{
  "version": 3,
  "sources": ["../src/hmac.ts", "../src/helpers/encoding.ts", "../src/helpers/validators.ts"],
  "sourcesContent": ["import { hmac } from \"@noble/hashes/hmac.js\";\nimport { sha256, sha512 } from \"@noble/hashes/sha2.js\";\nimport { bufferToBase64, utf8ToBuffer } from \"./helpers/encoding\";\nimport { equalConstTime } from \"./helpers/validators\";\n\n/**\n * Computes HMAC-SHA256 signature.\n * @param key HMAC key bytes.\n * @param msg Message bytes.\n * @returns HMAC-SHA256 bytes.\n */\nexport async function hmacSha256Sign(\n  key: Uint8Array,\n  msg: Uint8Array\n): Promise<Uint8Array> {\n  return hmacSha256SignSync(key, msg);\n}\n\n/**\n * Verifies HMAC-SHA256 signature.\n * @param key HMAC key bytes.\n * @param msg Message bytes.\n * @param sig Signature bytes to verify.\n * @returns True when signature is valid.\n */\nexport async function hmacSha256Verify(\n  key: Uint8Array,\n  msg: Uint8Array,\n  sig: Uint8Array\n): Promise<boolean> {\n  return hmacSha256VerifySync(key, msg, sig);\n}\n\n/**\n * Computes HMAC-SHA512 signature.\n * @param key HMAC key bytes.\n * @param msg Message bytes.\n * @returns HMAC-SHA512 bytes.\n */\nexport async function hmacSha512Sign(\n  key: Uint8Array,\n  msg: Uint8Array\n): Promise<Uint8Array> {\n  return hmacSha512SignSync(key, msg);\n}\n\n/**\n * Verifies HMAC-SHA512 signature.\n * @param key HMAC key bytes.\n * @param msg Message bytes.\n * @param sig Signature bytes to verify.\n * @returns True when signature is valid.\n */\nexport async function hmacSha512Verify(\n  key: Uint8Array,\n  msg: Uint8Array,\n  sig: Uint8Array\n): Promise<boolean> {\n  return hmacSha512VerifySync(key, msg, sig);\n}\n\n/**\n * Computes HMAC-SHA256 signature.\n * @param key HMAC key bytes.\n * @param msg Message bytes.\n * @returns HMAC-SHA256 bytes.\n */\nexport function hmacSha256SignSync(key: Uint8Array, msg: Uint8Array): Uint8Array {\n  return hmac(sha256, key, msg);\n}\n\n/**\n * Verifies HMAC-SHA256 signature.\n * @param key HMAC key bytes.\n * @param msg Message bytes.\n * @param sig Signature bytes to verify.\n * @returns True when signature is valid.\n */\nexport function hmacSha256VerifySync(\n  key: Uint8Array,\n  msg: Uint8Array,\n  sig: Uint8Array\n): boolean {\n  const expected = hmacSha256SignSync(key, msg);\n  return equalConstTime(expected, sig);\n}\n\n/**\n * Computes HMAC-SHA512 signature.\n * @param key HMAC key bytes.\n * @param msg Message bytes.\n * @returns HMAC-SHA512 bytes.\n */\nexport function hmacSha512SignSync(key: Uint8Array, msg: Uint8Array): Uint8Array {\n  return hmac(sha512, key, msg);\n}\n\n/**\n * Verifies HMAC-SHA512 signature.\n * @param key HMAC key bytes.\n * @param msg Message bytes.\n * @param sig Signature bytes to verify.\n * @returns True when signature is valid.\n */\nexport function hmacSha512VerifySync(\n  key: Uint8Array,\n  msg: Uint8Array,\n  sig: Uint8Array\n): boolean {\n  const expected = hmacSha512SignSync(key, msg);\n  return equalConstTime(expected, sig);\n}\n\n/**\n * HMAC-SHA256: UTF-8(`keyUtf8`) is the raw key (Web Crypto `importKey(\"raw\", \u2026, HMAC-SHA-256)` style).\n * Tag is RFC 4648 Base64.\n *\n * @param keyUtf8 Secret string.\n * @param msg Message bytes.\n * @returns Base64 MAC.\n */\nexport async function hmacSha256SignUtf8KeyBase64(\n  keyUtf8: string,\n  msg: Uint8Array,\n): Promise<string> {\n  return hmacSha256SignUtf8KeyBase64Sync(keyUtf8, msg);\n}\n\n/** Synchronous {@link hmacSha256SignUtf8KeyBase64}. */\nexport function hmacSha256SignUtf8KeyBase64Sync(\n  keyUtf8: string,\n  msg: Uint8Array,\n): string {\n  const keyBytes = utf8ToBuffer(keyUtf8);\n  return bufferToBase64(hmacSha256SignSync(keyBytes, msg));\n}\n\n/**\n * HMAC-SHA256 over UTF-8(`JSON.stringify(data)`) with UTF-8 string key; see {@link hmacSha256SignUtf8KeyBase64}.\n *\n * @param keyUtf8 Secret string.\n * @param data `JSON.stringify` input.\n * @returns Base64 MAC.\n */\nexport async function hmacSha256SignJsonUtf8KeyBase64(\n  keyUtf8: string,\n  data: unknown,\n): Promise<string> {\n  return hmacSha256SignJsonUtf8KeyBase64Sync(keyUtf8, data);\n}\n\n/** Synchronous {@link hmacSha256SignJsonUtf8KeyBase64}. */\nexport function hmacSha256SignJsonUtf8KeyBase64Sync(\n  keyUtf8: string,\n  data: unknown,\n): string {\n  return hmacSha256SignUtf8KeyBase64Sync(keyUtf8, utf8ToBuffer(JSON.stringify(data)));\n}\n", "import {\n  HEX_ENC,\n  LENGTH_0,\n  LENGTH_16,\n  type UTF8_ENC,\n} from \"../constants\";\n\nconst textEncoder = new TextEncoder();\nconst textDecoder = new TextDecoder();\n\n/**\n * Encodes a UTF-8 string into bytes.\n * @param str Input string.\n * @returns UTF-8 encoded bytes.\n */\nexport function utf8ToBuffer(str: string): Uint8Array {\n  return textEncoder.encode(str);\n}\n\n/**\n * Decodes UTF-8 bytes into a string.\n * @param buf UTF-8 encoded bytes.\n * @returns Decoded string.\n */\nexport function bufferToUtf8(buf: Uint8Array): string {\n  return textDecoder.decode(buf);\n}\n\n/**\n * Concatenates multiple byte arrays.\n * @param buffers Byte arrays to concatenate.\n * @returns Concatenated byte array.\n */\nexport function concatBuffers(...buffers: Uint8Array[]): Uint8Array {\n  const total = buffers.reduce((n, b) => n + b.length, LENGTH_0);\n  const out = new Uint8Array(total);\n  let offset = LENGTH_0;\n  for (const b of buffers) {\n    out.set(b, offset);\n    offset += b.length;\n  }\n  return out;\n}\n\n/**\n * Converts bytes to a lowercase hex string.\n * @param buf Input bytes.\n * @param enc Output encoding selector. Only `hex` is accepted.\n * @returns Hex string.\n */\nexport function bufferToHex(\n  buf: Uint8Array,\n  enc: typeof HEX_ENC | typeof UTF8_ENC = HEX_ENC\n): string {\n  if (enc !== HEX_ENC) {\n    throw new Error(\"bufferToHex: only hex encoding is supported\");\n  }\n  let hex = \"\";\n  for (const byte of buf) {\n    hex += byte.toString(16).padStart(2, \"0\");\n  }\n  return hex;\n}\n\n/**\n * Converts a hex string to bytes.\n * @param hex Input hex string, with optional `0x` prefix.\n * @returns Decoded bytes.\n */\nexport function hexToBuffer(hex: string): Uint8Array {\n  const clean = hex.startsWith(\"0x\") ? hex.slice(2) : hex;\n  if (clean.length % 2 !== 0) {\n    throw new Error(\"hexToBuffer: invalid length\");\n  }\n  const out = new Uint8Array(clean.length / 2);\n  for (let i = 0; i < out.length; i++) {\n    const byte = Number.parseInt(clean.slice(i * 2, i * 2 + 2), 16);\n    if (!Number.isFinite(byte) || byte < 0 || byte > 255) {\n      throw new Error(\"hexToBuffer: invalid hex character\");\n    }\n    out[i] = byte;\n  }\n  return out;\n}\n\n/**\n * Removes a leading `0x` prefix from a hex string.\n * @param hex Input hex string.\n * @returns Hex string without prefix.\n */\nexport function sanitizeHex(hex: string): string {\n  return hex.startsWith(\"0x\") ? hex.slice(2) : hex;\n}\n\n/**\n * Removes leading zeros from a hex string.\n * @param hex Input hex string.\n * @returns Hex string without leading zeros.\n */\nexport function removeHexLeadingZeros(hex: string): string {\n  const h = sanitizeHex(hex);\n  const stripped = h.replace(/^0+/, \"\");\n  return stripped.length ? stripped : \"0\";\n}\n\n/**\n * Parses a hex string into a number.\n * @param hex Input hex string.\n * @returns Parsed number.\n */\nexport function hexToNumber(hex: string): number {\n  return Number.parseInt(sanitizeHex(hex), 16);\n}\n\n/**\n * RFC 4648 Base64 from bytes. Chunks `btoa` input to avoid huge spread argument lists.\n *\n * @param buf Input bytes.\n * @returns Base64 string (no line breaks).\n */\nexport function bufferToBase64(buf: Uint8Array): string {\n  const chunk = 0x8000;\n  let binary = \"\";\n  for (let i = 0; i < buf.length; i += chunk) {\n    binary += String.fromCharCode(...buf.subarray(i, i + chunk));\n  }\n  return btoa(binary);\n}\n\n/**\n * RFC 4648 Base64 to bytes (whitespace stripped). Uses `atob`.\n *\n * @param str Base64 string.\n * @returns New `Uint8Array`.\n * @throws {DOMException} Invalid Base64 where `atob` throws.\n */\nexport function base64ToBuffer(str: string): Uint8Array {\n  const normalized = str.replace(/\\s+/g, \"\");\n  const binary = atob(normalized);\n  const out = new Uint8Array(binary.length);\n  for (let i = 0; i < binary.length; i++) {\n    out[i] = binary.charCodeAt(i) & 0xff;\n  }\n  return out;\n}\n\n/**\n * RFC 4648 Base64url without `=` padding (`-`/`_`). Common for JWK `k`.\n *\n * @param buf Input bytes.\n * @returns Base64url string.\n */\nexport function bufferToBase64Url(buf: Uint8Array): string {\n  return bufferToBase64(buf)\n    .replace(/\\+/g, \"-\")\n    .replace(/\\//g, \"_\")\n    .replace(/=+$/, \"\");\n}\n\n/**\n * Base64url to bytes (optional padding; then {@link base64ToBuffer}).\n *\n * @param str Base64url string.\n * @returns New `Uint8Array`.\n * @throws {Error} Length mod 4 === 1 (invalid).\n */\nexport function base64UrlToBuffer(str: string): Uint8Array {\n  let s = str.replace(/-/g, \"+\").replace(/_/g, \"/\");\n  const pad = s.length % 4;\n  if (pad === 2) s += \"==\";\n  else if (pad === 3) s += \"=\";\n  else if (pad === 1) {\n    throw new Error(\"base64UrlToBuffer: invalid length\");\n  }\n  return base64ToBuffer(s);\n}\n\n/**\n * 16-byte AES-128 raw key from `utf8ToBuffer(key.padEnd(16, \" \"))`. Must yield exactly 16 UTF-8 bytes\n * (same constraint as Web Crypto `importKey(\"raw\", \u2026)` for AES-128).\n *\n * @param key Passphrase.\n * @returns 16 key bytes.\n * @throws {Error} UTF-8 length \u2260 16 after padding.\n */\nexport function aes128StringKeyMaterial(key: string): Uint8Array {\n  const padded = key.padEnd(LENGTH_16, \" \");\n  const bytes = textEncoder.encode(padded);\n  if (bytes.length !== LENGTH_16) {\n    throw new Error(\n      \"aes128StringKeyMaterial: padded key must UTF-8 encode to exactly 16 bytes\",\n    );\n  }\n  return bytes;\n}\n\n", "import {\n  EC_GROUP_ORDER,\n  ERROR_BAD_PRIVATE_KEY,\n  ERROR_BAD_PUBLIC_KEY,\n  ERROR_EMPTY_MESSAGE,\n  ERROR_MESSAGE_TOO_LONG,\n  KEY_LENGTH,\n  LENGTH_0,\n  MAX_KEY_LENGTH,\n  MAX_MSG_LENGTH,\n  PREFIXED_DECOMPRESSED_LENGTH,\n  PREFIXED_KEY_LENGTH,\n  ZERO32,\n} from \"../constants\";\n\n/**\n * Asserts a condition and throws when it fails.\n * @param condition Condition to evaluate.\n * @param message Error message when condition fails.\n */\nexport function assert(condition: boolean, message: string): void {\n  if (!condition) {\n    throw new Error(message || \"Assertion failed\");\n  }\n}\n\n/**\n * Checks whether input is a 32-byte scalar.\n * @param x Input bytes.\n * @returns True when input is a scalar.\n */\nexport function isScalar(x: Uint8Array): boolean {\n  return x instanceof Uint8Array && x.length === 32;\n}\n\n/**\n * Validates a secp256k1 private key range.\n * @param privateKey Private key bytes.\n * @returns True when key is valid.\n */\nexport function isValidPrivateKey(privateKey: Uint8Array): boolean {\n  if (!isScalar(privateKey)) {\n    return false;\n  }\n  return (\n    compareBuffers(privateKey, ZERO32) > 0 &&\n    compareBuffers(privateKey, EC_GROUP_ORDER) < 0\n  );\n}\n\n/**\n * Compares two byte arrays lexicographically.\n * @param a First byte array.\n * @param b Second byte array.\n * @returns -1, 0, or 1 depending on comparison result.\n */\nexport function compareBuffers(a: Uint8Array, b: Uint8Array): number {\n  const len = Math.max(a.length, b.length);\n  for (let i = 0; i < len; i++) {\n    const av = a[i] ?? 0;\n    const bv = b[i] ?? 0;\n    if (av !== bv) {\n      return av < bv ? -1 : 1;\n    }\n  }\n  return 0;\n}\n\n/**\n * Compares two byte arrays in constant time.\n * @param b1 First byte array.\n * @param b2 Second byte array.\n * @returns True when arrays are equal.\n */\nexport function equalConstTime(b1: Uint8Array, b2: Uint8Array): boolean {\n  if (b1.length !== b2.length) {\n    return false;\n  }\n  let res = 0;\n  for (let i = 0; i < b1.length; i++) {\n    res |= b1[i] ^ b2[i];\n  }\n  return res === 0;\n}\n\n/**\n * Validates random key length constraints.\n * @param length Requested length.\n * @returns True when length is valid.\n */\nexport function isValidKeyLength(length: number): boolean {\n  return !(\n    length <= LENGTH_0 ||\n    length > MAX_KEY_LENGTH ||\n    Number.parseInt(String(length), 10) !== length\n  );\n}\n\n/**\n * Validates a private key and throws when invalid.\n * @param privateKey Private key bytes.\n */\nexport function checkPrivateKey(privateKey: Uint8Array): void {\n  assert(privateKey.length === KEY_LENGTH, ERROR_BAD_PRIVATE_KEY);\n  assert(isValidPrivateKey(privateKey), ERROR_BAD_PRIVATE_KEY);\n}\n\n/**\n * Validates a public key and throws when invalid.\n * @param publicKey Public key bytes.\n */\nexport function checkPublicKey(publicKey: Uint8Array): void {\n  assert(\n    publicKey.length === PREFIXED_DECOMPRESSED_LENGTH ||\n      publicKey.length === PREFIXED_KEY_LENGTH,\n    ERROR_BAD_PUBLIC_KEY\n  );\n  if (publicKey.length === PREFIXED_DECOMPRESSED_LENGTH) {\n    assert(publicKey[0] === 4, ERROR_BAD_PUBLIC_KEY);\n  }\n  if (publicKey.length === PREFIXED_KEY_LENGTH) {\n    assert(publicKey[0] === 2 || publicKey[0] === 3, ERROR_BAD_PUBLIC_KEY);\n  }\n}\n\n/**\n * Validates message bytes and throws when invalid.\n * @param msg Message bytes.\n */\nexport function checkMessage(msg: Uint8Array): void {\n  assert(msg.length > 0, ERROR_EMPTY_MESSAGE);\n  assert(msg.length <= MAX_MSG_LENGTH, ERROR_MESSAGE_TOO_LONG);\n}\n"],
  "mappings": ";AAAA,SAAS,YAAY;AACrB,SAAS,QAAQ,cAAc;;;ACM/B,IAAM,cAAc,IAAI,YAAY;AACpC,IAAM,cAAc,IAAI,YAAY;AAO7B,SAAS,aAAa,KAAyB;AACpD,SAAO,YAAY,OAAO,GAAG;AAC/B;AAuGO,SAAS,eAAe,KAAyB;AACtD,QAAM,QAAQ;AACd,MAAI,SAAS;AACb,WAAS,IAAI,GAAG,IAAI,IAAI,QAAQ,KAAK,OAAO;AAC1C,cAAU,OAAO,aAAa,GAAG,IAAI,SAAS,GAAG,IAAI,KAAK,CAAC;AAAA,EAC7D;AACA,SAAO,KAAK,MAAM;AACpB;;;ACrDO,SAAS,eAAe,IAAgB,IAAyB;AACtE,MAAI,GAAG,WAAW,GAAG,QAAQ;AAC3B,WAAO;AAAA,EACT;AACA,MAAI,MAAM;AACV,WAAS,IAAI,GAAG,IAAI,GAAG,QAAQ,KAAK;AAClC,WAAO,GAAG,CAAC,IAAI,GAAG,CAAC;AAAA,EACrB;AACA,SAAO,QAAQ;AACjB;;;AFxEA,eAAsB,eACpB,KACA,KACqB;AACrB,SAAO,mBAAmB,KAAK,GAAG;AACpC;AASA,eAAsB,iBACpB,KACA,KACA,KACkB;AAClB,SAAO,qBAAqB,KAAK,KAAK,GAAG;AAC3C;AAQA,eAAsB,eACpB,KACA,KACqB;AACrB,SAAO,mBAAmB,KAAK,GAAG;AACpC;AASA,eAAsB,iBACpB,KACA,KACA,KACkB;AAClB,SAAO,qBAAqB,KAAK,KAAK,GAAG;AAC3C;AAQO,SAAS,mBAAmB,KAAiB,KAA6B;AAC/E,SAAO,KAAK,QAAQ,KAAK,GAAG;AAC9B;AASO,SAAS,qBACd,KACA,KACA,KACS;AACT,QAAM,WAAW,mBAAmB,KAAK,GAAG;AAC5C,SAAO,eAAe,UAAU,GAAG;AACrC;AAQO,SAAS,mBAAmB,KAAiB,KAA6B;AAC/E,SAAO,KAAK,QAAQ,KAAK,GAAG;AAC9B;AASO,SAAS,qBACd,KACA,KACA,KACS;AACT,QAAM,WAAW,mBAAmB,KAAK,GAAG;AAC5C,SAAO,eAAe,UAAU,GAAG;AACrC;AAUA,eAAsB,4BACpB,SACA,KACiB;AACjB,SAAO,gCAAgC,SAAS,GAAG;AACrD;AAGO,SAAS,gCACd,SACA,KACQ;AACR,QAAM,WAAW,aAAa,OAAO;AACrC,SAAO,eAAe,mBAAmB,UAAU,GAAG,CAAC;AACzD;AASA,eAAsB,gCACpB,SACA,MACiB;AACjB,SAAO,oCAAoC,SAAS,IAAI;AAC1D;AAGO,SAAS,oCACd,SACA,MACQ;AACR,SAAO,gCAAgC,SAAS,aAAa,KAAK,UAAU,IAAI,CAAC,CAAC;AACpF;",
  "names": []
}