@optimystic/quereus-plugin-crypto 0.2.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/README.md +279 -279
  2. package/dist/index.js +27 -59
  3. package/dist/index.js.map +1 -1
  4. package/dist/plugin.d.ts +20 -12
  5. package/dist/plugin.js +32 -30
  6. package/dist/plugin.js.map +1 -1
  7. package/package.json +82 -70
  8. package/src/crypto.ts +15 -20
  9. package/src/digest.ts +4 -4
  10. package/src/plugin.ts +93 -87
  11. package/src/sign.ts +16 -26
  12. package/src/signature-valid.ts +15 -32
package/dist/index.js CHANGED
@@ -1,10 +1,10 @@
1
- import { sha512, sha256 } from '@noble/hashes/sha2';
2
- import { blake3 } from '@noble/hashes/blake3';
3
- import { concatBytes, utf8ToBytes } from '@noble/hashes/utils';
4
- import { secp256k1 } from '@noble/curves/secp256k1';
5
- import { p256 } from '@noble/curves/nist';
6
- import { ed25519 } from '@noble/curves/ed25519';
7
- import { hexToBytes, bytesToHex } from '@noble/curves/abstract/utils';
1
+ import { sha512, sha256 } from '@noble/hashes/sha2.js';
2
+ import { blake3 } from '@noble/hashes/blake3.js';
3
+ import { concatBytes, utf8ToBytes } from '@noble/hashes/utils.js';
4
+ import { secp256k1 } from '@noble/curves/secp256k1.js';
5
+ import { p256 } from '@noble/curves/nist.js';
6
+ import { ed25519 } from '@noble/curves/ed25519.js';
7
+ import { hexToBytes, bytesToHex } from '@noble/curves/utils.js';
8
8
  import { fromString, toString } from 'uint8arrays';
9
9
 
10
10
  // src/crypto.ts
@@ -81,20 +81,15 @@ function sign(data, privateKey, curve = "secp256k1", inputEncoding = "base64url"
81
81
  const keyBytes = toBytes(privateKey, keyEncoding);
82
82
  let sigBytes;
83
83
  switch (curve) {
84
- case "secp256k1": {
85
- const sig = secp256k1.sign(dataBytes, keyBytes, { lowS: true });
86
- sigBytes = sig.toCompactRawBytes();
84
+ case "secp256k1":
85
+ sigBytes = secp256k1.sign(dataBytes, keyBytes, { lowS: true });
87
86
  break;
88
- }
89
- case "p256": {
90
- const sig = p256.sign(dataBytes, keyBytes, { lowS: true });
91
- sigBytes = sig.toCompactRawBytes();
87
+ case "p256":
88
+ sigBytes = p256.sign(dataBytes, keyBytes, { lowS: true });
92
89
  break;
93
- }
94
- case "ed25519": {
90
+ case "ed25519":
95
91
  sigBytes = ed25519.sign(dataBytes, keyBytes);
96
92
  break;
97
- }
98
93
  default:
99
94
  throw new Error(`Unsupported curve: ${curve}`);
100
95
  }
@@ -132,13 +127,13 @@ function generatePrivateKey(curve = "secp256k1", encoding = "base64url") {
132
127
  let keyBytes;
133
128
  switch (curve) {
134
129
  case "secp256k1":
135
- keyBytes = secp256k1.utils.randomPrivateKey();
130
+ keyBytes = secp256k1.utils.randomSecretKey();
136
131
  break;
137
132
  case "p256":
138
- keyBytes = p256.utils.randomPrivateKey();
133
+ keyBytes = p256.utils.randomSecretKey();
139
134
  break;
140
135
  case "ed25519":
141
- keyBytes = ed25519.utils.randomPrivateKey();
136
+ keyBytes = ed25519.utils.randomSecretKey();
142
137
  break;
143
138
  default:
144
139
  throw new Error(`Unsupported curve: ${curve}`);
@@ -260,25 +255,15 @@ function normalizeDigest(digest2) {
260
255
  function formatSignature(signature, format, curve) {
261
256
  switch (format) {
262
257
  case "uint8array":
263
- if (curve === "ed25519") {
264
- return signature;
265
- }
266
- return signature.toCompactRawBytes();
267
- case "hex":
268
- if (curve === "ed25519") {
269
- return bytesToHex(signature);
270
- }
271
- return signature.toCompactHex();
272
258
  case "compact":
273
- if (curve === "ed25519") {
274
- return signature;
275
- }
276
- return signature.toCompactRawBytes();
259
+ return signature;
260
+ case "hex":
261
+ return bytesToHex(signature);
277
262
  case "der":
278
263
  if (curve === "ed25519") {
279
264
  throw new Error("DER format not supported for ed25519");
280
265
  }
281
- return signature.toCompactRawBytes();
266
+ return signature;
282
267
  default:
283
268
  throw new Error(`Unsupported signature format: ${format}`);
284
269
  }
@@ -331,11 +316,11 @@ Sign.ed25519 = (digest2, privateKey, options = {}) => {
331
316
  Sign.generatePrivateKey = (curve = "secp256k1") => {
332
317
  switch (curve) {
333
318
  case "secp256k1":
334
- return secp256k1.utils.randomPrivateKey();
319
+ return secp256k1.utils.randomSecretKey();
335
320
  case "p256":
336
- return p256.utils.randomPrivateKey();
321
+ return p256.utils.randomSecretKey();
337
322
  case "ed25519":
338
- return ed25519.utils.randomPrivateKey();
323
+ return ed25519.utils.randomSecretKey();
339
324
  default:
340
325
  throw new Error(`Unsupported curve: ${curve}`);
341
326
  }
@@ -379,28 +364,11 @@ function parseSignature(signature, format, curve) {
379
364
  if (curve === "ed25519") {
380
365
  return signature;
381
366
  }
382
- switch (format) {
383
- case "compact":
384
- if (curve === "secp256k1") {
385
- return secp256k1.Signature.fromCompact(signature);
386
- } else if (curve === "p256") {
387
- return p256.Signature.fromCompact(signature);
388
- }
389
- break;
390
- case "der":
391
- if (curve === "secp256k1") {
392
- return secp256k1.Signature.fromDER(signature);
393
- } else if (curve === "p256") {
394
- return p256.Signature.fromDER(signature);
395
- }
396
- break;
397
- case "raw":
398
- if (curve === "secp256k1") {
399
- return secp256k1.Signature.fromCompact(signature);
400
- } else if (curve === "p256") {
401
- return p256.Signature.fromCompact(signature);
402
- }
403
- break;
367
+ const sigFormat = format === "raw" ? "compact" : format;
368
+ if (curve === "secp256k1") {
369
+ return secp256k1.Signature.fromBytes(signature, sigFormat).toBytes();
370
+ } else if (curve === "p256") {
371
+ return p256.Signature.fromBytes(signature, sigFormat).toBytes();
404
372
  }
405
373
  throw new Error(`Failed to parse signature for curve ${curve} with format ${format}`);
406
374
  }
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/crypto.ts","../src/digest.ts","../src/sign.ts","../src/signature-valid.ts"],"names":["uint8ArrayFromString","uint8ArrayToString","utf8ToBytes","sha256","sha512","blake3","concatBytes","hexToBytes","digest","bytesToHex","secp256k1","p256","ed25519"],"mappings":";;;;;;;;;;AAwBA,SAAS,OAAA,CAAQ,KAAA,EAA+C,QAAA,GAAqB,WAAA,EAAyB;AAC7G,EAAA,IAAI,KAAA,KAAU,IAAA,IAAQ,KAAA,KAAU,MAAA,EAAW;AAC1C,IAAA,OAAO,IAAI,WAAW,CAAC,CAAA;AAAA,EACxB;AAEA,EAAA,IAAI,iBAAiB,UAAA,EAAY;AAChC,IAAA,OAAO,KAAA;AAAA,EACR;AAEA,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC9B,IAAA,QAAQ,QAAA;AAAU,MACjB,KAAK,WAAA;AACJ,QAAA,OAAOA,UAAA,CAAqB,OAAO,WAAW,CAAA;AAAA,MAC/C,KAAK,QAAA;AACJ,QAAA,OAAOA,UAAA,CAAqB,OAAO,QAAQ,CAAA;AAAA,MAC5C,KAAK,KAAA;AACJ,QAAA,OAAO,WAAW,KAAK,CAAA;AAAA,MACxB,KAAK,MAAA;AACJ,QAAA,OAAO,YAAY,KAAK,CAAA;AAAA,MACzB;AACC,QAAA,OAAOA,UAAA,CAAqB,OAAO,WAAW,CAAA;AAAA;AAChD,EACD;AAEA,EAAA,MAAM,IAAI,MAAM,oBAAoB,CAAA;AACrC;AAKA,SAAS,SAAA,CAAU,KAAA,EAAmB,QAAA,GAAqB,WAAA,EAAkC;AAC5F,EAAA,QAAQ,QAAA;AAAU,IACjB,KAAK,WAAA;AACJ,MAAA,OAAOC,QAAA,CAAmB,OAAO,WAAW,CAAA;AAAA,IAC7C,KAAK,QAAA;AACJ,MAAA,OAAOA,QAAA,CAAmB,OAAO,QAAQ,CAAA;AAAA,IAC1C,KAAK,KAAA;AACJ,MAAA,OAAO,WAAW,KAAK,CAAA;AAAA,IACxB,KAAK,MAAA;AACJ,MAAA,OAAOA,QAAA,CAAmB,OAAO,MAAM,CAAA;AAAA,IACxC,KAAK,OAAA;AACJ,MAAA,OAAO,KAAA;AAAA,IACR;AACC,MAAA,OAAOA,QAAA,CAAmB,OAAO,WAAW,CAAA;AAAA;AAE/C;AAuBO,SAAS,OACf,IAAA,EACA,SAAA,GAA2B,UAC3B,aAAA,GAA0B,WAAA,EAC1B,iBAA2B,WAAA,EACL;AACtB,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,IAAA,EAAM,aAAa,CAAA;AAEzC,EAAA,IAAI,SAAA;AACJ,EAAA,QAAQ,SAAA;AAAW,IAClB,KAAK,QAAA;AACJ,MAAA,SAAA,GAAY,OAAO,KAAK,CAAA;AACxB,MAAA;AAAA,IACD,KAAK,QAAA;AACJ,MAAA,SAAA,GAAY,OAAO,KAAK,CAAA;AACxB,MAAA;AAAA,IACD,KAAK,QAAA;AACJ,MAAA,SAAA,GAAY,OAAO,KAAK,CAAA;AACxB,MAAA;AAAA,IACD;AACC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,4BAAA,EAA+B,SAAS,CAAA,CAAE,CAAA;AAAA;AAG5D,EAAA,OAAO,SAAA,CAAU,WAAW,cAAc,CAAA;AAC3C;AAqBO,SAAS,QACf,IAAA,EACA,IAAA,EACA,SAAA,GAA2B,QAAA,EAC3B,gBAA0B,WAAA,EACjB;AACT,EAAA,IAAI,IAAA,IAAQ,CAAA,IAAK,IAAA,GAAO,EAAA,EAAI;AAC3B,IAAA,MAAM,IAAI,MAAM,+DAA+D,CAAA;AAAA,EAChF;AAEA,EAAA,MAAM,SAAA,GAAY,QAAQ,MAAA,CAAO,IAAA,EAAM,WAAW,aAAA,EAAe,WAAW,GAAa,WAAW,CAAA;AAGpG,EAAA,MAAM,IAAA,GAAO,IAAI,QAAA,CAAS,SAAA,CAAU,MAAA,EAAQ,SAAA,CAAU,UAAA,EAAY,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,SAAA,CAAU,MAAM,CAAC,CAAA;AAC/F,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,YAAA,CAAa,CAAA,EAAG,KAAK,CAAA;AAG3C,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,CAAC,CAAA,IAAK,OAAO,IAAI,CAAA;AACxC,EAAA,MAAM,SAAS,QAAA,GAAW,OAAA;AAE1B,EAAA,OAAO,OAAO,MAAM,CAAA;AACrB;AAsBO,SAAS,IAAA,CACf,IAAA,EACA,UAAA,EACA,KAAA,GAAmB,WAAA,EACnB,gBAA0B,WAAA,EAC1B,WAAA,GAAwB,WAAA,EACxB,cAAA,GAA2B,WAAA,EACL;AACtB,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,IAAA,EAAM,aAAa,CAAA;AAC7C,EAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,UAAA,EAAY,WAAW,CAAA;AAEhD,EAAA,IAAI,QAAA;AAEJ,EAAA,QAAQ,KAAA;AAAO,IACd,KAAK,WAAA,EAAa;AACjB,MAAA,MAAM,GAAA,GAAM,UAAU,IAAA,CAAK,SAAA,EAAW,UAAU,EAAE,IAAA,EAAM,MAAM,CAAA;AAC9D,MAAA,QAAA,GAAW,IAAI,iBAAA,EAAkB;AACjC,MAAA;AAAA,IACD;AAAA,IACA,KAAK,MAAA,EAAQ;AACZ,MAAA,MAAM,GAAA,GAAM,KAAK,IAAA,CAAK,SAAA,EAAW,UAAU,EAAE,IAAA,EAAM,MAAM,CAAA;AACzD,MAAA,QAAA,GAAW,IAAI,iBAAA,EAAkB;AACjC,MAAA;AAAA,IACD;AAAA,IACA,KAAK,SAAA,EAAW;AACf,MAAA,QAAA,GAAW,OAAA,CAAQ,IAAA,CAAK,SAAA,EAAW,QAAQ,CAAA;AAC3C,MAAA;AAAA,IACD;AAAA,IACA;AACC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,CAAA;AAAA;AAG/C,EAAA,OAAO,SAAA,CAAU,UAAU,cAAc,CAAA;AAC1C;AAuBO,SAAS,MAAA,CACf,IAAA,EACA,SAAA,EACA,SAAA,EACA,KAAA,GAAmB,WAAA,EACnB,aAAA,GAA0B,WAAA,EAC1B,WAAA,GAAwB,WAAA,EACxB,WAAA,GAAwB,WAAA,EACd;AACV,EAAA,IAAI;AACH,IAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,IAAA,EAAM,aAAa,CAAA;AAC7C,IAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,SAAA,EAAW,WAAW,CAAA;AAC/C,IAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,SAAA,EAAW,WAAW,CAAA;AAE/C,IAAA,QAAQ,KAAA;AAAO,MACd,KAAK,WAAA,EAAa;AACjB,QAAA,OAAO,SAAA,CAAU,MAAA,CAAO,QAAA,EAAU,SAAA,EAAW,QAAQ,CAAA;AAAA,MACtD;AAAA,MACA,KAAK,MAAA,EAAQ;AACZ,QAAA,OAAO,IAAA,CAAK,MAAA,CAAO,QAAA,EAAU,SAAA,EAAW,QAAQ,CAAA;AAAA,MACjD;AAAA,MACA,KAAK,SAAA,EAAW;AACf,QAAA,OAAO,OAAA,CAAQ,MAAA,CAAO,QAAA,EAAU,SAAA,EAAW,QAAQ,CAAA;AAAA,MACpD;AAAA,MACA;AACC,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,CAAA;AAAA;AAC/C,EACD,CAAA,CAAA,MAAQ;AACP,IAAA,OAAO,KAAA;AAAA,EACR;AACD;AASO,SAAS,WAAA,CAAY,IAAA,GAAe,GAAA,EAAK,QAAA,GAAqB,WAAA,EAAkC;AACtG,EAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,IAAA,CAAK,IAAA,GAAO,CAAC,CAAA;AAChC,EAAA,MAAM,gBAAA,GAAmB,IAAI,UAAA,CAAW,KAAK,CAAA;AAC7C,EAAA,MAAA,CAAO,gBAAgB,gBAAgB,CAAA;AACvC,EAAA,OAAO,SAAA,CAAU,kBAAkB,QAAQ,CAAA;AAC5C;AAKO,SAAS,kBAAA,CAAmB,KAAA,GAAmB,WAAA,EAAa,QAAA,GAAqB,WAAA,EAAkC;AACzH,EAAA,IAAI,QAAA;AAEJ,EAAA,QAAQ,KAAA;AAAO,IACd,KAAK,WAAA;AACJ,MAAA,QAAA,GAAW,SAAA,CAAU,MAAM,gBAAA,EAAiB;AAC5C,MAAA;AAAA,IACD,KAAK,MAAA;AACJ,MAAA,QAAA,GAAW,IAAA,CAAK,MAAM,gBAAA,EAAiB;AACvC,MAAA;AAAA,IACD,KAAK,SAAA;AACJ,MAAA,QAAA,GAAW,OAAA,CAAQ,MAAM,gBAAA,EAAiB;AAC1C,MAAA;AAAA,IACD;AACC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,CAAA;AAAA;AAG/C,EAAA,OAAO,SAAA,CAAU,UAAU,QAAQ,CAAA;AACpC;AAKO,SAAS,aACf,UAAA,EACA,KAAA,GAAmB,aACnB,WAAA,GAAwB,WAAA,EACxB,iBAA2B,WAAA,EACL;AACtB,EAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,UAAA,EAAY,WAAW,CAAA;AAEhD,EAAA,IAAI,QAAA;AAEJ,EAAA,QAAQ,KAAA;AAAO,IACd,KAAK,WAAA;AACJ,MAAA,QAAA,GAAW,SAAA,CAAU,aAAa,QAAQ,CAAA;AAC1C,MAAA;AAAA,IACD,KAAK,MAAA;AACJ,MAAA,QAAA,GAAW,IAAA,CAAK,aAAa,QAAQ,CAAA;AACrC,MAAA;AAAA,IACD,KAAK,SAAA;AACJ,MAAA,QAAA,GAAW,OAAA,CAAQ,aAAa,QAAQ,CAAA;AACxC,MAAA;AAAA,IACD;AACC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,CAAA;AAAA;AAG/C,EAAA,OAAO,SAAA,CAAU,UAAU,cAAc,CAAA;AAC1C;ACzSA,SAAS,aAAa,KAAA,EAAgC;AACpD,EAAA,IAAI,KAAA,KAAU,IAAA,IAAQ,KAAA,KAAU,MAAA,EAAW;AACzC,IAAA,OAAO,IAAI,WAAW,CAAC,CAAA;AAAA,EACzB;AAEA,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,IAAA,OAAOC,YAAY,KAAK,CAAA;AAAA,EAC1B;AAEA,EAAA,IAAI,iBAAiB,UAAA,EAAY;AAC/B,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAE7B,IAAA,MAAM,MAAA,GAAS,IAAI,WAAA,CAAY,CAAC,CAAA;AAChC,IAAA,MAAM,IAAA,GAAO,IAAI,QAAA,CAAS,MAAM,CAAA;AAChC,IAAA,IAAA,CAAK,UAAA,CAAW,CAAA,EAAG,KAAA,EAAO,KAAK,CAAA;AAC/B,IAAA,OAAO,IAAI,WAAW,MAAM,CAAA;AAAA,EAC9B;AAEA,EAAA,IAAI,OAAO,UAAU,SAAA,EAAW;AAC9B,IAAA,OAAO,IAAI,UAAA,CAAW,CAAC,KAAA,GAAQ,CAAA,GAAI,CAAC,CAAC,CAAA;AAAA,EACvC;AAGA,EAAA,OAAOA,WAAAA,CAAY,MAAA,CAAO,KAAK,CAAC,CAAA;AAClC;AAKA,SAAS,gBAAgB,SAAA,EAA4D;AACnF,EAAA,QAAQ,SAAA;AAAW,IACjB,KAAK,QAAA;AACH,MAAA,OAAOC,MAAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAOC,MAAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAOC,MAAAA;AAAA,IACT;AACE,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,4BAAA,EAA+B,SAAS,CAAA,CAAE,CAAA;AAAA;AAEhE;AAuBO,SAAS,UAAU,IAAA,EAAiC;AACzD,EAAA,OAAO,iBAAA,CAAkB,EAAE,SAAA,EAAW,QAAA,EAAU,QAAQ,YAAA,EAAa,EAAG,GAAG,IAAI,CAAA;AACjF;AAKO,SAAS,iBAAA,CAAkB,YAA2B,IAAA,EAA0C;AACrG,EAAA,MAAM,SAAA,GAAY,QAAQ,SAAA,IAAa,QAAA;AACvC,EAAA,MAAM,MAAA,GAAS,QAAQ,MAAA,IAAU,YAAA;AAGjC,EAAA,MAAM,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,YAAY,CAAA;AACxC,EAAA,MAAM,QAAA,GAAWC,WAAAA,CAAY,GAAG,UAAU,CAAA;AAG1C,EAAA,MAAM,YAAA,GAAe,gBAAgB,SAAS,CAAA;AAC9C,EAAA,MAAM,IAAA,GAAO,aAAa,QAAQ,CAAA;AAGlC,EAAA,IAAI,WAAW,KAAA,EAAO;AACpB,IAAA,OAAO,MAAM,IAAA,CAAK,IAAI,CAAA,CACnB,GAAA,CAAI,OAAK,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CACxC,KAAK,EAAE,CAAA;AAAA,EACZ;AAEA,EAAA,OAAO,IAAA;AACT;AAKA,MAAA,CAAO,WAAA,GAAc,CAAC,OAAA,KAA2B;AAC/C,EAAA,OAAO,CAAA,GAAI,IAAA,KAAwB,iBAAA,CAAkB,OAAA,EAAS,GAAG,IAAI,CAAA;AACvE,CAAA;AAKA,MAAA,CAAO,MAAA,GAAS,IAAI,IAAA,KAAoC;AACtD,EAAA,OAAO,kBAAkB,EAAE,SAAA,EAAW,QAAA,EAAS,EAAG,GAAG,IAAI,CAAA;AAC3D,CAAA;AAEA,MAAA,CAAO,MAAA,GAAS,IAAI,IAAA,KAAoC;AACtD,EAAA,OAAO,kBAAkB,EAAE,SAAA,EAAW,QAAA,EAAS,EAAG,GAAG,IAAI,CAAA;AAC3D,CAAA;AAEA,MAAA,CAAO,MAAA,GAAS,IAAI,IAAA,KAAoC;AACtD,EAAA,OAAO,kBAAkB,EAAE,SAAA,EAAW,QAAA,EAAS,EAAG,GAAG,IAAI,CAAA;AAC3D,CAAA;AAKA,MAAA,CAAO,GAAA,GAAM,IAAI,IAAA,KAAgC;AAC/C,EAAA,OAAO,iBAAA,CAAkB,EAAE,SAAA,EAAW,QAAA,EAAU,QAAQ,KAAA,EAAM,EAAG,GAAG,IAAI,CAAA;AAC1E,CAAA;AAEA,MAAA,CAAO,SAAA,GAAY,IAAI,IAAA,KAAgC;AACrD,EAAA,OAAO,iBAAA,CAAkB,EAAE,SAAA,EAAW,QAAA,EAAU,QAAQ,KAAA,EAAM,EAAG,GAAG,IAAI,CAAA;AAC1E,CAAA;AAEA,MAAA,CAAO,SAAA,GAAY,IAAI,IAAA,KAAgC;AACrD,EAAA,OAAO,iBAAA,CAAkB,EAAE,SAAA,EAAW,QAAA,EAAU,QAAQ,KAAA,EAAM,EAAG,GAAG,IAAI,CAAA;AAC1E,CAAA;AAEA,MAAA,CAAO,SAAA,GAAY,IAAI,IAAA,KAAgC;AACrD,EAAA,OAAO,iBAAA,CAAkB,EAAE,SAAA,EAAW,QAAA,EAAU,QAAQ,KAAA,EAAM,EAAG,GAAG,IAAI,CAAA;AAC1E,CAAA;ACxHA,SAAS,oBAAoB,UAAA,EAAyC;AACpE,EAAA,IAAI,sBAAsB,UAAA,EAAY;AACpC,IAAA,OAAO,UAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,eAAe,QAAA,EAAU;AAElC,IAAA,OAAOC,WAAW,UAAU,CAAA;AAAA,EAC9B;AAEA,EAAA,IAAI,OAAO,eAAe,QAAA,EAAU;AAElC,IAAA,MAAM,MAAM,UAAA,CAAW,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,IAAI,GAAG,CAAA;AACpD,IAAA,OAAOA,WAAW,GAAG,CAAA;AAAA,EACvB;AAEA,EAAA,MAAM,IAAI,MAAM,4BAA4B,CAAA;AAC9C;AAKA,SAAS,gBAAgBC,OAAAA,EAAiC;AACxD,EAAA,IAAIA,mBAAkB,UAAA,EAAY;AAChC,IAAA,OAAOA,OAAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAOA,YAAW,QAAA,EAAU;AAC9B,IAAA,OAAOD,WAAWC,OAAM,CAAA;AAAA,EAC1B;AAEA,EAAA,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACzC;AAKA,SAAS,eAAA,CAAgB,SAAA,EAAgB,MAAA,EAAyB,KAAA,EAAuC;AACvG,EAAA,QAAQ,MAAA;AAAQ,IACd,KAAK,YAAA;AACH,MAAA,IAAI,UAAU,SAAA,EAAW;AACvB,QAAA,OAAO,SAAA;AAAA,MACT;AACA,MAAA,OAAO,UAAU,iBAAA,EAAkB;AAAA,IAErC,KAAK,KAAA;AACH,MAAA,IAAI,UAAU,SAAA,EAAW;AACvB,QAAA,OAAOC,WAAW,SAAS,CAAA;AAAA,MAC7B;AACA,MAAA,OAAO,UAAU,YAAA,EAAa;AAAA,IAEhC,KAAK,SAAA;AACH,MAAA,IAAI,UAAU,SAAA,EAAW;AACvB,QAAA,OAAO,SAAA;AAAA,MACT;AACA,MAAA,OAAO,UAAU,iBAAA,EAAkB;AAAA,IAErC,KAAK,KAAA;AACH,MAAA,IAAI,UAAU,SAAA,EAAW;AACvB,QAAA,MAAM,IAAI,MAAM,sCAAsC,CAAA;AAAA,MACxD;AAGA,MAAA,OAAO,UAAU,iBAAA,EAAkB;AAAA,IAErC;AACE,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,8BAAA,EAAiC,MAAM,CAAA,CAAE,CAAA;AAAA;AAE/D;AA6BO,SAAS,IAAA,CACdD,OAAAA,EACA,UAAA,EACA,OAAA,GAAuB,EAAC,EACH;AACrB,EAAA,MAAM;AAAA,IACJ,KAAA,GAAQ,WAAA;AAAA,IACR,MAAA,GAAS,YAAA;AAAA,IACT,YAAA,GAAe,KAAA;AAAA,IACf,IAAA,GAAO;AAAA,GACT,GAAI,OAAA;AAEJ,EAAA,MAAM,gBAAA,GAAmB,gBAAgBA,OAAM,CAAA;AAC/C,EAAA,MAAM,oBAAA,GAAuB,oBAAoB,UAAU,CAAA;AAE3D,EAAA,IAAI,SAAA;AAEJ,EAAA,QAAQ,KAAA;AAAO,IACb,KAAK,WAAA,EAAa;AAChB,MAAA,MAAM,WAAA,GAAmB,EAAE,IAAA,EAAK;AAChC,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,WAAA,CAAY,YAAA,GAAe,YAAA;AAAA,MAC7B;AACA,MAAA,SAAA,GAAYE,SAAAA,CAAU,IAAA,CAAK,gBAAA,EAAkB,oBAAA,EAAsB,WAAW,CAAA;AAC9E,MAAA;AAAA,IACF;AAAA,IAEA,KAAK,MAAA,EAAQ;AACX,MAAA,MAAM,WAAA,GAAmB,EAAE,IAAA,EAAK;AAChC,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,WAAA,CAAY,YAAA,GAAe,YAAA;AAAA,MAC7B;AACA,MAAA,SAAA,GAAYC,IAAAA,CAAK,IAAA,CAAK,gBAAA,EAAkB,oBAAA,EAAsB,WAAW,CAAA;AACzE,MAAA;AAAA,IACF;AAAA,IAEA,KAAK,SAAA,EAAW;AACd,MAAA,SAAA,GAAYC,OAAAA,CAAQ,IAAA,CAAK,gBAAA,EAAkB,oBAAoB,CAAA;AAC/D,MAAA;AAAA,IACF;AAAA,IAEA;AACE,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,CAAA;AAAA;AAGjD,EAAA,OAAO,eAAA,CAAgB,SAAA,EAAW,MAAA,EAAQ,KAAK,CAAA;AACjD;AAKA,IAAA,CAAK,YAAY,CAACJ,OAAAA,EAAqB,UAAA,EAA6B,OAAA,GAAsC,EAAC,KAAM;AAC/G,EAAA,OAAO,IAAA,CAAKA,SAAQ,UAAA,EAAY,EAAE,GAAG,OAAA,EAAS,KAAA,EAAO,aAAa,CAAA;AACpE,CAAA;AAEA,IAAA,CAAK,OAAO,CAACA,OAAAA,EAAqB,UAAA,EAA6B,OAAA,GAAsC,EAAC,KAAM;AAC1G,EAAA,OAAO,IAAA,CAAKA,SAAQ,UAAA,EAAY,EAAE,GAAG,OAAA,EAAS,KAAA,EAAO,QAAQ,CAAA;AAC/D,CAAA;AAEA,IAAA,CAAK,UAAU,CAACA,OAAAA,EAAqB,UAAA,EAA6B,OAAA,GAAsC,EAAC,KAAM;AAC7G,EAAA,OAAO,IAAA,CAAKA,SAAQ,UAAA,EAAY,EAAE,GAAG,OAAA,EAAS,KAAA,EAAO,WAAW,CAAA;AAClE,CAAA;AAKA,IAAA,CAAK,kBAAA,GAAqB,CAAC,KAAA,GAAmB,WAAA,KAA4B;AACxE,EAAA,QAAQ,KAAA;AAAO,IACb,KAAK,WAAA;AACH,MAAA,OAAOE,SAAAA,CAAU,MAAM,gBAAA,EAAiB;AAAA,IAC1C,KAAK,MAAA;AACH,MAAA,OAAOC,IAAAA,CAAK,MAAM,gBAAA,EAAiB;AAAA,IACrC,KAAK,SAAA;AACH,MAAA,OAAOC,OAAAA,CAAQ,MAAM,gBAAA,EAAiB;AAAA,IACxC;AACE,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,CAAA;AAAA;AAEnD,CAAA;AAKA,IAAA,CAAK,YAAA,GAAe,CAAC,UAAA,EAA6B,KAAA,GAAmB,WAAA,KAA4B;AAC/F,EAAA,MAAM,oBAAA,GAAuB,oBAAoB,UAAU,CAAA;AAE3D,EAAA,QAAQ,KAAA;AAAO,IACb,KAAK,WAAA;AACH,MAAA,OAAOF,SAAAA,CAAU,aAAa,oBAAoB,CAAA;AAAA,IACpD,KAAK,MAAA;AACH,MAAA,OAAOC,IAAAA,CAAK,aAAa,oBAAoB,CAAA;AAAA,IAC/C,KAAK,SAAA;AACH,MAAA,OAAOC,OAAAA,CAAQ,aAAa,oBAAoB,CAAA;AAAA,IAClD;AACE,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,CAAA;AAAA;AAEnD,CAAA;AC5MA,SAAS,eAAe,KAAA,EAA+B;AACrD,EAAA,IAAI,iBAAiB,UAAA,EAAY;AAC/B,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,IAAA,OAAOL,WAAW,KAAK,CAAA;AAAA,EACzB;AAEA,EAAA,MAAM,IAAI,MAAM,0DAA0D,CAAA;AAC5E;AAKA,SAAS,qBAAA,CAAsB,WAAuB,KAAA,EAA6C;AACjG,EAAA,MAAM,SAAS,SAAA,CAAU,MAAA;AAEzB,EAAA,IAAI,UAAU,SAAA,EAAW;AACvB,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IAAI,WAAW,EAAA,EAAI;AACjB,IAAA,OAAO,SAAA;AAAA,EACT;AAEA,EAAA,IAAI,UAAU,EAAA,IAAM,MAAA,IAAU,MAAM,SAAA,CAAU,CAAC,MAAM,EAAA,EAAM;AACzD,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,OAAO,SAAA;AACT;AAKA,SAAS,cAAA,CAAe,SAAA,EAAuB,MAAA,EAAmC,KAAA,EAAuB;AACvG,EAAA,IAAI,UAAU,SAAA,EAAW;AAEvB,IAAA,OAAO,SAAA;AAAA,EACT;AAGA,EAAA,QAAQ,MAAA;AAAQ,IACd,KAAK,SAAA;AACH,MAAA,IAAI,UAAU,WAAA,EAAa;AACzB,QAAA,OAAOG,SAAAA,CAAU,SAAA,CAAU,WAAA,CAAY,SAAS,CAAA;AAAA,MAClD,CAAA,MAAA,IAAW,UAAU,MAAA,EAAQ;AAC3B,QAAA,OAAOC,IAAAA,CAAK,SAAA,CAAU,WAAA,CAAY,SAAS,CAAA;AAAA,MAC7C;AACA,MAAA;AAAA,IAEF,KAAK,KAAA;AACH,MAAA,IAAI,UAAU,WAAA,EAAa;AACzB,QAAA,OAAOD,SAAAA,CAAU,SAAA,CAAU,OAAA,CAAQ,SAAS,CAAA;AAAA,MAC9C,CAAA,MAAA,IAAW,UAAU,MAAA,EAAQ;AAC3B,QAAA,OAAOC,IAAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,SAAS,CAAA;AAAA,MACzC;AACA,MAAA;AAAA,IAEF,KAAK,KAAA;AAEH,MAAA,IAAI,UAAU,WAAA,EAAa;AACzB,QAAA,OAAOD,SAAAA,CAAU,SAAA,CAAU,WAAA,CAAY,SAAS,CAAA;AAAA,MAClD,CAAA,MAAA,IAAW,UAAU,MAAA,EAAQ;AAC3B,QAAA,OAAOC,IAAAA,CAAK,SAAA,CAAU,WAAA,CAAY,SAAS,CAAA;AAAA,MAC7C;AACA,MAAA;AAAA;AAGJ,EAAA,MAAM,IAAI,KAAA,CAAM,CAAA,oCAAA,EAAuC,KAAK,CAAA,aAAA,EAAgB,MAAM,CAAA,CAAE,CAAA;AACtF;AAiCO,SAAS,eACdH,OAAAA,EACA,SAAA,EACA,SAAA,EACA,OAAA,GAAyB,EAAC,EACjB;AACT,EAAA,IAAI;AACF,IAAA,MAAM;AAAA,MACJ,KAAA,GAAQ,WAAA;AAAA,MACR,eAAA;AAAA,MACA;AAAA,KACF,GAAI,OAAA;AAEJ,IAAA,MAAM,gBAAA,GAAmB,eAAeA,OAAM,CAAA;AAC9C,IAAA,MAAM,mBAAA,GAAsB,eAAe,SAAS,CAAA;AACpD,IAAA,MAAM,mBAAA,GAAsB,eAAe,SAAS,CAAA;AAGpD,IAAA,MAAM,cAAA,GAAiB,eAAA,IAAmB,qBAAA,CAAsB,mBAAA,EAAqB,KAAK,CAAA;AAG1F,IAAA,MAAM,eAAA,GAAkB,cAAA,CAAe,mBAAA,EAAqB,cAAA,EAAgB,KAAK,CAAA;AAGjF,IAAA,MAAM,gBAAqB,EAAC;AAG5B,IAAA,IAAI,KAAA,KAAU,SAAA,IAAa,wBAAA,KAA6B,KAAA,CAAA,EAAW;AACjE,MAAA,aAAA,CAAc,OAAO,CAAC,wBAAA;AAAA,IACxB;AAGA,IAAA,QAAQ,KAAA;AAAO,MACb,KAAK,WAAA;AACH,QAAA,OAAOE,SAAAA,CAAU,MAAA,CAAO,eAAA,EAAiB,gBAAA,EAAkB,qBAAqB,aAAa,CAAA;AAAA,MAE/F,KAAK,MAAA;AACH,QAAA,OAAOC,IAAAA,CAAK,MAAA,CAAO,eAAA,EAAiB,gBAAA,EAAkB,qBAAqB,aAAa,CAAA;AAAA,MAE1F,KAAK,SAAA;AACH,QAAA,OAAOC,OAAAA,CAAQ,MAAA,CAAO,eAAA,EAAiB,gBAAA,EAAkB,mBAAmB,CAAA;AAAA,MAE9E;AACE,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,CAAA;AAAA;AACjD,EACF,SAAS,KAAA,EAAO;AAEd,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAKA,cAAA,CAAe,YAAY,CACzBJ,OAAAA,EACA,WACA,SAAA,EACA,OAAA,GAAwC,EAAC,KAC7B;AACZ,EAAA,OAAO,cAAA,CAAeA,SAAQ,SAAA,EAAW,SAAA,EAAW,EAAE,GAAG,OAAA,EAAS,KAAA,EAAO,WAAA,EAAa,CAAA;AACxF,CAAA;AAEA,cAAA,CAAe,OAAO,CACpBA,OAAAA,EACA,WACA,SAAA,EACA,OAAA,GAAwC,EAAC,KAC7B;AACZ,EAAA,OAAO,cAAA,CAAeA,SAAQ,SAAA,EAAW,SAAA,EAAW,EAAE,GAAG,OAAA,EAAS,KAAA,EAAO,MAAA,EAAQ,CAAA;AACnF,CAAA;AAEA,cAAA,CAAe,UAAU,CACvBA,OAAAA,EACA,WACA,SAAA,EACA,OAAA,GAAwC,EAAC,KAC7B;AACZ,EAAA,OAAO,cAAA,CAAeA,SAAQ,SAAA,EAAW,SAAA,EAAW,EAAE,GAAG,OAAA,EAAS,KAAA,EAAO,SAAA,EAAW,CAAA;AACtF,CAAA;AAKA,cAAA,CAAe,KAAA,GAAQ,CACrB,aAAA,KAMc;AACd,EAAA,OAAO,aAAA,CAAc,GAAA;AAAA,IAAI,CAAC,EAAE,MAAA,EAAAA,OAAAA,EAAQ,SAAA,EAAW,SAAA,EAAW,OAAA,EAAQ,KAChE,cAAA,CAAeA,OAAAA,EAAQ,SAAA,EAAW,SAAA,EAAW,OAAO;AAAA,GACtD;AACF,CAAA;AAKA,cAAA,CAAe,WAAW,CACxBA,OAAAA,EACA,WACA,SAAA,EACA,OAAA,GAAyB,EAAC,KAMvB;AACH,EAAA,MAAM,KAAA,GAAQ,QAAQ,KAAA,IAAS,WAAA;AAE/B,EAAA,IAAI;AACF,IAAA,MAAM,mBAAA,GAAsB,eAAe,SAAS,CAAA;AACpD,IAAA,MAAM,cAAA,GAAiB,OAAA,CAAQ,eAAA,IAAmB,qBAAA,CAAsB,qBAAqB,KAAK,CAAA;AAElG,IAAA,MAAM,KAAA,GAAQ,cAAA,CAAeA,OAAAA,EAAQ,SAAA,EAAW,WAAW,OAAO,CAAA;AAElE,IAAA,OAAO;AAAA,MACL,KAAA;AAAA,MACA,KAAA;AAAA,MACA,eAAA,EAAiB;AAAA,KACnB;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,KAAA;AAAA,MACA,eAAA,EAAiB,SAAA;AAAA,MACjB,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU;AAAA,KAClD;AAAA,EACF;AACF,CAAA","file":"index.js","sourcesContent":["/**\n * Cryptographic Functions for Quereus\n *\n * Idiomatic ES module exports with base64url as default encoding.\n * All functions accept and return base64url strings by default for SQL compatibility.\n */\n\nimport { sha256, sha512 } from '@noble/hashes/sha2';\nimport { blake3 } from '@noble/hashes/blake3';\nimport { concatBytes, utf8ToBytes } from '@noble/hashes/utils';\nimport { secp256k1 } from '@noble/curves/secp256k1';\nimport { p256 } from '@noble/curves/nist';\nimport { ed25519 } from '@noble/curves/ed25519';\nimport { hexToBytes, bytesToHex } from '@noble/curves/abstract/utils';\nimport { toString as uint8ArrayToString, fromString as uint8ArrayFromString } from 'uint8arrays';\n\n// Type definitions\nexport type HashAlgorithm = 'sha256' | 'sha512' | 'blake3';\nexport type CurveType = 'secp256k1' | 'p256' | 'ed25519';\nexport type Encoding = 'base64url' | 'base64' | 'hex' | 'utf8' | 'bytes';\n\n/**\n * Convert input to Uint8Array, handling various encodings\n */\nfunction toBytes(input: string | Uint8Array | null | undefined, encoding: Encoding = 'base64url'): Uint8Array {\n\tif (input === null || input === undefined) {\n\t\treturn new Uint8Array(0);\n\t}\n\n\tif (input instanceof Uint8Array) {\n\t\treturn input;\n\t}\n\n\tif (typeof input === 'string') {\n\t\tswitch (encoding) {\n\t\t\tcase 'base64url':\n\t\t\t\treturn uint8ArrayFromString(input, 'base64url');\n\t\t\tcase 'base64':\n\t\t\t\treturn uint8ArrayFromString(input, 'base64');\n\t\t\tcase 'hex':\n\t\t\t\treturn hexToBytes(input);\n\t\t\tcase 'utf8':\n\t\t\t\treturn utf8ToBytes(input);\n\t\t\tdefault:\n\t\t\t\treturn uint8ArrayFromString(input, 'base64url');\n\t\t}\n\t}\n\n\tthrow new Error('Invalid input type');\n}\n\n/**\n * Convert Uint8Array to string in specified encoding\n */\nfunction fromBytes(bytes: Uint8Array, encoding: Encoding = 'base64url'): string | Uint8Array {\n\tswitch (encoding) {\n\t\tcase 'base64url':\n\t\t\treturn uint8ArrayToString(bytes, 'base64url');\n\t\tcase 'base64':\n\t\t\treturn uint8ArrayToString(bytes, 'base64');\n\t\tcase 'hex':\n\t\t\treturn bytesToHex(bytes);\n\t\tcase 'utf8':\n\t\t\treturn uint8ArrayToString(bytes, 'utf8');\n\t\tcase 'bytes':\n\t\t\treturn bytes;\n\t\tdefault:\n\t\t\treturn uint8ArrayToString(bytes, 'base64url');\n\t}\n}\n\n/**\n * Compute hash digest of input data\n *\n * @param data - Data to hash (base64url string or Uint8Array)\n * @param algorithm - Hash algorithm (default: 'sha256')\n * @param inputEncoding - Encoding of input string (default: 'base64url')\n * @param outputEncoding - Encoding of output (default: 'base64url')\n * @returns Hash digest in specified encoding\n *\n * @example\n * ```typescript\n * // Hash UTF-8 text, output as base64url\n * const hash = digest('hello world', 'sha256', 'utf8');\n *\n * // Hash base64url data with SHA-512\n * const hash2 = digest('SGVsbG8', 'sha512');\n *\n * // Get raw bytes\n * const bytes = digest('data', 'blake3', 'utf8', 'bytes');\n * ```\n */\nexport function digest(\n\tdata: string | Uint8Array,\n\talgorithm: HashAlgorithm = 'sha256',\n\tinputEncoding: Encoding = 'base64url',\n\toutputEncoding: Encoding = 'base64url'\n): string | Uint8Array {\n\tconst bytes = toBytes(data, inputEncoding);\n\n\tlet hashBytes: Uint8Array;\n\tswitch (algorithm) {\n\t\tcase 'sha256':\n\t\t\thashBytes = sha256(bytes);\n\t\t\tbreak;\n\t\tcase 'sha512':\n\t\t\thashBytes = sha512(bytes);\n\t\t\tbreak;\n\t\tcase 'blake3':\n\t\t\thashBytes = blake3(bytes);\n\t\t\tbreak;\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported hash algorithm: ${algorithm}`);\n\t}\n\n\treturn fromBytes(hashBytes, outputEncoding);\n}\n\n/**\n * Hash data and return modulo of specified bit length\n * Useful for generating fixed-size hash values (e.g., 16-bit, 32-bit)\n *\n * @param data - Data to hash\n * @param bits - Number of bits for the result (e.g., 16 for 16-bit hash)\n * @param algorithm - Hash algorithm (default: 'sha256')\n * @param inputEncoding - Encoding of input string (default: 'base64url')\n * @returns Integer hash value modulo 2^bits\n *\n * @example\n * ```typescript\n * // Get 16-bit hash (0-65535)\n * const hash16 = hashMod('hello', 16, 'sha256', 'utf8');\n *\n * // Get 32-bit hash\n * const hash32 = hashMod('world', 32, 'sha256', 'utf8');\n * ```\n */\nexport function hashMod(\n\tdata: string | Uint8Array,\n\tbits: number,\n\talgorithm: HashAlgorithm = 'sha256',\n\tinputEncoding: Encoding = 'base64url'\n): number {\n\tif (bits <= 0 || bits > 53) {\n\t\tthrow new Error('Bits must be between 1 and 53 (JavaScript safe integer limit)');\n\t}\n\n\tconst hashBytes = toBytes(digest(data, algorithm, inputEncoding, 'base64url') as string, 'base64url');\n\n\t// Take first 8 bytes and convert to number\n\tconst view = new DataView(hashBytes.buffer, hashBytes.byteOffset, Math.min(8, hashBytes.length));\n\tconst fullHash = view.getBigUint64(0, false); // big-endian\n\n\t// Modulo by 2^bits\n\tconst modulus = BigInt(2) ** BigInt(bits);\n\tconst result = fullHash % modulus;\n\n\treturn Number(result);\n}\n\n/**\n * Sign data with a private key\n *\n * @param data - Data to sign (typically a hash)\n * @param privateKey - Private key (base64url string or Uint8Array)\n * @param curve - Elliptic curve (default: 'secp256k1')\n * @param inputEncoding - Encoding of data input (default: 'base64url')\n * @param keyEncoding - Encoding of private key (default: 'base64url')\n * @param outputEncoding - Encoding of signature output (default: 'base64url')\n * @returns Signature in specified encoding\n *\n * @example\n * ```typescript\n * // Sign a hash with secp256k1\n * const sig = sign(hashData, privateKey);\n *\n * // Sign with Ed25519\n * const sig2 = sign(hashData, privateKey, 'ed25519');\n * ```\n */\nexport function sign(\n\tdata: string | Uint8Array,\n\tprivateKey: string | Uint8Array,\n\tcurve: CurveType = 'secp256k1',\n\tinputEncoding: Encoding = 'base64url',\n\tkeyEncoding: Encoding = 'base64url',\n\toutputEncoding: Encoding = 'base64url'\n): string | Uint8Array {\n\tconst dataBytes = toBytes(data, inputEncoding);\n\tconst keyBytes = toBytes(privateKey, keyEncoding);\n\n\tlet sigBytes: Uint8Array;\n\n\tswitch (curve) {\n\t\tcase 'secp256k1': {\n\t\t\tconst sig = secp256k1.sign(dataBytes, keyBytes, { lowS: true });\n\t\t\tsigBytes = sig.toCompactRawBytes();\n\t\t\tbreak;\n\t\t}\n\t\tcase 'p256': {\n\t\t\tconst sig = p256.sign(dataBytes, keyBytes, { lowS: true });\n\t\t\tsigBytes = sig.toCompactRawBytes();\n\t\t\tbreak;\n\t\t}\n\t\tcase 'ed25519': {\n\t\t\tsigBytes = ed25519.sign(dataBytes, keyBytes);\n\t\t\tbreak;\n\t\t}\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported curve: ${curve}`);\n\t}\n\n\treturn fromBytes(sigBytes, outputEncoding);\n}\n\n/**\n * Verify a signature\n *\n * @param data - Data that was signed\n * @param signature - Signature to verify\n * @param publicKey - Public key\n * @param curve - Elliptic curve (default: 'secp256k1')\n * @param inputEncoding - Encoding of data input (default: 'base64url')\n * @param sigEncoding - Encoding of signature (default: 'base64url')\n * @param keyEncoding - Encoding of public key (default: 'base64url')\n * @returns true if signature is valid, false otherwise\n *\n * @example\n * ```typescript\n * // Verify a signature\n * const isValid = verify(hashData, signature, publicKey);\n *\n * // Verify with Ed25519\n * const isValid2 = verify(hashData, signature, publicKey, 'ed25519');\n * ```\n */\nexport function verify(\n\tdata: string | Uint8Array,\n\tsignature: string | Uint8Array,\n\tpublicKey: string | Uint8Array,\n\tcurve: CurveType = 'secp256k1',\n\tinputEncoding: Encoding = 'base64url',\n\tsigEncoding: Encoding = 'base64url',\n\tkeyEncoding: Encoding = 'base64url'\n): boolean {\n\ttry {\n\t\tconst dataBytes = toBytes(data, inputEncoding);\n\t\tconst sigBytes = toBytes(signature, sigEncoding);\n\t\tconst keyBytes = toBytes(publicKey, keyEncoding);\n\n\t\tswitch (curve) {\n\t\t\tcase 'secp256k1': {\n\t\t\t\treturn secp256k1.verify(sigBytes, dataBytes, keyBytes);\n\t\t\t}\n\t\t\tcase 'p256': {\n\t\t\t\treturn p256.verify(sigBytes, dataBytes, keyBytes);\n\t\t\t}\n\t\t\tcase 'ed25519': {\n\t\t\t\treturn ed25519.verify(sigBytes, dataBytes, keyBytes);\n\t\t\t}\n\t\t\tdefault:\n\t\t\t\tthrow new Error(`Unsupported curve: ${curve}`);\n\t\t}\n\t} catch {\n\t\treturn false;\n\t}\n}\n\n/**\n * Generate cryptographically secure random bytes\n *\n * @param bits - Number of bits to generate (default: 256)\n * @param encoding - Output encoding (default: 'base64url')\n * @returns Random bytes in the specified encoding\n */\nexport function randomBytes(bits: number = 256, encoding: Encoding = 'base64url'): string | Uint8Array {\n\tconst bytes = Math.ceil(bits / 8);\n\tconst randomBytesArray = new Uint8Array(bytes);\n\tcrypto.getRandomValues(randomBytesArray);\n\treturn fromBytes(randomBytesArray, encoding);\n}\n\n/**\n * Generate a random private key\n */\nexport function generatePrivateKey(curve: CurveType = 'secp256k1', encoding: Encoding = 'base64url'): string | Uint8Array {\n\tlet keyBytes: Uint8Array;\n\n\tswitch (curve) {\n\t\tcase 'secp256k1':\n\t\t\tkeyBytes = secp256k1.utils.randomPrivateKey();\n\t\t\tbreak;\n\t\tcase 'p256':\n\t\t\tkeyBytes = p256.utils.randomPrivateKey();\n\t\t\tbreak;\n\t\tcase 'ed25519':\n\t\t\tkeyBytes = ed25519.utils.randomPrivateKey();\n\t\t\tbreak;\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported curve: ${curve}`);\n\t}\n\n\treturn fromBytes(keyBytes, encoding);\n}\n\n/**\n * Get public key from private key\n */\nexport function getPublicKey(\n\tprivateKey: string | Uint8Array,\n\tcurve: CurveType = 'secp256k1',\n\tkeyEncoding: Encoding = 'base64url',\n\toutputEncoding: Encoding = 'base64url'\n): string | Uint8Array {\n\tconst keyBytes = toBytes(privateKey, keyEncoding);\n\n\tlet pubBytes: Uint8Array;\n\n\tswitch (curve) {\n\t\tcase 'secp256k1':\n\t\t\tpubBytes = secp256k1.getPublicKey(keyBytes);\n\t\t\tbreak;\n\t\tcase 'p256':\n\t\t\tpubBytes = p256.getPublicKey(keyBytes);\n\t\t\tbreak;\n\t\tcase 'ed25519':\n\t\t\tpubBytes = ed25519.getPublicKey(keyBytes);\n\t\t\tbreak;\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported curve: ${curve}`);\n\t}\n\n\treturn fromBytes(pubBytes, outputEncoding);\n}\n\n","/**\r\n * Digest Function for Quereus\r\n *\r\n * Computes the hash of all arguments combined.\r\n * Uses SHA-256 from @noble/hashes for portable implementation.\r\n * Compatible with React Native and all JS environments.\r\n */\r\n\r\nimport { sha256 } from '@noble/hashes/sha2';\r\nimport { sha512 } from '@noble/hashes/sha2';\r\nimport { blake3 } from '@noble/hashes/blake3';\r\nimport { concatBytes, utf8ToBytes } from '@noble/hashes/utils';\r\n\r\n/**\r\n * Hash algorithm options\r\n */\r\nexport type HashAlgorithm = 'sha256' | 'sha512' | 'blake3';\r\n\r\n/**\r\n * Input type for digest function - can be string, Uint8Array, or number\r\n */\r\nexport type DigestInput = string | Uint8Array | number | boolean | null | undefined;\r\n\r\n/**\r\n * Options for the digest function\r\n */\r\nexport interface DigestOptions {\r\n /** Hash algorithm to use (default: sha256) */\r\n algorithm?: HashAlgorithm;\r\n /** Output format (default: uint8array) */\r\n output?: 'uint8array' | 'hex';\r\n}\r\n\r\n/**\r\n * Convert various input types to Uint8Array for hashing\r\n */\r\nfunction inputToBytes(input: DigestInput): Uint8Array {\r\n if (input === null || input === undefined) {\r\n return new Uint8Array(0);\r\n }\r\n\r\n if (typeof input === 'string') {\r\n return utf8ToBytes(input);\r\n }\r\n\r\n if (input instanceof Uint8Array) {\r\n return input;\r\n }\r\n\r\n if (typeof input === 'number') {\r\n // Convert number to 8-byte big-endian representation\r\n const buffer = new ArrayBuffer(8);\r\n const view = new DataView(buffer);\r\n view.setFloat64(0, input, false); // big-endian\r\n return new Uint8Array(buffer);\r\n }\r\n\r\n if (typeof input === 'boolean') {\r\n return new Uint8Array([input ? 1 : 0]);\r\n }\r\n\r\n // Fallback: convert to string then to bytes\r\n return utf8ToBytes(String(input));\r\n}\r\n\r\n/**\r\n * Get hash function based on algorithm\r\n */\r\nfunction getHashFunction(algorithm: HashAlgorithm): (data: Uint8Array) => Uint8Array {\r\n switch (algorithm) {\r\n case 'sha256':\r\n return sha256;\r\n case 'sha512':\r\n return sha512;\r\n case 'blake3':\r\n return blake3;\r\n default:\r\n throw new Error(`Unsupported hash algorithm: ${algorithm}`);\r\n }\r\n}\r\n\r\n/**\r\n * Computes the hash of all arguments\r\n *\r\n * @param {...DigestInput} args - Variable number of arguments to hash\r\n * @returns {Uint8Array} The computed hash as a Uint8Array\r\n *\r\n * @example\r\n * ```typescript\r\n * // Hash a string\r\n * const hash1 = Digest('hello world');\r\n *\r\n * // Hash multiple arguments\r\n * const hash2 = Digest('user:', 123, 'session');\r\n *\r\n * // Hash with specific algorithm\r\n * const hash3 = Digest.withOptions({ algorithm: 'sha512' })('data1', 'data2');\r\n *\r\n * // Get hex output\r\n * const hexHash = Digest.withOptions({ output: 'hex' })('hello');\r\n * ```\r\n */\r\nexport function Digest(...args: DigestInput[]): Uint8Array {\r\n return DigestWithOptions({ algorithm: 'sha256', output: 'uint8array' }, ...args) as Uint8Array;\r\n}\r\n\r\n/**\r\n * Digest function with custom options\r\n */\r\nexport function DigestWithOptions(options: DigestOptions, ...args: DigestInput[]): Uint8Array | string {\r\n const algorithm = options.algorithm || 'sha256';\r\n const output = options.output || 'uint8array';\r\n\r\n // Convert all arguments to bytes and concatenate\r\n const byteArrays = args.map(inputToBytes);\r\n const combined = concatBytes(...byteArrays);\r\n\r\n // Hash the combined data\r\n const hashFunction = getHashFunction(algorithm);\r\n const hash = hashFunction(combined);\r\n\r\n // Return in requested format\r\n if (output === 'hex') {\r\n return Array.from(hash)\r\n .map(b => b.toString(16).padStart(2, '0'))\r\n .join('');\r\n }\r\n\r\n return hash;\r\n}\r\n\r\n/**\r\n * Create a digest function with preset options\r\n */\r\nDigest.withOptions = (options: DigestOptions) => {\r\n return (...args: DigestInput[]) => DigestWithOptions(options, ...args);\r\n};\r\n\r\n/**\r\n * Convenience functions for specific algorithms\r\n */\r\nDigest.sha256 = (...args: DigestInput[]): Uint8Array => {\r\n return DigestWithOptions({ algorithm: 'sha256' }, ...args) as Uint8Array;\r\n};\r\n\r\nDigest.sha512 = (...args: DigestInput[]): Uint8Array => {\r\n return DigestWithOptions({ algorithm: 'sha512' }, ...args) as Uint8Array;\r\n};\r\n\r\nDigest.blake3 = (...args: DigestInput[]): Uint8Array => {\r\n return DigestWithOptions({ algorithm: 'blake3' }, ...args) as Uint8Array;\r\n};\r\n\r\n/**\r\n * Hex output variants\r\n */\r\nDigest.hex = (...args: DigestInput[]): string => {\r\n return DigestWithOptions({ algorithm: 'sha256', output: 'hex' }, ...args) as string;\r\n};\r\n\r\nDigest.sha256Hex = (...args: DigestInput[]): string => {\r\n return DigestWithOptions({ algorithm: 'sha256', output: 'hex' }, ...args) as string;\r\n};\r\n\r\nDigest.sha512Hex = (...args: DigestInput[]): string => {\r\n return DigestWithOptions({ algorithm: 'sha512', output: 'hex' }, ...args) as string;\r\n};\r\n\r\nDigest.blake3Hex = (...args: DigestInput[]): string => {\r\n return DigestWithOptions({ algorithm: 'blake3', output: 'hex' }, ...args) as string;\r\n};\r\n\r\nexport default Digest;\r\n","/**\r\n * Sign Function for Quereus\r\n *\r\n * Returns the signature for the given payload using an ECC private key.\r\n * Uses secp256k1 from @noble/curves for portable implementation.\r\n * Compatible with React Native and all JS environments.\r\n */\r\n\r\nimport { secp256k1 } from '@noble/curves/secp256k1';\r\nimport { p256 } from '@noble/curves/nist';\r\nimport { ed25519 } from '@noble/curves/ed25519';\r\nimport { bytesToHex, hexToBytes } from '@noble/curves/abstract/utils';\r\n\r\n/**\r\n * Supported elliptic curve types\r\n */\r\nexport type CurveType = 'secp256k1' | 'p256' | 'ed25519';\r\n\r\n/**\r\n * Private key input - can be Uint8Array, hex string, or bigint\r\n */\r\nexport type PrivateKeyInput = Uint8Array | string | bigint;\r\n\r\n/**\r\n * Digest input - can be Uint8Array or hex string\r\n */\r\nexport type DigestInput = Uint8Array | string;\r\n\r\n/**\r\n * Signature output format options\r\n */\r\nexport type SignatureFormat = 'uint8array' | 'hex' | 'compact' | 'der';\r\n\r\n/**\r\n * Options for the Sign function\r\n */\r\nexport interface SignOptions {\r\n /** Elliptic curve to use (default: secp256k1) */\r\n curve?: CurveType;\r\n /** Output format for signature (default: uint8array) */\r\n format?: SignatureFormat;\r\n /** Additional entropy for signatures (hedged signatures) */\r\n extraEntropy?: boolean | Uint8Array;\r\n /** Use low-S canonical signatures (default: true) */\r\n lowS?: boolean;\r\n}\r\n\r\n/**\r\n * Normalize private key input to Uint8Array\r\n */\r\nfunction normalizePrivateKey(privateKey: PrivateKeyInput): Uint8Array {\r\n if (privateKey instanceof Uint8Array) {\r\n return privateKey;\r\n }\r\n\r\n if (typeof privateKey === 'string') {\r\n // Assume hex string\r\n return hexToBytes(privateKey);\r\n }\r\n\r\n if (typeof privateKey === 'bigint') {\r\n // Convert bigint to 32-byte array (for secp256k1/p256)\r\n const hex = privateKey.toString(16).padStart(64, '0');\r\n return hexToBytes(hex);\r\n }\r\n\r\n throw new Error('Invalid private key format');\r\n}\r\n\r\n/**\r\n * Normalize digest input to Uint8Array\r\n */\r\nfunction normalizeDigest(digest: DigestInput): Uint8Array {\r\n if (digest instanceof Uint8Array) {\r\n return digest;\r\n }\r\n\r\n if (typeof digest === 'string') {\r\n return hexToBytes(digest);\r\n }\r\n\r\n throw new Error('Invalid digest format');\r\n}\r\n\r\n/**\r\n * Format signature based on requested format\r\n */\r\nfunction formatSignature(signature: any, format: SignatureFormat, curve: CurveType): Uint8Array | string {\r\n switch (format) {\r\n case 'uint8array':\r\n if (curve === 'ed25519') {\r\n return signature;\r\n }\r\n return signature.toCompactRawBytes();\r\n\r\n case 'hex':\r\n if (curve === 'ed25519') {\r\n return bytesToHex(signature);\r\n }\r\n return signature.toCompactHex();\r\n\r\n case 'compact':\r\n if (curve === 'ed25519') {\r\n return signature;\r\n }\r\n return signature.toCompactRawBytes();\r\n\r\n case 'der':\r\n if (curve === 'ed25519') {\r\n throw new Error('DER format not supported for ed25519');\r\n }\r\n // Note: DER encoding would require additional implementation\r\n // For now, fall back to compact\r\n return signature.toCompactRawBytes();\r\n\r\n default:\r\n throw new Error(`Unsupported signature format: ${format}`);\r\n }\r\n}\r\n\r\n/**\r\n * Sign a digest using the specified private key and curve\r\n *\r\n * @param {DigestInput} digest - The digest/hash to sign\r\n * @param {PrivateKeyInput} privateKey - The private key to use for signing\r\n * @param {SignOptions} [options] - Optional signing parameters\r\n * @returns {Uint8Array | string} The signature in the requested format\r\n *\r\n * @example\r\n * ```typescript\r\n * // Basic usage with secp256k1\r\n * const digest = new Uint8Array(32).fill(1); // Your hash here\r\n * const privateKey = 'a'.repeat(64); // Your private key hex\r\n * const signature = Sign(digest, privateKey);\r\n *\r\n * // With specific curve and format\r\n * const sig = Sign(digest, privateKey, {\r\n * curve: 'p256',\r\n * format: 'hex'\r\n * });\r\n *\r\n * // With hedged signatures for extra security\r\n * const hedgedSig = Sign(digest, privateKey, {\r\n * extraEntropy: true\r\n * });\r\n * ```\r\n */\r\nexport function Sign(\r\n digest: DigestInput,\r\n privateKey: PrivateKeyInput,\r\n options: SignOptions = {}\r\n): Uint8Array | string {\r\n const {\r\n curve = 'secp256k1',\r\n format = 'uint8array',\r\n extraEntropy = false,\r\n lowS = true,\r\n } = options;\r\n\r\n const normalizedDigest = normalizeDigest(digest);\r\n const normalizedPrivateKey = normalizePrivateKey(privateKey);\r\n\r\n let signature: any;\r\n\r\n switch (curve) {\r\n case 'secp256k1': {\r\n const signOptions: any = { lowS };\r\n if (extraEntropy) {\r\n signOptions.extraEntropy = extraEntropy;\r\n }\r\n signature = secp256k1.sign(normalizedDigest, normalizedPrivateKey, signOptions);\r\n break;\r\n }\r\n\r\n case 'p256': {\r\n const signOptions: any = { lowS };\r\n if (extraEntropy) {\r\n signOptions.extraEntropy = extraEntropy;\r\n }\r\n signature = p256.sign(normalizedDigest, normalizedPrivateKey, signOptions);\r\n break;\r\n }\r\n\r\n case 'ed25519': {\r\n signature = ed25519.sign(normalizedDigest, normalizedPrivateKey);\r\n break;\r\n }\r\n\r\n default:\r\n throw new Error(`Unsupported curve: ${curve}`);\r\n }\r\n\r\n return formatSignature(signature, format, curve);\r\n}\r\n\r\n/**\r\n * Convenience functions for specific curves\r\n */\r\nSign.secp256k1 = (digest: DigestInput, privateKey: PrivateKeyInput, options: Omit<SignOptions, 'curve'> = {}) => {\r\n return Sign(digest, privateKey, { ...options, curve: 'secp256k1' });\r\n};\r\n\r\nSign.p256 = (digest: DigestInput, privateKey: PrivateKeyInput, options: Omit<SignOptions, 'curve'> = {}) => {\r\n return Sign(digest, privateKey, { ...options, curve: 'p256' });\r\n};\r\n\r\nSign.ed25519 = (digest: DigestInput, privateKey: PrivateKeyInput, options: Omit<SignOptions, 'curve'> = {}) => {\r\n return Sign(digest, privateKey, { ...options, curve: 'ed25519' });\r\n};\r\n\r\n/**\r\n * Generate a random private key for the specified curve\r\n */\r\nSign.generatePrivateKey = (curve: CurveType = 'secp256k1'): Uint8Array => {\r\n switch (curve) {\r\n case 'secp256k1':\r\n return secp256k1.utils.randomPrivateKey();\r\n case 'p256':\r\n return p256.utils.randomPrivateKey();\r\n case 'ed25519':\r\n return ed25519.utils.randomPrivateKey();\r\n default:\r\n throw new Error(`Unsupported curve: ${curve}`);\r\n }\r\n};\r\n\r\n/**\r\n * Get the public key for a given private key and curve\r\n */\r\nSign.getPublicKey = (privateKey: PrivateKeyInput, curve: CurveType = 'secp256k1'): Uint8Array => {\r\n const normalizedPrivateKey = normalizePrivateKey(privateKey);\r\n\r\n switch (curve) {\r\n case 'secp256k1':\r\n return secp256k1.getPublicKey(normalizedPrivateKey);\r\n case 'p256':\r\n return p256.getPublicKey(normalizedPrivateKey);\r\n case 'ed25519':\r\n return ed25519.getPublicKey(normalizedPrivateKey);\r\n default:\r\n throw new Error(`Unsupported curve: ${curve}`);\r\n }\r\n};\r\n\r\nexport default Sign;\r\n","/**\r\n * SignatureValid Function for Quereus\r\n *\r\n * Returns true if the ECC signature is valid for the given digest and public key.\r\n * Uses @noble/curves for portable implementation.\r\n * Compatible with React Native and all JS environments.\r\n */\r\n\r\nimport { secp256k1 } from '@noble/curves/secp256k1';\r\nimport { p256 } from '@noble/curves/nist';\r\nimport { ed25519 } from '@noble/curves/ed25519';\r\nimport { hexToBytes } from '@noble/curves/abstract/utils';\r\n\r\n/**\r\n * Supported elliptic curve types\r\n */\r\nexport type CurveType = 'secp256k1' | 'p256' | 'ed25519';\r\n\r\n/**\r\n * Input types that can be Uint8Array or hex string\r\n */\r\nexport type BytesInput = Uint8Array | string;\r\n\r\n/**\r\n * Options for signature verification\r\n */\r\nexport interface VerifyOptions {\r\n /** Elliptic curve to use (default: secp256k1) */\r\n curve?: CurveType;\r\n /** Signature format (default: auto-detect) */\r\n signatureFormat?: 'compact' | 'der' | 'raw';\r\n /** Allow malleable signatures (default: false for ECDSA, true for EdDSA) */\r\n allowMalleableSignatures?: boolean;\r\n}\r\n\r\n/**\r\n * Normalize input to Uint8Array\r\n */\r\nfunction normalizeBytes(input: BytesInput): Uint8Array {\r\n if (input instanceof Uint8Array) {\r\n return input;\r\n }\r\n\r\n if (typeof input === 'string') {\r\n return hexToBytes(input);\r\n }\r\n\r\n throw new Error('Invalid input format - expected Uint8Array or hex string');\r\n}\r\n\r\n/**\r\n * Auto-detect signature format based on length and curve\r\n */\r\nfunction detectSignatureFormat(signature: Uint8Array, curve: CurveType): 'compact' | 'der' | 'raw' {\r\n const length = signature.length;\r\n\r\n if (curve === 'ed25519') {\r\n return 'raw'; // Ed25519 signatures are always 64 bytes\r\n }\r\n\r\n // For ECDSA curves (secp256k1, p256)\r\n if (length === 64) {\r\n return 'compact'; // r + s concatenated (32 + 32 bytes)\r\n }\r\n\r\n if (length >= 70 && length <= 72 && signature[0] === 0x30) {\r\n return 'der'; // DER encoding starts with 0x30\r\n }\r\n\r\n // Default to compact for shorter signatures\r\n return 'compact';\r\n}\r\n\r\n/**\r\n * Parse signature based on format and curve\r\n */\r\nfunction parseSignature(signature: Uint8Array, format: 'compact' | 'der' | 'raw', curve: CurveType): any {\r\n if (curve === 'ed25519') {\r\n // Ed25519 signatures are always raw 64-byte format\r\n return signature;\r\n }\r\n\r\n // For ECDSA curves\r\n switch (format) {\r\n case 'compact':\r\n if (curve === 'secp256k1') {\r\n return secp256k1.Signature.fromCompact(signature);\r\n } else if (curve === 'p256') {\r\n return p256.Signature.fromCompact(signature);\r\n }\r\n break;\r\n\r\n case 'der':\r\n if (curve === 'secp256k1') {\r\n return secp256k1.Signature.fromDER(signature);\r\n } else if (curve === 'p256') {\r\n return p256.Signature.fromDER(signature);\r\n }\r\n break;\r\n\r\n case 'raw':\r\n // Treat as compact for ECDSA\r\n if (curve === 'secp256k1') {\r\n return secp256k1.Signature.fromCompact(signature);\r\n } else if (curve === 'p256') {\r\n return p256.Signature.fromCompact(signature);\r\n }\r\n break;\r\n }\r\n\r\n throw new Error(`Failed to parse signature for curve ${curve} with format ${format}`);\r\n}\r\n\r\n/**\r\n * Verify if an ECC signature is valid\r\n *\r\n * @param {BytesInput} digest - The digest/hash that was signed\r\n * @param {BytesInput} signature - The signature to verify\r\n * @param {BytesInput} publicKey - The public key to verify against\r\n * @param {VerifyOptions} [options] - Optional verification parameters\r\n * @returns {boolean} True if the signature is valid, false otherwise\r\n *\r\n * @example\r\n * ```typescript\r\n * // Basic usage with secp256k1\r\n * const isValid = SignatureValid(digest, signature, publicKey);\r\n *\r\n * // With specific curve\r\n * const isValid = SignatureValid(digest, signature, publicKey, {\r\n * curve: 'p256'\r\n * });\r\n *\r\n * // With specific signature format\r\n * const isValid = SignatureValid(digest, signature, publicKey, {\r\n * curve: 'secp256k1',\r\n * signatureFormat: 'der'\r\n * });\r\n *\r\n * // Allow malleable signatures\r\n * const isValid = SignatureValid(digest, signature, publicKey, {\r\n * allowMalleableSignatures: true\r\n * });\r\n * ```\r\n */\r\nexport function SignatureValid(\r\n digest: BytesInput,\r\n signature: BytesInput,\r\n publicKey: BytesInput,\r\n options: VerifyOptions = {}\r\n): boolean {\r\n try {\r\n const {\r\n curve = 'secp256k1',\r\n signatureFormat,\r\n allowMalleableSignatures,\r\n } = options;\r\n\r\n const normalizedDigest = normalizeBytes(digest);\r\n const normalizedSignature = normalizeBytes(signature);\r\n const normalizedPublicKey = normalizeBytes(publicKey);\r\n\r\n // Auto-detect signature format if not specified\r\n const detectedFormat = signatureFormat || detectSignatureFormat(normalizedSignature, curve);\r\n\r\n // Parse the signature\r\n const parsedSignature = parseSignature(normalizedSignature, detectedFormat, curve);\r\n\r\n // Set up verification options\r\n const verifyOptions: any = {};\r\n\r\n // Handle malleable signatures for ECDSA curves\r\n if (curve !== 'ed25519' && allowMalleableSignatures !== undefined) {\r\n verifyOptions.lowS = !allowMalleableSignatures;\r\n }\r\n\r\n // Verify the signature\r\n switch (curve) {\r\n case 'secp256k1':\r\n return secp256k1.verify(parsedSignature, normalizedDigest, normalizedPublicKey, verifyOptions);\r\n\r\n case 'p256':\r\n return p256.verify(parsedSignature, normalizedDigest, normalizedPublicKey, verifyOptions);\r\n\r\n case 'ed25519':\r\n return ed25519.verify(parsedSignature, normalizedDigest, normalizedPublicKey);\r\n\r\n default:\r\n throw new Error(`Unsupported curve: ${curve}`);\r\n }\r\n } catch (error) {\r\n // If any error occurs during verification, the signature is invalid\r\n return false;\r\n }\r\n}\r\n\r\n/**\r\n * Convenience functions for specific curves\r\n */\r\nSignatureValid.secp256k1 = (\r\n digest: BytesInput,\r\n signature: BytesInput,\r\n publicKey: BytesInput,\r\n options: Omit<VerifyOptions, 'curve'> = {}\r\n): boolean => {\r\n return SignatureValid(digest, signature, publicKey, { ...options, curve: 'secp256k1' });\r\n};\r\n\r\nSignatureValid.p256 = (\r\n digest: BytesInput,\r\n signature: BytesInput,\r\n publicKey: BytesInput,\r\n options: Omit<VerifyOptions, 'curve'> = {}\r\n): boolean => {\r\n return SignatureValid(digest, signature, publicKey, { ...options, curve: 'p256' });\r\n};\r\n\r\nSignatureValid.ed25519 = (\r\n digest: BytesInput,\r\n signature: BytesInput,\r\n publicKey: BytesInput,\r\n options: Omit<VerifyOptions, 'curve'> = {}\r\n): boolean => {\r\n return SignatureValid(digest, signature, publicKey, { ...options, curve: 'ed25519' });\r\n};\r\n\r\n/**\r\n * Batch verify multiple signatures (more efficient for multiple verifications)\r\n */\r\nSignatureValid.batch = (\r\n verifications: Array<{\r\n digest: BytesInput;\r\n signature: BytesInput;\r\n publicKey: BytesInput;\r\n options?: VerifyOptions;\r\n }>\r\n): boolean[] => {\r\n return verifications.map(({ digest, signature, publicKey, options }) =>\r\n SignatureValid(digest, signature, publicKey, options)\r\n );\r\n};\r\n\r\n/**\r\n * Verify and return detailed information about the verification\r\n */\r\nSignatureValid.detailed = (\r\n digest: BytesInput,\r\n signature: BytesInput,\r\n publicKey: BytesInput,\r\n options: VerifyOptions = {}\r\n): {\r\n valid: boolean;\r\n curve: CurveType;\r\n signatureFormat: string;\r\n error?: string;\r\n} => {\r\n const curve = options.curve || 'secp256k1';\r\n\r\n try {\r\n const normalizedSignature = normalizeBytes(signature);\r\n const detectedFormat = options.signatureFormat || detectSignatureFormat(normalizedSignature, curve);\r\n\r\n const valid = SignatureValid(digest, signature, publicKey, options);\r\n\r\n return {\r\n valid,\r\n curve,\r\n signatureFormat: detectedFormat,\r\n };\r\n } catch (error) {\r\n return {\r\n valid: false,\r\n curve,\r\n signatureFormat: 'unknown',\r\n error: error instanceof Error ? error.message : 'Unknown error',\r\n };\r\n }\r\n};\r\n\r\nexport default SignatureValid;\r\n"]}
1
+ {"version":3,"sources":["../src/crypto.ts","../src/digest.ts","../src/sign.ts","../src/signature-valid.ts"],"names":["uint8ArrayFromString","uint8ArrayToString","utf8ToBytes","sha256","sha512","blake3","concatBytes","hexToBytes","digest","bytesToHex","secp256k1","p256","ed25519"],"mappings":";;;;;;;;;;AAwBA,SAAS,OAAA,CAAQ,KAAA,EAA+C,QAAA,GAAqB,WAAA,EAAyB;AAC7G,EAAA,IAAI,KAAA,KAAU,IAAA,IAAQ,KAAA,KAAU,MAAA,EAAW;AAC1C,IAAA,OAAO,IAAI,WAAW,CAAC,CAAA;AAAA,EACxB;AAEA,EAAA,IAAI,iBAAiB,UAAA,EAAY;AAChC,IAAA,OAAO,KAAA;AAAA,EACR;AAEA,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC9B,IAAA,QAAQ,QAAA;AAAU,MACjB,KAAK,WAAA;AACJ,QAAA,OAAOA,UAAA,CAAqB,OAAO,WAAW,CAAA;AAAA,MAC/C,KAAK,QAAA;AACJ,QAAA,OAAOA,UAAA,CAAqB,OAAO,QAAQ,CAAA;AAAA,MAC5C,KAAK,KAAA;AACJ,QAAA,OAAO,WAAW,KAAK,CAAA;AAAA,MACxB,KAAK,MAAA;AACJ,QAAA,OAAO,YAAY,KAAK,CAAA;AAAA,MACzB;AACC,QAAA,OAAOA,UAAA,CAAqB,OAAO,WAAW,CAAA;AAAA;AAChD,EACD;AAEA,EAAA,MAAM,IAAI,MAAM,oBAAoB,CAAA;AACrC;AAKA,SAAS,SAAA,CAAU,KAAA,EAAmB,QAAA,GAAqB,WAAA,EAAkC;AAC5F,EAAA,QAAQ,QAAA;AAAU,IACjB,KAAK,WAAA;AACJ,MAAA,OAAOC,QAAA,CAAmB,OAAO,WAAW,CAAA;AAAA,IAC7C,KAAK,QAAA;AACJ,MAAA,OAAOA,QAAA,CAAmB,OAAO,QAAQ,CAAA;AAAA,IAC1C,KAAK,KAAA;AACJ,MAAA,OAAO,WAAW,KAAK,CAAA;AAAA,IACxB,KAAK,MAAA;AACJ,MAAA,OAAOA,QAAA,CAAmB,OAAO,MAAM,CAAA;AAAA,IACxC,KAAK,OAAA;AACJ,MAAA,OAAO,KAAA;AAAA,IACR;AACC,MAAA,OAAOA,QAAA,CAAmB,OAAO,WAAW,CAAA;AAAA;AAE/C;AAuBO,SAAS,OACf,IAAA,EACA,SAAA,GAA2B,UAC3B,aAAA,GAA0B,WAAA,EAC1B,iBAA2B,WAAA,EACL;AACtB,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,IAAA,EAAM,aAAa,CAAA;AAEzC,EAAA,IAAI,SAAA;AACJ,EAAA,QAAQ,SAAA;AAAW,IAClB,KAAK,QAAA;AACJ,MAAA,SAAA,GAAY,OAAO,KAAK,CAAA;AACxB,MAAA;AAAA,IACD,KAAK,QAAA;AACJ,MAAA,SAAA,GAAY,OAAO,KAAK,CAAA;AACxB,MAAA;AAAA,IACD,KAAK,QAAA;AACJ,MAAA,SAAA,GAAY,OAAO,KAAK,CAAA;AACxB,MAAA;AAAA,IACD;AACC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,4BAAA,EAA+B,SAAS,CAAA,CAAE,CAAA;AAAA;AAG5D,EAAA,OAAO,SAAA,CAAU,WAAW,cAAc,CAAA;AAC3C;AAqBO,SAAS,QACf,IAAA,EACA,IAAA,EACA,SAAA,GAA2B,QAAA,EAC3B,gBAA0B,WAAA,EACjB;AACT,EAAA,IAAI,IAAA,IAAQ,CAAA,IAAK,IAAA,GAAO,EAAA,EAAI;AAC3B,IAAA,MAAM,IAAI,MAAM,+DAA+D,CAAA;AAAA,EAChF;AAEA,EAAA,MAAM,SAAA,GAAY,QAAQ,MAAA,CAAO,IAAA,EAAM,WAAW,aAAA,EAAe,WAAW,GAAa,WAAW,CAAA;AAGpG,EAAA,MAAM,IAAA,GAAO,IAAI,QAAA,CAAS,SAAA,CAAU,MAAA,EAAQ,SAAA,CAAU,UAAA,EAAY,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,SAAA,CAAU,MAAM,CAAC,CAAA;AAC/F,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,YAAA,CAAa,CAAA,EAAG,KAAK,CAAA;AAG3C,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,CAAC,CAAA,IAAK,OAAO,IAAI,CAAA;AACxC,EAAA,MAAM,SAAS,QAAA,GAAW,OAAA;AAE1B,EAAA,OAAO,OAAO,MAAM,CAAA;AACrB;AAsBO,SAAS,IAAA,CACf,IAAA,EACA,UAAA,EACA,KAAA,GAAmB,WAAA,EACnB,gBAA0B,WAAA,EAC1B,WAAA,GAAwB,WAAA,EACxB,cAAA,GAA2B,WAAA,EACL;AACtB,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,IAAA,EAAM,aAAa,CAAA;AAC7C,EAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,UAAA,EAAY,WAAW,CAAA;AAEhD,EAAA,IAAI,QAAA;AAEJ,EAAA,QAAQ,KAAA;AAAO,IACd,KAAK,WAAA;AACJ,MAAA,QAAA,GAAW,UAAU,IAAA,CAAK,SAAA,EAAW,UAAU,EAAE,IAAA,EAAM,MAAM,CAAA;AAC7D,MAAA;AAAA,IACD,KAAK,MAAA;AACJ,MAAA,QAAA,GAAW,KAAK,IAAA,CAAK,SAAA,EAAW,UAAU,EAAE,IAAA,EAAM,MAAM,CAAA;AACxD,MAAA;AAAA,IACD,KAAK,SAAA;AACJ,MAAA,QAAA,GAAW,OAAA,CAAQ,IAAA,CAAK,SAAA,EAAW,QAAQ,CAAA;AAC3C,MAAA;AAAA,IACD;AACC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,CAAA;AAAA;AAG/C,EAAA,OAAO,SAAA,CAAU,UAAU,cAAc,CAAA;AAC1C;AAuBO,SAAS,MAAA,CACf,IAAA,EACA,SAAA,EACA,SAAA,EACA,KAAA,GAAmB,WAAA,EACnB,aAAA,GAA0B,WAAA,EAC1B,WAAA,GAAwB,WAAA,EACxB,WAAA,GAAwB,WAAA,EACd;AACV,EAAA,IAAI;AACH,IAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,IAAA,EAAM,aAAa,CAAA;AAC7C,IAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,SAAA,EAAW,WAAW,CAAA;AAC/C,IAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,SAAA,EAAW,WAAW,CAAA;AAE/C,IAAA,QAAQ,KAAA;AAAO,MACd,KAAK,WAAA,EAAa;AACjB,QAAA,OAAO,SAAA,CAAU,MAAA,CAAO,QAAA,EAAU,SAAA,EAAW,QAAQ,CAAA;AAAA,MACtD;AAAA,MACA,KAAK,MAAA,EAAQ;AACZ,QAAA,OAAO,IAAA,CAAK,MAAA,CAAO,QAAA,EAAU,SAAA,EAAW,QAAQ,CAAA;AAAA,MACjD;AAAA,MACA,KAAK,SAAA,EAAW;AACf,QAAA,OAAO,OAAA,CAAQ,MAAA,CAAO,QAAA,EAAU,SAAA,EAAW,QAAQ,CAAA;AAAA,MACpD;AAAA,MACA;AACC,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,CAAA;AAAA;AAC/C,EACD,CAAA,CAAA,MAAQ;AACP,IAAA,OAAO,KAAA;AAAA,EACR;AACD;AASO,SAAS,WAAA,CAAY,IAAA,GAAe,GAAA,EAAK,QAAA,GAAqB,WAAA,EAAkC;AACtG,EAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,IAAA,CAAK,IAAA,GAAO,CAAC,CAAA;AAChC,EAAA,MAAM,gBAAA,GAAmB,IAAI,UAAA,CAAW,KAAK,CAAA;AAC7C,EAAA,MAAA,CAAO,gBAAgB,gBAAgB,CAAA;AACvC,EAAA,OAAO,SAAA,CAAU,kBAAkB,QAAQ,CAAA;AAC5C;AAKO,SAAS,kBAAA,CAAmB,KAAA,GAAmB,WAAA,EAAa,QAAA,GAAqB,WAAA,EAAkC;AACzH,EAAA,IAAI,QAAA;AAEJ,EAAA,QAAQ,KAAA;AAAO,IACd,KAAK,WAAA;AACJ,MAAA,QAAA,GAAW,SAAA,CAAU,MAAM,eAAA,EAAgB;AAC3C,MAAA;AAAA,IACD,KAAK,MAAA;AACJ,MAAA,QAAA,GAAW,IAAA,CAAK,MAAM,eAAA,EAAgB;AACtC,MAAA;AAAA,IACD,KAAK,SAAA;AACJ,MAAA,QAAA,GAAW,OAAA,CAAQ,MAAM,eAAA,EAAgB;AACzC,MAAA;AAAA,IACD;AACC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,CAAA;AAAA;AAG/C,EAAA,OAAO,SAAA,CAAU,UAAU,QAAQ,CAAA;AACpC;AAKO,SAAS,aACf,UAAA,EACA,KAAA,GAAmB,aACnB,WAAA,GAAwB,WAAA,EACxB,iBAA2B,WAAA,EACL;AACtB,EAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,UAAA,EAAY,WAAW,CAAA;AAEhD,EAAA,IAAI,QAAA;AAEJ,EAAA,QAAQ,KAAA;AAAO,IACd,KAAK,WAAA;AACJ,MAAA,QAAA,GAAW,SAAA,CAAU,aAAa,QAAQ,CAAA;AAC1C,MAAA;AAAA,IACD,KAAK,MAAA;AACJ,MAAA,QAAA,GAAW,IAAA,CAAK,aAAa,QAAQ,CAAA;AACrC,MAAA;AAAA,IACD,KAAK,SAAA;AACJ,MAAA,QAAA,GAAW,OAAA,CAAQ,aAAa,QAAQ,CAAA;AACxC,MAAA;AAAA,IACD;AACC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,CAAA;AAAA;AAG/C,EAAA,OAAO,SAAA,CAAU,UAAU,cAAc,CAAA;AAC1C;ACpSA,SAAS,aAAa,KAAA,EAAgC;AACpD,EAAA,IAAI,KAAA,KAAU,IAAA,IAAQ,KAAA,KAAU,MAAA,EAAW;AACzC,IAAA,OAAO,IAAI,WAAW,CAAC,CAAA;AAAA,EACzB;AAEA,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,IAAA,OAAOC,YAAY,KAAK,CAAA;AAAA,EAC1B;AAEA,EAAA,IAAI,iBAAiB,UAAA,EAAY;AAC/B,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAE7B,IAAA,MAAM,MAAA,GAAS,IAAI,WAAA,CAAY,CAAC,CAAA;AAChC,IAAA,MAAM,IAAA,GAAO,IAAI,QAAA,CAAS,MAAM,CAAA;AAChC,IAAA,IAAA,CAAK,UAAA,CAAW,CAAA,EAAG,KAAA,EAAO,KAAK,CAAA;AAC/B,IAAA,OAAO,IAAI,WAAW,MAAM,CAAA;AAAA,EAC9B;AAEA,EAAA,IAAI,OAAO,UAAU,SAAA,EAAW;AAC9B,IAAA,OAAO,IAAI,UAAA,CAAW,CAAC,KAAA,GAAQ,CAAA,GAAI,CAAC,CAAC,CAAA;AAAA,EACvC;AAGA,EAAA,OAAOA,WAAAA,CAAY,MAAA,CAAO,KAAK,CAAC,CAAA;AAClC;AAKA,SAAS,gBAAgB,SAAA,EAA4D;AACnF,EAAA,QAAQ,SAAA;AAAW,IACjB,KAAK,QAAA;AACH,MAAA,OAAOC,MAAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAOC,MAAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAOC,MAAAA;AAAA,IACT;AACE,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,4BAAA,EAA+B,SAAS,CAAA,CAAE,CAAA;AAAA;AAEhE;AAuBO,SAAS,UAAU,IAAA,EAAiC;AACzD,EAAA,OAAO,iBAAA,CAAkB,EAAE,SAAA,EAAW,QAAA,EAAU,QAAQ,YAAA,EAAa,EAAG,GAAG,IAAI,CAAA;AACjF;AAKO,SAAS,iBAAA,CAAkB,YAA2B,IAAA,EAA0C;AACrG,EAAA,MAAM,SAAA,GAAY,QAAQ,SAAA,IAAa,QAAA;AACvC,EAAA,MAAM,MAAA,GAAS,QAAQ,MAAA,IAAU,YAAA;AAGjC,EAAA,MAAM,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,YAAY,CAAA;AACxC,EAAA,MAAM,QAAA,GAAWC,WAAAA,CAAY,GAAG,UAAU,CAAA;AAG1C,EAAA,MAAM,YAAA,GAAe,gBAAgB,SAAS,CAAA;AAC9C,EAAA,MAAM,IAAA,GAAO,aAAa,QAAQ,CAAA;AAGlC,EAAA,IAAI,WAAW,KAAA,EAAO;AACpB,IAAA,OAAO,MAAM,IAAA,CAAK,IAAI,CAAA,CACnB,GAAA,CAAI,OAAK,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CACxC,KAAK,EAAE,CAAA;AAAA,EACZ;AAEA,EAAA,OAAO,IAAA;AACT;AAKA,MAAA,CAAO,WAAA,GAAc,CAAC,OAAA,KAA2B;AAC/C,EAAA,OAAO,CAAA,GAAI,IAAA,KAAwB,iBAAA,CAAkB,OAAA,EAAS,GAAG,IAAI,CAAA;AACvE,CAAA;AAKA,MAAA,CAAO,MAAA,GAAS,IAAI,IAAA,KAAoC;AACtD,EAAA,OAAO,kBAAkB,EAAE,SAAA,EAAW,QAAA,EAAS,EAAG,GAAG,IAAI,CAAA;AAC3D,CAAA;AAEA,MAAA,CAAO,MAAA,GAAS,IAAI,IAAA,KAAoC;AACtD,EAAA,OAAO,kBAAkB,EAAE,SAAA,EAAW,QAAA,EAAS,EAAG,GAAG,IAAI,CAAA;AAC3D,CAAA;AAEA,MAAA,CAAO,MAAA,GAAS,IAAI,IAAA,KAAoC;AACtD,EAAA,OAAO,kBAAkB,EAAE,SAAA,EAAW,QAAA,EAAS,EAAG,GAAG,IAAI,CAAA;AAC3D,CAAA;AAKA,MAAA,CAAO,GAAA,GAAM,IAAI,IAAA,KAAgC;AAC/C,EAAA,OAAO,iBAAA,CAAkB,EAAE,SAAA,EAAW,QAAA,EAAU,QAAQ,KAAA,EAAM,EAAG,GAAG,IAAI,CAAA;AAC1E,CAAA;AAEA,MAAA,CAAO,SAAA,GAAY,IAAI,IAAA,KAAgC;AACrD,EAAA,OAAO,iBAAA,CAAkB,EAAE,SAAA,EAAW,QAAA,EAAU,QAAQ,KAAA,EAAM,EAAG,GAAG,IAAI,CAAA;AAC1E,CAAA;AAEA,MAAA,CAAO,SAAA,GAAY,IAAI,IAAA,KAAgC;AACrD,EAAA,OAAO,iBAAA,CAAkB,EAAE,SAAA,EAAW,QAAA,EAAU,QAAQ,KAAA,EAAM,EAAG,GAAG,IAAI,CAAA;AAC1E,CAAA;AAEA,MAAA,CAAO,SAAA,GAAY,IAAI,IAAA,KAAgC;AACrD,EAAA,OAAO,iBAAA,CAAkB,EAAE,SAAA,EAAW,QAAA,EAAU,QAAQ,KAAA,EAAM,EAAG,GAAG,IAAI,CAAA;AAC1E,CAAA;ACxHA,SAAS,oBAAoB,UAAA,EAAyC;AACpE,EAAA,IAAI,sBAAsB,UAAA,EAAY;AACpC,IAAA,OAAO,UAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,eAAe,QAAA,EAAU;AAElC,IAAA,OAAOC,WAAW,UAAU,CAAA;AAAA,EAC9B;AAEA,EAAA,IAAI,OAAO,eAAe,QAAA,EAAU;AAElC,IAAA,MAAM,MAAM,UAAA,CAAW,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,IAAI,GAAG,CAAA;AACpD,IAAA,OAAOA,WAAW,GAAG,CAAA;AAAA,EACvB;AAEA,EAAA,MAAM,IAAI,MAAM,4BAA4B,CAAA;AAC9C;AAKA,SAAS,gBAAgBC,OAAAA,EAAiC;AACxD,EAAA,IAAIA,mBAAkB,UAAA,EAAY;AAChC,IAAA,OAAOA,OAAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAOA,YAAW,QAAA,EAAU;AAC9B,IAAA,OAAOD,WAAWC,OAAM,CAAA;AAAA,EAC1B;AAEA,EAAA,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACzC;AAMA,SAAS,eAAA,CAAgB,SAAA,EAAuB,MAAA,EAAyB,KAAA,EAAuC;AAC9G,EAAA,QAAQ,MAAA;AAAQ,IACd,KAAK,YAAA;AAAA,IACL,KAAK,SAAA;AACH,MAAA,OAAO,SAAA;AAAA,IAET,KAAK,KAAA;AACH,MAAA,OAAOC,WAAW,SAAS,CAAA;AAAA,IAE7B,KAAK,KAAA;AACH,MAAA,IAAI,UAAU,SAAA,EAAW;AACvB,QAAA,MAAM,IAAI,MAAM,sCAAsC,CAAA;AAAA,MACxD;AAGA,MAAA,OAAO,SAAA;AAAA,IAET;AACE,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,8BAAA,EAAiC,MAAM,CAAA,CAAE,CAAA;AAAA;AAE/D;AA6BO,SAAS,IAAA,CACdD,OAAAA,EACA,UAAA,EACA,OAAA,GAAuB,EAAC,EACH;AACrB,EAAA,MAAM;AAAA,IACJ,KAAA,GAAQ,WAAA;AAAA,IACR,MAAA,GAAS,YAAA;AAAA,IACT,YAAA,GAAe,KAAA;AAAA,IACf,IAAA,GAAO;AAAA,GACT,GAAI,OAAA;AAEJ,EAAA,MAAM,gBAAA,GAAmB,gBAAgBA,OAAM,CAAA;AAC/C,EAAA,MAAM,oBAAA,GAAuB,oBAAoB,UAAU,CAAA;AAE3D,EAAA,IAAI,SAAA;AAEJ,EAAA,QAAQ,KAAA;AAAO,IACb,KAAK,WAAA,EAAa;AAChB,MAAA,MAAM,WAAA,GAAmB,EAAE,IAAA,EAAK;AAChC,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,WAAA,CAAY,YAAA,GAAe,YAAA;AAAA,MAC7B;AACA,MAAA,SAAA,GAAYE,SAAAA,CAAU,IAAA,CAAK,gBAAA,EAAkB,oBAAA,EAAsB,WAAW,CAAA;AAC9E,MAAA;AAAA,IACF;AAAA,IAEA,KAAK,MAAA,EAAQ;AACX,MAAA,MAAM,WAAA,GAAmB,EAAE,IAAA,EAAK;AAChC,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,WAAA,CAAY,YAAA,GAAe,YAAA;AAAA,MAC7B;AACA,MAAA,SAAA,GAAYC,IAAAA,CAAK,IAAA,CAAK,gBAAA,EAAkB,oBAAA,EAAsB,WAAW,CAAA;AACzE,MAAA;AAAA,IACF;AAAA,IAEA,KAAK,SAAA,EAAW;AACd,MAAA,SAAA,GAAYC,OAAAA,CAAQ,IAAA,CAAK,gBAAA,EAAkB,oBAAoB,CAAA;AAC/D,MAAA;AAAA,IACF;AAAA,IAEA;AACE,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,CAAA;AAAA;AAGjD,EAAA,OAAO,eAAA,CAAgB,SAAA,EAAW,MAAA,EAAQ,KAAK,CAAA;AACjD;AAKA,IAAA,CAAK,YAAY,CAACJ,OAAAA,EAAqB,UAAA,EAA6B,OAAA,GAAsC,EAAC,KAAM;AAC/G,EAAA,OAAO,IAAA,CAAKA,SAAQ,UAAA,EAAY,EAAE,GAAG,OAAA,EAAS,KAAA,EAAO,aAAa,CAAA;AACpE,CAAA;AAEA,IAAA,CAAK,OAAO,CAACA,OAAAA,EAAqB,UAAA,EAA6B,OAAA,GAAsC,EAAC,KAAM;AAC1G,EAAA,OAAO,IAAA,CAAKA,SAAQ,UAAA,EAAY,EAAE,GAAG,OAAA,EAAS,KAAA,EAAO,QAAQ,CAAA;AAC/D,CAAA;AAEA,IAAA,CAAK,UAAU,CAACA,OAAAA,EAAqB,UAAA,EAA6B,OAAA,GAAsC,EAAC,KAAM;AAC7G,EAAA,OAAO,IAAA,CAAKA,SAAQ,UAAA,EAAY,EAAE,GAAG,OAAA,EAAS,KAAA,EAAO,WAAW,CAAA;AAClE,CAAA;AAKA,IAAA,CAAK,kBAAA,GAAqB,CAAC,KAAA,GAAmB,WAAA,KAA4B;AACxE,EAAA,QAAQ,KAAA;AAAO,IACb,KAAK,WAAA;AACH,MAAA,OAAOE,SAAAA,CAAU,MAAM,eAAA,EAAgB;AAAA,IACzC,KAAK,MAAA;AACH,MAAA,OAAOC,IAAAA,CAAK,MAAM,eAAA,EAAgB;AAAA,IACpC,KAAK,SAAA;AACH,MAAA,OAAOC,OAAAA,CAAQ,MAAM,eAAA,EAAgB;AAAA,IACvC;AACE,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,CAAA;AAAA;AAEnD,CAAA;AAKA,IAAA,CAAK,YAAA,GAAe,CAAC,UAAA,EAA6B,KAAA,GAAmB,WAAA,KAA4B;AAC/F,EAAA,MAAM,oBAAA,GAAuB,oBAAoB,UAAU,CAAA;AAE3D,EAAA,QAAQ,KAAA;AAAO,IACb,KAAK,WAAA;AACH,MAAA,OAAOF,SAAAA,CAAU,aAAa,oBAAoB,CAAA;AAAA,IACpD,KAAK,MAAA;AACH,MAAA,OAAOC,IAAAA,CAAK,aAAa,oBAAoB,CAAA;AAAA,IAC/C,KAAK,SAAA;AACH,MAAA,OAAOC,OAAAA,CAAQ,aAAa,oBAAoB,CAAA;AAAA,IAClD;AACE,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,CAAA;AAAA;AAEnD,CAAA;AClMA,SAAS,eAAe,KAAA,EAA+B;AACrD,EAAA,IAAI,iBAAiB,UAAA,EAAY;AAC/B,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,IAAA,OAAOL,WAAW,KAAK,CAAA;AAAA,EACzB;AAEA,EAAA,MAAM,IAAI,MAAM,0DAA0D,CAAA;AAC5E;AAKA,SAAS,qBAAA,CAAsB,WAAuB,KAAA,EAA6C;AACjG,EAAA,MAAM,SAAS,SAAA,CAAU,MAAA;AAEzB,EAAA,IAAI,UAAU,SAAA,EAAW;AACvB,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IAAI,WAAW,EAAA,EAAI;AACjB,IAAA,OAAO,SAAA;AAAA,EACT;AAEA,EAAA,IAAI,UAAU,EAAA,IAAM,MAAA,IAAU,MAAM,SAAA,CAAU,CAAC,MAAM,EAAA,EAAM;AACzD,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,OAAO,SAAA;AACT;AAMA,SAAS,cAAA,CAAe,SAAA,EAAuB,MAAA,EAAmC,KAAA,EAA8B;AAC9G,EAAA,IAAI,UAAU,SAAA,EAAW;AAEvB,IAAA,OAAO,SAAA;AAAA,EACT;AAIA,EAAA,MAAM,SAAA,GAAY,MAAA,KAAW,KAAA,GAAQ,SAAA,GAAY,MAAA;AAEjD,EAAA,IAAI,UAAU,WAAA,EAAa;AACzB,IAAA,OAAOG,UAAU,SAAA,CAAU,SAAA,CAAU,SAAA,EAAW,SAAS,EAAE,OAAA,EAAQ;AAAA,EACrE,CAAA,MAAA,IAAW,UAAU,MAAA,EAAQ;AAC3B,IAAA,OAAOC,KAAK,SAAA,CAAU,SAAA,CAAU,SAAA,EAAW,SAAS,EAAE,OAAA,EAAQ;AAAA,EAChE;AAEA,EAAA,MAAM,IAAI,KAAA,CAAM,CAAA,oCAAA,EAAuC,KAAK,CAAA,aAAA,EAAgB,MAAM,CAAA,CAAE,CAAA;AACtF;AAiCO,SAAS,eACdH,OAAAA,EACA,SAAA,EACA,SAAA,EACA,OAAA,GAAyB,EAAC,EACjB;AACT,EAAA,IAAI;AACF,IAAA,MAAM;AAAA,MACJ,KAAA,GAAQ,WAAA;AAAA,MACR,eAAA;AAAA,MACA;AAAA,KACF,GAAI,OAAA;AAEJ,IAAA,MAAM,gBAAA,GAAmB,eAAeA,OAAM,CAAA;AAC9C,IAAA,MAAM,mBAAA,GAAsB,eAAe,SAAS,CAAA;AACpD,IAAA,MAAM,mBAAA,GAAsB,eAAe,SAAS,CAAA;AAGpD,IAAA,MAAM,cAAA,GAAiB,eAAA,IAAmB,qBAAA,CAAsB,mBAAA,EAAqB,KAAK,CAAA;AAG1F,IAAA,MAAM,eAAA,GAAkB,cAAA,CAAe,mBAAA,EAAqB,cAAA,EAAgB,KAAK,CAAA;AAGjF,IAAA,MAAM,gBAAqB,EAAC;AAG5B,IAAA,IAAI,KAAA,KAAU,SAAA,IAAa,wBAAA,KAA6B,KAAA,CAAA,EAAW;AACjE,MAAA,aAAA,CAAc,OAAO,CAAC,wBAAA;AAAA,IACxB;AAGA,IAAA,QAAQ,KAAA;AAAO,MACb,KAAK,WAAA;AACH,QAAA,OAAOE,SAAAA,CAAU,MAAA,CAAO,eAAA,EAAiB,gBAAA,EAAkB,qBAAqB,aAAa,CAAA;AAAA,MAE/F,KAAK,MAAA;AACH,QAAA,OAAOC,IAAAA,CAAK,MAAA,CAAO,eAAA,EAAiB,gBAAA,EAAkB,qBAAqB,aAAa,CAAA;AAAA,MAE1F,KAAK,SAAA;AACH,QAAA,OAAOC,OAAAA,CAAQ,MAAA,CAAO,eAAA,EAAiB,gBAAA,EAAkB,mBAAmB,CAAA;AAAA,MAE9E;AACE,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAK,CAAA,CAAE,CAAA;AAAA;AACjD,EACF,SAAS,KAAA,EAAO;AAEd,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAKA,cAAA,CAAe,YAAY,CACzBJ,OAAAA,EACA,WACA,SAAA,EACA,OAAA,GAAwC,EAAC,KAC7B;AACZ,EAAA,OAAO,cAAA,CAAeA,SAAQ,SAAA,EAAW,SAAA,EAAW,EAAE,GAAG,OAAA,EAAS,KAAA,EAAO,WAAA,EAAa,CAAA;AACxF,CAAA;AAEA,cAAA,CAAe,OAAO,CACpBA,OAAAA,EACA,WACA,SAAA,EACA,OAAA,GAAwC,EAAC,KAC7B;AACZ,EAAA,OAAO,cAAA,CAAeA,SAAQ,SAAA,EAAW,SAAA,EAAW,EAAE,GAAG,OAAA,EAAS,KAAA,EAAO,MAAA,EAAQ,CAAA;AACnF,CAAA;AAEA,cAAA,CAAe,UAAU,CACvBA,OAAAA,EACA,WACA,SAAA,EACA,OAAA,GAAwC,EAAC,KAC7B;AACZ,EAAA,OAAO,cAAA,CAAeA,SAAQ,SAAA,EAAW,SAAA,EAAW,EAAE,GAAG,OAAA,EAAS,KAAA,EAAO,SAAA,EAAW,CAAA;AACtF,CAAA;AAKA,cAAA,CAAe,KAAA,GAAQ,CACrB,aAAA,KAMc;AACd,EAAA,OAAO,aAAA,CAAc,GAAA;AAAA,IAAI,CAAC,EAAE,MAAA,EAAAA,OAAAA,EAAQ,SAAA,EAAW,SAAA,EAAW,OAAA,EAAQ,KAChE,cAAA,CAAeA,OAAAA,EAAQ,SAAA,EAAW,SAAA,EAAW,OAAO;AAAA,GACtD;AACF,CAAA;AAKA,cAAA,CAAe,WAAW,CACxBA,OAAAA,EACA,WACA,SAAA,EACA,OAAA,GAAyB,EAAC,KAMvB;AACH,EAAA,MAAM,KAAA,GAAQ,QAAQ,KAAA,IAAS,WAAA;AAE/B,EAAA,IAAI;AACF,IAAA,MAAM,mBAAA,GAAsB,eAAe,SAAS,CAAA;AACpD,IAAA,MAAM,cAAA,GAAiB,OAAA,CAAQ,eAAA,IAAmB,qBAAA,CAAsB,qBAAqB,KAAK,CAAA;AAElG,IAAA,MAAM,KAAA,GAAQ,cAAA,CAAeA,OAAAA,EAAQ,SAAA,EAAW,WAAW,OAAO,CAAA;AAElE,IAAA,OAAO;AAAA,MACL,KAAA;AAAA,MACA,KAAA;AAAA,MACA,eAAA,EAAiB;AAAA,KACnB;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,KAAA;AAAA,MACA,eAAA,EAAiB,SAAA;AAAA,MACjB,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU;AAAA,KAClD;AAAA,EACF;AACF,CAAA","file":"index.js","sourcesContent":["/**\n * Cryptographic Functions for Quereus\n *\n * Idiomatic ES module exports with base64url as default encoding.\n * All functions accept and return base64url strings by default for SQL compatibility.\n */\n\nimport { sha256, sha512 } from '@noble/hashes/sha2.js';\nimport { blake3 } from '@noble/hashes/blake3.js';\nimport { concatBytes, utf8ToBytes } from '@noble/hashes/utils.js';\nimport { secp256k1 } from '@noble/curves/secp256k1.js';\nimport { p256 } from '@noble/curves/nist.js';\nimport { ed25519 } from '@noble/curves/ed25519.js';\nimport { hexToBytes, bytesToHex } from '@noble/curves/utils.js';\nimport { toString as uint8ArrayToString, fromString as uint8ArrayFromString } from 'uint8arrays';\n\n// Type definitions\nexport type HashAlgorithm = 'sha256' | 'sha512' | 'blake3';\nexport type CurveType = 'secp256k1' | 'p256' | 'ed25519';\nexport type Encoding = 'base64url' | 'base64' | 'hex' | 'utf8' | 'bytes';\n\n/**\n * Convert input to Uint8Array, handling various encodings\n */\nfunction toBytes(input: string | Uint8Array | null | undefined, encoding: Encoding = 'base64url'): Uint8Array {\n\tif (input === null || input === undefined) {\n\t\treturn new Uint8Array(0);\n\t}\n\n\tif (input instanceof Uint8Array) {\n\t\treturn input;\n\t}\n\n\tif (typeof input === 'string') {\n\t\tswitch (encoding) {\n\t\t\tcase 'base64url':\n\t\t\t\treturn uint8ArrayFromString(input, 'base64url');\n\t\t\tcase 'base64':\n\t\t\t\treturn uint8ArrayFromString(input, 'base64');\n\t\t\tcase 'hex':\n\t\t\t\treturn hexToBytes(input);\n\t\t\tcase 'utf8':\n\t\t\t\treturn utf8ToBytes(input);\n\t\t\tdefault:\n\t\t\t\treturn uint8ArrayFromString(input, 'base64url');\n\t\t}\n\t}\n\n\tthrow new Error('Invalid input type');\n}\n\n/**\n * Convert Uint8Array to string in specified encoding\n */\nfunction fromBytes(bytes: Uint8Array, encoding: Encoding = 'base64url'): string | Uint8Array {\n\tswitch (encoding) {\n\t\tcase 'base64url':\n\t\t\treturn uint8ArrayToString(bytes, 'base64url');\n\t\tcase 'base64':\n\t\t\treturn uint8ArrayToString(bytes, 'base64');\n\t\tcase 'hex':\n\t\t\treturn bytesToHex(bytes);\n\t\tcase 'utf8':\n\t\t\treturn uint8ArrayToString(bytes, 'utf8');\n\t\tcase 'bytes':\n\t\t\treturn bytes;\n\t\tdefault:\n\t\t\treturn uint8ArrayToString(bytes, 'base64url');\n\t}\n}\n\n/**\n * Compute hash digest of input data\n *\n * @param data - Data to hash (base64url string or Uint8Array)\n * @param algorithm - Hash algorithm (default: 'sha256')\n * @param inputEncoding - Encoding of input string (default: 'base64url')\n * @param outputEncoding - Encoding of output (default: 'base64url')\n * @returns Hash digest in specified encoding\n *\n * @example\n * ```typescript\n * // Hash UTF-8 text, output as base64url\n * const hash = digest('hello world', 'sha256', 'utf8');\n *\n * // Hash base64url data with SHA-512\n * const hash2 = digest('SGVsbG8', 'sha512');\n *\n * // Get raw bytes\n * const bytes = digest('data', 'blake3', 'utf8', 'bytes');\n * ```\n */\nexport function digest(\n\tdata: string | Uint8Array,\n\talgorithm: HashAlgorithm = 'sha256',\n\tinputEncoding: Encoding = 'base64url',\n\toutputEncoding: Encoding = 'base64url'\n): string | Uint8Array {\n\tconst bytes = toBytes(data, inputEncoding);\n\n\tlet hashBytes: Uint8Array;\n\tswitch (algorithm) {\n\t\tcase 'sha256':\n\t\t\thashBytes = sha256(bytes);\n\t\t\tbreak;\n\t\tcase 'sha512':\n\t\t\thashBytes = sha512(bytes);\n\t\t\tbreak;\n\t\tcase 'blake3':\n\t\t\thashBytes = blake3(bytes);\n\t\t\tbreak;\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported hash algorithm: ${algorithm}`);\n\t}\n\n\treturn fromBytes(hashBytes, outputEncoding);\n}\n\n/**\n * Hash data and return modulo of specified bit length\n * Useful for generating fixed-size hash values (e.g., 16-bit, 32-bit)\n *\n * @param data - Data to hash\n * @param bits - Number of bits for the result (e.g., 16 for 16-bit hash)\n * @param algorithm - Hash algorithm (default: 'sha256')\n * @param inputEncoding - Encoding of input string (default: 'base64url')\n * @returns Integer hash value modulo 2^bits\n *\n * @example\n * ```typescript\n * // Get 16-bit hash (0-65535)\n * const hash16 = hashMod('hello', 16, 'sha256', 'utf8');\n *\n * // Get 32-bit hash\n * const hash32 = hashMod('world', 32, 'sha256', 'utf8');\n * ```\n */\nexport function hashMod(\n\tdata: string | Uint8Array,\n\tbits: number,\n\talgorithm: HashAlgorithm = 'sha256',\n\tinputEncoding: Encoding = 'base64url'\n): number {\n\tif (bits <= 0 || bits > 53) {\n\t\tthrow new Error('Bits must be between 1 and 53 (JavaScript safe integer limit)');\n\t}\n\n\tconst hashBytes = toBytes(digest(data, algorithm, inputEncoding, 'base64url') as string, 'base64url');\n\n\t// Take first 8 bytes and convert to number\n\tconst view = new DataView(hashBytes.buffer, hashBytes.byteOffset, Math.min(8, hashBytes.length));\n\tconst fullHash = view.getBigUint64(0, false); // big-endian\n\n\t// Modulo by 2^bits\n\tconst modulus = BigInt(2) ** BigInt(bits);\n\tconst result = fullHash % modulus;\n\n\treturn Number(result);\n}\n\n/**\n * Sign data with a private key\n *\n * @param data - Data to sign (typically a hash)\n * @param privateKey - Private key (base64url string or Uint8Array)\n * @param curve - Elliptic curve (default: 'secp256k1')\n * @param inputEncoding - Encoding of data input (default: 'base64url')\n * @param keyEncoding - Encoding of private key (default: 'base64url')\n * @param outputEncoding - Encoding of signature output (default: 'base64url')\n * @returns Signature in specified encoding\n *\n * @example\n * ```typescript\n * // Sign a hash with secp256k1\n * const sig = sign(hashData, privateKey);\n *\n * // Sign with Ed25519\n * const sig2 = sign(hashData, privateKey, 'ed25519');\n * ```\n */\nexport function sign(\n\tdata: string | Uint8Array,\n\tprivateKey: string | Uint8Array,\n\tcurve: CurveType = 'secp256k1',\n\tinputEncoding: Encoding = 'base64url',\n\tkeyEncoding: Encoding = 'base64url',\n\toutputEncoding: Encoding = 'base64url'\n): string | Uint8Array {\n\tconst dataBytes = toBytes(data, inputEncoding);\n\tconst keyBytes = toBytes(privateKey, keyEncoding);\n\n\tlet sigBytes: Uint8Array;\n\n\tswitch (curve) {\n\t\tcase 'secp256k1':\n\t\t\tsigBytes = secp256k1.sign(dataBytes, keyBytes, { lowS: true });\n\t\t\tbreak;\n\t\tcase 'p256':\n\t\t\tsigBytes = p256.sign(dataBytes, keyBytes, { lowS: true });\n\t\t\tbreak;\n\t\tcase 'ed25519':\n\t\t\tsigBytes = ed25519.sign(dataBytes, keyBytes);\n\t\t\tbreak;\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported curve: ${curve}`);\n\t}\n\n\treturn fromBytes(sigBytes, outputEncoding);\n}\n\n/**\n * Verify a signature\n *\n * @param data - Data that was signed\n * @param signature - Signature to verify\n * @param publicKey - Public key\n * @param curve - Elliptic curve (default: 'secp256k1')\n * @param inputEncoding - Encoding of data input (default: 'base64url')\n * @param sigEncoding - Encoding of signature (default: 'base64url')\n * @param keyEncoding - Encoding of public key (default: 'base64url')\n * @returns true if signature is valid, false otherwise\n *\n * @example\n * ```typescript\n * // Verify a signature\n * const isValid = verify(hashData, signature, publicKey);\n *\n * // Verify with Ed25519\n * const isValid2 = verify(hashData, signature, publicKey, 'ed25519');\n * ```\n */\nexport function verify(\n\tdata: string | Uint8Array,\n\tsignature: string | Uint8Array,\n\tpublicKey: string | Uint8Array,\n\tcurve: CurveType = 'secp256k1',\n\tinputEncoding: Encoding = 'base64url',\n\tsigEncoding: Encoding = 'base64url',\n\tkeyEncoding: Encoding = 'base64url'\n): boolean {\n\ttry {\n\t\tconst dataBytes = toBytes(data, inputEncoding);\n\t\tconst sigBytes = toBytes(signature, sigEncoding);\n\t\tconst keyBytes = toBytes(publicKey, keyEncoding);\n\n\t\tswitch (curve) {\n\t\t\tcase 'secp256k1': {\n\t\t\t\treturn secp256k1.verify(sigBytes, dataBytes, keyBytes);\n\t\t\t}\n\t\t\tcase 'p256': {\n\t\t\t\treturn p256.verify(sigBytes, dataBytes, keyBytes);\n\t\t\t}\n\t\t\tcase 'ed25519': {\n\t\t\t\treturn ed25519.verify(sigBytes, dataBytes, keyBytes);\n\t\t\t}\n\t\t\tdefault:\n\t\t\t\tthrow new Error(`Unsupported curve: ${curve}`);\n\t\t}\n\t} catch {\n\t\treturn false;\n\t}\n}\n\n/**\n * Generate cryptographically secure random bytes\n *\n * @param bits - Number of bits to generate (default: 256)\n * @param encoding - Output encoding (default: 'base64url')\n * @returns Random bytes in the specified encoding\n */\nexport function randomBytes(bits: number = 256, encoding: Encoding = 'base64url'): string | Uint8Array {\n\tconst bytes = Math.ceil(bits / 8);\n\tconst randomBytesArray = new Uint8Array(bytes);\n\tcrypto.getRandomValues(randomBytesArray);\n\treturn fromBytes(randomBytesArray, encoding);\n}\n\n/**\n * Generate a random private key\n */\nexport function generatePrivateKey(curve: CurveType = 'secp256k1', encoding: Encoding = 'base64url'): string | Uint8Array {\n\tlet keyBytes: Uint8Array;\n\n\tswitch (curve) {\n\t\tcase 'secp256k1':\n\t\t\tkeyBytes = secp256k1.utils.randomSecretKey();\n\t\t\tbreak;\n\t\tcase 'p256':\n\t\t\tkeyBytes = p256.utils.randomSecretKey();\n\t\t\tbreak;\n\t\tcase 'ed25519':\n\t\t\tkeyBytes = ed25519.utils.randomSecretKey();\n\t\t\tbreak;\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported curve: ${curve}`);\n\t}\n\n\treturn fromBytes(keyBytes, encoding);\n}\n\n/**\n * Get public key from private key\n */\nexport function getPublicKey(\n\tprivateKey: string | Uint8Array,\n\tcurve: CurveType = 'secp256k1',\n\tkeyEncoding: Encoding = 'base64url',\n\toutputEncoding: Encoding = 'base64url'\n): string | Uint8Array {\n\tconst keyBytes = toBytes(privateKey, keyEncoding);\n\n\tlet pubBytes: Uint8Array;\n\n\tswitch (curve) {\n\t\tcase 'secp256k1':\n\t\t\tpubBytes = secp256k1.getPublicKey(keyBytes);\n\t\t\tbreak;\n\t\tcase 'p256':\n\t\t\tpubBytes = p256.getPublicKey(keyBytes);\n\t\t\tbreak;\n\t\tcase 'ed25519':\n\t\t\tpubBytes = ed25519.getPublicKey(keyBytes);\n\t\t\tbreak;\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported curve: ${curve}`);\n\t}\n\n\treturn fromBytes(pubBytes, outputEncoding);\n}\n\n","/**\r\n * Digest Function for Quereus\r\n *\r\n * Computes the hash of all arguments combined.\r\n * Uses SHA-256 from @noble/hashes for portable implementation.\r\n * Compatible with React Native and all JS environments.\r\n */\r\n\r\nimport { sha256 } from '@noble/hashes/sha2.js';\r\nimport { sha512 } from '@noble/hashes/sha2.js';\r\nimport { blake3 } from '@noble/hashes/blake3.js';\r\nimport { concatBytes, utf8ToBytes } from '@noble/hashes/utils.js';\r\n\r\n/**\r\n * Hash algorithm options\r\n */\r\nexport type HashAlgorithm = 'sha256' | 'sha512' | 'blake3';\r\n\r\n/**\r\n * Input type for digest function - can be string, Uint8Array, or number\r\n */\r\nexport type DigestInput = string | Uint8Array | number | boolean | null | undefined;\r\n\r\n/**\r\n * Options for the digest function\r\n */\r\nexport interface DigestOptions {\r\n /** Hash algorithm to use (default: sha256) */\r\n algorithm?: HashAlgorithm;\r\n /** Output format (default: uint8array) */\r\n output?: 'uint8array' | 'hex';\r\n}\r\n\r\n/**\r\n * Convert various input types to Uint8Array for hashing\r\n */\r\nfunction inputToBytes(input: DigestInput): Uint8Array {\r\n if (input === null || input === undefined) {\r\n return new Uint8Array(0);\r\n }\r\n\r\n if (typeof input === 'string') {\r\n return utf8ToBytes(input);\r\n }\r\n\r\n if (input instanceof Uint8Array) {\r\n return input;\r\n }\r\n\r\n if (typeof input === 'number') {\r\n // Convert number to 8-byte big-endian representation\r\n const buffer = new ArrayBuffer(8);\r\n const view = new DataView(buffer);\r\n view.setFloat64(0, input, false); // big-endian\r\n return new Uint8Array(buffer);\r\n }\r\n\r\n if (typeof input === 'boolean') {\r\n return new Uint8Array([input ? 1 : 0]);\r\n }\r\n\r\n // Fallback: convert to string then to bytes\r\n return utf8ToBytes(String(input));\r\n}\r\n\r\n/**\r\n * Get hash function based on algorithm\r\n */\r\nfunction getHashFunction(algorithm: HashAlgorithm): (data: Uint8Array) => Uint8Array {\r\n switch (algorithm) {\r\n case 'sha256':\r\n return sha256;\r\n case 'sha512':\r\n return sha512;\r\n case 'blake3':\r\n return blake3;\r\n default:\r\n throw new Error(`Unsupported hash algorithm: ${algorithm}`);\r\n }\r\n}\r\n\r\n/**\r\n * Computes the hash of all arguments\r\n *\r\n * @param {...DigestInput} args - Variable number of arguments to hash\r\n * @returns {Uint8Array} The computed hash as a Uint8Array\r\n *\r\n * @example\r\n * ```typescript\r\n * // Hash a string\r\n * const hash1 = Digest('hello world');\r\n *\r\n * // Hash multiple arguments\r\n * const hash2 = Digest('user:', 123, 'session');\r\n *\r\n * // Hash with specific algorithm\r\n * const hash3 = Digest.withOptions({ algorithm: 'sha512' })('data1', 'data2');\r\n *\r\n * // Get hex output\r\n * const hexHash = Digest.withOptions({ output: 'hex' })('hello');\r\n * ```\r\n */\r\nexport function Digest(...args: DigestInput[]): Uint8Array {\r\n return DigestWithOptions({ algorithm: 'sha256', output: 'uint8array' }, ...args) as Uint8Array;\r\n}\r\n\r\n/**\r\n * Digest function with custom options\r\n */\r\nexport function DigestWithOptions(options: DigestOptions, ...args: DigestInput[]): Uint8Array | string {\r\n const algorithm = options.algorithm || 'sha256';\r\n const output = options.output || 'uint8array';\r\n\r\n // Convert all arguments to bytes and concatenate\r\n const byteArrays = args.map(inputToBytes);\r\n const combined = concatBytes(...byteArrays);\r\n\r\n // Hash the combined data\r\n const hashFunction = getHashFunction(algorithm);\r\n const hash = hashFunction(combined);\r\n\r\n // Return in requested format\r\n if (output === 'hex') {\r\n return Array.from(hash)\r\n .map(b => b.toString(16).padStart(2, '0'))\r\n .join('');\r\n }\r\n\r\n return hash;\r\n}\r\n\r\n/**\r\n * Create a digest function with preset options\r\n */\r\nDigest.withOptions = (options: DigestOptions) => {\r\n return (...args: DigestInput[]) => DigestWithOptions(options, ...args);\r\n};\r\n\r\n/**\r\n * Convenience functions for specific algorithms\r\n */\r\nDigest.sha256 = (...args: DigestInput[]): Uint8Array => {\r\n return DigestWithOptions({ algorithm: 'sha256' }, ...args) as Uint8Array;\r\n};\r\n\r\nDigest.sha512 = (...args: DigestInput[]): Uint8Array => {\r\n return DigestWithOptions({ algorithm: 'sha512' }, ...args) as Uint8Array;\r\n};\r\n\r\nDigest.blake3 = (...args: DigestInput[]): Uint8Array => {\r\n return DigestWithOptions({ algorithm: 'blake3' }, ...args) as Uint8Array;\r\n};\r\n\r\n/**\r\n * Hex output variants\r\n */\r\nDigest.hex = (...args: DigestInput[]): string => {\r\n return DigestWithOptions({ algorithm: 'sha256', output: 'hex' }, ...args) as string;\r\n};\r\n\r\nDigest.sha256Hex = (...args: DigestInput[]): string => {\r\n return DigestWithOptions({ algorithm: 'sha256', output: 'hex' }, ...args) as string;\r\n};\r\n\r\nDigest.sha512Hex = (...args: DigestInput[]): string => {\r\n return DigestWithOptions({ algorithm: 'sha512', output: 'hex' }, ...args) as string;\r\n};\r\n\r\nDigest.blake3Hex = (...args: DigestInput[]): string => {\r\n return DigestWithOptions({ algorithm: 'blake3', output: 'hex' }, ...args) as string;\r\n};\r\n\r\nexport default Digest;\r\n","/**\r\n * Sign Function for Quereus\r\n *\r\n * Returns the signature for the given payload using an ECC private key.\r\n * Uses secp256k1 from @noble/curves for portable implementation.\r\n * Compatible with React Native and all JS environments.\r\n */\r\n\r\nimport { secp256k1 } from '@noble/curves/secp256k1.js';\r\nimport { p256 } from '@noble/curves/nist.js';\r\nimport { ed25519 } from '@noble/curves/ed25519.js';\r\nimport { bytesToHex, hexToBytes } from '@noble/curves/utils.js';\r\n\r\n/**\r\n * Supported elliptic curve types\r\n */\r\nexport type CurveType = 'secp256k1' | 'p256' | 'ed25519';\r\n\r\n/**\r\n * Private key input - can be Uint8Array, hex string, or bigint\r\n */\r\nexport type PrivateKeyInput = Uint8Array | string | bigint;\r\n\r\n/**\r\n * Digest input - can be Uint8Array or hex string\r\n */\r\nexport type DigestInput = Uint8Array | string;\r\n\r\n/**\r\n * Signature output format options\r\n */\r\nexport type SignatureFormat = 'uint8array' | 'hex' | 'compact' | 'der';\r\n\r\n/**\r\n * Options for the Sign function\r\n */\r\nexport interface SignOptions {\r\n /** Elliptic curve to use (default: secp256k1) */\r\n curve?: CurveType;\r\n /** Output format for signature (default: uint8array) */\r\n format?: SignatureFormat;\r\n /** Additional entropy for signatures (hedged signatures) */\r\n extraEntropy?: boolean | Uint8Array;\r\n /** Use low-S canonical signatures (default: true) */\r\n lowS?: boolean;\r\n}\r\n\r\n/**\r\n * Normalize private key input to Uint8Array\r\n */\r\nfunction normalizePrivateKey(privateKey: PrivateKeyInput): Uint8Array {\r\n if (privateKey instanceof Uint8Array) {\r\n return privateKey;\r\n }\r\n\r\n if (typeof privateKey === 'string') {\r\n // Assume hex string\r\n return hexToBytes(privateKey);\r\n }\r\n\r\n if (typeof privateKey === 'bigint') {\r\n // Convert bigint to 32-byte array (for secp256k1/p256)\r\n const hex = privateKey.toString(16).padStart(64, '0');\r\n return hexToBytes(hex);\r\n }\r\n\r\n throw new Error('Invalid private key format');\r\n}\r\n\r\n/**\r\n * Normalize digest input to Uint8Array\r\n */\r\nfunction normalizeDigest(digest: DigestInput): Uint8Array {\r\n if (digest instanceof Uint8Array) {\r\n return digest;\r\n }\r\n\r\n if (typeof digest === 'string') {\r\n return hexToBytes(digest);\r\n }\r\n\r\n throw new Error('Invalid digest format');\r\n}\r\n\r\n/**\r\n * Format signature based on requested format.\r\n * In @noble/curves v2.0.1, sign() returns Uint8Array directly.\r\n */\r\nfunction formatSignature(signature: Uint8Array, format: SignatureFormat, curve: CurveType): Uint8Array | string {\r\n switch (format) {\r\n case 'uint8array':\r\n case 'compact':\r\n return signature;\r\n\r\n case 'hex':\r\n return bytesToHex(signature);\r\n\r\n case 'der':\r\n if (curve === 'ed25519') {\r\n throw new Error('DER format not supported for ed25519');\r\n }\r\n // DER format requires the sign() call to request it via format option\r\n // For now, return compact format as fallback\r\n return signature;\r\n\r\n default:\r\n throw new Error(`Unsupported signature format: ${format}`);\r\n }\r\n}\r\n\r\n/**\r\n * Sign a digest using the specified private key and curve\r\n *\r\n * @param {DigestInput} digest - The digest/hash to sign\r\n * @param {PrivateKeyInput} privateKey - The private key to use for signing\r\n * @param {SignOptions} [options] - Optional signing parameters\r\n * @returns {Uint8Array | string} The signature in the requested format\r\n *\r\n * @example\r\n * ```typescript\r\n * // Basic usage with secp256k1\r\n * const digest = new Uint8Array(32).fill(1); // Your hash here\r\n * const privateKey = 'a'.repeat(64); // Your private key hex\r\n * const signature = Sign(digest, privateKey);\r\n *\r\n * // With specific curve and format\r\n * const sig = Sign(digest, privateKey, {\r\n * curve: 'p256',\r\n * format: 'hex'\r\n * });\r\n *\r\n * // With hedged signatures for extra security\r\n * const hedgedSig = Sign(digest, privateKey, {\r\n * extraEntropy: true\r\n * });\r\n * ```\r\n */\r\nexport function Sign(\r\n digest: DigestInput,\r\n privateKey: PrivateKeyInput,\r\n options: SignOptions = {}\r\n): Uint8Array | string {\r\n const {\r\n curve = 'secp256k1',\r\n format = 'uint8array',\r\n extraEntropy = false,\r\n lowS = true,\r\n } = options;\r\n\r\n const normalizedDigest = normalizeDigest(digest);\r\n const normalizedPrivateKey = normalizePrivateKey(privateKey);\r\n\r\n let signature: any;\r\n\r\n switch (curve) {\r\n case 'secp256k1': {\r\n const signOptions: any = { lowS };\r\n if (extraEntropy) {\r\n signOptions.extraEntropy = extraEntropy;\r\n }\r\n signature = secp256k1.sign(normalizedDigest, normalizedPrivateKey, signOptions);\r\n break;\r\n }\r\n\r\n case 'p256': {\r\n const signOptions: any = { lowS };\r\n if (extraEntropy) {\r\n signOptions.extraEntropy = extraEntropy;\r\n }\r\n signature = p256.sign(normalizedDigest, normalizedPrivateKey, signOptions);\r\n break;\r\n }\r\n\r\n case 'ed25519': {\r\n signature = ed25519.sign(normalizedDigest, normalizedPrivateKey);\r\n break;\r\n }\r\n\r\n default:\r\n throw new Error(`Unsupported curve: ${curve}`);\r\n }\r\n\r\n return formatSignature(signature, format, curve);\r\n}\r\n\r\n/**\r\n * Convenience functions for specific curves\r\n */\r\nSign.secp256k1 = (digest: DigestInput, privateKey: PrivateKeyInput, options: Omit<SignOptions, 'curve'> = {}) => {\r\n return Sign(digest, privateKey, { ...options, curve: 'secp256k1' });\r\n};\r\n\r\nSign.p256 = (digest: DigestInput, privateKey: PrivateKeyInput, options: Omit<SignOptions, 'curve'> = {}) => {\r\n return Sign(digest, privateKey, { ...options, curve: 'p256' });\r\n};\r\n\r\nSign.ed25519 = (digest: DigestInput, privateKey: PrivateKeyInput, options: Omit<SignOptions, 'curve'> = {}) => {\r\n return Sign(digest, privateKey, { ...options, curve: 'ed25519' });\r\n};\r\n\r\n/**\r\n * Generate a random private key for the specified curve\r\n */\r\nSign.generatePrivateKey = (curve: CurveType = 'secp256k1'): Uint8Array => {\r\n switch (curve) {\r\n case 'secp256k1':\r\n return secp256k1.utils.randomSecretKey();\r\n case 'p256':\r\n return p256.utils.randomSecretKey();\r\n case 'ed25519':\r\n return ed25519.utils.randomSecretKey();\r\n default:\r\n throw new Error(`Unsupported curve: ${curve}`);\r\n }\r\n};\r\n\r\n/**\r\n * Get the public key for a given private key and curve\r\n */\r\nSign.getPublicKey = (privateKey: PrivateKeyInput, curve: CurveType = 'secp256k1'): Uint8Array => {\r\n const normalizedPrivateKey = normalizePrivateKey(privateKey);\r\n\r\n switch (curve) {\r\n case 'secp256k1':\r\n return secp256k1.getPublicKey(normalizedPrivateKey);\r\n case 'p256':\r\n return p256.getPublicKey(normalizedPrivateKey);\r\n case 'ed25519':\r\n return ed25519.getPublicKey(normalizedPrivateKey);\r\n default:\r\n throw new Error(`Unsupported curve: ${curve}`);\r\n }\r\n};\r\n\r\nexport default Sign;\r\n","/**\r\n * SignatureValid Function for Quereus\r\n *\r\n * Returns true if the ECC signature is valid for the given digest and public key.\r\n * Uses @noble/curves for portable implementation.\r\n * Compatible with React Native and all JS environments.\r\n */\r\n\r\nimport { secp256k1 } from '@noble/curves/secp256k1.js';\r\nimport { p256 } from '@noble/curves/nist.js';\r\nimport { ed25519 } from '@noble/curves/ed25519.js';\r\nimport { hexToBytes } from '@noble/curves/utils.js';\r\n\r\n/**\r\n * Supported elliptic curve types\r\n */\r\nexport type CurveType = 'secp256k1' | 'p256' | 'ed25519';\r\n\r\n/**\r\n * Input types that can be Uint8Array or hex string\r\n */\r\nexport type BytesInput = Uint8Array | string;\r\n\r\n/**\r\n * Options for signature verification\r\n */\r\nexport interface VerifyOptions {\r\n /** Elliptic curve to use (default: secp256k1) */\r\n curve?: CurveType;\r\n /** Signature format (default: auto-detect) */\r\n signatureFormat?: 'compact' | 'der' | 'raw';\r\n /** Allow malleable signatures (default: false for ECDSA, true for EdDSA) */\r\n allowMalleableSignatures?: boolean;\r\n}\r\n\r\n/**\r\n * Normalize input to Uint8Array\r\n */\r\nfunction normalizeBytes(input: BytesInput): Uint8Array {\r\n if (input instanceof Uint8Array) {\r\n return input;\r\n }\r\n\r\n if (typeof input === 'string') {\r\n return hexToBytes(input);\r\n }\r\n\r\n throw new Error('Invalid input format - expected Uint8Array or hex string');\r\n}\r\n\r\n/**\r\n * Auto-detect signature format based on length and curve\r\n */\r\nfunction detectSignatureFormat(signature: Uint8Array, curve: CurveType): 'compact' | 'der' | 'raw' {\r\n const length = signature.length;\r\n\r\n if (curve === 'ed25519') {\r\n return 'raw'; // Ed25519 signatures are always 64 bytes\r\n }\r\n\r\n // For ECDSA curves (secp256k1, p256)\r\n if (length === 64) {\r\n return 'compact'; // r + s concatenated (32 + 32 bytes)\r\n }\r\n\r\n if (length >= 70 && length <= 72 && signature[0] === 0x30) {\r\n return 'der'; // DER encoding starts with 0x30\r\n }\r\n\r\n // Default to compact for shorter signatures\r\n return 'compact';\r\n}\r\n\r\n/**\r\n * Parse signature based on format and curve.\r\n * In @noble/curves v2.0.1, uses Signature.fromBytes(bytes, format).\r\n */\r\nfunction parseSignature(signature: Uint8Array, format: 'compact' | 'der' | 'raw', curve: CurveType): Uint8Array {\r\n if (curve === 'ed25519') {\r\n // Ed25519 signatures are always raw 64-byte format\r\n return signature;\r\n }\r\n\r\n // For ECDSA curves in v2.0.1, verify() accepts raw bytes directly\r\n // The format parameter is used to parse signature bytes into the expected format\r\n const sigFormat = format === 'raw' ? 'compact' : format;\r\n\r\n if (curve === 'secp256k1') {\r\n return secp256k1.Signature.fromBytes(signature, sigFormat).toBytes();\r\n } else if (curve === 'p256') {\r\n return p256.Signature.fromBytes(signature, sigFormat).toBytes();\r\n }\r\n\r\n throw new Error(`Failed to parse signature for curve ${curve} with format ${format}`);\r\n}\r\n\r\n/**\r\n * Verify if an ECC signature is valid\r\n *\r\n * @param {BytesInput} digest - The digest/hash that was signed\r\n * @param {BytesInput} signature - The signature to verify\r\n * @param {BytesInput} publicKey - The public key to verify against\r\n * @param {VerifyOptions} [options] - Optional verification parameters\r\n * @returns {boolean} True if the signature is valid, false otherwise\r\n *\r\n * @example\r\n * ```typescript\r\n * // Basic usage with secp256k1\r\n * const isValid = SignatureValid(digest, signature, publicKey);\r\n *\r\n * // With specific curve\r\n * const isValid = SignatureValid(digest, signature, publicKey, {\r\n * curve: 'p256'\r\n * });\r\n *\r\n * // With specific signature format\r\n * const isValid = SignatureValid(digest, signature, publicKey, {\r\n * curve: 'secp256k1',\r\n * signatureFormat: 'der'\r\n * });\r\n *\r\n * // Allow malleable signatures\r\n * const isValid = SignatureValid(digest, signature, publicKey, {\r\n * allowMalleableSignatures: true\r\n * });\r\n * ```\r\n */\r\nexport function SignatureValid(\r\n digest: BytesInput,\r\n signature: BytesInput,\r\n publicKey: BytesInput,\r\n options: VerifyOptions = {}\r\n): boolean {\r\n try {\r\n const {\r\n curve = 'secp256k1',\r\n signatureFormat,\r\n allowMalleableSignatures,\r\n } = options;\r\n\r\n const normalizedDigest = normalizeBytes(digest);\r\n const normalizedSignature = normalizeBytes(signature);\r\n const normalizedPublicKey = normalizeBytes(publicKey);\r\n\r\n // Auto-detect signature format if not specified\r\n const detectedFormat = signatureFormat || detectSignatureFormat(normalizedSignature, curve);\r\n\r\n // Parse the signature\r\n const parsedSignature = parseSignature(normalizedSignature, detectedFormat, curve);\r\n\r\n // Set up verification options\r\n const verifyOptions: any = {};\r\n\r\n // Handle malleable signatures for ECDSA curves\r\n if (curve !== 'ed25519' && allowMalleableSignatures !== undefined) {\r\n verifyOptions.lowS = !allowMalleableSignatures;\r\n }\r\n\r\n // Verify the signature\r\n switch (curve) {\r\n case 'secp256k1':\r\n return secp256k1.verify(parsedSignature, normalizedDigest, normalizedPublicKey, verifyOptions);\r\n\r\n case 'p256':\r\n return p256.verify(parsedSignature, normalizedDigest, normalizedPublicKey, verifyOptions);\r\n\r\n case 'ed25519':\r\n return ed25519.verify(parsedSignature, normalizedDigest, normalizedPublicKey);\r\n\r\n default:\r\n throw new Error(`Unsupported curve: ${curve}`);\r\n }\r\n } catch (error) {\r\n // If any error occurs during verification, the signature is invalid\r\n return false;\r\n }\r\n}\r\n\r\n/**\r\n * Convenience functions for specific curves\r\n */\r\nSignatureValid.secp256k1 = (\r\n digest: BytesInput,\r\n signature: BytesInput,\r\n publicKey: BytesInput,\r\n options: Omit<VerifyOptions, 'curve'> = {}\r\n): boolean => {\r\n return SignatureValid(digest, signature, publicKey, { ...options, curve: 'secp256k1' });\r\n};\r\n\r\nSignatureValid.p256 = (\r\n digest: BytesInput,\r\n signature: BytesInput,\r\n publicKey: BytesInput,\r\n options: Omit<VerifyOptions, 'curve'> = {}\r\n): boolean => {\r\n return SignatureValid(digest, signature, publicKey, { ...options, curve: 'p256' });\r\n};\r\n\r\nSignatureValid.ed25519 = (\r\n digest: BytesInput,\r\n signature: BytesInput,\r\n publicKey: BytesInput,\r\n options: Omit<VerifyOptions, 'curve'> = {}\r\n): boolean => {\r\n return SignatureValid(digest, signature, publicKey, { ...options, curve: 'ed25519' });\r\n};\r\n\r\n/**\r\n * Batch verify multiple signatures (more efficient for multiple verifications)\r\n */\r\nSignatureValid.batch = (\r\n verifications: Array<{\r\n digest: BytesInput;\r\n signature: BytesInput;\r\n publicKey: BytesInput;\r\n options?: VerifyOptions;\r\n }>\r\n): boolean[] => {\r\n return verifications.map(({ digest, signature, publicKey, options }) =>\r\n SignatureValid(digest, signature, publicKey, options)\r\n );\r\n};\r\n\r\n/**\r\n * Verify and return detailed information about the verification\r\n */\r\nSignatureValid.detailed = (\r\n digest: BytesInput,\r\n signature: BytesInput,\r\n publicKey: BytesInput,\r\n options: VerifyOptions = {}\r\n): {\r\n valid: boolean;\r\n curve: CurveType;\r\n signatureFormat: string;\r\n error?: string;\r\n} => {\r\n const curve = options.curve || 'secp256k1';\r\n\r\n try {\r\n const normalizedSignature = normalizeBytes(signature);\r\n const detectedFormat = options.signatureFormat || detectSignatureFormat(normalizedSignature, curve);\r\n\r\n const valid = SignatureValid(digest, signature, publicKey, options);\r\n\r\n return {\r\n valid,\r\n curve,\r\n signatureFormat: detectedFormat,\r\n };\r\n } catch (error) {\r\n return {\r\n valid: false,\r\n curve,\r\n signatureFormat: 'unknown',\r\n error: error instanceof Error ? error.message : 'Unknown error',\r\n };\r\n }\r\n};\r\n\r\nexport default SignatureValid;\r\n"]}
package/dist/plugin.d.ts CHANGED
@@ -1,11 +1,5 @@
1
- import { Database, SqlValue, FunctionFlags } from '@quereus/quereus';
2
-
3
- /**
4
- * Quereus Plugin Entry Point for Crypto Functions
5
- *
6
- * This module provides the plugin registration following Quereus 0.4.5 format.
7
- * All metadata is in package.json - no manifest export needed.
8
- */
1
+ import * as _quereus_quereus from '@quereus/quereus';
2
+ import { Database, SqlValue } from '@quereus/quereus';
9
3
 
10
4
  /**
11
5
  * Plugin registration function
@@ -16,10 +10,11 @@ declare function register(_db: Database, _config?: Record<string, SqlValue>): {
16
10
  schema: {
17
11
  name: string;
18
12
  numArgs: number;
19
- flags: FunctionFlags;
13
+ flags: number;
20
14
  returnType: {
21
15
  typeClass: "scalar";
22
- sqlType: string;
16
+ logicalType: _quereus_quereus.LogicalType;
17
+ nullable: boolean;
23
18
  };
24
19
  implementation: (...args: SqlValue[]) => string | Uint8Array<ArrayBufferLike>;
25
20
  };
@@ -27,10 +22,23 @@ declare function register(_db: Database, _config?: Record<string, SqlValue>): {
27
22
  schema: {
28
23
  name: string;
29
24
  numArgs: number;
30
- flags: FunctionFlags;
25
+ flags: number;
26
+ returnType: {
27
+ typeClass: "scalar";
28
+ logicalType: _quereus_quereus.LogicalType;
29
+ nullable: boolean;
30
+ };
31
+ implementation: (...args: SqlValue[]) => boolean;
32
+ };
33
+ } | {
34
+ schema: {
35
+ name: string;
36
+ numArgs: number;
37
+ flags: number;
31
38
  returnType: {
32
39
  typeClass: "scalar";
33
- sqlType: string;
40
+ logicalType: _quereus_quereus.LogicalType;
41
+ nullable: boolean;
34
42
  };
35
43
  implementation: (...args: SqlValue[]) => number;
36
44
  };
package/dist/plugin.js CHANGED
@@ -1,13 +1,14 @@
1
- import { sha512, sha256 } from '@noble/hashes/sha2';
2
- import { blake3 } from '@noble/hashes/blake3';
3
- import { utf8ToBytes } from '@noble/hashes/utils';
4
- import { secp256k1 } from '@noble/curves/secp256k1';
5
- import { p256 } from '@noble/curves/nist';
6
- import { ed25519 } from '@noble/curves/ed25519';
7
- import { hexToBytes, bytesToHex } from '@noble/curves/abstract/utils';
1
+ import { FunctionFlags, TEXT_TYPE, BOOLEAN_TYPE, INTEGER_TYPE } from '@quereus/quereus';
2
+ import { sha512, sha256 } from '@noble/hashes/sha2.js';
3
+ import { blake3 } from '@noble/hashes/blake3.js';
4
+ import { utf8ToBytes } from '@noble/hashes/utils.js';
5
+ import { secp256k1 } from '@noble/curves/secp256k1.js';
6
+ import { p256 } from '@noble/curves/nist.js';
7
+ import { ed25519 } from '@noble/curves/ed25519.js';
8
+ import { hexToBytes, bytesToHex } from '@noble/curves/utils.js';
8
9
  import { fromString, toString } from 'uint8arrays';
9
10
 
10
- // src/crypto.ts
11
+ // src/plugin.ts
11
12
  function toBytes(input, encoding = "base64url") {
12
13
  if (input === null || input === void 0) {
13
14
  return new Uint8Array(0);
@@ -81,20 +82,15 @@ function sign(data, privateKey, curve = "secp256k1", inputEncoding = "base64url"
81
82
  const keyBytes = toBytes(privateKey, keyEncoding);
82
83
  let sigBytes;
83
84
  switch (curve) {
84
- case "secp256k1": {
85
- const sig = secp256k1.sign(dataBytes, keyBytes, { lowS: true });
86
- sigBytes = sig.toCompactRawBytes();
85
+ case "secp256k1":
86
+ sigBytes = secp256k1.sign(dataBytes, keyBytes, { lowS: true });
87
87
  break;
88
- }
89
- case "p256": {
90
- const sig = p256.sign(dataBytes, keyBytes, { lowS: true });
91
- sigBytes = sig.toCompactRawBytes();
88
+ case "p256":
89
+ sigBytes = p256.sign(dataBytes, keyBytes, { lowS: true });
92
90
  break;
93
- }
94
- case "ed25519": {
91
+ case "ed25519":
95
92
  sigBytes = ed25519.sign(dataBytes, keyBytes);
96
93
  break;
97
- }
98
94
  default:
99
95
  throw new Error(`Unsupported curve: ${curve}`);
100
96
  }
@@ -130,6 +126,8 @@ function randomBytes(bits = 256, encoding = "base64url") {
130
126
  }
131
127
 
132
128
  // src/plugin.ts
129
+ var DETERMINISTIC_FLAGS = FunctionFlags.UTF8 | FunctionFlags.DETERMINISTIC;
130
+ var NON_DETERMINISTIC_FLAGS = FunctionFlags.UTF8;
133
131
  function register(_db, _config = {}) {
134
132
  const functions = [
135
133
  {
@@ -137,9 +135,9 @@ function register(_db, _config = {}) {
137
135
  name: "digest",
138
136
  numArgs: -1,
139
137
  // Variable arguments: data, algorithm?, inputEncoding?, outputEncoding?
140
- flags: 1,
141
- // UTF8
142
- returnType: { typeClass: "scalar", sqlType: "TEXT" },
138
+ flags: DETERMINISTIC_FLAGS,
139
+ // digest is deterministic
140
+ returnType: { typeClass: "scalar", logicalType: TEXT_TYPE, nullable: false },
143
141
  implementation: (...args) => {
144
142
  const [data, algorithm = "sha256", inputEncoding = "base64url", outputEncoding = "base64url"] = args;
145
143
  return digest(data, algorithm, inputEncoding, outputEncoding);
@@ -151,8 +149,9 @@ function register(_db, _config = {}) {
151
149
  name: "sign",
152
150
  numArgs: -1,
153
151
  // Variable arguments: data, privateKey, curve?, inputEncoding?, keyEncoding?, outputEncoding?
154
- flags: 1,
155
- returnType: { typeClass: "scalar", sqlType: "TEXT" },
152
+ flags: DETERMINISTIC_FLAGS,
153
+ // sign is deterministic (same key + data = same signature)
154
+ returnType: { typeClass: "scalar", logicalType: TEXT_TYPE, nullable: false },
156
155
  implementation: (...args) => {
157
156
  const [data, privateKey, curve = "secp256k1", inputEncoding = "base64url", keyEncoding = "base64url", outputEncoding = "base64url"] = args;
158
157
  return sign(data, privateKey, curve, inputEncoding, keyEncoding, outputEncoding);
@@ -164,12 +163,13 @@ function register(_db, _config = {}) {
164
163
  name: "verify",
165
164
  numArgs: -1,
166
165
  // Variable arguments: data, signature, publicKey, curve?, inputEncoding?, sigEncoding?, keyEncoding?
167
- flags: 1,
168
- returnType: { typeClass: "scalar", sqlType: "INTEGER" },
166
+ flags: DETERMINISTIC_FLAGS,
167
+ // verify is deterministic
168
+ returnType: { typeClass: "scalar", logicalType: BOOLEAN_TYPE, nullable: false },
169
169
  implementation: (...args) => {
170
170
  const [data, signature, publicKey, curve = "secp256k1", inputEncoding = "base64url", sigEncoding = "base64url", keyEncoding = "base64url"] = args;
171
171
  const result = verify(data, signature, publicKey, curve, inputEncoding, sigEncoding, keyEncoding);
172
- return result ? 1 : 0;
172
+ return result;
173
173
  }
174
174
  }
175
175
  },
@@ -178,8 +178,9 @@ function register(_db, _config = {}) {
178
178
  name: "hash_mod",
179
179
  numArgs: -1,
180
180
  // Variable arguments: data, bits, algorithm?, inputEncoding?
181
- flags: 1,
182
- returnType: { typeClass: "scalar", sqlType: "INTEGER" },
181
+ flags: DETERMINISTIC_FLAGS,
182
+ // hash_mod is deterministic
183
+ returnType: { typeClass: "scalar", logicalType: INTEGER_TYPE, nullable: false },
183
184
  implementation: (...args) => {
184
185
  const [data, bits, algorithm = "sha256", inputEncoding = "base64url"] = args;
185
186
  return hashMod(data, bits, algorithm, inputEncoding);
@@ -191,8 +192,9 @@ function register(_db, _config = {}) {
191
192
  name: "random_bytes",
192
193
  numArgs: -1,
193
194
  // Variable arguments: bits?, encoding?
194
- flags: 1,
195
- returnType: { typeClass: "scalar", sqlType: "TEXT" },
195
+ flags: NON_DETERMINISTIC_FLAGS,
196
+ // random_bytes is NOT deterministic
197
+ returnType: { typeClass: "scalar", logicalType: TEXT_TYPE, nullable: false },
196
198
  implementation: (...args) => {
197
199
  const [bits = 256, encoding = "base64url"] = args;
198
200
  return randomBytes(bits, encoding);