npm - @thru/crypto - Versions diffs - 0.1.29 → 0.1.33 - Mend

@thru/crypto 0.1.29 → 0.1.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -67,6 +67,7 @@ declare class SecureMemory {
 /**
  * HD Wallet helpers for Thru (BIP44 coin type 9999).
+ * Uses SLIP-0010 for Ed25519 key derivation via micro-key-producer.
  * Returns raw key material along with encoded addresses.
  */
 declare class ThruHDWallet {

package/dist/index.js CHANGED Viewed

@@ -1,8 +1,7 @@
 import { getWebCrypto, encodeAddress } from '@thru/helpers';
 export { getWebCrypto } from '@thru/helpers';
 import scrypt from 'scrypt-js';
-import { getPublicKeyAsync } from '@noble/ed25519';
-import { derivePath } from 'ed25519-hd-key';
+import HDKey from 'micro-key-producer/slip10.js';
 import * as bip39 from 'bip39';
 // src/index.ts
@@ -159,11 +158,15 @@ var _ThruHDWallet = class _ThruHDWallet {
       throw new Error("Seed must be 64 bytes");
     }
   }
-  static async deriveKeyPair(seed, path) {
+  static deriveKeyPair(seed, path) {
     _ThruHDWallet.ensureSeed(seed);
-    const derived = derivePath(path, Buffer.from(seed).toString("hex"));
-    const privateKey = new Uint8Array(derived.key);
-    const publicKey = new Uint8Array(await getPublicKeyAsync(privateKey));
+    const hdkey = HDKey.fromMasterSeed(seed);
+    const derived = hdkey.derive(path);
+    if (!derived.privateKey || !derived.publicKey) {
+      throw new Error("Failed to derive key pair");
+    }
+    const privateKey = derived.privateKey;
+    const publicKey = derived.publicKeyRaw;
     const secretKey = new Uint8Array(privateKey.length + publicKey.length);
     secretKey.set(privateKey, 0);
     secretKey.set(publicKey, privateKey.length);
@@ -178,7 +181,7 @@ var _ThruHDWallet = class _ThruHDWallet {
       throw new Error("Account index must be non-negative");
     }
     const path = `${_ThruHDWallet.THRU_DERIVATION_PATH}/${accountIndex}'/${change}'`;
-    const { publicKey, privateKey, secretKey } = await _ThruHDWallet.deriveKeyPair(seed, path);
+    const { publicKey, privateKey, secretKey } = _ThruHDWallet.deriveKeyPair(seed, path);
     return {
       address: encodeAddress(publicKey),
       publicKey,

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/encryption.ts","../src/hdwallet.ts","../src/mnemonic.ts"],"names":[],"mappings":";;;;;;;;AAiBO,IAAM,oBAAN,MAAwB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAe7B,aAAa,OAAA,CAAQ,IAAA,EAAkB,QAAA,EAA0C;AAE/E,IAAA,MAAM,SAAS,YAAA,EAAa;AAC5B,IAAA,MAAM,OAAO,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,IAAA,CAAK,WAAW,CAAC,CAAA;AACpE,IAAA,MAAM,KAAK,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,IAAA,CAAK,SAAS,CAAC,CAAA;AAGhE,IAAA,MAAM,aAAA,GAAgB,IAAI,WAAA,EAAY,CAAE,OAAO,QAAQ,CAAA;AACvD,IAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA;AAAA,MAC9B,aAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA,CAAK,SAAA;AAAA,MACL,IAAA,CAAK,SAAA;AAAA,MACL,IAAA,CAAK,SAAA;AAAA,MACL,IAAA,CAAK;AAAA,KACP;AAGA,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MACpC,KAAA;AAAA,MACA,IAAI,WAAW,UAAU,CAAA;AAAA,MACzB,EAAE,MAAM,SAAA,EAAU;AAAA,MAClB,KAAA;AAAA,MACA,CAAC,SAAS;AAAA,KACZ;AAGA,IAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA,CAAO,OAAA;AAAA,MACrC,EAAE,IAAA,EAAM,SAAA,EAAW,EAAA,EAAG;AAAA,MACtB,SAAA;AAAA,MACA;AAAA,KACF;AAGA,IAAA,UAAA,CAAW,KAAK,CAAC,CAAA;AACjB,IAAA,aAAA,CAAc,KAAK,CAAC,CAAA;AAEpB,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,IAAI,UAAA,CAAW,UAAU,CAAA;AAAA,MACrC,IAAA;AAAA,MACA,EAAA;AAAA,MACA,SAAA,EAAW;AAAA,QACT,GAAG,IAAA,CAAK,SAAA;AAAA,QACR,GAAG,IAAA,CAAK,SAAA;AAAA,QACR,GAAG,IAAA,CAAK;AAAA;AACV,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,aAAa,OAAA,CAAQ,SAAA,EAA0B,QAAA,EAAuC;AAEpF,IAAA,MAAM,aAAA,GAAgB,IAAI,WAAA,EAAY,CAAE,OAAO,QAAQ,CAAA;AACvD,IAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA;AAAA,MAC9B,aAAA;AAAA,MACA,SAAA,CAAU,IAAA;AAAA,MACV,UAAU,SAAA,CAAU,CAAA;AAAA,MACpB,UAAU,SAAA,CAAU,CAAA;AAAA,MACpB,UAAU,SAAA,CAAU,CAAA;AAAA,MACpB,IAAA,CAAK;AAAA,KACP;AAGA,IAAA,MAAM,SAAS,YAAA,EAAa;AAC5B,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MACpC,KAAA;AAAA,MACA,IAAI,WAAW,UAAU,CAAA;AAAA,MACzB,EAAE,MAAM,SAAA,EAAU;AAAA,MAClB,KAAA;AAAA,MACA,CAAC,SAAS;AAAA,KACZ;AAEA,IAAA,IAAI;AAEF,MAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,OAAA;AAAA,QACpC,EAAE,IAAA,EAAM,SAAA,EAAW,EAAA,EAAI,UAAU,EAAA,EAA6B;AAAA,QAC9D,SAAA;AAAA,QACA,SAAA,CAAU;AAAA,OACZ;AAGA,MAAA,UAAA,CAAW,KAAK,CAAC,CAAA;AACjB,MAAA,aAAA,CAAc,KAAK,CAAC,CAAA;AAEpB,MAAA,OAAO,IAAI,WAAW,SAAS,CAAA;AAAA,IACjC,SAAS,KAAA,EAAO;AAEd,MAAA,UAAA,CAAW,KAAK,CAAC,CAAA;AACjB,MAAA,aAAA,CAAc,KAAK,CAAC,CAAA;AACpB,MAAA,MAAM,IAAI,MAAM,0DAA0D,CAAA;AAAA,IAC5E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,UAAU,SAAA,EAAkC;AACjD,IAAA,OAAO,KAAK,SAAA,CAAU;AAAA,MACpB,YAAY,MAAA,CAAO,IAAA,CAAK,UAAU,UAAU,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,MAC/D,MAAM,MAAA,CAAO,IAAA,CAAK,UAAU,IAAI,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,MACnD,IAAI,MAAA,CAAO,IAAA,CAAK,UAAU,EAAE,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,MAC/C,WAAW,SAAA,CAAU;AAAA,KACtB,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,YAAY,UAAA,EAAmC;AACpD,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,UAAU,CAAA;AACpC,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,IAAI,UAAA,CAAW,MAAA,CAAO,KAAK,MAAA,CAAO,UAAA,EAAY,QAAQ,CAAC,CAAA;AAAA,MACnE,IAAA,EAAM,IAAI,UAAA,CAAW,MAAA,CAAO,KAAK,MAAA,CAAO,IAAA,EAAM,QAAQ,CAAC,CAAA;AAAA,MACvD,EAAA,EAAI,IAAI,UAAA,CAAW,MAAA,CAAO,KAAK,MAAA,CAAO,EAAA,EAAI,QAAQ,CAAC,CAAA;AAAA,MACnD,WAAW,MAAA,CAAO;AAAA,KACpB;AAAA,EACF;AACF;AAAA;AA7Ia,iBAAA,CAEa,SAAA,GAAY,IAAA;AAAA;AAFzB,iBAAA,CAGa,SAAA,GAAY,CAAA;AAHzB,iBAAA,CAIa,SAAA,GAAY,CAAA;AAJzB,iBAAA,CAKa,UAAA,GAAa,EAAA;AAAA;AAL1B,iBAAA,CAMa,WAAA,GAAc,EAAA;AAN3B,iBAAA,CAOa,SAAA,GAAY,EAAA;AA2I/B,IAAM,eAAN,MAAmB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKxB,OAAO,QAAQ,KAAA,EAAyB;AACtC,IAAA,KAAA,CAAM,KAAK,CAAC,CAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,iBAAA,CAAkB,CAAA,EAAe,CAAA,EAAwB;AAC9D,IAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ;AACzB,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,MAAA,GAAS,CAAA;AACb,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,QAAQ,CAAA,EAAA,EAAK;AACjC,MAAA,MAAA,IAAU,CAAA,CAAE,CAAC,CAAA,GAAI,CAAA,CAAE,CAAC,CAAA;AAAA,IACtB;AAEA,IAAA,OAAO,MAAA,KAAW,CAAA;AAAA,EACpB;AACF;ACtLO,IAAM,aAAA,GAAN,MAAM,aAAA,CAAa;AAAA,EAIxB,OAAe,WAAW,IAAA,EAAwB;AAChD,IAAA,IAAI,IAAA,CAAK,WAAW,EAAA,EAAI;AACtB,MAAA,MAAM,IAAI,MAAM,uBAAuB,CAAA;AAAA,IACzC;AAAA,EACF;AAAA,EAEA,aAAqB,aAAA,CAAc,IAAA,EAAkB,IAAA,EAAc;AACjE,IAAA,aAAA,CAAa,WAAW,IAAI,CAAA;AAC5B,IAAA,MAAM,OAAA,GAAU,WAAW,IAAA,EAAM,MAAA,CAAO,KAAK,IAAI,CAAA,CAAE,QAAA,CAAS,KAAK,CAAC,CAAA;AAClE,IAAA,MAAM,UAAA,GAAa,IAAI,UAAA,CAAW,OAAA,CAAQ,GAAG,CAAA;AAC7C,IAAA,MAAM,YAAY,IAAI,UAAA,CAAW,MAAM,iBAAA,CAAkB,UAAU,CAAC,CAAA;AACpE,IAAA,MAAM,YAAY,IAAI,UAAA,CAAW,UAAA,CAAW,MAAA,GAAS,UAAU,MAAM,CAAA;AACrE,IAAA,SAAA,CAAU,GAAA,CAAI,YAAY,CAAC,CAAA;AAC3B,IAAA,SAAA,CAAU,GAAA,CAAI,SAAA,EAAW,UAAA,CAAW,MAAM,CAAA;AAE1C,IAAA,OAAO;AAAA,MACL,SAAA;AAAA,MACA,UAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEA,aAAa,UAAA,CACX,IAAA,EACA,YAAA,GAAuB,CAAA,EACvB,SAAiB,CAAA,EAOhB;AACD,IAAA,IAAI,eAAe,CAAA,EAAG;AACpB,MAAA,MAAM,IAAI,MAAM,oCAAoC,CAAA;AAAA,IACtD;AAEA,IAAA,MAAM,OAAO,CAAA,EAAG,aAAA,CAAa,oBAAoB,CAAA,CAAA,EAAI,YAAY,KAAK,MAAM,CAAA,CAAA,CAAA;AAC5E,IAAA,MAAM,EAAE,WAAW,UAAA,EAAY,SAAA,KAAc,MAAM,aAAA,CAAa,aAAA,CAAc,IAAA,EAAM,IAAI,CAAA;AAExF,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,cAAc,SAAS,CAAA;AAAA,MAChC,SAAA;AAAA,MACA,UAAA;AAAA,MACA,SAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEA,aAAa,cAAA,CACX,IAAA,EACA,KAAA,EAME;AACF,IAAA,MAAM,WAAW,EAAC;AAClB,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,EAAO,CAAA,EAAA,EAAK;AAC9B,MAAA,MAAM,OAAA,GAAU,MAAM,aAAA,CAAa,UAAA,CAAW,MAAM,CAAC,CAAA;AACrD,MAAA,QAAA,CAAS,IAAA,CAAK;AAAA,QACZ,KAAA,EAAO,CAAA;AAAA,QACP,SAAS,OAAA,CAAQ,OAAA;AAAA,QACjB,MAAM,OAAA,CAAQ,IAAA;AAAA,QACd,WAAW,OAAA,CAAQ;AAAA,OACpB,CAAA;AAAA,IACH;AACA,IAAA,OAAO,QAAA;AAAA,EACT;AAAA,EAEA,OAAO,YAAY,IAAA,EAAuB;AACxC,IAAA,MAAM,SAAA,GAAY,cAAA;AAClB,IAAA,OAAO,SAAA,CAAU,KAAK,IAAI,CAAA;AAAA,EAC5B;AACF,CAAA;AA/Ea,aAAA,CACK,cAAA,GAAiB,IAAA;AADtB,aAAA,CAEK,oBAAA,GAAuB,CAAA,MAAA,EAAS,aAAA,CAAa,cAAc,CAAA,CAAA,CAAA;AAFtE,IAAM,YAAA,GAAN;ACHA,IAAM,oBAAN,MAAwB;AAAA;AAAA;AAAA;AAAA;AAAA,EAK7B,OAAO,QAAA,GAAmB;AAExB,IAAA,OAAa,uBAAiB,GAAG,CAAA;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,SAAS,MAAA,EAAyB;AACvC,IAAA,OAAa,uBAAiB,MAAM,CAAA;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,MAAA,CAAO,MAAA,EAAgB,UAAA,GAAqB,EAAA,EAAgB;AACjE,IAAA,IAAI,CAAC,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,EAAG;AAC1B,MAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,IAC3C;AACA,IAAA,MAAM,IAAA,GAAa,KAAA,CAAA,kBAAA,CAAmB,MAAA,EAAQ,UAAU,CAAA;AACxD,IAAA,OAAO,IAAI,WAAW,IAAI,CAAA;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,aAAa,MAAA,EAAwB;AAC1C,IAAA,OAAO,MAAA,CAAO,IAAA,EAAK,CAAE,KAAA,CAAM,KAAK,CAAA,CAAE,MAAA;AAAA,EACpC;AACF","file":"index.js","sourcesContent":["import scrypt from 'scrypt-js';\nimport { getWebCrypto } from '@thru/helpers';\n\nexport interface EncryptedData {\n ciphertext: Uint8Array;\n salt: Uint8Array;\n iv: Uint8Array;\n kdfParams: {\n N: number; // CPU/memory cost parameter\n r: number; // Block size\n p: number; // Parallelization parameter\n };\n}\n\n/*\n Encryption service using scrypt KDF and AES-GCM\n /\nexport class EncryptionService {\n // Default scrypt parameters (can be adjusted for performance/security trade-off)\n private static readonly DEFAULT_N = 8192; // 2^15\n private static readonly DEFAULT_R = 8;\n private static readonly DEFAULT_P = 1;\n private static readonly KEY_LENGTH = 32; // 256 bits for AES-256\n private static readonly SALT_LENGTH = 32;\n private static readonly IV_LENGTH = 12; // Recommended for AES-GCM\n\n /\n Encrypt data using password-based encryption\n * @param data - Data to encrypt\n * @param password - User password\n * @returns Encrypted data with parameters\n /\n static async encrypt(data: Uint8Array, password: string): Promise<EncryptedData> {\n // Generate random salt and IV\n const crypto = getWebCrypto();\n const salt = crypto.getRandomValues(new Uint8Array(this.SALT_LENGTH));\n const iv = crypto.getRandomValues(new Uint8Array(this.IV_LENGTH));\n\n // Derive key from password using scrypt\n const passwordBytes = new TextEncoder().encode(password);\n const derivedKey = await scrypt.scrypt(\n passwordBytes,\n salt,\n this.DEFAULT_N,\n this.DEFAULT_R,\n this.DEFAULT_P,\n this.KEY_LENGTH\n );\n\n // Import key for WebCrypto API\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n new Uint8Array(derivedKey),\n { name: 'AES-GCM' },\n false,\n ['encrypt']\n );\n\n // Encrypt data using AES-GCM\n const ciphertext = await crypto.subtle.encrypt(\n { name: 'AES-GCM', iv },\n cryptoKey,\n data as unknown as ArrayBuffer\n );\n\n // Zero out sensitive data\n derivedKey.fill(0);\n passwordBytes.fill(0);\n\n return {\n ciphertext: new Uint8Array(ciphertext),\n salt,\n iv,\n kdfParams: {\n N: this.DEFAULT_N,\n r: this.DEFAULT_R,\n p: this.DEFAULT_P,\n },\n };\n }\n\n /\n Decrypt encrypted data using password\n * @param encrypted - Encrypted data with parameters\n * @param password - User password\n * @returns Decrypted data\n /\n static async decrypt(encrypted: EncryptedData, password: string): Promise<Uint8Array> {\n // Derive key from password using stored parameters\n const passwordBytes = new TextEncoder().encode(password);\n const derivedKey = await scrypt.scrypt(\n passwordBytes,\n encrypted.salt,\n encrypted.kdfParams.N,\n encrypted.kdfParams.r,\n encrypted.kdfParams.p,\n this.KEY_LENGTH\n );\n\n // Import key for WebCrypto API\n const crypto = getWebCrypto();\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n new Uint8Array(derivedKey),\n { name: 'AES-GCM' },\n false,\n ['decrypt']\n );\n\n try {\n // Decrypt data using AES-GCM\n const decrypted = await crypto.subtle.decrypt(\n { name: 'AES-GCM', iv: encrypted.iv as unknown as ArrayBuffer },\n cryptoKey,\n encrypted.ciphertext as unknown as ArrayBuffer\n );\n\n // Zero out sensitive data\n derivedKey.fill(0);\n passwordBytes.fill(0);\n\n return new Uint8Array(decrypted);\n } catch (error) {\n // Zero out sensitive data even on error\n derivedKey.fill(0);\n passwordBytes.fill(0);\n throw new Error('Decryption failed - incorrect password or corrupted data');\n }\n }\n\n /\n Serialize encrypted data to a storable format\n * @param encrypted - Encrypted data\n * @returns Base64-encoded JSON string\n /\n static serialize(encrypted: EncryptedData): string {\n return JSON.stringify({\n ciphertext: Buffer.from(encrypted.ciphertext).toString('base64'),\n salt: Buffer.from(encrypted.salt).toString('base64'),\n iv: Buffer.from(encrypted.iv).toString('base64'),\n kdfParams: encrypted.kdfParams,\n });\n }\n\n /\n Deserialize encrypted data from storage\n * @param serialized - Serialized encrypted data\n * @returns Encrypted data object\n /\n static deserialize(serialized: string): EncryptedData {\n const parsed = JSON.parse(serialized);\n return {\n ciphertext: new Uint8Array(Buffer.from(parsed.ciphertext, 'base64')),\n salt: new Uint8Array(Buffer.from(parsed.salt, 'base64')),\n iv: new Uint8Array(Buffer.from(parsed.iv, 'base64')),\n kdfParams: parsed.kdfParams,\n };\n }\n}\n\n/\n Utility functions for secure memory management\n /\nexport class SecureMemory {\n /\n Zero out a Uint8Array to remove sensitive data from memory\n * @param array - Array to zero out\n /\n static zeroize(array: Uint8Array): void {\n array.fill(0);\n }\n\n /\n Compare two Uint8Arrays in constant time to prevent timing attacks\n * @param a - First array\n * @param b - Second array\n * @returns true if arrays are equal\n /\n static constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) {\n return false;\n }\n\n let result = 0;\n for (let i = 0; i < a.length; i++) {\n result \|= a[i] ^ b[i];\n }\n\n return result === 0;\n }\n}\n","import { getPublicKeyAsync } from '@noble/ed25519';\nimport { derivePath } from 'ed25519-hd-key';\nimport { encodeAddress } from '@thru/helpers';\n\n/\n HD Wallet helpers for Thru (BIP44 coin type 9999).\n * Returns raw key material along with encoded addresses.\n /\nexport class ThruHDWallet {\n static readonly THRU_COIN_TYPE = 9999;\n static readonly THRU_DERIVATION_PATH = `m/44'/${ThruHDWallet.THRU_COIN_TYPE}'`;\n\n private static ensureSeed(seed: Uint8Array): void {\n if (seed.length !== 64) {\n throw new Error('Seed must be 64 bytes');\n }\n }\n\n private static async deriveKeyPair(seed: Uint8Array, path: string) {\n ThruHDWallet.ensureSeed(seed);\n const derived = derivePath(path, Buffer.from(seed).toString('hex'));\n const privateKey = new Uint8Array(derived.key);\n const publicKey = new Uint8Array(await getPublicKeyAsync(privateKey));\n const secretKey = new Uint8Array(privateKey.length + publicKey.length);\n secretKey.set(privateKey, 0);\n secretKey.set(publicKey, privateKey.length);\n\n return {\n publicKey,\n privateKey,\n secretKey,\n };\n }\n\n static async getAccount(\n seed: Uint8Array,\n accountIndex: number = 0,\n change: number = 0\n ): Promise<{\n address: string;\n publicKey: Uint8Array;\n privateKey: Uint8Array;\n secretKey: Uint8Array;\n path: string;\n }> {\n if (accountIndex < 0) {\n throw new Error('Account index must be non-negative');\n }\n\n const path = `${ThruHDWallet.THRU_DERIVATION_PATH}/${accountIndex}'/${change}'`;\n const { publicKey, privateKey, secretKey } = await ThruHDWallet.deriveKeyPair(seed, path);\n\n return {\n address: encodeAddress(publicKey),\n publicKey,\n privateKey,\n secretKey,\n path,\n };\n }\n\n static async deriveAccounts(\n seed: Uint8Array,\n count: number\n ): Promise<Array<{\n index: number;\n address: string;\n path: string;\n publicKey: Uint8Array;\n }>> {\n const accounts = [];\n for (let i = 0; i < count; i++) {\n const account = await ThruHDWallet.getAccount(seed, i);\n accounts.push({\n index: i,\n address: account.address,\n path: account.path,\n publicKey: account.publicKey,\n });\n }\n return accounts;\n }\n\n static isValidPath(path: string): boolean {\n const pathRegex = /^m(\\/\\d+')+$/;\n return pathRegex.test(path);\n }\n}\n","import as bip39 from 'bip39';\n\n/*\n Handles BIP39 mnemonic phrase generation and validation\n /\nexport class MnemonicGenerator {\n /\n Generate a new 12-word mnemonic phrase\n * @returns 12-word mnemonic string\n /\n static generate(): string {\n // 128 bits of entropy = 12 words\n return bip39.generateMnemonic(128);\n }\n\n /\n Validate a mnemonic phrase\n * @param phrase - Mnemonic phrase to validate\n * @returns true if valid, false otherwise\n /\n static validate(phrase: string): boolean {\n return bip39.validateMnemonic(phrase);\n }\n\n /\n Convert mnemonic phrase to seed bytes\n * @param phrase - Valid mnemonic phrase\n * @param passphrase - Optional passphrase for additional security\n * @returns Seed as Uint8Array (64 bytes)\n /\n static toSeed(phrase: string, passphrase: string = ''): Uint8Array {\n if (!this.validate(phrase)) {\n throw new Error('Invalid mnemonic phrase');\n }\n const seed = bip39.mnemonicToSeedSync(phrase, passphrase);\n return new Uint8Array(seed);\n }\n\n /\n Get the number of words in a mnemonic\n * @param phrase - Mnemonic phrase\n * @returns Number of words\n */\n static getWordCount(phrase: string): number {\n return phrase.trim().split(/\\s+/).length;\n }\n}\n"]}
1	+ {"version":3,"sources":["../src/encryption.ts","../src/hdwallet.ts","../src/mnemonic.ts"],"names":[],"mappings":";;;;;;;AAiBO,IAAM,oBAAN,MAAwB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAe7B,aAAa,OAAA,CAAQ,IAAA,EAAkB,QAAA,EAA0C;AAE/E,IAAA,MAAM,SAAS,YAAA,EAAa;AAC5B,IAAA,MAAM,OAAO,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,IAAA,CAAK,WAAW,CAAC,CAAA;AACpE,IAAA,MAAM,KAAK,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,IAAA,CAAK,SAAS,CAAC,CAAA;AAGhE,IAAA,MAAM,aAAA,GAAgB,IAAI,WAAA,EAAY,CAAE,OAAO,QAAQ,CAAA;AACvD,IAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA;AAAA,MAC9B,aAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA,CAAK,SAAA;AAAA,MACL,IAAA,CAAK,SAAA;AAAA,MACL,IAAA,CAAK,SAAA;AAAA,MACL,IAAA,CAAK;AAAA,KACP;AAGA,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MACpC,KAAA;AAAA,MACA,IAAI,WAAW,UAAU,CAAA;AAAA,MACzB,EAAE,MAAM,SAAA,EAAU;AAAA,MAClB,KAAA;AAAA,MACA,CAAC,SAAS;AAAA,KACZ;AAGA,IAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA,CAAO,OAAA;AAAA,MACrC,EAAE,IAAA,EAAM,SAAA,EAAW,EAAA,EAAG;AAAA,MACtB,SAAA;AAAA,MACA;AAAA,KACF;AAGA,IAAA,UAAA,CAAW,KAAK,CAAC,CAAA;AACjB,IAAA,aAAA,CAAc,KAAK,CAAC,CAAA;AAEpB,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,IAAI,UAAA,CAAW,UAAU,CAAA;AAAA,MACrC,IAAA;AAAA,MACA,EAAA;AAAA,MACA,SAAA,EAAW;AAAA,QACT,GAAG,IAAA,CAAK,SAAA;AAAA,QACR,GAAG,IAAA,CAAK,SAAA;AAAA,QACR,GAAG,IAAA,CAAK;AAAA;AACV,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,aAAa,OAAA,CAAQ,SAAA,EAA0B,QAAA,EAAuC;AAEpF,IAAA,MAAM,aAAA,GAAgB,IAAI,WAAA,EAAY,CAAE,OAAO,QAAQ,CAAA;AACvD,IAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA;AAAA,MAC9B,aAAA;AAAA,MACA,SAAA,CAAU,IAAA;AAAA,MACV,UAAU,SAAA,CAAU,CAAA;AAAA,MACpB,UAAU,SAAA,CAAU,CAAA;AAAA,MACpB,UAAU,SAAA,CAAU,CAAA;AAAA,MACpB,IAAA,CAAK;AAAA,KACP;AAGA,IAAA,MAAM,SAAS,YAAA,EAAa;AAC5B,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MACpC,KAAA;AAAA,MACA,IAAI,WAAW,UAAU,CAAA;AAAA,MACzB,EAAE,MAAM,SAAA,EAAU;AAAA,MAClB,KAAA;AAAA,MACA,CAAC,SAAS;AAAA,KACZ;AAEA,IAAA,IAAI;AAEF,MAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,OAAA;AAAA,QACpC,EAAE,IAAA,EAAM,SAAA,EAAW,EAAA,EAAI,UAAU,EAAA,EAA6B;AAAA,QAC9D,SAAA;AAAA,QACA,SAAA,CAAU;AAAA,OACZ;AAGA,MAAA,UAAA,CAAW,KAAK,CAAC,CAAA;AACjB,MAAA,aAAA,CAAc,KAAK,CAAC,CAAA;AAEpB,MAAA,OAAO,IAAI,WAAW,SAAS,CAAA;AAAA,IACjC,SAAS,KAAA,EAAO;AAEd,MAAA,UAAA,CAAW,KAAK,CAAC,CAAA;AACjB,MAAA,aAAA,CAAc,KAAK,CAAC,CAAA;AACpB,MAAA,MAAM,IAAI,MAAM,0DAA0D,CAAA;AAAA,IAC5E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,UAAU,SAAA,EAAkC;AACjD,IAAA,OAAO,KAAK,SAAA,CAAU;AAAA,MACpB,YAAY,MAAA,CAAO,IAAA,CAAK,UAAU,UAAU,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,MAC/D,MAAM,MAAA,CAAO,IAAA,CAAK,UAAU,IAAI,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,MACnD,IAAI,MAAA,CAAO,IAAA,CAAK,UAAU,EAAE,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,MAC/C,WAAW,SAAA,CAAU;AAAA,KACtB,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,YAAY,UAAA,EAAmC;AACpD,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,UAAU,CAAA;AACpC,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,IAAI,UAAA,CAAW,MAAA,CAAO,KAAK,MAAA,CAAO,UAAA,EAAY,QAAQ,CAAC,CAAA;AAAA,MACnE,IAAA,EAAM,IAAI,UAAA,CAAW,MAAA,CAAO,KAAK,MAAA,CAAO,IAAA,EAAM,QAAQ,CAAC,CAAA;AAAA,MACvD,EAAA,EAAI,IAAI,UAAA,CAAW,MAAA,CAAO,KAAK,MAAA,CAAO,EAAA,EAAI,QAAQ,CAAC,CAAA;AAAA,MACnD,WAAW,MAAA,CAAO;AAAA,KACpB;AAAA,EACF;AACF;AAAA;AA7Ia,iBAAA,CAEa,SAAA,GAAY,IAAA;AAAA;AAFzB,iBAAA,CAGa,SAAA,GAAY,CAAA;AAHzB,iBAAA,CAIa,SAAA,GAAY,CAAA;AAJzB,iBAAA,CAKa,UAAA,GAAa,EAAA;AAAA;AAL1B,iBAAA,CAMa,WAAA,GAAc,EAAA;AAN3B,iBAAA,CAOa,SAAA,GAAY,EAAA;AA2I/B,IAAM,eAAN,MAAmB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKxB,OAAO,QAAQ,KAAA,EAAyB;AACtC,IAAA,KAAA,CAAM,KAAK,CAAC,CAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,iBAAA,CAAkB,CAAA,EAAe,CAAA,EAAwB;AAC9D,IAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ;AACzB,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,MAAA,GAAS,CAAA;AACb,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,QAAQ,CAAA,EAAA,EAAK;AACjC,MAAA,MAAA,IAAU,CAAA,CAAE,CAAC,CAAA,GAAI,CAAA,CAAE,CAAC,CAAA;AAAA,IACtB;AAEA,IAAA,OAAO,MAAA,KAAW,CAAA;AAAA,EACpB;AACF;ACtLO,IAAM,aAAA,GAAN,MAAM,aAAA,CAAa;AAAA,EAIxB,OAAe,WAAW,IAAA,EAAwB;AAChD,IAAA,IAAI,IAAA,CAAK,WAAW,EAAA,EAAI;AACtB,MAAA,MAAM,IAAI,MAAM,uBAAuB,CAAA;AAAA,IACzC;AAAA,EACF;AAAA,EAEA,OAAe,aAAA,CAAc,IAAA,EAAkB,IAAA,EAAc;AAC3D,IAAA,aAAA,CAAa,WAAW,IAAI,CAAA;AAC5B,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,cAAA,CAAe,IAAI,CAAA;AACvC,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,MAAA,CAAO,IAAI,CAAA;AAEjC,IAAA,IAAI,CAAC,OAAA,CAAQ,UAAA,IAAc,CAAC,QAAQ,SAAA,EAAW;AAC7C,MAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,IAC7C;AAEA,IAAA,MAAM,aAAa,OAAA,CAAQ,UAAA;AAC3B,IAAA,MAAM,YAAY,OAAA,CAAQ,YAAA;AAC1B,IAAA,MAAM,YAAY,IAAI,UAAA,CAAW,UAAA,CAAW,MAAA,GAAS,UAAU,MAAM,CAAA;AACrE,IAAA,SAAA,CAAU,GAAA,CAAI,YAAY,CAAC,CAAA;AAC3B,IAAA,SAAA,CAAU,GAAA,CAAI,SAAA,EAAW,UAAA,CAAW,MAAM,CAAA;AAE1C,IAAA,OAAO;AAAA,MACL,SAAA;AAAA,MACA,UAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEA,aAAa,UAAA,CACX,IAAA,EACA,YAAA,GAAuB,CAAA,EACvB,SAAiB,CAAA,EAOhB;AACD,IAAA,IAAI,eAAe,CAAA,EAAG;AACpB,MAAA,MAAM,IAAI,MAAM,oCAAoC,CAAA;AAAA,IACtD;AAEA,IAAA,MAAM,OAAO,CAAA,EAAG,aAAA,CAAa,oBAAoB,CAAA,CAAA,EAAI,YAAY,KAAK,MAAM,CAAA,CAAA,CAAA;AAC5E,IAAA,MAAM,EAAE,WAAW,UAAA,EAAY,SAAA,KAAc,aAAA,CAAa,aAAA,CAAc,MAAM,IAAI,CAAA;AAElF,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,cAAc,SAAS,CAAA;AAAA,MAChC,SAAA;AAAA,MACA,UAAA;AAAA,MACA,SAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEA,aAAa,cAAA,CACX,IAAA,EACA,KAAA,EAME;AACF,IAAA,MAAM,WAAW,EAAC;AAClB,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,EAAO,CAAA,EAAA,EAAK;AAC9B,MAAA,MAAM,OAAA,GAAU,MAAM,aAAA,CAAa,UAAA,CAAW,MAAM,CAAC,CAAA;AACrD,MAAA,QAAA,CAAS,IAAA,CAAK;AAAA,QACZ,KAAA,EAAO,CAAA;AAAA,QACP,SAAS,OAAA,CAAQ,OAAA;AAAA,QACjB,MAAM,OAAA,CAAQ,IAAA;AAAA,QACd,WAAW,OAAA,CAAQ;AAAA,OACpB,CAAA;AAAA,IACH;AACA,IAAA,OAAO,QAAA;AAAA,EACT;AAAA,EAEA,OAAO,YAAY,IAAA,EAAuB;AACxC,IAAA,MAAM,SAAA,GAAY,cAAA;AAClB,IAAA,OAAO,SAAA,CAAU,KAAK,IAAI,CAAA;AAAA,EAC5B;AACF,CAAA;AArFa,aAAA,CACK,cAAA,GAAiB,IAAA;AADtB,aAAA,CAEK,oBAAA,GAAuB,CAAA,MAAA,EAAS,aAAA,CAAa,cAAc,CAAA,CAAA,CAAA;AAFtE,IAAM,YAAA,GAAN;ACHA,IAAM,oBAAN,MAAwB;AAAA;AAAA;AAAA;AAAA;AAAA,EAK7B,OAAO,QAAA,GAAmB;AAExB,IAAA,OAAa,uBAAiB,GAAG,CAAA;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,SAAS,MAAA,EAAyB;AACvC,IAAA,OAAa,uBAAiB,MAAM,CAAA;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,MAAA,CAAO,MAAA,EAAgB,UAAA,GAAqB,EAAA,EAAgB;AACjE,IAAA,IAAI,CAAC,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,EAAG;AAC1B,MAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,IAC3C;AACA,IAAA,MAAM,IAAA,GAAa,KAAA,CAAA,kBAAA,CAAmB,MAAA,EAAQ,UAAU,CAAA;AACxD,IAAA,OAAO,IAAI,WAAW,IAAI,CAAA;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,aAAa,MAAA,EAAwB;AAC1C,IAAA,OAAO,MAAA,CAAO,IAAA,EAAK,CAAE,KAAA,CAAM,KAAK,CAAA,CAAE,MAAA;AAAA,EACpC;AACF","file":"index.js","sourcesContent":["import scrypt from 'scrypt-js';\nimport { getWebCrypto } from '@thru/helpers';\n\nexport interface EncryptedData {\n ciphertext: Uint8Array;\n salt: Uint8Array;\n iv: Uint8Array;\n kdfParams: {\n N: number; // CPU/memory cost parameter\n r: number; // Block size\n p: number; // Parallelization parameter\n };\n}\n\n/*\n Encryption service using scrypt KDF and AES-GCM\n /\nexport class EncryptionService {\n // Default scrypt parameters (can be adjusted for performance/security trade-off)\n private static readonly DEFAULT_N = 8192; // 2^15\n private static readonly DEFAULT_R = 8;\n private static readonly DEFAULT_P = 1;\n private static readonly KEY_LENGTH = 32; // 256 bits for AES-256\n private static readonly SALT_LENGTH = 32;\n private static readonly IV_LENGTH = 12; // Recommended for AES-GCM\n\n /\n Encrypt data using password-based encryption\n * @param data - Data to encrypt\n * @param password - User password\n * @returns Encrypted data with parameters\n /\n static async encrypt(data: Uint8Array, password: string): Promise<EncryptedData> {\n // Generate random salt and IV\n const crypto = getWebCrypto();\n const salt = crypto.getRandomValues(new Uint8Array(this.SALT_LENGTH));\n const iv = crypto.getRandomValues(new Uint8Array(this.IV_LENGTH));\n\n // Derive key from password using scrypt\n const passwordBytes = new TextEncoder().encode(password);\n const derivedKey = await scrypt.scrypt(\n passwordBytes,\n salt,\n this.DEFAULT_N,\n this.DEFAULT_R,\n this.DEFAULT_P,\n this.KEY_LENGTH\n );\n\n // Import key for WebCrypto API\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n new Uint8Array(derivedKey),\n { name: 'AES-GCM' },\n false,\n ['encrypt']\n );\n\n // Encrypt data using AES-GCM\n const ciphertext = await crypto.subtle.encrypt(\n { name: 'AES-GCM', iv },\n cryptoKey,\n data as unknown as ArrayBuffer\n );\n\n // Zero out sensitive data\n derivedKey.fill(0);\n passwordBytes.fill(0);\n\n return {\n ciphertext: new Uint8Array(ciphertext),\n salt,\n iv,\n kdfParams: {\n N: this.DEFAULT_N,\n r: this.DEFAULT_R,\n p: this.DEFAULT_P,\n },\n };\n }\n\n /\n Decrypt encrypted data using password\n * @param encrypted - Encrypted data with parameters\n * @param password - User password\n * @returns Decrypted data\n /\n static async decrypt(encrypted: EncryptedData, password: string): Promise<Uint8Array> {\n // Derive key from password using stored parameters\n const passwordBytes = new TextEncoder().encode(password);\n const derivedKey = await scrypt.scrypt(\n passwordBytes,\n encrypted.salt,\n encrypted.kdfParams.N,\n encrypted.kdfParams.r,\n encrypted.kdfParams.p,\n this.KEY_LENGTH\n );\n\n // Import key for WebCrypto API\n const crypto = getWebCrypto();\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n new Uint8Array(derivedKey),\n { name: 'AES-GCM' },\n false,\n ['decrypt']\n );\n\n try {\n // Decrypt data using AES-GCM\n const decrypted = await crypto.subtle.decrypt(\n { name: 'AES-GCM', iv: encrypted.iv as unknown as ArrayBuffer },\n cryptoKey,\n encrypted.ciphertext as unknown as ArrayBuffer\n );\n\n // Zero out sensitive data\n derivedKey.fill(0);\n passwordBytes.fill(0);\n\n return new Uint8Array(decrypted);\n } catch (error) {\n // Zero out sensitive data even on error\n derivedKey.fill(0);\n passwordBytes.fill(0);\n throw new Error('Decryption failed - incorrect password or corrupted data');\n }\n }\n\n /\n Serialize encrypted data to a storable format\n * @param encrypted - Encrypted data\n * @returns Base64-encoded JSON string\n /\n static serialize(encrypted: EncryptedData): string {\n return JSON.stringify({\n ciphertext: Buffer.from(encrypted.ciphertext).toString('base64'),\n salt: Buffer.from(encrypted.salt).toString('base64'),\n iv: Buffer.from(encrypted.iv).toString('base64'),\n kdfParams: encrypted.kdfParams,\n });\n }\n\n /\n Deserialize encrypted data from storage\n * @param serialized - Serialized encrypted data\n * @returns Encrypted data object\n /\n static deserialize(serialized: string): EncryptedData {\n const parsed = JSON.parse(serialized);\n return {\n ciphertext: new Uint8Array(Buffer.from(parsed.ciphertext, 'base64')),\n salt: new Uint8Array(Buffer.from(parsed.salt, 'base64')),\n iv: new Uint8Array(Buffer.from(parsed.iv, 'base64')),\n kdfParams: parsed.kdfParams,\n };\n }\n}\n\n/\n Utility functions for secure memory management\n /\nexport class SecureMemory {\n /\n Zero out a Uint8Array to remove sensitive data from memory\n * @param array - Array to zero out\n /\n static zeroize(array: Uint8Array): void {\n array.fill(0);\n }\n\n /\n Compare two Uint8Arrays in constant time to prevent timing attacks\n * @param a - First array\n * @param b - Second array\n * @returns true if arrays are equal\n /\n static constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) {\n return false;\n }\n\n let result = 0;\n for (let i = 0; i < a.length; i++) {\n result \|= a[i] ^ b[i];\n }\n\n return result === 0;\n }\n}\n","import HDKey from 'micro-key-producer/slip10.js';\nimport { encodeAddress } from '@thru/helpers';\n\n/\n HD Wallet helpers for Thru (BIP44 coin type 9999).\n * Uses SLIP-0010 for Ed25519 key derivation via micro-key-producer.\n * Returns raw key material along with encoded addresses.\n /\nexport class ThruHDWallet {\n static readonly THRU_COIN_TYPE = 9999;\n static readonly THRU_DERIVATION_PATH = `m/44'/${ThruHDWallet.THRU_COIN_TYPE}'`;\n\n private static ensureSeed(seed: Uint8Array): void {\n if (seed.length !== 64) {\n throw new Error('Seed must be 64 bytes');\n }\n }\n\n private static deriveKeyPair(seed: Uint8Array, path: string) {\n ThruHDWallet.ensureSeed(seed);\n const hdkey = HDKey.fromMasterSeed(seed);\n const derived = hdkey.derive(path);\n\n if (!derived.privateKey \|\| !derived.publicKey) {\n throw new Error('Failed to derive key pair');\n }\n\n const privateKey = derived.privateKey;\n const publicKey = derived.publicKeyRaw;\n const secretKey = new Uint8Array(privateKey.length + publicKey.length);\n secretKey.set(privateKey, 0);\n secretKey.set(publicKey, privateKey.length);\n\n return {\n publicKey,\n privateKey,\n secretKey,\n };\n }\n\n static async getAccount(\n seed: Uint8Array,\n accountIndex: number = 0,\n change: number = 0\n ): Promise<{\n address: string;\n publicKey: Uint8Array;\n privateKey: Uint8Array;\n secretKey: Uint8Array;\n path: string;\n }> {\n if (accountIndex < 0) {\n throw new Error('Account index must be non-negative');\n }\n\n const path = `${ThruHDWallet.THRU_DERIVATION_PATH}/${accountIndex}'/${change}'`;\n const { publicKey, privateKey, secretKey } = ThruHDWallet.deriveKeyPair(seed, path);\n\n return {\n address: encodeAddress(publicKey),\n publicKey,\n privateKey,\n secretKey,\n path,\n };\n }\n\n static async deriveAccounts(\n seed: Uint8Array,\n count: number\n ): Promise<Array<{\n index: number;\n address: string;\n path: string;\n publicKey: Uint8Array;\n }>> {\n const accounts = [];\n for (let i = 0; i < count; i++) {\n const account = await ThruHDWallet.getAccount(seed, i);\n accounts.push({\n index: i,\n address: account.address,\n path: account.path,\n publicKey: account.publicKey,\n });\n }\n return accounts;\n }\n\n static isValidPath(path: string): boolean {\n const pathRegex = /^m(\\/\\d+')+$/;\n return pathRegex.test(path);\n }\n}\n","import as bip39 from 'bip39';\n\n/*\n Handles BIP39 mnemonic phrase generation and validation\n /\nexport class MnemonicGenerator {\n /\n Generate a new 12-word mnemonic phrase\n * @returns 12-word mnemonic string\n /\n static generate(): string {\n // 128 bits of entropy = 12 words\n return bip39.generateMnemonic(128);\n }\n\n /\n Validate a mnemonic phrase\n * @param phrase - Mnemonic phrase to validate\n * @returns true if valid, false otherwise\n /\n static validate(phrase: string): boolean {\n return bip39.validateMnemonic(phrase);\n }\n\n /\n Convert mnemonic phrase to seed bytes\n * @param phrase - Valid mnemonic phrase\n * @param passphrase - Optional passphrase for additional security\n * @returns Seed as Uint8Array (64 bytes)\n /\n static toSeed(phrase: string, passphrase: string = ''): Uint8Array {\n if (!this.validate(phrase)) {\n throw new Error('Invalid mnemonic phrase');\n }\n const seed = bip39.mnemonicToSeedSync(phrase, passphrase);\n return new Uint8Array(seed);\n }\n\n /\n Get the number of words in a mnemonic\n * @param phrase - Mnemonic phrase\n * @returns Number of words\n */\n static getWordCount(phrase: string): number {\n return phrase.trim().split(/\\s+/).length;\n }\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@thru/crypto",
-  "version": "0.1.29",
+  "version": "0.1.33",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -11,16 +11,22 @@
     }
   },
   "dependencies": {
-    "@noble/ed25519": "^2.3.0",
     "bip39": "^3.1.0",
-    "ed25519-hd-key": "^1.3.0",
+    "micro-key-producer": "^0.8.2",
     "scrypt-js": "^3.0.1",
-    "@thru/helpers": "0.1.29"
+    "@thru/helpers": "0.1.33"
+  },
+  "devDependencies": {
+    "@types/node": "^24.10.1",
+    "vitest": "^3.2.4"
   },
   "scripts": {
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint src/",
+    "test": "vitest",
+    "test:run": "vitest run",
+    "test:watch": "vitest --watch",
     "clean": "rm -rf dist"
   }
 }

package/src/hdwallet.test.ts ADDED Viewed

@@ -0,0 +1,156 @@
+import { describe, it, expect } from 'vitest';
+import { mnemonicToSeed } from 'bip39';
+import { ThruHDWallet } from './hdwallet';
+/**
+ * Test vectors for ThruHDWallet using SLIP-0010 Ed25519 derivation.
+ *
+ * These vectors use the standard BIP39 test mnemonic and ensure that
+ * key derivation remains consistent across library changes.
+ *
+ * IMPORTANT: If these tests fail after a library update, existing wallets
+ * will derive different addresses and users will lose access to funds.
+ */
+// Standard BIP39 test mnemonic (12 words)
+const TEST_MNEMONIC =
+  'abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about';
+// Pre-computed test vectors using micro-key-producer v0.8.2
+// Path format: m/44'/9999'/accountIndex'/0'
+const TEST_VECTORS = [
+  {
+    accountIndex: 0,
+    path: "m/44'/9999'/0'/0'",
+    privateKey: 'f320787900b2be9214778b4219212b681d2d77f45e7045575680be4a6fe076e6',
+    publicKey: 'a20a6cddb7cf52fbe4403024e1ce8463ac0d70870bac6f492f5d16ba405fde12',
+  },
+  {
+    accountIndex: 1,
+    path: "m/44'/9999'/1'/0'",
+    privateKey: '092413cbbdffd063d2f5eca4d8aa881b6d25a7703af1d47dd14be87180675db1',
+    publicKey: '8b8f363e252268cbd1255f10c02a39c62594849f19fe72ed52e966ee0f3fdf5c',
+  },
+  {
+    accountIndex: 2,
+    path: "m/44'/9999'/2'/0'",
+    privateKey: 'dfffc0d7734b32429b30530972410a743f636ca6831b02d25ef794c3ee0eb09e',
+    publicKey: '7cc170536e078b25dd4d621d2cd347c9cdd225edfaf2eab51fe3883b843db144',
+  },
+];
+function bytesToHex(bytes: Uint8Array): string {
+  return Array.from(bytes)
+    .map((b) => b.toString(16).padStart(2, '0'))
+    .join('');
+}
+describe('ThruHDWallet', () => {
+  describe('SLIP-0010 Ed25519 derivation', () => {
+    let seed: Uint8Array;
+    beforeAll(async () => {
+      seed = await mnemonicToSeed(TEST_MNEMONIC);
+    });
+    it('should use correct coin type for Thru', () => {
+      expect(ThruHDWallet.THRU_COIN_TYPE).toBe(9999);
+    });
+    it('should use correct derivation path prefix', () => {
+      expect(ThruHDWallet.THRU_DERIVATION_PATH).toBe("m/44'/9999'");
+    });
+    it('should reject seeds that are not 64 bytes', async () => {
+      const shortSeed = new Uint8Array(32);
+      await expect(ThruHDWallet.getAccount(shortSeed, 0)).rejects.toThrow(
+        'Seed must be 64 bytes'
+      );
+    });
+    it('should reject negative account indices', async () => {
+      await expect(ThruHDWallet.getAccount(seed, -1)).rejects.toThrow(
+        'Account index must be non-negative'
+      );
+    });
+    TEST_VECTORS.forEach(({ accountIndex, path, privateKey, publicKey }) => {
+      describe(`Account ${accountIndex}`, () => {
+        it(`should derive correct path: ${path}`, async () => {
+          const account = await ThruHDWallet.getAccount(seed, accountIndex);
+          expect(account.path).toBe(path);
+        });
+        it('should derive correct private key (32 bytes)', async () => {
+          const account = await ThruHDWallet.getAccount(seed, accountIndex);
+          expect(account.privateKey.length).toBe(32);
+          expect(bytesToHex(account.privateKey)).toBe(privateKey);
+        });
+        it('should derive correct public key (32 bytes)', async () => {
+          const account = await ThruHDWallet.getAccount(seed, accountIndex);
+          expect(account.publicKey.length).toBe(32);
+          expect(bytesToHex(account.publicKey)).toBe(publicKey);
+        });
+        it('should produce 64-byte secret key (private + public)', async () => {
+          const account = await ThruHDWallet.getAccount(seed, accountIndex);
+          expect(account.secretKey.length).toBe(64);
+          // First 32 bytes should be private key
+          expect(bytesToHex(account.secretKey.slice(0, 32))).toBe(privateKey);
+          // Last 32 bytes should be public key
+          expect(bytesToHex(account.secretKey.slice(32))).toBe(publicKey);
+        });
+        it('should return a valid Thru address', async () => {
+          const account = await ThruHDWallet.getAccount(seed, accountIndex);
+          expect(account.address).toBeTruthy();
+          expect(typeof account.address).toBe('string');
+        });
+      });
+    });
+  });
+  describe('deriveAccounts', () => {
+    let seed: Uint8Array;
+    beforeAll(async () => {
+      seed = await mnemonicToSeed(TEST_MNEMONIC);
+    });
+    it('should derive multiple accounts', async () => {
+      const accounts = await ThruHDWallet.deriveAccounts(seed, 3);
+      expect(accounts.length).toBe(3);
+      accounts.forEach((account, i) => {
+        expect(account.index).toBe(i);
+        expect(account.path).toBe(`m/44'/9999'/${i}'/0'`);
+        expect(account.publicKey.length).toBe(32);
+        expect(account.address).toBeTruthy();
+      });
+    });
+    it('should derive accounts with matching test vectors', async () => {
+      const accounts = await ThruHDWallet.deriveAccounts(seed, 3);
+      TEST_VECTORS.forEach(({ accountIndex, publicKey }) => {
+        expect(bytesToHex(accounts[accountIndex].publicKey)).toBe(publicKey);
+      });
+    });
+  });
+  describe('isValidPath', () => {
+    it('should validate correct paths', () => {
+      expect(ThruHDWallet.isValidPath("m/44'/9999'/0'/0'")).toBe(true);
+      expect(ThruHDWallet.isValidPath("m/44'/0'")).toBe(true);
+      expect(ThruHDWallet.isValidPath("m/0'")).toBe(true);
+    });
+    it('should reject invalid paths', () => {
+      expect(ThruHDWallet.isValidPath('m/44/9999/0/0')).toBe(false); // non-hardened
+      expect(ThruHDWallet.isValidPath('44/9999/0/0')).toBe(false); // no m prefix
+      expect(ThruHDWallet.isValidPath('')).toBe(false);
+      expect(ThruHDWallet.isValidPath('invalid')).toBe(false);
+    });
+  });
+});

package/src/hdwallet.ts CHANGED Viewed

@@ -1,9 +1,9 @@
-import { getPublicKeyAsync } from '@noble/ed25519';
-import { derivePath } from 'ed25519-hd-key';
+import HDKey from 'micro-key-producer/slip10.js';
 import { encodeAddress } from '@thru/helpers';
 /**
  * HD Wallet helpers for Thru (BIP44 coin type 9999).
+ * Uses SLIP-0010 for Ed25519 key derivation via micro-key-producer.
  * Returns raw key material along with encoded addresses.
  */
 export class ThruHDWallet {
@@ -16,11 +16,17 @@ export class ThruHDWallet {
     }
   }
-  private static async deriveKeyPair(seed: Uint8Array, path: string) {
+  private static deriveKeyPair(seed: Uint8Array, path: string) {
     ThruHDWallet.ensureSeed(seed);
-    const derived = derivePath(path, Buffer.from(seed).toString('hex'));
-    const privateKey = new Uint8Array(derived.key);
-    const publicKey = new Uint8Array(await getPublicKeyAsync(privateKey));
+    const hdkey = HDKey.fromMasterSeed(seed);
+    const derived = hdkey.derive(path);
+    if (!derived.privateKey || !derived.publicKey) {
+      throw new Error('Failed to derive key pair');
+    }
+    const privateKey = derived.privateKey;
+    const publicKey = derived.publicKeyRaw;
     const secretKey = new Uint8Array(privateKey.length + publicKey.length);
     secretKey.set(privateKey, 0);
     secretKey.set(publicKey, privateKey.length);
@@ -48,7 +54,7 @@ export class ThruHDWallet {
     }
     const path = `${ThruHDWallet.THRU_DERIVATION_PATH}/${accountIndex}'/${change}'`;
-    const { publicKey, privateKey, secretKey } = await ThruHDWallet.deriveKeyPair(seed, path);
+    const { publicKey, privateKey, secretKey } = ThruHDWallet.deriveKeyPair(seed, path);
     return {
       address: encodeAddress(publicKey),

package/vitest.config.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import { defineConfig } from 'vitest/config';
+export default defineConfig({
+  test: {
+    globals: true,
+    include: ['src/**/*.{test,spec}.ts'],
+    exclude: ['**/node_modules/**', '**/dist/**'],
+  },
+});