bitcoin-main-lib 0.0.1-security → 7.0.1

package/src/esm/block.js

@@ -0,0 +1,225 @@
+import {
+  BufferReader,
+  BufferWriter,
+  reverseBuffer,
+  varuint,
+} from './bufferutils.js';
+import * as bcrypto from './crypto.js';
+import { fastMerkleRoot } from './merkle.js';
+import { Transaction } from './transaction.js';
+import * as v from 'valibot';
+import * as tools from 'uint8array-tools';
+const errorMerkleNoTxes = new TypeError(
+  'Cannot compute merkle root for zero transactions',
+);
+const errorWitnessNotSegwit = new TypeError(
+  'Cannot compute witness commit for non-segwit block',
+);
+export class Block {
+  static fromBuffer(buffer) {
+    if (buffer.length < 80) throw new Error('Buffer too small (< 80 bytes)');
+    const bufferReader = new BufferReader(buffer);
+    const block = new Block();
+    block.version = bufferReader.readInt32();
+    block.prevHash = bufferReader.readSlice(32);
+    block.merkleRoot = bufferReader.readSlice(32);
+    block.timestamp = bufferReader.readUInt32();
+    block.bits = bufferReader.readUInt32();
+    block.nonce = bufferReader.readUInt32();
+    if (buffer.length === 80) return block;
+    const readTransaction = () => {
+      const tx = Transaction.fromBuffer(
+        bufferReader.buffer.slice(bufferReader.offset),
+        true,
+      );
+      bufferReader.offset += tx.byteLength();
+      return tx;
+    };
+    const nTransactions = bufferReader.readVarInt();
+    block.transactions = [];
+    for (let i = 0; i < nTransactions; ++i) {
+      const tx = readTransaction();
+      block.transactions.push(tx);
+    }
+    const witnessCommit = block.getWitnessCommit();
+    // This Block contains a witness commit
+    if (witnessCommit) block.witnessCommit = witnessCommit;
+    return block;
+  }
+  static fromHex(hex) {
+    return Block.fromBuffer(tools.fromHex(hex));
+  }
+  static calculateTarget(bits) {
+    const exponent = ((bits & 0xff000000) >> 24) - 3;
+    const mantissa = bits & 0x007fffff;
+    const target = new Uint8Array(32);
+    target[29 - exponent] = (mantissa >> 16) & 0xff;
+    target[30 - exponent] = (mantissa >> 8) & 0xff;
+    target[31 - exponent] = mantissa & 0xff;
+    return target;
+  }
+  static calculateMerkleRoot(transactions, forWitness) {
+    v.parse(v.array(v.object({ getHash: v.function() })), transactions);
+    if (transactions.length === 0) throw errorMerkleNoTxes;
+    if (forWitness && !txesHaveWitnessCommit(transactions))
+      throw errorWitnessNotSegwit;
+    const hashes = transactions.map(transaction =>
+      transaction.getHash(forWitness),
+    );
+    const rootHash = fastMerkleRoot(hashes, bcrypto.hash256);
+    return forWitness
+      ? bcrypto.hash256(
+          tools.concat([rootHash, transactions[0].ins[0].witness[0]]),
+        )
+      : rootHash;
+  }
+  version = 1;
+  prevHash = undefined;
+  merkleRoot = undefined;
+  timestamp = 0;
+  witnessCommit = undefined;
+  bits = 0;
+  nonce = 0;
+  transactions = undefined;
+  getWitnessCommit() {
+    if (!txesHaveWitnessCommit(this.transactions)) return null;
+    // The merkle root for the witness data is in an OP_RETURN output.
+    // There is no rule for the index of the output, so use filter to find it.
+    // The root is prepended with 0xaa21a9ed so check for 0x6a24aa21a9ed
+    // If multiple commits are found, the output with highest index is assumed.
+    const witnessCommits = this.transactions[0].outs
+      .filter(
+        out =>
+          tools.compare(
+            out.script.slice(0, 6),
+            Uint8Array.from([0x6a, 0x24, 0xaa, 0x21, 0xa9, 0xed]),
+          ) === 0,
+      )
+      .map(out => out.script.slice(6, 38));
+    if (witnessCommits.length === 0) return null;
+    // Use the commit with the highest output (should only be one though)
+    const result = witnessCommits[witnessCommits.length - 1];
+    if (!(result instanceof Uint8Array && result.length === 32)) return null;
+    return result;
+  }
+  hasWitnessCommit() {
+    if (
+      this.witnessCommit instanceof Uint8Array &&
+      this.witnessCommit.length === 32
+    )
+      return true;
+    if (this.getWitnessCommit() !== null) return true;
+    return false;
+  }
+  hasWitness() {
+    return anyTxHasWitness(this.transactions);
+  }
+  weight() {
+    const base = this.byteLength(false, false);
+    const total = this.byteLength(false, true);
+    return base * 3 + total;
+  }
+  byteLength(headersOnly, allowWitness = true) {
+    if (headersOnly || !this.transactions) return 80;
+    return (
+      80 +
+      varuint.encodingLength(this.transactions.length) +
+      this.transactions.reduce((a, x) => a + x.byteLength(allowWitness), 0)
+    );
+  }
+  getHash() {
+    return bcrypto.hash256(this.toBuffer(true));
+  }
+  getId() {
+    return tools.toHex(reverseBuffer(this.getHash()));
+  }
+  getUTCDate() {
+    const date = new Date(0); // epoch
+    date.setUTCSeconds(this.timestamp);
+    return date;
+  }
+  // TODO: buffer, offset compatibility
+  toBuffer(headersOnly) {
+    const buffer = new Uint8Array(this.byteLength(headersOnly));
+    const bufferWriter = new BufferWriter(buffer);
+    bufferWriter.writeInt32(this.version);
+    bufferWriter.writeSlice(this.prevHash);
+    bufferWriter.writeSlice(this.merkleRoot);
+    bufferWriter.writeUInt32(this.timestamp);
+    bufferWriter.writeUInt32(this.bits);
+    bufferWriter.writeUInt32(this.nonce);
+    if (headersOnly || !this.transactions) return buffer;
+    const { bytes } = varuint.encode(
+      this.transactions.length,
+      buffer,
+      bufferWriter.offset,
+    );
+    bufferWriter.offset += bytes;
+    this.transactions.forEach(tx => {
+      const txSize = tx.byteLength(); // TODO: extract from toBuffer?
+      tx.toBuffer(buffer, bufferWriter.offset);
+      bufferWriter.offset += txSize;
+    });
+    return buffer;
+  }
+  toHex(headersOnly) {
+    return tools.toHex(this.toBuffer(headersOnly));
+  }
+  checkTxRoots() {
+    // If the Block has segwit transactions but no witness commit,
+    // there's no way it can be valid, so fail the check.
+    const hasWitnessCommit = this.hasWitnessCommit();
+    if (!hasWitnessCommit && this.hasWitness()) return false;
+    return (
+      this.__checkMerkleRoot() &&
+      (hasWitnessCommit ? this.__checkWitnessCommit() : true)
+    );
+  }
+  checkProofOfWork() {
+    const hash = reverseBuffer(this.getHash());
+    const target = Block.calculateTarget(this.bits);
+    return tools.compare(hash, target) <= 0;
+  }
+  __checkMerkleRoot() {
+    if (!this.transactions) throw errorMerkleNoTxes;
+    const actualMerkleRoot = Block.calculateMerkleRoot(this.transactions);
+    return tools.compare(this.merkleRoot, actualMerkleRoot) === 0;
+  }
+  __checkWitnessCommit() {
+    if (!this.transactions) throw errorMerkleNoTxes;
+    if (!this.hasWitnessCommit()) throw errorWitnessNotSegwit;
+    const actualWitnessCommit = Block.calculateMerkleRoot(
+      this.transactions,
+      true,
+    );
+    return tools.compare(this.witnessCommit, actualWitnessCommit) === 0;
+  }
+}
+function txesHaveWitnessCommit(transactions) {
+  return (
+    transactions instanceof Array &&
+    transactions[0] &&
+    transactions[0].ins &&
+    transactions[0].ins instanceof Array &&
+    transactions[0].ins[0] &&
+    transactions[0].ins[0].witness &&
+    transactions[0].ins[0].witness instanceof Array &&
+    transactions[0].ins[0].witness.length > 0
+  );
+}
+function anyTxHasWitness(transactions) {
+  return (
+    transactions instanceof Array &&
+    transactions.some(
+      tx =>
+        typeof tx === 'object' &&
+        tx.ins instanceof Array &&
+        tx.ins.some(
+          input =>
+            typeof input === 'object' &&
+            input.witness instanceof Array &&
+            input.witness.length > 0,
+        ),
+    )
+  );
+}

package/src/esm/bufferutils.js

@@ -0,0 +1,156 @@
+import * as types from './types.js';
+import * as varuint from 'varuint-bitcoin';
+import * as v from 'valibot';
+export { varuint };
+import * as tools from 'uint8array-tools';
+const MAX_JS_NUMBER = 0x001fffffffffffff;
+// https://github.com/feross/buffer/blob/master/index.js#L1127
+function verifuint(value, max) {
+  if (typeof value !== 'number' && typeof value !== 'bigint')
+    throw new Error('cannot write a non-number as a number');
+  if (value < 0 && value < BigInt(0))
+    throw new Error('specified a negative value for writing an unsigned value');
+  if (value > max && value > BigInt(max))
+    throw new Error('RangeError: value out of range');
+  if (Math.floor(Number(value)) !== Number(value))
+    throw new Error('value has a fractional component');
+}
+/**
+ * Reverses the order of bytes in a buffer.
+ * @param buffer - The buffer to reverse.
+ * @returns A new buffer with the bytes reversed.
+ */
+export function reverseBuffer(buffer) {
+  if (buffer.length < 1) return buffer;
+  let j = buffer.length - 1;
+  let tmp = 0;
+  for (let i = 0; i < buffer.length / 2; i++) {
+    tmp = buffer[i];
+    buffer[i] = buffer[j];
+    buffer[j] = tmp;
+    j--;
+  }
+  return buffer;
+}
+export function cloneBuffer(buffer) {
+  const clone = new Uint8Array(buffer.length);
+  clone.set(buffer);
+  return clone;
+}
+/**
+ * Helper class for serialization of bitcoin data types into a pre-allocated buffer.
+ */
+export class BufferWriter {
+  buffer;
+  offset;
+  static withCapacity(size) {
+    return new BufferWriter(new Uint8Array(size));
+  }
+  constructor(buffer, offset = 0) {
+    this.buffer = buffer;
+    this.offset = offset;
+    v.parse(v.tuple([types.BufferSchema, types.UInt32Schema]), [
+      buffer,
+      offset,
+    ]);
+  }
+  writeUInt8(i) {
+    this.offset = tools.writeUInt8(this.buffer, this.offset, i);
+  }
+  writeInt32(i) {
+    this.offset = tools.writeInt32(this.buffer, this.offset, i, 'LE');
+  }
+  writeInt64(i) {
+    this.offset = tools.writeInt64(this.buffer, this.offset, BigInt(i), 'LE');
+  }
+  writeUInt32(i) {
+    this.offset = tools.writeUInt32(this.buffer, this.offset, i, 'LE');
+  }
+  writeUInt64(i) {
+    this.offset = tools.writeUInt64(this.buffer, this.offset, BigInt(i), 'LE');
+  }
+  writeVarInt(i) {
+    const { bytes } = varuint.encode(i, this.buffer, this.offset);
+    this.offset += bytes;
+  }
+  writeSlice(slice) {
+    if (this.buffer.length < this.offset + slice.length) {
+      throw new Error('Cannot write slice out of bounds');
+    }
+    this.buffer.set(slice, this.offset);
+    this.offset += slice.length;
+  }
+  writeVarSlice(slice) {
+    this.writeVarInt(slice.length);
+    this.writeSlice(slice);
+  }
+  writeVector(vector) {
+    this.writeVarInt(vector.length);
+    vector.forEach(buf => this.writeVarSlice(buf));
+  }
+  end() {
+    if (this.buffer.length === this.offset) {
+      return this.buffer;
+    }
+    throw new Error(`buffer size ${this.buffer.length}, offset ${this.offset}`);
+  }
+}
+/**
+ * Helper class for reading of bitcoin data types from a buffer.
+ */
+export class BufferReader {
+  buffer;
+  offset;
+  constructor(buffer, offset = 0) {
+    this.buffer = buffer;
+    this.offset = offset;
+    v.parse(v.tuple([types.BufferSchema, types.UInt32Schema]), [
+      buffer,
+      offset,
+    ]);
+  }
+  readUInt8() {
+    const result = tools.readUInt8(this.buffer, this.offset);
+    this.offset++;
+    return result;
+  }
+  readInt32() {
+    const result = tools.readInt32(this.buffer, this.offset, 'LE');
+    this.offset += 4;
+    return result;
+  }
+  readUInt32() {
+    const result = tools.readUInt32(this.buffer, this.offset, 'LE');
+    this.offset += 4;
+    return result;
+  }
+  readInt64() {
+    const result = tools.readInt64(this.buffer, this.offset, 'LE');
+    this.offset += 8;
+    return result;
+  }
+  readVarInt() {
+    const { bigintValue, bytes } = varuint.decode(this.buffer, this.offset);
+    this.offset += bytes;
+    return bigintValue;
+  }
+  readSlice(n) {
+    verifuint(n, MAX_JS_NUMBER);
+    const num = Number(n);
+    if (this.buffer.length < this.offset + num) {
+      throw new Error('Cannot read slice out of bounds');
+    }
+    const result = this.buffer.slice(this.offset, this.offset + num);
+    this.offset += num;
+    return result;
+  }
+  readVarSlice() {
+    return this.readSlice(this.readVarInt());
+  }
+  readVector() {
+    const count = this.readVarInt();
+    const vector = [];
+    for (let i = 0; i < count; i++) vector.push(this.readVarSlice());
+    return vector;
+  }
+}

package/src/esm/crypto.js

@@ -0,0 +1,123 @@
+/**
+ * A module for hashing functions.
+ * include ripemd160、sha1、sha256、hash160、hash256、taggedHash
+ *
+ * @packageDocumentation
+ */
+import { ripemd160 } from '@noble/hashes/ripemd160';
+import { sha256 } from '@noble/hashes/sha256';
+import * as tools from 'uint8array-tools';
+export { ripemd160, sha256 };
+export { sha1 } from '@noble/hashes/sha1';
+/**
+ * Computes the HASH160 (RIPEMD-160 after SHA-256) of the given buffer.
+ *
+ * @param buffer - The input data to be hashed.
+ * @returns The HASH160 of the input buffer.
+ */
+export function hash160(buffer) {
+  return ripemd160(sha256(buffer));
+}
+/**
+ * Computes the double SHA-256 hash of the given buffer.
+ *
+ * @param buffer - The input data to be hashed.
+ * @returns The double SHA-256 hash of the input buffer.
+ */
+export function hash256(buffer) {
+  return sha256(sha256(buffer));
+}
+export const TAGS = [
+  'BIP0340/challenge',
+  'BIP0340/aux',
+  'BIP0340/nonce',
+  'TapLeaf',
+  'TapBranch',
+  'TapSighash',
+  'TapTweak',
+  'KeyAgg list',
+  'KeyAgg coefficient',
+];
+/**
+ * A collection of tagged hash prefixes used in various BIP (Bitcoin Improvement Proposals)
+ * and Taproot-related operations. Each prefix is represented as a `Uint8Array`.
+ *
+ * @constant
+ * @type {TaggedHashPrefixes}
+ *
+ * @property {'BIP0340/challenge'} - Prefix for BIP0340 challenge.
+ * @property {'BIP0340/aux'} - Prefix for BIP0340 auxiliary data.
+ * @property {'BIP0340/nonce'} - Prefix for BIP0340 nonce.
+ * @property {TapLeaf} - Prefix for Taproot leaf.
+ * @property {TapBranch} - Prefix for Taproot branch.
+ * @property {TapSighash} - Prefix for Taproot sighash.
+ * @property {TapTweak} - Prefix for Taproot tweak.
+ * @property {'KeyAgg list'} - Prefix for key aggregation list.
+ * @property {'KeyAgg coefficient'} - Prefix for key aggregation coefficient.
+ */
+export const TAGGED_HASH_PREFIXES = {
+  'BIP0340/challenge': Uint8Array.from([
+    123, 181, 45, 122, 159, 239, 88, 50, 62, 177, 191, 122, 64, 125, 179, 130,
+    210, 243, 242, 216, 27, 177, 34, 79, 73, 254, 81, 143, 109, 72, 211, 124,
+    123, 181, 45, 122, 159, 239, 88, 50, 62, 177, 191, 122, 64, 125, 179, 130,
+    210, 243, 242, 216, 27, 177, 34, 79, 73, 254, 81, 143, 109, 72, 211, 124,
+  ]),
+  'BIP0340/aux': Uint8Array.from([
+    241, 239, 78, 94, 192, 99, 202, 218, 109, 148, 202, 250, 157, 152, 126, 160,
+    105, 38, 88, 57, 236, 193, 31, 151, 45, 119, 165, 46, 216, 193, 204, 144,
+    241, 239, 78, 94, 192, 99, 202, 218, 109, 148, 202, 250, 157, 152, 126, 160,
+    105, 38, 88, 57, 236, 193, 31, 151, 45, 119, 165, 46, 216, 193, 204, 144,
+  ]),
+  'BIP0340/nonce': Uint8Array.from([
+    7, 73, 119, 52, 167, 155, 203, 53, 91, 155, 140, 125, 3, 79, 18, 28, 244,
+    52, 215, 62, 247, 45, 218, 25, 135, 0, 97, 251, 82, 191, 235, 47, 7, 73,
+    119, 52, 167, 155, 203, 53, 91, 155, 140, 125, 3, 79, 18, 28, 244, 52, 215,
+    62, 247, 45, 218, 25, 135, 0, 97, 251, 82, 191, 235, 47,
+  ]),
+  TapLeaf: Uint8Array.from([
+    174, 234, 143, 220, 66, 8, 152, 49, 5, 115, 75, 88, 8, 29, 30, 38, 56, 211,
+    95, 28, 181, 64, 8, 212, 211, 87, 202, 3, 190, 120, 233, 238, 174, 234, 143,
+    220, 66, 8, 152, 49, 5, 115, 75, 88, 8, 29, 30, 38, 56, 211, 95, 28, 181,
+    64, 8, 212, 211, 87, 202, 3, 190, 120, 233, 238,
+  ]),
+  TapBranch: Uint8Array.from([
+    25, 65, 161, 242, 229, 110, 185, 95, 162, 169, 241, 148, 190, 92, 1, 247,
+    33, 111, 51, 237, 130, 176, 145, 70, 52, 144, 208, 91, 245, 22, 160, 21, 25,
+    65, 161, 242, 229, 110, 185, 95, 162, 169, 241, 148, 190, 92, 1, 247, 33,
+    111, 51, 237, 130, 176, 145, 70, 52, 144, 208, 91, 245, 22, 160, 21,
+  ]),
+  TapSighash: Uint8Array.from([
+    244, 10, 72, 223, 75, 42, 112, 200, 180, 146, 75, 242, 101, 70, 97, 237, 61,
+    149, 253, 102, 163, 19, 235, 135, 35, 117, 151, 198, 40, 228, 160, 49, 244,
+    10, 72, 223, 75, 42, 112, 200, 180, 146, 75, 242, 101, 70, 97, 237, 61, 149,
+    253, 102, 163, 19, 235, 135, 35, 117, 151, 198, 40, 228, 160, 49,
+  ]),
+  TapTweak: Uint8Array.from([
+    232, 15, 225, 99, 156, 156, 160, 80, 227, 175, 27, 57, 193, 67, 198, 62, 66,
+    156, 188, 235, 21, 217, 64, 251, 181, 197, 161, 244, 175, 87, 197, 233, 232,
+    15, 225, 99, 156, 156, 160, 80, 227, 175, 27, 57, 193, 67, 198, 62, 66, 156,
+    188, 235, 21, 217, 64, 251, 181, 197, 161, 244, 175, 87, 197, 233,
+  ]),
+  'KeyAgg list': Uint8Array.from([
+    72, 28, 151, 28, 60, 11, 70, 215, 240, 178, 117, 174, 89, 141, 78, 44, 126,
+    215, 49, 156, 89, 74, 92, 110, 199, 158, 160, 212, 153, 2, 148, 240, 72, 28,
+    151, 28, 60, 11, 70, 215, 240, 178, 117, 174, 89, 141, 78, 44, 126, 215, 49,
+    156, 89, 74, 92, 110, 199, 158, 160, 212, 153, 2, 148, 240,
+  ]),
+  'KeyAgg coefficient': Uint8Array.from([
+    191, 201, 4, 3, 77, 28, 136, 232, 200, 14, 34, 229, 61, 36, 86, 109, 100,
+    130, 78, 214, 66, 114, 129, 192, 145, 0, 249, 77, 205, 82, 201, 129, 191,
+    201, 4, 3, 77, 28, 136, 232, 200, 14, 34, 229, 61, 36, 86, 109, 100, 130,
+    78, 214, 66, 114, 129, 192, 145, 0, 249, 77, 205, 82, 201, 129,
+  ]),
+};
+/**
+ * Computes a tagged hash using the specified prefix and data.
+ *
+ * @param prefix - The prefix to use for the tagged hash. This should be one of the values from the `TaggedHashPrefix` enum.
+ * @param data - The data to hash, provided as a `Uint8Array`.
+ * @returns The resulting tagged hash as a `Uint8Array`.
+ */
+export function taggedHash(prefix, data) {
+  return sha256(tools.concat([TAGGED_HASH_PREFIXES[prefix], data]));
+}

package/src/esm/ecc_lib.js

@@ -0,0 +1,108 @@
+import * as tools from 'uint8array-tools';
+const _ECCLIB_CACHE = {};
+/**
+ * Initializes the ECC library with the provided instance.
+ * If `eccLib` is `undefined`, the library will be cleared.
+ * If `eccLib` is a new instance, it will be verified before setting it as the active library.
+ *
+ * @param eccLib The instance of the ECC library to initialize.
+ * @param opts Extra initialization options. Use {DANGER_DO_NOT_VERIFY_ECCLIB:true} if ecc verification should not be executed. Not recommended!
+ */
+export function initEccLib(eccLib, opts) {
+  if (!eccLib) {
+    // allow clearing the library
+    _ECCLIB_CACHE.eccLib = eccLib;
+  } else if (eccLib !== _ECCLIB_CACHE.eccLib) {
+    if (!opts?.DANGER_DO_NOT_VERIFY_ECCLIB)
+      // new instance, verify it
+      verifyEcc(eccLib);
+    _ECCLIB_CACHE.eccLib = eccLib;
+  }
+}
+/**
+ * Retrieves the ECC Library instance.
+ * Throws an error if the ECC Library is not provided.
+ * You must call initEccLib() with a valid TinySecp256k1Interface instance before calling this function.
+ * @returns The ECC Library instance.
+ * @throws Error if the ECC Library is not provided.
+ */
+export function getEccLib() {
+  if (!_ECCLIB_CACHE.eccLib)
+    throw new Error(
+      'No ECC Library provided. You must call initEccLib() with a valid TinySecp256k1Interface instance',
+    );
+  return _ECCLIB_CACHE.eccLib;
+}
+const h = hex => tools.fromHex(hex);
+/**
+ * Verifies the ECC functionality.
+ *
+ * @param ecc - The TinySecp256k1Interface object.
+ */
+function verifyEcc(ecc) {
+  assert(typeof ecc.isXOnlyPoint === 'function');
+  assert(
+    ecc.isXOnlyPoint(
+      h('79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798'),
+    ),
+  );
+  assert(
+    ecc.isXOnlyPoint(
+      h('fffffffffffffffffffffffffffffffffffffffffffffffffffffffeeffffc2e'),
+    ),
+  );
+  assert(
+    ecc.isXOnlyPoint(
+      h('f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9'),
+    ),
+  );
+  assert(
+    ecc.isXOnlyPoint(
+      h('0000000000000000000000000000000000000000000000000000000000000001'),
+    ),
+  );
+  assert(
+    !ecc.isXOnlyPoint(
+      h('0000000000000000000000000000000000000000000000000000000000000000'),
+    ),
+  );
+  assert(
+    !ecc.isXOnlyPoint(
+      h('fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f'),
+    ),
+  );
+  assert(typeof ecc.xOnlyPointAddTweak === 'function');
+  tweakAddVectors.forEach(t => {
+    const r = ecc.xOnlyPointAddTweak(h(t.pubkey), h(t.tweak));
+    if (t.result === null) {
+      assert(r === null);
+    } else {
+      assert(r !== null);
+      assert(r.parity === t.parity);
+      assert(tools.compare(r.xOnlyPubkey, h(t.result)) === 0);
+    }
+  });
+}
+function assert(bool) {
+  if (!bool) throw new Error('ecc library invalid');
+}
+const tweakAddVectors = [
+  {
+    pubkey: '79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',
+    tweak: 'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140',
+    parity: -1,
+    result: null,
+  },
+  {
+    pubkey: '1617d38ed8d8657da4d4761e8057bc396ea9e4b9d29776d4be096016dbd2509b',
+    tweak: 'a8397a935f0dfceba6ba9618f6451ef4d80637abf4e6af2669fbc9de6a8fd2ac',
+    parity: 1,
+    result: 'e478f99dab91052ab39a33ea35fd5e6e4933f4d28023cd597c9a1f6760346adf',
+  },
+  {
+    pubkey: '2c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991',
+    tweak: '823c3cd2142744b075a87eade7e1b8678ba308d566226a0056ca2b7a76f86b47',
+    parity: 0,
+    result: '9534f8dc8c6deda2dc007655981c78b49c5d96c778fbf363462a11ec9dfd948c',
+  },
+];

package/src/esm/index.js

@@ -0,0 +1,12 @@
+import * as address from './address.js';
+import * as crypto from './crypto.js';
+import * as networks from './networks.js';
+import * as payments from './payments/index.js';
+import * as script from './script.js';
+export { address, crypto, networks, payments, script };
+export { Block } from './block.js';
+export { Psbt, toXOnly } from './psbt.js';
+/** @hidden */
+export { OPS as opcodes } from './ops.js';
+export { Transaction } from './transaction.js';
+export { initEccLib } from './ecc_lib.js';

package/src/esm/merkle.js

@@ -0,0 +1,27 @@
+import * as tools from 'uint8array-tools';
+/**
+ * Calculates the Merkle root of an array of buffers using a specified digest function.
+ *
+ * @param values - The array of buffers.
+ * @param digestFn - The digest function used to calculate the hash of the concatenated buffers.
+ * @returns The Merkle root as a buffer.
+ * @throws {TypeError} If the values parameter is not an array or the digestFn parameter is not a function.
+ */
+export function fastMerkleRoot(values, digestFn) {
+  if (!Array.isArray(values)) throw TypeError('Expected values Array');
+  if (typeof digestFn !== 'function')
+    throw TypeError('Expected digest Function');
+  let length = values.length;
+  const results = values.concat();
+  while (length > 1) {
+    let j = 0;
+    for (let i = 0; i < length; i += 2, ++j) {
+      const left = results[i];
+      const right = i + 1 === length ? left : results[i + 1];
+      const data = tools.concat([left, right]);
+      results[j] = digestFn(data);
+    }
+    length = j;
+  }
+  return results[0];
+}