npm - @solana/webcrypto-ed25519-polyfill - Versions diffs - 3.0.0 → 4.0.0-canary-20250903000115 - Mend

@solana/webcrypto-ed25519-polyfill 3.0.0 → 4.0.0-canary-20250903000115

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/index.browser.cjs +104 -85
package/dist/index.browser.cjs.map +1 -1
package/dist/index.browser.mjs +7 -4
package/dist/index.browser.mjs.map +1 -1
package/dist/index.native.mjs +7 -4
package/dist/index.native.mjs.map +1 -1
package/dist/index.node.cjs +104 -85
package/dist/index.node.cjs.map +1 -1
package/dist/index.node.mjs +7 -4
package/dist/index.node.mjs.map +1 -1
package/dist/types/secrets.d.ts.map +1 -1
package/package.json +3 -3

package/dist/index.browser.cjs CHANGED Viewed

@@ -1,25 +1,43 @@
 'use strict';
-// ../../node_modules/.pnpm/@noble+ed25519@2.3.0/node_modules/@noble/ed25519/index.js
+// ../../node_modules/.pnpm/@noble+ed25519@3.0.0/node_modules/@noble/ed25519/index.js
 var ed25519_CURVE = {
   p: 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffedn,
   n: 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3edn,
+  h: 8n,
   a: 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffecn,
   d: 0x52036cee2b6ffe738cc740797779e89800700a4d4141d8ab75eb4dca135978a3n,
   Gx: 0x216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51an,
   Gy: 0x6666666666666666666666666666666666666666666666666666666666666658n
 };
-var { p: P, n: N, Gx, Gy, a: _a, d: _d } = ed25519_CURVE;
-var h = 8n;
+var { p: P, n: N, Gx, Gy, a: _a, d: _d, h } = ed25519_CURVE;
 var L = 32;
 var L2 = 64;
-var err = (m = "") => {
-  throw new Error(m);
+var captureTrace = (...args) => {
+  if ("captureStackTrace" in Error && typeof Error.captureStackTrace === "function") {
+    Error.captureStackTrace(...args);
+  }
+};
+var err = (message = "") => {
+  const e = new Error(message);
+  captureTrace(e, err);
+  throw e;
 };
 var isBig = (n) => typeof n === "bigint";
 var isStr = (s) => typeof s === "string";
 var isBytes = (a) => a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
-var abytes = (a, l) => !isBytes(a) || typeof l === "number" && l > 0 && a.length !== l ? err("Uint8Array expected") : a;
+var abytes = (value, length, title = "") => {
+  const bytes = isBytes(value);
+  const len = value?.length;
+  const needsLen = length !== void 0;
+  if (!bytes || needsLen && len !== length) {
+    const prefix = title && `"${title}" `;
+    const ofLen = needsLen ? ` of length ${length}` : "";
+    const got = bytes ? `length=${len}` : `type=${typeof value}`;
+    err(prefix + "expected Uint8Array" + ofLen + ", got " + got);
+  }
+  return value;
+};
 var u8n = (len) => new Uint8Array(len);
 var u8fr = (buf) => Uint8Array.from(buf);
 var padh = (n, pad) => n.toString(16).padStart(pad, "0");
@@ -52,9 +70,8 @@ var hexToBytes = (hex) => {
   }
   return array;
 };
-var toU8 = (a, len) => abytes(isStr(a) ? hexToBytes(a) : u8fr(abytes(a)), len);
 var cr = () => globalThis?.crypto;
-var subtle = () => cr()?.subtle ?? err("crypto.subtle must be defined");
+var subtle = () => cr()?.subtle ?? err("crypto.subtle must be defined, consider polyfill");
 var concatBytes = (...arrs) => {
   const r = u8n(arrs.reduce((sum, a) => sum + abytes(a).length, 0));
   let pad = 0;
@@ -69,7 +86,7 @@ var randomBytes = (len = L) => {
   return c.getRandomValues(u8n(len));
 };
 var big = BigInt;
-var arange = (n, min, max, msg = "bad number: out of range") => isBig(n) && min <= n && n < max ? n : err(msg);
+var assertRange = (n, min, max, msg = "bad number: out of range") => isBig(n) && min <= n && n < max ? n : err(msg);
 var M = (a, b = P) => {
   const r = a % b;
   return r >= 0n ? r : b + r;
@@ -87,7 +104,7 @@ var invert = (num, md) => {
   return b === 1n ? M(x, md) : err("no inverse");
 };
 var callHash = (name) => {
-  const fn = etc[name];
+  const fn = hashes[name];
   err("hashes." + name + " not set");
   return fn;
 };
@@ -96,18 +113,21 @@ var B256 = 2n ** 256n;
 var Point = class _Point {
   static BASE;
   static ZERO;
-  ex;
-  ey;
-  ez;
-  et;
-  constructor(ex, ey, ez, et) {
+  X;
+  Y;
+  Z;
+  T;
+  constructor(X, Y, Z, T) {
     const max = B256;
-    this.ex = arange(ex, 0n, max);
-    this.ey = arange(ey, 0n, max);
-    this.ez = arange(ez, 1n, max);
-    this.et = arange(et, 0n, max);
+    this.X = assertRange(X, 0n, max);
+    this.Y = assertRange(Y, 0n, max);
+    this.Z = assertRange(Z, 1n, max);
+    this.T = assertRange(T, 0n, max);
     Object.freeze(this);
   }
+  static CURVE() {
+    return ed25519_CURVE;
+  }
   static fromAffine(p) {
     return new _Point(p.x, p.y, 1n, M(p.x * p.y));
   }
@@ -119,7 +139,7 @@ var Point = class _Point {
     normed[31] = lastByte & -129;
     const y = bytesToNumLE(normed);
     const max = zip215 ? B256 : P;
-    arange(y, 0n, max);
+    assertRange(y, 0n, max);
     const y2 = M(y * y);
     const u = M(y2 - 1n);
     const v = M(d * y2 + 1n);
@@ -134,14 +154,23 @@ var Point = class _Point {
       x = M(-x);
     return new _Point(x, y, 1n, M(x * y));
   }
+  static fromHex(hex, zip215) {
+    return _Point.fromBytes(hexToBytes(hex), zip215);
+  }
+  get x() {
+    return this.toAffine().x;
+  }
+  get y() {
+    return this.toAffine().y;
+  }
   /** Checks if the point is valid and on-curve. */
   assertValidity() {
     const a = _a;
     const d = _d;
     const p = this;
     if (p.is0())
-      throw new Error("bad point: ZERO");
-    const { ex: X, ey: Y, ez: Z, et: T } = p;
+      return err("bad point: ZERO");
+    const { X, Y, Z, T } = p;
     const X2 = M(X * X);
     const Y2 = M(Y * Y);
     const Z2 = M(Z * Z);
@@ -150,17 +179,17 @@ var Point = class _Point {
     const left = M(Z2 * M(aX2 + Y2));
     const right = M(Z4 + M(d * M(X2 * Y2)));
     if (left !== right)
-      throw new Error("bad point: equation left != right (1)");
+      return err("bad point: equation left != right (1)");
     const XY = M(X * Y);
     const ZT = M(Z * T);
     if (XY !== ZT)
-      throw new Error("bad point: equation left != right (2)");
+      return err("bad point: equation left != right (2)");
     return this;
   }
   /** Equality check: compare points P&Q. */
   equals(other) {
-    const { ex: X1, ey: Y1, ez: Z1 } = this;
-    const { ex: X2, ey: Y2, ez: Z2 } = apoint(other);
+    const { X: X1, Y: Y1, Z: Z1 } = this;
+    const { X: X2, Y: Y2, Z: Z2 } = apoint(other);
     const X1Z2 = M(X1 * Z2);
     const X2Z1 = M(X2 * Z1);
     const Y1Z2 = M(Y1 * Z2);
@@ -172,11 +201,11 @@ var Point = class _Point {
   }
   /** Flip point over y coordinate. */
   negate() {
-    return new _Point(M(-this.ex), this.ey, this.ez, M(-this.et));
+    return new _Point(M(-this.X), this.Y, this.Z, M(-this.T));
   }
   /** Point doubling. Complete formula. Cost: `4M + 4S + 1*a + 6add + 1*2`. */
   double() {
-    const { ex: X1, ey: Y1, ez: Z1 } = this;
+    const { X: X1, Y: Y1, Z: Z1 } = this;
     const a = _a;
     const A = M(X1 * X1);
     const B = M(Y1 * Y1);
@@ -195,8 +224,8 @@ var Point = class _Point {
   }
   /** Point addition. Complete formula. Cost: `8M + 1*k + 8add + 1*2`. */
   add(other) {
-    const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this;
-    const { ex: X2, ey: Y2, ez: Z2, et: T2 } = apoint(other);
+    const { X: X1, Y: Y1, Z: Z1, T: T1 } = this;
+    const { X: X2, Y: Y2, Z: Z2, T: T2 } = apoint(other);
     const a = _a;
     const d = _d;
     const A = M(X1 * X2);
@@ -213,6 +242,9 @@ var Point = class _Point {
     const Z3 = M(F * G2);
     return new _Point(X3, Y3, Z3, T3);
   }
+  subtract(other) {
+    return this.add(apoint(other).negate());
+  }
   /**
    * Point-by-scalar multiplication. Scalar must be in range 1 <= n < CURVE.n.
    * Uses {@link wNAF} for base point.
@@ -223,7 +255,7 @@ var Point = class _Point {
   multiply(n, safe = true) {
     if (!safe && (n === 0n || this.is0()))
       return I;
-    arange(n, 1n, N);
+    assertRange(n, 1n, N);
     if (n === 1n)
       return this;
     if (this.equals(G))
@@ -238,15 +270,20 @@ var Point = class _Point {
     }
     return p;
   }
+  multiplyUnsafe(scalar) {
+    return this.multiply(scalar, false);
+  }
   /** Convert point to 2d xy affine point. (X, Y, Z) ∋ (x=X/Z, y=Y/Z) */
   toAffine() {
-    const { ex: x, ey: y, ez: z } = this;
+    const { X, Y, Z } = this;
     if (this.equals(I))
       return { x: 0n, y: 1n };
-    const iz = invert(z, P);
-    if (M(z * iz) !== 1n)
+    const iz = invert(Z, P);
+    if (M(Z * iz) !== 1n)
       err("invalid inverse");
-    return { x: M(x * iz), y: M(y * iz) };
+    const x = M(X * iz);
+    const y = M(Y * iz);
+    return { x, y };
   }
   toBytes() {
     const { x, y } = this.assertValidity().toAffine();
@@ -257,7 +294,6 @@ var Point = class _Point {
   toHex() {
     return bytesToHex(this.toBytes());
   }
-  // encode to hex string
   clearCofactor() {
     return this.multiply(big(h), false);
   }
@@ -270,24 +306,12 @@ var Point = class _Point {
       p = p.add(this);
     return p.is0();
   }
-  static fromHex(hex, zip215) {
-    return _Point.fromBytes(toU8(hex), zip215);
-  }
-  get x() {
-    return this.toAffine().x;
-  }
-  get y() {
-    return this.toAffine().y;
-  }
-  toRawBytes() {
-    return this.toBytes();
-  }
 };
 var G = new Point(Gx, Gy, 1n, M(Gx * Gy));
 var I = new Point(0n, 1n, 1n, 0n);
 Point.BASE = G;
 Point.ZERO = I;
-var numTo32bLE = (num) => hexToBytes(padh(arange(num, 0n, B256), L2)).reverse();
+var numTo32bLE = (num) => hexToBytes(padh(assertRange(num, 0n, B256), L2)).reverse();
 var bytesToNumLE = (b) => big("0x" + bytesToHex(u8fr(abytes(b)).reverse()));
 var pow2 = (x, power) => {
   let r = x;
@@ -333,8 +357,8 @@ var uvRatio = (u, v) => {
   return { isValid: useRoot1 || useRoot2, value: x };
 };
 var modL_LE = (hash) => modN(bytesToNumLE(hash));
-var sha512a = (...m) => etc.sha512Async(...m);
-var sha512s = (...m) => callHash("sha512Sync")(...m);
+var sha512a = (...m) => hashes.sha512Async(concatBytes(...m));
+var sha512s = (...m) => callHash("sha512")(concatBytes(...m));
 var hash2extK = (hashed) => {
   const head = hashed.slice(0, L);
   head[0] &= 248;
@@ -346,9 +370,9 @@ var hash2extK = (hashed) => {
   const pointBytes = point.toBytes();
   return { head, prefix, scalar, point, pointBytes };
 };
-var getExtendedPublicKeyAsync = (priv) => sha512a(toU8(priv, L)).then(hash2extK);
-var getExtendedPublicKey = (priv) => hash2extK(sha512s(toU8(priv, L)));
-var getPublicKeyAsync = (priv) => getExtendedPublicKeyAsync(priv).then((p) => p.pointBytes);
+var getExtendedPublicKeyAsync = (secretKey) => sha512a(abytes(secretKey, L)).then(hash2extK);
+var getExtendedPublicKey = (secretKey) => hash2extK(sha512s(abytes(secretKey, L)));
+var getPublicKeyAsync = (secretKey) => getExtendedPublicKeyAsync(secretKey).then((p) => p.pointBytes);
 var hashFinishA = (res) => sha512a(res.hashable).then(res.finish);
 var _sign = (e, rBytes, msg) => {
   const { pointBytes: P2, scalar: s } = e;
@@ -361,17 +385,17 @@ var _sign = (e, rBytes, msg) => {
   };
   return { hashable, finish };
 };
-var signAsync = async (msg, privKey) => {
-  const m = toU8(msg);
-  const e = await getExtendedPublicKeyAsync(privKey);
+var signAsync = async (message, secretKey) => {
+  const m = abytes(message);
+  const e = await getExtendedPublicKeyAsync(secretKey);
   const rBytes = await sha512a(e.prefix, m);
   return hashFinishA(_sign(e, rBytes, m));
 };
-var veriOpts = { zip215: true };
-var _verify = (sig, msg, pub, opts = veriOpts) => {
-  sig = toU8(sig, L2);
-  msg = toU8(msg);
-  pub = toU8(pub, L);
+var defaultVerifyOpts = { zip215: true };
+var _verify = (sig, msg, pub, opts = defaultVerifyOpts) => {
+  sig = abytes(sig, L2);
+  msg = abytes(msg);
+  pub = abytes(pub, L);
   const { zip215 } = opts;
   let A;
   let R;
@@ -379,8 +403,8 @@ var _verify = (sig, msg, pub, opts = veriOpts) => {
   let SB;
   let hashable = Uint8Array.of();
   try {
-    A = Point.fromHex(pub, zip215);
-    R = Point.fromHex(sig.slice(0, L), zip215);
+    A = Point.fromBytes(pub, zip215);
+    R = Point.fromBytes(sig.slice(0, L), zip215);
     s = bytesToNumLE(sig.slice(L, L2));
     SB = G.multiply(s, false);
     hashable = concatBytes(R.toBytes(), A.toBytes(), msg);
@@ -397,30 +421,20 @@ var _verify = (sig, msg, pub, opts = veriOpts) => {
   };
   return { hashable, finish };
 };
-var verifyAsync = async (s, m, p, opts = veriOpts) => hashFinishA(_verify(s, m, p, opts));
-var etc = {
-  sha512Async: async (...messages) => {
+var verifyAsync = async (signature, message, publicKey, opts = defaultVerifyOpts) => hashFinishA(_verify(signature, message, publicKey, opts));
+var hashes = {
+  sha512Async: async (message) => {
     const s = subtle();
-    const m = concatBytes(...messages);
+    const m = concatBytes(message);
     return u8n(await s.digest("SHA-512", m.buffer));
   },
-  sha512Sync: void 0,
-  bytesToHex,
-  hexToBytes,
-  concatBytes,
-  mod: M,
-  invert,
-  randomBytes
+  sha512: void 0
 };
+var randomSecretKey = (seed = randomBytes(L)) => seed;
 var utils = {
   getExtendedPublicKeyAsync,
   getExtendedPublicKey,
-  randomPrivateKey: () => randomBytes(L),
-  precompute: (w = 8, p = G) => {
-    p.multiply(3n);
-    return p;
-  }
-  // no-op
+  randomSecretKey
 };
 var W = 8;
 var scalarBits = 256;
@@ -472,6 +486,8 @@ var wNAF = (n) => {
       p = p.add(ctneg(isNeg, comp[offP]));
     }
   }
+  if (n !== 0n)
+    err("invalid wnaf");
   return { p, f };
 };
@@ -603,14 +619,17 @@ async function exportKeyPolyfill(format, key) {
         throw new DOMException(`Unable to export a raw Ed25519 ${key.type} key`, "InvalidAccessError");
       }
       const publicKeyBytes = await getPublicKeyBytes(key);
-      return publicKeyBytes;
+      return publicKeyBytes.buffer;
     }
     case "pkcs8": {
       if (key.type !== "private") {
         throw new DOMException(`Unable to export a pkcs8 Ed25519 ${key.type} key`, "InvalidAccessError");
       }
       const secretKeyBytes = getSecretKeyBytes_INTERNAL_ONLY_DO_NOT_EXPORT(key);
-      return new Uint8Array([...ED25519_PKCS8_HEADER, ...secretKeyBytes]);
+      const result = new Uint8Array(ED25519_PKCS8_HEADER.length + secretKeyBytes.length);
+      result.set(ED25519_PKCS8_HEADER, 0);
+      result.set(secretKeyBytes, ED25519_PKCS8_HEADER.length);
+      return result.buffer;
     }
     case "jwk": {
       const publicKeyBytes = await getPublicKeyBytes(key);
@@ -635,7 +654,7 @@ async function exportKeyPolyfill(format, key) {
   }
 }
 function generateKeyPolyfill(extractable, keyUsages) {
-  const privateKeyBytes = utils.randomPrivateKey();
+  const privateKeyBytes = utils.randomSecretKey();
   const keyPair = createKeyPairFromBytes(privateKeyBytes, extractable, keyUsages);
   return keyPair;
 }
@@ -649,7 +668,7 @@ async function signPolyfill(key, data) {
   const privateKeyBytes = getSecretKeyBytes_INTERNAL_ONLY_DO_NOT_EXPORT(key);
   const payload = bufferSourceToUint8Array(data);
   const signature = await signAsync(payload, privateKeyBytes);
-  return signature;
+  return signature.buffer;
 }
 async function verifyPolyfill(key, signature, data) {
   if (key.type !== "public" || !key.usages.includes("verify")) {