@waku/rln 0.1.5-a8ff776.0 → 0.1.5-aaa7a0c.0

package/bundle/packages/rln/dist/credentials_manager.js

@@ -0,0 +1,215 @@
+import { hmac } from '../node_modules/@noble/hashes/esm/hmac.js';
+import { sha256 } from '../node_modules/@noble/hashes/esm/sha256.js';
+import '../../interfaces/dist/protocols.js';
+import '../../interfaces/dist/connection_manager.js';
+import '../../interfaces/dist/health_indicator.js';
+import '../../../node_modules/multiformats/dist/src/bases/base10.js';
+import '../../../node_modules/multiformats/dist/src/bases/base16.js';
+import '../../../node_modules/multiformats/dist/src/bases/base2.js';
+import '../../../node_modules/multiformats/dist/src/bases/base256emoji.js';
+import '../../../node_modules/multiformats/dist/src/bases/base32.js';
+import '../../../node_modules/multiformats/dist/src/bases/base36.js';
+import '../../../node_modules/multiformats/dist/src/bases/base58.js';
+import '../../../node_modules/multiformats/dist/src/bases/base64.js';
+import '../../../node_modules/multiformats/dist/src/bases/base8.js';
+import '../../../node_modules/multiformats/dist/src/bases/identity.js';
+import '../../../node_modules/multiformats/dist/src/codecs/json.js';
+import { Logger } from '../../utils/dist/logger/index.js';
+import { LINEA_CONTRACT } from './contract/constants.js';
+import { RLNBaseContract } from './contract/rln_base_contract.js';
+import { IdentityCredential } from './identity.js';
+import { Keystore } from './keystore/keystore.js';
+import { extractMetaMaskSigner } from './utils/metamask.js';
+import { buildBigIntFromUint8Array } from './utils/bytes.js';
+import './utils/epoch.js';
+
+const log = new Logger("waku:credentials");
+/**
+ * Manages credentials for RLN
+ * This is a lightweight implementation of the RLN contract that doesn't require Zerokit
+ * It is used to register membership and generate identity credentials
+ */
+class RLNCredentialsManager {
+    started = false;
+    starting = false;
+    contract;
+    signer;
+    keystore = Keystore.create();
+    credentials;
+    zerokit;
+    constructor(zerokit) {
+        log.info("RLNCredentialsManager initialized");
+        this.zerokit = zerokit;
+    }
+    get provider() {
+        return this.contract?.provider;
+    }
+    async start(options = {}) {
+        if (this.started || this.starting) {
+            log.info("RLNCredentialsManager already started or starting");
+            return;
+        }
+        log.info("Starting RLNCredentialsManager");
+        this.starting = true;
+        try {
+            const { credentials, keystore } = await RLNCredentialsManager.decryptCredentialsIfNeeded(options.credentials);
+            if (credentials) {
+                log.info("Credentials successfully decrypted");
+            }
+            const { signer, address, rateLimit } = await this.determineStartOptions(options, credentials);
+            log.info(`Using contract address: ${address}`);
+            if (keystore) {
+                this.keystore = keystore;
+                log.info("Using provided keystore");
+            }
+            this.credentials = credentials;
+            this.signer = signer;
+            this.contract = new RLNBaseContract({
+                address: address,
+                signer: signer,
+                rateLimit: rateLimit ?? this.zerokit?.rateLimit
+            });
+            log.info("RLNCredentialsManager successfully started");
+            this.started = true;
+        }
+        catch (error) {
+            log.error("Failed to start RLNCredentialsManager", error);
+            throw error;
+        }
+        finally {
+            this.starting = false;
+        }
+    }
+    async registerMembership(options) {
+        if (!this.contract) {
+            log.error("RLN Contract is not initialized");
+            throw Error("RLN Contract is not initialized.");
+        }
+        log.info("Registering membership");
+        let identity = "identity" in options && options.identity;
+        if ("signature" in options) {
+            log.info("Generating identity from signature");
+            if (this.zerokit) {
+                log.info("Using Zerokit to generate identity");
+                identity = this.zerokit.generateSeededIdentityCredential(options.signature);
+            }
+            else {
+                log.info("Using local implementation to generate identity");
+                identity = this.generateSeededIdentityCredential(options.signature);
+            }
+        }
+        if (!identity) {
+            log.error("Missing signature or identity to register membership");
+            throw Error("Missing signature or identity to register membership.");
+        }
+        log.info("Registering identity with contract");
+        return this.contract.registerWithIdentity(identity);
+    }
+    /**
+     * Changes credentials in use by relying on provided Keystore earlier in rln.start
+     * @param id: string, hash of credentials to select from Keystore
+     * @param password: string or bytes to use to decrypt credentials from Keystore
+     */
+    async useCredentials(id, password) {
+        log.info(`Attempting to use credentials with ID: ${id}`);
+        this.credentials = await this.keystore?.readCredential(id, password);
+        if (this.credentials) {
+            log.info("Successfully loaded credentials");
+        }
+        else {
+            log.warn("Failed to load credentials");
+        }
+    }
+    async determineStartOptions(options, credentials) {
+        let chainId = credentials?.membership.chainId;
+        const address = credentials?.membership.address ||
+            options.address ||
+            LINEA_CONTRACT.address;
+        if (address === LINEA_CONTRACT.address) {
+            chainId = LINEA_CONTRACT.chainId.toString();
+            log.info(`Using Linea contract with chainId: ${chainId}`);
+        }
+        const signer = options.signer || (await extractMetaMaskSigner());
+        const currentChainId = await signer.getChainId();
+        log.info(`Current chain ID: ${currentChainId}`);
+        if (chainId && chainId !== currentChainId.toString()) {
+            log.error(`Chain ID mismatch: contract=${chainId}, current=${currentChainId}`);
+            throw Error(`Failed to start RLN contract, chain ID of contract is different from current one: contract-${chainId}, current network-${currentChainId}`);
+        }
+        return {
+            signer,
+            address
+        };
+    }
+    static async decryptCredentialsIfNeeded(credentials) {
+        if (!credentials) {
+            log.info("No credentials provided");
+            return {};
+        }
+        if ("identity" in credentials) {
+            log.info("Using already decrypted credentials");
+            return { credentials };
+        }
+        log.info("Attempting to decrypt credentials");
+        const keystore = Keystore.fromString(credentials.keystore);
+        if (!keystore) {
+            log.warn("Failed to create keystore from string");
+            return {};
+        }
+        try {
+            const decryptedCredentials = await keystore.readCredential(credentials.id, credentials.password);
+            log.info(`Successfully decrypted credentials with ID: ${credentials.id}`);
+            return {
+                keystore,
+                credentials: decryptedCredentials
+            };
+        }
+        catch (error) {
+            log.error("Failed to decrypt credentials", error);
+            throw error;
+        }
+    }
+    async verifyCredentialsAgainstContract(credentials) {
+        if (!this.contract) {
+            throw Error("Failed to verify chain coordinates: no contract initialized.");
+        }
+        const registryAddress = credentials.membership.address;
+        const currentRegistryAddress = this.contract.address;
+        if (registryAddress !== currentRegistryAddress) {
+            throw Error(`Failed to verify chain coordinates: credentials contract address=${registryAddress} is not equal to registryContract address=${currentRegistryAddress}`);
+        }
+        const chainId = credentials.membership.chainId;
+        const network = await this.contract.provider.getNetwork();
+        const currentChainId = network.chainId;
+        if (chainId !== currentChainId.toString()) {
+            throw Error(`Failed to verify chain coordinates: credentials chainID=${chainId} is not equal to registryContract chainID=${currentChainId}`);
+        }
+    }
+    /**
+     * Generates an identity credential from a seed string
+     * This is a pure implementation that doesn't rely on Zerokit
+     * @param seed A string seed to generate the identity from
+     * @returns IdentityCredential
+     */
+    generateSeededIdentityCredential(seed) {
+        log.info("Generating seeded identity credential");
+        // Convert the seed to bytes
+        const encoder = new TextEncoder();
+        const seedBytes = encoder.encode(seed);
+        // Generate deterministic values using HMAC-SHA256
+        // We use different context strings for each component to ensure they're different
+        const idTrapdoor = hmac(sha256, seedBytes, encoder.encode("IDTrapdoor"));
+        const idNullifier = hmac(sha256, seedBytes, encoder.encode("IDNullifier"));
+        // Generate IDSecretHash as a hash of IDTrapdoor and IDNullifier
+        const combinedBytes = new Uint8Array([...idTrapdoor, ...idNullifier]);
+        const idSecretHash = sha256(combinedBytes);
+        // Generate IDCommitment as a hash of IDSecretHash
+        const idCommitment = sha256(idSecretHash);
+        // Convert IDCommitment to BigInt
+        const idCommitmentBigInt = buildBigIntFromUint8Array(idCommitment);
+        log.info("Successfully generated identity credential");
+        return new IdentityCredential(idTrapdoor, idNullifier, idSecretHash, idCommitment, idCommitmentBigInt);
+    }
+}
+
+export { RLNCredentialsManager };

package/bundle/packages/rln/dist/keystore/keystore.js

@@ -187,6 +187,9 @@ class Keystore {
         }
     }
     static fromArraylikeToBytes(obj) {
+        if (Array.isArray(obj)) {
+            return new Uint8Array(obj);
+        }
         const bytes = [];
         let index = 0;
         let lastElement = obj[index];
@@ -208,10 +211,10 @@ class Keystore {
         return utf8ToBytes(JSON.stringify({
             treeIndex: options.membership.treeIndex,
             identityCredential: {
-                idCommitment: options.identity.IDCommitment,
-                idNullifier: options.identity.IDNullifier,
-                idSecretHash: options.identity.IDSecretHash,
-                idTrapdoor: options.identity.IDTrapdoor
+                idCommitment: Array.from(options.identity.IDCommitment),
+                idNullifier: Array.from(options.identity.IDNullifier),
+                idSecretHash: Array.from(options.identity.IDSecretHash),
+                idTrapdoor: Array.from(options.identity.IDTrapdoor)
             },
             membershipContract: {
                 chainId: options.membership.chainId,

package/bundle/packages/rln/dist/rln.js

@@ -21,167 +21,45 @@ import { Logger } from '../../utils/dist/logger/index.js';
 import '../../core/dist/lib/metadata/metadata.js';
 import __wbg_init, { init_panic_hook, newRLN } from '../../../node_modules/@waku/zerokit-rln-wasm/rln_wasm.js';
 import { createRLNEncoder, createRLNDecoder } from './codec.js';
-import { LINEA_CONTRACT, DEFAULT_RATE_LIMIT } from './contract/constants.js';
-import { RLNContract } from './contract/rln_contract.js';
-import { Keystore } from './keystore/keystore.js';
+import { DEFAULT_RATE_LIMIT } from './contract/constants.js';
+import { RLNCredentialsManager } from './credentials_manager.js';
 import verificationKey from './resources/verification_key.js';
 import { builder } from './resources/witness_calculator.js';
-import { extractMetaMaskSigner } from './utils/metamask.js';
-import './utils/epoch.js';
 import { Zerokit } from './zerokit.js';
 
 const log = new Logger("waku:rln");
-async function loadWitnessCalculator() {
-    try {
-        const url = new URL("./resources/rln.wasm", import.meta.url);
-        const response = await fetch(url);
-        if (!response.ok) {
-            throw new Error(`Failed to fetch witness calculator: ${response.status} ${response.statusText}`);
-        }
-        return await builder(new Uint8Array(await response.arrayBuffer()), false);
-    }
-    catch (error) {
-        log.error("Error loading witness calculator:", error);
-        throw new Error(`Failed to load witness calculator: ${error instanceof Error ? error.message : String(error)}`);
-    }
-}
-async function loadZkey() {
-    try {
-        const url = new URL("./resources/rln_final.zkey", import.meta.url);
-        const response = await fetch(url);
-        if (!response.ok) {
-            throw new Error(`Failed to fetch zkey: ${response.status} ${response.statusText}`);
-        }
-        return new Uint8Array(await response.arrayBuffer());
-    }
-    catch (error) {
-        log.error("Error loading zkey:", error);
-        throw new Error(`Failed to load zkey: ${error instanceof Error ? error.message : String(error)}`);
-    }
-}
-/**
- * Create an instance of RLN
- * @returns RLNInstance
- */
-async function create() {
-    try {
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        await __wbg_init?.();
-        init_panic_hook();
-        const witnessCalculator = await loadWitnessCalculator();
-        const zkey = await loadZkey();
-        const stringEncoder = new TextEncoder();
-        const vkey = stringEncoder.encode(JSON.stringify(verificationKey));
-        const DEPTH = 20;
-        const zkRLN = newRLN(DEPTH, zkey, vkey);
-        const zerokit = new Zerokit(zkRLN, witnessCalculator, DEFAULT_RATE_LIMIT);
-        return new RLNInstance(zerokit);
-    }
-    catch (error) {
-        log.error("Failed to initialize RLN:", error);
-        throw error;
-    }
-}
-class RLNInstance {
+class RLNInstance extends RLNCredentialsManager {
     zerokit;
-    started = false;
-    starting = false;
-    _contract;
-    _signer;
-    keystore = Keystore.create();
-    _credentials;
-    constructor(zerokit) {
-        this.zerokit = zerokit;
-    }
-    get contract() {
-        return this._contract;
-    }
-    get signer() {
-        return this._signer;
-    }
-    async start(options = {}) {
-        if (this.started || this.starting) {
-            return;
-        }
-        this.starting = true;
+    /**
+     * Create an instance of RLN
+     * @returns RLNInstance
+     */
+    static async create() {
         try {
-            const { credentials, keystore } = await RLNInstance.decryptCredentialsIfNeeded(options.credentials);
-            const { signer, address } = await this.determineStartOptions(options, credentials);
-            if (keystore) {
-                this.keystore = keystore;
-            }
-            this._credentials = credentials;
-            this._signer = signer;
-            this._contract = await RLNContract.init(this, {
-                address: address,
-                signer: signer,
-                rateLimit: options.rateLimit ?? this.zerokit.getRateLimit
-            });
-            this.started = true;
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            await __wbg_init?.();
+            init_panic_hook();
+            const witnessCalculator = await RLNInstance.loadWitnessCalculator();
+            const zkey = await RLNInstance.loadZkey();
+            const stringEncoder = new TextEncoder();
+            const vkey = stringEncoder.encode(JSON.stringify(verificationKey));
+            const DEPTH = 20;
+            const zkRLN = newRLN(DEPTH, zkey, vkey);
+            const zerokit = new Zerokit(zkRLN, witnessCalculator, DEFAULT_RATE_LIMIT);
+            return new RLNInstance(zerokit);
+        }
+        catch (error) {
+            log.error("Failed to initialize RLN:", error);
+            throw error;
         }
-        finally {
-            this.starting = false;
-        }
-    }
-    async determineStartOptions(options, credentials) {
-        let chainId = credentials?.membership.chainId;
-        const address = credentials?.membership.address ||
-            options.address ||
-            LINEA_CONTRACT.address;
-        if (address === LINEA_CONTRACT.address) {
-            chainId = LINEA_CONTRACT.chainId;
-        }
-        const signer = options.signer || (await extractMetaMaskSigner());
-        const currentChainId = await signer.getChainId();
-        if (chainId && chainId !== currentChainId) {
-            throw Error(`Failed to start RLN contract, chain ID of contract is different from current one: contract-${chainId}, current network-${currentChainId}`);
-        }
-        return {
-            signer,
-            address
-        };
     }
-    static async decryptCredentialsIfNeeded(credentials) {
-        if (!credentials) {
-            return {};
-        }
-        if ("identity" in credentials) {
-            return { credentials };
-        }
-        const keystore = Keystore.fromString(credentials.keystore);
-        if (!keystore) {
-            return {};
-        }
-        const decryptedCredentials = await keystore.readCredential(credentials.id, credentials.password);
-        return {
-            keystore,
-            credentials: decryptedCredentials
-        };
-    }
-    async registerMembership(options) {
-        if (!this.contract) {
-            throw Error("RLN Contract is not initialized.");
-        }
-        let identity = "identity" in options && options.identity;
-        if ("signature" in options) {
-            identity = this.zerokit.generateSeededIdentityCredential(options.signature);
-        }
-        if (!identity) {
-            throw Error("Missing signature or identity to register membership.");
-        }
-        return this.contract.registerWithIdentity(identity);
-    }
-    /**
-     * Changes credentials in use by relying on provided Keystore earlier in rln.start
-     * @param id: string, hash of credentials to select from Keystore
-     * @param password: string or bytes to use to decrypt credentials from Keystore
-     */
-    async useCredentials(id, password) {
-        this._credentials = await this.keystore?.readCredential(id, password);
+    constructor(zerokit) {
+        super(zerokit);
+        this.zerokit = zerokit;
     }
     async createEncoder(options) {
         const { credentials: decryptedCredentials } = await RLNInstance.decryptCredentialsIfNeeded(options.credentials);
-        const credentials = decryptedCredentials || this._credentials;
+        const credentials = decryptedCredentials || this.credentials;
         if (!credentials) {
             throw Error("Failed to create Encoder: missing RLN credentials. Use createRLNEncoder directly.");
         }
@@ -193,28 +71,40 @@ class RLNInstance {
             credential: credentials.identity
         });
     }
-    async verifyCredentialsAgainstContract(credentials) {
-        if (!this._contract) {
-            throw Error("Failed to verify chain coordinates: no contract initialized.");
-        }
-        const registryAddress = credentials.membership.address;
-        const currentRegistryAddress = this._contract.address;
-        if (registryAddress !== currentRegistryAddress) {
-            throw Error(`Failed to verify chain coordinates: credentials contract address=${registryAddress} is not equal to registryContract address=${currentRegistryAddress}`);
-        }
-        const chainId = credentials.membership.chainId;
-        const network = await this._contract.provider.getNetwork();
-        const currentChainId = network.chainId;
-        if (chainId !== currentChainId) {
-            throw Error(`Failed to verify chain coordinates: credentials chainID=${chainId} is not equal to registryContract chainID=${currentChainId}`);
-        }
-    }
     createDecoder(contentTopic) {
         return createRLNDecoder({
             rlnInstance: this,
             decoder: createDecoder(contentTopic)
         });
     }
+    static async loadWitnessCalculator() {
+        try {
+            const url = new URL("./resources/rln.wasm", import.meta.url);
+            const response = await fetch(url);
+            if (!response.ok) {
+                throw new Error(`Failed to fetch witness calculator: ${response.status} ${response.statusText}`);
+            }
+            return await builder(new Uint8Array(await response.arrayBuffer()), false);
+        }
+        catch (error) {
+            log.error("Error loading witness calculator:", error);
+            throw new Error(`Failed to load witness calculator: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    static async loadZkey() {
+        try {
+            const url = new URL("./resources/rln_final.zkey", import.meta.url);
+            const response = await fetch(url);
+            if (!response.ok) {
+                throw new Error(`Failed to fetch zkey: ${response.status} ${response.statusText}`);
+            }
+            return new Uint8Array(await response.arrayBuffer());
+        }
+        catch (error) {
+            log.error("Error loading zkey:", error);
+            throw new Error(`Failed to load zkey: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
 }
 
-export { RLNInstance, create };
+export { RLNInstance };

package/bundle/packages/rln/dist/zerokit.js

@@ -8,11 +8,11 @@ import { epochIntToBytes, dateToEpoch } from './utils/epoch.js';
 class Zerokit {
     zkRLN;
     witnessCalculator;
-    rateLimit;
-    constructor(zkRLN, witnessCalculator, rateLimit = DEFAULT_RATE_LIMIT) {
+    _rateLimit;
+    constructor(zkRLN, witnessCalculator, _rateLimit = DEFAULT_RATE_LIMIT) {
         this.zkRLN = zkRLN;
         this.witnessCalculator = witnessCalculator;
-        this.rateLimit = rateLimit;
+        this._rateLimit = _rateLimit;
     }
     get getZkRLN() {
         return this.zkRLN;
@@ -20,8 +20,8 @@ class Zerokit {
     get getWitnessCalculator() {
         return this.witnessCalculator;
     }
-    get getRateLimit() {
-        return this.rateLimit;
+    get rateLimit() {
+        return this._rateLimit;
     }
     generateIdentityCredentials() {
         const memKeys = generateExtendedMembershipKey(this.zkRLN); // TODO: rename this function in zerokit rln-wasm

package/bundle/packages/rln/node_modules/@noble/hashes/esm/_assert.js

@@ -0,0 +1,43 @@
+function number(n) {
+    if (!Number.isSafeInteger(n) || n < 0)
+        throw new Error(`Wrong positive integer: ${n}`);
+}
+function bool(b) {
+    if (typeof b !== 'boolean')
+        throw new Error(`Expected boolean, not ${b}`);
+}
+function bytes(b, ...lengths) {
+    if (!(b instanceof Uint8Array))
+        throw new TypeError('Expected Uint8Array');
+    if (lengths.length > 0 && !lengths.includes(b.length))
+        throw new TypeError(`Expected Uint8Array of length ${lengths}, not of length=${b.length}`);
+}
+function hash(hash) {
+    if (typeof hash !== 'function' || typeof hash.create !== 'function')
+        throw new Error('Hash should be wrapped by utils.wrapConstructor');
+    number(hash.outputLen);
+    number(hash.blockLen);
+}
+function exists(instance, checkFinished = true) {
+    if (instance.destroyed)
+        throw new Error('Hash instance has been destroyed');
+    if (checkFinished && instance.finished)
+        throw new Error('Hash#digest() has already been called');
+}
+function output(out, instance) {
+    bytes(out);
+    const min = instance.outputLen;
+    if (out.length < min) {
+        throw new Error(`digestInto() expects output buffer of length at least ${min}`);
+    }
+}
+const assert = {
+    number,
+    bool,
+    bytes,
+    hash,
+    exists,
+    output,
+};
+
+export { bool, bytes, assert as default, exists, hash, number, output };

package/bundle/packages/rln/node_modules/@noble/hashes/esm/_sha2.js

@@ -0,0 +1,116 @@
+import assert from './_assert.js';
+import { Hash, createView, toBytes } from './utils.js';
+
+// Polyfill for Safari 14
+function setBigUint64(view, byteOffset, value, isLE) {
+    if (typeof view.setBigUint64 === 'function')
+        return view.setBigUint64(byteOffset, value, isLE);
+    const _32n = BigInt(32);
+    const _u32_max = BigInt(0xffffffff);
+    const wh = Number((value >> _32n) & _u32_max);
+    const wl = Number(value & _u32_max);
+    const h = isLE ? 4 : 0;
+    const l = isLE ? 0 : 4;
+    view.setUint32(byteOffset + h, wh, isLE);
+    view.setUint32(byteOffset + l, wl, isLE);
+}
+// Base SHA2 class (RFC 6234)
+class SHA2 extends Hash {
+    constructor(blockLen, outputLen, padOffset, isLE) {
+        super();
+        this.blockLen = blockLen;
+        this.outputLen = outputLen;
+        this.padOffset = padOffset;
+        this.isLE = isLE;
+        this.finished = false;
+        this.length = 0;
+        this.pos = 0;
+        this.destroyed = false;
+        this.buffer = new Uint8Array(blockLen);
+        this.view = createView(this.buffer);
+    }
+    update(data) {
+        assert.exists(this);
+        const { view, buffer, blockLen } = this;
+        data = toBytes(data);
+        const len = data.length;
+        for (let pos = 0; pos < len;) {
+            const take = Math.min(blockLen - this.pos, len - pos);
+            // Fast path: we have at least one block in input, cast it to view and process
+            if (take === blockLen) {
+                const dataView = createView(data);
+                for (; blockLen <= len - pos; pos += blockLen)
+                    this.process(dataView, pos);
+                continue;
+            }
+            buffer.set(data.subarray(pos, pos + take), this.pos);
+            this.pos += take;
+            pos += take;
+            if (this.pos === blockLen) {
+                this.process(view, 0);
+                this.pos = 0;
+            }
+        }
+        this.length += data.length;
+        this.roundClean();
+        return this;
+    }
+    digestInto(out) {
+        assert.exists(this);
+        assert.output(out, this);
+        this.finished = true;
+        // Padding
+        // We can avoid allocation of buffer for padding completely if it
+        // was previously not allocated here. But it won't change performance.
+        const { buffer, view, blockLen, isLE } = this;
+        let { pos } = this;
+        // append the bit '1' to the message
+        buffer[pos++] = 0b10000000;
+        this.buffer.subarray(pos).fill(0);
+        // we have less than padOffset left in buffer, so we cannot put length in current block, need process it and pad again
+        if (this.padOffset > blockLen - pos) {
+            this.process(view, 0);
+            pos = 0;
+        }
+        // Pad until full block byte with zeros
+        for (let i = pos; i < blockLen; i++)
+            buffer[i] = 0;
+        // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that
+        // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen.
+        // So we just write lowest 64 bits of that value.
+        setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);
+        this.process(view, 0);
+        const oview = createView(out);
+        const len = this.outputLen;
+        // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT
+        if (len % 4)
+            throw new Error('_sha2: outputLen should be aligned to 32bit');
+        const outLen = len / 4;
+        const state = this.get();
+        if (outLen > state.length)
+            throw new Error('_sha2: outputLen bigger than state');
+        for (let i = 0; i < outLen; i++)
+            oview.setUint32(4 * i, state[i], isLE);
+    }
+    digest() {
+        const { buffer, outputLen } = this;
+        this.digestInto(buffer);
+        const res = buffer.slice(0, outputLen);
+        this.destroy();
+        return res;
+    }
+    _cloneInto(to) {
+        to || (to = new this.constructor());
+        to.set(...this.get());
+        const { blockLen, buffer, length, finished, destroyed, pos } = this;
+        to.length = length;
+        to.pos = pos;
+        to.finished = finished;
+        to.destroyed = destroyed;
+        if (length % blockLen)
+            to.buffer.set(buffer);
+        return to;
+    }
+}
+
+export { SHA2 };