{
  "version": 3,
  "sources": ["../src/helpers/hex-to-bytes.ts", "../src/constants.ts", "../src/helpers/validators.ts", "../src/random.ts"],
  "sourcesContent": ["/**\n * Hex string \u2192 byte values `0..255`. Odd length implies a leading `0` nibble (unlike {@link hexToBuffer}).\n *\n * @param hex Contiguous hex digits (no `0x` stripping).\n * @returns `number[]` of byte values.\n */\nexport function hexToBytes(hex: string): number[] {\n  const clean = hex.length % 2 ? `0${hex}` : hex;\n  const out: number[] = [];\n  for (let i = 0; i < clean.length; i += 2) {\n    out.push(Number.parseInt(clean.slice(i, i + 2), 16));\n  }\n  return out;\n}\n", "import { hexToBytes } from \"./helpers/hex-to-bytes\";\n\nexport const HEX_ENC = \"hex\";\nexport const UTF8_ENC = \"utf8\";\nexport const BINARY_ENC = \"binary\";\n\nexport const ENCRYPT_OP = \"encrypt\";\nexport const DECRYPT_OP = \"decrypt\";\n\nexport const SIGN_OP = \"sign\";\nexport const VERIFY_OP = \"verify\";\n\nexport const LENGTH_0 = 0;\nexport const LENGTH_1 = 1;\nexport const LENGTH_12 = 12;\nexport const LENGTH_16 = 16;\nexport const LENGTH_32 = 32;\nexport const LENGTH_64 = 64;\nexport const LENGTH_128 = 128;\nexport const LENGTH_256 = 256;\nexport const LENGTH_512 = 512;\nexport const LENGTH_1024 = 1024;\n\nexport const AES_LENGTH = LENGTH_256;\nexport const HMAC_LENGTH = LENGTH_256;\n\nexport const AES_BROWSER_ALGO = \"AES-CBC\";\nexport const HMAC_BROWSER_ALGO = `SHA-${AES_LENGTH}`;\nexport const HMAC_BROWSER = \"HMAC\";\n\nexport const SHA256_BROWSER_ALGO = \"SHA-256\";\nexport const SHA512_BROWSER_ALGO = \"SHA-512\";\n\nexport const AES_NODE_ALGO = `aes-${AES_LENGTH}-cbc`;\nexport const HMAC_NODE_ALGO = `sha${HMAC_LENGTH}`;\n\nexport const SHA256_NODE_ALGO = \"sha256\";\nexport const SHA512_NODE_ALGO = \"sha512\";\nexport const RIPEMD160_NODE_ALGO = \"ripemd160\";\n\nexport const PBKDF2_DIGEST_SHA256 = SHA256_NODE_ALGO;\nexport const PBKDF2_DIGEST_SHA512 = SHA512_NODE_ALGO;\n\nexport const PREFIX_LENGTH = LENGTH_1;\nexport const KEY_LENGTH = LENGTH_32;\nexport const IV_LENGTH = LENGTH_16;\nexport const AES_GCM_NONCE_LENGTH = LENGTH_12;\nexport const AES_GCM_ENVELOPE_NONCE_MAX_LENGTH = LENGTH_128;\nexport const AES_GCM_TAG_LENGTH = LENGTH_16;\nexport const MAC_LENGTH = LENGTH_32;\nexport const DECOMPRESSED_LENGTH = LENGTH_64;\n\nexport const PREFIXED_KEY_LENGTH = KEY_LENGTH + PREFIX_LENGTH;\nexport const PREFIXED_DECOMPRESSED_LENGTH = DECOMPRESSED_LENGTH + PREFIX_LENGTH;\n\nexport const ECIES_SERIALIZED_MIN_LENGTH =\n  IV_LENGTH + PREFIXED_KEY_LENGTH + MAC_LENGTH;\n\nexport const MAX_KEY_LENGTH = LENGTH_1024;\nexport const PBKDF2_DEFAULT_ITERATIONS = 210_000;\nexport const MAX_MSG_LENGTH = LENGTH_32;\n\nexport const EMPTY_BUFFER = new Uint8Array(LENGTH_0);\n\nexport const EC_GROUP_ORDER = new Uint8Array(\n  hexToBytes(\n    \"fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141\"\n  )\n);\n\nexport const ZERO32 = new Uint8Array(LENGTH_32).fill(LENGTH_0);\n\nexport const ERROR_BAD_MAC = \"Bad MAC\";\nexport const ERROR_BAD_SIGNATURE = \"Bad signature\";\nexport const ERROR_BAD_PRIVATE_KEY = \"Bad private key\";\nexport const ERROR_BAD_PUBLIC_KEY = \"Bad public key\";\nexport const ERROR_ECIES_SERIALIZED_LENGTH =\n  \"ECIES deserialize: buffer shorter than minimum serialized length\";\n\nexport const ERROR_EMPTY_MESSAGE = \"Message should not be empty\";\nexport const ERROR_MESSAGE_TOO_LONG = \"Message is too long\";\n\nexport const ERROR_BAD_EPHEM_PRIVATE_KEY = \"Invalid ephemeral private key\";\n\nexport const ERROR_AES_IV_LENGTH = \"AES-CBC: IV must be 16 bytes\";\nexport const ERROR_AES_KEY_LENGTH = \"AES-CBC: key must be 32 bytes\";\n\nexport const ERROR_AES_GCM_KEY_LENGTH =\n  \"AES-GCM: key must be 16, 24, or 32 bytes\";\nexport const ERROR_AES_GCM_NONCE_LENGTH =\n  \"AES-GCM: nonce must be at least 8 bytes\";\nexport const ERROR_AES_GCM_CIPHERTEXT_LENGTH =\n  \"AES-GCM: ciphertext must be longer than the authentication tag\";\n", "import {\n  EC_GROUP_ORDER,\n  ERROR_BAD_PRIVATE_KEY,\n  ERROR_BAD_PUBLIC_KEY,\n  ERROR_EMPTY_MESSAGE,\n  ERROR_MESSAGE_TOO_LONG,\n  KEY_LENGTH,\n  LENGTH_0,\n  MAX_KEY_LENGTH,\n  MAX_MSG_LENGTH,\n  PREFIXED_DECOMPRESSED_LENGTH,\n  PREFIXED_KEY_LENGTH,\n  ZERO32,\n} from \"../constants\";\n\n/**\n * Asserts a condition and throws when it fails.\n * @param condition Condition to evaluate.\n * @param message Error message when condition fails.\n */\nexport function assert(condition: boolean, message: string): void {\n  if (!condition) {\n    throw new Error(message || \"Assertion failed\");\n  }\n}\n\n/**\n * Checks whether input is a 32-byte scalar.\n * @param x Input bytes.\n * @returns True when input is a scalar.\n */\nexport function isScalar(x: Uint8Array): boolean {\n  return x instanceof Uint8Array && x.length === 32;\n}\n\n/**\n * Validates a secp256k1 private key range.\n * @param privateKey Private key bytes.\n * @returns True when key is valid.\n */\nexport function isValidPrivateKey(privateKey: Uint8Array): boolean {\n  if (!isScalar(privateKey)) {\n    return false;\n  }\n  return (\n    compareBuffers(privateKey, ZERO32) > 0 &&\n    compareBuffers(privateKey, EC_GROUP_ORDER) < 0\n  );\n}\n\n/**\n * Compares two byte arrays lexicographically.\n * @param a First byte array.\n * @param b Second byte array.\n * @returns -1, 0, or 1 depending on comparison result.\n */\nexport function compareBuffers(a: Uint8Array, b: Uint8Array): number {\n  const len = Math.max(a.length, b.length);\n  for (let i = 0; i < len; i++) {\n    const av = a[i] ?? 0;\n    const bv = b[i] ?? 0;\n    if (av !== bv) {\n      return av < bv ? -1 : 1;\n    }\n  }\n  return 0;\n}\n\n/**\n * Compares two byte arrays in constant time.\n * @param b1 First byte array.\n * @param b2 Second byte array.\n * @returns True when arrays are equal.\n */\nexport function equalConstTime(b1: Uint8Array, b2: Uint8Array): boolean {\n  if (b1.length !== b2.length) {\n    return false;\n  }\n  let res = 0;\n  for (let i = 0; i < b1.length; i++) {\n    res |= b1[i] ^ b2[i];\n  }\n  return res === 0;\n}\n\n/**\n * Validates random key length constraints.\n * @param length Requested length.\n * @returns True when length is valid.\n */\nexport function isValidKeyLength(length: number): boolean {\n  return !(\n    length <= LENGTH_0 ||\n    length > MAX_KEY_LENGTH ||\n    Number.parseInt(String(length), 10) !== length\n  );\n}\n\n/**\n * Validates a private key and throws when invalid.\n * @param privateKey Private key bytes.\n */\nexport function checkPrivateKey(privateKey: Uint8Array): void {\n  assert(privateKey.length === KEY_LENGTH, ERROR_BAD_PRIVATE_KEY);\n  assert(isValidPrivateKey(privateKey), ERROR_BAD_PRIVATE_KEY);\n}\n\n/**\n * Validates a public key and throws when invalid.\n * @param publicKey Public key bytes.\n */\nexport function checkPublicKey(publicKey: Uint8Array): void {\n  assert(\n    publicKey.length === PREFIXED_DECOMPRESSED_LENGTH ||\n      publicKey.length === PREFIXED_KEY_LENGTH,\n    ERROR_BAD_PUBLIC_KEY\n  );\n  if (publicKey.length === PREFIXED_DECOMPRESSED_LENGTH) {\n    assert(publicKey[0] === 4, ERROR_BAD_PUBLIC_KEY);\n  }\n  if (publicKey.length === PREFIXED_KEY_LENGTH) {\n    assert(publicKey[0] === 2 || publicKey[0] === 3, ERROR_BAD_PUBLIC_KEY);\n  }\n}\n\n/**\n * Validates message bytes and throws when invalid.\n * @param msg Message bytes.\n */\nexport function checkMessage(msg: Uint8Array): void {\n  assert(msg.length > 0, ERROR_EMPTY_MESSAGE);\n  assert(msg.length <= MAX_MSG_LENGTH, ERROR_MESSAGE_TOO_LONG);\n}\n", "import { isValidKeyLength } from \"./helpers/validators\";\n\n/**\n * Generates cryptographically secure random bytes.\n * @param length Number of bytes to generate.\n * @returns Random bytes.\n */\nexport function randomBytes(length: number): Uint8Array {\n  if (!isValidKeyLength(length)) {\n    throw new Error(`randomBytes - invalid key length: ${length}`);\n  }\n  const out = new Uint8Array(length);\n  globalThis.crypto.getRandomValues(out);\n  return out;\n}\n"],
  "mappings": ";AAMO,SAAS,WAAW,KAAuB;AAChD,QAAM,QAAQ,IAAI,SAAS,IAAI,IAAI,GAAG,KAAK;AAC3C,QAAM,MAAgB,CAAC;AACvB,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,GAAG;AACxC,QAAI,KAAK,OAAO,SAAS,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;AAAA,EACrD;AACA,SAAO;AACT;;;ACDO,IAAM,WAAW;AACjB,IAAM,WAAW;AAEjB,IAAM,YAAY;AAClB,IAAM,YAAY;AAClB,IAAM,YAAY;AAElB,IAAM,aAAa;AAEnB,IAAM,cAAc;AAEpB,IAAM,aAAa;AACnB,IAAM,cAAc;AAGpB,IAAM,oBAAoB,OAAO,UAAU;AAM3C,IAAM,gBAAgB,OAAO,UAAU;AACvC,IAAM,iBAAiB,MAAM,WAAW;AASxC,IAAM,gBAAgB;AACtB,IAAM,aAAa;AACnB,IAAM,YAAY;AAIlB,IAAM,aAAa;AACnB,IAAM,sBAAsB;AAE5B,IAAM,sBAAsB,aAAa;AACzC,IAAM,+BAA+B,sBAAsB;AAE3D,IAAM,8BACX,YAAY,sBAAsB;AAE7B,IAAM,iBAAiB;AAIvB,IAAM,eAAe,IAAI,WAAW,QAAQ;AAE5C,IAAM,iBAAiB,IAAI;AAAA,EAChC;AAAA,IACE;AAAA,EACF;AACF;AAEO,IAAM,SAAS,IAAI,WAAW,SAAS,EAAE,KAAK,QAAQ;;;ACoBtD,SAAS,iBAAiB,QAAyB;AACxD,SAAO,EACL,UAAU,YACV,SAAS,kBACT,OAAO,SAAS,OAAO,MAAM,GAAG,EAAE,MAAM;AAE5C;;;ACzFO,SAAS,YAAY,QAA4B;AACtD,MAAI,CAAC,iBAAiB,MAAM,GAAG;AAC7B,UAAM,IAAI,MAAM,qCAAqC,MAAM,EAAE;AAAA,EAC/D;AACA,QAAM,MAAM,IAAI,WAAW,MAAM;AACjC,aAAW,OAAO,gBAAgB,GAAG;AACrC,SAAO;AACT;",
  "names": []
}