@bsv/sdk 1.9.12 → 1.9.15

package/src/primitives/__tests/Secp256r1.test.ts

@@ -0,0 +1,101 @@
+import crypto from 'crypto'
+import Secp256r1 from '../Secp256r1.js'
+import { sha256 } from '../Hash.js'
+
+const curve = new Secp256r1()
+
+const TWO_G =
+  '047cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc4766997807775510db8ed040293d9ac69f7430dbba7dade63ce982299e04b79d227873d1'
+const THREE_G =
+  '045ecbe4d1a6330a44c8f7ef951d4bf165e6c6b721efada985fb41661bc6e7fd6c8734640c4998ff7e374b06ce1a64a2ecd82ab036384fb83d9a79b127a27d5032'
+
+const toBase64Url = (hex: string): string => Buffer.from(hex, 'hex').toString('base64url')
+
+describe('Secp256r1', () => {
+  test('base point multiplication matches known coordinates and handles infinity', () => {
+    const twoG = curve.multiplyBase(2n)
+    const threeG = curve.multiplyBase(3n)
+    expect(curve.pointToHex(twoG)).toBe(TWO_G)
+    expect(curve.pointToHex(threeG)).toBe(THREE_G)
+    expect(curve.multiplyBase(curve.n)).toBeNull()
+    expect(curve.multiply(null, 5n)).toBeNull()
+  })
+
+  test('public key generation stays on-curve, supports compression, and rejects bad encodings', () => {
+    const priv = curve.generatePrivateKeyHex()
+    const pub = curve.publicKeyFromPrivate(priv)
+    expect(curve.isOnCurve(pub)).toBe(true)
+    const compressed = curve.pointToHex(pub, true)
+    const roundTrip = curve.pointFromHex(compressed)
+    expect(roundTrip).toEqual(pub)
+    expect(() => curve.pointFromHex('05abcdef')).toThrow()
+    expect(() => curve.pointFromHex('')).toThrow()
+  })
+
+  test('adding inverse points yields infinity', () => {
+    const p = curve.multiplyBase(9n)
+    const neg = { x: p!.x, y: curve.p - p!.y }
+    expect(curve.add(p, neg)).toBeNull()
+    expect(curve.add(null, p)).toEqual(p)
+  })
+
+  test('ECDSA sign and verify round-trip, low-s enforced, rejects malformed inputs', () => {
+    const priv = '1'.repeat(64)
+    const pub = curve.publicKeyFromPrivate(priv)
+    const message = Buffer.from('p256 check')
+    const signature = curve.sign(message, priv)
+    const sVal = BigInt('0x' + signature.s)
+    expect(sVal <= curve.n / 2n).toBe(true)
+    expect(curve.verify(message, signature, pub)).toBe(true)
+    expect(curve.verify(Buffer.from('different'), signature, pub)).toBe(false)
+    const tampered = { r: signature.r, s: signature.s.slice(0, 62) + '00' }
+    expect(curve.verify(message, tampered, pub)).toBe(false)
+    const zeroR = { r: '0'.repeat(64), s: signature.s }
+    expect(curve.verify(message, zeroR, pub)).toBe(false)
+    const zeroS = { r: signature.r, s: '0'.repeat(64) }
+    expect(curve.verify(message, zeroS, pub)).toBe(false)
+    expect(curve.verify(message, signature, '02deadbeef')).toBe(false)
+  })
+
+  test('deterministic nonce is stable across calls and message changes', () => {
+    const priv = '2'.repeat(64)
+    const pub = curve.publicKeyFromPrivate(priv)
+    const message = Buffer.from('deterministic nonce')
+    const sig1 = curve.sign(message, priv)
+    const sig2 = curve.sign(message, priv)
+    expect(sig1).toEqual(sig2)
+    const sig3 = curve.sign(Buffer.from('deterministic nonce v2'), priv)
+    expect(sig3).not.toEqual(sig1)
+    expect(curve.verify(message, sig1, pub)).toBe(true)
+  })
+
+  test('prehashed signing path matches explicit hashing input', () => {
+    const priv = '4'.repeat(64)
+    const pub = curve.publicKeyFromPrivate(priv)
+    const message = Buffer.from('prehashed path')
+    const digest = new Uint8Array(sha256(message))
+    const sig1 = curve.sign(message, priv)
+    const sig2 = curve.sign(digest, priv, { prehashed: true })
+    expect(sig1).toEqual(sig2)
+    expect(curve.verify(digest, sig2, pub, { prehashed: true })).toBe(true)
+  })
+
+  test('signatures interoperate with Node crypto (ieee-p1363 encoding)', () => {
+    const priv = '3'.repeat(64)
+    const pub = curve.publicKeyFromPrivate(priv)
+    const message = Buffer.from('interop check')
+    const signature = curve.sign(message, priv)
+    const sigBuf = Buffer.concat([Buffer.from(signature.r, 'hex'), Buffer.from(signature.s, 'hex')])
+
+    const pubHex = curve.pointToHex(pub)
+    const jwk = {
+      kty: 'EC',
+      crv: 'P-256',
+      x: toBase64Url(pubHex.slice(2, 66)),
+      y: toBase64Url(pubHex.slice(66))
+    }
+
+    const ok = crypto.verify('sha256', message, { key: jwk, format: 'jwk', dsaEncoding: 'ieee-p1363' }, sigBuf)
+    expect(ok).toBe(true)
+  })
+})

package/src/primitives/__tests/utils.test.ts

@@ -209,6 +209,50 @@ describe('utils', () => {
   })
 })
 
+describe('toArray base64', () => {
+  it('decodes empty string to empty array', () => {
+    expect(toArray('', 'base64')).toEqual([])
+  })
+
+  it('decodes standard padded base64 strings', () => {
+    expect(toArray('Zg==', 'base64')).toEqual([102])
+    expect(toArray('Zm8=', 'base64')).toEqual([102, 111])
+    expect(toArray('Zm9v', 'base64')).toEqual([102, 111, 111])
+    expect(toArray('SGVsbG8=', 'base64')).toEqual([72, 101, 108, 108, 111])
+  })
+
+  it('decodes base64 without padding', () => {
+    expect(toArray('SGVsbG8', 'base64')).toEqual([72, 101, 108, 108, 111])
+    expect(toArray('QQ', 'base64')).toEqual([65])
+    expect(toArray('Zm8', 'base64')).toEqual([102, 111])
+  })
+
+  it('decodes URL-safe base64', () => {
+    expect(toArray('_w==', 'base64')).toEqual([255])
+  })
+
+  it('ignores whitespace and newlines', () => {
+    expect(toArray('S G V s b G 8 =\n', 'base64')).toEqual([72, 101, 108, 108, 111])
+  })
+
+  it('throws on invalid padding', () => {
+    expect(() => toArray('SGVsbG8===', 'base64')).toThrow(new Error('Invalid base64 padding'))
+    expect(() => toArray('SGV=sbG8=', 'base64')).toThrow(new Error('Invalid base64 padding'))
+  })
+
+  // it('throws on invalid length (1 mod 4)', () => {
+  //   expect(() => toArray('abcde', 'base64')).toThrow(new Error('Invalid base64 length'))
+  // })
+
+  it('throws on invalid characters', () => {
+    expect(() => toArray('A?==', 'base64')).toThrow(new Error('Invalid base64 character at index 1'))
+  })
+
+  // it('throws when non-zero padding bits are present', () => {
+  //   expect(() => toArray('QZ', 'base64')).toThrow(new Error('Invalid base64: non-zero padding bits'))
+  // })
+})
+
 describe('verifyNotNull', () => {
   it('should return the value if it is not null or undefined', () => {
     expect(verifyNotNull(42)).toBe(42)

package/src/primitives/index.ts

@@ -13,3 +13,4 @@ export { default as Random } from './Random.js'
 export { default as TransactionSignature } from './TransactionSignature.js'
 export { default as Polynomial, PointInFiniteField } from './Polynomial.js'
 export { default as Schnorr } from './Schnorr.js'
+export { default as Secp256r1 } from './Secp256r1.js'

package/src/primitives/utils.ts

@@ -104,23 +104,67 @@ const hexToArray = (msg: string): number[] => {
   return res
 }
 
-const base64ToArray = (msg: string): number[] => {
-  const base64Chars =
-    'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
-  const result: number[] = []
-  let currentBit = 0
-  let currentByte = 0
+export function base64ToArray (msg: string): number[] {
+  if (typeof msg !== 'string') {
+    throw new TypeError('msg must be a string')
+  }
+
+  // cleanse string
+  let s = msg.trim().replace(/[\r\n\t\f\v ]+/g, '')
+  s = s.replace(/-/g, '+').replace(/_/g, '/')
+
+  // ensure padding is correct
+  const padIndex = s.indexOf('=')
+  if (padIndex !== -1) {
+    const pad = s.slice(padIndex)
+    if (!/^={1,2}$/.test(pad)) {
+      throw new Error('Invalid base64 padding')
+    }
+    if (s.slice(0, padIndex).includes('=')) {
+      throw new Error('Invalid base64 padding')
+    }
+    s = s.slice(0, padIndex)
+  }
+
+  // if (s.length % 4 === 1)
+  // {
+  //   throw new Error("Invalid base64 length")
+  // }
 
-  for (const char of msg.replace(/=+$/, '')) {
-    currentBit = (currentBit << 6) | base64Chars.indexOf(char)
-    currentByte += 6
+  const result: number[] = []
+  let bitBuffer = 0
+  let bitCount = 0
+
+  for (let i = 0; i < s.length; i++) {
+    const c = s.charCodeAt(i)
+    // using ascii map values rather than indexOf
+    let v = -1
+    if (c >= 65 && c <= 90) {
+      v = c - 65 // A-Z
+    } else if (c >= 97 && c <= 122) {
+      v = c - 97 + 26 // a-z
+    } else if (c >= 48 && c <= 57) {
+      v = c - 48 + 52 // 0-9
+    } else if (c === 43) {
+      v = 62 // +
+    } else if (c === 47) {
+      v = 63 // /
+    } else {
+      throw new Error(`Invalid base64 character at index ${i}`)
+    }
+    bitBuffer = (bitBuffer << 6) | v
+    bitCount += 6
 
-    if (currentByte >= 8) {
-      currentByte -= 8
-      result.push((currentBit >> currentByte) & 0xff)
-      currentBit &= (1 << currentByte) - 1
+    while (bitCount >= 8) {
+      bitCount -= 8
+      result.push((bitBuffer >> bitCount) & 0xff)
+      bitBuffer &= (1 << bitCount) - 1
     }
   }
+  // check for valid padding bits
+  // if (bitCount !== 0 && bitBuffer !== 0) {
+  //   throw new Error("Invalid base64: non-zero padding bits")
+  // }
 
   return result
 }