{
  "version": 3,
  "sources": ["../src/ecdsa.ts", "../src/helpers/hex-to-bytes.ts", "../src/constants.ts", "../src/helpers/encoding.ts", "../src/internal/der.ts", "../src/helpers/util.ts", "../src/helpers/validators.ts"],
  "sourcesContent": ["import { hmac } from \"@noble/hashes/hmac.js\";\nimport { sha256 } from \"@noble/hashes/sha2.js\";\nimport * as secp from \"@noble/secp256k1\";\nimport {\n  ERROR_BAD_SIGNATURE,\n  PREFIXED_DECOMPRESSED_LENGTH,\n  PREFIXED_KEY_LENGTH,\n} from \"./constants\";\nimport { derDecodeEcdsaSignature, derEncodeEcdsaSignature } from \"./internal/der\";\nimport type { KeyPair } from \"./helpers/types\";\nimport {\n  isCompressed,\n  isDecompressed,\n  isValidDERSignature,\n} from \"./helpers/util\";\nimport {\n  checkMessage,\n  checkPrivateKey,\n  checkPublicKey,\n} from \"./helpers/validators\";\n\nsecp.hashes.sha256 = sha256;\nsecp.hashes.hmacSha256 = (key: Uint8Array, msg: Uint8Array) =>\n  hmac(sha256, key, msg);\n\n/**\n * Generates a random secp256k1 private key.\n * @returns Private key bytes (32 bytes).\n */\nexport function generatePrivate(): Uint8Array {\n  return secp.utils.randomSecretKey();\n}\n\n/**\n * Converts a public key to compressed SEC1 format.\n * @param publicKey Public key bytes.\n * @returns Compressed public key bytes.\n */\nexport function compress(publicKey: Uint8Array): Uint8Array {\n  if (isCompressed(publicKey)) {\n    checkPublicKey(publicKey);\n    return publicKey;\n  }\n  if (publicKey.length === PREFIXED_DECOMPRESSED_LENGTH) {\n    checkPublicKey(publicKey);\n  }\n  return secp.Point.fromBytes(publicKey).toBytes(true);\n}\n\n/**\n * Converts a public key to uncompressed SEC1 format.\n * @param publicKey Public key bytes.\n * @returns Uncompressed public key bytes.\n */\nexport function decompress(publicKey: Uint8Array): Uint8Array {\n  if (isDecompressed(publicKey)) {\n    if (publicKey.length === PREFIXED_DECOMPRESSED_LENGTH) {\n      checkPublicKey(publicKey);\n    }\n    return publicKey;\n  }\n  if (publicKey.length === PREFIXED_KEY_LENGTH) {\n    checkPublicKey(publicKey);\n  }\n  return secp.Point.fromBytes(publicKey).toBytes(false);\n}\n\n/**\n * Derives an uncompressed public key from a private key.\n * @param privateKey Private key bytes (32 bytes).\n * @returns Uncompressed public key bytes.\n */\nexport function getPublic(privateKey: Uint8Array): Uint8Array {\n  checkPrivateKey(privateKey);\n  return secp.getPublicKey(privateKey, false);\n}\n\n/**\n * Derives a compressed public key from a private key.\n * @param privateKey Private key bytes (32 bytes).\n * @returns Compressed public key bytes.\n */\nexport function getPublicCompressed(privateKey: Uint8Array): Uint8Array {\n  checkPrivateKey(privateKey);\n  return secp.getPublicKey(privateKey, true);\n}\n\n/**\n * Generates a secp256k1 key pair.\n * @returns Object with private and public key bytes.\n */\nexport function generateKeyPair(): KeyPair {\n  const privateKey = generatePrivate();\n  const publicKey = getPublic(privateKey);\n  return { privateKey, publicKey };\n}\n\n/**\n * Converts a compact signature to DER format when needed.\n * @param sig Signature bytes in DER, compact, or recovered format.\n * @returns DER-encoded signature bytes.\n */\nexport function signatureExport(sig: Uint8Array): Uint8Array {\n  if (isValidDERSignature(sig)) {\n    return sig;\n  }\n  const compact = sig.length === 65 ? sig.slice(0, 64) : sig;\n  if (compact.length !== 64) {\n    throw new Error(\"signatureExport: invalid compact signature\");\n  }\n  return derEncodeEcdsaSignature(compact);\n}\n\n/**\n * Signs a message digest with ECDSA.\n * @param privateKey Private key bytes (32 bytes).\n * @param msg Message digest bytes.\n * @param rsvSig If true, returns recovered format (65 bytes); otherwise compact format (64 bytes).\n * @returns Signature bytes.\n */\nexport function sign(\n  privateKey: Uint8Array,\n  msg: Uint8Array,\n  rsvSig = false\n): Uint8Array {\n  checkPrivateKey(privateKey);\n  checkMessage(msg);\n  return secp.sign(msg, privateKey, {\n    prehash: false,\n    format: rsvSig ? \"recovered\" : \"compact\",\n    lowS: false,\n  });\n}\n\n/**\n * Recovers a public key from a signature and message digest.\n * @param msg Message digest bytes.\n * @param sig Recovered signature bytes.\n * @param compressed If true, returns compressed public key format.\n * @returns Recovered public key bytes.\n */\nexport function recover(\n  msg: Uint8Array,\n  sig: Uint8Array,\n  compressed = false\n): Uint8Array {\n  checkMessage(msg);\n  const pub = secp.recoverPublicKey(sig, msg, { prehash: false });\n  return secp.Point.fromBytes(pub).toBytes(compressed);\n}\n\n/**\n * Verifies an ECDSA signature.\n * @param publicKey Public key bytes.\n * @param msg Message digest bytes.\n * @param sig Signature bytes in DER, compact, or recovered format.\n * @throws Error when signature is invalid.\n */\nexport function verify(\n  publicKey: Uint8Array,\n  msg: Uint8Array,\n  sig: Uint8Array\n): void {\n  checkPublicKey(publicKey);\n  checkMessage(msg);\n\n  let sigBytes: Uint8Array;\n  let format: \"compact\" | \"recovered\";\n  if (sig.length === 64) {\n    sigBytes = sig;\n    format = \"compact\";\n  } else if (sig[0] === 0x30) {\n    sigBytes = derDecodeEcdsaSignature(sig);\n    format = \"compact\";\n  } else {\n    sigBytes = sig;\n    format = sig.length === 65 ? \"recovered\" : \"compact\";\n  }\n\n  const ok = secp.verify(sigBytes, msg, publicKey, {\n    prehash: false,\n    format,\n    lowS: false,\n  });\n  if (!ok) throw new Error(ERROR_BAD_SIGNATURE);\n}\n", "/**\n * Hex string \u2192 byte values `0..255`. Odd length implies a leading `0` nibble (unlike {@link hexToBuffer}).\n *\n * @param hex Contiguous hex digits (no `0x` stripping).\n * @returns `number[]` of byte values.\n */\nexport function hexToBytes(hex: string): number[] {\n  const clean = hex.length % 2 ? `0${hex}` : hex;\n  const out: number[] = [];\n  for (let i = 0; i < clean.length; i += 2) {\n    out.push(Number.parseInt(clean.slice(i, i + 2), 16));\n  }\n  return out;\n}\n", "import { hexToBytes } from \"./helpers/hex-to-bytes\";\n\nexport const HEX_ENC = \"hex\";\nexport const UTF8_ENC = \"utf8\";\nexport const BINARY_ENC = \"binary\";\n\nexport const ENCRYPT_OP = \"encrypt\";\nexport const DECRYPT_OP = \"decrypt\";\n\nexport const SIGN_OP = \"sign\";\nexport const VERIFY_OP = \"verify\";\n\nexport const LENGTH_0 = 0;\nexport const LENGTH_1 = 1;\nexport const LENGTH_12 = 12;\nexport const LENGTH_16 = 16;\nexport const LENGTH_32 = 32;\nexport const LENGTH_64 = 64;\nexport const LENGTH_128 = 128;\nexport const LENGTH_256 = 256;\nexport const LENGTH_512 = 512;\nexport const LENGTH_1024 = 1024;\n\nexport const AES_LENGTH = LENGTH_256;\nexport const HMAC_LENGTH = LENGTH_256;\n\nexport const AES_BROWSER_ALGO = \"AES-CBC\";\nexport const HMAC_BROWSER_ALGO = `SHA-${AES_LENGTH}`;\nexport const HMAC_BROWSER = \"HMAC\";\n\nexport const SHA256_BROWSER_ALGO = \"SHA-256\";\nexport const SHA512_BROWSER_ALGO = \"SHA-512\";\n\nexport const AES_NODE_ALGO = `aes-${AES_LENGTH}-cbc`;\nexport const HMAC_NODE_ALGO = `sha${HMAC_LENGTH}`;\n\nexport const SHA256_NODE_ALGO = \"sha256\";\nexport const SHA512_NODE_ALGO = \"sha512\";\nexport const RIPEMD160_NODE_ALGO = \"ripemd160\";\n\nexport const PBKDF2_DIGEST_SHA256 = SHA256_NODE_ALGO;\nexport const PBKDF2_DIGEST_SHA512 = SHA512_NODE_ALGO;\n\nexport const PREFIX_LENGTH = LENGTH_1;\nexport const KEY_LENGTH = LENGTH_32;\nexport const IV_LENGTH = LENGTH_16;\nexport const AES_GCM_NONCE_LENGTH = LENGTH_12;\nexport const AES_GCM_ENVELOPE_NONCE_MAX_LENGTH = LENGTH_128;\nexport const AES_GCM_TAG_LENGTH = LENGTH_16;\nexport const MAC_LENGTH = LENGTH_32;\nexport const DECOMPRESSED_LENGTH = LENGTH_64;\n\nexport const PREFIXED_KEY_LENGTH = KEY_LENGTH + PREFIX_LENGTH;\nexport const PREFIXED_DECOMPRESSED_LENGTH = DECOMPRESSED_LENGTH + PREFIX_LENGTH;\n\nexport const ECIES_SERIALIZED_MIN_LENGTH =\n  IV_LENGTH + PREFIXED_KEY_LENGTH + MAC_LENGTH;\n\nexport const MAX_KEY_LENGTH = LENGTH_1024;\nexport const PBKDF2_DEFAULT_ITERATIONS = 210_000;\nexport const MAX_MSG_LENGTH = LENGTH_32;\n\nexport const EMPTY_BUFFER = new Uint8Array(LENGTH_0);\n\nexport const EC_GROUP_ORDER = new Uint8Array(\n  hexToBytes(\n    \"fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141\"\n  )\n);\n\nexport const ZERO32 = new Uint8Array(LENGTH_32).fill(LENGTH_0);\n\nexport const ERROR_BAD_MAC = \"Bad MAC\";\nexport const ERROR_BAD_SIGNATURE = \"Bad signature\";\nexport const ERROR_BAD_PRIVATE_KEY = \"Bad private key\";\nexport const ERROR_BAD_PUBLIC_KEY = \"Bad public key\";\nexport const ERROR_ECIES_SERIALIZED_LENGTH =\n  \"ECIES deserialize: buffer shorter than minimum serialized length\";\n\nexport const ERROR_EMPTY_MESSAGE = \"Message should not be empty\";\nexport const ERROR_MESSAGE_TOO_LONG = \"Message is too long\";\n\nexport const ERROR_BAD_EPHEM_PRIVATE_KEY = \"Invalid ephemeral private key\";\n\nexport const ERROR_AES_IV_LENGTH = \"AES-CBC: IV must be 16 bytes\";\nexport const ERROR_AES_KEY_LENGTH = \"AES-CBC: key must be 32 bytes\";\n\nexport const ERROR_AES_GCM_KEY_LENGTH =\n  \"AES-GCM: key must be 16, 24, or 32 bytes\";\nexport const ERROR_AES_GCM_NONCE_LENGTH =\n  \"AES-GCM: nonce must be at least 8 bytes\";\nexport const ERROR_AES_GCM_CIPHERTEXT_LENGTH =\n  \"AES-GCM: ciphertext must be longer than the authentication tag\";\n", "import {\n  HEX_ENC,\n  LENGTH_0,\n  LENGTH_16,\n  type UTF8_ENC,\n} from \"../constants\";\n\nconst textEncoder = new TextEncoder();\nconst textDecoder = new TextDecoder();\n\n/**\n * Encodes a UTF-8 string into bytes.\n * @param str Input string.\n * @returns UTF-8 encoded bytes.\n */\nexport function utf8ToBuffer(str: string): Uint8Array {\n  return textEncoder.encode(str);\n}\n\n/**\n * Decodes UTF-8 bytes into a string.\n * @param buf UTF-8 encoded bytes.\n * @returns Decoded string.\n */\nexport function bufferToUtf8(buf: Uint8Array): string {\n  return textDecoder.decode(buf);\n}\n\n/**\n * Concatenates multiple byte arrays.\n * @param buffers Byte arrays to concatenate.\n * @returns Concatenated byte array.\n */\nexport function concatBuffers(...buffers: Uint8Array[]): Uint8Array {\n  const total = buffers.reduce((n, b) => n + b.length, LENGTH_0);\n  const out = new Uint8Array(total);\n  let offset = LENGTH_0;\n  for (const b of buffers) {\n    out.set(b, offset);\n    offset += b.length;\n  }\n  return out;\n}\n\n/**\n * Converts bytes to a lowercase hex string.\n * @param buf Input bytes.\n * @param enc Output encoding selector. Only `hex` is accepted.\n * @returns Hex string.\n */\nexport function bufferToHex(\n  buf: Uint8Array,\n  enc: typeof HEX_ENC | typeof UTF8_ENC = HEX_ENC\n): string {\n  if (enc !== HEX_ENC) {\n    throw new Error(\"bufferToHex: only hex encoding is supported\");\n  }\n  let hex = \"\";\n  for (const byte of buf) {\n    hex += byte.toString(16).padStart(2, \"0\");\n  }\n  return hex;\n}\n\n/**\n * Converts a hex string to bytes.\n * @param hex Input hex string, with optional `0x` prefix.\n * @returns Decoded bytes.\n */\nexport function hexToBuffer(hex: string): Uint8Array {\n  const clean = hex.startsWith(\"0x\") ? hex.slice(2) : hex;\n  if (clean.length % 2 !== 0) {\n    throw new Error(\"hexToBuffer: invalid length\");\n  }\n  const out = new Uint8Array(clean.length / 2);\n  for (let i = 0; i < out.length; i++) {\n    const byte = Number.parseInt(clean.slice(i * 2, i * 2 + 2), 16);\n    if (!Number.isFinite(byte) || byte < 0 || byte > 255) {\n      throw new Error(\"hexToBuffer: invalid hex character\");\n    }\n    out[i] = byte;\n  }\n  return out;\n}\n\n/**\n * Removes a leading `0x` prefix from a hex string.\n * @param hex Input hex string.\n * @returns Hex string without prefix.\n */\nexport function sanitizeHex(hex: string): string {\n  return hex.startsWith(\"0x\") ? hex.slice(2) : hex;\n}\n\n/**\n * Removes leading zeros from a hex string.\n * @param hex Input hex string.\n * @returns Hex string without leading zeros.\n */\nexport function removeHexLeadingZeros(hex: string): string {\n  const h = sanitizeHex(hex);\n  const stripped = h.replace(/^0+/, \"\");\n  return stripped.length ? stripped : \"0\";\n}\n\n/**\n * Parses a hex string into a number.\n * @param hex Input hex string.\n * @returns Parsed number.\n */\nexport function hexToNumber(hex: string): number {\n  return Number.parseInt(sanitizeHex(hex), 16);\n}\n\n/**\n * RFC 4648 Base64 from bytes. Chunks `btoa` input to avoid huge spread argument lists.\n *\n * @param buf Input bytes.\n * @returns Base64 string (no line breaks).\n */\nexport function bufferToBase64(buf: Uint8Array): string {\n  const chunk = 0x8000;\n  let binary = \"\";\n  for (let i = 0; i < buf.length; i += chunk) {\n    binary += String.fromCharCode(...buf.subarray(i, i + chunk));\n  }\n  return btoa(binary);\n}\n\n/**\n * RFC 4648 Base64 to bytes (whitespace stripped). Uses `atob`.\n *\n * @param str Base64 string.\n * @returns New `Uint8Array`.\n * @throws {DOMException} Invalid Base64 where `atob` throws.\n */\nexport function base64ToBuffer(str: string): Uint8Array {\n  const normalized = str.replace(/\\s+/g, \"\");\n  const binary = atob(normalized);\n  const out = new Uint8Array(binary.length);\n  for (let i = 0; i < binary.length; i++) {\n    out[i] = binary.charCodeAt(i) & 0xff;\n  }\n  return out;\n}\n\n/**\n * RFC 4648 Base64url without `=` padding (`-`/`_`). Common for JWK `k`.\n *\n * @param buf Input bytes.\n * @returns Base64url string.\n */\nexport function bufferToBase64Url(buf: Uint8Array): string {\n  return bufferToBase64(buf)\n    .replace(/\\+/g, \"-\")\n    .replace(/\\//g, \"_\")\n    .replace(/=+$/, \"\");\n}\n\n/**\n * Base64url to bytes (optional padding; then {@link base64ToBuffer}).\n *\n * @param str Base64url string.\n * @returns New `Uint8Array`.\n * @throws {Error} Length mod 4 === 1 (invalid).\n */\nexport function base64UrlToBuffer(str: string): Uint8Array {\n  let s = str.replace(/-/g, \"+\").replace(/_/g, \"/\");\n  const pad = s.length % 4;\n  if (pad === 2) s += \"==\";\n  else if (pad === 3) s += \"=\";\n  else if (pad === 1) {\n    throw new Error(\"base64UrlToBuffer: invalid length\");\n  }\n  return base64ToBuffer(s);\n}\n\n/**\n * 16-byte AES-128 raw key from `utf8ToBuffer(key.padEnd(16, \" \"))`. Must yield exactly 16 UTF-8 bytes\n * (same constraint as Web Crypto `importKey(\"raw\", \u2026)` for AES-128).\n *\n * @param key Passphrase.\n * @returns 16 key bytes.\n * @throws {Error} UTF-8 length \u2260 16 after padding.\n */\nexport function aes128StringKeyMaterial(key: string): Uint8Array {\n  const padded = key.padEnd(LENGTH_16, \" \");\n  const bytes = textEncoder.encode(padded);\n  if (bytes.length !== LENGTH_16) {\n    throw new Error(\n      \"aes128StringKeyMaterial: padded key must UTF-8 encode to exactly 16 bytes\",\n    );\n  }\n  return bytes;\n}\n\n", "import { concatBuffers } from \"../helpers/encoding\";\n\n/**\n * Decodes a secp256k1 ECDSA signature from ASN.1 DER into 64 compact bytes (r||s), each 32 bytes big-endian.\n * @param der Full DER SEQUENCE containing two INTEGERs (r and s).\n * @returns 64-byte compact signature.\n */\nexport function derDecodeEcdsaSignature(der: Uint8Array): Uint8Array {\n  if (der.length < 8 || der[0] !== 0x30) {\n    throw new Error(\"Invalid DER signature\");\n  }\n  const { value: seqLen, next: bodyStart } = readAsn1Length(der, 1);\n  const bodyEnd = bodyStart + seqLen;\n  if (bodyEnd > der.length) {\n    throw new Error(\"Truncated DER signature\");\n  }\n  const r = readInteger(der, bodyStart, bodyEnd);\n  const s = readInteger(der, r.next, bodyEnd);\n  if (s.next !== bodyEnd) {\n    throw new Error(\"DER signature: trailing data\");\n  }\n  return concatBuffers(pad32(r.value), pad32(s.value));\n}\n\n/**\n * Reads a BER/DER definite length at `start` (first length octet).\n * @param der Buffer being parsed.\n * @param start Index of the length\u2019s first octet.\n * @returns Parsed length value and index immediately after the length encoding.\n */\nfunction readAsn1Length(\n  der: Uint8Array,\n  start: number\n): { value: number; next: number } {\n  const b = der.at(start);\n  if (b === undefined) {\n    throw new Error(\"Truncated DER\");\n  }\n  if ((b & 0x80) === 0) {\n    return { value: b, next: start + 1 };\n  }\n  const n = b & 0x7f;\n  if (n === 0 || n > 4) {\n    throw new Error(\"Invalid DER length encoding\");\n  }\n  const payloadStart = start + 1;\n  const nextAfterPayload = payloadStart + n;\n  if (nextAfterPayload > der.length) {\n    throw new Error(\"Truncated DER length\");\n  }\n  let len = 0;\n  for (let i = payloadStart; i < nextAfterPayload; i++) {\n    len = (len << 8) | der[i];\n  }\n  return { value: len, next: nextAfterPayload };\n}\n\n/**\n * Reads a DER INTEGER tag and value bytes within `[start, end)`.\n * @param der Buffer being parsed.\n * @param start Index of the INTEGER tag (0x02).\n * @param end Exclusive upper bound for the enclosing structure.\n * @returns Integer magnitude as big-endian bytes and index after the value.\n */\nfunction readInteger(\n  der: Uint8Array,\n  start: number,\n  end: number\n): { value: Uint8Array; next: number } {\n  if (der[start] !== 0x02) {\n    throw new Error(\"Expected DER INTEGER\");\n  }\n  const { value: len, next: valueStart } = readAsn1Length(der, start + 1);\n  const valueEnd = valueStart + len;\n  if (valueEnd > end) {\n    throw new Error(\"Truncated DER INTEGER\");\n  }\n  let v = der.slice(valueStart, valueEnd);\n  if (\n    v.length >= 2 &&\n    v[0] === 0 &&\n    (v[1] & 0x80) !== 0\n  ) {\n    v = v.slice(1);\n  }\n  return { value: v, next: valueEnd };\n}\n\n/**\n * Left-pads a big-endian component to exactly 32 bytes, or rejects if longer than 32.\n * @param b r or s magnitude bytes.\n * @returns A new 32-byte array.\n */\nfunction pad32(b: Uint8Array): Uint8Array {\n  if (b.length === 32) {\n    return b;\n  }\n  if (b.length > 32) {\n    throw new Error(\"r/s component is too long\");\n  }\n  const out = new Uint8Array(32);\n  out.set(b, 32 - b.length);\n  return out;\n}\n\n/**\n * Encodes a non-negative integer as DER definite length octets (short or long form).\n * @param len Length value to encode.\n * @returns Length bytes only (no tag).\n */\nexport function encodeDerDefiniteLength(len: number): Uint8Array {\n  if (len < 0x80) {\n    return new Uint8Array([len]);\n  }\n  const bytes: number[] = [];\n  let n = len;\n  while (n > 0) {\n    bytes.push(n & 0xff);\n    n >>>= 8;\n  }\n  bytes.reverse();\n  const out = new Uint8Array(1 + bytes.length);\n  out[0] = 0x80 | bytes.length;\n  out.set(bytes, 1);\n  return out;\n}\n\n/**\n * Encodes a 64-byte compact ECDSA signature (r||s) as ASN.1 DER SEQUENCE of two INTEGERs.\n * @param rs Exactly 64 bytes: r then s, each 32 bytes big-endian.\n * @returns DER-encoded signature bytes.\n */\nexport function derEncodeEcdsaSignature(rs: Uint8Array): Uint8Array {\n  if (rs.length !== 64) {\n    throw new Error(\"Expected 64 compact bytes\");\n  }\n  const r = encodeInteger(rs.slice(0, 32));\n  const s = encodeInteger(rs.slice(32, 64));\n  const seq = concatBuffers(r, s);\n  const seqLen = encodeDerDefiniteLength(seq.length);\n  return concatBuffers(new Uint8Array([0x30]), seqLen, seq);\n}\n\n/**\n * Builds a DER INTEGER for one signature component: strips redundant leading zeros,\n * adds a leading 0x00 when needed so the value is non-negative in DER.\n * @param bytes Raw 32-byte limb (may include leading zeros).\n * @returns Tag 0x02, length octet(s), and value bytes.\n */\nexport function encodeInteger(bytes: Uint8Array): Uint8Array {\n  let b = stripLeadingZeros(bytes);\n  if (b.length === 0) {\n    b = new Uint8Array([0]);\n  }\n  const hi = b[0];\n  if (hi & 0x80) {\n    b = concatBuffers(new Uint8Array([0]), b);\n  }\n  return concatBuffers(new Uint8Array([0x02, b.length]), b);\n}\n\n/**\n * Removes leading zero bytes while keeping at least one byte (does not strip the last byte).\n * @param bytes Big-endian integer bytes.\n * @returns A slice view with minimal leading zeros.\n */\nfunction stripLeadingZeros(bytes: Uint8Array): Uint8Array {\n  let i = 0;\n  while (i < bytes.length - 1 && bytes[i] === 0) {\n    i++;\n  }\n  return bytes.slice(i);\n}\n", "import {\n  DECOMPRESSED_LENGTH,\n  KEY_LENGTH,\n  PREFIXED_DECOMPRESSED_LENGTH,\n  PREFIXED_KEY_LENGTH,\n} from \"../constants\";\nimport type { Signature, SignResult } from \"./types\";\nimport {\n  bufferToHex,\n  concatBuffers,\n  hexToBuffer,\n  hexToNumber,\n  removeHexLeadingZeros,\n  sanitizeHex,\n} from \"./encoding\";\n\n/**\n * Checks whether a public key is in compressed format.\n * @param publicKey Public key bytes.\n * @returns True when key is compressed.\n */\nexport function isCompressed(publicKey: Uint8Array): boolean {\n  return (\n    publicKey.length === KEY_LENGTH || publicKey.length === PREFIXED_KEY_LENGTH\n  );\n}\n\n/**\n * Checks whether a public key is in uncompressed format.\n * @param publicKey Public key bytes.\n * @returns True when key is uncompressed.\n */\nexport function isDecompressed(publicKey: Uint8Array): boolean {\n  return (\n    publicKey.length === DECOMPRESSED_LENGTH ||\n    publicKey.length === PREFIXED_DECOMPRESSED_LENGTH\n  );\n}\n\n/**\n * Checks whether a public key has SEC1 prefix byte.\n * @param publicKey Public key bytes.\n * @returns True when key includes prefix.\n */\nexport function isPrefixed(publicKey: Uint8Array): boolean {\n  if (isCompressed(publicKey)) {\n    return publicKey.length === PREFIXED_KEY_LENGTH;\n  }\n  return publicKey.length === PREFIXED_DECOMPRESSED_LENGTH;\n}\n\n/**\n * Ensures a public key is SEC1-prefixed.\n * @param publicKey Public key bytes.\n * @returns Prefixed public key bytes.\n */\nexport function sanitizePublicKey(publicKey: Uint8Array): Uint8Array {\n  return isPrefixed(publicKey)\n    ? publicKey\n    : concatBuffers(hexToBuffer(\"04\"), publicKey);\n}\n\n/**\n * Converts recovery id to Ethereum-style recovery byte.\n * @param recoveryParam Recovery id.\n * @returns Recovery byte as Uint8Array.\n */\nexport function exportRecoveryParam(recoveryParam: number): Uint8Array {\n  return hexToBuffer(sanitizeHex((recoveryParam + 27).toString(16)));\n}\n\n/**\n * Converts recovery byte to recovery id.\n * @param v Recovery byte.\n * @returns Recovery id.\n */\nexport function importRecoveryParam(v: Uint8Array): number {\n  return hexToNumber(removeHexLeadingZeros(bufferToHex(v))) - 27;\n}\n\n/**\n * Splits compact signature bytes into r, s, and v components.\n * @param sig Signature bytes.\n * @returns Signature object with r, s, and v.\n */\nexport function splitSignature(sig: Uint8Array): Signature {\n  return {\n    r: sig.slice(0, 32),\n    s: sig.slice(32, 64),\n    v: sig.slice(64, 65),\n  };\n}\n\n/**\n * Joins r, s, and v signature components into byte array.\n * @param sig Signature object.\n * @returns Signature bytes.\n */\nexport function joinSignature(sig: Signature): Uint8Array {\n  return concatBuffers(sig.r, sig.s, sig.v);\n}\n\n/**\n * Checks whether signature bytes look like DER format.\n * @param sig Signature bytes.\n * @returns True when signature appears DER-encoded.\n */\nexport function isValidDERSignature(sig: Uint8Array): boolean {\n  return sig.length > 65 && sig[0] === 0x30;\n}\n\n/**\n * Converts recovered signature bytes into signature and recovery id.\n * @param sig Recovered signature bytes.\n * @returns Signature bytes and recovery id.\n */\nexport function sanitizeRSVSignature(sig: Uint8Array): SignResult {\n  return {\n    signature: sig.slice(0, 64),\n    recovery: importRecoveryParam(sig.slice(64, 65)),\n  };\n}\n", "import {\n  EC_GROUP_ORDER,\n  ERROR_BAD_PRIVATE_KEY,\n  ERROR_BAD_PUBLIC_KEY,\n  ERROR_EMPTY_MESSAGE,\n  ERROR_MESSAGE_TOO_LONG,\n  KEY_LENGTH,\n  LENGTH_0,\n  MAX_KEY_LENGTH,\n  MAX_MSG_LENGTH,\n  PREFIXED_DECOMPRESSED_LENGTH,\n  PREFIXED_KEY_LENGTH,\n  ZERO32,\n} from \"../constants\";\n\n/**\n * Asserts a condition and throws when it fails.\n * @param condition Condition to evaluate.\n * @param message Error message when condition fails.\n */\nexport function assert(condition: boolean, message: string): void {\n  if (!condition) {\n    throw new Error(message || \"Assertion failed\");\n  }\n}\n\n/**\n * Checks whether input is a 32-byte scalar.\n * @param x Input bytes.\n * @returns True when input is a scalar.\n */\nexport function isScalar(x: Uint8Array): boolean {\n  return x instanceof Uint8Array && x.length === 32;\n}\n\n/**\n * Validates a secp256k1 private key range.\n * @param privateKey Private key bytes.\n * @returns True when key is valid.\n */\nexport function isValidPrivateKey(privateKey: Uint8Array): boolean {\n  if (!isScalar(privateKey)) {\n    return false;\n  }\n  return (\n    compareBuffers(privateKey, ZERO32) > 0 &&\n    compareBuffers(privateKey, EC_GROUP_ORDER) < 0\n  );\n}\n\n/**\n * Compares two byte arrays lexicographically.\n * @param a First byte array.\n * @param b Second byte array.\n * @returns -1, 0, or 1 depending on comparison result.\n */\nexport function compareBuffers(a: Uint8Array, b: Uint8Array): number {\n  const len = Math.max(a.length, b.length);\n  for (let i = 0; i < len; i++) {\n    const av = a[i] ?? 0;\n    const bv = b[i] ?? 0;\n    if (av !== bv) {\n      return av < bv ? -1 : 1;\n    }\n  }\n  return 0;\n}\n\n/**\n * Compares two byte arrays in constant time.\n * @param b1 First byte array.\n * @param b2 Second byte array.\n * @returns True when arrays are equal.\n */\nexport function equalConstTime(b1: Uint8Array, b2: Uint8Array): boolean {\n  if (b1.length !== b2.length) {\n    return false;\n  }\n  let res = 0;\n  for (let i = 0; i < b1.length; i++) {\n    res |= b1[i] ^ b2[i];\n  }\n  return res === 0;\n}\n\n/**\n * Validates random key length constraints.\n * @param length Requested length.\n * @returns True when length is valid.\n */\nexport function isValidKeyLength(length: number): boolean {\n  return !(\n    length <= LENGTH_0 ||\n    length > MAX_KEY_LENGTH ||\n    Number.parseInt(String(length), 10) !== length\n  );\n}\n\n/**\n * Validates a private key and throws when invalid.\n * @param privateKey Private key bytes.\n */\nexport function checkPrivateKey(privateKey: Uint8Array): void {\n  assert(privateKey.length === KEY_LENGTH, ERROR_BAD_PRIVATE_KEY);\n  assert(isValidPrivateKey(privateKey), ERROR_BAD_PRIVATE_KEY);\n}\n\n/**\n * Validates a public key and throws when invalid.\n * @param publicKey Public key bytes.\n */\nexport function checkPublicKey(publicKey: Uint8Array): void {\n  assert(\n    publicKey.length === PREFIXED_DECOMPRESSED_LENGTH ||\n      publicKey.length === PREFIXED_KEY_LENGTH,\n    ERROR_BAD_PUBLIC_KEY\n  );\n  if (publicKey.length === PREFIXED_DECOMPRESSED_LENGTH) {\n    assert(publicKey[0] === 4, ERROR_BAD_PUBLIC_KEY);\n  }\n  if (publicKey.length === PREFIXED_KEY_LENGTH) {\n    assert(publicKey[0] === 2 || publicKey[0] === 3, ERROR_BAD_PUBLIC_KEY);\n  }\n}\n\n/**\n * Validates message bytes and throws when invalid.\n * @param msg Message bytes.\n */\nexport function checkMessage(msg: Uint8Array): void {\n  assert(msg.length > 0, ERROR_EMPTY_MESSAGE);\n  assert(msg.length <= MAX_MSG_LENGTH, ERROR_MESSAGE_TOO_LONG);\n}\n"],
  "mappings": ";AAAA,SAAS,YAAY;AACrB,SAAS,cAAc;AACvB,YAAY,UAAU;;;ACIf,SAAS,WAAW,KAAuB;AAChD,QAAM,QAAQ,IAAI,SAAS,IAAI,IAAI,GAAG,KAAK;AAC3C,QAAM,MAAgB,CAAC;AACvB,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,GAAG;AACxC,QAAI,KAAK,OAAO,SAAS,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;AAAA,EACrD;AACA,SAAO;AACT;;;ACDO,IAAM,WAAW;AACjB,IAAM,WAAW;AAEjB,IAAM,YAAY;AAClB,IAAM,YAAY;AAClB,IAAM,YAAY;AAElB,IAAM,aAAa;AAInB,IAAM,aAAa;AACnB,IAAM,cAAc;AAGpB,IAAM,oBAAoB,OAAO,UAAU;AAM3C,IAAM,gBAAgB,OAAO,UAAU;AACvC,IAAM,iBAAiB,MAAM,WAAW;AASxC,IAAM,gBAAgB;AACtB,IAAM,aAAa;AACnB,IAAM,YAAY;AAIlB,IAAM,aAAa;AACnB,IAAM,sBAAsB;AAE5B,IAAM,sBAAsB,aAAa;AACzC,IAAM,+BAA+B,sBAAsB;AAE3D,IAAM,8BACX,YAAY,sBAAsB;AAI7B,IAAM,iBAAiB;AAEvB,IAAM,eAAe,IAAI,WAAW,QAAQ;AAE5C,IAAM,iBAAiB,IAAI;AAAA,EAChC;AAAA,IACE;AAAA,EACF;AACF;AAEO,IAAM,SAAS,IAAI,WAAW,SAAS,EAAE,KAAK,QAAQ;AAGtD,IAAM,sBAAsB;AAC5B,IAAM,wBAAwB;AAC9B,IAAM,uBAAuB;AAI7B,IAAM,sBAAsB;AAC5B,IAAM,yBAAyB;;;ACzEtC,IAAM,cAAc,IAAI,YAAY;AACpC,IAAM,cAAc,IAAI,YAAY;AAyB7B,SAAS,iBAAiB,SAAmC;AAClE,QAAM,QAAQ,QAAQ,OAAO,CAAC,GAAG,MAAM,IAAI,EAAE,QAAQ,QAAQ;AAC7D,QAAM,MAAM,IAAI,WAAW,KAAK;AAChC,MAAI,SAAS;AACb,aAAW,KAAK,SAAS;AACvB,QAAI,IAAI,GAAG,MAAM;AACjB,cAAU,EAAE;AAAA,EACd;AACA,SAAO;AACT;;;ACnCO,SAAS,wBAAwB,KAA6B;AACnE,MAAI,IAAI,SAAS,KAAK,IAAI,CAAC,MAAM,IAAM;AACrC,UAAM,IAAI,MAAM,uBAAuB;AAAA,EACzC;AACA,QAAM,EAAE,OAAO,QAAQ,MAAM,UAAU,IAAI,eAAe,KAAK,CAAC;AAChE,QAAM,UAAU,YAAY;AAC5B,MAAI,UAAU,IAAI,QAAQ;AACxB,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AACA,QAAM,IAAI,YAAY,KAAK,WAAW,OAAO;AAC7C,QAAM,IAAI,YAAY,KAAK,EAAE,MAAM,OAAO;AAC1C,MAAI,EAAE,SAAS,SAAS;AACtB,UAAM,IAAI,MAAM,8BAA8B;AAAA,EAChD;AACA,SAAO,cAAc,MAAM,EAAE,KAAK,GAAG,MAAM,EAAE,KAAK,CAAC;AACrD;AAQA,SAAS,eACP,KACA,OACiC;AACjC,QAAM,IAAI,IAAI,GAAG,KAAK;AACtB,MAAI,MAAM,QAAW;AACnB,UAAM,IAAI,MAAM,eAAe;AAAA,EACjC;AACA,OAAK,IAAI,SAAU,GAAG;AACpB,WAAO,EAAE,OAAO,GAAG,MAAM,QAAQ,EAAE;AAAA,EACrC;AACA,QAAM,IAAI,IAAI;AACd,MAAI,MAAM,KAAK,IAAI,GAAG;AACpB,UAAM,IAAI,MAAM,6BAA6B;AAAA,EAC/C;AACA,QAAM,eAAe,QAAQ;AAC7B,QAAM,mBAAmB,eAAe;AACxC,MAAI,mBAAmB,IAAI,QAAQ;AACjC,UAAM,IAAI,MAAM,sBAAsB;AAAA,EACxC;AACA,MAAI,MAAM;AACV,WAAS,IAAI,cAAc,IAAI,kBAAkB,KAAK;AACpD,UAAO,OAAO,IAAK,IAAI,CAAC;AAAA,EAC1B;AACA,SAAO,EAAE,OAAO,KAAK,MAAM,iBAAiB;AAC9C;AASA,SAAS,YACP,KACA,OACA,KACqC;AACrC,MAAI,IAAI,KAAK,MAAM,GAAM;AACvB,UAAM,IAAI,MAAM,sBAAsB;AAAA,EACxC;AACA,QAAM,EAAE,OAAO,KAAK,MAAM,WAAW,IAAI,eAAe,KAAK,QAAQ,CAAC;AACtE,QAAM,WAAW,aAAa;AAC9B,MAAI,WAAW,KAAK;AAClB,UAAM,IAAI,MAAM,uBAAuB;AAAA,EACzC;AACA,MAAI,IAAI,IAAI,MAAM,YAAY,QAAQ;AACtC,MACE,EAAE,UAAU,KACZ,EAAE,CAAC,MAAM,MACR,EAAE,CAAC,IAAI,SAAU,GAClB;AACA,QAAI,EAAE,MAAM,CAAC;AAAA,EACf;AACA,SAAO,EAAE,OAAO,GAAG,MAAM,SAAS;AACpC;AAOA,SAAS,MAAM,GAA2B;AACxC,MAAI,EAAE,WAAW,IAAI;AACnB,WAAO;AAAA,EACT;AACA,MAAI,EAAE,SAAS,IAAI;AACjB,UAAM,IAAI,MAAM,2BAA2B;AAAA,EAC7C;AACA,QAAM,MAAM,IAAI,WAAW,EAAE;AAC7B,MAAI,IAAI,GAAG,KAAK,EAAE,MAAM;AACxB,SAAO;AACT;AAOO,SAAS,wBAAwB,KAAyB;AAC/D,MAAI,MAAM,KAAM;AACd,WAAO,IAAI,WAAW,CAAC,GAAG,CAAC;AAAA,EAC7B;AACA,QAAM,QAAkB,CAAC;AACzB,MAAI,IAAI;AACR,SAAO,IAAI,GAAG;AACZ,UAAM,KAAK,IAAI,GAAI;AACnB,WAAO;AAAA,EACT;AACA,QAAM,QAAQ;AACd,QAAM,MAAM,IAAI,WAAW,IAAI,MAAM,MAAM;AAC3C,MAAI,CAAC,IAAI,MAAO,MAAM;AACtB,MAAI,IAAI,OAAO,CAAC;AAChB,SAAO;AACT;AAOO,SAAS,wBAAwB,IAA4B;AAClE,MAAI,GAAG,WAAW,IAAI;AACpB,UAAM,IAAI,MAAM,2BAA2B;AAAA,EAC7C;AACA,QAAM,IAAI,cAAc,GAAG,MAAM,GAAG,EAAE,CAAC;AACvC,QAAM,IAAI,cAAc,GAAG,MAAM,IAAI,EAAE,CAAC;AACxC,QAAM,MAAM,cAAc,GAAG,CAAC;AAC9B,QAAM,SAAS,wBAAwB,IAAI,MAAM;AACjD,SAAO,cAAc,IAAI,WAAW,CAAC,EAAI,CAAC,GAAG,QAAQ,GAAG;AAC1D;AAQO,SAAS,cAAc,OAA+B;AAC3D,MAAI,IAAI,kBAAkB,KAAK;AAC/B,MAAI,EAAE,WAAW,GAAG;AAClB,QAAI,IAAI,WAAW,CAAC,CAAC,CAAC;AAAA,EACxB;AACA,QAAM,KAAK,EAAE,CAAC;AACd,MAAI,KAAK,KAAM;AACb,QAAI,cAAc,IAAI,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;AAAA,EAC1C;AACA,SAAO,cAAc,IAAI,WAAW,CAAC,GAAM,EAAE,MAAM,CAAC,GAAG,CAAC;AAC1D;AAOA,SAAS,kBAAkB,OAA+B;AACxD,MAAI,IAAI;AACR,SAAO,IAAI,MAAM,SAAS,KAAK,MAAM,CAAC,MAAM,GAAG;AAC7C;AAAA,EACF;AACA,SAAO,MAAM,MAAM,CAAC;AACtB;;;ACvJO,SAAS,aAAa,WAAgC;AAC3D,SACE,UAAU,WAAW,cAAc,UAAU,WAAW;AAE5D;AAOO,SAAS,eAAe,WAAgC;AAC7D,SACE,UAAU,WAAW,uBACrB,UAAU,WAAW;AAEzB;AAsEO,SAAS,oBAAoB,KAA0B;AAC5D,SAAO,IAAI,SAAS,MAAM,IAAI,CAAC,MAAM;AACvC;;;ACzFO,SAAS,OAAO,WAAoB,SAAuB;AAChE,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,MAAM,WAAW,kBAAkB;AAAA,EAC/C;AACF;AAOO,SAAS,SAAS,GAAwB;AAC/C,SAAO,aAAa,cAAc,EAAE,WAAW;AACjD;AAOO,SAAS,kBAAkB,YAAiC;AACjE,MAAI,CAAC,SAAS,UAAU,GAAG;AACzB,WAAO;AAAA,EACT;AACA,SACE,eAAe,YAAY,MAAM,IAAI,KACrC,eAAe,YAAY,cAAc,IAAI;AAEjD;AAQO,SAAS,eAAe,GAAe,GAAuB;AACnE,QAAM,MAAM,KAAK,IAAI,EAAE,QAAQ,EAAE,MAAM;AACvC,WAAS,IAAI,GAAG,IAAI,KAAK,KAAK;AAC5B,UAAM,KAAK,EAAE,CAAC,KAAK;AACnB,UAAM,KAAK,EAAE,CAAC,KAAK;AACnB,QAAI,OAAO,IAAI;AACb,aAAO,KAAK,KAAK,KAAK;AAAA,IACxB;AAAA,EACF;AACA,SAAO;AACT;AAoCO,SAAS,gBAAgB,YAA8B;AAC5D,SAAO,WAAW,WAAW,YAAY,qBAAqB;AAC9D,SAAO,kBAAkB,UAAU,GAAG,qBAAqB;AAC7D;AAMO,SAAS,eAAe,WAA6B;AAC1D;AAAA,IACE,UAAU,WAAW,gCACnB,UAAU,WAAW;AAAA,IACvB;AAAA,EACF;AACA,MAAI,UAAU,WAAW,8BAA8B;AACrD,WAAO,UAAU,CAAC,MAAM,GAAG,oBAAoB;AAAA,EACjD;AACA,MAAI,UAAU,WAAW,qBAAqB;AAC5C,WAAO,UAAU,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,GAAG,oBAAoB;AAAA,EACvE;AACF;AAMO,SAAS,aAAa,KAAuB;AAClD,SAAO,IAAI,SAAS,GAAG,mBAAmB;AAC1C,SAAO,IAAI,UAAU,gBAAgB,sBAAsB;AAC7D;;;AN/GK,YAAO,SAAS;AAChB,YAAO,aAAa,CAAC,KAAiB,QACzC,KAAK,QAAQ,KAAK,GAAG;AAMhB,SAAS,kBAA8B;AAC5C,SAAY,WAAM,gBAAgB;AACpC;AAOO,SAAS,SAAS,WAAmC;AAC1D,MAAI,aAAa,SAAS,GAAG;AAC3B,mBAAe,SAAS;AACxB,WAAO;AAAA,EACT;AACA,MAAI,UAAU,WAAW,8BAA8B;AACrD,mBAAe,SAAS;AAAA,EAC1B;AACA,SAAY,WAAM,UAAU,SAAS,EAAE,QAAQ,IAAI;AACrD;AAOO,SAAS,WAAW,WAAmC;AAC5D,MAAI,eAAe,SAAS,GAAG;AAC7B,QAAI,UAAU,WAAW,8BAA8B;AACrD,qBAAe,SAAS;AAAA,IAC1B;AACA,WAAO;AAAA,EACT;AACA,MAAI,UAAU,WAAW,qBAAqB;AAC5C,mBAAe,SAAS;AAAA,EAC1B;AACA,SAAY,WAAM,UAAU,SAAS,EAAE,QAAQ,KAAK;AACtD;AAOO,SAAS,UAAU,YAAoC;AAC5D,kBAAgB,UAAU;AAC1B,SAAY,kBAAa,YAAY,KAAK;AAC5C;AAOO,SAAS,oBAAoB,YAAoC;AACtE,kBAAgB,UAAU;AAC1B,SAAY,kBAAa,YAAY,IAAI;AAC3C;AAMO,SAAS,kBAA2B;AACzC,QAAM,aAAa,gBAAgB;AACnC,QAAM,YAAY,UAAU,UAAU;AACtC,SAAO,EAAE,YAAY,UAAU;AACjC;AAOO,SAAS,gBAAgB,KAA6B;AAC3D,MAAI,oBAAoB,GAAG,GAAG;AAC5B,WAAO;AAAA,EACT;AACA,QAAM,UAAU,IAAI,WAAW,KAAK,IAAI,MAAM,GAAG,EAAE,IAAI;AACvD,MAAI,QAAQ,WAAW,IAAI;AACzB,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AACA,SAAO,wBAAwB,OAAO;AACxC;AASO,SAASA,MACd,YACA,KACA,SAAS,OACG;AACZ,kBAAgB,UAAU;AAC1B,eAAa,GAAG;AAChB,SAAY,UAAK,KAAK,YAAY;AAAA,IAChC,SAAS;AAAA,IACT,QAAQ,SAAS,cAAc;AAAA,IAC/B,MAAM;AAAA,EACR,CAAC;AACH;AASO,SAAS,QACd,KACA,KACA,aAAa,OACD;AACZ,eAAa,GAAG;AAChB,QAAM,MAAW,sBAAiB,KAAK,KAAK,EAAE,SAAS,MAAM,CAAC;AAC9D,SAAY,WAAM,UAAU,GAAG,EAAE,QAAQ,UAAU;AACrD;AASO,SAASC,QACd,WACA,KACA,KACM;AACN,iBAAe,SAAS;AACxB,eAAa,GAAG;AAEhB,MAAI;AACJ,MAAI;AACJ,MAAI,IAAI,WAAW,IAAI;AACrB,eAAW;AACX,aAAS;AAAA,EACX,WAAW,IAAI,CAAC,MAAM,IAAM;AAC1B,eAAW,wBAAwB,GAAG;AACtC,aAAS;AAAA,EACX,OAAO;AACL,eAAW;AACX,aAAS,IAAI,WAAW,KAAK,cAAc;AAAA,EAC7C;AAEA,QAAM,KAAU,YAAO,UAAU,KAAK,WAAW;AAAA,IAC/C,SAAS;AAAA,IACT;AAAA,IACA,MAAM;AAAA,EACR,CAAC;AACD,MAAI,CAAC,GAAI,OAAM,IAAI,MAAM,mBAAmB;AAC9C;",
  "names": ["sign", "verify"]
}