@sempdev/semp 0.4.3

package/dist/transparency/log.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Operator-runnable transparency log per TRANSPARENCY.md §2.2.
+ *
+ * Maintains an append-only sequence of leaf hashes; issues
+ * SignedTreeHeads; computes RFC 6962 inclusion + consistency
+ * proofs against the current state.
+ *
+ * The reference implementation holds entries and leaf hashes in
+ * memory. Production deployments wrap a durable backend; the
+ * operations factor cleanly into a Store interface when needed.
+ *
+ * @module
+ */
+import { type ConsistencyProof, type InclusionProof, type LogEntry, type SignedTreeHead } from "./types.js";
+/** Inputs to the {@link Log} constructor. */
+export interface LogConfig {
+    /** 32-byte Ed25519 secret seed used to sign every issued STH. */
+    domainSigningSeed: Uint8Array;
+    /** Lowercase-hex SHA-256 fingerprint of the domain signing pub. */
+    domainKeyId: string;
+    /** Wall-clock for STH timestamps. Defaults to `() => new Date()`. */
+    nowFn?: () => Date;
+}
+/**
+ * Append-only transparency log. Concurrency-safe under the JS
+ * single-threaded model: every method runs to completion before
+ * the next; no internal mutex needed.
+ */
+export declare class Log {
+    private readonly entries;
+    private readonly leaves;
+    private readonly cfg;
+    constructor(cfg: LogConfig);
+    /**
+     * Validate `entry`, hash its leaf, and append. Returns the
+     * assigned 0-based leaf index. Does NOT verify any signature on
+     * the entry — admission policy is the caller's concern.
+     */
+    append(entry: LogEntry): number;
+    /** Current tree size. */
+    size(): number;
+    /**
+     * Return the entry at `index`, or `null` when out of range.
+     * The returned object is a reference; callers that mutate must
+     * clone first.
+     */
+    entry(index: number): LogEntry | null;
+    /** Compute the current root hash and return a signed tree head. */
+    issueSTH(): SignedTreeHead;
+    /**
+     * RFC 6962 audit path for `leafIndex` against `treeSize`. Throws
+     * when `leafIndex >= treeSize` or `treeSize > size()`.
+     */
+    inclusionProof(leafIndex: number, treeSize: number): InclusionProof;
+    /**
+     * RFC 6962 consistency proof from `firstSize` to `secondSize`.
+     * Both MUST be in `(0, size()]`; `firstSize` MUST be `<= secondSize`.
+     */
+    consistencyProof(firstSize: number, secondSize: number): ConsistencyProof;
+}
+//# sourceMappingURL=log.d.ts.map

package/dist/transparency/log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"log.d.ts","sourceRoot":"","sources":["../../src/transparency/log.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,QAAQ,EACb,KAAK,cAAc,EACpB,MAAM,YAAY,CAAC;AAUpB,6CAA6C;AAC7C,MAAM,WAAW,SAAS;IACxB,iEAAiE;IACjE,iBAAiB,EAAE,UAAU,CAAC;IAC9B,mEAAmE;IACnE,WAAW,EAAE,MAAM,CAAC;IACpB,qEAAqE;IACrE,KAAK,CAAC,EAAE,MAAM,IAAI,CAAC;CACpB;AAED;;;;GAIG;AACH,qBAAa,GAAG;IACd,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAkB;IAC1C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAoB;IAC3C,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAY;gBAEpB,GAAG,EAAE,SAAS;IAU1B;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,QAAQ,GAAG,MAAM;IAQ/B,yBAAyB;IACzB,IAAI,IAAI,MAAM;IAId;;;;OAIG;IACH,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ,GAAG,IAAI;IAOrC,mEAAmE;IACnE,QAAQ,IAAI,cAAc;IAgB1B;;;OAGG;IACH,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,cAAc;IAwBnE;;;OAGG;IACH,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,gBAAgB;CA6B1E"}

package/dist/transparency/log.js

@@ -0,0 +1,133 @@
+/**
+ * Operator-runnable transparency log per TRANSPARENCY.md §2.2.
+ *
+ * Maintains an append-only sequence of leaf hashes; issues
+ * SignedTreeHeads; computes RFC 6962 inclusion + consistency
+ * proofs against the current state.
+ *
+ * The reference implementation holds entries and leaf hashes in
+ * memory. Production deployments wrap a durable backend; the
+ * operations factor cleanly into a Store interface when needed.
+ *
+ * @module
+ */
+import {} from "./types.js";
+import { auditPath, encodeHash, hashLeafFromEntry, subproof, subtreeRoot, } from "./merkle.js";
+import { signSTH, validateLogEntry } from "./sign.js";
+/**
+ * Append-only transparency log. Concurrency-safe under the JS
+ * single-threaded model: every method runs to completion before
+ * the next; no internal mutex needed.
+ */
+export class Log {
+    entries = [];
+    leaves = [];
+    cfg;
+    constructor(cfg) {
+        if (cfg.domainKeyId === "") {
+            throw new Error("transparency: log requires domainKeyId");
+        }
+        if (cfg.domainSigningSeed.length !== 32) {
+            throw new Error("transparency: log requires 32-byte domainSigningSeed");
+        }
+        this.cfg = cfg;
+    }
+    /**
+     * Validate `entry`, hash its leaf, and append. Returns the
+     * assigned 0-based leaf index. Does NOT verify any signature on
+     * the entry — admission policy is the caller's concern.
+     */
+    append(entry) {
+        validateLogEntry(entry);
+        const leaf = hashLeafFromEntry(entry);
+        this.entries.push(entry);
+        this.leaves.push(leaf);
+        return this.leaves.length - 1;
+    }
+    /** Current tree size. */
+    size() {
+        return this.leaves.length;
+    }
+    /**
+     * Return the entry at `index`, or `null` when out of range.
+     * The returned object is a reference; callers that mutate must
+     * clone first.
+     */
+    entry(index) {
+        if (!Number.isInteger(index) || index < 0 || index >= this.entries.length) {
+            return null;
+        }
+        return this.entries[index] ?? null;
+    }
+    /** Compute the current root hash and return a signed tree head. */
+    issueSTH() {
+        const root = subtreeRoot(this.leaves.slice());
+        const now = (this.cfg.nowFn ?? (() => new Date()))();
+        const preSign = {
+            log_size: this.leaves.length,
+            root_hash: encodeHash(root),
+            timestamp: isoSecond(now),
+            signature: { algorithm: "", key_id: "", value: "" },
+        };
+        return signSTH({
+            sth: preSign,
+            domainSigningSeed: this.cfg.domainSigningSeed,
+            domainKeyId: this.cfg.domainKeyId,
+        }).sth;
+    }
+    /**
+     * RFC 6962 audit path for `leafIndex` against `treeSize`. Throws
+     * when `leafIndex >= treeSize` or `treeSize > size()`.
+     */
+    inclusionProof(leafIndex, treeSize) {
+        if (!Number.isInteger(treeSize) || treeSize <= 0) {
+            throw new Error(`transparency: invalid treeSize ${treeSize}`);
+        }
+        if (treeSize > this.leaves.length) {
+            throw new Error(`transparency: treeSize ${treeSize} exceeds current size ${this.leaves.length}`);
+        }
+        if (!Number.isInteger(leafIndex) || leafIndex < 0 || leafIndex >= treeSize) {
+            throw new Error(`transparency: leafIndex ${leafIndex} out of [0, ${treeSize})`);
+        }
+        const leaves = this.leaves.slice(0, treeSize);
+        const siblings = auditPath(leafIndex, leaves);
+        return {
+            log_size: treeSize,
+            leaf_hash: encodeHash(leaves[leafIndex]),
+            leaf_index: leafIndex,
+            path: siblings.map(encodeHash),
+        };
+    }
+    /**
+     * RFC 6962 consistency proof from `firstSize` to `secondSize`.
+     * Both MUST be in `(0, size()]`; `firstSize` MUST be `<= secondSize`.
+     */
+    consistencyProof(firstSize, secondSize) {
+        if (!Number.isInteger(firstSize) ||
+            !Number.isInteger(secondSize) ||
+            firstSize <= 0 ||
+            secondSize <= 0) {
+            throw new Error(`transparency: invalid sizes (${firstSize}, ${secondSize})`);
+        }
+        if (firstSize > secondSize) {
+            throw new Error(`transparency: firstSize ${firstSize} > secondSize ${secondSize}`);
+        }
+        if (secondSize > this.leaves.length) {
+            throw new Error(`transparency: secondSize ${secondSize} exceeds current size ${this.leaves.length}`);
+        }
+        const second = this.leaves.slice(0, secondSize);
+        const path = subproof(firstSize, second, true);
+        return {
+            from_size: firstSize,
+            to_size: secondSize,
+            path: path.map(encodeHash),
+        };
+    }
+}
+function isoSecond(d) {
+    // Strip milliseconds — STH timestamps are second-precision per
+    // CONFORMANCE.md §9.3.
+    const iso = d.toISOString();
+    return iso.replace(/\.\d{3}Z$/, "Z");
+}
+//# sourceMappingURL=log.js.map

package/dist/transparency/log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"log.js","sourceRoot":"","sources":["../../src/transparency/log.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAKN,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,SAAS,EACT,UAAU,EACV,iBAAiB,EACjB,QAAQ,EACR,WAAW,GACZ,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAYtD;;;;GAIG;AACH,MAAM,OAAO,GAAG;IACG,OAAO,GAAe,EAAE,CAAC;IACzB,MAAM,GAAiB,EAAE,CAAC;IAC1B,GAAG,CAAY;IAEhC,YAAY,GAAc;QACxB,IAAI,GAAG,CAAC,WAAW,KAAK,EAAE,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,GAAG,CAAC,iBAAiB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC1E,CAAC;QACD,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAe;QACpB,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACxB,MAAM,IAAI,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IAChC,CAAC;IAED,yBAAyB;IACzB,IAAI;QACF,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;IAC5B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,KAAa;QACjB,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YAC1E,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC;IACrC,CAAC;IAED,mEAAmE;IACnE,QAAQ;QACN,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;QACrD,MAAM,OAAO,GAAmB;YAC9B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;YAC5B,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC;YAC3B,SAAS,EAAE,SAAS,CAAC,GAAG,CAAC;YACzB,SAAS,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;SACpD,CAAC;QACF,OAAO,OAAO,CAAC;YACb,GAAG,EAAE,OAAO;YACZ,iBAAiB,EAAE,IAAI,CAAC,GAAG,CAAC,iBAAiB;YAC7C,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,WAAW;SAClC,CAAC,CAAC,GAAG,CAAC;IACT,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,SAAiB,EAAE,QAAgB;QAChD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,QAAQ,EAAE,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CACb,0BAA0B,QAAQ,yBAAyB,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAChF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,SAAS,GAAG,CAAC,IAAI,SAAS,IAAI,QAAQ,EAAE,CAAC;YAC3E,MAAM,IAAI,KAAK,CACb,2BAA2B,SAAS,eAAe,QAAQ,GAAG,CAC/D,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC9C,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC,SAAS,CAAE,CAAC;YACzC,UAAU,EAAE,SAAS;YACrB,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;SAC/B,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,gBAAgB,CAAC,SAAiB,EAAE,UAAkB;QACpD,IACE,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC;YAC5B,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC;YAC7B,SAAS,IAAI,CAAC;YACd,UAAU,IAAI,CAAC,EACf,CAAC;YACD,MAAM,IAAI,KAAK,CACb,gCAAgC,SAAS,KAAK,UAAU,GAAG,CAC5D,CAAC;QACJ,CAAC;QACD,IAAI,SAAS,GAAG,UAAU,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,2BAA2B,SAAS,iBAAiB,UAAU,EAAE,CAClE,CAAC;QACJ,CAAC;QACD,IAAI,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CACb,4BAA4B,UAAU,yBAAyB,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CACpF,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QAChD,MAAM,IAAI,GAAG,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAC/C,OAAO;YACL,SAAS,EAAE,SAAS;YACpB,OAAO,EAAE,UAAU;YACnB,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;SAC3B,CAAC;IACJ,CAAC;CACF;AAED,SAAS,SAAS,CAAC,CAAO;IACxB,+DAA+D;IAC/D,uBAAuB;IACvB,MAAM,GAAG,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IAC5B,OAAO,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;AACvC,CAAC"}

package/dist/transparency/merkle.d.ts

@@ -0,0 +1,59 @@
+/**
+ * RFC 6962 Merkle tree math for SEMP key transparency.
+ *
+ * The leaf hash is `SHA-256(0x00 || canonical_json_bytes)`; an
+ * interior node is `SHA-256(0x01 || left || right)`.
+ *
+ * This module covers:
+ *  - {@link hashLeaf} / {@link hashInterior}: the per-node hash
+ *    primitives
+ *  - {@link verifyInclusionProof}: §3.1 audit-path verification
+ *  - {@link verifyConsistencyProof}: §3.2 prefix verification
+ *  - {@link subtreeRoot}, {@link auditPath}, {@link subproof}: the
+ *    PROOF/PATH/SUBPROOF subroutines from RFC 6962 §2.1
+ *
+ * @module
+ */
+import { type ConsistencyProof, type InclusionProof, type LogEntry } from "./types.js";
+/**
+ * `SHA-256(0x00 || entryBytes)` per §2.2 / RFC 6962 §2.1. The
+ * caller MUST use the same canonical bytes the log producer used.
+ */
+export declare function hashLeaf(entryBytes: Uint8Array): Uint8Array;
+/**
+ * Marshal `entry` to canonical JSON and return {@link hashLeaf} of
+ * the result.
+ */
+export declare function hashLeafFromEntry(entry: LogEntry): Uint8Array;
+/** `SHA-256(0x01 || left || right)` per RFC 6962 §2.1. */
+export declare function hashInterior(left: Uint8Array, right: Uint8Array): Uint8Array;
+/**
+ * Verify `proof` against `rootHash` per RFC 6962 §2.1.1. Returns
+ * true on success.
+ */
+export declare function verifyInclusionProof(proof: InclusionProof, rootHash: Uint8Array): boolean;
+/**
+ * Verify `proof` per RFC 6962 §2.1.2. Returns true when the proof
+ * attests that the tree of size `from_size` (with `firstRoot`) is a
+ * prefix of the tree of size `to_size` (with `secondRoot`).
+ */
+export declare function verifyConsistencyProof(proof: ConsistencyProof, firstRoot: Uint8Array, secondRoot: Uint8Array): boolean;
+/**
+ * Largest power of 2 strictly less than `n`. Used by RFC 6962
+ * PATH and SUBPROOF construction.
+ */
+export declare function largestPowerOfTwoLessThan(n: number): number;
+/**
+ * MTH(D[0:n]) per RFC 6962 §2.1. An empty input returns the all-zeros
+ * 32-byte hash; the spec actually defines MTH(empty) = SHA-256("")
+ * but inclusion / consistency proofs never operate on an empty
+ * subtree directly.
+ */
+export declare function subtreeRoot(leaves: Uint8Array[]): Uint8Array;
+/** PATH(m, D[0:n]) per RFC 6962 §2.1.1. */
+export declare function auditPath(m: number, leaves: Uint8Array[]): Uint8Array[];
+/** SUBPROOF(m, D[0:n], b) per RFC 6962 §2.1.2. */
+export declare function subproof(m: number, leaves: Uint8Array[], b: boolean): Uint8Array[];
+/** Base64-encode a 32-byte hash for the wire form. */
+export declare function encodeHash(h: Uint8Array): string;
+//# sourceMappingURL=merkle.d.ts.map

package/dist/transparency/merkle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"merkle.d.ts","sourceRoot":"","sources":["../../src/transparency/merkle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAMH,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,QAAQ,EAGd,MAAM,YAAY,CAAC;AAEpB;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,CAK3D;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,QAAQ,GAAG,UAAU,CAE7D;AAED,0DAA0D;AAC1D,wBAAgB,YAAY,CAAC,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,UAAU,GAAG,UAAU,CAM5E;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,cAAc,EACrB,QAAQ,EAAE,UAAU,GACnB,OAAO,CA2BT;AAsCD;;;;GAIG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,gBAAgB,EACvB,SAAS,EAAE,UAAU,EACrB,UAAU,EAAE,UAAU,GACrB,OAAO,CAsCT;AAwDD;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAS3D;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,UAAU,EAAE,GAAG,UAAU,CAW5D;AAED,2CAA2C;AAC3C,wBAAgB,SAAS,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,UAAU,EAAE,CAavE;AAED,kDAAkD;AAClD,wBAAgB,QAAQ,CACtB,CAAC,EAAE,MAAM,EACT,MAAM,EAAE,UAAU,EAAE,EACpB,CAAC,EAAE,OAAO,GACT,UAAU,EAAE,CAgBd;AAKD,sDAAsD;AACtD,wBAAgB,UAAU,CAAC,CAAC,EAAE,UAAU,GAAG,MAAM,CAKhD"}

package/dist/transparency/merkle.js

@@ -0,0 +1,314 @@
+/**
+ * RFC 6962 Merkle tree math for SEMP key transparency.
+ *
+ * The leaf hash is `SHA-256(0x00 || canonical_json_bytes)`; an
+ * interior node is `SHA-256(0x01 || left || right)`.
+ *
+ * This module covers:
+ *  - {@link hashLeaf} / {@link hashInterior}: the per-node hash
+ *    primitives
+ *  - {@link verifyInclusionProof}: §3.1 audit-path verification
+ *  - {@link verifyConsistencyProof}: §3.2 prefix verification
+ *  - {@link subtreeRoot}, {@link auditPath}, {@link subproof}: the
+ *    PROOF/PATH/SUBPROOF subroutines from RFC 6962 §2.1
+ *
+ * @module
+ */
+import { sha256 } from "@noble/hashes/sha2.js";
+import { marshal as canonicalMarshal } from "../canonical/index.js";
+import { InteriorPrefix, LeafPrefix, } from "./types.js";
+/**
+ * `SHA-256(0x00 || entryBytes)` per §2.2 / RFC 6962 §2.1. The
+ * caller MUST use the same canonical bytes the log producer used.
+ */
+export function hashLeaf(entryBytes) {
+    const buf = new Uint8Array(1 + entryBytes.length);
+    buf[0] = LeafPrefix;
+    buf.set(entryBytes, 1);
+    return sha256(buf);
+}
+/**
+ * Marshal `entry` to canonical JSON and return {@link hashLeaf} of
+ * the result.
+ */
+export function hashLeafFromEntry(entry) {
+    return hashLeaf(canonicalMarshal(entry));
+}
+/** `SHA-256(0x01 || left || right)` per RFC 6962 §2.1. */
+export function hashInterior(left, right) {
+    const buf = new Uint8Array(1 + 32 + 32);
+    buf[0] = InteriorPrefix;
+    buf.set(left, 1);
+    buf.set(right, 33);
+    return sha256(buf);
+}
+/**
+ * Verify `proof` against `rootHash` per RFC 6962 §2.1.1. Returns
+ * true on success.
+ */
+export function verifyInclusionProof(proof, rootHash) {
+    if (proof.log_size <= 0) {
+        return false;
+    }
+    if (proof.leaf_index < 0 || proof.leaf_index >= proof.log_size) {
+        return false;
+    }
+    let leaf;
+    let siblings;
+    try {
+        leaf = decodeHash(proof.leaf_hash);
+        siblings = decodeHashes(proof.path);
+    }
+    catch {
+        return false;
+    }
+    let computed;
+    try {
+        computed = computeRootFromInclusion(proof.leaf_index, proof.log_size, leaf, siblings);
+    }
+    catch {
+        return false;
+    }
+    return bytesEqual(computed, rootHash);
+}
+function computeRootFromInclusion(leafIndex, treeSize, leaf, siblings) {
+    let fn = leafIndex;
+    let sn = treeSize - 1;
+    let r = leaf;
+    let pathIdx = 0;
+    while (sn > 0) {
+        if (pathIdx >= siblings.length) {
+            throw new Error("transparency: inclusion proof too short");
+        }
+        const s = siblings[pathIdx];
+        pathIdx++;
+        if ((fn & 1) === 1 || fn === sn) {
+            r = hashInterior(s, r);
+            while (fn !== 0 && (fn & 1) === 0) {
+                fn >>>= 1;
+                sn >>>= 1;
+            }
+        }
+        else {
+            r = hashInterior(r, s);
+        }
+        fn >>>= 1;
+        sn >>>= 1;
+    }
+    if (pathIdx !== siblings.length) {
+        throw new Error(`transparency: inclusion proof has ${siblings.length - pathIdx} unused siblings`);
+    }
+    return r;
+}
+/**
+ * Verify `proof` per RFC 6962 §2.1.2. Returns true when the proof
+ * attests that the tree of size `from_size` (with `firstRoot`) is a
+ * prefix of the tree of size `to_size` (with `secondRoot`).
+ */
+export function verifyConsistencyProof(proof, firstRoot, secondRoot) {
+    if (proof.from_size < 0 || proof.to_size < 0) {
+        return false;
+    }
+    if (proof.from_size > proof.to_size) {
+        return false;
+    }
+    if (proof.from_size === proof.to_size) {
+        if (proof.path.length !== 0) {
+            return false;
+        }
+        return bytesEqual(firstRoot, secondRoot);
+    }
+    if (proof.from_size === 0) {
+        // Trivially consistent; path expected empty per RFC 6962.
+        return proof.path.length === 0;
+    }
+    let siblings;
+    try {
+        siblings = decodeHashes(proof.path);
+    }
+    catch {
+        return false;
+    }
+    let recomputed;
+    try {
+        recomputed = computeRootsFromConsistency(proof.from_size, proof.to_size, firstRoot, siblings);
+    }
+    catch {
+        return false;
+    }
+    return (bytesEqual(recomputed.first, firstRoot) &&
+        bytesEqual(recomputed.second, secondRoot));
+}
+function computeRootsFromConsistency(firstSize, secondSize, firstRoot, path) {
+    let fn = firstSize - 1;
+    let sn = secondSize - 1;
+    while ((fn & 1) === 1) {
+        fn >>>= 1;
+        sn >>>= 1;
+    }
+    let fr;
+    let sr;
+    let pathIdx = 0;
+    if (fn !== 0) {
+        if (pathIdx >= path.length) {
+            throw new Error("transparency: consistency proof too short");
+        }
+        fr = path[pathIdx];
+        sr = path[pathIdx];
+        pathIdx++;
+    }
+    else {
+        fr = firstRoot;
+        sr = firstRoot;
+    }
+    while (sn > 0) {
+        if (pathIdx >= path.length) {
+            throw new Error("transparency: consistency proof too short");
+        }
+        const c = path[pathIdx];
+        pathIdx++;
+        if ((fn & 1) === 1 || fn === sn) {
+            fr = hashInterior(c, fr);
+            sr = hashInterior(c, sr);
+            while (fn !== 0 && (fn & 1) === 0) {
+                fn >>>= 1;
+                sn >>>= 1;
+            }
+        }
+        else {
+            sr = hashInterior(sr, c);
+        }
+        fn >>>= 1;
+        sn >>>= 1;
+    }
+    if (pathIdx !== path.length) {
+        throw new Error(`transparency: consistency proof has ${path.length - pathIdx} unused hashes`);
+    }
+    return { first: fr, second: sr };
+}
+/**
+ * Largest power of 2 strictly less than `n`. Used by RFC 6962
+ * PATH and SUBPROOF construction.
+ */
+export function largestPowerOfTwoLessThan(n) {
+    if (n <= 1) {
+        return 0;
+    }
+    let k = 1;
+    while (k * 2 < n) {
+        k *= 2;
+    }
+    return k;
+}
+/**
+ * MTH(D[0:n]) per RFC 6962 §2.1. An empty input returns the all-zeros
+ * 32-byte hash; the spec actually defines MTH(empty) = SHA-256("")
+ * but inclusion / consistency proofs never operate on an empty
+ * subtree directly.
+ */
+export function subtreeRoot(leaves) {
+    if (leaves.length === 0) {
+        return new Uint8Array(32);
+    }
+    if (leaves.length === 1) {
+        return leaves[0];
+    }
+    const k = largestPowerOfTwoLessThan(leaves.length);
+    const left = subtreeRoot(leaves.slice(0, k));
+    const right = subtreeRoot(leaves.slice(k));
+    return hashInterior(left, right);
+}
+/** PATH(m, D[0:n]) per RFC 6962 §2.1.1. */
+export function auditPath(m, leaves) {
+    const n = leaves.length;
+    if (n <= 1) {
+        return [];
+    }
+    const k = largestPowerOfTwoLessThan(n);
+    if (m < k) {
+        return [...auditPath(m, leaves.slice(0, k)), subtreeRoot(leaves.slice(k))];
+    }
+    return [
+        ...auditPath(m - k, leaves.slice(k)),
+        subtreeRoot(leaves.slice(0, k)),
+    ];
+}
+/** SUBPROOF(m, D[0:n], b) per RFC 6962 §2.1.2. */
+export function subproof(m, leaves, b) {
+    const n = leaves.length;
+    if (m === n) {
+        if (b) {
+            return [];
+        }
+        return [subtreeRoot(leaves)];
+    }
+    const k = largestPowerOfTwoLessThan(n);
+    if (m <= k) {
+        return [...subproof(m, leaves.slice(0, k), b), subtreeRoot(leaves.slice(k))];
+    }
+    return [
+        ...subproof(m - k, leaves.slice(k), false),
+        subtreeRoot(leaves.slice(0, k)),
+    ];
+}
+// ---------------------------------------------------------------------------
+// Helpers
+/** Base64-encode a 32-byte hash for the wire form. */
+export function encodeHash(h) {
+    if (h.length !== 32) {
+        throw new Error(`transparency: hash length ${h.length}, want 32`);
+    }
+    return base64Encode(h);
+}
+function decodeHash(s) {
+    const out = base64Decode(s);
+    if (out.length !== 32) {
+        throw new Error(`transparency: hash length ${out.length}, want 32`);
+    }
+    return out;
+}
+function decodeHashes(items) {
+    const out = [];
+    for (let i = 0; i < items.length; i++) {
+        try {
+            out.push(decodeHash(items[i] ?? ""));
+        }
+        catch (err) {
+            throw new Error(`transparency: path[${i}]: ${err instanceof Error ? err.message : String(err)}`);
+        }
+    }
+    return out;
+}
+function bytesEqual(a, b) {
+    if (a.length !== b.length) {
+        return false;
+    }
+    for (let i = 0; i < a.length; i++) {
+        if (a[i] !== b[i]) {
+            return false;
+        }
+    }
+    return true;
+}
+function base64Encode(b) {
+    if (typeof Buffer !== "undefined") {
+        return Buffer.from(b).toString("base64");
+    }
+    let bin = "";
+    for (let i = 0; i < b.length; i++) {
+        bin += String.fromCharCode(b[i] ?? 0);
+    }
+    return btoa(bin);
+}
+function base64Decode(s) {
+    if (typeof Buffer !== "undefined") {
+        return new Uint8Array(Buffer.from(s, "base64"));
+    }
+    const bin = atob(s);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++) {
+        out[i] = bin.charCodeAt(i);
+    }
+    return out;
+}
+//# sourceMappingURL=merkle.js.map

package/dist/transparency/merkle.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"merkle.js","sourceRoot":"","sources":["../../src/transparency/merkle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEpE,OAAO,EAIL,cAAc,EACd,UAAU,GACX,MAAM,YAAY,CAAC;AAEpB;;;GAGG;AACH,MAAM,UAAU,QAAQ,CAAC,UAAsB;IAC7C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAClD,GAAG,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC;IACpB,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IACvB,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAe;IAC/C,OAAO,QAAQ,CAAC,gBAAgB,CAAC,KAA2C,CAAC,CAAC,CAAC;AACjF,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,YAAY,CAAC,IAAgB,EAAE,KAAiB;IAC9D,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IACxC,GAAG,CAAC,CAAC,CAAC,GAAG,cAAc,CAAC;IACxB,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACjB,GAAG,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACnB,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,KAAqB,EACrB,QAAoB;IAEpB,IAAI,KAAK,CAAC,QAAQ,IAAI,CAAC,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,CAAC,UAAU,GAAG,CAAC,IAAI,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC/D,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,IAAgB,CAAC;IACrB,IAAI,QAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACnC,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,QAAoB,CAAC;IACzB,IAAI,CAAC;QACH,QAAQ,GAAG,wBAAwB,CACjC,KAAK,CAAC,UAAU,EAChB,KAAK,CAAC,QAAQ,EACd,IAAI,EACJ,QAAQ,CACT,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,wBAAwB,CAC/B,SAAiB,EACjB,QAAgB,EAChB,IAAgB,EAChB,QAAsB;IAEtB,IAAI,EAAE,GAAG,SAAS,CAAC;IACnB,IAAI,EAAE,GAAG,QAAQ,GAAG,CAAC,CAAC;IACtB,IAAI,CAAC,GAAG,IAAI,CAAC;IACb,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;QACd,IAAI,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QACD,MAAM,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAE,CAAC;QAC7B,OAAO,EAAE,CAAC;QACV,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAChC,CAAC,GAAG,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACvB,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;gBAClC,EAAE,MAAM,CAAC,CAAC;gBACV,EAAE,MAAM,CAAC,CAAC;YACZ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,CAAC,GAAG,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC;QACD,EAAE,MAAM,CAAC,CAAC;QACV,EAAE,MAAM,CAAC,CAAC;IACZ,CAAC;IACD,IAAI,OAAO,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CACb,qCAAqC,QAAQ,CAAC,MAAM,GAAG,OAAO,kBAAkB,CACjF,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CACpC,KAAuB,EACvB,SAAqB,EACrB,UAAsB;IAEtB,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC;QAC7C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,CAAC,SAAS,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;QACpC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,CAAC,SAAS,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC;QACtC,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,KAAK,CAAC,SAAS,KAAK,CAAC,EAAE,CAAC;QAC1B,0DAA0D;QAC1D,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC;IACjC,CAAC;IACD,IAAI,QAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,UAAqD,CAAC;IAC1D,IAAI,CAAC;QACH,UAAU,GAAG,2BAA2B,CACtC,KAAK,CAAC,SAAS,EACf,KAAK,CAAC,OAAO,EACb,SAAS,EACT,QAAQ,CACT,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,CACL,UAAU,CAAC,UAAU,CAAC,KAAK,EAAE,SAAS,CAAC;QACvC,UAAU,CAAC,UAAU,CAAC,MAAM,EAAE,UAAU,CAAC,CAC1C,CAAC;AACJ,CAAC;AAED,SAAS,2BAA2B,CAClC,SAAiB,EACjB,UAAkB,EAClB,SAAqB,EACrB,IAAkB;IAElB,IAAI,EAAE,GAAG,SAAS,GAAG,CAAC,CAAC;IACvB,IAAI,EAAE,GAAG,UAAU,GAAG,CAAC,CAAC;IACxB,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QACtB,EAAE,MAAM,CAAC,CAAC;QACV,EAAE,MAAM,CAAC,CAAC;IACZ,CAAC;IAED,IAAI,EAAc,CAAC;IACnB,IAAI,EAAc,CAAC;IACnB,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC;QACb,IAAI,OAAO,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,EAAE,GAAG,IAAI,CAAC,OAAO,CAAE,CAAC;QACpB,EAAE,GAAG,IAAI,CAAC,OAAO,CAAE,CAAC;QACpB,OAAO,EAAE,CAAC;IACZ,CAAC;SAAM,CAAC;QACN,EAAE,GAAG,SAAS,CAAC;QACf,EAAE,GAAG,SAAS,CAAC;IACjB,CAAC;IACD,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;QACd,IAAI,OAAO,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAE,CAAC;QACzB,OAAO,EAAE,CAAC;QACV,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAChC,EAAE,GAAG,YAAY,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACzB,EAAE,GAAG,YAAY,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACzB,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;gBAClC,EAAE,MAAM,CAAC,CAAC;gBACV,EAAE,MAAM,CAAC,CAAC;YACZ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,EAAE,GAAG,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QAC3B,CAAC;QACD,EAAE,MAAM,CAAC,CAAC;QACV,EAAE,MAAM,CAAC,CAAC;IACZ,CAAC;IACD,IAAI,OAAO,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CACb,uCAAuC,IAAI,CAAC,MAAM,GAAG,OAAO,gBAAgB,CAC7E,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AACnC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CAAC,CAAS;IACjD,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,CAAC;IACX,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QACjB,CAAC,IAAI,CAAC,CAAC;IACT,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,MAAoB;IAC9C,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC5B,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,MAAM,CAAC,CAAC,CAAE,CAAC;IACpB,CAAC;IACD,MAAM,CAAC,GAAG,yBAAyB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACnD,MAAM,IAAI,GAAG,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3C,OAAO,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACnC,CAAC;AAED,2CAA2C;AAC3C,MAAM,UAAU,SAAS,CAAC,CAAS,EAAE,MAAoB;IACvD,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC;IACxB,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACX,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,CAAC,GAAG,yBAAyB,CAAC,CAAC,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO;QACL,GAAG,SAAS,CAAC,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACpC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;KAChC,CAAC;AACJ,CAAC;AAED,kDAAkD;AAClD,MAAM,UAAU,QAAQ,CACtB,CAAS,EACT,MAAoB,EACpB,CAAU;IAEV,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC;IACxB,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACZ,IAAI,CAAC,EAAE,CAAC;YACN,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;IAC/B,CAAC;IACD,MAAM,CAAC,GAAG,yBAAyB,CAAC,CAAC,CAAC,CAAC;IACvC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/E,CAAC;IACD,OAAO;QACL,GAAG,QAAQ,CAAC,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC;QAC1C,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;KAChC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,UAAU;AAEV,sDAAsD;AACtD,MAAM,UAAU,UAAU,CAAC,CAAa;IACtC,IAAI,CAAC,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC,MAAM,WAAW,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,MAAM,GAAG,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;IAC5B,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAG,CAAC,MAAM,WAAW,CAAC,CAAC;IACtE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,YAAY,CAAC,KAAe;IACnC,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACvC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CACb,sBAAsB,CAAC,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAChF,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,UAAU,CAAC,CAAa,EAAE,CAAa;IAC9C,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAClB,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,YAAY,CAAC,CAAa;IACjC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/transparency/sign.d.ts

@@ -0,0 +1,48 @@
+/**
+ * STH signing + verification + freshness checks per
+ * TRANSPARENCY.md §2.3.
+ *
+ * @module
+ */
+import { type LogEntry, type SignedTreeHead } from "./types.js";
+/** Domain-separation prefix per ENVELOPE.md §4.3. */
+export declare const TransparencySTHPrefix = "SEMP-TRANSPARENCY-STH:";
+/** Only signature algorithm defined for STH signatures. */
+export declare const SignatureAlgorithmEd25519 = "ed25519";
+/** Inputs to {@link signSTH}. */
+export interface SignSTHInput {
+    /** Pre-sign STH; `signature.value` will be replaced. */
+    sth: SignedTreeHead;
+    /** 32-byte Ed25519 secret seed for the domain signing key. */
+    domainSigningSeed: Uint8Array;
+    /** Lowercase-hex SHA-256 fingerprint of the domain signing pub. */
+    domainKeyId: string;
+}
+/** Result of a successful {@link signSTH}. */
+export interface SignSTHResult {
+    sth: SignedTreeHead;
+    signatureB64: string;
+}
+/**
+ * Build and Ed25519-sign an STH per §2.3. Pre-populates
+ * `signature.{algorithm,key_id}` so the canonical bytes cover them
+ * (defense against algorithm/issuer downgrade).
+ */
+export declare function signSTH(input: SignSTHInput): SignSTHResult;
+/**
+ * Ed25519-verify an STH's signature against `domainPub`. Returns
+ * true on success. Does NOT enforce staleness; pair with
+ * {@link checkSTHFresh} for the §2.3 1-hour bound.
+ */
+export declare function verifySTH(sth: SignedTreeHead, domainPub: Uint8Array): boolean;
+/**
+ * Enforce §2.3 freshness: reject STHs whose timestamp is more than
+ * {@link MaxSTHFreshnessMs} old. Returns true when the STH is
+ * fresh under the supplied `now`.
+ */
+export declare function checkSTHFresh(sth: SignedTreeHead, now: Date): boolean;
+/** Structural validation of `sth` per §2.3. Throws on first violation. */
+export declare function validateSTH(sth: SignedTreeHead): void;
+/** Structural validation of a {@link LogEntry} per §2.2. Throws on first violation. */
+export declare function validateLogEntry(e: LogEntry): void;
+//# sourceMappingURL=sign.d.ts.map

package/dist/transparency/sign.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../../src/transparency/sign.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EACL,KAAK,QAAQ,EACb,KAAK,cAAc,EAEpB,MAAM,YAAY,CAAC;AAEpB,qDAAqD;AACrD,eAAO,MAAM,qBAAqB,2BAA2B,CAAC;AAE9D,2DAA2D;AAC3D,eAAO,MAAM,yBAAyB,YAAY,CAAC;AAEnD,iCAAiC;AACjC,MAAM,WAAW,YAAY;IAC3B,wDAAwD;IACxD,GAAG,EAAE,cAAc,CAAC;IACpB,8DAA8D;IAC9D,iBAAiB,EAAE,UAAU,CAAC;IAC9B,mEAAmE;IACnE,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,8CAA8C;AAC9C,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,cAAc,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;;GAIG;AACH,wBAAgB,OAAO,CAAC,KAAK,EAAE,YAAY,GAAG,aAAa,CAwB1D;AAED;;;;GAIG;AACH,wBAAgB,SAAS,CACvB,GAAG,EAAE,cAAc,EACnB,SAAS,EAAE,UAAU,GACpB,OAAO,CAYT;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,GAAG,EAAE,IAAI,GAAG,OAAO,CAMrE;AAED,0EAA0E;AAC1E,wBAAgB,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,IAAI,CAsBrD;AAED,uFAAuF;AACvF,wBAAgB,gBAAgB,CAAC,CAAC,EAAE,QAAQ,GAAG,IAAI,CAgDlD"}