pub fn transcript_hash(client_hello: &[u8], server_challenge: &[u8]) -> [u8; 32]Expand description
Computes the handshake transcript hash.
The hash is:
SHA256( DOMAIN
|| le_u64(client_hello.len()) || client_hello
|| le_u64(server_challenge.len()) || server_challenge )where DOMAIN = b"sealed-channel v1 transcript" and the lengths are encoded
as little-endian u64. Length-prefixing makes the concatenation
unambiguous, so every field inside either message — versions,
capabilities, nonces, public keys — is cryptographically bound.
CRITICAL: this hashes the exact bytes passed in. Callers must pass the precise bytes that appeared on the wire and must never re-serialize, since a re-serialization could differ from what the peer actually saw.