@noble/curves
Advanced tools
Comparing version 0.3.1 to 0.3.2
@@ -1,8 +0,5 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.crypto = void 0; | ||
const nodeCrypto = require("crypto"); | ||
exports.crypto = { | ||
import * as nodeCrypto from 'crypto'; | ||
export const crypto = { | ||
node: nodeCrypto, | ||
web: undefined, | ||
}; |
@@ -1,7 +0,4 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.crypto = void 0; | ||
exports.crypto = { | ||
export const crypto = { | ||
node: undefined, | ||
web: typeof self === 'object' && 'crypto' in self ? self.crypto : undefined, | ||
}; |
@@ -1,2 +0,2 @@ | ||
import { CurveType, CHash } from '../weierstrass'; | ||
import { CurveType, CHash } from '../weierstrass.js'; | ||
export declare function getHash(hash: CHash): { | ||
@@ -8,3 +8,3 @@ hash: CHash; | ||
export declare function createCurve(curveDef: CurveDef, defHash: CHash): Readonly<{ | ||
create: (hash: CHash) => import("../weierstrass").CurveFn; | ||
create: (hash: CHash) => import("../weierstrass.js").CurveFn; | ||
CURVE: Readonly<{ | ||
@@ -23,6 +23,6 @@ readonly nBitLength: number; | ||
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array; | ||
randomBytes: typeof import("../utils").randomBytes; | ||
randomBytes: typeof import("../utils.js").randomBytes; | ||
readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined; | ||
readonly sqrtMod?: ((n: bigint) => bigint) | undefined; | ||
readonly normalizePrivateKey?: ((key: import("../utils").PrivKey) => import("../utils").PrivKey) | undefined; | ||
readonly normalizePrivateKey?: ((key: import("../utils.js").PrivKey) => import("../utils.js").PrivKey) | undefined; | ||
readonly endo?: { | ||
@@ -38,14 +38,14 @@ beta: bigint; | ||
}>; | ||
getPublicKey: (privateKey: import("../utils").PrivKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
getSharedSecret: (privateA: import("../utils").PrivKey, publicB: import("../weierstrass").PubKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
sign: (msgHash: import("../utils").Hex, privKey: import("../utils").PrivKey, opts?: { | ||
getPublicKey: (privateKey: import("../utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
getSharedSecret: (privateA: import("../utils.js").PrivKey, publicB: import("../weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
sign: (msgHash: import("../utils.js").Hex, privKey: import("../utils.js").PrivKey, opts?: { | ||
lowS?: boolean | undefined; | ||
extraEntropy?: (true | import("../utils").Hex) | undefined; | ||
} | undefined) => import("../weierstrass").SignatureType; | ||
verify: (signature: import("../utils").Hex | import("../weierstrass").SignatureType, msgHash: import("../utils").Hex, publicKey: import("../weierstrass").PubKey, opts?: { | ||
extraEntropy?: (true | import("../utils.js").Hex) | undefined; | ||
} | undefined) => import("../weierstrass.js").SignatureType; | ||
verify: (signature: import("../utils.js").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils.js").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: { | ||
lowS?: boolean | undefined; | ||
} | undefined) => boolean; | ||
Point: import("../weierstrass").PointConstructor; | ||
JacobianPoint: import("../weierstrass").JacobianPointConstructor; | ||
Signature: import("../weierstrass").SignatureConstructor; | ||
Point: import("../weierstrass.js").PointConstructor; | ||
JacobianPoint: import("../weierstrass.js").JacobianPointConstructor; | ||
Signature: import("../weierstrass.js").SignatureConstructor; | ||
utils: { | ||
@@ -56,9 +56,9 @@ mod: (a: bigint, b?: bigint | undefined) => bigint; | ||
_bigintToString: (num: bigint) => string; | ||
_normalizePrivateKey: (key: import("../utils").PrivKey) => bigint; | ||
_normalizePublicKey: (publicKey: import("../weierstrass").PubKey) => import("../weierstrass").PointType; | ||
_normalizePrivateKey: (key: import("../utils.js").PrivKey) => bigint; | ||
_normalizePublicKey: (publicKey: import("../weierstrass.js").PubKey) => import("../weierstrass.js").PointType; | ||
_isWithinCurveOrder: (num: bigint) => boolean; | ||
_isValidFieldElement: (num: bigint) => boolean; | ||
_weierstrassEquation: (x: bigint) => bigint; | ||
isValidPrivateKey(privateKey: import("../utils").PrivKey): boolean; | ||
hashToPrivateKey: (hash: import("../utils").Hex) => Uint8Array; | ||
isValidPrivateKey(privateKey: import("../utils.js").PrivKey): boolean; | ||
hashToPrivateKey: (hash: import("../utils.js").Hex) => Uint8Array; | ||
randomPrivateKey: () => Uint8Array; | ||
@@ -65,0 +65,0 @@ }; |
@@ -1,18 +0,13 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.createCurve = exports.getHash = void 0; | ||
const hmac_1 = require("@noble/hashes/hmac"); | ||
const utils_1 = require("@noble/hashes/utils"); | ||
const weierstrass_1 = require("../weierstrass"); | ||
function getHash(hash) { | ||
import { hmac } from '@noble/hashes/hmac'; | ||
import { concatBytes } from '@noble/hashes/utils'; | ||
import { weierstrass } from '../weierstrass.js'; | ||
export function getHash(hash) { | ||
return { | ||
hash, | ||
hmac: (key, ...msgs) => (0, hmac_1.hmac)(hash, key, (0, utils_1.concatBytes)(...msgs)), | ||
hmac: (key, ...msgs) => hmac(hash, key, concatBytes(...msgs)), | ||
}; | ||
} | ||
exports.getHash = getHash; | ||
function createCurve(curveDef, defHash) { | ||
const create = (hash) => (0, weierstrass_1.weierstrass)({ ...curveDef, ...getHash(hash) }); | ||
export function createCurve(curveDef, defHash) { | ||
const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) }); | ||
return Object.freeze({ ...create(defHash), create }); | ||
} | ||
exports.createCurve = createCurve; |
@@ -7,2 +7,2 @@ /** | ||
*/ | ||
export declare const bn254: import("../weierstrass").CurveFn; | ||
export declare const bn254: import("../weierstrass.js").CurveFn; |
@@ -1,8 +0,5 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.bn254 = void 0; | ||
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const weierstrass_1 = require("../weierstrass"); | ||
const sha256_1 = require("@noble/hashes/sha256"); | ||
const _shortw_utils_js_1 = require("./_shortw_utils.js"); | ||
import { weierstrass } from '../weierstrass.js'; | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
import { getHash } from './_shortw_utils.js'; | ||
/** | ||
@@ -14,3 +11,3 @@ * bn254 pairing-friendly curve. | ||
*/ | ||
exports.bn254 = (0, weierstrass_1.weierstrass)({ | ||
export const bn254 = weierstrass({ | ||
a: BigInt(0), | ||
@@ -23,3 +20,3 @@ b: BigInt(3), | ||
h: BigInt(1), | ||
...(0, _shortw_utils_js_1.getHash)(sha256_1.sha256), | ||
...getHash(sha256), | ||
}); |
@@ -1,8 +0,8 @@ | ||
import { ExtendedPointType } from '../edwards'; | ||
import { Hex } from '../utils'; | ||
import { ExtendedPointType } from '../edwards.js'; | ||
import { Hex } from '../utils.js'; | ||
export declare const ED25519_TORSION_SUBGROUP: string[]; | ||
export declare const ed25519: import("../edwards").CurveFn; | ||
export declare const ed25519ctx: import("../edwards").CurveFn; | ||
export declare const ed25519ph: import("../edwards").CurveFn; | ||
export declare const x25519: import("../montgomery").CurveFn; | ||
export declare const ed25519: import("../edwards.js").CurveFn; | ||
export declare const ed25519ctx: import("../edwards.js").CurveFn; | ||
export declare const ed25519ph: import("../edwards.js").CurveFn; | ||
export declare const x25519: import("../montgomery.js").CurveFn; | ||
declare type ExtendedPoint = ExtendedPointType; | ||
@@ -9,0 +9,0 @@ /** |
@@ -1,11 +0,8 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.RistrettoPoint = exports.x25519 = exports.ed25519ph = exports.ed25519ctx = exports.ed25519 = exports.ED25519_TORSION_SUBGROUP = void 0; | ||
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const sha512_1 = require("@noble/hashes/sha512"); | ||
const utils_1 = require("@noble/hashes/utils"); | ||
const edwards_1 = require("../edwards"); | ||
const montgomery_1 = require("../montgomery"); | ||
const modular_1 = require("../modular"); | ||
const utils_2 = require("../utils"); | ||
import { sha512 } from '@noble/hashes/sha512'; | ||
import { concatBytes, utf8ToBytes } from '@noble/hashes/utils'; | ||
import { twistedEdwards } from '../edwards.js'; | ||
import { montgomery } from '../montgomery.js'; | ||
import { mod, pow2, isNegativeLE } from '../modular.js'; | ||
import { ensureBytes, equalBytes, bytesToHex, bytesToNumberLE, numberToBytesLE, } from '../utils.js'; | ||
/** | ||
@@ -28,12 +25,12 @@ * ed25519 Twisted Edwards curve with following addons: | ||
const b2 = (x2 * x) % P; // x^3, 11 | ||
const b4 = ((0, modular_1.pow2)(b2, _2n, P) * b2) % P; // x^15, 1111 | ||
const b5 = ((0, modular_1.pow2)(b4, _1n, P) * x) % P; // x^31 | ||
const b10 = ((0, modular_1.pow2)(b5, _5n, P) * b5) % P; | ||
const b20 = ((0, modular_1.pow2)(b10, _10n, P) * b10) % P; | ||
const b40 = ((0, modular_1.pow2)(b20, _20n, P) * b20) % P; | ||
const b80 = ((0, modular_1.pow2)(b40, _40n, P) * b40) % P; | ||
const b160 = ((0, modular_1.pow2)(b80, _80n, P) * b80) % P; | ||
const b240 = ((0, modular_1.pow2)(b160, _80n, P) * b80) % P; | ||
const b250 = ((0, modular_1.pow2)(b240, _10n, P) * b10) % P; | ||
const pow_p_5_8 = ((0, modular_1.pow2)(b250, _2n, P) * x) % P; | ||
const b4 = (pow2(b2, _2n, P) * b2) % P; // x^15, 1111 | ||
const b5 = (pow2(b4, _1n, P) * x) % P; // x^31 | ||
const b10 = (pow2(b5, _5n, P) * b5) % P; | ||
const b20 = (pow2(b10, _10n, P) * b10) % P; | ||
const b40 = (pow2(b20, _20n, P) * b20) % P; | ||
const b80 = (pow2(b40, _40n, P) * b40) % P; | ||
const b160 = (pow2(b80, _80n, P) * b80) % P; | ||
const b240 = (pow2(b160, _80n, P) * b80) % P; | ||
const b250 = (pow2(b240, _10n, P) * b10) % P; | ||
const pow_p_5_8 = (pow2(b250, _2n, P) * x) % P; | ||
// ^ To pow to (p+3)/8, multiply it by x. | ||
@@ -58,13 +55,13 @@ return { pow_p_5_8, b2 }; | ||
const P = ED25519_P; | ||
const v3 = (0, modular_1.mod)(v * v * v, P); // v³ | ||
const v7 = (0, modular_1.mod)(v3 * v3 * v, P); // v⁷ | ||
const v3 = mod(v * v * v, P); // v³ | ||
const v7 = mod(v3 * v3 * v, P); // v⁷ | ||
// (p+3)/8 and (p-5)/8 | ||
const pow = ed25519_pow_2_252_3(u * v7).pow_p_5_8; | ||
let x = (0, modular_1.mod)(u * v3 * pow, P); // (uv³)(uv⁷)^(p-5)/8 | ||
const vx2 = (0, modular_1.mod)(v * x * x, P); // vx² | ||
let x = mod(u * v3 * pow, P); // (uv³)(uv⁷)^(p-5)/8 | ||
const vx2 = mod(v * x * x, P); // vx² | ||
const root1 = x; // First root candidate | ||
const root2 = (0, modular_1.mod)(x * ED25519_SQRT_M1, P); // Second root candidate | ||
const root2 = mod(x * ED25519_SQRT_M1, P); // Second root candidate | ||
const useRoot1 = vx2 === u; // If vx² = u (mod p), x is a square root | ||
const useRoot2 = vx2 === (0, modular_1.mod)(-u, P); // If vx² = -u, set x <-- x * 2^((p-1)/4) | ||
const noRoot = vx2 === (0, modular_1.mod)(-u * ED25519_SQRT_M1, P); // There is no valid root, vx² = -u√(-1) | ||
const useRoot2 = vx2 === mod(-u, P); // If vx² = -u, set x <-- x * 2^((p-1)/4) | ||
const noRoot = vx2 === mod(-u * ED25519_SQRT_M1, P); // There is no valid root, vx² = -u√(-1) | ||
if (useRoot1) | ||
@@ -74,8 +71,8 @@ x = root1; | ||
x = root2; // We return root2 anyway, for const-time | ||
if ((0, modular_1.isNegativeLE)(x, P)) | ||
x = (0, modular_1.mod)(-x, P); | ||
if (isNegativeLE(x, P)) | ||
x = mod(-x, P); | ||
return { isValid: useRoot1 || useRoot2, value: x }; | ||
} | ||
// Just in case | ||
exports.ED25519_TORSION_SUBGROUP = [ | ||
export const ED25519_TORSION_SUBGROUP = [ | ||
'0100000000000000000000000000000000000000000000000000000000000000', | ||
@@ -106,3 +103,3 @@ 'c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac037a', | ||
Gy: BigInt('46316835694926478169428394003475163141307993866256225615783033603165251855960'), | ||
hash: sha512_1.sha512, | ||
hash: sha512, | ||
adjustScalarBytes, | ||
@@ -114,15 +111,15 @@ // dom2 | ||
}; | ||
exports.ed25519 = (0, edwards_1.twistedEdwards)(ED25519_DEF); | ||
export const ed25519 = twistedEdwards(ED25519_DEF); | ||
function ed25519_domain(data, ctx, phflag) { | ||
if (ctx.length > 255) | ||
throw new Error('Context is too big'); | ||
return (0, utils_1.concatBytes)((0, utils_1.utf8ToBytes)('SigEd25519 no Ed25519 collisions'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data); | ||
return concatBytes(utf8ToBytes('SigEd25519 no Ed25519 collisions'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data); | ||
} | ||
exports.ed25519ctx = (0, edwards_1.twistedEdwards)({ ...ED25519_DEF, domain: ed25519_domain }); | ||
exports.ed25519ph = (0, edwards_1.twistedEdwards)({ | ||
export const ed25519ctx = twistedEdwards({ ...ED25519_DEF, domain: ed25519_domain }); | ||
export const ed25519ph = twistedEdwards({ | ||
...ED25519_DEF, | ||
domain: ed25519_domain, | ||
preHash: sha512_1.sha512, | ||
preHash: sha512, | ||
}); | ||
exports.x25519 = (0, montgomery_1.montgomery)({ | ||
export const x25519 = montgomery({ | ||
P: ED25519_P, | ||
@@ -137,3 +134,3 @@ a24: BigInt('121665'), | ||
const { pow_p_5_8, b2 } = ed25519_pow_2_252_3(x); | ||
return (0, modular_1.mod)((0, modular_1.pow2)(pow_p_5_8, BigInt(3), P) * b2, P); | ||
return mod(pow2(pow_p_5_8, BigInt(3), P) * b2, P); | ||
}, | ||
@@ -159,3 +156,3 @@ adjustScalarBytes, | ||
const MAX_255B = BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'); | ||
const bytes255ToNumberLE = (bytes) => exports.ed25519.utils.mod((0, utils_2.bytesToNumberLE)(bytes) & MAX_255B); | ||
const bytes255ToNumberLE = (bytes) => ed25519.utils.mod(bytesToNumberLE(bytes) & MAX_255B); | ||
/** | ||
@@ -168,3 +165,3 @@ * Each ed25519/ExtendedPoint has 8 different equivalent points. This can be | ||
*/ | ||
class RistrettoPoint { | ||
export class RistrettoPoint { | ||
// Private property to discourage combining ExtendedPoint + RistrettoPoint | ||
@@ -178,4 +175,4 @@ // Always use Ristretto encoding/decoding instead. | ||
static calcElligatorRistrettoMap(r0) { | ||
const { d, P } = exports.ed25519.CURVE; | ||
const { mod } = exports.ed25519.utils; | ||
const { d, P } = ed25519.CURVE; | ||
const { mod } = ed25519.utils; | ||
const r = mod(SQRT_M1 * r0 * r0); // 1 | ||
@@ -187,3 +184,3 @@ const Ns = mod((r + _1n) * ONE_MINUS_D_SQ); // 2 | ||
let s_ = mod(s * r0); // 6 | ||
if (!(0, modular_1.isNegativeLE)(s_, P)) | ||
if (!isNegativeLE(s_, P)) | ||
s_ = mod(-s_); | ||
@@ -200,3 +197,3 @@ if (!Ns_D_is_sq) | ||
const W3 = mod(_1n + s2); // 13 | ||
return new exports.ed25519.ExtendedPoint(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2)); | ||
return new ed25519.ExtendedPoint(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2)); | ||
} | ||
@@ -211,3 +208,3 @@ /** | ||
static hashToCurve(hex) { | ||
hex = (0, utils_2.ensureBytes)(hex, 64); | ||
hex = ensureBytes(hex, 64); | ||
const r1 = bytes255ToNumberLE(hex.slice(0, 32)); | ||
@@ -225,5 +222,5 @@ const R1 = this.calcElligatorRistrettoMap(r1); | ||
static fromHex(hex) { | ||
hex = (0, utils_2.ensureBytes)(hex, 32); | ||
const { a, d, P } = exports.ed25519.CURVE; | ||
const { mod } = exports.ed25519.utils; | ||
hex = ensureBytes(hex, 32); | ||
const { a, d, P } = ed25519.CURVE; | ||
const { mod } = ed25519.utils; | ||
const emsg = 'RistrettoPoint.fromHex: the hex is not valid encoding of RistrettoPoint'; | ||
@@ -233,3 +230,3 @@ const s = bytes255ToNumberLE(hex); | ||
// 3. Check that s is non-negative, or else abort | ||
if (!(0, utils_2.equalBytes)((0, utils_2.numberToBytesLE)(s, 32), hex) || (0, modular_1.isNegativeLE)(s, P)) | ||
if (!equalBytes(numberToBytesLE(s, 32), hex) || isNegativeLE(s, P)) | ||
throw new Error(emsg); | ||
@@ -246,9 +243,9 @@ const s2 = mod(s * s); | ||
let x = mod((s + s) * Dx); // 10 | ||
if ((0, modular_1.isNegativeLE)(x, P)) | ||
if (isNegativeLE(x, P)) | ||
x = mod(-x); // 10 | ||
const y = mod(u1 * Dy); // 11 | ||
const t = mod(x * y); // 12 | ||
if (!isValid || (0, modular_1.isNegativeLE)(t, P) || y === _0n) | ||
if (!isValid || isNegativeLE(t, P) || y === _0n) | ||
throw new Error(emsg); | ||
return new RistrettoPoint(new exports.ed25519.ExtendedPoint(x, y, _1n, t)); | ||
return new RistrettoPoint(new ed25519.ExtendedPoint(x, y, _1n, t)); | ||
} | ||
@@ -261,4 +258,4 @@ /** | ||
let { x, y, z, t } = this.ep; | ||
const { P } = exports.ed25519.CURVE; | ||
const { mod } = exports.ed25519.utils; | ||
const { P } = ed25519.CURVE; | ||
const { mod } = ed25519.utils; | ||
const u1 = mod(mod(z + y) * mod(z - y)); // 1 | ||
@@ -273,3 +270,3 @@ const u2 = mod(x * y); // 2 | ||
let D; // 7 | ||
if ((0, modular_1.isNegativeLE)(t * zInv, P)) { | ||
if (isNegativeLE(t * zInv, P)) { | ||
let _x = mod(y * SQRT_M1); | ||
@@ -284,11 +281,11 @@ let _y = mod(x * SQRT_M1); | ||
} | ||
if ((0, modular_1.isNegativeLE)(x * zInv, P)) | ||
if (isNegativeLE(x * zInv, P)) | ||
y = mod(-y); // 9 | ||
let s = mod((z - y) * D); // 10 (check footer's note, no sqrt(-a)) | ||
if ((0, modular_1.isNegativeLE)(s, P)) | ||
if (isNegativeLE(s, P)) | ||
s = mod(-s); | ||
return (0, utils_2.numberToBytesLE)(s, 32); // 11 | ||
return numberToBytesLE(s, 32); // 11 | ||
} | ||
toHex() { | ||
return (0, utils_2.bytesToHex)(this.toRawBytes()); | ||
return bytesToHex(this.toRawBytes()); | ||
} | ||
@@ -303,3 +300,3 @@ toString() { | ||
const b = other.ep; | ||
const { mod } = exports.ed25519.utils; | ||
const { mod } = ed25519.utils; | ||
// (x1 * y2 == y1 * x2) | (y1 * y2 == x1 * x2) | ||
@@ -325,4 +322,3 @@ const one = mod(a.x * b.y) === mod(a.y * b.x); | ||
} | ||
exports.RistrettoPoint = RistrettoPoint; | ||
RistrettoPoint.BASE = new RistrettoPoint(exports.ed25519.ExtendedPoint.BASE); | ||
RistrettoPoint.ZERO = new RistrettoPoint(exports.ed25519.ExtendedPoint.ZERO); | ||
RistrettoPoint.BASE = new RistrettoPoint(ed25519.ExtendedPoint.BASE); | ||
RistrettoPoint.ZERO = new RistrettoPoint(ed25519.ExtendedPoint.ZERO); |
@@ -1,3 +0,3 @@ | ||
export declare const ed448: import("../edwards").CurveFn; | ||
export declare const ed448ph: import("../edwards").CurveFn; | ||
export declare const x448: import("../montgomery").CurveFn; | ||
export declare const ed448: import("../edwards.js").CurveFn; | ||
export declare const ed448ph: import("../edwards.js").CurveFn; | ||
export declare const x448: import("../montgomery.js").CurveFn; |
@@ -1,10 +0,7 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.x448 = exports.ed448ph = exports.ed448 = void 0; | ||
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const sha3_1 = require("@noble/hashes/sha3"); | ||
const utils_1 = require("@noble/hashes/utils"); | ||
const edwards_1 = require("../edwards"); | ||
const modular_1 = require("../modular"); | ||
const montgomery_1 = require("../montgomery"); | ||
import { shake256 } from '@noble/hashes/sha3'; | ||
import { concatBytes, utf8ToBytes, wrapConstructor } from '@noble/hashes/utils'; | ||
import { twistedEdwards } from '../edwards.js'; | ||
import { mod, pow2 } from '../modular.js'; | ||
import { montgomery } from '../montgomery.js'; | ||
/** | ||
@@ -15,4 +12,4 @@ * Edwards448 (not Ed448-Goldilocks) curve with following addons: | ||
*/ | ||
const shake256_114 = (0, utils_1.wrapConstructor)(() => sha3_1.shake256.create({ dkLen: 114 })); | ||
const shake256_64 = (0, utils_1.wrapConstructor)(() => sha3_1.shake256.create({ dkLen: 64 })); | ||
const shake256_114 = wrapConstructor(() => shake256.create({ dkLen: 114 })); | ||
const shake256_64 = wrapConstructor(() => shake256.create({ dkLen: 64 })); | ||
const ed448P = BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439'); | ||
@@ -29,13 +26,13 @@ // powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4. | ||
const b3 = (b2 * b2 * x) % P; | ||
const b6 = ((0, modular_1.pow2)(b3, _3n, P) * b3) % P; | ||
const b9 = ((0, modular_1.pow2)(b6, _3n, P) * b3) % P; | ||
const b11 = ((0, modular_1.pow2)(b9, _2n, P) * b2) % P; | ||
const b22 = ((0, modular_1.pow2)(b11, _11n, P) * b11) % P; | ||
const b44 = ((0, modular_1.pow2)(b22, _22n, P) * b22) % P; | ||
const b88 = ((0, modular_1.pow2)(b44, _44n, P) * b44) % P; | ||
const b176 = ((0, modular_1.pow2)(b88, _88n, P) * b88) % P; | ||
const b220 = ((0, modular_1.pow2)(b176, _44n, P) * b44) % P; | ||
const b222 = ((0, modular_1.pow2)(b220, _2n, P) * b2) % P; | ||
const b223 = ((0, modular_1.pow2)(b222, _1n, P) * x) % P; | ||
return ((0, modular_1.pow2)(b223, _223n, P) * b222) % P; | ||
const b6 = (pow2(b3, _3n, P) * b3) % P; | ||
const b9 = (pow2(b6, _3n, P) * b3) % P; | ||
const b11 = (pow2(b9, _2n, P) * b2) % P; | ||
const b22 = (pow2(b11, _11n, P) * b11) % P; | ||
const b44 = (pow2(b22, _22n, P) * b22) % P; | ||
const b88 = (pow2(b44, _44n, P) * b44) % P; | ||
const b176 = (pow2(b88, _88n, P) * b88) % P; | ||
const b220 = (pow2(b176, _44n, P) * b44) % P; | ||
const b222 = (pow2(b220, _2n, P) * b2) % P; | ||
const b223 = (pow2(b222, _1n, P) * x) % P; | ||
return (pow2(b223, _223n, P) * b222) % P; | ||
} | ||
@@ -74,3 +71,3 @@ function adjustScalarBytes(bytes) { | ||
throw new Error(`Context is too big: ${ctx.length}`); | ||
return (0, utils_1.concatBytes)((0, utils_1.utf8ToBytes)('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data); | ||
return concatBytes(utf8ToBytes('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data); | ||
}, | ||
@@ -88,18 +85,18 @@ // Constant-time ratio of u to v. Allows to combine inversion and square root u/√v. | ||
// x = (u/v) = u v (u^5 v^3) (mod p) | ||
const u2v = (0, modular_1.mod)(u * u * v, P); | ||
const u3v = (0, modular_1.mod)(u2v * u, P); // u^2v | ||
const u5v3 = (0, modular_1.mod)(u3v * u2v * v, P); // u^5v^3 | ||
const u2v = mod(u * u * v, P); | ||
const u3v = mod(u2v * u, P); // u^2v | ||
const u5v3 = mod(u3v * u2v * v, P); // u^5v^3 | ||
const root = ed448_pow_Pminus3div4(u5v3); | ||
const x = (0, modular_1.mod)(u3v * root, P); | ||
const x = mod(u3v * root, P); | ||
// Verify that root is exists | ||
const x2 = (0, modular_1.mod)(x * x, P); // x^2 | ||
const x2 = mod(x * x, P); // x^2 | ||
// If v * x^2 = u, the recovered x-coordinate is x. Otherwise, no | ||
// square root exists, and the decoding fails. | ||
return { isValid: (0, modular_1.mod)(x2 * v, P) === u, value: x }; | ||
return { isValid: mod(x2 * v, P) === u, value: x }; | ||
}, | ||
}; | ||
exports.ed448 = (0, edwards_1.twistedEdwards)(ED448_DEF); | ||
export const ed448 = twistedEdwards(ED448_DEF); | ||
// NOTE: there is no ed448ctx, since ed448 supports ctx by default | ||
exports.ed448ph = (0, edwards_1.twistedEdwards)({ ...ED448_DEF, preHash: shake256_64 }); | ||
exports.x448 = (0, montgomery_1.montgomery)({ | ||
export const ed448ph = twistedEdwards({ ...ED448_DEF, preHash: shake256_64 }); | ||
export const x448 = montgomery({ | ||
a24: BigInt(39081), | ||
@@ -113,4 +110,4 @@ montgomeryBits: 448, | ||
const Pminus3div4 = ed448_pow_Pminus3div4(x); | ||
const Pminus3 = (0, modular_1.pow2)(Pminus3div4, BigInt(2), P); | ||
return (0, modular_1.mod)(Pminus3 * x, P); // Pminus3 * x = Pminus2 | ||
const Pminus3 = pow2(Pminus3div4, BigInt(2), P); | ||
return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2 | ||
}, | ||
@@ -117,0 +114,0 @@ adjustScalarBytes, |
@@ -5,4 +5,4 @@ /** | ||
*/ | ||
export declare const jubjub: import("../edwards").CurveFn; | ||
export declare function groupHash(tag: Uint8Array, personalization: Uint8Array): import("../edwards").ExtendedPointType; | ||
export declare function findGroupHash(m: Uint8Array, personalization: Uint8Array): import("../edwards").ExtendedPointType; | ||
export declare const jubjub: import("../edwards.js").CurveFn; | ||
export declare function groupHash(tag: Uint8Array, personalization: Uint8Array): import("../edwards.js").ExtendedPointType; | ||
export declare function findGroupHash(m: Uint8Array, personalization: Uint8Array): import("../edwards.js").ExtendedPointType; |
@@ -1,9 +0,6 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.findGroupHash = exports.groupHash = exports.jubjub = void 0; | ||
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const sha256_1 = require("@noble/hashes/sha256"); | ||
const utils_1 = require("@noble/hashes/utils"); | ||
const edwards_1 = require("../edwards"); | ||
const blake2s_1 = require("@noble/hashes/blake2s"); | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
import { concatBytes, utf8ToBytes } from '@noble/hashes/utils'; | ||
import { twistedEdwards } from '../edwards.js'; | ||
import { blake2s } from '@noble/hashes/blake2s'; | ||
/** | ||
@@ -13,3 +10,3 @@ * jubjub Twisted Edwards curve. | ||
*/ | ||
exports.jubjub = (0, edwards_1.twistedEdwards)({ | ||
export const jubjub = twistedEdwards({ | ||
// Params: a, d | ||
@@ -28,21 +25,20 @@ a: BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000'), | ||
Gy: BigInt('0x1d523cf1ddab1a1793132e78c866c0c33e26ba5cc220fed7cc3f870e59d292aa'), | ||
hash: sha256_1.sha256, | ||
hash: sha256, | ||
}); | ||
const GH_FIRST_BLOCK = (0, utils_1.utf8ToBytes)('096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0'); | ||
const GH_FIRST_BLOCK = utf8ToBytes('096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0'); | ||
// Returns point at JubJub curve which is prime order and not zero | ||
function groupHash(tag, personalization) { | ||
const h = blake2s_1.blake2s.create({ personalization, dkLen: 32 }); | ||
export function groupHash(tag, personalization) { | ||
const h = blake2s.create({ personalization, dkLen: 32 }); | ||
h.update(GH_FIRST_BLOCK); | ||
h.update(tag); | ||
// NOTE: returns ExtendedPoint, in case it will be multiplied later | ||
let p = exports.jubjub.ExtendedPoint.fromAffine(exports.jubjub.Point.fromHex(h.digest())); | ||
let p = jubjub.ExtendedPoint.fromAffine(jubjub.Point.fromHex(h.digest())); | ||
// NOTE: cannot replace with isSmallOrder, returns Point*8 | ||
p = p.multiply(exports.jubjub.CURVE.h); | ||
if (p.equals(exports.jubjub.ExtendedPoint.ZERO)) | ||
p = p.multiply(jubjub.CURVE.h); | ||
if (p.equals(jubjub.ExtendedPoint.ZERO)) | ||
throw new Error('Point has small order'); | ||
return p; | ||
} | ||
exports.groupHash = groupHash; | ||
function findGroupHash(m, personalization) { | ||
const tag = (0, utils_1.concatBytes)(m, new Uint8Array([0])); | ||
export function findGroupHash(m, personalization) { | ||
const tag = concatBytes(m, new Uint8Array([0])); | ||
for (let i = 0; i < 256; i++) { | ||
@@ -57,2 +53,1 @@ tag[tag.length - 1] = i; | ||
} | ||
exports.findGroupHash = findGroupHash; |
@@ -1,10 +0,7 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.secp192r1 = exports.P192 = void 0; | ||
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const _shortw_utils_js_1 = require("./_shortw_utils.js"); | ||
const sha256_1 = require("@noble/hashes/sha256"); | ||
import { createCurve } from './_shortw_utils.js'; | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
// NIST secp192r1 aka P192 | ||
// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/secg/secp192r1 | ||
exports.P192 = (0, _shortw_utils_js_1.createCurve)({ | ||
export const P192 = createCurve({ | ||
// Params: a, b | ||
@@ -22,3 +19,3 @@ a: BigInt('0xfffffffffffffffffffffffffffffffefffffffffffffffc'), | ||
lowS: false, | ||
}, sha256_1.sha256); | ||
exports.secp192r1 = exports.P192; | ||
}, sha256); | ||
export const secp192r1 = P192; |
@@ -1,10 +0,7 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.secp224r1 = exports.P224 = void 0; | ||
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const _shortw_utils_js_1 = require("./_shortw_utils.js"); | ||
const sha256_1 = require("@noble/hashes/sha256"); | ||
import { createCurve } from './_shortw_utils.js'; | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
// NIST secp224r1 aka P224 | ||
// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-224 | ||
exports.P224 = (0, _shortw_utils_js_1.createCurve)({ | ||
export const P224 = createCurve({ | ||
// Params: a, b | ||
@@ -22,4 +19,4 @@ a: BigInt('0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe'), | ||
lowS: false, | ||
}, sha256_1.sha256 // TODO: replace with sha224 when new @noble/hashes released | ||
}, sha256 // TODO: replace with sha224 when new @noble/hashes released | ||
); | ||
exports.secp224r1 = exports.P224; | ||
export const secp224r1 = P224; |
@@ -1,10 +0,7 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.secp256r1 = exports.P256 = void 0; | ||
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const _shortw_utils_js_1 = require("./_shortw_utils.js"); | ||
const sha256_1 = require("@noble/hashes/sha256"); | ||
import { createCurve } from './_shortw_utils.js'; | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
// NIST secp256r1 aka P256 | ||
// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256 | ||
exports.P256 = (0, _shortw_utils_js_1.createCurve)({ | ||
export const P256 = createCurve({ | ||
// Params: a, b | ||
@@ -22,3 +19,3 @@ a: BigInt('0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc'), | ||
lowS: false, | ||
}, sha256_1.sha256); | ||
exports.secp256r1 = exports.P256; | ||
}, sha256); | ||
export const secp256r1 = P256; |
@@ -1,11 +0,8 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.secp384r1 = exports.P384 = void 0; | ||
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const _shortw_utils_js_1 = require("./_shortw_utils.js"); | ||
const sha512_1 = require("@noble/hashes/sha512"); | ||
import { createCurve } from './_shortw_utils.js'; | ||
import { sha384 } from '@noble/hashes/sha512'; | ||
// NIST secp384r1 aka P384 | ||
// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384 | ||
// prettier-ignore | ||
exports.P384 = (0, _shortw_utils_js_1.createCurve)({ | ||
export const P384 = createCurve({ | ||
// Params: a, b | ||
@@ -23,3 +20,3 @@ a: BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc'), | ||
lowS: false, | ||
}, sha512_1.sha384); | ||
exports.secp384r1 = exports.P384; | ||
}, sha384); | ||
export const secp384r1 = P384; |
@@ -1,2 +0,2 @@ | ||
import { PrivKey } from '../utils'; | ||
import { PrivKey } from '../utils.js'; | ||
export declare const P521: Readonly<{ | ||
@@ -17,3 +17,3 @@ create: (hash: import("../weierstrass.js").CHash) => import("../weierstrass.js").CurveFn; | ||
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array; | ||
randomBytes: typeof import("../utils").randomBytes; | ||
randomBytes: typeof import("../utils.js").randomBytes; | ||
readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined; | ||
@@ -34,7 +34,7 @@ readonly sqrtMod?: ((n: bigint) => bigint) | undefined; | ||
getSharedSecret: (privateA: PrivKey, publicB: import("../weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
sign: (msgHash: import("../utils").Hex, privKey: PrivKey, opts?: { | ||
sign: (msgHash: import("../utils.js").Hex, privKey: PrivKey, opts?: { | ||
lowS?: boolean | undefined; | ||
extraEntropy?: (true | import("../utils").Hex) | undefined; | ||
extraEntropy?: (true | import("../utils.js").Hex) | undefined; | ||
} | undefined) => import("../weierstrass.js").SignatureType; | ||
verify: (signature: import("../utils").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: { | ||
verify: (signature: import("../utils.js").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils.js").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: { | ||
lowS?: boolean | undefined; | ||
@@ -56,3 +56,3 @@ } | undefined) => boolean; | ||
isValidPrivateKey(privateKey: PrivKey): boolean; | ||
hashToPrivateKey: (hash: import("../utils").Hex) => Uint8Array; | ||
hashToPrivateKey: (hash: import("../utils.js").Hex) => Uint8Array; | ||
randomPrivateKey: () => Uint8Array; | ||
@@ -76,3 +76,3 @@ }; | ||
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array; | ||
randomBytes: typeof import("../utils").randomBytes; | ||
randomBytes: typeof import("../utils.js").randomBytes; | ||
readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined; | ||
@@ -93,7 +93,7 @@ readonly sqrtMod?: ((n: bigint) => bigint) | undefined; | ||
getSharedSecret: (privateA: PrivKey, publicB: import("../weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
sign: (msgHash: import("../utils").Hex, privKey: PrivKey, opts?: { | ||
sign: (msgHash: import("../utils.js").Hex, privKey: PrivKey, opts?: { | ||
lowS?: boolean | undefined; | ||
extraEntropy?: (true | import("../utils").Hex) | undefined; | ||
extraEntropy?: (true | import("../utils.js").Hex) | undefined; | ||
} | undefined) => import("../weierstrass.js").SignatureType; | ||
verify: (signature: import("../utils").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: { | ||
verify: (signature: import("../utils.js").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils.js").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: { | ||
lowS?: boolean | undefined; | ||
@@ -115,5 +115,5 @@ } | undefined) => boolean; | ||
isValidPrivateKey(privateKey: PrivKey): boolean; | ||
hashToPrivateKey: (hash: import("../utils").Hex) => Uint8Array; | ||
hashToPrivateKey: (hash: import("../utils.js").Hex) => Uint8Array; | ||
randomPrivateKey: () => Uint8Array; | ||
}; | ||
}>; |
@@ -1,8 +0,5 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.secp521r1 = exports.P521 = void 0; | ||
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const _shortw_utils_js_1 = require("./_shortw_utils.js"); | ||
const sha512_1 = require("@noble/hashes/sha512"); | ||
const utils_1 = require("../utils"); | ||
import { createCurve } from './_shortw_utils.js'; | ||
import { sha512 } from '@noble/hashes/sha512'; | ||
import { bytesToHex } from '../utils.js'; | ||
// NIST secp521r1 aka P521 | ||
@@ -12,3 +9,3 @@ // Note that it's 521, which differs from 512 of its hash function. | ||
// prettier-ignore | ||
exports.P521 = (0, _shortw_utils_js_1.createCurve)({ | ||
export const P521 = createCurve({ | ||
// Params: a, b | ||
@@ -30,3 +27,3 @@ a: BigInt('0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc'), | ||
if (key instanceof Uint8Array) | ||
key = (0, utils_1.bytesToHex)(key); | ||
key = bytesToHex(key); | ||
if (typeof key !== 'string' || !([130, 131, 132].includes(key.length))) { | ||
@@ -37,3 +34,3 @@ throw new Error('Invalid key'); | ||
} | ||
}, sha512_1.sha512); | ||
exports.secp521r1 = exports.P521; | ||
}, sha512); | ||
export const secp521r1 = P521; |
@@ -1,2 +0,2 @@ | ||
export declare const pallas: import("../weierstrass").CurveFn; | ||
export declare const vesta: import("../weierstrass").CurveFn; | ||
export declare const pallas: import("../weierstrass.js").CurveFn; | ||
export declare const vesta: import("../weierstrass.js").CurveFn; |
@@ -1,13 +0,10 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.vesta = exports.pallas = void 0; | ||
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const sha256_1 = require("@noble/hashes/sha256"); | ||
const weierstrass_1 = require("../weierstrass"); | ||
const _shortw_utils_js_1 = require("./_shortw_utils.js"); | ||
const mod = require("../modular"); | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
import { weierstrass } from '../weierstrass.js'; | ||
import { getHash } from './_shortw_utils.js'; | ||
import * as mod from '../modular.js'; | ||
const p = BigInt('0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001'); | ||
const q = BigInt('0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001'); | ||
// https://neuromancer.sk/std/other/Pallas | ||
exports.pallas = (0, weierstrass_1.weierstrass)({ | ||
export const pallas = weierstrass({ | ||
a: BigInt(0), | ||
@@ -20,6 +17,6 @@ b: BigInt(5), | ||
h: BigInt(1), | ||
...(0, _shortw_utils_js_1.getHash)(sha256_1.sha256), | ||
...getHash(sha256), | ||
}); | ||
// https://neuromancer.sk/std/other/Vesta | ||
exports.vesta = (0, weierstrass_1.weierstrass)({ | ||
export const vesta = weierstrass({ | ||
a: BigInt(0), | ||
@@ -32,3 +29,3 @@ b: BigInt(5), | ||
h: BigInt(1), | ||
...(0, _shortw_utils_js_1.getHash)(sha256_1.sha256), | ||
...getHash(sha256), | ||
}); |
@@ -1,5 +0,5 @@ | ||
import { PointType } from '../weierstrass'; | ||
import { Hex, PrivKey, randomBytes } from '../utils'; | ||
import { PointType } from '../weierstrass.js'; | ||
import { Hex, PrivKey, randomBytes } from '../utils.js'; | ||
export declare const secp256k1: Readonly<{ | ||
create: (hash: import("../weierstrass").CHash) => import("../weierstrass").CurveFn; | ||
create: (hash: import("../weierstrass.js").CHash) => import("../weierstrass.js").CurveFn; | ||
CURVE: Readonly<{ | ||
@@ -16,3 +16,3 @@ readonly nBitLength: number; | ||
lowS: boolean; | ||
readonly hash: import("../weierstrass").CHash; | ||
readonly hash: import("../weierstrass.js").CHash; | ||
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array; | ||
@@ -34,13 +34,13 @@ randomBytes: typeof randomBytes; | ||
getPublicKey: (privateKey: PrivKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
getSharedSecret: (privateA: PrivKey, publicB: import("../weierstrass").PubKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
getSharedSecret: (privateA: PrivKey, publicB: import("../weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
sign: (msgHash: Hex, privKey: PrivKey, opts?: { | ||
lowS?: boolean | undefined; | ||
extraEntropy?: (true | Hex) | undefined; | ||
} | undefined) => import("../weierstrass").SignatureType; | ||
verify: (signature: Hex | import("../weierstrass").SignatureType, msgHash: Hex, publicKey: import("../weierstrass").PubKey, opts?: { | ||
} | undefined) => import("../weierstrass.js").SignatureType; | ||
verify: (signature: Hex | import("../weierstrass.js").SignatureType, msgHash: Hex, publicKey: import("../weierstrass.js").PubKey, opts?: { | ||
lowS?: boolean | undefined; | ||
} | undefined) => boolean; | ||
Point: import("../weierstrass").PointConstructor; | ||
JacobianPoint: import("../weierstrass").JacobianPointConstructor; | ||
Signature: import("../weierstrass").SignatureConstructor; | ||
Point: import("../weierstrass.js").PointConstructor; | ||
JacobianPoint: import("../weierstrass.js").JacobianPointConstructor; | ||
Signature: import("../weierstrass.js").SignatureConstructor; | ||
utils: { | ||
@@ -52,3 +52,3 @@ mod: (a: bigint, b?: bigint | undefined) => bigint; | ||
_normalizePrivateKey: (key: PrivKey) => bigint; | ||
_normalizePublicKey: (publicKey: import("../weierstrass").PubKey) => PointType; | ||
_normalizePublicKey: (publicKey: import("../weierstrass.js").PubKey) => PointType; | ||
_isWithinCurveOrder: (num: bigint) => boolean; | ||
@@ -55,0 +55,0 @@ _isValidFieldElement: (num: bigint) => boolean; |
@@ -1,9 +0,6 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.schnorr = exports.taggedHash = exports.secp256k1 = void 0; | ||
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const sha256_1 = require("@noble/hashes/sha256"); | ||
const modular_1 = require("../modular"); | ||
const _shortw_utils_js_1 = require("./_shortw_utils.js"); | ||
const utils_1 = require("../utils"); | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
import { mod, pow2 } from '../modular.js'; | ||
import { createCurve } from './_shortw_utils.js'; | ||
import { ensureBytes, concatBytes, hexToBytes, bytesToNumberBE, randomBytes, } from '../utils.js'; | ||
/** | ||
@@ -38,16 +35,16 @@ * secp256k1 belongs to Koblitz curves: it has | ||
const b3 = (b2 * b2 * y) % P; // x^7 | ||
const b6 = ((0, modular_1.pow2)(b3, _3n, P) * b3) % P; | ||
const b9 = ((0, modular_1.pow2)(b6, _3n, P) * b3) % P; | ||
const b11 = ((0, modular_1.pow2)(b9, _2n, P) * b2) % P; | ||
const b22 = ((0, modular_1.pow2)(b11, _11n, P) * b11) % P; | ||
const b44 = ((0, modular_1.pow2)(b22, _22n, P) * b22) % P; | ||
const b88 = ((0, modular_1.pow2)(b44, _44n, P) * b44) % P; | ||
const b176 = ((0, modular_1.pow2)(b88, _88n, P) * b88) % P; | ||
const b220 = ((0, modular_1.pow2)(b176, _44n, P) * b44) % P; | ||
const b223 = ((0, modular_1.pow2)(b220, _3n, P) * b3) % P; | ||
const t1 = ((0, modular_1.pow2)(b223, _23n, P) * b22) % P; | ||
const t2 = ((0, modular_1.pow2)(t1, _6n, P) * b2) % P; | ||
return (0, modular_1.pow2)(t2, _2n, P); | ||
const b6 = (pow2(b3, _3n, P) * b3) % P; | ||
const b9 = (pow2(b6, _3n, P) * b3) % P; | ||
const b11 = (pow2(b9, _2n, P) * b2) % P; | ||
const b22 = (pow2(b11, _11n, P) * b11) % P; | ||
const b44 = (pow2(b22, _22n, P) * b22) % P; | ||
const b88 = (pow2(b44, _44n, P) * b44) % P; | ||
const b176 = (pow2(b88, _88n, P) * b88) % P; | ||
const b220 = (pow2(b176, _44n, P) * b44) % P; | ||
const b223 = (pow2(b220, _3n, P) * b3) % P; | ||
const t1 = (pow2(b223, _23n, P) * b22) % P; | ||
const t2 = (pow2(t1, _6n, P) * b2) % P; | ||
return pow2(t2, _2n, P); | ||
} | ||
exports.secp256k1 = (0, _shortw_utils_js_1.createCurve)({ | ||
export const secp256k1 = createCurve({ | ||
// Params: a, b | ||
@@ -81,4 +78,4 @@ // Seem to be rigid https://bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975 | ||
const c2 = divNearest(-b1 * k, n); | ||
let k1 = (0, modular_1.mod)(k - c1 * a1 - c2 * a2, n); | ||
let k2 = (0, modular_1.mod)(-c1 * b1 - c2 * b2, n); | ||
let k1 = mod(k - c1 * a1 - c2 * a2, n); | ||
let k2 = mod(-c1 * b1 - c2 * b2, n); | ||
const k1neg = k1 > POW_2_128; | ||
@@ -96,11 +93,11 @@ const k2neg = k2 > POW_2_128; | ||
}, | ||
}, sha256_1.sha256); | ||
}, sha256); | ||
// Schnorr | ||
const _0n = BigInt(0); | ||
const numTo32b = exports.secp256k1.utils._bigintToBytes; | ||
const numTo32bStr = exports.secp256k1.utils._bigintToString; | ||
const normalizePrivateKey = exports.secp256k1.utils._normalizePrivateKey; | ||
const numTo32b = secp256k1.utils._bigintToBytes; | ||
const numTo32bStr = secp256k1.utils._bigintToString; | ||
const normalizePrivateKey = secp256k1.utils._normalizePrivateKey; | ||
// TODO: export? | ||
function normalizePublicKey(publicKey) { | ||
if (publicKey instanceof exports.secp256k1.Point) { | ||
if (publicKey instanceof secp256k1.Point) { | ||
publicKey.assertValidity(); | ||
@@ -110,9 +107,9 @@ return publicKey; | ||
else { | ||
const bytes = (0, utils_1.ensureBytes)(publicKey); | ||
const bytes = ensureBytes(publicKey); | ||
// Schnorr is 32 bytes | ||
if (bytes.length === 32) { | ||
const x = (0, utils_1.bytesToNumberBE)(bytes); | ||
const x = bytesToNumberBE(bytes); | ||
if (!isValidFieldElement(x)) | ||
throw new Error('Point is not on curve'); | ||
const y2 = exports.secp256k1.utils._weierstrassEquation(x); // y² = x³ + ax + b | ||
const y2 = secp256k1.utils._weierstrassEquation(x); // y² = x³ + ax + b | ||
let y = sqrtMod(y2); // y = y² ^ (p+1)/4 | ||
@@ -122,4 +119,4 @@ const isYOdd = (y & _1n) === _1n; | ||
if (isYOdd) | ||
y = (0, modular_1.mod)(-y, exports.secp256k1.CURVE.P); | ||
const point = new exports.secp256k1.Point(x, y); | ||
y = mod(-y, secp256k1.CURVE.P); | ||
const point = new secp256k1.Point(x, y); | ||
point.assertValidity(); | ||
@@ -129,7 +126,7 @@ return point; | ||
// Do we need that in schnorr at all? | ||
return exports.secp256k1.Point.fromHex(publicKey); | ||
return secp256k1.Point.fromHex(publicKey); | ||
} | ||
} | ||
const isWithinCurveOrder = exports.secp256k1.utils._isWithinCurveOrder; | ||
const isValidFieldElement = exports.secp256k1.utils._isValidFieldElement; | ||
const isWithinCurveOrder = secp256k1.utils._isWithinCurveOrder; | ||
const isValidFieldElement = secp256k1.utils._isValidFieldElement; | ||
const TAGS = { | ||
@@ -142,12 +139,11 @@ challenge: 'BIP0340/challenge', | ||
const TAGGED_HASH_PREFIXES = {}; | ||
function taggedHash(tag, ...messages) { | ||
export function taggedHash(tag, ...messages) { | ||
let tagP = TAGGED_HASH_PREFIXES[tag]; | ||
if (tagP === undefined) { | ||
const tagH = (0, sha256_1.sha256)(Uint8Array.from(tag, (c) => c.charCodeAt(0))); | ||
tagP = (0, utils_1.concatBytes)(tagH, tagH); | ||
const tagH = sha256(Uint8Array.from(tag, (c) => c.charCodeAt(0))); | ||
tagP = concatBytes(tagH, tagH); | ||
TAGGED_HASH_PREFIXES[tag] = tagP; | ||
} | ||
return (0, sha256_1.sha256)((0, utils_1.concatBytes)(tagP, ...messages)); | ||
return sha256(concatBytes(tagP, ...messages)); | ||
} | ||
exports.taggedHash = taggedHash; | ||
const toRawX = (point) => point.toRawBytes(true).slice(1); | ||
@@ -157,3 +153,3 @@ // Schnorr signatures are superior to ECDSA from above. | ||
function schnorrChallengeFinalize(ch) { | ||
return (0, modular_1.mod)((0, utils_1.bytesToNumberBE)(ch), exports.secp256k1.CURVE.n); | ||
return mod(bytesToNumberBE(ch), secp256k1.CURVE.n); | ||
} | ||
@@ -168,7 +164,7 @@ // Do we need this at all for Schnorr? | ||
static fromHex(hex) { | ||
const bytes = (0, utils_1.ensureBytes)(hex); | ||
const bytes = ensureBytes(hex); | ||
if (bytes.length !== 64) | ||
throw new TypeError(`SchnorrSignature.fromHex: expected 64 bytes, not ${bytes.length}`); | ||
const r = (0, utils_1.bytesToNumberBE)(bytes.subarray(0, 32)); | ||
const s = (0, utils_1.bytesToNumberBE)(bytes.subarray(32, 64)); | ||
const r = bytesToNumberBE(bytes.subarray(0, 32)); | ||
const s = bytesToNumberBE(bytes.subarray(32, 64)); | ||
return new SchnorrSignature(r, s); | ||
@@ -185,8 +181,8 @@ } | ||
toRawBytes() { | ||
return (0, utils_1.hexToBytes)(this.toHex()); | ||
return hexToBytes(this.toHex()); | ||
} | ||
} | ||
function schnorrGetScalar(priv) { | ||
const point = exports.secp256k1.Point.fromPrivateKey(priv); | ||
const scalar = point.hasEvenY() ? priv : exports.secp256k1.CURVE.n - priv; | ||
const point = secp256k1.Point.fromPrivateKey(priv); | ||
const scalar = point.hasEvenY() ? priv : secp256k1.CURVE.n - priv; | ||
return { point, scalar, x: toRawX(point) }; | ||
@@ -201,9 +197,9 @@ } | ||
*/ | ||
function schnorrSign(message, privateKey, auxRand = (0, utils_1.randomBytes)(32)) { | ||
function schnorrSign(message, privateKey, auxRand = randomBytes(32)) { | ||
if (message == null) | ||
throw new TypeError(`sign: Expected valid message, not "${message}"`); | ||
const m = (0, utils_1.ensureBytes)(message); | ||
const m = ensureBytes(message); | ||
// checks for isWithinCurveOrder | ||
const { x: px, scalar: d } = schnorrGetScalar(normalizePrivateKey(privateKey)); | ||
const rand = (0, utils_1.ensureBytes)(auxRand); | ||
const rand = ensureBytes(auxRand); | ||
if (rand.length !== 32) | ||
@@ -213,5 +209,5 @@ throw new TypeError('sign: Expected 32 bytes of aux randomness'); | ||
const t0h = tag(TAGS.aux, rand); | ||
const t = numTo32b(d ^ (0, utils_1.bytesToNumberBE)(t0h)); | ||
const t = numTo32b(d ^ bytesToNumberBE(t0h)); | ||
const k0h = tag(TAGS.nonce, t, px, m); | ||
const k0 = (0, modular_1.mod)((0, utils_1.bytesToNumberBE)(k0h), exports.secp256k1.CURVE.n); | ||
const k0 = mod(bytesToNumberBE(k0h), secp256k1.CURVE.n); | ||
if (k0 === _0n) | ||
@@ -221,3 +217,3 @@ throw new Error('sign: Creation of signature failed. k is zero'); | ||
const e = schnorrChallengeFinalize(tag(TAGS.challenge, rx, px, m)); | ||
const sig = new SchnorrSignature(R.x, (0, modular_1.mod)(k + e * d, exports.secp256k1.CURVE.n)).toRawBytes(); | ||
const sig = new SchnorrSignature(R.x, mod(k + e * d, secp256k1.CURVE.n)).toRawBytes(); | ||
if (!schnorrVerify(sig, m, px)) | ||
@@ -237,3 +233,3 @@ throw new Error('sign: Invalid signature produced'); | ||
const { r, s } = sig; | ||
const m = (0, utils_1.ensureBytes)(message); | ||
const m = ensureBytes(message); | ||
const P = normalizePublicKey(publicKey); | ||
@@ -244,3 +240,3 @@ const e = schnorrChallengeFinalize(taggedHash(TAGS.challenge, numTo32b(r), toRawX(P), m)); | ||
// -eP == (n-e)P | ||
const R = exports.secp256k1.Point.BASE.multiplyAndAddUnsafe(P, normalizePrivateKey(s), (0, modular_1.mod)(-e, exports.secp256k1.CURVE.n)); | ||
const R = secp256k1.Point.BASE.multiplyAndAddUnsafe(P, normalizePrivateKey(s), mod(-e, secp256k1.CURVE.n)); | ||
if (!R || !R.hasEvenY() || R.x !== r) | ||
@@ -254,8 +250,8 @@ return false; | ||
} | ||
exports.schnorr = { | ||
export const schnorr = { | ||
Signature: SchnorrSignature, | ||
// Schnorr's pubkey is just `x` of Point (BIP340) | ||
getPublicKey: (privateKey) => toRawX(exports.secp256k1.Point.fromPrivateKey(privateKey)), | ||
getPublicKey: (privateKey) => toRawX(secp256k1.Point.fromPrivateKey(privateKey)), | ||
sign: schnorrSign, | ||
verify: schnorrVerify, | ||
}; |
@@ -1,7 +0,7 @@ | ||
import { CHash } from '../weierstrass'; | ||
import * as cutils from '../utils'; | ||
export declare const starkCurve: import("../weierstrass").CurveFn; | ||
import { CHash } from '../weierstrass.js'; | ||
import * as cutils from '../utils.js'; | ||
export declare const starkCurve: import("../weierstrass.js").CurveFn; | ||
declare function getPublicKey0x(privKey: Hex, isCompressed?: boolean): Uint8Array; | ||
declare function getSharedSecret0x(privKeyA: Hex, pubKeyB: Hex): Uint8Array; | ||
declare function sign0x(msgHash: Hex, privKey: Hex, opts: any): import("../weierstrass").SignatureType; | ||
declare function sign0x(msgHash: Hex, privKey: Hex, opts: any): import("../weierstrass.js").SignatureType; | ||
declare function verify0x(signature: Hex, msgHash: Hex, pubKey: Hex): boolean; | ||
@@ -34,3 +34,3 @@ declare const CURVE: Readonly<{ | ||
} | undefined; | ||
}>, Point: import("../weierstrass").PointConstructor, JacobianPoint: import("../weierstrass").JacobianPointConstructor, Signature: import("../weierstrass").SignatureConstructor; | ||
}>, Point: import("../weierstrass.js").PointConstructor, JacobianPoint: import("../weierstrass.js").JacobianPointConstructor, Signature: import("../weierstrass.js").SignatureConstructor; | ||
export declare const utils: { | ||
@@ -42,3 +42,3 @@ mod: (a: bigint, b?: bigint | undefined) => bigint; | ||
_normalizePrivateKey: (key: cutils.PrivKey) => bigint; | ||
_normalizePublicKey: (publicKey: import("../weierstrass").PubKey) => import("../weierstrass").PointType; | ||
_normalizePublicKey: (publicKey: import("../weierstrass.js").PubKey) => import("../weierstrass.js").PointType; | ||
_isWithinCurveOrder: (num: bigint) => boolean; | ||
@@ -45,0 +45,0 @@ _isValidFieldElement: (num: bigint) => boolean; |
@@ -1,11 +0,8 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.keccak = exports.computeHashOnElements = exports.hashChain = exports.pedersen = exports.getAccountPath = exports.ethSigToPrivate = exports.getStarkKey = exports.grindKey = exports.numberToHexEth = exports.strip0x = exports.bytesToHexEth = exports.verify = exports.sign = exports.getSharedSecret = exports.getPublicKey = exports.JacobianPoint = exports.Signature = exports.Point = exports.CURVE = exports.utils = exports.starkCurve = void 0; | ||
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const sha3_1 = require("@noble/hashes/sha3"); | ||
const sha256_1 = require("@noble/hashes/sha256"); | ||
const hmac_1 = require("@noble/hashes/hmac"); | ||
const utils_1 = require("@noble/hashes/utils"); | ||
const weierstrass_1 = require("../weierstrass"); | ||
const cutils = require("../utils"); | ||
import { keccak_256 } from '@noble/hashes/sha3'; | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
import { hmac } from '@noble/hashes/hmac'; | ||
import { concatBytes } from '@noble/hashes/utils'; | ||
import { weierstrass } from '../weierstrass.js'; | ||
import * as cutils from '../utils.js'; | ||
// Stark-friendly elliptic curve | ||
@@ -17,3 +14,3 @@ // https://docs.starkware.co/starkex/stark-curve.html | ||
hash, | ||
hmac: (key, ...msgs) => (0, hmac_1.hmac)(hash, key, (0, utils_1.concatBytes)(...msgs)), | ||
hmac: (key, ...msgs) => hmac(hash, key, concatBytes(...msgs)), | ||
}; | ||
@@ -23,3 +20,3 @@ } | ||
const nBitLength = 252; | ||
exports.starkCurve = (0, weierstrass_1.weierstrass)({ | ||
export const starkCurve = weierstrass({ | ||
// Params: a, b | ||
@@ -40,3 +37,3 @@ a: BigInt(1), | ||
lowS: false, | ||
...getHash(sha256_1.sha256), | ||
...getHash(sha256), | ||
truncateHash: (hash, truncateOnly = false) => { | ||
@@ -70,3 +67,3 @@ // TODO: cleanup, ugly code | ||
} | ||
hex = (0, exports.strip0x)(hex); | ||
hex = strip0x(hex); | ||
if (hex.length & 1) | ||
@@ -93,3 +90,3 @@ hex = '0' + hex; // padding | ||
// TODO: strip vs no strip? | ||
return BigInt(`0x${(0, exports.strip0x)(hex)}`); | ||
return BigInt(`0x${strip0x(hex)}`); | ||
} | ||
@@ -108,31 +105,21 @@ function bytesToNumber0x(bytes) { | ||
function getPublicKey0x(privKey, isCompressed) { | ||
return exports.starkCurve.getPublicKey(normalizePrivateKey(privKey), isCompressed); | ||
return starkCurve.getPublicKey(normalizePrivateKey(privKey), isCompressed); | ||
} | ||
exports.getPublicKey = getPublicKey0x; | ||
function getSharedSecret0x(privKeyA, pubKeyB) { | ||
return exports.starkCurve.getSharedSecret(normalizePrivateKey(privKeyA), pubKeyB); | ||
return starkCurve.getSharedSecret(normalizePrivateKey(privKeyA), pubKeyB); | ||
} | ||
exports.getSharedSecret = getSharedSecret0x; | ||
function sign0x(msgHash, privKey, opts) { | ||
return exports.starkCurve.sign(ensureBytes0x(msgHash), normalizePrivateKey(privKey), opts); | ||
return starkCurve.sign(ensureBytes0x(msgHash), normalizePrivateKey(privKey), opts); | ||
} | ||
exports.sign = sign0x; | ||
function verify0x(signature, msgHash, pubKey) { | ||
const sig = signature instanceof Signature ? signature : ensureBytes0x(signature); | ||
return exports.starkCurve.verify(sig, ensureBytes0x(msgHash), ensureBytes0x(pubKey)); | ||
return starkCurve.verify(sig, ensureBytes0x(msgHash), ensureBytes0x(pubKey)); | ||
} | ||
exports.verify = verify0x; | ||
const { CURVE, Point, JacobianPoint, Signature } = exports.starkCurve; | ||
exports.CURVE = CURVE; | ||
exports.Point = Point; | ||
exports.JacobianPoint = JacobianPoint; | ||
exports.Signature = Signature; | ||
exports.utils = exports.starkCurve.utils; | ||
const { CURVE, Point, JacobianPoint, Signature } = starkCurve; | ||
export const utils = starkCurve.utils; | ||
export { CURVE, Point, Signature, JacobianPoint, getPublicKey0x as getPublicKey, getSharedSecret0x as getSharedSecret, sign0x as sign, verify0x as verify, }; | ||
const stripLeadingZeros = (s) => s.replace(/^0+/gm, ''); | ||
const bytesToHexEth = (uint8a) => `0x${stripLeadingZeros(cutils.bytesToHex(uint8a))}`; | ||
exports.bytesToHexEth = bytesToHexEth; | ||
const strip0x = (hex) => hex.replace(/^0x/i, ''); | ||
exports.strip0x = strip0x; | ||
const numberToHexEth = (num) => `0x${num.toString(16)}`; | ||
exports.numberToHexEth = numberToHexEth; | ||
export const bytesToHexEth = (uint8a) => `0x${stripLeadingZeros(cutils.bytesToHex(uint8a))}`; | ||
export const strip0x = (hex) => hex.replace(/^0x/i, ''); | ||
export const numberToHexEth = (num) => `0x${num.toString(16)}`; | ||
// 1. seed generation | ||
@@ -143,8 +130,8 @@ function hashKeyWithIndex(key, index) { | ||
indexHex = '0' + indexHex; | ||
return bytesToNumber0x((0, sha256_1.sha256)(cutils.concatBytes(key, hexToBytes0x(indexHex)))); | ||
return bytesToNumber0x(sha256(cutils.concatBytes(key, hexToBytes0x(indexHex)))); | ||
} | ||
function grindKey(seed) { | ||
export function grindKey(seed) { | ||
const _seed = ensureBytes0x(seed); | ||
const sha256mask = 2n ** 256n; | ||
const limit = sha256mask - exports.starkCurve.utils.mod(sha256mask, exports.starkCurve.CURVE.n); | ||
const limit = sha256mask - starkCurve.utils.mod(sha256mask, starkCurve.CURVE.n); | ||
for (let i = 0;; i++) { | ||
@@ -154,12 +141,10 @@ const key = hashKeyWithIndex(_seed, i); | ||
if (key < limit) | ||
return exports.starkCurve.utils.mod(key, exports.starkCurve.CURVE.n).toString(16); | ||
return starkCurve.utils.mod(key, starkCurve.CURVE.n).toString(16); | ||
} | ||
} | ||
exports.grindKey = grindKey; | ||
function getStarkKey(privateKey) { | ||
return (0, exports.bytesToHexEth)(getPublicKey0x(privateKey, true).slice(1)); | ||
export function getStarkKey(privateKey) { | ||
return bytesToHexEth(getPublicKey0x(privateKey, true).slice(1)); | ||
} | ||
exports.getStarkKey = getStarkKey; | ||
function ethSigToPrivate(signature) { | ||
signature = (0, exports.strip0x)(signature.replace(/^0x/, '')); | ||
export function ethSigToPrivate(signature) { | ||
signature = strip0x(signature.replace(/^0x/, '')); | ||
if (signature.length !== 130) | ||
@@ -169,12 +154,10 @@ throw new Error('Wrong ethereum signature'); | ||
} | ||
exports.ethSigToPrivate = ethSigToPrivate; | ||
const MASK_31 = 2n ** 31n - 1n; | ||
const int31 = (n) => Number(n & MASK_31); | ||
function getAccountPath(layer, application, ethereumAddress, index) { | ||
const layerNum = int31(bytesToNumber0x((0, sha256_1.sha256)(layer))); | ||
const applicationNum = int31(bytesToNumber0x((0, sha256_1.sha256)(application))); | ||
export function getAccountPath(layer, application, ethereumAddress, index) { | ||
const layerNum = int31(bytesToNumber0x(sha256(layer))); | ||
const applicationNum = int31(bytesToNumber0x(sha256(application))); | ||
const eth = hexToNumber0x(ethereumAddress); | ||
return `m/2645'/${layerNum}'/${applicationNum}'/${int31(eth)}'/${int31(eth >> 31n)}'/${index}`; | ||
} | ||
exports.getAccountPath = getAccountPath; | ||
// https://docs.starkware.co/starkex/pedersen-hash-function.html | ||
@@ -218,3 +201,3 @@ const PEDERSEN_POINTS = [ | ||
// [0..Fp) | ||
if (!(0n <= value && value < exports.starkCurve.CURVE.P)) | ||
if (!(0n <= value && value < starkCurve.CURVE.P)) | ||
throw new Error(`PedersenArg should be 0 <= value < CURVE.P: ${value}`); | ||
@@ -236,14 +219,13 @@ return value; | ||
// shift_point + x_low * P_0 + x_high * P1 + y_low * P2 + y_high * P3 | ||
function pedersen(x, y) { | ||
export function pedersen(x, y) { | ||
let point = PEDERSEN_POINTS_JACOBIAN[0]; | ||
point = pedersenSingle(point, x, PEDERSEN_POINTS1); | ||
point = pedersenSingle(point, y, PEDERSEN_POINTS2); | ||
return (0, exports.bytesToHexEth)(point.toAffine().toRawBytes(true).slice(1)); | ||
return bytesToHexEth(point.toAffine().toRawBytes(true).slice(1)); | ||
} | ||
exports.pedersen = pedersen; | ||
function hashChain(data, fn = pedersen) { | ||
export function hashChain(data, fn = pedersen) { | ||
if (!Array.isArray(data) || data.length < 1) | ||
throw new Error('data should be array of at least 1 element'); | ||
if (data.length === 1) | ||
return (0, exports.numberToHexEth)(pedersenArg(data[0])); | ||
return numberToHexEth(pedersenArg(data[0])); | ||
return Array.from(data) | ||
@@ -253,8 +235,5 @@ .reverse() | ||
} | ||
exports.hashChain = hashChain; | ||
// Same as hashChain, but computes hash even for single element and order is not revesed | ||
const computeHashOnElements = (data, fn = pedersen) => [0, ...data, data.length].reduce((x, y) => fn(x, y)); | ||
exports.computeHashOnElements = computeHashOnElements; | ||
export const computeHashOnElements = (data, fn = pedersen) => [0, ...data, data.length].reduce((x, y) => fn(x, y)); | ||
const MASK_250 = 2n ** 250n - 1n; | ||
const keccak = (data) => bytesToNumber0x((0, sha3_1.keccak_256)(data)) & MASK_250; | ||
exports.keccak = keccak; | ||
export const keccak = (data) => bytesToNumber0x(keccak_256(data)) & MASK_250; |
@@ -1,6 +0,3 @@ | ||
"use strict"; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
// Implementation of Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y² | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.twistedEdwards = void 0; | ||
// Differences from @noble/ed25519 1.7: | ||
@@ -13,5 +10,5 @@ // 1. Different field element lengths in ed448: | ||
// 5. Domain function was no-op for ed25519, but adds some data even with empty context for ed448 | ||
const mod = require("./modular.js"); | ||
const utils_js_1 = require("./utils.js"); // TODO: import * as u from './utils.js'? | ||
const group_js_1 = require("./group.js"); | ||
import * as mod from './modular.js'; | ||
import { bytesToHex, concatBytes, ensureBytes, numberToBytesLE, bytesToNumberLE, hashToPrivateScalar, validateOpts as utilOpts, randomBytes as utilRandomBytes, } from './utils.js'; // TODO: import * as u from './utils.js'? | ||
import { wNAF } from './group.js'; | ||
// Be friendly to bad ECMAScript parsers by not using bigint literals like 123n | ||
@@ -24,3 +21,3 @@ const _0n = BigInt(0); | ||
function validateOpts(curve) { | ||
const opts = (0, utils_js_1.validateOpts)(curve); | ||
const opts = utilOpts(curve); | ||
if (typeof opts.hash !== 'function' || !Number.isSafeInteger(opts.hash.outputLen)) | ||
@@ -39,6 +36,6 @@ throw new Error('Invalid hash function'); | ||
// Set defaults | ||
return Object.freeze({ randomBytes: utils_js_1.randomBytes, ...opts }); | ||
return Object.freeze({ randomBytes: utilRandomBytes, ...opts }); | ||
} | ||
// NOTE: it is not generic twisted curve for now, but ed25519/ed448 generic implementation | ||
function twistedEdwards(curveDef) { | ||
export function twistedEdwards(curveDef) { | ||
const CURVE = validateOpts(curveDef); | ||
@@ -251,3 +248,3 @@ const CURVE_ORDER = CURVE.n; | ||
ExtendedPoint.ZERO = new ExtendedPoint(_0n, _1n, _1n, _0n); | ||
const wnaf = (0, group_js_1.wNAF)(ExtendedPoint, groupLen * 8); | ||
const wnaf = wNAF(ExtendedPoint, groupLen * 8); | ||
function assertExtPoint(other) { | ||
@@ -276,3 +273,3 @@ if (!(other instanceof ExtendedPoint)) | ||
const { d, P, a } = CURVE; | ||
hex = (0, utils_js_1.ensureBytes)(hex, fieldLen); | ||
hex = ensureBytes(hex, fieldLen); | ||
// 1. First, interpret the string as an integer in little-endian | ||
@@ -286,3 +283,3 @@ // representation. Bit 255 of this number is the least significant | ||
normed[fieldLen - 1] = lastByte & ~0x80; | ||
const y = (0, utils_js_1.bytesToNumberLE)(normed); | ||
const y = bytesToNumberLE(normed); | ||
if (strict && y >= P) | ||
@@ -323,3 +320,3 @@ throw new Error('Expected 0 < hex < P'); | ||
toRawBytes() { | ||
const bytes = (0, utils_js_1.numberToBytesLE)(this.y, fieldLen); | ||
const bytes = numberToBytesLE(this.y, fieldLen); | ||
bytes[fieldLen - 1] |= this.x & _1n ? 0x80 : 0; | ||
@@ -330,3 +327,3 @@ return bytes; | ||
toHex() { | ||
return (0, utils_js_1.bytesToHex)(this.toRawBytes()); | ||
return bytesToHex(this.toRawBytes()); | ||
} | ||
@@ -378,5 +375,5 @@ isTorsionFree() { | ||
static fromHex(hex) { | ||
const bytes = (0, utils_js_1.ensureBytes)(hex, 2 * fieldLen); | ||
const bytes = ensureBytes(hex, 2 * fieldLen); | ||
const r = Point.fromHex(bytes.slice(0, fieldLen), false); | ||
const s = (0, utils_js_1.bytesToNumberLE)(bytes.slice(fieldLen, 2 * fieldLen)); | ||
const s = bytesToNumberLE(bytes.slice(fieldLen, 2 * fieldLen)); | ||
return new Signature(r, s); | ||
@@ -393,6 +390,6 @@ } | ||
toRawBytes() { | ||
return (0, utils_js_1.concatBytes)(this.r.toRawBytes(), (0, utils_js_1.numberToBytesLE)(this.s, fieldLen)); | ||
return concatBytes(this.r.toRawBytes(), numberToBytesLE(this.s, fieldLen)); | ||
} | ||
toHex() { | ||
return (0, utils_js_1.bytesToHex)(this.toRawBytes()); | ||
return bytesToHex(this.toRawBytes()); | ||
} | ||
@@ -402,3 +399,3 @@ } | ||
function modlLE(hash) { | ||
return mod.mod((0, utils_js_1.bytesToNumberLE)(hash), CURVE_ORDER); | ||
return mod.mod(bytesToNumberLE(hash), CURVE_ORDER); | ||
} | ||
@@ -432,4 +429,4 @@ /** | ||
typeof key === 'bigint' || typeof key === 'number' | ||
? (0, utils_js_1.numberToBytesLE)(normalizeScalar(key, maxGroupElement), groupLen) | ||
: (0, utils_js_1.ensureBytes)(key); | ||
? numberToBytesLE(normalizeScalar(key, maxGroupElement), groupLen) | ||
: ensureBytes(key); | ||
if (key.length !== groupLen) | ||
@@ -467,3 +464,3 @@ throw new Error(`Expected ${groupLen} bytes, got ${key.length}`); | ||
function hashDomainToScalar(message, context = EMPTY) { | ||
context = (0, utils_js_1.ensureBytes)(context); | ||
context = ensureBytes(context); | ||
return modlLE(CURVE.hash(domain(message, context, !!CURVE.preHash))); | ||
@@ -473,9 +470,9 @@ } | ||
function sign(message, privateKey, context) { | ||
message = (0, utils_js_1.ensureBytes)(message); | ||
message = ensureBytes(message); | ||
if (CURVE.preHash) | ||
message = CURVE.preHash(message); | ||
const { prefix, scalar, pointBytes } = getExtendedPublicKey(privateKey); | ||
const r = hashDomainToScalar((0, utils_js_1.concatBytes)(prefix, message), context); | ||
const r = hashDomainToScalar(concatBytes(prefix, message), context); | ||
const R = Point.BASE.multiply(r); // R = rG | ||
const k = hashDomainToScalar((0, utils_js_1.concatBytes)(R.toRawBytes(), pointBytes, message), context); // k = hash(R+P+msg) | ||
const k = hashDomainToScalar(concatBytes(R.toRawBytes(), pointBytes, message), context); // k = hash(R+P+msg) | ||
const s = mod.mod(r + k * scalar, CURVE_ORDER); // s = r + kp | ||
@@ -494,3 +491,3 @@ return new Signature(R, s).toRawBytes(); | ||
function verify(sig, message, publicKey, context) { | ||
message = (0, utils_js_1.ensureBytes)(message); | ||
message = ensureBytes(message); | ||
if (CURVE.preHash) | ||
@@ -520,3 +517,3 @@ message = CURVE.preHash(message); | ||
const SB = ExtendedPoint.BASE.multiplyUnsafe(s); | ||
const k = hashDomainToScalar((0, utils_js_1.concatBytes)(r.toRawBytes(), publicKey.toRawBytes(), message), context); | ||
const k = hashDomainToScalar(concatBytes(r.toRawBytes(), publicKey.toRawBytes(), message), context); | ||
const kA = ExtendedPoint.fromAffine(publicKey).multiplyUnsafe(k); | ||
@@ -536,3 +533,3 @@ const RkA = ExtendedPoint.fromAffine(r).add(kA); | ||
*/ | ||
hashToPrivateScalar: (hash) => (0, utils_js_1.hashToPrivateScalar)(hash, CURVE_ORDER, true), | ||
hashToPrivateScalar: (hash) => hashToPrivateScalar(hash, CURVE_ORDER, true), | ||
/** | ||
@@ -567,2 +564,1 @@ * ed25519 private keys are uniform 32-bit strings. We do not need to check for | ||
} | ||
exports.twistedEdwards = twistedEdwards; |
@@ -1,4 +0,1 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.wNAF = void 0; | ||
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
@@ -9,3 +6,3 @@ // Default group related functions | ||
// Not big, but pretty complex and it is easy to break stuff. To avoid too much copy paste | ||
function wNAF(c, bits) { | ||
export function wNAF(c, bits) { | ||
const constTimeNegate = (condition, item) => { | ||
@@ -112,2 +109,1 @@ const neg = item.negate(); | ||
} | ||
exports.wNAF = wNAF; |
@@ -1,5 +0,2 @@ | ||
"use strict"; | ||
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.isNegativeLE = exports.sqrt = exports.legendre = exports.invertBatch = exports.div = exports.invert = exports.pow2 = exports.pow = exports.mod = void 0; | ||
// Utilities for modular arithmetics | ||
@@ -10,7 +7,6 @@ const _0n = BigInt(0); | ||
// Calculates a modulo b | ||
function mod(a, b) { | ||
export function mod(a, b) { | ||
const result = a % b; | ||
return result >= _0n ? result : b + result; | ||
} | ||
exports.mod = mod; | ||
/** | ||
@@ -22,3 +18,3 @@ * Efficiently exponentiate num to power and do modular division. | ||
*/ | ||
function pow(num, power, modulo) { | ||
export function pow(num, power, modulo) { | ||
if (modulo <= _0n || power < _0n) | ||
@@ -37,5 +33,4 @@ throw new Error('Expected power/modulo > 0'); | ||
} | ||
exports.pow = pow; | ||
// Does x ^ (2 ^ power) mod p. pow2(30, 4) == 30 ^ (2 ^ 4) | ||
function pow2(x, power, modulo) { | ||
export function pow2(x, power, modulo) { | ||
let res = x; | ||
@@ -48,5 +43,4 @@ while (power-- > _0n) { | ||
} | ||
exports.pow2 = pow2; | ||
// Inverses number over modulo | ||
function invert(number, modulo) { | ||
export function invert(number, modulo) { | ||
if (number === _0n || modulo <= _0n) { | ||
@@ -73,3 +67,2 @@ throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`); | ||
} | ||
exports.invert = invert; | ||
/** | ||
@@ -79,3 +72,3 @@ * Division over finite field. | ||
*/ | ||
function div(numerator, denominator, modulo) { | ||
export function div(numerator, denominator, modulo) { | ||
const num = mod(numerator, modulo); | ||
@@ -85,3 +78,2 @@ const iden = invert(denominator, modulo); | ||
} | ||
exports.div = div; | ||
/** | ||
@@ -96,3 +88,3 @@ * Takes a list of numbers, efficiently inverts all of them. | ||
*/ | ||
function invertBatch(nums, modulo) { | ||
export function invertBatch(nums, modulo) { | ||
const scratch = new Array(nums.length); | ||
@@ -117,3 +109,2 @@ // Walk from first to last, multiply them by each other MOD p | ||
} | ||
exports.invertBatch = invertBatch; | ||
/** | ||
@@ -125,10 +116,9 @@ * Calculates Legendre symbol (a | p), which denotes the value of a^((p-1)/2) (mod p). | ||
*/ | ||
function legendre(num, P) { | ||
export function legendre(num, P) { | ||
return pow(num, (P - _1n) / _2n, P); | ||
} | ||
exports.legendre = legendre; | ||
/** | ||
* Calculates square root of a number in a finite field. | ||
*/ | ||
function sqrt(number, modulo) { | ||
export function sqrt(number, modulo) { | ||
// prettier-ignore | ||
@@ -183,6 +173,4 @@ const _3n = BigInt(3), _4n = BigInt(4), _5n = BigInt(5), _8n = BigInt(8); | ||
} | ||
exports.sqrt = sqrt; | ||
// Little-endian check for first LE bit (last BE bit); | ||
const isNegativeLE = (num, modulo) => (mod(num, modulo) & _1n) === _1n; | ||
exports.isNegativeLE = isNegativeLE; | ||
export const isNegativeLE = (num, modulo) => (mod(num, modulo) & _1n) === _1n; | ||
// An idea on modular arithmetic for bls12-381: | ||
@@ -189,0 +177,0 @@ // const FIELD = {add, pow, sqrt, mul}; |
@@ -1,6 +0,5 @@ | ||
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.montgomery = void 0; | ||
const mod = require("./modular.js"); | ||
const utils_js_1 = require("./utils.js"); | ||
import * as mod from './modular.js'; | ||
import { ensureBytes, numberToBytesLE, bytesToNumberLE, | ||
// nLength, | ||
} from './utils.js'; | ||
const _0n = BigInt(0); | ||
@@ -37,3 +36,3 @@ const _1n = BigInt(1); | ||
// Uses only one coordinate instead of two | ||
function montgomery(curveDef) { | ||
export function montgomery(curveDef) { | ||
const CURVE = validateOpts(curveDef); | ||
@@ -149,6 +148,6 @@ const { P } = CURVE; | ||
function encodeUCoordinate(u) { | ||
return (0, utils_js_1.numberToBytesLE)(modP(u), montgomeryBytes); | ||
return numberToBytesLE(modP(u), montgomeryBytes); | ||
} | ||
function decodeUCoordinate(uEnc) { | ||
const u = (0, utils_js_1.ensureBytes)(uEnc, montgomeryBytes); | ||
const u = ensureBytes(uEnc, montgomeryBytes); | ||
// Section 5: When receiving such an array, implementations of X25519 | ||
@@ -159,9 +158,9 @@ // MUST mask the most significant bit in the final byte. | ||
u[fieldLen - 1] &= 127; // 0b0111_1111 | ||
return (0, utils_js_1.bytesToNumberLE)(u); | ||
return bytesToNumberLE(u); | ||
} | ||
function decodeScalar(n) { | ||
const bytes = (0, utils_js_1.ensureBytes)(n); | ||
const bytes = ensureBytes(n); | ||
if (bytes.length !== montgomeryBytes && bytes.length !== fieldLen) | ||
throw new Error(`Expected ${montgomeryBytes} or ${fieldLen} bytes, got ${bytes.length}`); | ||
return (0, utils_js_1.bytesToNumberLE)(adjustScalarBytes(bytes)); | ||
return bytesToNumberLE(adjustScalarBytes(bytes)); | ||
} | ||
@@ -194,2 +193,1 @@ // Multiply point u by scalar | ||
} | ||
exports.montgomery = montgomery; |
@@ -1,9 +0,6 @@ | ||
"use strict"; | ||
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.randomBytes = exports.equalBytes = exports.hashToPrivateScalar = exports.nLength = exports.concatBytes = exports.ensureBytes = exports.numberToBytesLE = exports.numberToBytesBE = exports.bytesToNumberLE = exports.bytesToNumberBE = exports.hexToBytes = exports.hexToNumber = exports.numberToHexUnpadded = exports.bytesToHex = exports.validateOpts = void 0; | ||
// The import here is via the package name. This is to ensure | ||
// that exports mapping/resolution does fall into place. | ||
const crypto_1 = require("@noble/curves/crypto"); | ||
function validateOpts(curve) { | ||
import { crypto } from './crypto.js'; | ||
export function validateOpts(curve) { | ||
for (const i of ['P', 'n', 'h', 'Gx', 'Gy']) { | ||
@@ -22,6 +19,5 @@ if (typeof curve[i] !== 'bigint') | ||
} | ||
exports.validateOpts = validateOpts; | ||
const mod = require("./modular.js"); | ||
import * as mod from './modular.js'; | ||
const hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, '0')); | ||
function bytesToHex(uint8a) { | ||
export function bytesToHex(uint8a) { | ||
if (!(uint8a instanceof Uint8Array)) | ||
@@ -36,9 +32,7 @@ throw new Error('Expected Uint8Array'); | ||
} | ||
exports.bytesToHex = bytesToHex; | ||
function numberToHexUnpadded(num) { | ||
export function numberToHexUnpadded(num) { | ||
const hex = num.toString(16); | ||
return hex.length & 1 ? `0${hex}` : hex; | ||
} | ||
exports.numberToHexUnpadded = numberToHexUnpadded; | ||
function hexToNumber(hex) { | ||
export function hexToNumber(hex) { | ||
if (typeof hex !== 'string') { | ||
@@ -50,5 +44,4 @@ throw new TypeError('hexToNumber: expected string, got ' + typeof hex); | ||
} | ||
exports.hexToNumber = hexToNumber; | ||
// Caching slows it down 2-3x | ||
function hexToBytes(hex) { | ||
export function hexToBytes(hex) { | ||
if (typeof hex !== 'string') { | ||
@@ -70,9 +63,7 @@ throw new TypeError('hexToBytes: expected string, got ' + typeof hex); | ||
} | ||
exports.hexToBytes = hexToBytes; | ||
// Big Endian | ||
function bytesToNumberBE(bytes) { | ||
export function bytesToNumberBE(bytes) { | ||
return hexToNumber(bytesToHex(bytes)); | ||
} | ||
exports.bytesToNumberBE = bytesToNumberBE; | ||
function bytesToNumberLE(uint8a) { | ||
export function bytesToNumberLE(uint8a) { | ||
if (!(uint8a instanceof Uint8Array)) | ||
@@ -82,8 +73,5 @@ throw new Error('Expected Uint8Array'); | ||
} | ||
exports.bytesToNumberLE = bytesToNumberLE; | ||
const numberToBytesBE = (n, len) => hexToBytes(n.toString(16).padStart(len * 2, '0')); | ||
exports.numberToBytesBE = numberToBytesBE; | ||
const numberToBytesLE = (n, len) => (0, exports.numberToBytesBE)(n, len).reverse(); | ||
exports.numberToBytesLE = numberToBytesLE; | ||
function ensureBytes(hex, expectedLength) { | ||
export const numberToBytesBE = (n, len) => hexToBytes(n.toString(16).padStart(len * 2, '0')); | ||
export const numberToBytesLE = (n, len) => numberToBytesBE(n, len).reverse(); | ||
export function ensureBytes(hex, expectedLength) { | ||
// Uint8Array.from() instead of hash.slice() because node.js Buffer | ||
@@ -96,5 +84,4 @@ // is instance of Uint8Array, and its slice() creates **mutable** copy | ||
} | ||
exports.ensureBytes = ensureBytes; | ||
// Copies several Uint8Arrays into one. | ||
function concatBytes(...arrays) { | ||
export function concatBytes(...arrays) { | ||
if (!arrays.every((b) => b instanceof Uint8Array)) | ||
@@ -113,5 +100,4 @@ throw new Error('Uint8Array list expected'); | ||
} | ||
exports.concatBytes = concatBytes; | ||
// CURVE.n lengths | ||
function nLength(n, nBitLength) { | ||
export function nLength(n, nBitLength) { | ||
// Bit size, byte size of CURVE.n | ||
@@ -122,3 +108,2 @@ const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length; | ||
} | ||
exports.nLength = nLength; | ||
/** | ||
@@ -133,3 +118,3 @@ * Can take (n+8) or more bytes of uniform input e.g. from CSPRNG or KDF | ||
const _1n = BigInt(1); | ||
function hashToPrivateScalar(hash, CURVE_ORDER, isLE = false) { | ||
export function hashToPrivateScalar(hash, CURVE_ORDER, isLE = false) { | ||
hash = ensureBytes(hash); | ||
@@ -143,4 +128,3 @@ const orderLen = nLength(CURVE_ORDER).nByteLength; | ||
} | ||
exports.hashToPrivateScalar = hashToPrivateScalar; | ||
function equalBytes(b1, b2) { | ||
export function equalBytes(b1, b2) { | ||
// We don't care about timing attacks here | ||
@@ -154,12 +138,11 @@ if (b1.length !== b2.length) | ||
} | ||
exports.equalBytes = equalBytes; | ||
/** | ||
* Cryptographically secure PRNG | ||
*/ | ||
function randomBytes(bytesLength = 32) { | ||
if (crypto_1.crypto.web) { | ||
return crypto_1.crypto.web.getRandomValues(new Uint8Array(bytesLength)); | ||
export function randomBytes(bytesLength = 32) { | ||
if (crypto.web) { | ||
return crypto.web.getRandomValues(new Uint8Array(bytesLength)); | ||
} | ||
else if (crypto_1.crypto.node) { | ||
return new Uint8Array(crypto_1.crypto.node.randomBytes(bytesLength).buffer); | ||
else if (crypto.node) { | ||
return new Uint8Array(crypto.node.randomBytes(bytesLength).buffer); | ||
} | ||
@@ -170,2 +153,1 @@ else { | ||
} | ||
exports.randomBytes = randomBytes; |
@@ -1,6 +0,3 @@ | ||
"use strict"; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
// Implementation of Short Weierstrass curve. The formula is: y² = x³ + ax + b | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.weierstrass = void 0; | ||
// TODO: sync vs async naming | ||
@@ -13,8 +10,8 @@ // TODO: default randomBytes | ||
// 4. DRBG supports outputLen bigger than outputLen of hmac | ||
const mod = require("./modular.js"); | ||
const utils_js_1 = require("./utils.js"); | ||
const group_js_1 = require("./group.js"); | ||
import * as mod from './modular.js'; | ||
import { bytesToHex, bytesToNumberBE, concatBytes, ensureBytes, hexToBytes, hexToNumber, numberToHexUnpadded, hashToPrivateScalar, validateOpts as utilOpts, randomBytes as utilRandomBytes, } from './utils.js'; | ||
import { wNAF } from './group.js'; | ||
// Should be separate from overrides, since overrides can use information about curve (for example nBits) | ||
function validateOpts(curve) { | ||
const opts = (0, utils_js_1.validateOpts)(curve); | ||
const opts = utilOpts(curve); | ||
for (const i of ['a', 'b']) { | ||
@@ -48,3 +45,3 @@ if (typeof opts[i] !== 'bigint') | ||
// Set defaults | ||
return Object.freeze({ lowS: true, randomBytes: utils_js_1.randomBytes, ...opts }); | ||
return Object.freeze({ lowS: true, randomBytes: utilRandomBytes, ...opts }); | ||
} | ||
@@ -65,3 +62,3 @@ // TODO: convert bits to bytes aligned to 32 bits? (224 for example) | ||
if (data.length < 2 || data[0] !== 0x02) { | ||
throw new DERError(`Invalid signature integer tag: ${(0, utils_js_1.bytesToHex)(data)}`); | ||
throw new DERError(`Invalid signature integer tag: ${bytesToHex(data)}`); | ||
} | ||
@@ -77,7 +74,7 @@ const len = data[1]; | ||
} | ||
return { data: (0, utils_js_1.bytesToNumberBE)(res), left: data.subarray(len + 2) }; | ||
return { data: bytesToNumberBE(res), left: data.subarray(len + 2) }; | ||
} | ||
function parseDERSignature(data) { | ||
if (data.length < 2 || data[0] != 0x30) { | ||
throw new DERError(`Invalid signature tag: ${(0, utils_js_1.bytesToHex)(data)}`); | ||
throw new DERError(`Invalid signature tag: ${bytesToHex(data)}`); | ||
} | ||
@@ -90,3 +87,3 @@ if (data[1] !== data.length - 2) { | ||
if (rBytesLeft.length) { | ||
throw new DERError(`Invalid signature: left bytes after parsing: ${(0, utils_js_1.bytesToHex)(rBytesLeft)}`); | ||
throw new DERError(`Invalid signature: left bytes after parsing: ${bytesToHex(rBytesLeft)}`); | ||
} | ||
@@ -148,7 +145,7 @@ return { r, s }; | ||
} | ||
return (0, utils_js_1.concatBytes)(...out); | ||
return concatBytes(...out); | ||
} | ||
} | ||
// Use only input from curveOpts! | ||
function weierstrass(curveDef) { | ||
export function weierstrass(curveDef) { | ||
const CURVE = validateOpts(curveDef); | ||
@@ -175,3 +172,3 @@ const CURVE_ORDER = CURVE.n; | ||
function numToField(num) { | ||
const b = (0, utils_js_1.hexToBytes)(numToFieldStr(num)); | ||
const b = hexToBytes(numToFieldStr(num)); | ||
if (b.length !== fieldLen) | ||
@@ -214,3 +211,3 @@ throw new Error(`Error: expected ${fieldLen} bytes`); | ||
throw new Error(`Expected ${groupLen} bytes of private key`); | ||
num = (0, utils_js_1.hexToNumber)(key); | ||
num = hexToNumber(key); | ||
} | ||
@@ -220,3 +217,3 @@ else if (key instanceof Uint8Array) { | ||
throw new Error(`Expected ${groupLen} bytes of private key`); | ||
num = (0, utils_js_1.bytesToNumberBE)(key); | ||
num = bytesToNumberBE(key); | ||
} | ||
@@ -265,3 +262,3 @@ else { | ||
const delta = byteLength * 8 - nBitLength; // size of curve.n (252 bits) | ||
let h = (0, utils_js_1.bytesToNumberBE)(hash); | ||
let h = bytesToNumberBE(hash); | ||
if (delta > 0) | ||
@@ -512,3 +509,3 @@ h = h >> BigInt(delta); | ||
JacobianPoint.ZERO = new JacobianPoint(_0n, _1n, _0n); | ||
const wnaf = (0, group_js_1.wNAF)(JacobianPoint, CURVE.endo ? CURVE.nBitLength / 2 : CURVE.nBitLength); | ||
const wnaf = wNAF(JacobianPoint, CURVE.endo ? CURVE.nBitLength / 2 : CURVE.nBitLength); | ||
// Stores precomputed values for points. | ||
@@ -539,3 +536,3 @@ const pointPrecomputes = new WeakMap(); | ||
const P = CURVE.P; | ||
const x = (0, utils_js_1.bytesToNumberBE)(bytes.subarray(1)); | ||
const x = bytesToNumberBE(bytes.subarray(1)); | ||
if (!isValidFieldElement(x)) | ||
@@ -555,4 +552,4 @@ throw new Error('Point is not on curve'); | ||
static fromUncompressedHex(bytes) { | ||
const x = (0, utils_js_1.bytesToNumberBE)(bytes.subarray(1, fieldLen + 1)); | ||
const y = (0, utils_js_1.bytesToNumberBE)(bytes.subarray(fieldLen + 1, 2 * fieldLen + 1)); | ||
const x = bytesToNumberBE(bytes.subarray(1, fieldLen + 1)); | ||
const y = bytesToNumberBE(bytes.subarray(fieldLen + 1, 2 * fieldLen + 1)); | ||
const point = new Point(x, y); | ||
@@ -567,3 +564,3 @@ point.assertValidity(); | ||
static fromHex(hex) { | ||
const bytes = (0, utils_js_1.ensureBytes)(hex); | ||
const bytes = ensureBytes(hex); | ||
const len = bytes.length; | ||
@@ -583,3 +580,3 @@ const header = bytes[0]; | ||
toRawBytes(isCompressed = false) { | ||
return (0, utils_js_1.hexToBytes)(this.toHex(isCompressed)); | ||
return hexToBytes(this.toHex(isCompressed)); | ||
} | ||
@@ -670,6 +667,6 @@ toHex(isCompressed = false) { | ||
throw new TypeError(`${name}: Expected string or Uint8Array`); | ||
const str = arr ? (0, utils_js_1.bytesToHex)(hex) : hex; | ||
const str = arr ? bytesToHex(hex) : hex; | ||
if (str.length !== 128) | ||
throw new Error(`${name}: Expected 64-byte hex`); | ||
return new Signature((0, utils_js_1.hexToNumber)(str.slice(0, 64)), (0, utils_js_1.hexToNumber)(str.slice(64, 128))); | ||
return new Signature(hexToNumber(str.slice(0, 64)), hexToNumber(str.slice(64, 128))); | ||
} | ||
@@ -682,3 +679,3 @@ // DER encoded ECDSA signature | ||
throw new TypeError(`Signature.fromDER: Expected string or Uint8Array`); | ||
const { r, s } = parseDERSignature(arr ? hex : (0, utils_js_1.hexToBytes)(hex)); | ||
const { r, s } = parseDERSignature(arr ? hex : hexToBytes(hex)); | ||
return new Signature(r, s); | ||
@@ -716,3 +713,3 @@ } | ||
throw new Error('Cannot recover: invalid recovery bit'); | ||
const h = truncateHash((0, utils_js_1.ensureBytes)(msgHash)); | ||
const h = truncateHash(ensureBytes(msgHash)); | ||
const { n } = CURVE; | ||
@@ -746,12 +743,12 @@ const rinv = mod.invert(r, n); | ||
toDERRawBytes(isCompressed = false) { | ||
return (0, utils_js_1.hexToBytes)(this.toDERHex(isCompressed)); | ||
return hexToBytes(this.toDERHex(isCompressed)); | ||
} | ||
toDERHex(isCompressed = false) { | ||
const sHex = sliceDER((0, utils_js_1.numberToHexUnpadded)(this.s)); | ||
const sHex = sliceDER(numberToHexUnpadded(this.s)); | ||
if (isCompressed) | ||
return sHex; | ||
const rHex = sliceDER((0, utils_js_1.numberToHexUnpadded)(this.r)); | ||
const rLen = (0, utils_js_1.numberToHexUnpadded)(rHex.length / 2); | ||
const sLen = (0, utils_js_1.numberToHexUnpadded)(sHex.length / 2); | ||
const length = (0, utils_js_1.numberToHexUnpadded)(rHex.length / 2 + sHex.length / 2 + 4); | ||
const rHex = sliceDER(numberToHexUnpadded(this.r)); | ||
const rLen = numberToHexUnpadded(rHex.length / 2); | ||
const sLen = numberToHexUnpadded(sHex.length / 2); | ||
const length = numberToHexUnpadded(rHex.length / 2 + sHex.length / 2 + 4); | ||
return `30${length}02${rLen}${rHex}02${sLen}${sHex}`; | ||
@@ -761,3 +758,3 @@ } | ||
toCompactRawBytes() { | ||
return (0, utils_js_1.hexToBytes)(this.toCompactHex()); | ||
return hexToBytes(this.toCompactHex()); | ||
} | ||
@@ -790,3 +787,3 @@ toCompactHex() { | ||
*/ | ||
hashToPrivateKey: (hash) => numToField((0, utils_js_1.hashToPrivateScalar)(hash, CURVE_ORDER)), | ||
hashToPrivateKey: (hash) => numToField(hashToPrivateScalar(hash, CURVE_ORDER)), | ||
/** | ||
@@ -857,3 +854,3 @@ * Produces cryptographically secure private key from random of size (nBitLength+64) | ||
const slice = bytes.length > fieldLen ? bytes.slice(0, fieldLen) : bytes; | ||
return (0, utils_js_1.bytesToNumberBE)(slice); | ||
return bytesToNumberBE(slice); | ||
} | ||
@@ -874,3 +871,3 @@ function bits2octets(bytes) { | ||
// Step A is ignored, since we already provide hash instead of msg | ||
const h1 = numToField(truncateHash((0, utils_js_1.ensureBytes)(msgHash))); | ||
const h1 = numToField(truncateHash(ensureBytes(msgHash))); | ||
const d = normalizePrivateKey(privateKey); | ||
@@ -883,3 +880,3 @@ // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k') | ||
extraEntropy = CURVE.randomBytes(fieldLen); | ||
const e = (0, utils_js_1.ensureBytes)(extraEntropy); | ||
const e = ensureBytes(extraEntropy); | ||
if (e.length !== fieldLen) | ||
@@ -892,3 +889,3 @@ throw new Error(`sign: Expected ${fieldLen} bytes of extra data`); | ||
// V, 0x00 are done in HmacDRBG constructor. | ||
const seed = (0, utils_js_1.concatBytes)(...seedArgs); | ||
const seed = concatBytes(...seedArgs); | ||
const m = bits2int(h1); | ||
@@ -976,3 +973,3 @@ return { seed, m, d }; | ||
} | ||
msgHash = (0, utils_js_1.ensureBytes)(msgHash); | ||
msgHash = ensureBytes(msgHash); | ||
} | ||
@@ -1018,2 +1015,1 @@ catch (error) { | ||
} | ||
exports.weierstrass = weierstrass; |
{ | ||
"name": "@noble/curves", | ||
"version": "0.3.1", | ||
"version": "0.3.2", | ||
"description": "Minimal, zero-dependency JS implementation of elliptic curve cryptography", | ||
@@ -40,53 +40,9 @@ "files": [ | ||
}, | ||
"main": "index.js", | ||
"exports": { | ||
"./crypto": { | ||
"types": "./lib/crypto.d.ts", | ||
"browser": { | ||
"import": "./lib/esm/cryptoBrowser.js", | ||
"default": "./lib/cryptoBrowser.js" | ||
}, | ||
"import": "./lib/esm/crypto.js", | ||
"default": "./lib/crypto.js" | ||
}, | ||
"./edwards": { | ||
"types": "./lib/edwards.d.ts", | ||
"import": "./lib/esm/edwards.js", | ||
"default": "./lib/edwards.js" | ||
}, | ||
"./modular": { | ||
"types": "./lib/modular.d.ts", | ||
"import": "./lib/esm/modular.js", | ||
"default": "./lib/modular.js" | ||
}, | ||
"./montgomery": { | ||
"types": "./lib/montgomery.d.ts", | ||
"import": "./lib/esm/montgomery.js", | ||
"default": "./lib/montgomery.js" | ||
}, | ||
"./weierstrass": { | ||
"types": "./lib/weierstrass.d.ts", | ||
"import": "./lib/esm/weierstrass.js", | ||
"default": "./lib/weierstrass.js" | ||
}, | ||
"./utils": { | ||
"types": "./lib/utils.d.ts", | ||
"import": "./lib/esm/utils.js", | ||
"default": "./lib/utils.js" | ||
}, | ||
"./definitions/secp256k1": { | ||
"types": "./lib/definitions/secp256k1.d.ts", | ||
"import": "./lib/esm/definitions/secp256k1.js", | ||
"default": "./lib/definitions/secp256k1.js" | ||
}, | ||
"./definitions/ed25519": { | ||
"types": "./lib/definitions/ed25519.d.ts", | ||
"import": "./lib/esm/definitions/ed25519.js", | ||
"default": "./lib/definitions/ed25519.js" | ||
} | ||
}, | ||
"main": "lib/index.js", | ||
"module": "lib/index.js", | ||
"browser": { | ||
"crypto": false, | ||
"./crypto": "./cryptoBrowser.js" | ||
"./crypto": "./lib/cryptoBrowser.js" | ||
}, | ||
"type": "module", | ||
"keywords": [ | ||
@@ -93,0 +49,0 @@ "elliptic", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Yes
213696
48
4513