { sha256 as nobleSha256 } from '@noble/hashes/sha2.js';\n\nexport function sha256(input: Uint8Array): Uint8Array {\n return nobleSha256(input);\n}\n","import { blake2b } from '@noble/hashes/blake2.js';\n\nexport function blake2b256(input: Uint8Array): Uint8Array {\n return blake2b(input, { dkLen: 32 });\n}\n\n// CIP-19 stake-address derivation, used for the wallet path-2 signer binding,\n// requires the 28-byte BLAKE2b digest of the signer's Ed25519 public key.\n// The Cardano ledger encodes stake addresses as\n// `network_header_byte || Blake2b-224(stake_vk)`\n// per CIP-19, so this output length is fixed by spec.\nexport function blake2b224(input: Uint8Array): Uint8Array {\n return blake2b(input, { dkLen: 28 });\n}\n","import { createSHA256, createBLAKE2b } from 'hash-wasm';\n\nimport { sha256 } from './sha-256';\nimport { blake2b256 } from './blake2b-256';\n\nexport interface DualHashOutput {\n sha256: Uint8Array;\n blake2b256: Uint8Array;\n}\n\nexport function dualHash(input: Uint8Array): DualHashOutput {\n return {\n sha256: sha256(input),\n blake2b256: blake2b256(input),\n };\n}\n\nexport async function dualHashStream(source: AsyncIterable<Uint8Array>): Promise<DualHashOutput> {\n const [sha, blake] = await Promise.all([createSHA256(), createBLAKE2b(256)]);\n sha.init();\n blake.init();\n for await (const chunk of source) {\n sha.update(chunk);\n blake.update(chunk);\n }\n return {\n sha256: sha.digest('binary') as Uint8Array,\n blake2b256: blake.digest('binary') as Uint8Array,\n };\n}\n","// Isomorphic constant-time byte-equality. crypto-core is browser-safe by\n// design, so we cannot import `node:crypto.timingSafeEqual` — webpack rejects\n// the `node:` scheme in the browser bundle. A pure-JS XOR loop is constant-time\n// for equal-length inputs; length mismatch is a deliberate early-return (the\n// API surface itself leaks length, same as node's timingSafeEqual which throws).\nexport function compareCt(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n let diff = 0;\n // Lengths are equal and `i` stays in-bounds, so both indexes are always\n // defined — no nullish guard is needed (and one would read as a guard for\n // an impossible case).\n for (let i = 0; i < a.length; i++) diff |= (a[i] as number) ^ (b[i] as number);\n return diff === 0;\n}\n","// RFC 9162 §2.1.1 binary Merkle tree under SHA-256.\n// This implements the algorithm tier identified on the wire as the\n// `rfc9162-sha256` OPT-INFO; the record's `merkle[]` field carries the proof.\n//\n// Construction (RFC 9162 §2.1.1):\n// - Single leaf: MTH({d_0}) = SHA-256(0x00 || d_0)\n// - Internal node: MTH(L) = SHA-256(0x01 || MTH(L[0:k]) || MTH(L[k:n]))\n// where k = largest power of 2 strictly less than n.\n// - Empty trees (n == 0) are FORBIDDEN.\n// - The 0x00 leaf / 0x01 internal prefixes prevent the CVE-2012-2459\n// leaf-vs-internal collision family.\n\nimport { sha256 } from '@noble/hashes/sha2.js';\n\nimport { compareCt } from '../util/compare-ct';\n\nexport const MERKLE_ALG_ID = 'rfc9162-sha256' as const;\n\nconst LEAF_PREFIX = 0x00;\nconst NODE_PREFIX = 0x01;\nconst DIGEST_LENGTH = 32;\n\nfunction validateLeaves(leaves: ReadonlyArray<Uint8Array>, fnName: string): void {\n if (leaves.length === 0) {\n throw new Error(`${fnName}: empty leaf list (n == 0 is forbidden by RFC 9162 §2.1.1)`);\n }\n for (let i = 0; i < leaves.length; i++) {\n const leaf = leaves[i];\n if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) {\n throw new Error(\n `${fnName}: leaf[${i}] must be a Uint8Array(${DIGEST_LENGTH}); got length ${\n leaf instanceof Uint8Array ? leaf.length : 'non-Uint8Array'\n }`,\n );\n }\n }\n}\n\nexport function merkleSha2256Root(leaves: ReadonlyArray<Uint8Array>): Uint8Array {\n validateLeaves(leaves, 'merkleSha2256Root');\n return mthRecursive(leaves, 0, leaves.length);\n}\n\nexport function merkleSha2256InclusionProof(\n leaves: ReadonlyArray<Uint8Array>,\n index: number,\n): Uint8Array[] {\n validateLeaves(leaves, 'merkleSha2256InclusionProof');\n if (!Number.isInteger(index) || index < 0 || index >= leaves.length) {\n throw new Error(\n `merkleSha2256InclusionProof: index ${index} out of range [0, ${leaves.length})`,\n );\n }\n return auditPath(leaves, index, 0, leaves.length);\n}\n\n/**\n * Verify an inclusion proof per RFC 9162 §2.1.3.2 (iterative form).\n *\n * `proof` is ordered leaf-to-root: `proof[0]` is the sibling at the leaf\n * level, `proof[m-1]` is the top-level sibling. The fold uses the\n * `sn`/`fn` tracking from RFC 9162: `sn` is the leaf index within the\n * current subtree, `fn` is (subtree_size - 1). At each step, `sn` odd\n * OR `sn == fn` means the current node is a right child (sibling on\n * the left); otherwise it is a left child (sibling on the right).\n * Both shift right by one each iteration. This handles non-power-of-2\n * sizes including the \"promote a lone right subtree\" cases.\n */\nexport function merkleSha2256VerifyInclusion(\n leaf: Uint8Array,\n index: number,\n treeSize: number,\n proof: ReadonlyArray<Uint8Array>,\n root: Uint8Array,\n): boolean {\n if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) return false;\n if (!(root instanceof Uint8Array) || root.length !== DIGEST_LENGTH) return false;\n if (\n !Number.isInteger(index) ||\n !Number.isInteger(treeSize) ||\n treeSize < 1 ||\n index < 0 ||\n index >= treeSize\n ) {\n return false;\n }\n for (let i = 0; i < proof.length; i++) {\n const sibling = proof[i];\n if (!(sibling instanceof Uint8Array) || sibling.length !== DIGEST_LENGTH) {\n return false;\n }\n }\n\n if (treeSize === 1) {\n if (proof.length !== 0 || index !== 0) return false;\n return compareCt(hashLeaf(leaf), root);\n }\n\n let h = hashLeaf(leaf);\n let sn = index;\n let fn = treeSize - 1;\n for (let i = 0; i < proof.length; i++) {\n if (fn === 0) return false;\n const sibling = proof[i] as Uint8Array;\n if ((sn & 1) === 1 || sn === fn) {\n h = hashNode(sibling, h);\n while ((sn & 1) === 0 && sn !== 0) {\n sn >>>= 1;\n fn >>>= 1;\n }\n } else {\n h = hashNode(h, sibling);\n }\n sn >>>= 1;\n fn >>>= 1;\n }\n if (fn !== 0) return false;\n return compareCt(h, root);\n}\n\nfunction largestPow2Lt(n: number): number {\n let k = 1;\n while (k * 2 < n) k *= 2;\n return k;\n}\n\nfunction hashLeaf(d: Uint8Array): Uint8Array {\n const buf = new Uint8Array(1 + d.length);\n buf[0] = LEAF_PREFIX;\n buf.set(d, 1);\n return sha256(buf);\n}\n\nfunction hashNode(left: Uint8Array, right: Uint8Array): Uint8Array {\n const buf = new Uint8Array(1 + left.length + right.length);\n buf[0] = NODE_PREFIX;\n buf.set(left, 1);\n buf.set(right, 1 + left.length);\n return sha256(buf);\n}\n\nfunction mthRecursive(leaves: ReadonlyArray<Uint8Array>, start: number, end: number): Uint8Array {\n const n = end - start;\n if (n === 1) {\n return hashLeaf(leaves[start] as Uint8Array);\n }\n const k = largestPow2Lt(n);\n const left = mthRecursive(leaves, start, start + k);\n const right = mthRecursive(leaves, start + k, end);\n return hashNode(left, right);\n}\n\nfunction auditPath(\n leaves: ReadonlyArray<Uint8Array>,\n i: number,\n start: number,\n end: number,\n): Uint8Array[] {\n const n = end - start;\n if (n === 1) return [];\n const k = largestPow2Lt(n);\n if (i < k) {\n const subPath = auditPath(leaves, i, start, start + k);\n subPath.push(mthRecursive(leaves, start + k, end));\n return subPath;\n }\n const subPath = auditPath(leaves, i - k, start + k, end);\n subPath.push(mthRecursive(leaves, start, start + k));\n return subPath;\n}\n"]}
1
+ {"version":3,"sources":["../src/hash/sha-256.ts","../src/hash/blake2b-256.ts","../src/hash/dual-hash.ts","../src/util/compare-ct.ts","../src/hash/merkle-sha2-256.ts"],"names":["nobleSha256","createSHA256","sha256","subPath"],"mappings":";;;;;AAGO,SAAS,OAAO,KAAA,EAA+B;AACpD,EAAA,OAAOA,SAAY,KAAK,CAAA;AAC1B;AAQA,eAAsB,aAAa,MAAA,EAAwD;AACzF,EAAA,MAAM,MAAA,GAAS,MAAM,YAAA,EAAa;AAClC,EAAA,MAAA,CAAO,IAAA,EAAK;AACZ,EAAA,WAAA,MAAiB,SAAS,MAAA,EAAQ;AAChC,IAAA,MAAA,CAAO,OAAO,KAAK,CAAA;AAAA,EACrB;AACA,EAAA,OAAO,MAAA,CAAO,OAAO,QAAQ,CAAA;AAC/B;AClBO,SAAS,WAAW,KAAA,EAA+B;AACxD,EAAA,OAAO,OAAA,CAAQ,KAAA,EAAO,EAAE,KAAA,EAAO,IAAI,CAAA;AACrC;AAOO,SAAS,WAAW,KAAA,EAA+B;AACxD,EAAA,OAAO,OAAA,CAAQ,KAAA,EAAO,EAAE,KAAA,EAAO,IAAI,CAAA;AACrC;ACHO,SAAS,SAAS,KAAA,EAAmC;AAC1D,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,OAAO,KAAK,CAAA;AAAA,IACpB,UAAA,EAAY,WAAW,KAAK;AAAA,GAC9B;AACF;AAEA,eAAsB,eAAe,MAAA,EAA4D;AAC/F,EAAA,MAAM,CAAC,GAAA,EAAK,KAAK,CAAA,GAAI,MAAM,OAAA,CAAQ,GAAA,CAAI,CAACC,YAAAA,EAAa,EAAG,aAAA,CAAc,GAAG,CAAC,CAAC,CAAA;AAC3E,EAAA,GAAA,CAAI,IAAA,EAAK;AACT,EAAA,KAAA,CAAM,IAAA,EAAK;AACX,EAAA,WAAA,MAAiB,SAAS,MAAA,EAAQ;AAChC,IAAA,GAAA,CAAI,OAAO,KAAK,CAAA;AAChB,IAAA,KAAA,CAAM,OAAO,KAAK,CAAA;AAAA,EACpB;AACA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA;AAAA,IAC3B,UAAA,EAAY,KAAA,CAAM,MAAA,CAAO,QAAQ;AAAA,GACnC;AACF;;;ACxBO,SAAS,SAAA,CAAU,GAAe,CAAA,EAAwB;AAC/D,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ,OAAO,KAAA;AAClC,EAAA,IAAI,IAAA,GAAO,CAAA;AAIX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,MAAA,EAAQ,CAAA,EAAA,EAAK,IAAA,IAAS,CAAA,CAAE,CAAC,CAAA,GAAgB,CAAA,CAAE,CAAC,CAAA;AAClE,EAAA,OAAO,IAAA,KAAS,CAAA;AAClB;;;ACGO,IAAM,aAAA,GAAgB;AAE7B,IAAM,WAAA,GAAc,CAAA;AACpB,IAAM,WAAA,GAAc,CAAA;AACpB,IAAM,aAAA,GAAgB,EAAA;AAEtB,SAAS,cAAA,CAAe,QAAmC,MAAA,EAAsB;AAC/E,EAAA,IAAI,MAAA,CAAO,WAAW,CAAA,EAAG;AACvB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,MAAM,CAAA,6DAAA,CAA4D,CAAA;AAAA,EACvF;AACA,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,MAAM,IAAA,GAAO,OAAO,CAAC,CAAA;AACrB,IAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,WAAW,aAAA,EAAe;AAClE,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,EAAG,MAAM,CAAA,OAAA,EAAU,CAAC,CAAA,uBAAA,EAA0B,aAAa,CAAA,cAAA,EACzD,IAAA,YAAgB,UAAA,GAAa,IAAA,CAAK,MAAA,GAAS,gBAC7C,CAAA;AAAA,OACF;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,kBAAkB,MAAA,EAA+C;AAC/E,EAAA,cAAA,CAAe,QAAQ,mBAAmB,CAAA;AAC1C,EAAA,OAAO,YAAA,CAAa,MAAA,EAAQ,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA;AAC9C;AAEO,SAAS,2BAAA,CACd,QACA,KAAA,EACc;AACd,EAAA,cAAA,CAAe,QAAQ,6BAA6B,CAAA;AACpD,EAAA,IAAI,CAAC,OAAO,SAAA,CAAU,KAAK,KAAK,KAAA,GAAQ,CAAA,IAAK,KAAA,IAAS,MAAA,CAAO,MAAA,EAAQ;AACnE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,mCAAA,EAAsC,KAAK,CAAA,kBAAA,EAAqB,MAAA,CAAO,MAAM,CAAA,CAAA;AAAA,KAC/E;AAAA,EACF;AACA,EAAA,OAAO,SAAA,CAAU,MAAA,EAAQ,KAAA,EAAO,CAAA,EAAG,OAAO,MAAM,CAAA;AAClD;AAcO,SAAS,4BAAA,CACd,IAAA,EACA,KAAA,EACA,QAAA,EACA,OACA,IAAA,EACS;AACT,EAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,MAAA,KAAW,eAAe,OAAO,KAAA;AAC3E,EAAA,IAAI,EAAE,IAAA,YAAgB,UAAA,CAAA,IAAe,IAAA,CAAK,MAAA,KAAW,eAAe,OAAO,KAAA;AAC3E,EAAA,IACE,CAAC,MAAA,CAAO,SAAA,CAAU,KAAK,KACvB,CAAC,MAAA,CAAO,SAAA,CAAU,QAAQ,KAC1B,QAAA,GAAW,CAAA,IACX,KAAA,GAAQ,CAAA,IACR,SAAS,QAAA,EACT;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,IAAA,IAAI,EAAE,OAAA,YAAmB,UAAA,CAAA,IAAe,OAAA,CAAQ,WAAW,aAAA,EAAe;AACxE,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,IAAI,aAAa,CAAA,EAAG;AAClB,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,IAAK,KAAA,KAAU,GAAG,OAAO,KAAA;AAC9C,IAAA,OAAO,SAAA,CAAU,QAAA,CAAS,IAAI,CAAA,EAAG,IAAI,CAAA;AAAA,EACvC;AAEA,EAAA,IAAI,CAAA,GAAI,SAAS,IAAI,CAAA;AACrB,EAAA,IAAI,EAAA,GAAK,KAAA;AACT,EAAA,IAAI,KAAK,QAAA,GAAW,CAAA;AACpB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,IAAI,EAAA,KAAO,GAAG,OAAO,KAAA;AACrB,IAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,IAAA,IAAA,CAAK,EAAA,GAAK,CAAA,MAAO,CAAA,IAAK,EAAA,KAAO,EAAA,EAAI;AAC/B,MAAA,CAAA,GAAI,QAAA,CAAS,SAAS,CAAC,CAAA;AACvB,MAAA,OAAA,CAAQ,EAAA,GAAK,CAAA,MAAO,CAAA,IAAK,EAAA,KAAO,CAAA,EAAG;AACjC,QAAA,EAAA,MAAQ,CAAA;AACR,QAAA,EAAA,MAAQ,CAAA;AAAA,MACV;AAAA,IACF,CAAA,MAAO;AACL,MAAA,CAAA,GAAI,QAAA,CAAS,GAAG,OAAO,CAAA;AAAA,IACzB;AACA,IAAA,EAAA,MAAQ,CAAA;AACR,IAAA,EAAA,MAAQ,CAAA;AAAA,EACV;AACA,EAAA,IAAI,EAAA,KAAO,GAAG,OAAO,KAAA;AACrB,EAAA,OAAO,SAAA,CAAU,GAAG,IAAI,CAAA;AAC1B;AAEA,SAAS,cAAc,CAAA,EAAmB;AACxC,EAAA,IAAI,CAAA,GAAI,CAAA;AACR,EAAA,OAAO,CAAA,GAAI,CAAA,GAAI,CAAA,EAAG,CAAA,IAAK,CAAA;AACvB,EAAA,OAAO,CAAA;AACT;AAEA,SAAS,SAAS,CAAA,EAA2B;AAC3C,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,CAAA,GAAI,EAAE,MAAM,CAAA;AACvC,EAAA,GAAA,CAAI,CAAC,CAAA,GAAI,WAAA;AACT,EAAA,GAAA,CAAI,GAAA,CAAI,GAAG,CAAC,CAAA;AACZ,EAAA,OAAOC,SAAO,GAAG,CAAA;AACnB;AAEA,SAAS,QAAA,CAAS,MAAkB,KAAA,EAA+B;AACjE,EAAA,MAAM,MAAM,IAAI,UAAA,CAAW,IAAI,IAAA,CAAK,MAAA,GAAS,MAAM,MAAM,CAAA;AACzD,EAAA,GAAA,CAAI,CAAC,CAAA,GAAI,WAAA;AACT,EAAA,GAAA,CAAI,GAAA,CAAI,MAAM,CAAC,CAAA;AACf,EAAA,GAAA,CAAI,GAAA,CAAI,KAAA,EAAO,CAAA,GAAI,IAAA,CAAK,MAAM,CAAA;AAC9B,EAAA,OAAOA,SAAO,GAAG,CAAA;AACnB;AAEA,SAAS,YAAA,CAAa,MAAA,EAAmC,KAAA,EAAe,GAAA,EAAyB;AAC/F,EAAA,MAAM,IAAI,GAAA,GAAM,KAAA;AAChB,EAAA,IAAI,MAAM,CAAA,EAAG;AACX,IAAA,OAAO,QAAA,CAAS,MAAA,CAAO,KAAK,CAAe,CAAA;AAAA,EAC7C;AACA,EAAA,MAAM,CAAA,GAAI,cAAc,CAAC,CAAA;AACzB,EAAA,MAAM,IAAA,GAAO,YAAA,CAAa,MAAA,EAAQ,KAAA,EAAO,QAAQ,CAAC,CAAA;AAClD,EAAA,MAAM,KAAA,GAAQ,YAAA,CAAa,MAAA,EAAQ,KAAA,GAAQ,GAAG,GAAG,CAAA;AACjD,EAAA,OAAO,QAAA,CAAS,MAAM,KAAK,CAAA;AAC7B;AAEA,SAAS,SAAA,CACP,MAAA,EACA,CAAA,EACA,KAAA,EACA,GAAA,EACc;AACd,EAAA,MAAM,IAAI,GAAA,GAAM,KAAA;AAChB,EAAA,IAAI,CAAA,KAAM,CAAA,EAAG,OAAO,EAAC;AACrB,EAAA,MAAM,CAAA,GAAI,cAAc,CAAC,CAAA;AACzB,EAAA,IAAI,IAAI,CAAA,EAAG;AACT,IAAA,MAAMC,WAAU,SAAA,CAAU,MAAA,EAAQ,CAAA,EAAG,KAAA,EAAO,QAAQ,CAAC,CAAA;AACrD,IAAAA,SAAQ,IAAA,CAAK,YAAA,CAAa,QAAQ,KAAA,GAAQ,CAAA,EAAG,GAAG,CAAC,CAAA;AACjD,IAAA,OAAOA,QAAAA;AAAA,EACT;AACA,EAAA,MAAM,UAAU,SAAA,CAAU,MAAA,EAAQ,IAAI,CAAA,EAAG,KAAA,GAAQ,GAAG,GAAG,CAAA;AACvD,EAAA,OAAA,CAAQ,KAAK,YAAA,CAAa,MAAA,EAAQ,KAAA,EAAO,KAAA,GAAQ,CAAC,CAAC,CAAA;AACnD,EAAA,OAAO,OAAA;AACT","file":"hash.js","sourcesContent":["import { createSHA256 } from 'hash-wasm';\nimport { sha256 as nobleSha256 } from '@noble/hashes/sha2.js';\n\nexport function sha256(input: Uint8Array): Uint8Array {\n return nobleSha256(input);\n}\n\n/**\n * Stream a source through an incremental SHA-256 and return the 32-byte digest,\n * never holding more than one chunk in memory. Use this when the input is too\n * large to buffer (a multi-gigabyte file read in slices), where `sha256(input)`\n * would force the whole input into a single array first.\n */\nexport async function sha256Stream(source: AsyncIterable<Uint8Array>): Promise<Uint8Array> {\n const hasher = await createSHA256();\n hasher.init();\n for await (const chunk of source) {\n hasher.update(chunk);\n }\n return hasher.digest('binary') as Uint8Array;\n}\n","import { blake2b } from '@noble/hashes/blake2.js';\n\nexport function blake2b256(input: Uint8Array): Uint8Array {\n return blake2b(input, { dkLen: 32 });\n}\n\n// CIP-19 stake-address derivation, used for the wallet path-2 signer binding,\n// requires the 28-byte BLAKE2b digest of the signer's Ed25519 public key.\n// The Cardano ledger encodes stake addresses as\n// `network_header_byte || Blake2b-224(stake_vk)`\n// per CIP-19, so this output length is fixed by spec.\nexport function blake2b224(input: Uint8Array): Uint8Array {\n return blake2b(input, { dkLen: 28 });\n}\n","import { createSHA256, createBLAKE2b } from 'hash-wasm';\n\nimport { sha256 } from './sha-256';\nimport { blake2b256 } from './blake2b-256';\n\nexport interface DualHashOutput {\n sha256: Uint8Array;\n blake2b256: Uint8Array;\n}\n\nexport function dualHash(input: Uint8Array): DualHashOutput {\n return {\n sha256: sha256(input),\n blake2b256: blake2b256(input),\n };\n}\n\nexport async function dualHashStream(source: AsyncIterable<Uint8Array>): Promise<DualHashOutput> {\n const [sha, blake] = await Promise.all([createSHA256(), createBLAKE2b(256)]);\n sha.init();\n blake.init();\n for await (const chunk of source) {\n sha.update(chunk);\n blake.update(chunk);\n }\n return {\n sha256: sha.digest('binary') as Uint8Array,\n blake2b256: blake.digest('binary') as Uint8Array,\n };\n}\n","// Isomorphic constant-time byte-equality. crypto-core is browser-safe by\n// design, so we cannot import `node:crypto.timingSafeEqual` — webpack rejects\n// the `node:` scheme in the browser bundle. A pure-JS XOR loop is constant-time\n// for equal-length inputs; length mismatch is a deliberate early-return (the\n// API surface itself leaks length, same as node's timingSafeEqual which throws).\nexport function compareCt(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n let diff = 0;\n // Lengths are equal and `i` stays in-bounds, so both indexes are always\n // defined — no nullish guard is needed (and one would read as a guard for\n // an impossible case).\n for (let i = 0; i < a.length; i++) diff |= (a[i] as number) ^ (b[i] as number);\n return diff === 0;\n}\n","// RFC 9162 §2.1.1 binary Merkle tree under SHA-256.\n// This implements the algorithm tier identified on the wire as the\n// `rfc9162-sha256` OPT-INFO; the record's `merkle[]` field carries the proof.\n//\n// Construction (RFC 9162 §2.1.1):\n// - Single leaf: MTH({d_0}) = SHA-256(0x00 || d_0)\n// - Internal node: MTH(L) = SHA-256(0x01 || MTH(L[0:k]) || MTH(L[k:n]))\n// where k = largest power of 2 strictly less than n.\n// - Empty trees (n == 0) are FORBIDDEN.\n// - The 0x00 leaf / 0x01 internal prefixes prevent the CVE-2012-2459\n// leaf-vs-internal collision family.\n\nimport { sha256 } from '@noble/hashes/sha2.js';\n\nimport { compareCt } from '../util/compare-ct';\n\nexport const MERKLE_ALG_ID = 'rfc9162-sha256' as const;\n\nconst LEAF_PREFIX = 0x00;\nconst NODE_PREFIX = 0x01;\nconst DIGEST_LENGTH = 32;\n\nfunction validateLeaves(leaves: ReadonlyArray<Uint8Array>, fnName: string): void {\n if (leaves.length === 0) {\n throw new Error(`${fnName}: empty leaf list (n == 0 is forbidden by RFC 9162 §2.1.1)`);\n }\n for (let i = 0; i < leaves.length; i++) {\n const leaf = leaves[i];\n if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) {\n throw new Error(\n `${fnName}: leaf[${i}] must be a Uint8Array(${DIGEST_LENGTH}); got length ${\n leaf instanceof Uint8Array ? leaf.length : 'non-Uint8Array'\n }`,\n );\n }\n }\n}\n\nexport function merkleSha2256Root(leaves: ReadonlyArray<Uint8Array>): Uint8Array {\n validateLeaves(leaves, 'merkleSha2256Root');\n return mthRecursive(leaves, 0, leaves.length);\n}\n\nexport function merkleSha2256InclusionProof(\n leaves: ReadonlyArray<Uint8Array>,\n index: number,\n): Uint8Array[] {\n validateLeaves(leaves, 'merkleSha2256InclusionProof');\n if (!Number.isInteger(index) || index < 0 || index >= leaves.length) {\n throw new Error(\n `merkleSha2256InclusionProof: index ${index} out of range [0, ${leaves.length})`,\n );\n }\n return auditPath(leaves, index, 0, leaves.length);\n}\n\n/**\n * Verify an inclusion proof per RFC 9162 §2.1.3.2 (iterative form).\n *\n * `proof` is ordered leaf-to-root: `proof[0]` is the sibling at the leaf\n * level, `proof[m-1]` is the top-level sibling. The fold uses the\n * `sn`/`fn` tracking from RFC 9162: `sn` is the leaf index within the\n * current subtree, `fn` is (subtree_size - 1). At each step, `sn` odd\n * OR `sn == fn` means the current node is a right child (sibling on\n * the left); otherwise it is a left child (sibling on the right).\n * Both shift right by one each iteration. This handles non-power-of-2\n * sizes including the \"promote a lone right subtree\" cases.\n */\nexport function merkleSha2256VerifyInclusion(\n leaf: Uint8Array,\n index: number,\n treeSize: number,\n proof: ReadonlyArray<Uint8Array>,\n root: Uint8Array,\n): boolean {\n if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) return false;\n if (!(root instanceof Uint8Array) || root.length !== DIGEST_LENGTH) return false;\n if (\n !Number.isInteger(index) ||\n !Number.isInteger(treeSize) ||\n treeSize < 1 ||\n index < 0 ||\n index >= treeSize\n ) {\n return false;\n }\n for (let i = 0; i < proof.length; i++) {\n const sibling = proof[i];\n if (!(sibling instanceof Uint8Array) || sibling.length !== DIGEST_LENGTH) {\n return false;\n }\n }\n\n if (treeSize === 1) {\n if (proof.length !== 0 || index !== 0) return false;\n return compareCt(hashLeaf(leaf), root);\n }\n\n let h = hashLeaf(leaf);\n let sn = index;\n let fn = treeSize - 1;\n for (let i = 0; i < proof.length; i++) {\n if (fn === 0) return false;\n const sibling = proof[i] as Uint8Array;\n if ((sn & 1) === 1 || sn === fn) {\n h = hashNode(sibling, h);\n while ((sn & 1) === 0 && sn !== 0) {\n sn >>>= 1;\n fn >>>= 1;\n }\n } else {\n h = hashNode(h, sibling);\n }\n sn >>>= 1;\n fn >>>= 1;\n }\n if (fn !== 0) return false;\n return compareCt(h, root);\n}\n\nfunction largestPow2Lt(n: number): number {\n let k = 1;\n while (k * 2 < n) k *= 2;\n return k;\n}\n\nfunction hashLeaf(d: Uint8Array): Uint8Array {\n const buf = new Uint8Array(1 + d.length);\n buf[0] = LEAF_PREFIX;\n buf.set(d, 1);\n return sha256(buf);\n}\n\nfunction hashNode(left: Uint8Array, right: Uint8Array): Uint8Array {\n const buf = new Uint8Array(1 + left.length + right.length);\n buf[0] = NODE_PREFIX;\n buf.set(left, 1);\n buf.set(right, 1 + left.length);\n return sha256(buf);\n}\n\nfunction mthRecursive(leaves: ReadonlyArray<Uint8Array>, start: number, end: number): Uint8Array {\n const n = end - start;\n if (n === 1) {\n return hashLeaf(leaves[start] as Uint8Array);\n }\n const k = largestPow2Lt(n);\n const left = mthRecursive(leaves, start, start + k);\n const right = mthRecursive(leaves, start + k, end);\n return hashNode(left, right);\n}\n\nfunction auditPath(\n leaves: ReadonlyArray<Uint8Array>,\n i: number,\n start: number,\n end: number,\n): Uint8Array[] {\n const n = end - start;\n if (n === 1) return [];\n const k = largestPow2Lt(n);\n if (i < k) {\n const subPath = auditPath(leaves, i, start, start + k);\n subPath.push(mthRecursive(leaves, start + k, end));\n return subPath;\n }\n const subPath = auditPath(leaves, i - k, start + k, end);\n subPath.push(mthRecursive(leaves, start, start + k));\n return subPath;\n}\n"]}