@bsv/sdk 1.9.17 → 1.9.19

package/docs/reference/primitives.md

@@ -843,7 +843,7 @@ export default class DRBG {
     V: number[];
     constructor(entropy: number[] | string, nonce: number[] | string) 
     hmac(): SHA256HMAC 
-    update(seed?): void 
+    update(seed?: number[]): void 
     generate(len: number): string 
 }
 ```
@@ -899,7 +899,7 @@ Updates the `K` and `V` values of the instance based on the seed.
 The seed if not provided uses `V` as seed.
 
 ```ts
-update(seed?): void 
+update(seed?: number[]): void 
 ```
 
 Returns

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bsv/sdk",
-  "version": "1.9.17",
+  "version": "1.9.19",
   "type": "module",
   "description": "BSV Blockchain Software Development Kit",
   "main": "dist/cjs/mod.js",

package/src/primitives/DRBG.ts

@@ -10,6 +10,7 @@ import { toHex, toArray } from './utils.js'
  * @param nonce - Initial nonce either in number array or hexadecimal string.
  *
  * @throws Throws an error message 'Not enough entropy. Minimum is 256 bits' when entropy's length is less than 32.
+ * @throws Thrown an error message 'Nonce must be exactly 32 bytes (256 bits)' when nonce's length is less than 32.
  *
  * @example
  * const drbg = new DRBG('af12de...', '123ef...');
@@ -19,13 +20,18 @@ export default class DRBG {
   V: number[]
 
   constructor (entropy: number[] | string, nonce: number[] | string) {
-    entropy = toArray(entropy, 'hex')
-    nonce = toArray(nonce, 'hex')
+    const entropyBytes = toArray(entropy, 'hex')
+    const nonceBytes = toArray(nonce, 'hex')
 
-    if (entropy.length < 32) {
-      throw new Error('Not enough entropy. Minimum is 256 bits')
+    // RFC 6979 for secp256k1 assumes 256-bit x and h1.
+    if (entropyBytes.length !== 32) {
+      throw new Error('Entropy must be exactly 32 bytes (256 bits)')
     }
-    const seed = entropy.concat(nonce)
+    if (nonceBytes.length !== 32) {
+      throw new Error('Nonce must be exactly 32 bytes (256 bits)')
+    }
+
+    const seedMaterial = entropyBytes.concat(nonceBytes)
 
     this.K = new Array(32)
     this.V = new Array(32)
@@ -33,7 +39,8 @@ export default class DRBG {
       this.K[i] = 0x00
       this.V[i] = 0x01
     }
-    this.update(seed)
+
+    this.update(seedMaterial)
   }
 
   /**
@@ -60,7 +67,7 @@ export default class DRBG {
    * @example
    * drbg.update('e13af...');
    */
-  update (seed?): void {
+  update (seed?: number[]): void {
     let kmac = this.hmac().update(this.V).update([0x00])
     if (seed !== undefined) {
       kmac = kmac.update(seed)

package/src/primitives/ECDSA.ts

@@ -87,7 +87,7 @@ export const sign = (
     if (kBN == null) throw new Error('k is undefined')
     kBN = truncateToN(kBN, true)
 
-    if (kBN.cmpn(1) <= 0 || kBN.cmp(ns1) >= 0) {
+    if (kBN.cmpn(1) < 0 || kBN.cmp(ns1) > 0) {
       if (BigNumber.isBN(customK)) {
         throw new Error('Invalid fixed custom K value (must be >1 and <N‑1)')
       }

package/src/primitives/Hash.ts

@@ -168,48 +168,42 @@ abstract class BaseHash {
    * @returns Returns an array denoting the padding.
    */
   private _pad (): number[] {
-    //
-    let len = this.pendingTotal
+    const len = this.pendingTotal
     const bytes = this._delta8
     const k = bytes - ((len + this.padLength) % bytes)
     const res = new Array(k + this.padLength)
     res[0] = 0x80
-    let i
+    let i: number
     for (i = 1; i < k; i++) {
       res[i] = 0
     }
 
     // Append length
-    len <<= 3
-    let t
+    const lengthBytes = this.padLength
+    const maxBits = 1n << BigInt(lengthBytes * 8)
+    let totalBits = BigInt(len) * 8n
+
+    if (totalBits >= maxBits) {
+      throw new Error('Message too long for this hash function')
+    }
+
     if (this.endian === 'big') {
-      for (t = 8; t < this.padLength; t++) {
-        res[i++] = 0
+      const lenArray = new Array<number>(lengthBytes)
+
+      for (let b = lengthBytes - 1; b >= 0; b--) {
+        lenArray[b] = Number(totalBits & 0xffn)
+        totalBits >>= 8n
       }
 
-      res[i++] = 0
-      res[i++] = 0
-      res[i++] = 0
-      res[i++] = 0
-      res[i++] = (len >>> 24) & 0xff
-      res[i++] = (len >>> 16) & 0xff
-      res[i++] = (len >>> 8) & 0xff
-      res[i++] = len & 0xff
+      for (let b = 0; b < lengthBytes; b++) {
+        res[i++] = lenArray[b]
+      }
     } else {
-      res[i++] = len & 0xff
-      res[i++] = (len >>> 8) & 0xff
-      res[i++] = (len >>> 16) & 0xff
-      res[i++] = (len >>> 24) & 0xff
-      res[i++] = 0
-      res[i++] = 0
-      res[i++] = 0
-      res[i++] = 0
-
-      for (t = 8; t < this.padLength; t++) {
-        res[i++] = 0
+      for (let b = 0; b < lengthBytes; b++) {
+        res[i++] = Number(totalBits & 0xffn)
+        totalBits >>= 8n
       }
     }
-
     return res
   }
 }

package/src/primitives/__tests/DRBG.test.ts

@@ -1,18 +1,281 @@
 import DRBG from '../../primitives/DRBG'
 import DRBGVectors from './DRBG.vectors'
+import { toArray, toHex } from '../../primitives/utils'
+import { SHA256 } from '../../primitives/Hash'
 
-describe('Hmac_DRBG', () => {
-  describe('NIST vector', function () {
-    DRBGVectors.forEach(function (opt) {
-      it('should not fail at ' + opt.name, function () {
-        const drbg = new DRBG(opt.entropy, opt.nonce)
+describe('DRBG', () => {
+  describe('NIST vector compatibility', () => {
+    DRBGVectors.forEach((opt, index) => {
+      it(`handles NIST-style vector ${index} consistently`, () => {
+        const entropyBytes = toArray(opt.entropy, 'hex')
+        const nonceBytes = toArray(opt.nonce, 'hex')
 
-        let last
-        for (let i = 0; i < opt.add.length; i++) {
-          last = drbg.generate(opt.expected.length / 2)
+        const expectedByteLen = opt.expected.length / 2
+
+        if (entropyBytes.length !== 32 || nonceBytes.length !== 32) {
+          expect(() => new DRBG(opt.entropy, opt.nonce)).toThrow()
+          return
         }
-        expect(last).toEqual(opt.expected)
+
+        const drbg1 = new DRBG(opt.entropy, opt.nonce)
+        const out1 = drbg1.generate(expectedByteLen)
+
+        const drbg2 = new DRBG(opt.entropy, opt.nonce)
+        const out2 = drbg2.generate(expectedByteLen)
+
+        expect(out1).toEqual(out2)
+        expect(out1.length).toBe(opt.expected.length)
       })
     })
   })
+
+  describe('constructor input validation', () => {
+    it('throws if entropy is shorter than 32 bytes', () => {
+      const entropy = new Array(31).fill(0x01)
+      const nonce = new Array(32).fill(0x02)
+
+      expect(() => {
+        new DRBG(entropy, nonce)
+      }).toThrow('Entropy must be exactly 32 bytes (256 bits)')
+    })
+
+    it('throws if entropy is longer than 32 bytes', () => {
+      const entropy = new Array(33).fill(0x01)
+      const nonce = new Array(32).fill(0x02)
+
+      expect(() => {
+        new DRBG(entropy, nonce)
+      }).toThrow('Entropy must be exactly 32 bytes (256 bits)')
+    })
+
+    it('throws if nonce is shorter than 32 bytes', () => {
+      const entropy = new Array(32).fill(0x01)
+      const nonce = new Array(31).fill(0x02)
+
+      expect(() => {
+        new DRBG(entropy, nonce)
+      }).toThrow('Nonce must be exactly 32 bytes (256 bits)')
+    })
+
+    it('throws if nonce is longer than 32 bytes', () => {
+      const entropy = new Array(32).fill(0x01)
+      const nonce = new Array(33).fill(0x02)
+
+      expect(() => {
+        new DRBG(entropy, nonce)
+      }).toThrow('Nonce must be exactly 32 bytes (256 bits)')
+    })
+
+    it('accepts both hex strings and number[] inputs equivalently', () => {
+      const entropyArr = new Array(32).fill(0x11)
+      const nonceArr = new Array(32).fill(0x22)
+
+      const entropyHex = Buffer.from(entropyArr).toString('hex')
+      const nonceHex = Buffer.from(nonceArr).toString('hex')
+
+      const drbgArray = new DRBG(entropyArr, nonceArr)
+      const drbgHex = new DRBG(entropyHex, nonceHex)
+
+      const outArray = drbgArray.generate(32)
+      const outHex = drbgHex.generate(32)
+
+      expect(outArray).toEqual(outHex)
+    })
+  })
+
+  describe('determinism', () => {
+    const entropyHex =
+      '1b2e3d4c5f60718293a4b5c6d7e8f9011b2e3d4c5f60718293a4b5c6d7e8f901'
+    const nonceHex =
+      'abcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcd'
+
+    it('produces the same sequence for the same inputs', () => {
+      const drbg1 = new DRBG(entropyHex, nonceHex)
+      const drbg2 = new DRBG(entropyHex, nonceHex)
+
+      const seq1 = [
+        drbg1.generate(32),
+        drbg1.generate(32),
+        drbg1.generate(16)
+      ]
+
+      const seq2 = [
+        drbg2.generate(32),
+        drbg2.generate(32),
+        drbg2.generate(16)
+      ]
+
+      expect(seq1).toEqual(seq2)
+    })
+
+    it('produces different sequences if entropy changes', () => {
+      const entropyHex2 =
+        '2b3e4d5c6f708192a3b4c5d6e7f809112b3e4d5c6f708192a3b4c5d6e7f80911'
+      const drbg1 = new DRBG(entropyHex, nonceHex)
+      const drbg2 = new DRBG(entropyHex2, nonceHex)
+
+      const out1 = drbg1.generate(32)
+      const out2 = drbg2.generate(32)
+
+      expect(out1).not.toEqual(out2)
+    })
+
+    it('produces different sequences if nonce changes', () => {
+      const nonceHex2 =
+        '00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
+      const drbg1 = new DRBG(entropyHex, nonceHex)
+      const drbg2 = new DRBG(entropyHex, nonceHex2)
+
+      const out1 = drbg1.generate(32)
+      const out2 = drbg2.generate(32)
+
+      expect(out1).not.toEqual(out2)
+    })
+  })
+
+  describe('output length and state advancement', () => {
+    const entropyBytes = new Array(32).fill(0x33)
+    const nonceBytes = new Array(32).fill(0x44)
+
+    it('returns hex strings of length 2 * len', () => {
+      const drbg = new DRBG(entropyBytes, nonceBytes)
+
+      const out16 = drbg.generate(16)
+      const out32 = drbg.generate(32)
+
+      expect(out16.length).toBe(16 * 2)
+      expect(out32.length).toBe(32 * 2)
+    })
+
+    it('advances internal state between generate calls', () => {
+      const drbg = new DRBG(entropyBytes, nonceBytes)
+
+      const first = drbg.generate(32)
+      const second = drbg.generate(32)
+
+      expect(second).not.toEqual(first)
+    })
+
+    it('matches output when seeded with explicit number[] arrays', () => {
+      const entropyHex = 'aa'.repeat(32)
+      const nonceHex = 'bb'.repeat(32)
+      const entropyArr = toArray(entropyHex, 'hex')
+      const nonceArr = toArray(nonceHex, 'hex')
+
+      const drbgFromHex = new DRBG(entropyHex, nonceHex)
+      const drbgFromArr = new DRBG(entropyArr, nonceArr)
+
+      const outHex = drbgFromHex.generate(32)
+      const outArr = drbgFromArr.generate(32)
+
+      expect(outHex).toEqual(outArr)
+    })
+  })
+
+  describe('RFC 6979 ECDSA P-256 / SHA-256 vectors', () => {
+    // q for NIST P-256, from RFC 6979 A.2.5
+    const qHex =
+      'FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551'
+    const q = BigInt('0x' + qHex)
+
+    // int2octets: convert a non-negative bigint < 2^256 to a 32-byte big-endian array
+    const intToOctets = (x: bigint): number[] => {
+      const out = new Array<number>(32)
+      let v = x
+      for (let i = 31; i >= 0; i--) {
+        out[i] = Number(v & 0xffn)
+        v >>= 8n
+      }
+      return out
+    }
+
+    // bits2octets(h1): convert hash output to int, reduce mod q, return 32-byte big-endian
+    const bits2octets = (h1: number[]): number[] => {
+      const h1Int = BigInt('0x' + toHex(h1))
+      const z1 = h1Int % q
+      return intToOctets(z1)
+    }
+
+    const normalizeHex = (hex: string): string => hex.toLowerCase()
+
+    it('reproduces RFC 6979 k for P-256, SHA-256, message "sample"', () => {
+      // From RFC 6979 A.2.5 (ECDSA, 256 bits, P-256):
+      // private key x:
+      const xHex =
+        'C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721'
+
+      // expected k for SHA-256, message = "sample"
+      const expectedKHex =
+        'A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60'
+
+      const msg = 'sample'
+
+      const x = BigInt('0x' + xHex)
+      const entropy = intToOctets(x)
+
+      // h1 = SHA-256(message)
+      const h1Bytes = new SHA256().update(msg, 'utf8').digest()
+      const nonce = bits2octets(h1Bytes)
+
+      const drbg = new DRBG(entropy, nonce)
+
+      // First 32-byte block from DRBG
+      const tHex = drbg.generate(32) // 32 bytes = 64 hex chars
+      const tInt = BigInt('0x' + tHex)
+
+      // RFC 6979 derives k as tInt mod q (and retries if out of range; here it’s fine)
+      const k = tInt % q
+      const kHex = k.toString(16).padStart(64, '0')
+
+      expect(normalizeHex(kHex)).toBe(normalizeHex(expectedKHex))
+    })
+
+    it('reproduces RFC 6979 k for P-256, SHA-256, message "test"', () => {
+      // Same key x as above (RFC 6979 A.2.5), different message:
+      const xHex =
+        'C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721'
+
+      // expected k for SHA-256, message = "test"
+      const expectedKHex =
+        'D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0'
+
+      const msg = 'test'
+
+      const x = BigInt('0x' + xHex)
+      const entropy = intToOctets(x)
+
+      const h1Bytes = new SHA256().update(msg, 'utf8').digest()
+      const nonce = bits2octets(h1Bytes)
+
+      const drbg = new DRBG(entropy, nonce)
+
+      const tHex = drbg.generate(32)
+      const tInt = BigInt('0x' + tHex)
+      const k = tInt % q
+      const kHex = k.toString(16).padStart(64, '0')
+
+      expect(normalizeHex(kHex)).toBe(normalizeHex(expectedKHex))
+    })
+
+    it('is deterministic for the same RFC 6979 key and message', () => {
+      const xHex =
+        'C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721'
+      const msg = 'sample'
+
+      const x = BigInt('0x' + xHex)
+      const entropy = intToOctets(x)
+      const h1Bytes = new SHA256().update(msg, 'utf8').digest()
+      const nonce = bits2octets(h1Bytes)
+
+      const drbg1 = new DRBG(entropy, nonce)
+      const drbg2 = new DRBG(entropy, nonce)
+
+      const out1 = drbg1.generate(32)
+      const out2 = drbg2.generate(32)
+
+      expect(out1).toBe(out2)
+    })
+  })
 })
+
+

package/src/primitives/__tests/ECDSA.test.ts

@@ -61,4 +61,33 @@ describe('ECDSA', () => {
     const signature = ECDSA.sign(msg, key)
     expect(ECDSA.verify(msg, signature, wrongPub)).toBeFalsy()
   })
+
+  it('should accept custom k = 1 and k = n-1', () => {
+    const n = curve.n
+    const one = new BigNumber(1)
+
+    // k = 1 → valid
+    const k1 = one
+    const sig1 = ECDSA.sign(msg, key, undefined, k1)
+    expect(ECDSA.verify(msg, sig1, pub)).toBeTruthy()
+
+    // k = n-1 → valid
+    const km1 = n.subn(1)
+    const sig2 = ECDSA.sign(msg, key, undefined, km1)
+    expect(ECDSA.verify(msg, sig2, pub)).toBeTruthy()
+  })
+
+  it('should reject custom k < 1 or k > n-1', () => {
+    const n = curve.n
+
+    // k = 0 → invalid
+    expect(() =>
+      ECDSA.sign(msg, key, undefined, new BigNumber(0))
+    ).toThrow()
+
+    // k = n → invalid
+    expect(() =>
+      ECDSA.sign(msg, key, undefined, n)
+    ).toThrow()
+  })
 })

package/src/primitives/__tests/Hash.test.ts

@@ -101,6 +101,54 @@ describe('Hash', function () {
     )
   })
 
+  describe('BaseHash padding and endianness', () => {
+    it('encodes length in big-endian for SHA1', () => {
+      const sha1 = new (hash as any).SHA1()
+      ;(sha1 as any).pendingTotal = 12345
+      const pad = (sha1 as any)._pad() as number[]
+      const padLength = (sha1 as any).padLength as number
+      const lengthBytes = pad.slice(-padLength)
+
+      const totalBits = BigInt(12345) * 8n
+      const expected = new Array<number>(padLength)
+      let tmp = totalBits
+      for (let i = padLength - 1; i >= 0; i--) {
+        expected[i] = Number(tmp & 0xffn)
+        tmp >>= 8n
+      }
+
+      expect(lengthBytes).toEqual(expected)
+    })
+
+    it('encodes length in little-endian for RIPEMD160', () => {
+      const ripemd = new (hash as any).RIPEMD160()
+      ;(ripemd as any).pendingTotal = 12345
+      const pad = (ripemd as any)._pad() as number[]
+      const padLength = (ripemd as any).padLength as number
+      const lengthBytes = pad.slice(-padLength)
+
+      const totalBits = BigInt(12345) * 8n
+      const expected = new Array<number>(padLength)
+      let tmp = totalBits
+      for (let i = 0; i < padLength; i++) {
+        expected[i] = Number(tmp & 0xffn)
+        tmp >>= 8n
+      }
+
+      expect(lengthBytes).toEqual(expected)
+    })
+
+    it('throws when message length exceeds maximum encodable bits', () => {
+      const sha1 = new (hash as any).SHA1()
+      ;(sha1 as any).padLength = 1
+      ;(sha1 as any).pendingTotal = 40
+
+      expect(() => {
+        ;(sha1 as any)._pad()
+      }).toThrow(new Error('Message too long for this hash function'))
+    })
+  })
+
   describe('PBKDF2 vectors', () => {
     for (let i = 0; i < PBKDF2Vectors.length; i++) {
       const v = PBKDF2Vectors[i]