@scure/bip32 - npm Package Compare versions

Comparing version 1.1.5 to 1.2.0

index.ts

@@ -8,7 +8,7 @@ /*! scure-bip32 - MIT License (c) 2022 Patricio Palladino, Paul Miller (paulmillr.com) */
 import { bytesToHex, concatBytes, createView, hexToBytes, utf8ToBytes } from '@noble/hashes/utils';
-import * as secp from '@noble/secp256k1';
+import { secp256k1 as secp } from '@noble/curves/secp256k1';
+import { mod } from '@noble/curves/abstract/modular';
 import { base58check as base58checker } from '@scure/base';
 
-// Enable sync API for noble-secp256k1
-secp.utils.hmacSha256Sync = (key, ...msgs) => hmac(sha256, key, secp.utils.concatBytes(...msgs));
+const Point = secp.ProjectivePoint;
 const base58check = base58checker(sha256);
@@ -168,3 +168,3 @@
     } else if (opt.publicKey) {
-      this.pubKey = secp.Point.fromHex(opt.publicKey).toRawBytes(true); // force compressed point
+      this.pubKey = Point.fromHex(opt.publicKey).toRawBytes(true); // force compressed point
     } else {
@@ -237,3 +237,3 @@ throw new Error('HDKey: no public or private key provided');
       if (this.privateKey) {
-        const added = secp.utils.mod(this.privKey! + childTweak, secp.CURVE.n);
+        const added = mod(this.privKey! + childTweak, secp.CURVE.n);
         if (!secp.utils.isValidPrivateKey(added)) {
@@ -244,5 +244,5 @@ throw new Error('The tweak was out of range or the resulted private key is invalid');
       } else {
-        const added = secp.Point.fromHex(this.pubKey).add(secp.Point.fromPrivateKey(childTweak));
+        const added = Point.fromHex(this.pubKey).add(Point.fromPrivateKey(childTweak));
         // Cryptographically impossible: hmac-sha512 preimage would need to be found
-        if (added.equals(secp.Point.ZERO)) {
+        if (added.equals(Point.ZERO)) {
           throw new Error('The tweak was equal to negative P, which made the result key invalid');
@@ -263,6 +263,3 @@ }
     assertBytes(hash, 32);
-    return secp.signSync(hash, this.privKey!, {
-      canonical: true,
-      der: false,
-    });
+    return secp.sign(hash, this.privKey!).toCompactRawBytes();
   }
@@ -269,0 +266,0 @@

lib/esm/index.js

@@ -7,5 +7,6 @@ import { hmac } from '@noble/hashes/hmac';
 import { bytesToHex, concatBytes, createView, hexToBytes, utf8ToBytes } from '@noble/hashes/utils';
-import * as secp from '@noble/secp256k1';
+import { secp256k1 as secp } from '@noble/curves/secp256k1';
+import { mod } from '@noble/curves/abstract/modular';
 import { base58check as base58checker } from '@scure/base';
-secp.utils.hmacSha256Sync = (key, ...msgs) => hmac(sha256, key, secp.utils.concatBytes(...msgs));
+const Point = secp.ProjectivePoint;
 const base58check = base58checker(sha256);
@@ -32,40 +33,2 @@ function bytesToNumber(bytes) {
 export class HDKey {
-    constructor(opt) {
-        this.depth = 0;
-        this.index = 0;
-        this.chainCode = null;
-        this.parentFingerprint = 0;
-        if (!opt || typeof opt !== 'object') {
-            throw new Error('HDKey.constructor must not be called directly');
-        }
-        this.versions = opt.versions || BITCOIN_VERSIONS;
-        this.depth = opt.depth || 0;
-        this.chainCode = opt.chainCode;
-        this.index = opt.index || 0;
-        this.parentFingerprint = opt.parentFingerprint || 0;
-        if (!this.depth) {
-            if (this.parentFingerprint || this.index) {
-                throw new Error('HDKey: zero depth with non-zero index/parent fingerprint');
-            }
-        }
-        if (opt.publicKey && opt.privateKey) {
-            throw new Error('HDKey: publicKey and privateKey at same time.');
-        }
-        if (opt.privateKey) {
-            if (!secp.utils.isValidPrivateKey(opt.privateKey)) {
-                throw new Error('Invalid private key');
-            }
-            this.privKey =
-                typeof opt.privateKey === 'bigint' ? opt.privateKey : bytesToNumber(opt.privateKey);
-            this.privKeyBytes = numberToBytes(this.privKey);
-            this.pubKey = secp.getPublicKey(opt.privateKey, true);
-        }
-        else if (opt.publicKey) {
-            this.pubKey = secp.Point.fromHex(opt.publicKey).toRawBytes(true);
-        }
-        else {
-            throw new Error('HDKey: no public or private key provided');
-        }
-        this.pubHash = hash160(this.pubKey);
-    }
     get fingerprint() {
@@ -140,2 +103,40 @@ if (!this.pubHash) {
     }
+    constructor(opt) {
+        this.depth = 0;
+        this.index = 0;
+        this.chainCode = null;
+        this.parentFingerprint = 0;
+        if (!opt || typeof opt !== 'object') {
+            throw new Error('HDKey.constructor must not be called directly');
+        }
+        this.versions = opt.versions || BITCOIN_VERSIONS;
+        this.depth = opt.depth || 0;
+        this.chainCode = opt.chainCode;
+        this.index = opt.index || 0;
+        this.parentFingerprint = opt.parentFingerprint || 0;
+        if (!this.depth) {
+            if (this.parentFingerprint || this.index) {
+                throw new Error('HDKey: zero depth with non-zero index/parent fingerprint');
+            }
+        }
+        if (opt.publicKey && opt.privateKey) {
+            throw new Error('HDKey: publicKey and privateKey at same time.');
+        }
+        if (opt.privateKey) {
+            if (!secp.utils.isValidPrivateKey(opt.privateKey)) {
+                throw new Error('Invalid private key');
+            }
+            this.privKey =
+                typeof opt.privateKey === 'bigint' ? opt.privateKey : bytesToNumber(opt.privateKey);
+            this.privKeyBytes = numberToBytes(this.privKey);
+            this.pubKey = secp.getPublicKey(opt.privateKey, true);
+        }
+        else if (opt.publicKey) {
+            this.pubKey = Point.fromHex(opt.publicKey).toRawBytes(true);
+        }
+        else {
+            throw new Error('HDKey: no public or private key provided');
+        }
+        this.pubHash = hash160(this.pubKey);
+    }
     derive(path) {
@@ -196,3 +197,3 @@ if (!/^[mM]'?/.test(path)) {
             if (this.privateKey) {
-                const added = secp.utils.mod(this.privKey + childTweak, secp.CURVE.n);
+                const added = mod(this.privKey + childTweak, secp.CURVE.n);
                 if (!secp.utils.isValidPrivateKey(added)) {
@@ -204,4 +205,4 @@ throw new Error('The tweak was out of range or the resulted private key is invalid');
             else {
-                const added = secp.Point.fromHex(this.pubKey).add(secp.Point.fromPrivateKey(childTweak));
-                if (added.equals(secp.Point.ZERO)) {
+                const added = Point.fromHex(this.pubKey).add(Point.fromPrivateKey(childTweak));
+                if (added.equals(Point.ZERO)) {
                     throw new Error('The tweak was equal to negative P, which made the result key invalid');
@@ -222,6 +223,3 @@ }
         assertBytes(hash, 32);
-        return secp.signSync(hash, this.privKey, {
-            canonical: true,
-            der: false,
-        });
+        return secp.sign(hash, this.privKey).toCompactRawBytes();
     }
@@ -228,0 +226,0 @@ verify(hash, signature) {

lib/index.d.ts

@@ -50,2 +50,1 @@ export declare const HARDENED_OFFSET: number;
 export {};
-//# sourceMappingURL=index.d.ts.map

lib/index.js

@@ -10,5 +10,6 @@ "use strict";
 const utils_1 = require("@noble/hashes/utils");
-const secp = require("@noble/secp256k1");
+const secp256k1_1 = require("@noble/curves/secp256k1");
+const modular_1 = require("@noble/curves/abstract/modular");
 const base_1 = require("@scure/base");
-secp.utils.hmacSha256Sync = (key, ...msgs) => (0, hmac_1.hmac)(sha256_1.sha256, key, secp.utils.concatBytes(...msgs));
+const Point = secp256k1_1.secp256k1.ProjectivePoint;
 const base58check = (0, base_1.base58check)(sha256_1.sha256);
@@ -35,40 +36,2 @@ function bytesToNumber(bytes) {
 class HDKey {
-    constructor(opt) {
-        this.depth = 0;
-        this.index = 0;
-        this.chainCode = null;
-        this.parentFingerprint = 0;
-        if (!opt || typeof opt !== 'object') {
-            throw new Error('HDKey.constructor must not be called directly');
-        }
-        this.versions = opt.versions || BITCOIN_VERSIONS;
-        this.depth = opt.depth || 0;
-        this.chainCode = opt.chainCode;
-        this.index = opt.index || 0;
-        this.parentFingerprint = opt.parentFingerprint || 0;
-        if (!this.depth) {
-            if (this.parentFingerprint || this.index) {
-                throw new Error('HDKey: zero depth with non-zero index/parent fingerprint');
-            }
-        }
-        if (opt.publicKey && opt.privateKey) {
-            throw new Error('HDKey: publicKey and privateKey at same time.');
-        }
-        if (opt.privateKey) {
-            if (!secp.utils.isValidPrivateKey(opt.privateKey)) {
-                throw new Error('Invalid private key');
-            }
-            this.privKey =
-                typeof opt.privateKey === 'bigint' ? opt.privateKey : bytesToNumber(opt.privateKey);
-            this.privKeyBytes = numberToBytes(this.privKey);
-            this.pubKey = secp.getPublicKey(opt.privateKey, true);
-        }
-        else if (opt.publicKey) {
-            this.pubKey = secp.Point.fromHex(opt.publicKey).toRawBytes(true);
-        }
-        else {
-            throw new Error('HDKey: no public or private key provided');
-        }
-        this.pubHash = hash160(this.pubKey);
-    }
     get fingerprint() {
@@ -143,2 +106,40 @@ if (!this.pubHash) {
     }
+    constructor(opt) {
+        this.depth = 0;
+        this.index = 0;
+        this.chainCode = null;
+        this.parentFingerprint = 0;
+        if (!opt || typeof opt !== 'object') {
+            throw new Error('HDKey.constructor must not be called directly');
+        }
+        this.versions = opt.versions || BITCOIN_VERSIONS;
+        this.depth = opt.depth || 0;
+        this.chainCode = opt.chainCode;
+        this.index = opt.index || 0;
+        this.parentFingerprint = opt.parentFingerprint || 0;
+        if (!this.depth) {
+            if (this.parentFingerprint || this.index) {
+                throw new Error('HDKey: zero depth with non-zero index/parent fingerprint');
+            }
+        }
+        if (opt.publicKey && opt.privateKey) {
+            throw new Error('HDKey: publicKey and privateKey at same time.');
+        }
+        if (opt.privateKey) {
+            if (!secp256k1_1.secp256k1.utils.isValidPrivateKey(opt.privateKey)) {
+                throw new Error('Invalid private key');
+            }
+            this.privKey =
+                typeof opt.privateKey === 'bigint' ? opt.privateKey : bytesToNumber(opt.privateKey);
+            this.privKeyBytes = numberToBytes(this.privKey);
+            this.pubKey = secp256k1_1.secp256k1.getPublicKey(opt.privateKey, true);
+        }
+        else if (opt.publicKey) {
+            this.pubKey = Point.fromHex(opt.publicKey).toRawBytes(true);
+        }
+        else {
+            throw new Error('HDKey: no public or private key provided');
+        }
+        this.pubHash = hash160(this.pubKey);
+    }
     derive(path) {
@@ -187,3 +188,3 @@ if (!/^[mM]'?/.test(path)) {
         const chainCode = I.slice(32);
-        if (!secp.utils.isValidPrivateKey(childTweak)) {
+        if (!secp256k1_1.secp256k1.utils.isValidPrivateKey(childTweak)) {
             throw new Error('Tweak bigger than curve order');
@@ -200,4 +201,4 @@ }
             if (this.privateKey) {
-                const added = secp.utils.mod(this.privKey + childTweak, secp.CURVE.n);
-                if (!secp.utils.isValidPrivateKey(added)) {
+                const added = (0, modular_1.mod)(this.privKey + childTweak, secp256k1_1.secp256k1.CURVE.n);
+                if (!secp256k1_1.secp256k1.utils.isValidPrivateKey(added)) {
                     throw new Error('The tweak was out of range or the resulted private key is invalid');
@@ -208,4 +209,4 @@ }
             else {
-                const added = secp.Point.fromHex(this.pubKey).add(secp.Point.fromPrivateKey(childTweak));
-                if (added.equals(secp.Point.ZERO)) {
+                const added = Point.fromHex(this.pubKey).add(Point.fromPrivateKey(childTweak));
+                if (added.equals(Point.ZERO)) {
                     throw new Error('The tweak was equal to negative P, which made the result key invalid');
@@ -226,6 +227,3 @@ }
         (0, _assert_1.bytes)(hash, 32);
-        return secp.signSync(hash, this.privKey, {
-            canonical: true,
-            der: false,
-        });
+        return secp256k1_1.secp256k1.sign(hash, this.privKey).toCompactRawBytes();
     }
@@ -240,3 +238,3 @@ verify(hash, signature) {
         try {
-            sig = secp.Signature.fromCompact(signature);
+            sig = secp256k1_1.secp256k1.Signature.fromCompact(signature);
         }
@@ -246,3 +244,3 @@ catch (error) {
         }
-        return secp.verify(sig, hash, this.publicKey);
+        return secp256k1_1.secp256k1.verify(sig, hash, this.publicKey);
     }
@@ -249,0 +247,0 @@ wipePrivateData() {

package.json

 {
   "name": "@scure/bip32",
-  "version": "1.1.5",
+  "version": "1.2.0",
   "description": "Secure, audited & minimal implementation of BIP32 hierarchical deterministic (HD) wallets",
@@ -25,4 +25,4 @@ "files": [
   "dependencies": {
-    "@noble/hashes": "~1.2.0",
-    "@noble/secp256k1": "~1.7.0",
+    "@noble/curves": "~0.8.3",
+    "@noble/hashes": "~1.3.0",
     "@scure/base": "~1.1.0"
@@ -32,4 +32,4 @@ },
     "micro-should": "0.4.0",
-    "prettier": "2.6.2",
-    "typescript": "4.7.3"
+    "prettier": "2.8.4",
+    "typescript": "5.0.2"
   },
@@ -36,0 +36,0 @@ "author": "Paul Miller (https://paulmillr.com)",

README.md

@@ -11,14 +11,15 @@ # scure-bip32
 
-Check out [scure-bip39](https://github.com/paulmillr/scure-bip39) if you need mnemonic phrases. See [micro-ed25519-hdkey](https://github.com/paulmillr/micro-ed25519-hdkey) if you need SLIP-0010/BIP32 HDKey implementation.
+Check out [scure-bip39](https://github.com/paulmillr/scure-bip39) if you need mnemonic phrases. See [ed25519-keygen](https://github.com/paulmillr/ed25519-keygen) if you need SLIP-0010/BIP32 HDKey implementation.
 
 ### This library belongs to *scure*
 
-> **scure** — secure audited packages for every use case.
+> **scure** — secure, independently audited packages for every use case.
 
-- Independent security audits
 - All releases are signed with PGP keys
+- As minimal as possible
 - Check out all libraries:
   [base](https://github.com/paulmillr/scure-base),
   [bip32](https://github.com/paulmillr/scure-bip32),
-  [bip39](https://github.com/paulmillr/scure-bip39)
+  [bip39](https://github.com/paulmillr/scure-bip39),
+  [btc-signer](https://github.com/paulmillr/scure-btc-signer)
 
@@ -25,0 +26,0 @@ ## Usage

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Number of lines in readme file

111

increased by0.91%

Worsened metrics

Total package byte prevSize

55649

decreased by-0.73%

Lines of code

854

decreased by-0.81%

Dependency changes

• + Added@noble/curves@~0.8.3

• + Added@noble/curves@0.8.3(transitive)

• + Added@noble/hashes@1.3.01.3.3(transitive)

• + Added@scure/base@1.1.8(transitive)

• - Removed@noble/secp256k1@~1.7.0

• - Removed@noble/hashes@1.2.0(transitive)

• - Removed@noble/secp256k1@1.7.1(transitive)

• - Removed@scure/base@1.1.9(transitive)

• Updated@noble/hashes@~1.3.0