@bsv/sdk 1.9.12 → 1.9.15

package/docs/reference/primitives.md

@@ -48,11 +48,11 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 | [BigNumber](#class-bignumber) | [Polynomial](#class-polynomial) | [SHA512](#class-sha512) |
 | [Curve](#class-curve) | [PrivateKey](#class-privatekey) | [SHA512HMAC](#class-sha512hmac) |
 | [DRBG](#class-drbg) | [PublicKey](#class-publickey) | [Schnorr](#class-schnorr) |
-| [JacobianPoint](#class-jacobianpoint) | [RIPEMD160](#class-ripemd160) | [Signature](#class-signature) |
-| [K256](#class-k256) | [Reader](#class-reader) | [SymmetricKey](#class-symmetrickey) |
-| [KeyShares](#class-keyshares) | [ReductionContext](#class-reductioncontext) | [TransactionSignature](#class-transactionsignature) |
-| [Mersenne](#class-mersenne) | [SHA1](#class-sha1) | [Writer](#class-writer) |
-| [MontgomoryMethod](#class-montgomorymethod) | [SHA1HMAC](#class-sha1hmac) |  |
+| [JacobianPoint](#class-jacobianpoint) | [RIPEMD160](#class-ripemd160) | [Secp256r1](#class-secp256r1) |
+| [K256](#class-k256) | [Reader](#class-reader) | [Signature](#class-signature) |
+| [KeyShares](#class-keyshares) | [ReductionContext](#class-reductioncontext) | [SymmetricKey](#class-symmetrickey) |
+| [Mersenne](#class-mersenne) | [SHA1](#class-sha1) | [TransactionSignature](#class-transactionsignature) |
+| [MontgomoryMethod](#class-montgomorymethod) | [SHA1HMAC](#class-sha1hmac) | [Writer](#class-writer) |
 | [Point](#class-point) | [SHA256](#class-sha256) |  |
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
@@ -4320,6 +4320,141 @@ Argument Details
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
 
+---
+### Class: Secp256r1
+
+Pure BigInt implementation of the NIST P-256 (secp256r1) curve with ECDSA sign/verify.
+
+This class is standalone (no dependency on the existing secp256k1 primitives) and exposes
+key generation, point encoding/decoding, scalar multiplication, and SHA-256 based ECDSA.
+
+```ts
+export default class Secp256r1 {
+    readonly p = P;
+    readonly n = N;
+    readonly a = A;
+    readonly b = B;
+    readonly g = G;
+    pointFromAffine(x: bigint, y: bigint): P256Point 
+    pointFromHex(hex: string): P256Point 
+    pointToHex(p: P256Point, compressed = false): string 
+    add(p1: P256Point, p2: P256Point): P256Point 
+    multiply(point: P256Point, scalar: bigint): P256Point 
+    multiplyBase(scalar: bigint): P256Point 
+    isOnCurve(p: P256Point): boolean 
+    generatePrivateKeyHex(): string 
+    publicKeyFromPrivate(privateKey: string | bigint): P256Point 
+    sign(message: ByteSource, privateKey: string | bigint, opts: {
+        prehashed?: boolean;
+        nonce?: bigint;
+    } = {}): {
+        r: string;
+        s: string;
+    } 
+    verify(message: ByteSource, signature: {
+        r: string | bigint;
+        s: string | bigint;
+    }, publicKey: P256Point | string, opts: {
+        prehashed?: boolean;
+    } = {}): boolean 
+}
+```
+
+See also: [P256Point](./primitives.md#type-p256point), [multiply](./primitives.md#variable-multiply), [sign](./compat.md#variable-sign), [verify](./compat.md#variable-verify)
+
+#### Method add
+
+Add two points (handles infinity).
+
+```ts
+add(p1: P256Point, p2: P256Point): P256Point 
+```
+See also: [P256Point](./primitives.md#type-p256point)
+
+#### Method generatePrivateKeyHex
+
+Generate a new random private key as 32-byte hex.
+
+```ts
+generatePrivateKeyHex(): string 
+```
+
+#### Method isOnCurve
+
+Check if a point lies on the curve (including infinity).
+
+```ts
+isOnCurve(p: P256Point): boolean 
+```
+See also: [P256Point](./primitives.md#type-p256point)
+
+#### Method multiply
+
+Scalar multiply an arbitrary point using double-and-add.
+
+```ts
+multiply(point: P256Point, scalar: bigint): P256Point 
+```
+See also: [P256Point](./primitives.md#type-p256point)
+
+#### Method multiplyBase
+
+Scalar multiply the base point.
+
+```ts
+multiplyBase(scalar: bigint): P256Point 
+```
+See also: [P256Point](./primitives.md#type-p256point)
+
+#### Method pointFromHex
+
+Decode a point from compressed or uncompressed hex.
+
+```ts
+pointFromHex(hex: string): P256Point 
+```
+See also: [P256Point](./primitives.md#type-p256point)
+
+#### Method pointToHex
+
+Encode a point to compressed or uncompressed hex. Infinity is encoded as `00`.
+
+```ts
+pointToHex(p: P256Point, compressed = false): string 
+```
+See also: [P256Point](./primitives.md#type-p256point)
+
+#### Method sign
+
+Create an ECDSA signature over a message. Uses SHA-256 unless `prehashed` is true.
+Returns low-s normalized signature hex parts.
+
+```ts
+sign(message: ByteSource, privateKey: string | bigint, opts: {
+    prehashed?: boolean;
+    nonce?: bigint;
+} = {}): {
+    r: string;
+    s: string;
+} 
+```
+
+#### Method verify
+
+Verify an ECDSA signature against a message and public key.
+
+```ts
+verify(message: ByteSource, signature: {
+    r: string | bigint;
+    s: string | bigint;
+}, publicKey: P256Point | string, opts: {
+    prehashed?: boolean;
+} = {}): boolean 
+```
+See also: [P256Point](./primitives.md#type-p256point)
+
+Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
+
 ---
 ### Class: Signature
 
@@ -4818,6 +4953,7 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 | [AES](#function-aes) |
 | [AESGCM](#function-aesgcm) |
 | [AESGCMDecrypt](#function-aesgcmdecrypt) |
+| [base64ToArray](#function-base64toarray) |
 | [ghash](#function-ghash) |
 | [pbkdf2](#function-pbkdf2) |
 | [red](#function-red) |
@@ -4858,6 +4994,15 @@ export function AESGCMDecrypt(cipherText: number[], additionalAuthenticatedData:
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
 
+---
+### Function: base64ToArray
+
+```ts
+export function base64ToArray(msg: string): number[] 
+```
+
+Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
+
 ---
 ### Function: ghash
 
@@ -4984,6 +5129,18 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 ---
 ## Types
 
+### Type: P256Point
+
+```ts
+export type P256Point = {
+    x: bigint;
+    y: bigint;
+} | null
+```
+
+Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
+
+---
 ## Enums
 
 ## Variables
@@ -5853,6 +6010,8 @@ toArray = (msg: any, enc?: "hex" | "utf8" | "base64"): any[] => {
 }
 ```
 
+See also: [base64ToArray](./primitives.md#function-base64toarray)
+
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
 
 ---

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bsv/sdk",
-  "version": "1.9.12",
+  "version": "1.9.15",
   "type": "module",
   "description": "BSV Blockchain Software Development Kit",
   "main": "dist/cjs/mod.js",

package/src/auth/utils/__tests/cryptononce.test.ts

@@ -52,9 +52,9 @@ describe('verifyNonce', () => {
     (mockWallet.verifyHmac as jest.Mock).mockResolvedValue({ valid: false })
 
     const nonce = await createNonce(mockWallet)
-    await expect(verifyNonce(nonce + 'ABC', mockWallet)).resolves.toEqual(
-      false
-    )
+    await expect(verifyNonce(nonce + 'ABC', mockWallet)).rejects.toThrow(
+    /Invalid base64 padding|Invalid base64/i
+  )
     await expect(verifyNonce(nonce + '=', mockWallet)).resolves.toEqual(false)
     await expect(
       verifyNonce(

package/src/primitives/AESGCM.ts

@@ -333,6 +333,14 @@ export function AESGCM (
   initializationVector: number[],
   key: number[]
 ): { result: number[], authenticationTag: number[] } {
+  if (initializationVector.length === 0) {
+    throw new Error('Initialization vector must not be empty')
+  }
+
+  if (key.length === 0) {
+    throw new Error('Key must not be empty')
+  }
+
   let preCounterBlock
   let plainTag
   const hashSubKey = AES(createZeroBlock(16), key)
@@ -387,6 +395,18 @@ export function AESGCMDecrypt (
   authenticationTag: number[],
   key: number[]
 ): number[] | null {
+  if (cipherText.length === 0) {
+    throw new Error('Cipher text must not be empty')
+  }
+
+  if (initializationVector.length === 0) {
+    throw new Error('Initialization vector must not be empty')
+  }
+
+  if (key.length === 0) {
+    throw new Error('Key must not be empty')
+  }
+
   let preCounterBlock
   let compareTag
 

package/src/primitives/Secp256r1.ts

@@ -0,0 +1,334 @@
+import Random from './Random.js'
+import { sha256, sha256hmac } from './Hash.js'
+import { toArray, toHex } from './utils.js'
+
+export type P256Point = { x: bigint, y: bigint } | null
+
+type ByteSource = string | Uint8Array | ArrayBufferView
+
+const HEX_REGEX = /^[0-9a-fA-F]+$/
+
+const P = BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff')
+const N = BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551')
+const A = P - 3n // a = -3 mod p
+const B = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b')
+const GX = BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296')
+const GY = BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5')
+const G: P256Point = { x: GX, y: GY }
+const HALF_N = N >> 1n
+
+const COMPRESSED_EVEN = '02'
+const COMPRESSED_ODD = '03'
+const UNCOMPRESSED = '04'
+
+/**
+ * Pure BigInt implementation of the NIST P-256 (secp256r1) curve with ECDSA sign/verify.
+ *
+ * This class is standalone (no dependency on the existing secp256k1 primitives) and exposes
+ * key generation, point encoding/decoding, scalar multiplication, and SHA-256 based ECDSA.
+ */
+export default class Secp256r1 {
+  readonly p = P
+  readonly n = N
+  readonly a = A
+  readonly b = B
+  readonly g = G
+
+  private mod (x: bigint, m: bigint = this.p): bigint {
+    const v = x % m
+    return v >= 0n ? v : v + m
+  }
+
+  private modInv (x: bigint, m: bigint): bigint {
+    if (x === 0n || m <= 0n) throw new Error('Invalid mod inverse input')
+    let [a, b] = [this.mod(x, m), m]
+    let [u, v] = [1n, 0n]
+    while (b !== 0n) {
+      const q = a / b
+      ;[a, b] = [b, a - q * b]
+      ;[u, v] = [v, u - q * v]
+    }
+    if (a !== 1n) throw new Error('Inverse does not exist')
+    return this.mod(u, m)
+  }
+
+  private modPow (base: bigint, exponent: bigint, modulus: bigint): bigint {
+    if (modulus === 1n) return 0n
+    let result = 1n
+    let b = this.mod(base, modulus)
+    let e = exponent
+    while (e > 0n) {
+      if ((e & 1n) === 1n) result = this.mod(result * b, modulus)
+      e >>= 1n
+      b = this.mod(b * b, modulus)
+    }
+    return result
+  }
+
+  private isInfinity (p: P256Point): p is null {
+    return p === null
+  }
+
+  private assertOnCurve (p: P256Point): void {
+    if (this.isInfinity(p)) return
+    const { x, y } = p
+    const left = this.mod(y * y)
+    const right = this.mod(this.mod(x * x * x + this.a * x) + this.b)
+    if (left !== right) {
+      throw new Error('Point is not on secp256r1')
+    }
+  }
+
+  pointFromAffine (x: bigint, y: bigint): P256Point {
+    const point: P256Point = { x: this.mod(x), y: this.mod(y) }
+    this.assertOnCurve(point)
+    return point
+  }
+
+  /**
+   * Decode a point from compressed or uncompressed hex.
+   */
+  pointFromHex (hex: string): P256Point {
+    if (hex.startsWith(UNCOMPRESSED)) {
+      const x = BigInt('0x' + hex.slice(2, 66))
+      const y = BigInt('0x' + hex.slice(66))
+      return this.pointFromAffine(x, y)
+    }
+    if (hex.startsWith(COMPRESSED_EVEN) || hex.startsWith(COMPRESSED_ODD)) {
+      const x = BigInt('0x' + hex.slice(2))
+      const ySq = this.mod(this.mod(x * x * x + this.a * x) + this.b)
+      const y = this.modPow(ySq, (this.p + 1n) >> 2n, this.p)
+      const isOdd = (y & 1n) === 1n
+      const shouldBeOdd = hex.startsWith(COMPRESSED_ODD)
+      const yFinal = (isOdd === shouldBeOdd) ? y : this.p - y
+      return this.pointFromAffine(x, yFinal)
+    }
+    throw new Error('Invalid point encoding')
+  }
+
+  /**
+   * Encode a point to compressed or uncompressed hex. Infinity is encoded as `00`.
+   */
+  pointToHex (p: P256Point, compressed = false): string {
+    if (this.isInfinity(p)) return '00'
+    const xHex = this.to32BytesHex(p.x)
+    const yHex = this.to32BytesHex(p.y)
+    if (!compressed) return UNCOMPRESSED + xHex + yHex
+    const prefix = (p.y & 1n) === 0n ? COMPRESSED_EVEN : COMPRESSED_ODD
+    return prefix + xHex
+  }
+
+  /**
+   * Add two affine points (handles infinity).
+   */
+  private addPoints (p1: P256Point, p2: P256Point): P256Point {
+    if (this.isInfinity(p1)) return p2
+    if (this.isInfinity(p2)) return p1
+
+    const { x: x1, y: y1 } = p1
+    const { x: x2, y: y2 } = p2
+
+    if (x1 === x2) {
+      if (y1 === y2) {
+        return this.doublePoint(p1)
+      }
+      return null
+    }
+
+    const m = this.mod((y2 - y1) * this.modInv(x2 - x1, this.p))
+    const x3 = this.mod(m * m - x1 - x2)
+    const y3 = this.mod(m * (x1 - x3) - y1)
+    return { x: x3, y: y3 }
+  }
+
+  private doublePoint (p: P256Point): P256Point {
+    if (this.isInfinity(p)) return p
+    if (p.y === 0n) return null
+    const m = this.mod((3n * p.x * p.x + this.a) * this.modInv(2n * p.y, this.p))
+    const x3 = this.mod(m * m - 2n * p.x)
+    const y3 = this.mod(m * (p.x - x3) - p.y)
+    return { x: x3, y: y3 }
+  }
+
+  /**
+   * Add two points (handles infinity).
+   */
+  add (p1: P256Point, p2: P256Point): P256Point {
+    return this.addPoints(p1, p2)
+  }
+
+  /**
+   * Scalar multiply an arbitrary point using double-and-add.
+   */
+  multiply (point: P256Point, scalar: bigint): P256Point {
+    if (scalar === 0n || this.isInfinity(point)) return null
+    let k = this.mod(scalar, this.n)
+    let result: P256Point = null
+    let addend: P256Point = point
+    while (k > 0n) {
+      if ((k & 1n) === 1n) {
+        result = this.addPoints(result, addend)
+      }
+      addend = this.doublePoint(addend)
+      k >>= 1n
+    }
+    return result
+  }
+
+  /**
+   * Scalar multiply the base point.
+   */
+  multiplyBase (scalar: bigint): P256Point {
+    return this.multiply(this.g, scalar)
+  }
+
+  /**
+   * Check if a point lies on the curve (including infinity).
+   */
+  isOnCurve (p: P256Point): boolean {
+    try {
+      this.assertOnCurve(p)
+      return true
+    } catch (err) {
+      return false
+    }
+  }
+
+  /**
+   * Generate a new random private key as 32-byte hex.
+   */
+  generatePrivateKeyHex (): string {
+    return this.to32BytesHex(this.randomScalar())
+  }
+
+  private randomScalar (): bigint {
+    while (true) {
+      const bytes = Random(32)
+      const k = BigInt('0x' + toHex(bytes))
+      if (k > 0n && k < this.n) return k
+    }
+  }
+
+  private normalizePrivateKey (d: bigint): bigint {
+    const key = this.mod(d, this.n)
+    if (key === 0n) throw new Error('Invalid private key')
+    return key
+  }
+
+  private toScalar (input: string | bigint): bigint {
+    if (typeof input === 'bigint') return this.normalizePrivateKey(input)
+    const hex = input.startsWith('0x') ? input.slice(2) : input
+    if (!HEX_REGEX.test(hex) || hex.length === 0 || hex.length > 64) {
+      throw new Error('Private key must be a hex string <= 32 bytes')
+    }
+    const value = BigInt('0x' + hex.padStart(64, '0'))
+    return this.normalizePrivateKey(value)
+  }
+
+  publicKeyFromPrivate (privateKey: string | bigint): P256Point {
+    const d = this.toScalar(privateKey)
+    return this.multiplyBase(d)
+  }
+
+  /**
+   * Create an ECDSA signature over a message. Uses SHA-256 unless `prehashed` is true.
+   * Returns low-s normalized signature hex parts.
+   */
+  sign (message: ByteSource, privateKey: string | bigint, opts: { prehashed?: boolean, nonce?: bigint } = {}): { r: string, s: string } {
+    const { prehashed = false, nonce } = opts
+    const d = this.toScalar(privateKey)
+    const digest = this.normalizeMessage(message, prehashed)
+    const z = this.bytesToScalar(digest)
+    let k = nonce ?? this.deterministicNonce(d, digest)
+
+    while (true) {
+      const p = this.multiplyBase(k)
+      if (this.isInfinity(p)) {
+        k = nonce ?? this.deterministicNonce(d, digest)
+        continue
+      }
+      const r = this.mod(p.x, this.n)
+      if (r === 0n) {
+        k = nonce ?? this.deterministicNonce(d, digest)
+        continue
+      }
+      const kinv = this.modInv(k, this.n)
+      let s = this.mod(kinv * (z + r * d), this.n)
+      if (s === 0n) {
+        k = nonce ?? this.deterministicNonce(d, digest)
+        continue
+      }
+      if (s > HALF_N) s = this.n - s // enforce low-s
+      return { r: this.to32BytesHex(r), s: this.to32BytesHex(s) }
+    }
+  }
+
+  /**
+   * Verify an ECDSA signature against a message and public key.
+   */
+  verify (message: ByteSource, signature: { r: string | bigint, s: string | bigint }, publicKey: P256Point | string, opts: { prehashed?: boolean } = {}): boolean {
+    const { prehashed = false } = opts
+    let q: P256Point
+    try {
+      q = typeof publicKey === 'string' ? this.pointFromHex(publicKey) : publicKey
+    } catch {
+      return false
+    }
+    if ((q == null) || !this.isOnCurve(q)) return false
+
+    const r = typeof signature.r === 'bigint' ? signature.r : BigInt('0x' + signature.r)
+    const s = typeof signature.s === 'bigint' ? signature.s : BigInt('0x' + signature.s)
+    if (r <= 0n || r >= this.n || s <= 0n || s >= this.n) return false
+
+    const z = this.bytesToScalar(this.normalizeMessage(message, prehashed))
+    const w = this.modInv(s, this.n)
+    const u1 = this.mod(z * w, this.n)
+    const u2 = this.mod(r * w, this.n)
+    const p = this.addPoints(this.multiplyBase(u1), this.multiply(q, u2))
+    if (this.isInfinity(p)) return false
+    const v = this.mod(p.x, this.n)
+    return v === r
+  }
+
+  private normalizeMessage (message: ByteSource, prehashed: boolean): Uint8Array {
+    const bytes = this.toBytes(message)
+    if (prehashed) return bytes
+    return new Uint8Array(sha256(bytes))
+  }
+
+  private bytesToScalar (bytes: Uint8Array): bigint {
+    const hex = toHex(Array.from(bytes))
+    return BigInt('0x' + hex) % this.n
+  }
+
+  private deterministicNonce (priv: bigint, msgDigest: Uint8Array): bigint {
+    const keyBytes = toArray(this.to32BytesHex(priv), 'hex')
+    let counter = 0
+    while (counter < 1024) { // safety bound
+      const data = counter === 0
+        ? Array.from(msgDigest)
+        : Array.from(msgDigest).concat([counter & 0xff])
+      const hmac = sha256hmac(keyBytes, data)
+      const k = BigInt('0x' + toHex(hmac)) % this.n
+      if (k > 0n) return k
+      counter++
+    }
+    throw new Error('Failed to derive deterministic nonce')
+  }
+
+  private toBytes (data: ByteSource): Uint8Array {
+    if (typeof data === 'string') {
+      const isHex = HEX_REGEX.test(data) && data.length % 2 === 0
+      return Uint8Array.from(toArray(data, isHex ? 'hex' : 'utf8'))
+    }
+    if (data instanceof Uint8Array) return data
+    if (ArrayBuffer.isView(data)) {
+      return new Uint8Array(data.buffer, data.byteOffset, data.byteLength)
+    }
+    throw new Error('Unsupported message format')
+  }
+
+  private to32BytesHex (num: bigint): string {
+    return num.toString(16).padStart(64, '0')
+  }
+}

package/src/primitives/SymmetricKey.ts

@@ -87,10 +87,6 @@ export default class SymmetricKey extends BigNumber {
     const ciphertext = msg.slice(ivLength, tagStart)
     const messageTag = msg.slice(tagStart)
 
-    if (tagStart < ivLength) {
-      throw new Error('Malformed ciphertext')
-    }
-
     const result = AESGCMDecrypt(
       ciphertext,
       [],

package/src/primitives/__tests/AESGCM.test.ts

@@ -8,7 +8,8 @@ import {
   incrementLeastSignificantThirtyTwoBits,
   checkBit,
   getBytes,
-  exclusiveOR
+  exclusiveOR,
+  AESGCMDecrypt
 } from '../../primitives/AESGCM'
 import { toArray } from '../../primitives/utils'
 
@@ -642,3 +643,58 @@ describe('getBytes', () => {
     expect([0x04, 0x03, 0x02, 0x01]).toEqual(getBytes(0x0504030201))
   })
 })
+
+describe('AESGCM IV validation', () => {
+  const key = new Array(16).fill(0x01)
+  const aad: number[] = []
+  const plaintext = [1, 2, 3, 4]
+
+  it('AESGCM throws when IV is empty', () => {
+    expect(() => {
+      AESGCM(plaintext, aad, [], key)
+    }).toThrow(new Error('Initialization vector must not be empty'))
+  })
+
+  it('AESGCMDecrypt throws when IV is empty', () => {
+    const iv = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11]
+    const { result: ciphertext, authenticationTag } = AESGCM(plaintext, aad, iv, key)
+
+    // Now call decrypt but with an empty IV – this should be rejected
+    expect(() => {
+      AESGCMDecrypt(ciphertext, aad, [], authenticationTag, key)
+    }).toThrow(new Error('Initialization vector must not be empty'))
+  })
+
+  it('AESGCM throws when key is empty', () => {
+    const iv = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11]
+
+    expect(() => {
+      AESGCM(plaintext, aad, iv, [])
+    }).toThrow(new Error('Key must not be empty'))
+  })
+
+  it('AESGCMDecrypt throws when key is empty', () => {
+    const iv = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11]
+    const { result: ciphertext, authenticationTag } = AESGCM(plaintext, aad, iv, key)
+
+    expect(() => {
+      AESGCMDecrypt(ciphertext, aad, iv, authenticationTag, [])
+    }).toThrow(new Error('Key must not be empty'))
+  })
+
+  it('AESGCMDecrypt throws when cipher text is empty', () => {
+    const iv = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11]
+
+    expect(() => {
+      AESGCMDecrypt([], aad, iv, [], key)
+    }).toThrow(new Error('Cipher text must not be empty'))
+  })
+
+  it('AESGCM still work with a valid IV', () => {
+    const iv = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11]
+    const { result: ciphertext, authenticationTag } = AESGCM(plaintext, aad, iv, key)
+    const decrypted = AESGCMDecrypt(ciphertext, aad, iv, authenticationTag, key)
+
+    expect(decrypted).toEqual(plaintext)
+  })
+})