hd-wallet-wasm 2.0.1 → 2.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/index.mjs +9 -11
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "hd-wallet-wasm",
3
- "version": "2.0.1",
3
+ "version": "2.0.3",
4
4
  "description": "Comprehensive HD Wallet implementation in WebAssembly - BIP-32/39/44, multi-curve, multi-chain support",
5
5
  "type": "module",
6
6
  "main": "src/index.mjs",
package/src/index.mjs CHANGED
@@ -1130,8 +1130,7 @@ try {
1130
1130
  /**
1131
1131
  * SECURITY FIX [HIGH-05]: WASM Module Integrity Verification
1132
1132
  *
1133
- * Verify the integrity of a WASM module before loading.
1134
- * This helps prevent supply chain attacks where the WASM binary is tampered with.
1133
+ * Verify the integrity of a WASM module using the package WASM SHA-256 helper.
1135
1134
  *
1136
1135
  * @param {ArrayBuffer|Uint8Array} wasmBytes - The WASM binary
1137
1136
  * @param {string} expectedHash - Expected SHA-256 hash in hex format
@@ -1146,10 +1145,7 @@ export async function verifyWasmIntegrity(wasmBytes, expectedHash) {
1146
1145
 
1147
1146
  const bytes = wasmBytes instanceof Uint8Array ? wasmBytes : new Uint8Array(wasmBytes);
1148
1147
 
1149
- // Use SubtleCrypto for hash computation
1150
- const hashBuffer = await crypto.subtle.digest('SHA-256', bytes);
1151
- const hashArray = Array.from(new Uint8Array(hashBuffer));
1152
- const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
1148
+ const hashHex = await computeWasmHash(bytes);
1153
1149
 
1154
1150
  if (hashHex.toLowerCase() !== expectedHash.toLowerCase()) {
1155
1151
  throw new Error(
@@ -1163,18 +1159,20 @@ export async function verifyWasmIntegrity(wasmBytes, expectedHash) {
1163
1159
  return true;
1164
1160
  }
1165
1161
 
1162
+ function bytesToHex(bytes) {
1163
+ return Array.from(bytes, b => b.toString(16).padStart(2, '0')).join('');
1164
+ }
1165
+
1166
1166
  /**
1167
- * Compute SHA-256 hash of WASM module
1168
- * Use this during build to get the hash for integrity verification.
1167
+ * Compute SHA-256 hash of bytes with the package WASM implementation.
1169
1168
  *
1170
1169
  * @param {ArrayBuffer|Uint8Array} wasmBytes - The WASM binary
1171
1170
  * @returns {Promise<string>} SHA-256 hash in hex format
1172
1171
  */
1173
1172
  export async function computeWasmHash(wasmBytes) {
1174
1173
  const bytes = wasmBytes instanceof Uint8Array ? wasmBytes : new Uint8Array(wasmBytes);
1175
- const hashBuffer = await crypto.subtle.digest('SHA-256', bytes);
1176
- const hashArray = Array.from(new Uint8Array(hashBuffer));
1177
- return hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
1174
+ const wallet = await init();
1175
+ return bytesToHex(wallet.utils.sha256(bytes));
1178
1176
  }
1179
1177
 
1180
1178
  /**