bsv-sdk 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e6f6657530a3e07510c21eeb919dd276a99b680a825b1d63c8e3c05731f36107
-  data.tar.gz: 0e44275e673ea30e56d4996d1f21e98e8bb22803815da60ab1f32fefcc61b327
+  metadata.gz: a39e87386fb16ab953986a95b21a8f09a593798e34f9c11d58a262dd467339ca
+  data.tar.gz: cf6bd0ccfb54424409700d4b8d9583c168ecaf80ab707fcd781c8c496120d601
 SHA512:
-  metadata.gz: 1e3bbb1cf676054dbf64cfcb94d3edd33e290f9d64734ec828ed1673b97f65ddb25b83e087e6e592ca036d1699a4ded46c974491f6a828b975b2c739e57e214e
-  data.tar.gz: 0de23da3bb0755d7dcf515f75638286479828c6dac0957532aedbfe28abad6bf8efee8c13b8092e5d05826559fdb16f7c102b84c242885b089022f90b638de05
+  metadata.gz: ef3e52bdf9f8d4b351913281c3f19a5ad58eec12b02cc167034b538ec571cd570cd07f0d155daab86de44da722a49307b53a19db3ae0e15ea157d27f63166408
+  data.tar.gz: bbf618afe5ad1905843956e6e682d0c3b71ca6fb15ef4c0f05bc8ce5af6094d45f9b8b2e45bb5fdb12aa4f5c8fd37054b54a0824a52e1195b381ddd1b2fc666d

data/CHANGELOG.md

@@ -5,6 +5,32 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.6.0] - 2026-04-04
+
+### Added
+
+#### Primitives
+
+- **Pure Ruby secp256k1** — native Ruby implementation of secp256k1 elliptic curve operations, ported from the TypeScript reference SDK. Replaces OpenSSL's EC point arithmetic with an OpenSSL compatibility shim — zero consumer code changes required. See [docs/about/secp256k1.md](docs/about/secp256k1.md).
+  - Field arithmetic (modular multiplication, inversion, square root) over the secp256k1 prime.
+  - Jacobian coordinate point operations (addition, doubling, scalar multiplication).
+  - Windowed-NAF (w=5) scalar multiplication with precomputed table caching.
+  - SEC 1 point serialisation (compressed and uncompressed).
+  - 126 byte-for-byte compliance specs against real OpenSSL.
+  - 24 process-isolated integration tests (separate Ruby processes, MD5 file comparison).
+
+#### Registry
+
+- **Registry client** — `BSV::Registry` module for on-chain definition management.
+  - `Client` — register, resolve, list, revoke, and update definitions for protocols, baskets, and certificate types via PushDrop tokens on the overlay network.
+  - Per-type overlay topics (`tm_basketmap`, `tm_protomap`, `tm_certmap`) and lookup services matching TS and Go SDKs.
+  - Types: `BasketDefinitionData`, `ProtocolDefinitionData`, `CertificateDefinitionData`, `CertificateFieldDescriptor`, `RegisteredDefinition`.
+  - Ownership verification before revocation. BEEF Array/String normalisation for wire format compatibility.
+
+### Changed
+
+- **OpenSSL usage reduced** — OpenSSL now used only for hashing (SHA/RIPEMD), HMAC, PBKDF2, AES, and constant-time comparison. Elliptic curve operations are pure Ruby.
+
 ## [0.5.0] - 2026-04-04
 
 ### Added

data/README.md

@@ -34,7 +34,7 @@ These are maintained under the BSV Blockchain organisation and backed by the Bit
 
 The BSV Blockchain Libraries Project aims to structure and maintain a middleware layer of the BSV Blockchain technology stack. By facilitating the development and maintenance of core libraries, it serves as an essential toolkit for developers looking to build on the BSV Blockchain.
 
-This Ruby SDK brings maximum compatibility with the official SDK family to the Ruby ecosystem. It was born from a practical need: building an attestation gem ([bsv-attest](https://rubygems.org/gems/bsv-attest)) required a complete, idiomatic Ruby implementation of BSV primitives, script handling, and transaction construction. Rather than wrapping FFI bindings or shelling out to other languages, the SDK implements everything in pure Ruby using only the standard library's OpenSSL bindings.
+This Ruby SDK brings maximum compatibility with the official SDK family to the Ruby ecosystem. It was born from a practical need: building an attestation gem ([bsv-attest](https://rubygems.org/gems/bsv-attest)) required a complete, idiomatic Ruby implementation of BSV primitives, script handling, and transaction construction. Rather than wrapping FFI bindings or shelling out to other languages, the SDK implements everything in pure Ruby. Elliptic curve operations (secp256k1) use a native Ruby implementation ported from the TypeScript reference SDK; OpenSSL is used only for hashing, HMAC, and symmetric encryption.
 
 <!-- TODO: Update bsv-attest link once gem documentation is published (see #48) -->
 
@@ -43,7 +43,7 @@ This Ruby SDK brings maximum compatibility with the official SDK family to the R
 ### Requirements
 
 - Ruby >= 2.7
-- No external dependencies beyond Ruby's standard library (`openssl`)
+- No external dependencies beyond Ruby's standard library (`openssl` for hashing, HMAC, PBKDF2, and AES)
 
 ### Installation
 
@@ -101,7 +101,7 @@ puts tx.to_hex
 
 ## Features & Deliverables
 
-- **Cryptographic Primitives** — ECDSA signing with RFC 6979 deterministic nonces, Schnorr signatures, ECIES encryption/decryption, Bitcoin Signed Messages. All built on Ruby's stdlib OpenSSL.
+- **Cryptographic Primitives** — ECDSA signing with RFC 6979 deterministic nonces, Schnorr signatures, ECIES encryption/decryption, Bitcoin Signed Messages. Elliptic curve operations use a [pure Ruby secp256k1 implementation](docs/about/secp256k1.md) ported from the TypeScript reference SDK.
 - **Key Management** — BIP-32 HD key derivation, BIP-39 mnemonic generation (12/24-word phrases), WIF import/export, Base58Check encoding/decoding.
 - **Script Layer** — Complete opcode set, script parsing and serialisation, type detection and predicates (`p2pkh?`, `p2pk?`, `p2sh?`, `multisig?`, `op_return?`), data extraction (pubkey hashes, script hashes, addresses), and a fluent builder API.
 - **Script Templates** — Ready-made locking and unlocking script generators for P2PKH, P2PK, P2MS (multisig), and OP_RETURN.

data/lib/bsv/primitives/curve.rb

@@ -1,14 +1,15 @@
 # frozen_string_literal: true
 
-require 'openssl'
+require_relative 'openssl_ec_shim'
 
 module BSV
   module Primitives
     # Low-level secp256k1 elliptic curve operations.
     #
-    # Wraps +OpenSSL::PKey::EC+ to provide point arithmetic, scalar
-    # multiplication, and key construction helpers used throughout the SDK.
-    # All constants and methods operate on the secp256k1 curve.
+    # Backed by the pure Ruby {Secp256k1} module via an OpenSSL
+    # compatibility shim. The shim preserves the +OpenSSL::PKey::EC+
+    # interface so consumer code is unchanged. All constants and
+    # methods operate on the secp256k1 curve.
     module Curve
       # The secp256k1 curve group.
       GROUP  = OpenSSL::PKey::EC::Group.new('secp256k1')

data/lib/bsv/primitives/openssl_ec_shim.rb

@@ -0,0 +1,182 @@
+# frozen_string_literal: true
+
+# OpenSSL EC shim — replaces OpenSSL's EC point arithmetic with the pure
+# Ruby {BSV::Primitives::Secp256k1} engine while keeping real OpenSSL for
+# BN, Digest, HMAC, Cipher, etc.
+#
+# Load order matters: real OpenSSL is loaded first so that BN and the
+# symmetric-crypto classes are available, then the EC classes are
+# replaced (not reopened) to delegate to our Secp256k1 module.
+
+require 'openssl'
+
+# Ensure the Secp256k1 module is loaded before we reference it.
+require_relative 'secp256k1'
+
+# -- Define shim classes outside the OpenSSL namespace first, then swap. --
+
+# Shim Group for secp256k1.
+class BSVShimECGroup
+  def initialize(curve_name)
+    raise ArgumentError, "unsupported curve: #{curve_name}" unless curve_name == 'secp256k1'
+  end
+
+  def order
+    @order ||= OpenSSL::BN.new(BSV::Primitives::Secp256k1::N.to_s)
+  end
+
+  def generator
+    @generator ||= BSVShimECPoint.from_secp_point(self, BSV::Primitives::Secp256k1::Point.generator)
+  end
+
+  def curve_name
+    'secp256k1'
+  end
+end
+
+# Shim Point wrapping BSV::Primitives::Secp256k1::Point.
+class BSVShimECPoint
+  class Error < OpenSSL::OpenSSLError; end
+
+  attr_reader :group
+
+  def initialize(group, bn = nil)
+    @group = group
+    if bn.nil?
+      @secp_point = BSV::Primitives::Secp256k1::Point.infinity
+    else
+      bytes = bn.to_s(2)
+      begin
+        @secp_point = BSV::Primitives::Secp256k1::Point.from_bytes(bytes)
+      rescue ArgumentError => e
+        raise Error, e.message
+      end
+    end
+  end
+
+  def self.from_secp_point(group, secp_point)
+    pt = allocate
+    pt.instance_variable_set(:@group, group)
+    pt.instance_variable_set(:@secp_point, secp_point)
+    pt
+  end
+
+  def mul(*args)
+    if args.length == 1
+      scalar = bn_to_int(args[0])
+      result = @secp_point.mul(scalar)
+      self.class.from_secp_point(@group, result)
+    elsif args.length == 2
+      bns = args[0]
+      points = args[1]
+      result = @secp_point.mul(bn_to_int(bns[0]))
+      points.each_with_index do |pt, i|
+        term = pt.instance_variable_get(:@secp_point).mul(bn_to_int(bns[i + 1]))
+        result = result.add(term)
+      end
+      self.class.from_secp_point(@group, result)
+    else
+      raise ArgumentError, "wrong number of arguments (given #{args.length}, expected 1 or 2)"
+    end
+  end
+
+  def add(other)
+    result = @secp_point.add(other.instance_variable_get(:@secp_point))
+    self.class.from_secp_point(@group, result)
+  end
+
+  def to_octet_string(format = :compressed)
+    @secp_point.to_octet_string(format)
+  end
+
+  def to_bn(format = :compressed)
+    OpenSSL::BN.new(to_octet_string(format), 2)
+  end
+
+  def infinity?
+    @secp_point.infinity?
+  end
+
+  def set_to_infinity!
+    @secp_point = BSV::Primitives::Secp256k1::Point.infinity
+    self
+  end
+
+  private
+
+  def bn_to_int(bn)
+    if bn.is_a?(OpenSSL::BN)
+      BSV::Primitives::Secp256k1.bytes_to_int(bn.to_s(2))
+    elsif bn.is_a?(Integer)
+      bn
+    else
+      raise ArgumentError, "expected OpenSSL::BN or Integer, got #{bn.class}"
+    end
+  end
+end
+
+# Shim EC key wrapping a public key point.
+class BSVShimEC
+  attr_reader :public_key
+
+  def initialize(der_or_point)
+    if der_or_point.is_a?(BSVShimECPoint)
+      @public_key = der_or_point
+    elsif der_or_point.is_a?(String)
+      @public_key = self.class.parse_der(der_or_point)
+    else
+      raise ArgumentError, "unsupported argument: #{der_or_point.class}"
+    end
+  end
+
+  # Parse a DER-encoded EC key and extract the public key point.
+  #
+  # Note: unlike real OpenSSL, this parser does not validate the curve
+  # OID embedded in the DER. This is acceptable because the only callers
+  # are {Curve.ec_key_from_private_bytes} and {Curve.ec_key_from_public_bytes},
+  # which construct the DER internally with a hardcoded secp256k1 OID.
+  # No production code path passes externally-supplied DER to this method.
+  # This method exists solely to maintain interface compatibility with the
+  # original OpenSSL-backed Curve module and may be removed in a future
+  # refactor that eliminates the ec_key_from_* methods.
+  def self.parse_der(der)
+    der = der.b
+    seq = OpenSSL::ASN1.decode(der)
+
+    if seq.value[0].is_a?(OpenSSL::ASN1::Integer) && seq.value[0].value == 1
+      priv_bytes = seq.value[1].value
+      scalar = BSV::Primitives::Secp256k1.bytes_to_int(priv_bytes)
+      secp_point = BSV::Primitives::Secp256k1::Point.generator.mul(scalar)
+      group = BSVShimECGroup.new('secp256k1')
+      BSVShimECPoint.from_secp_point(group, secp_point)
+    else
+      pub_bytes = seq.value[1].value
+      pub_bytes = pub_bytes[1..] if pub_bytes.getbyte(0).zero? && pub_bytes.length > 33
+      secp_point = BSV::Primitives::Secp256k1::Point.from_bytes(pub_bytes)
+      group = BSVShimECGroup.new('secp256k1')
+      BSVShimECPoint.from_secp_point(group, secp_point)
+    end
+  end
+end
+
+# -- Replace OpenSSL's EC classes with our shims. --
+# The originals are C-backed and cannot be reopened cleanly (C methods
+# take precedence over Ruby methods). We replace the constants instead.
+
+module OpenSSL
+  module PKey
+    remove_const :EC if const_defined?(:EC)
+    EC = BSVShimEC
+
+    class EC
+      remove_const :Group if const_defined?(:Group)
+      Group = BSVShimECGroup
+
+      remove_const :Point if const_defined?(:Point)
+      Point = BSVShimECPoint
+    end
+  end
+end
+
+# Ensure the Error class is accessible at the expected path.
+BSVShimECPoint.const_set(:Error, BSVShimECPoint::Error) unless BSVShimECPoint.const_defined?(:Error)