@opendatalabs/vana-sdk 0.1.0-alpha.d7fc764 → 0.1.0-alpha.dc68f39

package/dist/crypto/ecies/base.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/crypto/ecies/base.ts"],"sourcesContent":["import type { ECIESProvider, ECIESEncrypted } from \"./interface\";\nimport { ECIESError, isECIESEncrypted } from \"./interface\";\nimport { CURVE, CIPHER, KDF } from \"./constants\";\nimport { concatBytes, constantTimeEqual } from \"./utils\";\n\n/**\n * Provides shared ECIES encryption logic across platforms using Uint8Array.\n *\n * @remarks\n * Platform implementations extend this class and provide crypto primitives.\n * The base class handles the ECIES protocol flow while maintaining\n * compatibility with the eccrypto data format.\n *\n * **Implementation details:**\n * - KDF: SHA-512(shared_secret) → encKey (32B) || macKey (32B)\n * - Cipher: AES-256-CBC with random 16-byte IV\n * - MAC: HMAC-SHA256(macKey, iv || ephemPublicKey || ciphertext)\n *\n * @category Cryptography\n */\nexport abstract class BaseECIESUint8 implements ECIESProvider {\n  // Cache for validated public keys to avoid repeated validation\n  private static readonly validatedKeys = new WeakMap<Uint8Array, boolean>();\n\n  /**\n   * Generates cryptographically secure random bytes.\n   *\n   * @param length - Number of random bytes to generate.\n   * @returns Random bytes array.\n   */\n  protected abstract generateRandomBytes(length: number): Uint8Array;\n\n  /**\n   * Verifies a private key is valid for secp256k1.\n   *\n   * @param privateKey - Private key to verify (32 bytes).\n   * @returns `true` if valid private key.\n   */\n  protected abstract verifyPrivateKey(privateKey: Uint8Array): boolean;\n\n  /**\n   * Creates a public key from a private key.\n   *\n   * @param privateKey - Source private key (32 bytes).\n   * @param compressed - Generate compressed (33B) or uncompressed (65B) format.\n   * @returns Public key or `null` if creation failed.\n   */\n  protected abstract createPublicKey(\n    privateKey: Uint8Array,\n    compressed: boolean,\n  ): Uint8Array | null;\n\n  /**\n   * Validates a public key on the secp256k1 curve.\n   *\n   * @param publicKey - Public key to validate.\n   * @returns `true` if valid public key.\n   */\n  protected abstract validatePublicKey(publicKey: Uint8Array): boolean;\n\n  /**\n   * Decompresses a compressed public key.\n   *\n   * @param publicKey - Compressed public key (33 bytes).\n   * @returns Uncompressed public key (65 bytes) or `null` if decompression failed.\n   */\n  protected abstract decompressPublicKey(\n    publicKey: Uint8Array,\n  ): Uint8Array | null;\n\n  /**\n   * Performs ECDH key agreement.\n   *\n   * @param publicKey - Other party's public key.\n   * @param privateKey - Your private key.\n   * @returns Raw X coordinate of shared point (32 bytes).\n   */\n  protected abstract performECDH(\n    publicKey: Uint8Array,\n    privateKey: Uint8Array,\n  ): Uint8Array;\n\n  /**\n   * Computes SHA-512 hash.\n   *\n   * @param data - Data to hash.\n   * @returns SHA-512 hash (64 bytes).\n   */\n  protected abstract sha512(data: Uint8Array): Uint8Array;\n\n  /**\n   * Computes HMAC-SHA256 authentication tag.\n   *\n   * @param key - HMAC key.\n   * @param data - Data to authenticate.\n   * @returns HMAC-SHA256 (32 bytes).\n   */\n  protected abstract hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array;\n\n  /**\n   * Encrypts data using AES-256-CBC.\n   *\n   * @param key - Encryption key (32 bytes).\n   * @param iv - Initialization vector (16 bytes).\n   * @param plaintext - Data to encrypt.\n   * @returns Ciphertext with PKCS#7 padding.\n   */\n  protected abstract aesEncrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    plaintext: Uint8Array,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Decrypts data using AES-256-CBC.\n   *\n   * @param key - Decryption key (32 bytes).\n   * @param iv - Initialization vector (16 bytes).\n   * @param ciphertext - Data to decrypt.\n   * @returns Plaintext with padding removed.\n   */\n  protected abstract aesDecrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    ciphertext: Uint8Array,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Normalizes a public key to uncompressed format.\n   *\n   * @param publicKey - Public key in any format.\n   * @returns Uncompressed public key (65 bytes).\n   * @throws {ECIESError} If key format is invalid.\n   */\n  protected normalizePublicKey(publicKey: Uint8Array): Uint8Array {\n    // Check cache first\n    if (BaseECIESUint8.validatedKeys.has(publicKey)) {\n      return publicKey;\n    }\n\n    if (publicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {\n      if (publicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n        throw new ECIESError(\n          \"Invalid uncompressed public key prefix\",\n          \"INVALID_KEY\",\n        );\n      }\n      // Validate and cache\n      if (!this.validatePublicKey(publicKey)) {\n        throw new ECIESError(\"Invalid public key\", \"INVALID_KEY\");\n      }\n      BaseECIESUint8.validatedKeys.set(publicKey, true);\n      return publicKey;\n    }\n\n    if (publicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {\n      const decompressed = this.decompressPublicKey(publicKey);\n      if (!decompressed) {\n        throw new ECIESError(\"Failed to decompress public key\", \"INVALID_KEY\");\n      }\n      // Cache the decompressed key\n      BaseECIESUint8.validatedKeys.set(decompressed, true);\n      return decompressed;\n    }\n\n    throw new ECIESError(\n      `Invalid public key length: ${publicKey.length}`,\n      \"INVALID_KEY\",\n    );\n  }\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   * Must be implemented by derived classes to handle platform-specific operations.\n   *\n   * @param publicKey - The public key to normalize\n   * @returns The normalized uncompressed public key\n   */\n  public abstract normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n\n  /**\n   * Encrypts data using ECIES.\n   *\n   * @param publicKey - The recipient's public key (compressed or uncompressed)\n   * @param message - The data to encrypt\n   * @returns Promise resolving to encrypted data structure\n   */\n  async encrypt(\n    publicKey: Uint8Array,\n    message: Uint8Array,\n  ): Promise<ECIESEncrypted> {\n    try {\n      // Validate inputs\n      if (!(publicKey instanceof Uint8Array)) {\n        throw new ECIESError(\"Public key must be a Uint8Array\", \"INVALID_KEY\");\n      }\n      if (!(message instanceof Uint8Array)) {\n        throw new ECIESError(\n          \"Message must be a Uint8Array\",\n          \"ENCRYPTION_FAILED\",\n        );\n      }\n      if (publicKey.length === 0) {\n        throw new ECIESError(\"Public key cannot be empty\", \"INVALID_KEY\");\n      }\n\n      // Normalize public key to uncompressed format\n      const pubKey = this.normalizePublicKey(publicKey);\n\n      // Generate ephemeral key pair\n      let ephemeralPrivateKey: Uint8Array;\n      do {\n        ephemeralPrivateKey = this.generateRandomBytes(\n          CURVE.PRIVATE_KEY_LENGTH,\n        );\n      } while (!this.verifyPrivateKey(ephemeralPrivateKey));\n\n      const ephemeralPublicKey = this.createPublicKey(\n        ephemeralPrivateKey,\n        false,\n      );\n      if (!ephemeralPublicKey) {\n        throw new ECIESError(\n          \"Failed to generate ephemeral public key\",\n          \"ENCRYPTION_FAILED\",\n        );\n      }\n\n      // Perform ECDH to get shared secret (raw X coordinate)\n      const sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);\n\n      // Derive keys using SHA-512 (eccrypto-compatible KDF)\n      const kdf = this.sha512(sharedSecret);\n      const encryptionKey = kdf.slice(\n        KDF.ENCRYPTION_KEY_OFFSET,\n        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n      );\n      const macKey = kdf.slice(\n        KDF.MAC_KEY_OFFSET,\n        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n      );\n\n      // Generate random IV and encrypt\n      const iv = this.generateRandomBytes(CIPHER.IV_LENGTH);\n      const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);\n\n      // Calculate MAC (Encrypt-then-MAC)\n      const macData = concatBytes(iv, ephemeralPublicKey, ciphertext);\n      const mac = this.hmacSha256(macKey, macData);\n\n      // Clear sensitive data\n      this.clearBuffer(ephemeralPrivateKey);\n      this.clearBuffer(sharedSecret);\n      this.clearBuffer(kdf);\n\n      return {\n        iv,\n        ephemPublicKey: ephemeralPublicKey,\n        ciphertext,\n        mac,\n      };\n    } catch (error) {\n      if (error instanceof ECIESError) throw error;\n      throw new ECIESError(\n        `Encryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n        \"ENCRYPTION_FAILED\",\n        error instanceof Error ? error : undefined,\n      );\n    }\n  }\n\n  /**\n   * Decrypts ECIES encrypted data.\n   *\n   * @param privateKey - The recipient's private key (32 bytes)\n   * @param encrypted - The encrypted data structure from encrypt()\n   * @returns Promise resolving to the original plaintext\n   */\n  async decrypt(\n    privateKey: Uint8Array,\n    encrypted: ECIESEncrypted,\n  ): Promise<Uint8Array> {\n    try {\n      // Validate inputs\n      if (!(privateKey instanceof Uint8Array)) {\n        throw new ECIESError(\"Private key must be a Uint8Array\", \"INVALID_KEY\");\n      }\n      if (!isECIESEncrypted(encrypted)) {\n        throw new ECIESError(\n          \"Invalid encrypted data structure\",\n          \"DECRYPTION_FAILED\",\n        );\n      }\n      if (privateKey.length !== CURVE.PRIVATE_KEY_LENGTH) {\n        throw new ECIESError(\n          `Invalid private key length: ${privateKey.length}`,\n          \"INVALID_KEY\",\n        );\n      }\n      if (!this.verifyPrivateKey(privateKey)) {\n        throw new ECIESError(\"Invalid private key\", \"INVALID_KEY\");\n      }\n\n      // Normalize ephemeral public key to uncompressed format\n      const ephemeralPublicKey = this.normalizePublicKey(\n        encrypted.ephemPublicKey,\n      );\n\n      // Perform ECDH to recover shared secret\n      const sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);\n\n      // Derive keys using SHA-512 (eccrypto-compatible KDF)\n      const kdf = this.sha512(sharedSecret);\n      const encryptionKey = kdf.slice(\n        KDF.ENCRYPTION_KEY_OFFSET,\n        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n      );\n      const macKey = kdf.slice(\n        KDF.MAC_KEY_OFFSET,\n        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n      );\n\n      // Verify MAC before decryption (Encrypt-then-MAC)\n      const macData = concatBytes(\n        encrypted.iv,\n        encrypted.ephemPublicKey,\n        encrypted.ciphertext,\n      );\n      const expectedMac = this.hmacSha256(macKey, macData);\n\n      if (!constantTimeEqual(encrypted.mac, expectedMac)) {\n        throw new ECIESError(\"MAC verification failed\", \"MAC_MISMATCH\");\n      }\n\n      // Decrypt the ciphertext\n      const decrypted = await this.aesDecrypt(\n        encryptionKey,\n        encrypted.iv,\n        encrypted.ciphertext,\n      );\n\n      // Clear sensitive data\n      this.clearBuffer(sharedSecret);\n      this.clearBuffer(kdf);\n\n      return decrypted;\n    } catch (error) {\n      if (error instanceof ECIESError) throw error;\n      throw new ECIESError(\n        `Decryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n        \"DECRYPTION_FAILED\",\n        error instanceof Error ? error : undefined,\n      );\n    }\n  }\n\n  /**\n   * Clears sensitive data from memory using multi-pass overwrite.\n   *\n   * @remarks\n   * Uses multiple passes with different patterns to make it harder\n   * for JIT compilers to optimize away the operation. While not\n   * guaranteed in JavaScript, this is a best-effort approach to\n   * clear sensitive data from memory.\n   *\n   * @param buffer - The buffer to clear\n   */\n  protected clearBuffer(buffer: Uint8Array): void {\n    if (buffer && buffer.length > 0) {\n      // Multi-pass overwrite to resist compiler optimization\n      buffer.fill(0x00); // Fill with zeros\n      buffer.fill(0xff); // Fill with ones\n      buffer.fill(0xaa); // Fill with alternating pattern\n      buffer.fill(0x00); // Final zero fill\n\n      // Additional pattern write to further discourage optimization\n      for (let i = 0; i < buffer.length; i++) {\n        buffer[i] = (i & 0xff) ^ 0x5a; // XOR with pattern\n      }\n      buffer.fill(0x00); // Final clear\n    }\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,uBAA6C;AAC7C,uBAAmC;AACnC,mBAA+C;AAiBxC,MAAe,eAAwC;AAAA;AAAA,EAE5D,OAAwB,gBAAgB,oBAAI,QAA6B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgH/D,mBAAmB,WAAmC;AAE9D,QAAI,eAAe,cAAc,IAAI,SAAS,GAAG;AAC/C,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,uBAAM,gCAAgC;AAC7D,UAAI,UAAU,CAAC,MAAM,uBAAM,OAAO,cAAc;AAC9C,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAEA,UAAI,CAAC,KAAK,kBAAkB,SAAS,GAAG;AACtC,cAAM,IAAI,4BAAW,sBAAsB,aAAa;AAAA,MAC1D;AACA,qBAAe,cAAc,IAAI,WAAW,IAAI;AAChD,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,uBAAM,8BAA8B;AAC3D,YAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,UAAI,CAAC,cAAc;AACjB,cAAM,IAAI,4BAAW,mCAAmC,aAAa;AAAA,MACvE;AAEA,qBAAe,cAAc,IAAI,cAAc,IAAI;AACnD,aAAO;AAAA,IACT;AAEA,UAAM,IAAI;AAAA,MACR,8BAA8B,UAAU,MAAM;AAAA,MAC9C;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,MAAM,QACJ,WACA,SACyB;AACzB,QAAI;AAEF,UAAI,EAAE,qBAAqB,aAAa;AACtC,cAAM,IAAI,4BAAW,mCAAmC,aAAa;AAAA,MACvE;AACA,UAAI,EAAE,mBAAmB,aAAa;AACpC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,WAAW,GAAG;AAC1B,cAAM,IAAI,4BAAW,8BAA8B,aAAa;AAAA,MAClE;AAGA,YAAM,SAAS,KAAK,mBAAmB,SAAS;AAGhD,UAAI;AACJ,SAAG;AACD,8BAAsB,KAAK;AAAA,UACzB,uBAAM;AAAA,QACR;AAAA,MACF,SAAS,CAAC,KAAK,iBAAiB,mBAAmB;AAEnD,YAAM,qBAAqB,KAAK;AAAA,QAC9B;AAAA,QACA;AAAA,MACF;AACA,UAAI,CAAC,oBAAoB;AACvB,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAGA,YAAM,eAAe,KAAK,YAAY,QAAQ,mBAAmB;AAGjE,YAAM,MAAM,KAAK,OAAO,YAAY;AACpC,YAAM,gBAAgB,IAAI;AAAA,QACxB,qBAAI;AAAA,QACJ,qBAAI,wBAAwB,qBAAI;AAAA,MAClC;AACA,YAAM,SAAS,IAAI;AAAA,QACjB,qBAAI;AAAA,QACJ,qBAAI,iBAAiB,qBAAI;AAAA,MAC3B;AAGA,YAAM,KAAK,KAAK,oBAAoB,wBAAO,SAAS;AACpD,YAAM,aAAa,MAAM,KAAK,WAAW,eAAe,IAAI,OAAO;AAGnE,YAAM,cAAU,0BAAY,IAAI,oBAAoB,UAAU;AAC9D,YAAM,MAAM,KAAK,WAAW,QAAQ,OAAO;AAG3C,WAAK,YAAY,mBAAmB;AACpC,WAAK,YAAY,YAAY;AAC7B,WAAK,YAAY,GAAG;AAEpB,aAAO;AAAA,QACL;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,4BAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QACJ,YACA,WACqB;AACrB,QAAI;AAEF,UAAI,EAAE,sBAAsB,aAAa;AACvC,cAAM,IAAI,4BAAW,oCAAoC,aAAa;AAAA,MACxE;AACA,UAAI,KAAC,mCAAiB,SAAS,GAAG;AAChC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,WAAW,WAAW,uBAAM,oBAAoB;AAClD,cAAM,IAAI;AAAA,UACR,+BAA+B,WAAW,MAAM;AAAA,UAChD;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,iBAAiB,UAAU,GAAG;AACtC,cAAM,IAAI,4BAAW,uBAAuB,aAAa;AAAA,MAC3D;AAGA,YAAM,qBAAqB,KAAK;AAAA,QAC9B,UAAU;AAAA,MACZ;AAGA,YAAM,eAAe,KAAK,YAAY,oBAAoB,UAAU;AAGpE,YAAM,MAAM,KAAK,OAAO,YAAY;AACpC,YAAM,gBAAgB,IAAI;AAAA,QACxB,qBAAI;AAAA,QACJ,qBAAI,wBAAwB,qBAAI;AAAA,MAClC;AACA,YAAM,SAAS,IAAI;AAAA,QACjB,qBAAI;AAAA,QACJ,qBAAI,iBAAiB,qBAAI;AAAA,MAC3B;AAGA,YAAM,cAAU;AAAA,QACd,UAAU;AAAA,QACV,UAAU;AAAA,QACV,UAAU;AAAA,MACZ;AACA,YAAM,cAAc,KAAK,WAAW,QAAQ,OAAO;AAEnD,UAAI,KAAC,gCAAkB,UAAU,KAAK,WAAW,GAAG;AAClD,cAAM,IAAI,4BAAW,2BAA2B,cAAc;AAAA,MAChE;AAGA,YAAM,YAAY,MAAM,KAAK;AAAA,QAC3B;AAAA,QACA,UAAU;AAAA,QACV,UAAU;AAAA,MACZ;AAGA,WAAK,YAAY,YAAY;AAC7B,WAAK,YAAY,GAAG;AAEpB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,4BAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaU,YAAY,QAA0B;AAC9C,QAAI,UAAU,OAAO,SAAS,GAAG;AAE/B,aAAO,KAAK,CAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,CAAI;AAGhB,eAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,eAAO,CAAC,IAAK,IAAI,MAAQ;AAAA,MAC3B;AACA,aAAO,KAAK,CAAI;AAAA,IAClB;AAAA,EACF;AACF;","names":[]}
+{"version":3,"sources":["../../../src/crypto/ecies/base.ts"],"sourcesContent":["import type { ECIESProvider, ECIESEncrypted } from \"./interface\";\nimport { ECIESError, isECIESEncrypted } from \"./interface\";\nimport { CURVE, CIPHER, KDF } from \"./constants\";\nimport { constantTimeEqual } from \"./utils\";\nimport { concat } from \"viem\";\n\n/**\n * Provides shared ECIES encryption logic across platforms using Uint8Array.\n *\n * @remarks\n * Platform implementations extend this class and provide crypto primitives.\n * The base class handles the ECIES protocol flow while maintaining\n * compatibility with the eccrypto data format.\n *\n * **Implementation details:**\n * - KDF: SHA-512(shared_secret) → encKey (32B) || macKey (32B)\n * - Cipher: AES-256-CBC with random 16-byte IV\n * - MAC: HMAC-SHA256(macKey, iv || ephemPublicKey || ciphertext)\n *\n * @category Cryptography\n */\nexport abstract class BaseECIESUint8 implements ECIESProvider {\n  // Cache for validated public keys to avoid repeated validation\n  private static readonly validatedKeys = new WeakMap<Uint8Array, boolean>();\n\n  /**\n   * Generates cryptographically secure random bytes.\n   *\n   * @param length - Number of random bytes to generate.\n   * @returns Random bytes array.\n   */\n  protected abstract generateRandomBytes(length: number): Uint8Array;\n\n  /**\n   * Verifies a private key is valid for secp256k1.\n   *\n   * @param privateKey - Private key to verify (32 bytes).\n   * @returns `true` if valid private key.\n   */\n  protected abstract verifyPrivateKey(privateKey: Uint8Array): boolean;\n\n  /**\n   * Creates a public key from a private key.\n   *\n   * @param privateKey - Source private key (32 bytes).\n   * @param compressed - Generate compressed (33B) or uncompressed (65B) format.\n   * @returns Public key or `null` if creation failed.\n   */\n  protected abstract createPublicKey(\n    privateKey: Uint8Array,\n    compressed: boolean,\n  ): Uint8Array | null;\n\n  /**\n   * Validates a public key on the secp256k1 curve.\n   *\n   * @param publicKey - Public key to validate.\n   * @returns `true` if valid public key.\n   */\n  protected abstract validatePublicKey(publicKey: Uint8Array): boolean;\n\n  /**\n   * Decompresses a compressed public key.\n   *\n   * @param publicKey - Compressed public key (33 bytes).\n   * @returns Uncompressed public key (65 bytes) or `null` if decompression failed.\n   */\n  protected abstract decompressPublicKey(\n    publicKey: Uint8Array,\n  ): Uint8Array | null;\n\n  /**\n   * Performs ECDH key agreement.\n   *\n   * @param publicKey - Other party's public key.\n   * @param privateKey - Your private key.\n   * @returns Raw X coordinate of shared point (32 bytes).\n   */\n  protected abstract performECDH(\n    publicKey: Uint8Array,\n    privateKey: Uint8Array,\n  ): Uint8Array;\n\n  /**\n   * Computes SHA-512 hash.\n   *\n   * @param data - Data to hash.\n   * @returns SHA-512 hash (64 bytes).\n   */\n  protected abstract sha512(data: Uint8Array): Uint8Array;\n\n  /**\n   * Computes HMAC-SHA256 authentication tag.\n   *\n   * @param key - HMAC key.\n   * @param data - Data to authenticate.\n   * @returns HMAC-SHA256 (32 bytes).\n   */\n  protected abstract hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array;\n\n  /**\n   * Encrypts data using AES-256-CBC.\n   *\n   * @param key - Encryption key (32 bytes).\n   * @param iv - Initialization vector (16 bytes).\n   * @param plaintext - Data to encrypt.\n   * @returns Ciphertext with PKCS#7 padding.\n   */\n  protected abstract aesEncrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    plaintext: Uint8Array,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Decrypts data using AES-256-CBC.\n   *\n   * @param key - Decryption key (32 bytes).\n   * @param iv - Initialization vector (16 bytes).\n   * @param ciphertext - Data to decrypt.\n   * @returns Plaintext with padding removed.\n   */\n  protected abstract aesDecrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    ciphertext: Uint8Array,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Normalizes a public key to uncompressed format.\n   *\n   * @param publicKey - Public key in any format.\n   * @returns Uncompressed public key (65 bytes).\n   * @throws {ECIESError} If key format is invalid.\n   */\n  protected normalizePublicKey(publicKey: Uint8Array): Uint8Array {\n    // Check cache first\n    if (BaseECIESUint8.validatedKeys.has(publicKey)) {\n      return publicKey;\n    }\n\n    if (publicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {\n      if (publicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n        throw new ECIESError(\n          \"Invalid uncompressed public key prefix\",\n          \"INVALID_KEY\",\n        );\n      }\n      // Validate and cache\n      if (!this.validatePublicKey(publicKey)) {\n        throw new ECIESError(\"Invalid public key\", \"INVALID_KEY\");\n      }\n      BaseECIESUint8.validatedKeys.set(publicKey, true);\n      return publicKey;\n    }\n\n    if (publicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {\n      const decompressed = this.decompressPublicKey(publicKey);\n      if (!decompressed) {\n        throw new ECIESError(\"Failed to decompress public key\", \"INVALID_KEY\");\n      }\n      // Cache the decompressed key\n      BaseECIESUint8.validatedKeys.set(decompressed, true);\n      return decompressed;\n    }\n\n    throw new ECIESError(\n      `Invalid public key length: ${publicKey.length}`,\n      \"INVALID_KEY\",\n    );\n  }\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   * Must be implemented by derived classes to handle platform-specific operations.\n   *\n   * @param publicKey - The public key to normalize\n   * @returns The normalized uncompressed public key\n   */\n  public abstract normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n\n  /**\n   * Encrypts data using ECIES.\n   *\n   * @param publicKey - The recipient's public key (compressed or uncompressed)\n   * @param message - The data to encrypt\n   * @returns Promise resolving to encrypted data structure\n   */\n  async encrypt(\n    publicKey: Uint8Array,\n    message: Uint8Array,\n  ): Promise<ECIESEncrypted> {\n    try {\n      // Validate inputs\n      if (!(publicKey instanceof Uint8Array)) {\n        throw new ECIESError(\"Public key must be a Uint8Array\", \"INVALID_KEY\");\n      }\n      if (!(message instanceof Uint8Array)) {\n        throw new ECIESError(\n          \"Message must be a Uint8Array\",\n          \"ENCRYPTION_FAILED\",\n        );\n      }\n      if (publicKey.length === 0) {\n        throw new ECIESError(\"Public key cannot be empty\", \"INVALID_KEY\");\n      }\n\n      // Normalize public key to uncompressed format\n      const pubKey = this.normalizePublicKey(publicKey);\n\n      // Generate ephemeral key pair\n      let ephemeralPrivateKey: Uint8Array;\n      do {\n        ephemeralPrivateKey = this.generateRandomBytes(\n          CURVE.PRIVATE_KEY_LENGTH,\n        );\n      } while (!this.verifyPrivateKey(ephemeralPrivateKey));\n\n      const ephemeralPublicKey = this.createPublicKey(\n        ephemeralPrivateKey,\n        false,\n      );\n      if (!ephemeralPublicKey) {\n        throw new ECIESError(\n          \"Failed to generate ephemeral public key\",\n          \"ENCRYPTION_FAILED\",\n        );\n      }\n\n      // Perform ECDH to get shared secret (raw X coordinate)\n      const sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);\n\n      // Derive keys using SHA-512 (eccrypto-compatible KDF)\n      const kdf = this.sha512(sharedSecret);\n      const encryptionKey = kdf.slice(\n        KDF.ENCRYPTION_KEY_OFFSET,\n        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n      );\n      const macKey = kdf.slice(\n        KDF.MAC_KEY_OFFSET,\n        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n      );\n\n      // Generate random IV and encrypt\n      const iv = this.generateRandomBytes(CIPHER.IV_LENGTH);\n      const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);\n\n      // Calculate MAC (Encrypt-then-MAC)\n      const macData = concat([iv, ephemeralPublicKey, ciphertext]);\n      const mac = this.hmacSha256(macKey, macData);\n\n      // Clear sensitive data\n      this.clearBuffer(ephemeralPrivateKey);\n      this.clearBuffer(sharedSecret);\n      this.clearBuffer(kdf);\n\n      return {\n        iv,\n        ephemPublicKey: ephemeralPublicKey,\n        ciphertext,\n        mac,\n      };\n    } catch (error) {\n      if (error instanceof ECIESError) throw error;\n      throw new ECIESError(\n        `Encryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n        \"ENCRYPTION_FAILED\",\n        error instanceof Error ? error : undefined,\n      );\n    }\n  }\n\n  /**\n   * Decrypts ECIES encrypted data.\n   *\n   * @param privateKey - The recipient's private key (32 bytes)\n   * @param encrypted - The encrypted data structure from encrypt()\n   * @returns Promise resolving to the original plaintext\n   */\n  async decrypt(\n    privateKey: Uint8Array,\n    encrypted: ECIESEncrypted,\n  ): Promise<Uint8Array> {\n    try {\n      // Validate inputs\n      if (!(privateKey instanceof Uint8Array)) {\n        throw new ECIESError(\"Private key must be a Uint8Array\", \"INVALID_KEY\");\n      }\n      if (!isECIESEncrypted(encrypted)) {\n        throw new ECIESError(\n          \"Invalid encrypted data structure\",\n          \"DECRYPTION_FAILED\",\n        );\n      }\n      if (privateKey.length !== CURVE.PRIVATE_KEY_LENGTH) {\n        throw new ECIESError(\n          `Invalid private key length: ${privateKey.length}`,\n          \"INVALID_KEY\",\n        );\n      }\n      if (!this.verifyPrivateKey(privateKey)) {\n        throw new ECIESError(\"Invalid private key\", \"INVALID_KEY\");\n      }\n\n      // Normalize ephemeral public key to uncompressed format\n      const ephemeralPublicKey = this.normalizePublicKey(\n        encrypted.ephemPublicKey,\n      );\n\n      // Perform ECDH to recover shared secret\n      const sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);\n\n      // Derive keys using SHA-512 (eccrypto-compatible KDF)\n      const kdf = this.sha512(sharedSecret);\n      const encryptionKey = kdf.slice(\n        KDF.ENCRYPTION_KEY_OFFSET,\n        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n      );\n      const macKey = kdf.slice(\n        KDF.MAC_KEY_OFFSET,\n        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n      );\n\n      // Verify MAC before decryption (Encrypt-then-MAC)\n      const macData = concat([\n        encrypted.iv,\n        encrypted.ephemPublicKey,\n        encrypted.ciphertext,\n      ]);\n      const expectedMac = this.hmacSha256(macKey, macData);\n\n      if (!constantTimeEqual(encrypted.mac, expectedMac)) {\n        throw new ECIESError(\"MAC verification failed\", \"MAC_MISMATCH\");\n      }\n\n      // Decrypt the ciphertext\n      const decrypted = await this.aesDecrypt(\n        encryptionKey,\n        encrypted.iv,\n        encrypted.ciphertext,\n      );\n\n      // Clear sensitive data\n      this.clearBuffer(sharedSecret);\n      this.clearBuffer(kdf);\n\n      return decrypted;\n    } catch (error) {\n      if (error instanceof ECIESError) throw error;\n      throw new ECIESError(\n        `Decryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n        \"DECRYPTION_FAILED\",\n        error instanceof Error ? error : undefined,\n      );\n    }\n  }\n\n  /**\n   * Clears sensitive data from memory using multi-pass overwrite.\n   *\n   * @remarks\n   * Uses multiple passes with different patterns to make it harder\n   * for JIT compilers to optimize away the operation. While not\n   * guaranteed in JavaScript, this is a best-effort approach to\n   * clear sensitive data from memory.\n   *\n   * @param buffer - The buffer to clear\n   */\n  protected clearBuffer(buffer: Uint8Array): void {\n    if (buffer && buffer.length > 0) {\n      // Multi-pass overwrite to resist compiler optimization\n      buffer.fill(0x00); // Fill with zeros\n      buffer.fill(0xff); // Fill with ones\n      buffer.fill(0xaa); // Fill with alternating pattern\n      buffer.fill(0x00); // Final zero fill\n\n      // Additional pattern write to further discourage optimization\n      for (let i = 0; i < buffer.length; i++) {\n        buffer[i] = (i & 0xff) ^ 0x5a; // XOR with pattern\n      }\n      buffer.fill(0x00); // Final clear\n    }\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,uBAA6C;AAC7C,uBAAmC;AACnC,mBAAkC;AAClC,kBAAuB;AAiBhB,MAAe,eAAwC;AAAA;AAAA,EAE5D,OAAwB,gBAAgB,oBAAI,QAA6B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgH/D,mBAAmB,WAAmC;AAE9D,QAAI,eAAe,cAAc,IAAI,SAAS,GAAG;AAC/C,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,uBAAM,gCAAgC;AAC7D,UAAI,UAAU,CAAC,MAAM,uBAAM,OAAO,cAAc;AAC9C,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAEA,UAAI,CAAC,KAAK,kBAAkB,SAAS,GAAG;AACtC,cAAM,IAAI,4BAAW,sBAAsB,aAAa;AAAA,MAC1D;AACA,qBAAe,cAAc,IAAI,WAAW,IAAI;AAChD,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,uBAAM,8BAA8B;AAC3D,YAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,UAAI,CAAC,cAAc;AACjB,cAAM,IAAI,4BAAW,mCAAmC,aAAa;AAAA,MACvE;AAEA,qBAAe,cAAc,IAAI,cAAc,IAAI;AACnD,aAAO;AAAA,IACT;AAEA,UAAM,IAAI;AAAA,MACR,8BAA8B,UAAU,MAAM;AAAA,MAC9C;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,MAAM,QACJ,WACA,SACyB;AACzB,QAAI;AAEF,UAAI,EAAE,qBAAqB,aAAa;AACtC,cAAM,IAAI,4BAAW,mCAAmC,aAAa;AAAA,MACvE;AACA,UAAI,EAAE,mBAAmB,aAAa;AACpC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,WAAW,GAAG;AAC1B,cAAM,IAAI,4BAAW,8BAA8B,aAAa;AAAA,MAClE;AAGA,YAAM,SAAS,KAAK,mBAAmB,SAAS;AAGhD,UAAI;AACJ,SAAG;AACD,8BAAsB,KAAK;AAAA,UACzB,uBAAM;AAAA,QACR;AAAA,MACF,SAAS,CAAC,KAAK,iBAAiB,mBAAmB;AAEnD,YAAM,qBAAqB,KAAK;AAAA,QAC9B;AAAA,QACA;AAAA,MACF;AACA,UAAI,CAAC,oBAAoB;AACvB,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAGA,YAAM,eAAe,KAAK,YAAY,QAAQ,mBAAmB;AAGjE,YAAM,MAAM,KAAK,OAAO,YAAY;AACpC,YAAM,gBAAgB,IAAI;AAAA,QACxB,qBAAI;AAAA,QACJ,qBAAI,wBAAwB,qBAAI;AAAA,MAClC;AACA,YAAM,SAAS,IAAI;AAAA,QACjB,qBAAI;AAAA,QACJ,qBAAI,iBAAiB,qBAAI;AAAA,MAC3B;AAGA,YAAM,KAAK,KAAK,oBAAoB,wBAAO,SAAS;AACpD,YAAM,aAAa,MAAM,KAAK,WAAW,eAAe,IAAI,OAAO;AAGnE,YAAM,cAAU,oBAAO,CAAC,IAAI,oBAAoB,UAAU,CAAC;AAC3D,YAAM,MAAM,KAAK,WAAW,QAAQ,OAAO;AAG3C,WAAK,YAAY,mBAAmB;AACpC,WAAK,YAAY,YAAY;AAC7B,WAAK,YAAY,GAAG;AAEpB,aAAO;AAAA,QACL;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,4BAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QACJ,YACA,WACqB;AACrB,QAAI;AAEF,UAAI,EAAE,sBAAsB,aAAa;AACvC,cAAM,IAAI,4BAAW,oCAAoC,aAAa;AAAA,MACxE;AACA,UAAI,KAAC,mCAAiB,SAAS,GAAG;AAChC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,WAAW,WAAW,uBAAM,oBAAoB;AAClD,cAAM,IAAI;AAAA,UACR,+BAA+B,WAAW,MAAM;AAAA,UAChD;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,iBAAiB,UAAU,GAAG;AACtC,cAAM,IAAI,4BAAW,uBAAuB,aAAa;AAAA,MAC3D;AAGA,YAAM,qBAAqB,KAAK;AAAA,QAC9B,UAAU;AAAA,MACZ;AAGA,YAAM,eAAe,KAAK,YAAY,oBAAoB,UAAU;AAGpE,YAAM,MAAM,KAAK,OAAO,YAAY;AACpC,YAAM,gBAAgB,IAAI;AAAA,QACxB,qBAAI;AAAA,QACJ,qBAAI,wBAAwB,qBAAI;AAAA,MAClC;AACA,YAAM,SAAS,IAAI;AAAA,QACjB,qBAAI;AAAA,QACJ,qBAAI,iBAAiB,qBAAI;AAAA,MAC3B;AAGA,YAAM,cAAU,oBAAO;AAAA,QACrB,UAAU;AAAA,QACV,UAAU;AAAA,QACV,UAAU;AAAA,MACZ,CAAC;AACD,YAAM,cAAc,KAAK,WAAW,QAAQ,OAAO;AAEnD,UAAI,KAAC,gCAAkB,UAAU,KAAK,WAAW,GAAG;AAClD,cAAM,IAAI,4BAAW,2BAA2B,cAAc;AAAA,MAChE;AAGA,YAAM,YAAY,MAAM,KAAK;AAAA,QAC3B;AAAA,QACA,UAAU;AAAA,QACV,UAAU;AAAA,MACZ;AAGA,WAAK,YAAY,YAAY;AAC7B,WAAK,YAAY,GAAG;AAEpB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,4BAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaU,YAAY,QAA0B;AAC9C,QAAI,UAAU,OAAO,SAAS,GAAG;AAE/B,aAAO,KAAK,CAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,CAAI;AAGhB,eAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,eAAO,CAAC,IAAK,IAAI,MAAQ;AAAA,MAC3B;AACA,aAAO,KAAK,CAAI;AAAA,IAClB;AAAA,EACF;AACF;","names":[]}

package/dist/crypto/ecies/base.d.ts

@@ -1,5 +1,4 @@
-import { ECIESProvider, ECIESEncrypted } from './interface.js';
-
+import type { ECIESProvider, ECIESEncrypted } from "./interface";
 /**
  * Provides shared ECIES encryption logic across platforms using Uint8Array.
  *
@@ -15,7 +14,7 @@ import { ECIESProvider, ECIESEncrypted } from './interface.js';
  *
  * @category Cryptography
  */
-declare abstract class BaseECIESUint8 implements ECIESProvider {
+export declare abstract class BaseECIESUint8 implements ECIESProvider {
     private static readonly validatedKeys;
     /**
      * Generates cryptographically secure random bytes.
@@ -139,5 +138,3 @@ declare abstract class BaseECIESUint8 implements ECIESProvider {
      */
     protected clearBuffer(buffer: Uint8Array): void;
 }
-
-export { BaseECIESUint8 };

package/dist/crypto/ecies/base.js

@@ -1,10 +1,10 @@
-var __defProp = Object.defineProperty;
-var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
-var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
 import { ECIESError, isECIESEncrypted } from "./interface";
 import { CURVE, CIPHER, KDF } from "./constants";
-import { concatBytes, constantTimeEqual } from "./utils";
-const _BaseECIESUint8 = class _BaseECIESUint8 {
+import { constantTimeEqual } from "./utils";
+import { concat } from "viem";
+class BaseECIESUint8 {
+  // Cache for validated public keys to avoid repeated validation
+  static validatedKeys = /* @__PURE__ */ new WeakMap();
   /**
    * Normalizes a public key to uncompressed format.
    *
@@ -13,7 +13,7 @@ const _BaseECIESUint8 = class _BaseECIESUint8 {
    * @throws {ECIESError} If key format is invalid.
    */
   normalizePublicKey(publicKey) {
-    if (_BaseECIESUint8.validatedKeys.has(publicKey)) {
+    if (BaseECIESUint8.validatedKeys.has(publicKey)) {
       return publicKey;
     }
     if (publicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {
@@ -26,7 +26,7 @@ const _BaseECIESUint8 = class _BaseECIESUint8 {
       if (!this.validatePublicKey(publicKey)) {
         throw new ECIESError("Invalid public key", "INVALID_KEY");
       }
-      _BaseECIESUint8.validatedKeys.set(publicKey, true);
+      BaseECIESUint8.validatedKeys.set(publicKey, true);
       return publicKey;
     }
     if (publicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {
@@ -34,7 +34,7 @@ const _BaseECIESUint8 = class _BaseECIESUint8 {
       if (!decompressed) {
         throw new ECIESError("Failed to decompress public key", "INVALID_KEY");
       }
-      _BaseECIESUint8.validatedKeys.set(decompressed, true);
+      BaseECIESUint8.validatedKeys.set(decompressed, true);
       return decompressed;
     }
     throw new ECIESError(
@@ -92,7 +92,7 @@ const _BaseECIESUint8 = class _BaseECIESUint8 {
       );
       const iv = this.generateRandomBytes(CIPHER.IV_LENGTH);
       const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);
-      const macData = concatBytes(iv, ephemeralPublicKey, ciphertext);
+      const macData = concat([iv, ephemeralPublicKey, ciphertext]);
       const mac = this.hmacSha256(macKey, macData);
       this.clearBuffer(ephemeralPrivateKey);
       this.clearBuffer(sharedSecret);
@@ -152,11 +152,11 @@ const _BaseECIESUint8 = class _BaseECIESUint8 {
         KDF.MAC_KEY_OFFSET,
         KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH
       );
-      const macData = concatBytes(
+      const macData = concat([
         encrypted.iv,
         encrypted.ephemPublicKey,
         encrypted.ciphertext
-      );
+      ]);
       const expectedMac = this.hmacSha256(macKey, macData);
       if (!constantTimeEqual(encrypted.mac, expectedMac)) {
         throw new ECIESError("MAC verification failed", "MAC_MISMATCH");
@@ -201,10 +201,7 @@ const _BaseECIESUint8 = class _BaseECIESUint8 {
       buffer.fill(0);
     }
   }
-};
-// Cache for validated public keys to avoid repeated validation
-__publicField(_BaseECIESUint8, "validatedKeys", /* @__PURE__ */ new WeakMap());
-let BaseECIESUint8 = _BaseECIESUint8;
+}
 export {
   BaseECIESUint8
 };

package/dist/crypto/ecies/base.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/crypto/ecies/base.ts"],"sourcesContent":["import type { ECIESProvider, ECIESEncrypted } from \"./interface\";\nimport { ECIESError, isECIESEncrypted } from \"./interface\";\nimport { CURVE, CIPHER, KDF } from \"./constants\";\nimport { concatBytes, constantTimeEqual } from \"./utils\";\n\n/**\n * Provides shared ECIES encryption logic across platforms using Uint8Array.\n *\n * @remarks\n * Platform implementations extend this class and provide crypto primitives.\n * The base class handles the ECIES protocol flow while maintaining\n * compatibility with the eccrypto data format.\n *\n * **Implementation details:**\n * - KDF: SHA-512(shared_secret) → encKey (32B) || macKey (32B)\n * - Cipher: AES-256-CBC with random 16-byte IV\n * - MAC: HMAC-SHA256(macKey, iv || ephemPublicKey || ciphertext)\n *\n * @category Cryptography\n */\nexport abstract class BaseECIESUint8 implements ECIESProvider {\n  // Cache for validated public keys to avoid repeated validation\n  private static readonly validatedKeys = new WeakMap<Uint8Array, boolean>();\n\n  /**\n   * Generates cryptographically secure random bytes.\n   *\n   * @param length - Number of random bytes to generate.\n   * @returns Random bytes array.\n   */\n  protected abstract generateRandomBytes(length: number): Uint8Array;\n\n  /**\n   * Verifies a private key is valid for secp256k1.\n   *\n   * @param privateKey - Private key to verify (32 bytes).\n   * @returns `true` if valid private key.\n   */\n  protected abstract verifyPrivateKey(privateKey: Uint8Array): boolean;\n\n  /**\n   * Creates a public key from a private key.\n   *\n   * @param privateKey - Source private key (32 bytes).\n   * @param compressed - Generate compressed (33B) or uncompressed (65B) format.\n   * @returns Public key or `null` if creation failed.\n   */\n  protected abstract createPublicKey(\n    privateKey: Uint8Array,\n    compressed: boolean,\n  ): Uint8Array | null;\n\n  /**\n   * Validates a public key on the secp256k1 curve.\n   *\n   * @param publicKey - Public key to validate.\n   * @returns `true` if valid public key.\n   */\n  protected abstract validatePublicKey(publicKey: Uint8Array): boolean;\n\n  /**\n   * Decompresses a compressed public key.\n   *\n   * @param publicKey - Compressed public key (33 bytes).\n   * @returns Uncompressed public key (65 bytes) or `null` if decompression failed.\n   */\n  protected abstract decompressPublicKey(\n    publicKey: Uint8Array,\n  ): Uint8Array | null;\n\n  /**\n   * Performs ECDH key agreement.\n   *\n   * @param publicKey - Other party's public key.\n   * @param privateKey - Your private key.\n   * @returns Raw X coordinate of shared point (32 bytes).\n   */\n  protected abstract performECDH(\n    publicKey: Uint8Array,\n    privateKey: Uint8Array,\n  ): Uint8Array;\n\n  /**\n   * Computes SHA-512 hash.\n   *\n   * @param data - Data to hash.\n   * @returns SHA-512 hash (64 bytes).\n   */\n  protected abstract sha512(data: Uint8Array): Uint8Array;\n\n  /**\n   * Computes HMAC-SHA256 authentication tag.\n   *\n   * @param key - HMAC key.\n   * @param data - Data to authenticate.\n   * @returns HMAC-SHA256 (32 bytes).\n   */\n  protected abstract hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array;\n\n  /**\n   * Encrypts data using AES-256-CBC.\n   *\n   * @param key - Encryption key (32 bytes).\n   * @param iv - Initialization vector (16 bytes).\n   * @param plaintext - Data to encrypt.\n   * @returns Ciphertext with PKCS#7 padding.\n   */\n  protected abstract aesEncrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    plaintext: Uint8Array,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Decrypts data using AES-256-CBC.\n   *\n   * @param key - Decryption key (32 bytes).\n   * @param iv - Initialization vector (16 bytes).\n   * @param ciphertext - Data to decrypt.\n   * @returns Plaintext with padding removed.\n   */\n  protected abstract aesDecrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    ciphertext: Uint8Array,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Normalizes a public key to uncompressed format.\n   *\n   * @param publicKey - Public key in any format.\n   * @returns Uncompressed public key (65 bytes).\n   * @throws {ECIESError} If key format is invalid.\n   */\n  protected normalizePublicKey(publicKey: Uint8Array): Uint8Array {\n    // Check cache first\n    if (BaseECIESUint8.validatedKeys.has(publicKey)) {\n      return publicKey;\n    }\n\n    if (publicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {\n      if (publicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n        throw new ECIESError(\n          \"Invalid uncompressed public key prefix\",\n          \"INVALID_KEY\",\n        );\n      }\n      // Validate and cache\n      if (!this.validatePublicKey(publicKey)) {\n        throw new ECIESError(\"Invalid public key\", \"INVALID_KEY\");\n      }\n      BaseECIESUint8.validatedKeys.set(publicKey, true);\n      return publicKey;\n    }\n\n    if (publicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {\n      const decompressed = this.decompressPublicKey(publicKey);\n      if (!decompressed) {\n        throw new ECIESError(\"Failed to decompress public key\", \"INVALID_KEY\");\n      }\n      // Cache the decompressed key\n      BaseECIESUint8.validatedKeys.set(decompressed, true);\n      return decompressed;\n    }\n\n    throw new ECIESError(\n      `Invalid public key length: ${publicKey.length}`,\n      \"INVALID_KEY\",\n    );\n  }\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   * Must be implemented by derived classes to handle platform-specific operations.\n   *\n   * @param publicKey - The public key to normalize\n   * @returns The normalized uncompressed public key\n   */\n  public abstract normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n\n  /**\n   * Encrypts data using ECIES.\n   *\n   * @param publicKey - The recipient's public key (compressed or uncompressed)\n   * @param message - The data to encrypt\n   * @returns Promise resolving to encrypted data structure\n   */\n  async encrypt(\n    publicKey: Uint8Array,\n    message: Uint8Array,\n  ): Promise<ECIESEncrypted> {\n    try {\n      // Validate inputs\n      if (!(publicKey instanceof Uint8Array)) {\n        throw new ECIESError(\"Public key must be a Uint8Array\", \"INVALID_KEY\");\n      }\n      if (!(message instanceof Uint8Array)) {\n        throw new ECIESError(\n          \"Message must be a Uint8Array\",\n          \"ENCRYPTION_FAILED\",\n        );\n      }\n      if (publicKey.length === 0) {\n        throw new ECIESError(\"Public key cannot be empty\", \"INVALID_KEY\");\n      }\n\n      // Normalize public key to uncompressed format\n      const pubKey = this.normalizePublicKey(publicKey);\n\n      // Generate ephemeral key pair\n      let ephemeralPrivateKey: Uint8Array;\n      do {\n        ephemeralPrivateKey = this.generateRandomBytes(\n          CURVE.PRIVATE_KEY_LENGTH,\n        );\n      } while (!this.verifyPrivateKey(ephemeralPrivateKey));\n\n      const ephemeralPublicKey = this.createPublicKey(\n        ephemeralPrivateKey,\n        false,\n      );\n      if (!ephemeralPublicKey) {\n        throw new ECIESError(\n          \"Failed to generate ephemeral public key\",\n          \"ENCRYPTION_FAILED\",\n        );\n      }\n\n      // Perform ECDH to get shared secret (raw X coordinate)\n      const sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);\n\n      // Derive keys using SHA-512 (eccrypto-compatible KDF)\n      const kdf = this.sha512(sharedSecret);\n      const encryptionKey = kdf.slice(\n        KDF.ENCRYPTION_KEY_OFFSET,\n        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n      );\n      const macKey = kdf.slice(\n        KDF.MAC_KEY_OFFSET,\n        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n      );\n\n      // Generate random IV and encrypt\n      const iv = this.generateRandomBytes(CIPHER.IV_LENGTH);\n      const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);\n\n      // Calculate MAC (Encrypt-then-MAC)\n      const macData = concatBytes(iv, ephemeralPublicKey, ciphertext);\n      const mac = this.hmacSha256(macKey, macData);\n\n      // Clear sensitive data\n      this.clearBuffer(ephemeralPrivateKey);\n      this.clearBuffer(sharedSecret);\n      this.clearBuffer(kdf);\n\n      return {\n        iv,\n        ephemPublicKey: ephemeralPublicKey,\n        ciphertext,\n        mac,\n      };\n    } catch (error) {\n      if (error instanceof ECIESError) throw error;\n      throw new ECIESError(\n        `Encryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n        \"ENCRYPTION_FAILED\",\n        error instanceof Error ? error : undefined,\n      );\n    }\n  }\n\n  /**\n   * Decrypts ECIES encrypted data.\n   *\n   * @param privateKey - The recipient's private key (32 bytes)\n   * @param encrypted - The encrypted data structure from encrypt()\n   * @returns Promise resolving to the original plaintext\n   */\n  async decrypt(\n    privateKey: Uint8Array,\n    encrypted: ECIESEncrypted,\n  ): Promise<Uint8Array> {\n    try {\n      // Validate inputs\n      if (!(privateKey instanceof Uint8Array)) {\n        throw new ECIESError(\"Private key must be a Uint8Array\", \"INVALID_KEY\");\n      }\n      if (!isECIESEncrypted(encrypted)) {\n        throw new ECIESError(\n          \"Invalid encrypted data structure\",\n          \"DECRYPTION_FAILED\",\n        );\n      }\n      if (privateKey.length !== CURVE.PRIVATE_KEY_LENGTH) {\n        throw new ECIESError(\n          `Invalid private key length: ${privateKey.length}`,\n          \"INVALID_KEY\",\n        );\n      }\n      if (!this.verifyPrivateKey(privateKey)) {\n        throw new ECIESError(\"Invalid private key\", \"INVALID_KEY\");\n      }\n\n      // Normalize ephemeral public key to uncompressed format\n      const ephemeralPublicKey = this.normalizePublicKey(\n        encrypted.ephemPublicKey,\n      );\n\n      // Perform ECDH to recover shared secret\n      const sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);\n\n      // Derive keys using SHA-512 (eccrypto-compatible KDF)\n      const kdf = this.sha512(sharedSecret);\n      const encryptionKey = kdf.slice(\n        KDF.ENCRYPTION_KEY_OFFSET,\n        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n      );\n      const macKey = kdf.slice(\n        KDF.MAC_KEY_OFFSET,\n        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n      );\n\n      // Verify MAC before decryption (Encrypt-then-MAC)\n      const macData = concatBytes(\n        encrypted.iv,\n        encrypted.ephemPublicKey,\n        encrypted.ciphertext,\n      );\n      const expectedMac = this.hmacSha256(macKey, macData);\n\n      if (!constantTimeEqual(encrypted.mac, expectedMac)) {\n        throw new ECIESError(\"MAC verification failed\", \"MAC_MISMATCH\");\n      }\n\n      // Decrypt the ciphertext\n      const decrypted = await this.aesDecrypt(\n        encryptionKey,\n        encrypted.iv,\n        encrypted.ciphertext,\n      );\n\n      // Clear sensitive data\n      this.clearBuffer(sharedSecret);\n      this.clearBuffer(kdf);\n\n      return decrypted;\n    } catch (error) {\n      if (error instanceof ECIESError) throw error;\n      throw new ECIESError(\n        `Decryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n        \"DECRYPTION_FAILED\",\n        error instanceof Error ? error : undefined,\n      );\n    }\n  }\n\n  /**\n   * Clears sensitive data from memory using multi-pass overwrite.\n   *\n   * @remarks\n   * Uses multiple passes with different patterns to make it harder\n   * for JIT compilers to optimize away the operation. While not\n   * guaranteed in JavaScript, this is a best-effort approach to\n   * clear sensitive data from memory.\n   *\n   * @param buffer - The buffer to clear\n   */\n  protected clearBuffer(buffer: Uint8Array): void {\n    if (buffer && buffer.length > 0) {\n      // Multi-pass overwrite to resist compiler optimization\n      buffer.fill(0x00); // Fill with zeros\n      buffer.fill(0xff); // Fill with ones\n      buffer.fill(0xaa); // Fill with alternating pattern\n      buffer.fill(0x00); // Final zero fill\n\n      // Additional pattern write to further discourage optimization\n      for (let i = 0; i < buffer.length; i++) {\n        buffer[i] = (i & 0xff) ^ 0x5a; // XOR with pattern\n      }\n      buffer.fill(0x00); // Final clear\n    }\n  }\n}\n"],"mappings":";;;AACA,SAAS,YAAY,wBAAwB;AAC7C,SAAS,OAAO,QAAQ,WAAW;AACnC,SAAS,aAAa,yBAAyB;AAiBxC,MAAe,kBAAf,MAAe,gBAAwC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkHlD,mBAAmB,WAAmC;AAE9D,QAAI,gBAAe,cAAc,IAAI,SAAS,GAAG;AAC/C,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,MAAM,gCAAgC;AAC7D,UAAI,UAAU,CAAC,MAAM,MAAM,OAAO,cAAc;AAC9C,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAEA,UAAI,CAAC,KAAK,kBAAkB,SAAS,GAAG;AACtC,cAAM,IAAI,WAAW,sBAAsB,aAAa;AAAA,MAC1D;AACA,sBAAe,cAAc,IAAI,WAAW,IAAI;AAChD,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,MAAM,8BAA8B;AAC3D,YAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,UAAI,CAAC,cAAc;AACjB,cAAM,IAAI,WAAW,mCAAmC,aAAa;AAAA,MACvE;AAEA,sBAAe,cAAc,IAAI,cAAc,IAAI;AACnD,aAAO;AAAA,IACT;AAEA,UAAM,IAAI;AAAA,MACR,8BAA8B,UAAU,MAAM;AAAA,MAC9C;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,MAAM,QACJ,WACA,SACyB;AACzB,QAAI;AAEF,UAAI,EAAE,qBAAqB,aAAa;AACtC,cAAM,IAAI,WAAW,mCAAmC,aAAa;AAAA,MACvE;AACA,UAAI,EAAE,mBAAmB,aAAa;AACpC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,WAAW,GAAG;AAC1B,cAAM,IAAI,WAAW,8BAA8B,aAAa;AAAA,MAClE;AAGA,YAAM,SAAS,KAAK,mBAAmB,SAAS;AAGhD,UAAI;AACJ,SAAG;AACD,8BAAsB,KAAK;AAAA,UACzB,MAAM;AAAA,QACR;AAAA,MACF,SAAS,CAAC,KAAK,iBAAiB,mBAAmB;AAEnD,YAAM,qBAAqB,KAAK;AAAA,QAC9B;AAAA,QACA;AAAA,MACF;AACA,UAAI,CAAC,oBAAoB;AACvB,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAGA,YAAM,eAAe,KAAK,YAAY,QAAQ,mBAAmB;AAGjE,YAAM,MAAM,KAAK,OAAO,YAAY;AACpC,YAAM,gBAAgB,IAAI;AAAA,QACxB,IAAI;AAAA,QACJ,IAAI,wBAAwB,IAAI;AAAA,MAClC;AACA,YAAM,SAAS,IAAI;AAAA,QACjB,IAAI;AAAA,QACJ,IAAI,iBAAiB,IAAI;AAAA,MAC3B;AAGA,YAAM,KAAK,KAAK,oBAAoB,OAAO,SAAS;AACpD,YAAM,aAAa,MAAM,KAAK,WAAW,eAAe,IAAI,OAAO;AAGnE,YAAM,UAAU,YAAY,IAAI,oBAAoB,UAAU;AAC9D,YAAM,MAAM,KAAK,WAAW,QAAQ,OAAO;AAG3C,WAAK,YAAY,mBAAmB;AACpC,WAAK,YAAY,YAAY;AAC7B,WAAK,YAAY,GAAG;AAEpB,aAAO;AAAA,QACL;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,WAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QACJ,YACA,WACqB;AACrB,QAAI;AAEF,UAAI,EAAE,sBAAsB,aAAa;AACvC,cAAM,IAAI,WAAW,oCAAoC,aAAa;AAAA,MACxE;AACA,UAAI,CAAC,iBAAiB,SAAS,GAAG;AAChC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,WAAW,WAAW,MAAM,oBAAoB;AAClD,cAAM,IAAI;AAAA,UACR,+BAA+B,WAAW,MAAM;AAAA,UAChD;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,iBAAiB,UAAU,GAAG;AACtC,cAAM,IAAI,WAAW,uBAAuB,aAAa;AAAA,MAC3D;AAGA,YAAM,qBAAqB,KAAK;AAAA,QAC9B,UAAU;AAAA,MACZ;AAGA,YAAM,eAAe,KAAK,YAAY,oBAAoB,UAAU;AAGpE,YAAM,MAAM,KAAK,OAAO,YAAY;AACpC,YAAM,gBAAgB,IAAI;AAAA,QACxB,IAAI;AAAA,QACJ,IAAI,wBAAwB,IAAI;AAAA,MAClC;AACA,YAAM,SAAS,IAAI;AAAA,QACjB,IAAI;AAAA,QACJ,IAAI,iBAAiB,IAAI;AAAA,MAC3B;AAGA,YAAM,UAAU;AAAA,QACd,UAAU;AAAA,QACV,UAAU;AAAA,QACV,UAAU;AAAA,MACZ;AACA,YAAM,cAAc,KAAK,WAAW,QAAQ,OAAO;AAEnD,UAAI,CAAC,kBAAkB,UAAU,KAAK,WAAW,GAAG;AAClD,cAAM,IAAI,WAAW,2BAA2B,cAAc;AAAA,MAChE;AAGA,YAAM,YAAY,MAAM,KAAK;AAAA,QAC3B;AAAA,QACA,UAAU;AAAA,QACV,UAAU;AAAA,MACZ;AAGA,WAAK,YAAY,YAAY;AAC7B,WAAK,YAAY,GAAG;AAEpB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,WAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaU,YAAY,QAA0B;AAC9C,QAAI,UAAU,OAAO,SAAS,GAAG;AAE/B,aAAO,KAAK,CAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,CAAI;AAGhB,eAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,eAAO,CAAC,IAAK,IAAI,MAAQ;AAAA,MAC3B;AACA,aAAO,KAAK,CAAI;AAAA,IAClB;AAAA,EACF;AACF;AAAA;AAxWE,cAFoB,iBAEI,iBAAgB,oBAAI,QAA6B;AAFpE,IAAe,iBAAf;","names":[]}
+{"version":3,"sources":["../../../src/crypto/ecies/base.ts"],"sourcesContent":["import type { ECIESProvider, ECIESEncrypted } from \"./interface\";\nimport { ECIESError, isECIESEncrypted } from \"./interface\";\nimport { CURVE, CIPHER, KDF } from \"./constants\";\nimport { constantTimeEqual } from \"./utils\";\nimport { concat } from \"viem\";\n\n/**\n * Provides shared ECIES encryption logic across platforms using Uint8Array.\n *\n * @remarks\n * Platform implementations extend this class and provide crypto primitives.\n * The base class handles the ECIES protocol flow while maintaining\n * compatibility with the eccrypto data format.\n *\n * **Implementation details:**\n * - KDF: SHA-512(shared_secret) → encKey (32B) || macKey (32B)\n * - Cipher: AES-256-CBC with random 16-byte IV\n * - MAC: HMAC-SHA256(macKey, iv || ephemPublicKey || ciphertext)\n *\n * @category Cryptography\n */\nexport abstract class BaseECIESUint8 implements ECIESProvider {\n  // Cache for validated public keys to avoid repeated validation\n  private static readonly validatedKeys = new WeakMap<Uint8Array, boolean>();\n\n  /**\n   * Generates cryptographically secure random bytes.\n   *\n   * @param length - Number of random bytes to generate.\n   * @returns Random bytes array.\n   */\n  protected abstract generateRandomBytes(length: number): Uint8Array;\n\n  /**\n   * Verifies a private key is valid for secp256k1.\n   *\n   * @param privateKey - Private key to verify (32 bytes).\n   * @returns `true` if valid private key.\n   */\n  protected abstract verifyPrivateKey(privateKey: Uint8Array): boolean;\n\n  /**\n   * Creates a public key from a private key.\n   *\n   * @param privateKey - Source private key (32 bytes).\n   * @param compressed - Generate compressed (33B) or uncompressed (65B) format.\n   * @returns Public key or `null` if creation failed.\n   */\n  protected abstract createPublicKey(\n    privateKey: Uint8Array,\n    compressed: boolean,\n  ): Uint8Array | null;\n\n  /**\n   * Validates a public key on the secp256k1 curve.\n   *\n   * @param publicKey - Public key to validate.\n   * @returns `true` if valid public key.\n   */\n  protected abstract validatePublicKey(publicKey: Uint8Array): boolean;\n\n  /**\n   * Decompresses a compressed public key.\n   *\n   * @param publicKey - Compressed public key (33 bytes).\n   * @returns Uncompressed public key (65 bytes) or `null` if decompression failed.\n   */\n  protected abstract decompressPublicKey(\n    publicKey: Uint8Array,\n  ): Uint8Array | null;\n\n  /**\n   * Performs ECDH key agreement.\n   *\n   * @param publicKey - Other party's public key.\n   * @param privateKey - Your private key.\n   * @returns Raw X coordinate of shared point (32 bytes).\n   */\n  protected abstract performECDH(\n    publicKey: Uint8Array,\n    privateKey: Uint8Array,\n  ): Uint8Array;\n\n  /**\n   * Computes SHA-512 hash.\n   *\n   * @param data - Data to hash.\n   * @returns SHA-512 hash (64 bytes).\n   */\n  protected abstract sha512(data: Uint8Array): Uint8Array;\n\n  /**\n   * Computes HMAC-SHA256 authentication tag.\n   *\n   * @param key - HMAC key.\n   * @param data - Data to authenticate.\n   * @returns HMAC-SHA256 (32 bytes).\n   */\n  protected abstract hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array;\n\n  /**\n   * Encrypts data using AES-256-CBC.\n   *\n   * @param key - Encryption key (32 bytes).\n   * @param iv - Initialization vector (16 bytes).\n   * @param plaintext - Data to encrypt.\n   * @returns Ciphertext with PKCS#7 padding.\n   */\n  protected abstract aesEncrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    plaintext: Uint8Array,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Decrypts data using AES-256-CBC.\n   *\n   * @param key - Decryption key (32 bytes).\n   * @param iv - Initialization vector (16 bytes).\n   * @param ciphertext - Data to decrypt.\n   * @returns Plaintext with padding removed.\n   */\n  protected abstract aesDecrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    ciphertext: Uint8Array,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Normalizes a public key to uncompressed format.\n   *\n   * @param publicKey - Public key in any format.\n   * @returns Uncompressed public key (65 bytes).\n   * @throws {ECIESError} If key format is invalid.\n   */\n  protected normalizePublicKey(publicKey: Uint8Array): Uint8Array {\n    // Check cache first\n    if (BaseECIESUint8.validatedKeys.has(publicKey)) {\n      return publicKey;\n    }\n\n    if (publicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {\n      if (publicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n        throw new ECIESError(\n          \"Invalid uncompressed public key prefix\",\n          \"INVALID_KEY\",\n        );\n      }\n      // Validate and cache\n      if (!this.validatePublicKey(publicKey)) {\n        throw new ECIESError(\"Invalid public key\", \"INVALID_KEY\");\n      }\n      BaseECIESUint8.validatedKeys.set(publicKey, true);\n      return publicKey;\n    }\n\n    if (publicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {\n      const decompressed = this.decompressPublicKey(publicKey);\n      if (!decompressed) {\n        throw new ECIESError(\"Failed to decompress public key\", \"INVALID_KEY\");\n      }\n      // Cache the decompressed key\n      BaseECIESUint8.validatedKeys.set(decompressed, true);\n      return decompressed;\n    }\n\n    throw new ECIESError(\n      `Invalid public key length: ${publicKey.length}`,\n      \"INVALID_KEY\",\n    );\n  }\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   * Must be implemented by derived classes to handle platform-specific operations.\n   *\n   * @param publicKey - The public key to normalize\n   * @returns The normalized uncompressed public key\n   */\n  public abstract normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n\n  /**\n   * Encrypts data using ECIES.\n   *\n   * @param publicKey - The recipient's public key (compressed or uncompressed)\n   * @param message - The data to encrypt\n   * @returns Promise resolving to encrypted data structure\n   */\n  async encrypt(\n    publicKey: Uint8Array,\n    message: Uint8Array,\n  ): Promise<ECIESEncrypted> {\n    try {\n      // Validate inputs\n      if (!(publicKey instanceof Uint8Array)) {\n        throw new ECIESError(\"Public key must be a Uint8Array\", \"INVALID_KEY\");\n      }\n      if (!(message instanceof Uint8Array)) {\n        throw new ECIESError(\n          \"Message must be a Uint8Array\",\n          \"ENCRYPTION_FAILED\",\n        );\n      }\n      if (publicKey.length === 0) {\n        throw new ECIESError(\"Public key cannot be empty\", \"INVALID_KEY\");\n      }\n\n      // Normalize public key to uncompressed format\n      const pubKey = this.normalizePublicKey(publicKey);\n\n      // Generate ephemeral key pair\n      let ephemeralPrivateKey: Uint8Array;\n      do {\n        ephemeralPrivateKey = this.generateRandomBytes(\n          CURVE.PRIVATE_KEY_LENGTH,\n        );\n      } while (!this.verifyPrivateKey(ephemeralPrivateKey));\n\n      const ephemeralPublicKey = this.createPublicKey(\n        ephemeralPrivateKey,\n        false,\n      );\n      if (!ephemeralPublicKey) {\n        throw new ECIESError(\n          \"Failed to generate ephemeral public key\",\n          \"ENCRYPTION_FAILED\",\n        );\n      }\n\n      // Perform ECDH to get shared secret (raw X coordinate)\n      const sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);\n\n      // Derive keys using SHA-512 (eccrypto-compatible KDF)\n      const kdf = this.sha512(sharedSecret);\n      const encryptionKey = kdf.slice(\n        KDF.ENCRYPTION_KEY_OFFSET,\n        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n      );\n      const macKey = kdf.slice(\n        KDF.MAC_KEY_OFFSET,\n        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n      );\n\n      // Generate random IV and encrypt\n      const iv = this.generateRandomBytes(CIPHER.IV_LENGTH);\n      const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);\n\n      // Calculate MAC (Encrypt-then-MAC)\n      const macData = concat([iv, ephemeralPublicKey, ciphertext]);\n      const mac = this.hmacSha256(macKey, macData);\n\n      // Clear sensitive data\n      this.clearBuffer(ephemeralPrivateKey);\n      this.clearBuffer(sharedSecret);\n      this.clearBuffer(kdf);\n\n      return {\n        iv,\n        ephemPublicKey: ephemeralPublicKey,\n        ciphertext,\n        mac,\n      };\n    } catch (error) {\n      if (error instanceof ECIESError) throw error;\n      throw new ECIESError(\n        `Encryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n        \"ENCRYPTION_FAILED\",\n        error instanceof Error ? error : undefined,\n      );\n    }\n  }\n\n  /**\n   * Decrypts ECIES encrypted data.\n   *\n   * @param privateKey - The recipient's private key (32 bytes)\n   * @param encrypted - The encrypted data structure from encrypt()\n   * @returns Promise resolving to the original plaintext\n   */\n  async decrypt(\n    privateKey: Uint8Array,\n    encrypted: ECIESEncrypted,\n  ): Promise<Uint8Array> {\n    try {\n      // Validate inputs\n      if (!(privateKey instanceof Uint8Array)) {\n        throw new ECIESError(\"Private key must be a Uint8Array\", \"INVALID_KEY\");\n      }\n      if (!isECIESEncrypted(encrypted)) {\n        throw new ECIESError(\n          \"Invalid encrypted data structure\",\n          \"DECRYPTION_FAILED\",\n        );\n      }\n      if (privateKey.length !== CURVE.PRIVATE_KEY_LENGTH) {\n        throw new ECIESError(\n          `Invalid private key length: ${privateKey.length}`,\n          \"INVALID_KEY\",\n        );\n      }\n      if (!this.verifyPrivateKey(privateKey)) {\n        throw new ECIESError(\"Invalid private key\", \"INVALID_KEY\");\n      }\n\n      // Normalize ephemeral public key to uncompressed format\n      const ephemeralPublicKey = this.normalizePublicKey(\n        encrypted.ephemPublicKey,\n      );\n\n      // Perform ECDH to recover shared secret\n      const sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);\n\n      // Derive keys using SHA-512 (eccrypto-compatible KDF)\n      const kdf = this.sha512(sharedSecret);\n      const encryptionKey = kdf.slice(\n        KDF.ENCRYPTION_KEY_OFFSET,\n        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n      );\n      const macKey = kdf.slice(\n        KDF.MAC_KEY_OFFSET,\n        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n      );\n\n      // Verify MAC before decryption (Encrypt-then-MAC)\n      const macData = concat([\n        encrypted.iv,\n        encrypted.ephemPublicKey,\n        encrypted.ciphertext,\n      ]);\n      const expectedMac = this.hmacSha256(macKey, macData);\n\n      if (!constantTimeEqual(encrypted.mac, expectedMac)) {\n        throw new ECIESError(\"MAC verification failed\", \"MAC_MISMATCH\");\n      }\n\n      // Decrypt the ciphertext\n      const decrypted = await this.aesDecrypt(\n        encryptionKey,\n        encrypted.iv,\n        encrypted.ciphertext,\n      );\n\n      // Clear sensitive data\n      this.clearBuffer(sharedSecret);\n      this.clearBuffer(kdf);\n\n      return decrypted;\n    } catch (error) {\n      if (error instanceof ECIESError) throw error;\n      throw new ECIESError(\n        `Decryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n        \"DECRYPTION_FAILED\",\n        error instanceof Error ? error : undefined,\n      );\n    }\n  }\n\n  /**\n   * Clears sensitive data from memory using multi-pass overwrite.\n   *\n   * @remarks\n   * Uses multiple passes with different patterns to make it harder\n   * for JIT compilers to optimize away the operation. While not\n   * guaranteed in JavaScript, this is a best-effort approach to\n   * clear sensitive data from memory.\n   *\n   * @param buffer - The buffer to clear\n   */\n  protected clearBuffer(buffer: Uint8Array): void {\n    if (buffer && buffer.length > 0) {\n      // Multi-pass overwrite to resist compiler optimization\n      buffer.fill(0x00); // Fill with zeros\n      buffer.fill(0xff); // Fill with ones\n      buffer.fill(0xaa); // Fill with alternating pattern\n      buffer.fill(0x00); // Final zero fill\n\n      // Additional pattern write to further discourage optimization\n      for (let i = 0; i < buffer.length; i++) {\n        buffer[i] = (i & 0xff) ^ 0x5a; // XOR with pattern\n      }\n      buffer.fill(0x00); // Final clear\n    }\n  }\n}\n"],"mappings":"AACA,SAAS,YAAY,wBAAwB;AAC7C,SAAS,OAAO,QAAQ,WAAW;AACnC,SAAS,yBAAyB;AAClC,SAAS,cAAc;AAiBhB,MAAe,eAAwC;AAAA;AAAA,EAE5D,OAAwB,gBAAgB,oBAAI,QAA6B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgH/D,mBAAmB,WAAmC;AAE9D,QAAI,eAAe,cAAc,IAAI,SAAS,GAAG;AAC/C,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,MAAM,gCAAgC;AAC7D,UAAI,UAAU,CAAC,MAAM,MAAM,OAAO,cAAc;AAC9C,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAEA,UAAI,CAAC,KAAK,kBAAkB,SAAS,GAAG;AACtC,cAAM,IAAI,WAAW,sBAAsB,aAAa;AAAA,MAC1D;AACA,qBAAe,cAAc,IAAI,WAAW,IAAI;AAChD,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,MAAM,8BAA8B;AAC3D,YAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,UAAI,CAAC,cAAc;AACjB,cAAM,IAAI,WAAW,mCAAmC,aAAa;AAAA,MACvE;AAEA,qBAAe,cAAc,IAAI,cAAc,IAAI;AACnD,aAAO;AAAA,IACT;AAEA,UAAM,IAAI;AAAA,MACR,8BAA8B,UAAU,MAAM;AAAA,MAC9C;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,MAAM,QACJ,WACA,SACyB;AACzB,QAAI;AAEF,UAAI,EAAE,qBAAqB,aAAa;AACtC,cAAM,IAAI,WAAW,mCAAmC,aAAa;AAAA,MACvE;AACA,UAAI,EAAE,mBAAmB,aAAa;AACpC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,WAAW,GAAG;AAC1B,cAAM,IAAI,WAAW,8BAA8B,aAAa;AAAA,MAClE;AAGA,YAAM,SAAS,KAAK,mBAAmB,SAAS;AAGhD,UAAI;AACJ,SAAG;AACD,8BAAsB,KAAK;AAAA,UACzB,MAAM;AAAA,QACR;AAAA,MACF,SAAS,CAAC,KAAK,iBAAiB,mBAAmB;AAEnD,YAAM,qBAAqB,KAAK;AAAA,QAC9B;AAAA,QACA;AAAA,MACF;AACA,UAAI,CAAC,oBAAoB;AACvB,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAGA,YAAM,eAAe,KAAK,YAAY,QAAQ,mBAAmB;AAGjE,YAAM,MAAM,KAAK,OAAO,YAAY;AACpC,YAAM,gBAAgB,IAAI;AAAA,QACxB,IAAI;AAAA,QACJ,IAAI,wBAAwB,IAAI;AAAA,MAClC;AACA,YAAM,SAAS,IAAI;AAAA,QACjB,IAAI;AAAA,QACJ,IAAI,iBAAiB,IAAI;AAAA,MAC3B;AAGA,YAAM,KAAK,KAAK,oBAAoB,OAAO,SAAS;AACpD,YAAM,aAAa,MAAM,KAAK,WAAW,eAAe,IAAI,OAAO;AAGnE,YAAM,UAAU,OAAO,CAAC,IAAI,oBAAoB,UAAU,CAAC;AAC3D,YAAM,MAAM,KAAK,WAAW,QAAQ,OAAO;AAG3C,WAAK,YAAY,mBAAmB;AACpC,WAAK,YAAY,YAAY;AAC7B,WAAK,YAAY,GAAG;AAEpB,aAAO;AAAA,QACL;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,WAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QACJ,YACA,WACqB;AACrB,QAAI;AAEF,UAAI,EAAE,sBAAsB,aAAa;AACvC,cAAM,IAAI,WAAW,oCAAoC,aAAa;AAAA,MACxE;AACA,UAAI,CAAC,iBAAiB,SAAS,GAAG;AAChC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,WAAW,WAAW,MAAM,oBAAoB;AAClD,cAAM,IAAI;AAAA,UACR,+BAA+B,WAAW,MAAM;AAAA,UAChD;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,iBAAiB,UAAU,GAAG;AACtC,cAAM,IAAI,WAAW,uBAAuB,aAAa;AAAA,MAC3D;AAGA,YAAM,qBAAqB,KAAK;AAAA,QAC9B,UAAU;AAAA,MACZ;AAGA,YAAM,eAAe,KAAK,YAAY,oBAAoB,UAAU;AAGpE,YAAM,MAAM,KAAK,OAAO,YAAY;AACpC,YAAM,gBAAgB,IAAI;AAAA,QACxB,IAAI;AAAA,QACJ,IAAI,wBAAwB,IAAI;AAAA,MAClC;AACA,YAAM,SAAS,IAAI;AAAA,QACjB,IAAI;AAAA,QACJ,IAAI,iBAAiB,IAAI;AAAA,MAC3B;AAGA,YAAM,UAAU,OAAO;AAAA,QACrB,UAAU;AAAA,QACV,UAAU;AAAA,QACV,UAAU;AAAA,MACZ,CAAC;AACD,YAAM,cAAc,KAAK,WAAW,QAAQ,OAAO;AAEnD,UAAI,CAAC,kBAAkB,UAAU,KAAK,WAAW,GAAG;AAClD,cAAM,IAAI,WAAW,2BAA2B,cAAc;AAAA,MAChE;AAGA,YAAM,YAAY,MAAM,KAAK;AAAA,QAC3B;AAAA,QACA,UAAU;AAAA,QACV,UAAU;AAAA,MACZ;AAGA,WAAK,YAAY,YAAY;AAC7B,WAAK,YAAY,GAAG;AAEpB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,WAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaU,YAAY,QAA0B;AAC9C,QAAI,UAAU,OAAO,SAAS,GAAG;AAE/B,aAAO,KAAK,CAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,CAAI;AAGhB,eAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,eAAO,CAAC,IAAK,IAAI,MAAQ;AAAA,MAC3B;AACA,aAAO,KAAK,CAAI;AAAA,IAClB;AAAA,EACF;AACF;","names":[]}

package/dist/crypto/ecies/browser.cjs

@@ -33,6 +33,7 @@ __export(browser_exports, {
 module.exports = __toCommonJS(browser_exports);
 var secp256k1 = __toESM(require("@noble/secp256k1"), 1);
 var import_base = require("./base");
+var import_viem = require("viem");
 var import_hmac = require("@noble/hashes/hmac");
 var import_sha2 = require("@noble/hashes/sha2");
 class BrowserECIESUint8Provider extends import_base.BaseECIESUint8 {
@@ -142,7 +143,7 @@ class BrowserECIESUint8Provider extends import_base.BaseECIESUint8 {
       const decompressed = this.decompressPublicKey(publicKey);
       if (!decompressed) {
         throw new Error(
-          `Failed to decompress public key with prefix 0x${publicKey[0].toString(16).padStart(2, "0")}`
+          `Failed to decompress public key with prefix ${(0, import_viem.toHex)(publicKey[0])}`
         );
       }
       return decompressed;

package/dist/crypto/ecies/browser.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/crypto/ecies/browser.ts"],"sourcesContent":["/**\n * Browser implementation of ECIES using @noble/secp256k1 with Uint8Array\n *\n * @remarks\n * Uses native browser crypto APIs and @noble/secp256k1 for elliptic curve operations.\n * This implementation is polyfill-free and works in all modern browsers.\n */\n\nimport * as secp256k1 from \"@noble/secp256k1\";\nimport { BaseECIESUint8 } from \"./base\";\nimport { hmac } from \"@noble/hashes/hmac\";\nimport { sha256, sha512 as nobleSha512 } from \"@noble/hashes/sha2\";\n\n/**\n * Browser-specific ECIES provider using @noble/secp256k1\n *\n * @remarks\n * This implementation uses:\n * - Web Crypto API for AES operations\n * - @noble/secp256k1 for elliptic curve operations\n * - @noble/hashes for SHA and HMAC operations\n * - No Buffer or Node.js dependencies\n */\nexport class BrowserECIESUint8Provider extends BaseECIESUint8 {\n  protected generateRandomBytes(length: number): Uint8Array {\n    const bytes = new Uint8Array(length);\n    crypto.getRandomValues(bytes);\n    return bytes;\n  }\n\n  protected verifyPrivateKey(privateKey: Uint8Array): boolean {\n    try {\n      return secp256k1.utils.isValidPrivateKey(privateKey);\n    } catch {\n      return false;\n    }\n  }\n\n  protected createPublicKey(\n    privateKey: Uint8Array,\n    compressed: boolean,\n  ): Uint8Array | null {\n    try {\n      return secp256k1.getPublicKey(privateKey, compressed);\n    } catch {\n      return null;\n    }\n  }\n\n  protected validatePublicKey(publicKey: Uint8Array): boolean {\n    try {\n      // @noble/secp256k1 will throw if the point is not on the curve\n      secp256k1.Point.fromHex(publicKey);\n      return true;\n    } catch {\n      return false;\n    }\n  }\n\n  protected decompressPublicKey(publicKey: Uint8Array): Uint8Array | null {\n    try {\n      // @noble/secp256k1 handles both compressed and uncompressed\n      const point = secp256k1.Point.fromHex(publicKey);\n      return point.toRawBytes(false); // false = uncompressed\n    } catch {\n      return null;\n    }\n  }\n\n  protected performECDH(\n    publicKey: Uint8Array,\n    privateKey: Uint8Array,\n  ): Uint8Array {\n    try {\n      // Use @noble/secp256k1's getSharedSecret which is optimized and secure\n      // The 'true' parameter returns the raw x-coordinate (32 bytes)\n      // This matches eccrypto's behavior\n      const sharedPoint = secp256k1.getSharedSecret(\n        privateKey,\n        publicKey,\n        true,\n      );\n\n      // getSharedSecret returns compressed point (33 bytes) when true\n      // We need just the x-coordinate (32 bytes) for eccrypto compatibility\n      // Remove the prefix byte\n      return sharedPoint.slice(1);\n    } catch (error) {\n      throw new Error(\n        `ECDH failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n      );\n    }\n  }\n\n  protected sha512(data: Uint8Array): Uint8Array {\n    return nobleSha512(data);\n  }\n\n  protected hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array {\n    return hmac(sha256, key, data);\n  }\n\n  protected async aesEncrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    plaintext: Uint8Array,\n  ): Promise<Uint8Array> {\n    // Import the key for AES-CBC\n    const cryptoKey = await crypto.subtle.importKey(\n      \"raw\",\n      key as BufferSource,\n      { name: \"AES-CBC\" },\n      false,\n      [\"encrypt\"],\n    );\n\n    // Encrypt with Web Crypto API\n    // Note: Web Crypto API automatically handles PKCS#7 padding for AES-CBC\n    const encrypted = await crypto.subtle.encrypt(\n      { name: \"AES-CBC\", iv: iv as BufferSource },\n      cryptoKey,\n      plaintext as BufferSource,\n    );\n\n    return new Uint8Array(encrypted);\n  }\n\n  protected async aesDecrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    ciphertext: Uint8Array,\n  ): Promise<Uint8Array> {\n    // Import the key for AES-CBC\n    const cryptoKey = await crypto.subtle.importKey(\n      \"raw\",\n      key as BufferSource,\n      { name: \"AES-CBC\" },\n      false,\n      [\"decrypt\"],\n    );\n\n    // Decrypt with Web Crypto API\n    // Note: Web Crypto API automatically handles PKCS#7 padding removal\n    const decrypted = await crypto.subtle.decrypt(\n      { name: \"AES-CBC\", iv: iv as BufferSource },\n      cryptoKey,\n      ciphertext as BufferSource,\n    );\n\n    return new Uint8Array(decrypted);\n  }\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   * Handles compressed (33 bytes) and uncompressed (65 bytes) formats only.\n   *\n   * @remarks\n   * Strict policy: Does not accept 64-byte raw coordinates to avoid masking\n   * malformed data. Callers must provide properly formatted keys.\n   *\n   * @param publicKey - The public key to normalize (33 or 65 bytes)\n   * @returns The normalized uncompressed public key (65 bytes)\n   * @throws {Error} When public key format is invalid or decompression fails\n   */\n  normalizeToUncompressed(publicKey: Uint8Array): Uint8Array {\n    const len = publicKey.length;\n\n    // Already uncompressed\n    if (len === 65 && publicKey[0] === 0x04) {\n      return publicKey;\n    }\n\n    // Compressed - decompress using @noble/secp256k1\n    if (len === 33 && (publicKey[0] === 0x02 || publicKey[0] === 0x03)) {\n      const decompressed = this.decompressPublicKey(publicKey);\n      if (!decompressed) {\n        throw new Error(\n          `Failed to decompress public key with prefix 0x${publicKey[0].toString(16).padStart(2, \"0\")}`,\n        );\n      }\n      return decompressed;\n    }\n\n    // Reject raw coordinates (64 bytes) - require proper formatting\n    if (len === 64) {\n      throw new Error(\n        \"Raw public key coordinates (64 bytes) are not accepted. \" +\n          \"Please provide a properly formatted compressed (33 bytes) or uncompressed (65 bytes) public key.\",\n      );\n    }\n\n    throw new Error(\n      `Invalid public key format: expected compressed (33 bytes) or uncompressed (65 bytes), got ${len} bytes`,\n    );\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAQA,gBAA2B;AAC3B,kBAA+B;AAC/B,kBAAqB;AACrB,kBAA8C;AAYvC,MAAM,kCAAkC,2BAAe;AAAA,EAClD,oBAAoB,QAA4B;AACxD,UAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,WAAO,gBAAgB,KAAK;AAC5B,WAAO;AAAA,EACT;AAAA,EAEU,iBAAiB,YAAiC;AAC1D,QAAI;AACF,aAAO,UAAU,MAAM,kBAAkB,UAAU;AAAA,IACrD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,gBACR,YACA,YACmB;AACnB,QAAI;AACF,aAAO,UAAU,aAAa,YAAY,UAAU;AAAA,IACtD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,kBAAkB,WAAgC;AAC1D,QAAI;AAEF,gBAAU,MAAM,QAAQ,SAAS;AACjC,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,oBAAoB,WAA0C;AACtE,QAAI;AAEF,YAAM,QAAQ,UAAU,MAAM,QAAQ,SAAS;AAC/C,aAAO,MAAM,WAAW,KAAK;AAAA,IAC/B,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,YACR,WACA,YACY;AACZ,QAAI;AAIF,YAAM,cAAc,UAAU;AAAA,QAC5B;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAKA,aAAO,YAAY,MAAM,CAAC;AAAA,IAC5B,SAAS,OAAO;AACd,YAAM,IAAI;AAAA,QACR,gBAAgB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AAAA,EAEU,OAAO,MAA8B;AAC7C,eAAO,YAAAA,QAAY,IAAI;AAAA,EACzB;AAAA,EAEU,WAAW,KAAiB,MAA8B;AAClE,eAAO,kBAAK,oBAAQ,KAAK,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAgB,WACd,KACA,IACA,WACqB;AAErB,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC;AAAA,MACA;AAAA,MACA,EAAE,MAAM,UAAU;AAAA,MAClB;AAAA,MACA,CAAC,SAAS;AAAA,IACZ;AAIA,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC,EAAE,MAAM,WAAW,GAAuB;AAAA,MAC1C;AAAA,MACA;AAAA,IACF;AAEA,WAAO,IAAI,WAAW,SAAS;AAAA,EACjC;AAAA,EAEA,MAAgB,WACd,KACA,IACA,YACqB;AAErB,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC;AAAA,MACA;AAAA,MACA,EAAE,MAAM,UAAU;AAAA,MAClB;AAAA,MACA,CAAC,SAAS;AAAA,IACZ;AAIA,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC,EAAE,MAAM,WAAW,GAAuB;AAAA,MAC1C;AAAA,MACA;AAAA,IACF;AAEA,WAAO,IAAI,WAAW,SAAS;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,wBAAwB,WAAmC;AACzD,UAAM,MAAM,UAAU;AAGtB,QAAI,QAAQ,MAAM,UAAU,CAAC,MAAM,GAAM;AACvC,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,OAAO,UAAU,CAAC,MAAM,KAAQ,UAAU,CAAC,MAAM,IAAO;AAClE,YAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,UAAI,CAAC,cAAc;AACjB,cAAM,IAAI;AAAA,UACR,iDAAiD,UAAU,CAAC,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,QAC7F;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,IAAI;AACd,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,6FAA6F,GAAG;AAAA,IAClG;AAAA,EACF;AACF;","names":["nobleSha512"]}
+{"version":3,"sources":["../../../src/crypto/ecies/browser.ts"],"sourcesContent":["/**\n * Browser implementation of ECIES using @noble/secp256k1 with Uint8Array\n *\n * @remarks\n * Uses native browser crypto APIs and @noble/secp256k1 for elliptic curve operations.\n * This implementation is polyfill-free and works in all modern browsers.\n */\n\nimport * as secp256k1 from \"@noble/secp256k1\";\nimport { BaseECIESUint8 } from \"./base\";\nimport { toHex } from \"viem\";\nimport { hmac } from \"@noble/hashes/hmac\";\nimport { sha256, sha512 as nobleSha512 } from \"@noble/hashes/sha2\";\n\n/**\n * Browser-specific ECIES provider using @noble/secp256k1\n *\n * @remarks\n * This implementation uses:\n * - Web Crypto API for AES operations\n * - @noble/secp256k1 for elliptic curve operations\n * - @noble/hashes for SHA and HMAC operations\n * - No Buffer or Node.js dependencies\n */\nexport class BrowserECIESUint8Provider extends BaseECIESUint8 {\n  protected generateRandomBytes(length: number): Uint8Array {\n    const bytes = new Uint8Array(length);\n    crypto.getRandomValues(bytes);\n    return bytes;\n  }\n\n  protected verifyPrivateKey(privateKey: Uint8Array): boolean {\n    try {\n      return secp256k1.utils.isValidPrivateKey(privateKey);\n    } catch {\n      return false;\n    }\n  }\n\n  protected createPublicKey(\n    privateKey: Uint8Array,\n    compressed: boolean,\n  ): Uint8Array | null {\n    try {\n      return secp256k1.getPublicKey(privateKey, compressed);\n    } catch {\n      return null;\n    }\n  }\n\n  protected validatePublicKey(publicKey: Uint8Array): boolean {\n    try {\n      // @noble/secp256k1 will throw if the point is not on the curve\n      secp256k1.Point.fromHex(publicKey);\n      return true;\n    } catch {\n      return false;\n    }\n  }\n\n  protected decompressPublicKey(publicKey: Uint8Array): Uint8Array | null {\n    try {\n      // @noble/secp256k1 handles both compressed and uncompressed\n      const point = secp256k1.Point.fromHex(publicKey);\n      return point.toRawBytes(false); // false = uncompressed\n    } catch {\n      return null;\n    }\n  }\n\n  protected performECDH(\n    publicKey: Uint8Array,\n    privateKey: Uint8Array,\n  ): Uint8Array {\n    try {\n      // Use @noble/secp256k1's getSharedSecret which is optimized and secure\n      // The 'true' parameter returns the raw x-coordinate (32 bytes)\n      // This matches eccrypto's behavior\n      const sharedPoint = secp256k1.getSharedSecret(\n        privateKey,\n        publicKey,\n        true,\n      );\n\n      // getSharedSecret returns compressed point (33 bytes) when true\n      // We need just the x-coordinate (32 bytes) for eccrypto compatibility\n      // Remove the prefix byte\n      return sharedPoint.slice(1);\n    } catch (error) {\n      throw new Error(\n        `ECDH failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n      );\n    }\n  }\n\n  protected sha512(data: Uint8Array): Uint8Array {\n    return nobleSha512(data);\n  }\n\n  protected hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array {\n    return hmac(sha256, key, data);\n  }\n\n  protected async aesEncrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    plaintext: Uint8Array,\n  ): Promise<Uint8Array> {\n    // Import the key for AES-CBC\n    const cryptoKey = await crypto.subtle.importKey(\n      \"raw\",\n      key as BufferSource,\n      { name: \"AES-CBC\" },\n      false,\n      [\"encrypt\"],\n    );\n\n    // Encrypt with Web Crypto API\n    // Note: Web Crypto API automatically handles PKCS#7 padding for AES-CBC\n    const encrypted = await crypto.subtle.encrypt(\n      { name: \"AES-CBC\", iv: iv as BufferSource },\n      cryptoKey,\n      plaintext as BufferSource,\n    );\n\n    return new Uint8Array(encrypted);\n  }\n\n  protected async aesDecrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    ciphertext: Uint8Array,\n  ): Promise<Uint8Array> {\n    // Import the key for AES-CBC\n    const cryptoKey = await crypto.subtle.importKey(\n      \"raw\",\n      key as BufferSource,\n      { name: \"AES-CBC\" },\n      false,\n      [\"decrypt\"],\n    );\n\n    // Decrypt with Web Crypto API\n    // Note: Web Crypto API automatically handles PKCS#7 padding removal\n    const decrypted = await crypto.subtle.decrypt(\n      { name: \"AES-CBC\", iv: iv as BufferSource },\n      cryptoKey,\n      ciphertext as BufferSource,\n    );\n\n    return new Uint8Array(decrypted);\n  }\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   * Handles compressed (33 bytes) and uncompressed (65 bytes) formats only.\n   *\n   * @remarks\n   * Strict policy: Does not accept 64-byte raw coordinates to avoid masking\n   * malformed data. Callers must provide properly formatted keys.\n   *\n   * @param publicKey - The public key to normalize (33 or 65 bytes)\n   * @returns The normalized uncompressed public key (65 bytes)\n   * @throws {Error} When public key format is invalid or decompression fails\n   */\n  normalizeToUncompressed(publicKey: Uint8Array): Uint8Array {\n    const len = publicKey.length;\n\n    // Already uncompressed\n    if (len === 65 && publicKey[0] === 0x04) {\n      return publicKey;\n    }\n\n    // Compressed - decompress using @noble/secp256k1\n    if (len === 33 && (publicKey[0] === 0x02 || publicKey[0] === 0x03)) {\n      const decompressed = this.decompressPublicKey(publicKey);\n      if (!decompressed) {\n        throw new Error(\n          `Failed to decompress public key with prefix ${toHex(publicKey[0])}`,\n        );\n      }\n      return decompressed;\n    }\n\n    // Reject raw coordinates (64 bytes) - require proper formatting\n    if (len === 64) {\n      throw new Error(\n        \"Raw public key coordinates (64 bytes) are not accepted. \" +\n          \"Please provide a properly formatted compressed (33 bytes) or uncompressed (65 bytes) public key.\",\n      );\n    }\n\n    throw new Error(\n      `Invalid public key format: expected compressed (33 bytes) or uncompressed (65 bytes), got ${len} bytes`,\n    );\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAQA,gBAA2B;AAC3B,kBAA+B;AAC/B,kBAAsB;AACtB,kBAAqB;AACrB,kBAA8C;AAYvC,MAAM,kCAAkC,2BAAe;AAAA,EAClD,oBAAoB,QAA4B;AACxD,UAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,WAAO,gBAAgB,KAAK;AAC5B,WAAO;AAAA,EACT;AAAA,EAEU,iBAAiB,YAAiC;AAC1D,QAAI;AACF,aAAO,UAAU,MAAM,kBAAkB,UAAU;AAAA,IACrD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,gBACR,YACA,YACmB;AACnB,QAAI;AACF,aAAO,UAAU,aAAa,YAAY,UAAU;AAAA,IACtD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,kBAAkB,WAAgC;AAC1D,QAAI;AAEF,gBAAU,MAAM,QAAQ,SAAS;AACjC,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,oBAAoB,WAA0C;AACtE,QAAI;AAEF,YAAM,QAAQ,UAAU,MAAM,QAAQ,SAAS;AAC/C,aAAO,MAAM,WAAW,KAAK;AAAA,IAC/B,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,YACR,WACA,YACY;AACZ,QAAI;AAIF,YAAM,cAAc,UAAU;AAAA,QAC5B;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAKA,aAAO,YAAY,MAAM,CAAC;AAAA,IAC5B,SAAS,OAAO;AACd,YAAM,IAAI;AAAA,QACR,gBAAgB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AAAA,EAEU,OAAO,MAA8B;AAC7C,eAAO,YAAAA,QAAY,IAAI;AAAA,EACzB;AAAA,EAEU,WAAW,KAAiB,MAA8B;AAClE,eAAO,kBAAK,oBAAQ,KAAK,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAgB,WACd,KACA,IACA,WACqB;AAErB,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC;AAAA,MACA;AAAA,MACA,EAAE,MAAM,UAAU;AAAA,MAClB;AAAA,MACA,CAAC,SAAS;AAAA,IACZ;AAIA,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC,EAAE,MAAM,WAAW,GAAuB;AAAA,MAC1C;AAAA,MACA;AAAA,IACF;AAEA,WAAO,IAAI,WAAW,SAAS;AAAA,EACjC;AAAA,EAEA,MAAgB,WACd,KACA,IACA,YACqB;AAErB,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC;AAAA,MACA;AAAA,MACA,EAAE,MAAM,UAAU;AAAA,MAClB;AAAA,MACA,CAAC,SAAS;AAAA,IACZ;AAIA,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC,EAAE,MAAM,WAAW,GAAuB;AAAA,MAC1C;AAAA,MACA;AAAA,IACF;AAEA,WAAO,IAAI,WAAW,SAAS;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,wBAAwB,WAAmC;AACzD,UAAM,MAAM,UAAU;AAGtB,QAAI,QAAQ,MAAM,UAAU,CAAC,MAAM,GAAM;AACvC,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,OAAO,UAAU,CAAC,MAAM,KAAQ,UAAU,CAAC,MAAM,IAAO;AAClE,YAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,UAAI,CAAC,cAAc;AACjB,cAAM,IAAI;AAAA,UACR,mDAA+C,mBAAM,UAAU,CAAC,CAAC,CAAC;AAAA,QACpE;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,IAAI;AACd,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,6FAA6F,GAAG;AAAA,IAClG;AAAA,EACF;AACF;","names":["nobleSha512"]}

package/dist/crypto/ecies/browser.d.ts

@@ -1,6 +1,3 @@
-import { BaseECIESUint8 } from './base.js';
-import './interface.js';
-
 /**
  * Browser implementation of ECIES using @noble/secp256k1 with Uint8Array
  *
@@ -8,7 +5,7 @@ import './interface.js';
  * Uses native browser crypto APIs and @noble/secp256k1 for elliptic curve operations.
  * This implementation is polyfill-free and works in all modern browsers.
  */
-
+import { BaseECIESUint8 } from "./base";
 /**
  * Browser-specific ECIES provider using @noble/secp256k1
  *
@@ -19,7 +16,7 @@ import './interface.js';
  * - @noble/hashes for SHA and HMAC operations
  * - No Buffer or Node.js dependencies
  */
-declare class BrowserECIESUint8Provider extends BaseECIESUint8 {
+export declare class BrowserECIESUint8Provider extends BaseECIESUint8 {
     protected generateRandomBytes(length: number): Uint8Array;
     protected verifyPrivateKey(privateKey: Uint8Array): boolean;
     protected createPublicKey(privateKey: Uint8Array, compressed: boolean): Uint8Array | null;
@@ -44,5 +41,3 @@ declare class BrowserECIESUint8Provider extends BaseECIESUint8 {
      */
     normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;
 }
-
-export { BrowserECIESUint8Provider };

package/dist/crypto/ecies/browser.js

@@ -1,5 +1,6 @@
 import * as secp256k1 from "@noble/secp256k1";
 import { BaseECIESUint8 } from "./base";
+import { toHex } from "viem";
 import { hmac } from "@noble/hashes/hmac";
 import { sha256, sha512 as nobleSha512 } from "@noble/hashes/sha2";
 class BrowserECIESUint8Provider extends BaseECIESUint8 {
@@ -109,7 +110,7 @@ class BrowserECIESUint8Provider extends BaseECIESUint8 {
       const decompressed = this.decompressPublicKey(publicKey);
       if (!decompressed) {
         throw new Error(
-          `Failed to decompress public key with prefix 0x${publicKey[0].toString(16).padStart(2, "0")}`
+          `Failed to decompress public key with prefix ${toHex(publicKey[0])}`
         );
       }
       return decompressed;

package/dist/crypto/ecies/browser.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/crypto/ecies/browser.ts"],"sourcesContent":["/**\n * Browser implementation of ECIES using @noble/secp256k1 with Uint8Array\n *\n * @remarks\n * Uses native browser crypto APIs and @noble/secp256k1 for elliptic curve operations.\n * This implementation is polyfill-free and works in all modern browsers.\n */\n\nimport * as secp256k1 from \"@noble/secp256k1\";\nimport { BaseECIESUint8 } from \"./base\";\nimport { hmac } from \"@noble/hashes/hmac\";\nimport { sha256, sha512 as nobleSha512 } from \"@noble/hashes/sha2\";\n\n/**\n * Browser-specific ECIES provider using @noble/secp256k1\n *\n * @remarks\n * This implementation uses:\n * - Web Crypto API for AES operations\n * - @noble/secp256k1 for elliptic curve operations\n * - @noble/hashes for SHA and HMAC operations\n * - No Buffer or Node.js dependencies\n */\nexport class BrowserECIESUint8Provider extends BaseECIESUint8 {\n  protected generateRandomBytes(length: number): Uint8Array {\n    const bytes = new Uint8Array(length);\n    crypto.getRandomValues(bytes);\n    return bytes;\n  }\n\n  protected verifyPrivateKey(privateKey: Uint8Array): boolean {\n    try {\n      return secp256k1.utils.isValidPrivateKey(privateKey);\n    } catch {\n      return false;\n    }\n  }\n\n  protected createPublicKey(\n    privateKey: Uint8Array,\n    compressed: boolean,\n  ): Uint8Array | null {\n    try {\n      return secp256k1.getPublicKey(privateKey, compressed);\n    } catch {\n      return null;\n    }\n  }\n\n  protected validatePublicKey(publicKey: Uint8Array): boolean {\n    try {\n      // @noble/secp256k1 will throw if the point is not on the curve\n      secp256k1.Point.fromHex(publicKey);\n      return true;\n    } catch {\n      return false;\n    }\n  }\n\n  protected decompressPublicKey(publicKey: Uint8Array): Uint8Array | null {\n    try {\n      // @noble/secp256k1 handles both compressed and uncompressed\n      const point = secp256k1.Point.fromHex(publicKey);\n      return point.toRawBytes(false); // false = uncompressed\n    } catch {\n      return null;\n    }\n  }\n\n  protected performECDH(\n    publicKey: Uint8Array,\n    privateKey: Uint8Array,\n  ): Uint8Array {\n    try {\n      // Use @noble/secp256k1's getSharedSecret which is optimized and secure\n      // The 'true' parameter returns the raw x-coordinate (32 bytes)\n      // This matches eccrypto's behavior\n      const sharedPoint = secp256k1.getSharedSecret(\n        privateKey,\n        publicKey,\n        true,\n      );\n\n      // getSharedSecret returns compressed point (33 bytes) when true\n      // We need just the x-coordinate (32 bytes) for eccrypto compatibility\n      // Remove the prefix byte\n      return sharedPoint.slice(1);\n    } catch (error) {\n      throw new Error(\n        `ECDH failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n      );\n    }\n  }\n\n  protected sha512(data: Uint8Array): Uint8Array {\n    return nobleSha512(data);\n  }\n\n  protected hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array {\n    return hmac(sha256, key, data);\n  }\n\n  protected async aesEncrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    plaintext: Uint8Array,\n  ): Promise<Uint8Array> {\n    // Import the key for AES-CBC\n    const cryptoKey = await crypto.subtle.importKey(\n      \"raw\",\n      key as BufferSource,\n      { name: \"AES-CBC\" },\n      false,\n      [\"encrypt\"],\n    );\n\n    // Encrypt with Web Crypto API\n    // Note: Web Crypto API automatically handles PKCS#7 padding for AES-CBC\n    const encrypted = await crypto.subtle.encrypt(\n      { name: \"AES-CBC\", iv: iv as BufferSource },\n      cryptoKey,\n      plaintext as BufferSource,\n    );\n\n    return new Uint8Array(encrypted);\n  }\n\n  protected async aesDecrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    ciphertext: Uint8Array,\n  ): Promise<Uint8Array> {\n    // Import the key for AES-CBC\n    const cryptoKey = await crypto.subtle.importKey(\n      \"raw\",\n      key as BufferSource,\n      { name: \"AES-CBC\" },\n      false,\n      [\"decrypt\"],\n    );\n\n    // Decrypt with Web Crypto API\n    // Note: Web Crypto API automatically handles PKCS#7 padding removal\n    const decrypted = await crypto.subtle.decrypt(\n      { name: \"AES-CBC\", iv: iv as BufferSource },\n      cryptoKey,\n      ciphertext as BufferSource,\n    );\n\n    return new Uint8Array(decrypted);\n  }\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   * Handles compressed (33 bytes) and uncompressed (65 bytes) formats only.\n   *\n   * @remarks\n   * Strict policy: Does not accept 64-byte raw coordinates to avoid masking\n   * malformed data. Callers must provide properly formatted keys.\n   *\n   * @param publicKey - The public key to normalize (33 or 65 bytes)\n   * @returns The normalized uncompressed public key (65 bytes)\n   * @throws {Error} When public key format is invalid or decompression fails\n   */\n  normalizeToUncompressed(publicKey: Uint8Array): Uint8Array {\n    const len = publicKey.length;\n\n    // Already uncompressed\n    if (len === 65 && publicKey[0] === 0x04) {\n      return publicKey;\n    }\n\n    // Compressed - decompress using @noble/secp256k1\n    if (len === 33 && (publicKey[0] === 0x02 || publicKey[0] === 0x03)) {\n      const decompressed = this.decompressPublicKey(publicKey);\n      if (!decompressed) {\n        throw new Error(\n          `Failed to decompress public key with prefix 0x${publicKey[0].toString(16).padStart(2, \"0\")}`,\n        );\n      }\n      return decompressed;\n    }\n\n    // Reject raw coordinates (64 bytes) - require proper formatting\n    if (len === 64) {\n      throw new Error(\n        \"Raw public key coordinates (64 bytes) are not accepted. \" +\n          \"Please provide a properly formatted compressed (33 bytes) or uncompressed (65 bytes) public key.\",\n      );\n    }\n\n    throw new Error(\n      `Invalid public key format: expected compressed (33 bytes) or uncompressed (65 bytes), got ${len} bytes`,\n    );\n  }\n}\n"],"mappings":"AAQA,YAAY,eAAe;AAC3B,SAAS,sBAAsB;AAC/B,SAAS,YAAY;AACrB,SAAS,QAAQ,UAAU,mBAAmB;AAYvC,MAAM,kCAAkC,eAAe;AAAA,EAClD,oBAAoB,QAA4B;AACxD,UAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,WAAO,gBAAgB,KAAK;AAC5B,WAAO;AAAA,EACT;AAAA,EAEU,iBAAiB,YAAiC;AAC1D,QAAI;AACF,aAAO,UAAU,MAAM,kBAAkB,UAAU;AAAA,IACrD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,gBACR,YACA,YACmB;AACnB,QAAI;AACF,aAAO,UAAU,aAAa,YAAY,UAAU;AAAA,IACtD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,kBAAkB,WAAgC;AAC1D,QAAI;AAEF,gBAAU,MAAM,QAAQ,SAAS;AACjC,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,oBAAoB,WAA0C;AACtE,QAAI;AAEF,YAAM,QAAQ,UAAU,MAAM,QAAQ,SAAS;AAC/C,aAAO,MAAM,WAAW,KAAK;AAAA,IAC/B,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,YACR,WACA,YACY;AACZ,QAAI;AAIF,YAAM,cAAc,UAAU;AAAA,QAC5B;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAKA,aAAO,YAAY,MAAM,CAAC;AAAA,IAC5B,SAAS,OAAO;AACd,YAAM,IAAI;AAAA,QACR,gBAAgB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AAAA,EAEU,OAAO,MAA8B;AAC7C,WAAO,YAAY,IAAI;AAAA,EACzB;AAAA,EAEU,WAAW,KAAiB,MAA8B;AAClE,WAAO,KAAK,QAAQ,KAAK,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAgB,WACd,KACA,IACA,WACqB;AAErB,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC;AAAA,MACA;AAAA,MACA,EAAE,MAAM,UAAU;AAAA,MAClB;AAAA,MACA,CAAC,SAAS;AAAA,IACZ;AAIA,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC,EAAE,MAAM,WAAW,GAAuB;AAAA,MAC1C;AAAA,MACA;AAAA,IACF;AAEA,WAAO,IAAI,WAAW,SAAS;AAAA,EACjC;AAAA,EAEA,MAAgB,WACd,KACA,IACA,YACqB;AAErB,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC;AAAA,MACA;AAAA,MACA,EAAE,MAAM,UAAU;AAAA,MAClB;AAAA,MACA,CAAC,SAAS;AAAA,IACZ;AAIA,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC,EAAE,MAAM,WAAW,GAAuB;AAAA,MAC1C;AAAA,MACA;AAAA,IACF;AAEA,WAAO,IAAI,WAAW,SAAS;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,wBAAwB,WAAmC;AACzD,UAAM,MAAM,UAAU;AAGtB,QAAI,QAAQ,MAAM,UAAU,CAAC,MAAM,GAAM;AACvC,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,OAAO,UAAU,CAAC,MAAM,KAAQ,UAAU,CAAC,MAAM,IAAO;AAClE,YAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,UAAI,CAAC,cAAc;AACjB,cAAM,IAAI;AAAA,UACR,iDAAiD,UAAU,CAAC,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,QAC7F;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,IAAI;AACd,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,6FAA6F,GAAG;AAAA,IAClG;AAAA,EACF;AACF;","names":[]}
+{"version":3,"sources":["../../../src/crypto/ecies/browser.ts"],"sourcesContent":["/**\n * Browser implementation of ECIES using @noble/secp256k1 with Uint8Array\n *\n * @remarks\n * Uses native browser crypto APIs and @noble/secp256k1 for elliptic curve operations.\n * This implementation is polyfill-free and works in all modern browsers.\n */\n\nimport * as secp256k1 from \"@noble/secp256k1\";\nimport { BaseECIESUint8 } from \"./base\";\nimport { toHex } from \"viem\";\nimport { hmac } from \"@noble/hashes/hmac\";\nimport { sha256, sha512 as nobleSha512 } from \"@noble/hashes/sha2\";\n\n/**\n * Browser-specific ECIES provider using @noble/secp256k1\n *\n * @remarks\n * This implementation uses:\n * - Web Crypto API for AES operations\n * - @noble/secp256k1 for elliptic curve operations\n * - @noble/hashes for SHA and HMAC operations\n * - No Buffer or Node.js dependencies\n */\nexport class BrowserECIESUint8Provider extends BaseECIESUint8 {\n  protected generateRandomBytes(length: number): Uint8Array {\n    const bytes = new Uint8Array(length);\n    crypto.getRandomValues(bytes);\n    return bytes;\n  }\n\n  protected verifyPrivateKey(privateKey: Uint8Array): boolean {\n    try {\n      return secp256k1.utils.isValidPrivateKey(privateKey);\n    } catch {\n      return false;\n    }\n  }\n\n  protected createPublicKey(\n    privateKey: Uint8Array,\n    compressed: boolean,\n  ): Uint8Array | null {\n    try {\n      return secp256k1.getPublicKey(privateKey, compressed);\n    } catch {\n      return null;\n    }\n  }\n\n  protected validatePublicKey(publicKey: Uint8Array): boolean {\n    try {\n      // @noble/secp256k1 will throw if the point is not on the curve\n      secp256k1.Point.fromHex(publicKey);\n      return true;\n    } catch {\n      return false;\n    }\n  }\n\n  protected decompressPublicKey(publicKey: Uint8Array): Uint8Array | null {\n    try {\n      // @noble/secp256k1 handles both compressed and uncompressed\n      const point = secp256k1.Point.fromHex(publicKey);\n      return point.toRawBytes(false); // false = uncompressed\n    } catch {\n      return null;\n    }\n  }\n\n  protected performECDH(\n    publicKey: Uint8Array,\n    privateKey: Uint8Array,\n  ): Uint8Array {\n    try {\n      // Use @noble/secp256k1's getSharedSecret which is optimized and secure\n      // The 'true' parameter returns the raw x-coordinate (32 bytes)\n      // This matches eccrypto's behavior\n      const sharedPoint = secp256k1.getSharedSecret(\n        privateKey,\n        publicKey,\n        true,\n      );\n\n      // getSharedSecret returns compressed point (33 bytes) when true\n      // We need just the x-coordinate (32 bytes) for eccrypto compatibility\n      // Remove the prefix byte\n      return sharedPoint.slice(1);\n    } catch (error) {\n      throw new Error(\n        `ECDH failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n      );\n    }\n  }\n\n  protected sha512(data: Uint8Array): Uint8Array {\n    return nobleSha512(data);\n  }\n\n  protected hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array {\n    return hmac(sha256, key, data);\n  }\n\n  protected async aesEncrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    plaintext: Uint8Array,\n  ): Promise<Uint8Array> {\n    // Import the key for AES-CBC\n    const cryptoKey = await crypto.subtle.importKey(\n      \"raw\",\n      key as BufferSource,\n      { name: \"AES-CBC\" },\n      false,\n      [\"encrypt\"],\n    );\n\n    // Encrypt with Web Crypto API\n    // Note: Web Crypto API automatically handles PKCS#7 padding for AES-CBC\n    const encrypted = await crypto.subtle.encrypt(\n      { name: \"AES-CBC\", iv: iv as BufferSource },\n      cryptoKey,\n      plaintext as BufferSource,\n    );\n\n    return new Uint8Array(encrypted);\n  }\n\n  protected async aesDecrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    ciphertext: Uint8Array,\n  ): Promise<Uint8Array> {\n    // Import the key for AES-CBC\n    const cryptoKey = await crypto.subtle.importKey(\n      \"raw\",\n      key as BufferSource,\n      { name: \"AES-CBC\" },\n      false,\n      [\"decrypt\"],\n    );\n\n    // Decrypt with Web Crypto API\n    // Note: Web Crypto API automatically handles PKCS#7 padding removal\n    const decrypted = await crypto.subtle.decrypt(\n      { name: \"AES-CBC\", iv: iv as BufferSource },\n      cryptoKey,\n      ciphertext as BufferSource,\n    );\n\n    return new Uint8Array(decrypted);\n  }\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   * Handles compressed (33 bytes) and uncompressed (65 bytes) formats only.\n   *\n   * @remarks\n   * Strict policy: Does not accept 64-byte raw coordinates to avoid masking\n   * malformed data. Callers must provide properly formatted keys.\n   *\n   * @param publicKey - The public key to normalize (33 or 65 bytes)\n   * @returns The normalized uncompressed public key (65 bytes)\n   * @throws {Error} When public key format is invalid or decompression fails\n   */\n  normalizeToUncompressed(publicKey: Uint8Array): Uint8Array {\n    const len = publicKey.length;\n\n    // Already uncompressed\n    if (len === 65 && publicKey[0] === 0x04) {\n      return publicKey;\n    }\n\n    // Compressed - decompress using @noble/secp256k1\n    if (len === 33 && (publicKey[0] === 0x02 || publicKey[0] === 0x03)) {\n      const decompressed = this.decompressPublicKey(publicKey);\n      if (!decompressed) {\n        throw new Error(\n          `Failed to decompress public key with prefix ${toHex(publicKey[0])}`,\n        );\n      }\n      return decompressed;\n    }\n\n    // Reject raw coordinates (64 bytes) - require proper formatting\n    if (len === 64) {\n      throw new Error(\n        \"Raw public key coordinates (64 bytes) are not accepted. \" +\n          \"Please provide a properly formatted compressed (33 bytes) or uncompressed (65 bytes) public key.\",\n      );\n    }\n\n    throw new Error(\n      `Invalid public key format: expected compressed (33 bytes) or uncompressed (65 bytes), got ${len} bytes`,\n    );\n  }\n}\n"],"mappings":"AAQA,YAAY,eAAe;AAC3B,SAAS,sBAAsB;AAC/B,SAAS,aAAa;AACtB,SAAS,YAAY;AACrB,SAAS,QAAQ,UAAU,mBAAmB;AAYvC,MAAM,kCAAkC,eAAe;AAAA,EAClD,oBAAoB,QAA4B;AACxD,UAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,WAAO,gBAAgB,KAAK;AAC5B,WAAO;AAAA,EACT;AAAA,EAEU,iBAAiB,YAAiC;AAC1D,QAAI;AACF,aAAO,UAAU,MAAM,kBAAkB,UAAU;AAAA,IACrD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,gBACR,YACA,YACmB;AACnB,QAAI;AACF,aAAO,UAAU,aAAa,YAAY,UAAU;AAAA,IACtD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,kBAAkB,WAAgC;AAC1D,QAAI;AAEF,gBAAU,MAAM,QAAQ,SAAS;AACjC,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,oBAAoB,WAA0C;AACtE,QAAI;AAEF,YAAM,QAAQ,UAAU,MAAM,QAAQ,SAAS;AAC/C,aAAO,MAAM,WAAW,KAAK;AAAA,IAC/B,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,YACR,WACA,YACY;AACZ,QAAI;AAIF,YAAM,cAAc,UAAU;AAAA,QAC5B;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAKA,aAAO,YAAY,MAAM,CAAC;AAAA,IAC5B,SAAS,OAAO;AACd,YAAM,IAAI;AAAA,QACR,gBAAgB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AAAA,EAEU,OAAO,MAA8B;AAC7C,WAAO,YAAY,IAAI;AAAA,EACzB;AAAA,EAEU,WAAW,KAAiB,MAA8B;AAClE,WAAO,KAAK,QAAQ,KAAK,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAgB,WACd,KACA,IACA,WACqB;AAErB,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC;AAAA,MACA;AAAA,MACA,EAAE,MAAM,UAAU;AAAA,MAClB;AAAA,MACA,CAAC,SAAS;AAAA,IACZ;AAIA,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC,EAAE,MAAM,WAAW,GAAuB;AAAA,MAC1C;AAAA,MACA;AAAA,IACF;AAEA,WAAO,IAAI,WAAW,SAAS;AAAA,EACjC;AAAA,EAEA,MAAgB,WACd,KACA,IACA,YACqB;AAErB,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC;AAAA,MACA;AAAA,MACA,EAAE,MAAM,UAAU;AAAA,MAClB;AAAA,MACA,CAAC,SAAS;AAAA,IACZ;AAIA,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC,EAAE,MAAM,WAAW,GAAuB;AAAA,MAC1C;AAAA,MACA;AAAA,IACF;AAEA,WAAO,IAAI,WAAW,SAAS;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,wBAAwB,WAAmC;AACzD,UAAM,MAAM,UAAU;AAGtB,QAAI,QAAQ,MAAM,UAAU,CAAC,MAAM,GAAM;AACvC,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,OAAO,UAAU,CAAC,MAAM,KAAQ,UAAU,CAAC,MAAM,IAAO;AAClE,YAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,UAAI,CAAC,cAAc;AACjB,cAAM,IAAI;AAAA,UACR,+CAA+C,MAAM,UAAU,CAAC,CAAC,CAAC;AAAA,QACpE;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,IAAI;AACd,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,6FAA6F,GAAG;AAAA,IAClG;AAAA,EACF;AACF;","names":[]}

package/dist/crypto/ecies/constants.d.ts

@@ -8,7 +8,7 @@
 /**
  * Elliptic curve parameters
  */
-declare const CURVE: {
+export declare const CURVE: {
     /** The elliptic curve used (secp256k1 - same as Bitcoin/Ethereum) */
     readonly name: "secp256k1";
     /** Private key length in bytes */
@@ -36,7 +36,7 @@ declare const CURVE: {
 /**
  * Symmetric encryption parameters (AES-256-CBC)
  */
-declare const CIPHER: {
+export declare const CIPHER: {
     /** Cipher algorithm - must match eccrypto */
     readonly algorithm: "aes-256-cbc";
     /** AES key length in bytes */
@@ -49,7 +49,7 @@ declare const CIPHER: {
 /**
  * Key derivation function parameters
  */
-declare const KDF: {
+export declare const KDF: {
     /** Hash algorithm for key derivation - must match eccrypto */
     readonly algorithm: "sha512";
     /** Output length of SHA-512 in bytes */
@@ -64,7 +64,7 @@ declare const KDF: {
 /**
  * Message authentication code parameters
  */
-declare const MAC: {
+export declare const MAC: {
     /** MAC algorithm - must match eccrypto */
     readonly algorithm: "sha256";
     /** HMAC-SHA256 output length in bytes */
@@ -74,7 +74,7 @@ declare const MAC: {
  * ECIES encrypted data format offsets and lengths
  * Format: [iv(16)][ephemPublicKey(65)][ciphertext(variable)][mac(32)]
  */
-declare const FORMAT: {
+export declare const FORMAT: {
     /** Offsets for each component in serialized format */
     readonly IV_OFFSET: 0;
     readonly IV_LENGTH: 16;
@@ -98,7 +98,7 @@ declare const FORMAT: {
 /**
  * Security constants for data clearing
  */
-declare const SECURITY: {
+export declare const SECURITY: {
     /** Overwrite patterns for secure data clearing */
     readonly CLEAR_PATTERNS: {
         readonly ZEROS: 0;
@@ -112,11 +112,9 @@ declare const SECURITY: {
 /**
  * Validation helpers
  */
-declare const VALIDATION: {
+export declare const VALIDATION: {
     readonly isValidPrivateKey: (key: Uint8Array) => boolean;
     readonly isValidPublicKey: (key: Uint8Array) => boolean;
     readonly isCompressedPublicKey: (key: Uint8Array) => boolean;
     readonly isUncompressedPublicKey: (key: Uint8Array) => boolean;
 };
-
-export { CIPHER, CURVE, FORMAT, KDF, MAC, SECURITY, VALIDATION };

package/dist/crypto/ecies/index.d.ts

@@ -1 +1,8 @@
-export { ECIESEncrypted, ECIESError, ECIESOptions, ECIESProvider, deserializeECIES, isECIESEncrypted, serializeECIES } from './interface.js';
+/**
+ * ECIES Module Entry Point
+ *
+ * Exports interface and utilities for ECIES encryption/decryption
+ * Platform-specific implementations are imported separately
+ */
+export type { ECIESProvider, ECIESEncrypted, ECIESOptions } from "./interface";
+export { ECIESError, isECIESEncrypted, serializeECIES, deserializeECIES, } from "./interface";

package/dist/crypto/ecies/interface.cjs

@@ -25,6 +25,7 @@ __export(interface_exports, {
 });
 module.exports = __toCommonJS(interface_exports);
 var import_constants = require("./constants");
+var import_viem = require("viem");
 class ECIESError extends Error {
   constructor(message, code, cause) {
     super(message);
@@ -53,13 +54,11 @@ function serializeECIES(encrypted) {
   combined.set(encrypted.ciphertext, offset);
   offset += encrypted.ciphertext.length;
   combined.set(encrypted.mac, offset);
-  return Array.from(combined).map((b) => b.toString(16).padStart(2, "0")).join("");
+  return (0, import_viem.toHex)(combined).slice(2);
 }
 function deserializeECIES(hex) {
-  const bytes = new Uint8Array(hex.length / 2);
-  for (let i = 0; i < hex.length; i += 2) {
-    bytes[i / 2] = parseInt(hex.substr(i, 2), 16);
-  }
+  const hexWithPrefix = hex.startsWith("0x") ? hex : `0x${hex}`;
+  const bytes = (0, import_viem.fromHex)(hexWithPrefix, "bytes");
   const ephemKeySize = bytes[import_constants.FORMAT.EPHEMERAL_KEY_OFFSET] === import_constants.CURVE.PREFIX.UNCOMPRESSED ? import_constants.CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH : import_constants.CURVE.COMPRESSED_PUBLIC_KEY_LENGTH;
   const minLength = import_constants.FORMAT.IV_LENGTH + ephemKeySize + import_constants.MAC.LENGTH + 1;
   if (bytes.length < minLength) {

package/dist/crypto/ecies/interface.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/crypto/ecies/interface.ts"],"sourcesContent":["/**\n * ECIES (Elliptic Curve Integrated Encryption Scheme) Interface\n *\n * @remarks\n * Defines the contract for platform-specific ECIES implementations.\n * All implementations maintain compatibility with the eccrypto format to ensure\n * backward compatibility with existing encrypted data.\n *\n * **Format specification:**\n * `[iv (16 bytes)][ephemPublicKey (65 bytes)][ciphertext (variable)][mac (32 bytes)]`\n *\n * @category Cryptography\n */\n\nimport { CIPHER, CURVE, MAC, FORMAT } from \"./constants\";\n\n/**\n * Represents ECIES encrypted data in eccrypto-compatible format.\n *\n * @remarks\n * This structure maintains backward compatibility with data encrypted using\n * the legacy eccrypto library.\n */\nexport interface ECIESEncrypted {\n  /** Initialization vector (16 bytes) */\n  iv: Uint8Array;\n  /** Ephemeral public key (65 bytes uncompressed) */\n  ephemPublicKey: Uint8Array;\n  /** Encrypted data */\n  ciphertext: Uint8Array;\n  /** Message authentication code (32 bytes) */\n  mac: Uint8Array;\n}\n\n/**\n * Provides ECIES encryption and decryption operations.\n *\n * @remarks\n * Platform-specific implementations handle the underlying cryptographic primitives\n * while maintaining consistent data format across environments.\n *\n * @category Cryptography\n */\nexport interface ECIESProvider {\n  /**\n   * Encrypts data using ECIES with secp256k1.\n   *\n   * @param publicKey - Recipient's public key (65 bytes uncompressed or 33 bytes compressed).\n   *   Obtain via `vana.server.getIdentity(userAddress).public_key`.\n   * @param message - Data to encrypt.\n   * @returns Encrypted data structure compatible with eccrypto format.\n   * @throws {ECIESError} When public key is invalid.\n   *   Verify key format matches secp256k1 requirements.\n   *\n   * @example\n   * ```typescript\n   * const encrypted = await provider.encrypt(\n   *   hexToBytes(publicKey),\n   *   new TextEncoder().encode('sensitive data')\n   * );\n   * ```\n   */\n  encrypt(publicKey: Uint8Array, message: Uint8Array): Promise<ECIESEncrypted>;\n\n  /**\n   * Decrypts ECIES encrypted data.\n   *\n   * @param privateKey - Recipient's private key (32 bytes).\n   * @param encrypted - Encrypted data structure from `encrypt()` or legacy eccrypto.\n   * @returns Decrypted message as Uint8Array.\n   * @throws {ECIESError} When MAC verification fails.\n   *   Ensure the private key matches the public key used for encryption.\n   *\n   * @example\n   * ```typescript\n   * const decrypted = await provider.decrypt(\n   *   hexToBytes(privateKey),\n   *   encrypted\n   * );\n   * const message = new TextDecoder().decode(decrypted);\n   * ```\n   */\n  decrypt(\n    privateKey: Uint8Array,\n    encrypted: ECIESEncrypted,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   *\n   * @remarks\n   * Strict policy: Only accepts properly formatted compressed (33 bytes) or\n   * uncompressed (65 bytes) public keys. Does not accept 64-byte raw coordinates\n   * to ensure data integrity and prevent masking of malformed inputs.\n   *\n   * @param publicKey - Public key in compressed or uncompressed format\n   * @returns Normalized uncompressed public key (65 bytes with 0x04 prefix)\n   * @throws {Error} When public key format is invalid, including raw coordinates (64 bytes)\n   * @throws {Error} When decompression of compressed key fails\n   *\n   * @example\n   * ```typescript\n   * // Compressed key (33 bytes)\n   * const compressed = new Uint8Array(33);\n   * compressed[0] = 0x02;\n   * const uncompressed = provider.normalizeToUncompressed(compressed);\n   * console.log(uncompressed.length); // 65\n   * console.log(uncompressed[0]); // 0x04\n   *\n   * // Already uncompressed (65 bytes)\n   * const already = provider.normalizeToUncompressed(uncompressedKey);\n   * console.log(already === uncompressedKey); // true (returns same reference)\n   *\n   * // Raw coordinates rejected (64 bytes)\n   * const raw = new Uint8Array(64);\n   * provider.normalizeToUncompressed(raw); // Throws error\n   * ```\n   */\n  normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n}\n\n/**\n * Configures ECIES operation behavior.\n */\nexport interface ECIESOptions {\n  /** Use compressed public keys (33 bytes) instead of uncompressed (65 bytes) */\n  useCompressed?: boolean;\n}\n\n/**\n * Represents failures in ECIES cryptographic operations.\n *\n * @remarks\n * Provides specific error codes to help identify and recover from\n * different failure scenarios.\n *\n * @category Errors\n */\nexport class ECIESError extends Error {\n  constructor(\n    message: string,\n    public readonly code:\n      | \"INVALID_KEY\"\n      | \"ENCRYPTION_FAILED\"\n      | \"DECRYPTION_FAILED\"\n      | \"MAC_MISMATCH\"\n      | \"ECDH_FAILED\",\n    public override readonly cause?: Error,\n  ) {\n    super(message);\n    this.name = \"ECIESError\";\n  }\n}\n\n/**\n * Validates if an object conforms to the ECIESEncrypted structure.\n *\n * @param obj - Object to validate.\n * @returns `true` if object is a valid ECIESEncrypted structure.\n *\n * @example\n * ```typescript\n * if (isECIESEncrypted(data)) {\n *   const decrypted = await provider.decrypt(privateKey, data);\n * }\n * ```\n */\nexport function isECIESEncrypted(obj: unknown): obj is ECIESEncrypted {\n  if (!obj || typeof obj !== \"object\") return false;\n  const enc = obj as Record<string, unknown>;\n\n  const isUint8Array = (value: unknown): value is Uint8Array => {\n    return (\n      value instanceof Uint8Array ||\n      (typeof Buffer !== \"undefined\" && Buffer.isBuffer(value))\n    );\n  };\n\n  return (\n    isUint8Array(enc.iv) &&\n    enc.iv.length === CIPHER.IV_LENGTH &&\n    isUint8Array(enc.ephemPublicKey) &&\n    (enc.ephemPublicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH ||\n      enc.ephemPublicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) &&\n    isUint8Array(enc.ciphertext) &&\n    enc.ciphertext.length > 0 &&\n    isUint8Array(enc.mac) &&\n    enc.mac.length === MAC.LENGTH\n  );\n}\n\n/**\n * Serializes ECIESEncrypted to hex string for storage or transmission.\n *\n * @param encrypted - Encrypted data structure from `encrypt()`.\n * @returns Hex string representation.\n *\n * @example\n * ```typescript\n * const hexString = serializeECIES(encrypted);\n * // Store hexString in database or send over network\n * ```\n */\nexport function serializeECIES(encrypted: ECIESEncrypted): string {\n  const combined = new Uint8Array(\n    encrypted.iv.length +\n      encrypted.ephemPublicKey.length +\n      encrypted.ciphertext.length +\n      encrypted.mac.length,\n  );\n\n  let offset = 0;\n  combined.set(encrypted.iv, offset);\n  offset += encrypted.iv.length;\n  combined.set(encrypted.ephemPublicKey, offset);\n  offset += encrypted.ephemPublicKey.length;\n  combined.set(encrypted.ciphertext, offset);\n  offset += encrypted.ciphertext.length;\n  combined.set(encrypted.mac, offset);\n\n  return Array.from(combined)\n    .map((b) => b.toString(16).padStart(2, \"0\"))\n    .join(\"\");\n}\n\n/**\n * Deserializes hex string to ECIESEncrypted structure.\n *\n * @param hex - Hex string from `serializeECIES()` or storage.\n * @returns ECIESEncrypted structure ready for decryption.\n * @throws {ECIESError} When hex string format is invalid.\n *   Verify the hex string is complete and uncorrupted.\n *\n * @example\n * ```typescript\n * const encrypted = deserializeECIES(hexString);\n * const decrypted = await provider.decrypt(privateKey, encrypted);\n * ```\n */\nexport function deserializeECIES(hex: string): ECIESEncrypted {\n  const bytes = new Uint8Array(hex.length / 2);\n  for (let i = 0; i < hex.length; i += 2) {\n    bytes[i / 2] = parseInt(hex.substr(i, 2), 16);\n  }\n\n  // Determine ephemPublicKey size based on prefix\n  const ephemKeySize =\n    bytes[FORMAT.EPHEMERAL_KEY_OFFSET] === CURVE.PREFIX.UNCOMPRESSED\n      ? CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH\n      : CURVE.COMPRESSED_PUBLIC_KEY_LENGTH;\n\n  const minLength = FORMAT.IV_LENGTH + ephemKeySize + MAC.LENGTH + 1; // +1 for at least 1 byte of ciphertext\n  if (bytes.length < minLength) {\n    throw new ECIESError(\"Invalid ECIES data: too short\", \"DECRYPTION_FAILED\");\n  }\n\n  return {\n    iv: bytes.subarray(FORMAT.IV_OFFSET, FORMAT.IV_OFFSET + FORMAT.IV_LENGTH),\n    ephemPublicKey: bytes.subarray(\n      FORMAT.EPHEMERAL_KEY_OFFSET,\n      FORMAT.EPHEMERAL_KEY_OFFSET + ephemKeySize,\n    ),\n    ciphertext: bytes.subarray(\n      FORMAT.EPHEMERAL_KEY_OFFSET + ephemKeySize,\n      bytes.length - MAC.LENGTH,\n    ),\n    mac: bytes.subarray(bytes.length - MAC.LENGTH),\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAcA,uBAA2C;AA4HpC,MAAM,mBAAmB,MAAM;AAAA,EACpC,YACE,SACgB,MAMS,OACzB;AACA,UAAM,OAAO;AARG;AAMS;AAGzB,SAAK,OAAO;AAAA,EACd;AACF;AAeO,SAAS,iBAAiB,KAAqC;AACpE,MAAI,CAAC,OAAO,OAAO,QAAQ,SAAU,QAAO;AAC5C,QAAM,MAAM;AAEZ,QAAM,eAAe,CAAC,UAAwC;AAC5D,WACE,iBAAiB,cAChB,OAAO,WAAW,eAAe,OAAO,SAAS,KAAK;AAAA,EAE3D;AAEA,SACE,aAAa,IAAI,EAAE,KACnB,IAAI,GAAG,WAAW,wBAAO,aACzB,aAAa,IAAI,cAAc,MAC9B,IAAI,eAAe,WAAW,uBAAM,kCACnC,IAAI,eAAe,WAAW,uBAAM,iCACtC,aAAa,IAAI,UAAU,KAC3B,IAAI,WAAW,SAAS,KACxB,aAAa,IAAI,GAAG,KACpB,IAAI,IAAI,WAAW,qBAAI;AAE3B;AAcO,SAAS,eAAe,WAAmC;AAChE,QAAM,WAAW,IAAI;AAAA,IACnB,UAAU,GAAG,SACX,UAAU,eAAe,SACzB,UAAU,WAAW,SACrB,UAAU,IAAI;AAAA,EAClB;AAEA,MAAI,SAAS;AACb,WAAS,IAAI,UAAU,IAAI,MAAM;AACjC,YAAU,UAAU,GAAG;AACvB,WAAS,IAAI,UAAU,gBAAgB,MAAM;AAC7C,YAAU,UAAU,eAAe;AACnC,WAAS,IAAI,UAAU,YAAY,MAAM;AACzC,YAAU,UAAU,WAAW;AAC/B,WAAS,IAAI,UAAU,KAAK,MAAM;AAElC,SAAO,MAAM,KAAK,QAAQ,EACvB,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAC1C,KAAK,EAAE;AACZ;AAgBO,SAAS,iBAAiB,KAA6B;AAC5D,QAAM,QAAQ,IAAI,WAAW,IAAI,SAAS,CAAC;AAC3C,WAAS,IAAI,GAAG,IAAI,IAAI,QAAQ,KAAK,GAAG;AACtC,UAAM,IAAI,CAAC,IAAI,SAAS,IAAI,OAAO,GAAG,CAAC,GAAG,EAAE;AAAA,EAC9C;AAGA,QAAM,eACJ,MAAM,wBAAO,oBAAoB,MAAM,uBAAM,OAAO,eAChD,uBAAM,iCACN,uBAAM;AAEZ,QAAM,YAAY,wBAAO,YAAY,eAAe,qBAAI,SAAS;AACjE,MAAI,MAAM,SAAS,WAAW;AAC5B,UAAM,IAAI,WAAW,iCAAiC,mBAAmB;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI,MAAM,SAAS,wBAAO,WAAW,wBAAO,YAAY,wBAAO,SAAS;AAAA,IACxE,gBAAgB,MAAM;AAAA,MACpB,wBAAO;AAAA,MACP,wBAAO,uBAAuB;AAAA,IAChC;AAAA,IACA,YAAY,MAAM;AAAA,MAChB,wBAAO,uBAAuB;AAAA,MAC9B,MAAM,SAAS,qBAAI;AAAA,IACrB;AAAA,IACA,KAAK,MAAM,SAAS,MAAM,SAAS,qBAAI,MAAM;AAAA,EAC/C;AACF;","names":[]}
+{"version":3,"sources":["../../../src/crypto/ecies/interface.ts"],"sourcesContent":["/**\n * ECIES (Elliptic Curve Integrated Encryption Scheme) Interface\n *\n * @remarks\n * Defines the contract for platform-specific ECIES implementations.\n * All implementations maintain compatibility with the eccrypto format to ensure\n * backward compatibility with existing encrypted data.\n *\n * **Format specification:**\n * `[iv (16 bytes)][ephemPublicKey (65 bytes)][ciphertext (variable)][mac (32 bytes)]`\n *\n * @category Cryptography\n */\n\nimport { CIPHER, CURVE, MAC, FORMAT } from \"./constants\";\nimport { fromHex, toHex } from \"viem\";\n\n/**\n * Represents ECIES encrypted data in eccrypto-compatible format.\n *\n * @remarks\n * This structure maintains backward compatibility with data encrypted using\n * the legacy eccrypto library.\n */\nexport interface ECIESEncrypted {\n  /** Initialization vector (16 bytes) */\n  iv: Uint8Array;\n  /** Ephemeral public key (65 bytes uncompressed) */\n  ephemPublicKey: Uint8Array;\n  /** Encrypted data */\n  ciphertext: Uint8Array;\n  /** Message authentication code (32 bytes) */\n  mac: Uint8Array;\n}\n\n/**\n * Provides ECIES encryption and decryption operations.\n *\n * @remarks\n * Platform-specific implementations handle the underlying cryptographic primitives\n * while maintaining consistent data format across environments.\n *\n * @category Cryptography\n */\nexport interface ECIESProvider {\n  /**\n   * Encrypts data using ECIES with secp256k1.\n   *\n   * @param publicKey - Recipient's public key (65 bytes uncompressed or 33 bytes compressed).\n   *   Obtain via `vana.server.getIdentity(userAddress).public_key`.\n   * @param message - Data to encrypt.\n   * @returns Encrypted data structure compatible with eccrypto format.\n   * @throws {ECIESError} When public key is invalid.\n   *   Verify key format matches secp256k1 requirements.\n   *\n   * @example\n   * ```typescript\n   * const encrypted = await provider.encrypt(\n   *   fromHex(publicKey, 'bytes'),\n   *   new TextEncoder().encode('sensitive data')\n   * );\n   * ```\n   */\n  encrypt(publicKey: Uint8Array, message: Uint8Array): Promise<ECIESEncrypted>;\n\n  /**\n   * Decrypts ECIES encrypted data.\n   *\n   * @param privateKey - Recipient's private key (32 bytes).\n   * @param encrypted - Encrypted data structure from `encrypt()` or legacy eccrypto.\n   * @returns Decrypted message as Uint8Array.\n   * @throws {ECIESError} When MAC verification fails.\n   *   Ensure the private key matches the public key used for encryption.\n   *\n   * @example\n   * ```typescript\n   * const decrypted = await provider.decrypt(\n   *   fromHex(privateKey, 'bytes'),\n   *   encrypted\n   * );\n   * const message = new TextDecoder().decode(decrypted);\n   * ```\n   */\n  decrypt(\n    privateKey: Uint8Array,\n    encrypted: ECIESEncrypted,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   *\n   * @remarks\n   * Strict policy: Only accepts properly formatted compressed (33 bytes) or\n   * uncompressed (65 bytes) public keys. Does not accept 64-byte raw coordinates\n   * to ensure data integrity and prevent masking of malformed inputs.\n   *\n   * @param publicKey - Public key in compressed or uncompressed format\n   * @returns Normalized uncompressed public key (65 bytes with 0x04 prefix)\n   * @throws {Error} When public key format is invalid, including raw coordinates (64 bytes)\n   * @throws {Error} When decompression of compressed key fails\n   *\n   * @example\n   * ```typescript\n   * // Compressed key (33 bytes)\n   * const compressed = new Uint8Array(33);\n   * compressed[0] = 0x02;\n   * const uncompressed = provider.normalizeToUncompressed(compressed);\n   * console.log(uncompressed.length); // 65\n   * console.log(uncompressed[0]); // 0x04\n   *\n   * // Already uncompressed (65 bytes)\n   * const already = provider.normalizeToUncompressed(uncompressedKey);\n   * console.log(already === uncompressedKey); // true (returns same reference)\n   *\n   * // Raw coordinates rejected (64 bytes)\n   * const raw = new Uint8Array(64);\n   * provider.normalizeToUncompressed(raw); // Throws error\n   * ```\n   */\n  normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n}\n\n/**\n * Configures ECIES operation behavior.\n */\nexport interface ECIESOptions {\n  /** Use compressed public keys (33 bytes) instead of uncompressed (65 bytes) */\n  useCompressed?: boolean;\n}\n\n/**\n * Represents failures in ECIES cryptographic operations.\n *\n * @remarks\n * Provides specific error codes to help identify and recover from\n * different failure scenarios.\n *\n * @category Errors\n */\nexport class ECIESError extends Error {\n  constructor(\n    message: string,\n    public readonly code:\n      | \"INVALID_KEY\"\n      | \"ENCRYPTION_FAILED\"\n      | \"DECRYPTION_FAILED\"\n      | \"MAC_MISMATCH\"\n      | \"ECDH_FAILED\",\n    public override readonly cause?: Error,\n  ) {\n    super(message);\n    this.name = \"ECIESError\";\n  }\n}\n\n/**\n * Validates if an object conforms to the ECIESEncrypted structure.\n *\n * @param obj - Object to validate.\n * @returns `true` if object is a valid ECIESEncrypted structure.\n *\n * @example\n * ```typescript\n * if (isECIESEncrypted(data)) {\n *   const decrypted = await provider.decrypt(privateKey, data);\n * }\n * ```\n */\nexport function isECIESEncrypted(obj: unknown): obj is ECIESEncrypted {\n  if (!obj || typeof obj !== \"object\") return false;\n  const enc = obj as Record<string, unknown>;\n\n  const isUint8Array = (value: unknown): value is Uint8Array => {\n    return (\n      value instanceof Uint8Array ||\n      (typeof Buffer !== \"undefined\" && Buffer.isBuffer(value))\n    );\n  };\n\n  return (\n    isUint8Array(enc.iv) &&\n    enc.iv.length === CIPHER.IV_LENGTH &&\n    isUint8Array(enc.ephemPublicKey) &&\n    (enc.ephemPublicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH ||\n      enc.ephemPublicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) &&\n    isUint8Array(enc.ciphertext) &&\n    enc.ciphertext.length > 0 &&\n    isUint8Array(enc.mac) &&\n    enc.mac.length === MAC.LENGTH\n  );\n}\n\n/**\n * Serializes ECIESEncrypted to hex string for storage or transmission.\n *\n * @param encrypted - Encrypted data structure from `encrypt()`.\n * @returns Hex string representation.\n *\n * @example\n * ```typescript\n * const hexString = serializeECIES(encrypted);\n * // Store hexString in database or send over network\n * ```\n */\nexport function serializeECIES(encrypted: ECIESEncrypted): string {\n  const combined = new Uint8Array(\n    encrypted.iv.length +\n      encrypted.ephemPublicKey.length +\n      encrypted.ciphertext.length +\n      encrypted.mac.length,\n  );\n\n  let offset = 0;\n  combined.set(encrypted.iv, offset);\n  offset += encrypted.iv.length;\n  combined.set(encrypted.ephemPublicKey, offset);\n  offset += encrypted.ephemPublicKey.length;\n  combined.set(encrypted.ciphertext, offset);\n  offset += encrypted.ciphertext.length;\n  combined.set(encrypted.mac, offset);\n\n  return toHex(combined).slice(2);\n}\n\n/**\n * Deserializes hex string to ECIESEncrypted structure.\n *\n * @param hex - Hex string from `serializeECIES()` or storage.\n * @returns ECIESEncrypted structure ready for decryption.\n * @throws {ECIESError} When hex string format is invalid.\n *   Verify the hex string is complete and uncorrupted.\n *\n * @example\n * ```typescript\n * const encrypted = deserializeECIES(hexString);\n * const decrypted = await provider.decrypt(privateKey, encrypted);\n * ```\n */\nexport function deserializeECIES(hex: string): ECIESEncrypted {\n  const hexWithPrefix = hex.startsWith(\"0x\") ? hex : `0x${hex}`;\n  const bytes = fromHex(hexWithPrefix as `0x${string}`, \"bytes\");\n\n  // Determine ephemPublicKey size based on prefix\n  const ephemKeySize =\n    bytes[FORMAT.EPHEMERAL_KEY_OFFSET] === CURVE.PREFIX.UNCOMPRESSED\n      ? CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH\n      : CURVE.COMPRESSED_PUBLIC_KEY_LENGTH;\n\n  const minLength = FORMAT.IV_LENGTH + ephemKeySize + MAC.LENGTH + 1; // +1 for at least 1 byte of ciphertext\n  if (bytes.length < minLength) {\n    throw new ECIESError(\"Invalid ECIES data: too short\", \"DECRYPTION_FAILED\");\n  }\n\n  return {\n    iv: bytes.subarray(FORMAT.IV_OFFSET, FORMAT.IV_OFFSET + FORMAT.IV_LENGTH),\n    ephemPublicKey: bytes.subarray(\n      FORMAT.EPHEMERAL_KEY_OFFSET,\n      FORMAT.EPHEMERAL_KEY_OFFSET + ephemKeySize,\n    ),\n    ciphertext: bytes.subarray(\n      FORMAT.EPHEMERAL_KEY_OFFSET + ephemKeySize,\n      bytes.length - MAC.LENGTH,\n    ),\n    mac: bytes.subarray(bytes.length - MAC.LENGTH),\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAcA,uBAA2C;AAC3C,kBAA+B;AA4HxB,MAAM,mBAAmB,MAAM;AAAA,EACpC,YACE,SACgB,MAMS,OACzB;AACA,UAAM,OAAO;AARG;AAMS;AAGzB,SAAK,OAAO;AAAA,EACd;AACF;AAeO,SAAS,iBAAiB,KAAqC;AACpE,MAAI,CAAC,OAAO,OAAO,QAAQ,SAAU,QAAO;AAC5C,QAAM,MAAM;AAEZ,QAAM,eAAe,CAAC,UAAwC;AAC5D,WACE,iBAAiB,cAChB,OAAO,WAAW,eAAe,OAAO,SAAS,KAAK;AAAA,EAE3D;AAEA,SACE,aAAa,IAAI,EAAE,KACnB,IAAI,GAAG,WAAW,wBAAO,aACzB,aAAa,IAAI,cAAc,MAC9B,IAAI,eAAe,WAAW,uBAAM,kCACnC,IAAI,eAAe,WAAW,uBAAM,iCACtC,aAAa,IAAI,UAAU,KAC3B,IAAI,WAAW,SAAS,KACxB,aAAa,IAAI,GAAG,KACpB,IAAI,IAAI,WAAW,qBAAI;AAE3B;AAcO,SAAS,eAAe,WAAmC;AAChE,QAAM,WAAW,IAAI;AAAA,IACnB,UAAU,GAAG,SACX,UAAU,eAAe,SACzB,UAAU,WAAW,SACrB,UAAU,IAAI;AAAA,EAClB;AAEA,MAAI,SAAS;AACb,WAAS,IAAI,UAAU,IAAI,MAAM;AACjC,YAAU,UAAU,GAAG;AACvB,WAAS,IAAI,UAAU,gBAAgB,MAAM;AAC7C,YAAU,UAAU,eAAe;AACnC,WAAS,IAAI,UAAU,YAAY,MAAM;AACzC,YAAU,UAAU,WAAW;AAC/B,WAAS,IAAI,UAAU,KAAK,MAAM;AAElC,aAAO,mBAAM,QAAQ,EAAE,MAAM,CAAC;AAChC;AAgBO,SAAS,iBAAiB,KAA6B;AAC5D,QAAM,gBAAgB,IAAI,WAAW,IAAI,IAAI,MAAM,KAAK,GAAG;AAC3D,QAAM,YAAQ,qBAAQ,eAAgC,OAAO;AAG7D,QAAM,eACJ,MAAM,wBAAO,oBAAoB,MAAM,uBAAM,OAAO,eAChD,uBAAM,iCACN,uBAAM;AAEZ,QAAM,YAAY,wBAAO,YAAY,eAAe,qBAAI,SAAS;AACjE,MAAI,MAAM,SAAS,WAAW;AAC5B,UAAM,IAAI,WAAW,iCAAiC,mBAAmB;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI,MAAM,SAAS,wBAAO,WAAW,wBAAO,YAAY,wBAAO,SAAS;AAAA,IACxE,gBAAgB,MAAM;AAAA,MACpB,wBAAO;AAAA,MACP,wBAAO,uBAAuB;AAAA,IAChC;AAAA,IACA,YAAY,MAAM;AAAA,MAChB,wBAAO,uBAAuB;AAAA,MAC9B,MAAM,SAAS,qBAAI;AAAA,IACrB;AAAA,IACA,KAAK,MAAM,SAAS,MAAM,SAAS,qBAAI,MAAM;AAAA,EAC/C;AACF;","names":[]}