@bsv/sdk 1.9.18 → 1.9.20

package/docs/reference/primitives.md

@@ -843,7 +843,7 @@ export default class DRBG {
     V: number[];
     constructor(entropy: number[] | string, nonce: number[] | string) 
     hmac(): SHA256HMAC 
-    update(seed?): void 
+    update(seed?: number[]): void 
     generate(len: number): string 
 }
 ```
@@ -899,7 +899,7 @@ Updates the `K` and `V` values of the instance based on the seed.
 The seed if not provided uses `V` as seed.
 
 ```ts
-update(seed?): void 
+update(seed?: number[]): void 
 ```
 
 Returns

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bsv/sdk",
-  "version": "1.9.18",
+  "version": "1.9.20",
   "type": "module",
   "description": "BSV Blockchain Software Development Kit",
   "main": "dist/cjs/mod.js",

package/src/auth/__tests/Peer.test.ts

@@ -12,6 +12,7 @@ import { SimplifiedFetchTransport } from '../../auth/transports/SimplifiedFetchT
 const certifierPrivKey = new PrivateKey(21)
 const alicePrivKey = new PrivateKey(22)
 const bobPrivKey = new PrivateKey(23)
+const DUMMY_REVOCATION_OUTPOINT_HEX = '00'.repeat(36)
 
 jest.mock('../../auth/utils/getVerifiableCertificates')
 
@@ -101,7 +102,7 @@ describe('Peer class mutual authentication and certificate exchange', () => {
         subjectPubKey,
         fields,
         certificateType,
-        async () => 'revocationOutpoint' // or any revocation outpoint logic you want
+        async () => DUMMY_REVOCATION_OUTPOINT_HEX
       )
 
     // For test consistency, you could override the auto-generated serialNumber:

package/src/auth/certificates/MasterCertificate.ts

@@ -232,7 +232,7 @@ export class MasterCertificate extends Certificate {
     certificateType: string,
     getRevocationOutpoint = async (_serial: string): Promise<string> => {
       void _serial // Explicitly acknowledge unused parameter
-      return 'Certificate revocation not tracked.'
+      return '00'.repeat(32)
     },
     serialNumber?: string
   ): Promise<MasterCertificate> {
@@ -246,11 +246,18 @@ export class MasterCertificate extends Certificate {
     // 3. Obtain a revocation outpoint
     const revocationOutpoint = await getRevocationOutpoint(finalSerialNumber)
 
+    let subjectIdentityKey: string
+      if (subject === 'self') {
+        subjectIdentityKey = (await certifierWallet.getPublicKey({ identityKey: true })).publicKey
+      } else {
+        subjectIdentityKey = subject
+      }
+
     // 4. Create new MasterCertificate instance
     const certificate = new MasterCertificate(
       certificateType,
       finalSerialNumber,
-      subject,
+      subjectIdentityKey,
       (await certifierWallet.getPublicKey({ identityKey: true })).publicKey,
       revocationOutpoint,
       certificateFields,

package/src/auth/certificates/__tests/MasterCertificate.test.ts

@@ -14,7 +14,8 @@ const verifierKey2 = new PrivateKey(81)
 
 // A mock revocation outpoint for testing
 const mockRevocationOutpoint =
-  'deadbeefdeadbeefdeadbeefdeadbeef00000000000000000000000000000000.1'
+  'deadbeefdeadbeefdeadbeefdeadbeef00000001'
+
 
 // Arbitrary certificate data (in plaintext)
 const plaintextFields = {
@@ -355,33 +356,69 @@ describe('MasterCertificate', () => {
         expect(newCert.fields[fieldName]).toMatch(/^[A-Za-z0-9+/]+=*$/)
       }
     })
+
     it('should allow issuing a self-signed certificate and decrypt it with the same wallet', async () => {
-      // In a self-signed scenario, the subject and certifier are the same
       const subjectWallet = new CompletedProtoWallet(subjectKey2)
 
-      // Some sample fields
       const selfSignedFields = {
         owner: 'Bob',
         organization: 'SelfCo'
       }
 
-      // Issue the certificate for "self"
+      const subjectIdentityKey = (
+        await subjectWallet.getPublicKey({ identityKey: true })
+      ).publicKey
+
+      // Issue the certificate: subject = actual identity key (valid hex)
       const selfSignedCert = await MasterCertificate.issueCertificateForSubject(
-        subjectWallet, // act as certifier
-        'self',
+        subjectWallet,        // acts as certifier
+        subjectIdentityKey,   // <-- was 'self', now real hex
         selfSignedFields,
         'SELF_SIGNED_TEST'
       )
 
-      // Now we attempt to decrypt the fields with the same wallet
+      // Decrypt with the same wallet
       const decrypted = await MasterCertificate.decryptFields(
         subjectWallet,
         selfSignedCert.masterKeyring,
         selfSignedCert.fields,
-        'self'
+        'self' // still fine here if decryptFields treats 'self' specially
       )
 
       expect(decrypted).toEqual(selfSignedFields)
     })
+
+    it('resolves subject === "self" to the certifier wallet identity key', async () => {
+      const certifierWallet = new CompletedProtoWallet(new PrivateKey(99))
+
+      const certifierIdentityKey = (
+        await certifierWallet.getPublicKey({ identityKey: true })
+      ).publicKey
+
+      const cert = await MasterCertificate.issueCertificateForSubject(
+        certifierWallet,
+        'self',
+        { name: 'Alice' },
+        'TEST_CERT'
+      )
+
+      expect(cert.subject).toBe(certifierIdentityKey)
+    })
+
+    it('uses provided subjectIdentityKey when subject is a valid hex string', async () => {
+      const certifierWallet = new CompletedProtoWallet(new PrivateKey(42))
+
+      const validPubkey =
+        '0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798'
+
+      const cert = await MasterCertificate.issueCertificateForSubject(
+        certifierWallet,
+        validPubkey,
+        { name: 'Alice' },
+        'TEST_CERT'
+      )
+
+      expect(cert.subject).toBe(validPubkey)
+    })
   })
-})
+})

package/src/primitives/DRBG.ts

@@ -10,6 +10,7 @@ import { toHex, toArray } from './utils.js'
  * @param nonce - Initial nonce either in number array or hexadecimal string.
  *
  * @throws Throws an error message 'Not enough entropy. Minimum is 256 bits' when entropy's length is less than 32.
+ * @throws Thrown an error message 'Nonce must be exactly 32 bytes (256 bits)' when nonce's length is less than 32.
  *
  * @example
  * const drbg = new DRBG('af12de...', '123ef...');
@@ -19,13 +20,18 @@ export default class DRBG {
   V: number[]
 
   constructor (entropy: number[] | string, nonce: number[] | string) {
-    entropy = toArray(entropy, 'hex')
-    nonce = toArray(nonce, 'hex')
+    const entropyBytes = toArray(entropy, 'hex')
+    const nonceBytes = toArray(nonce, 'hex')
 
-    if (entropy.length < 32) {
-      throw new Error('Not enough entropy. Minimum is 256 bits')
+    // RFC 6979 for secp256k1 assumes 256-bit x and h1.
+    if (entropyBytes.length !== 32) {
+      throw new Error('Entropy must be exactly 32 bytes (256 bits)')
     }
-    const seed = entropy.concat(nonce)
+    if (nonceBytes.length !== 32) {
+      throw new Error('Nonce must be exactly 32 bytes (256 bits)')
+    }
+
+    const seedMaterial = entropyBytes.concat(nonceBytes)
 
     this.K = new Array(32)
     this.V = new Array(32)
@@ -33,7 +39,8 @@ export default class DRBG {
       this.K[i] = 0x00
       this.V[i] = 0x01
     }
-    this.update(seed)
+
+    this.update(seedMaterial)
   }
 
   /**
@@ -60,7 +67,7 @@ export default class DRBG {
    * @example
    * drbg.update('e13af...');
    */
-  update (seed?): void {
+  update (seed?: number[]): void {
     let kmac = this.hmac().update(this.V).update([0x00])
     if (seed !== undefined) {
       kmac = kmac.update(seed)

package/src/primitives/ECDSA.ts

@@ -87,7 +87,7 @@ export const sign = (
     if (kBN == null) throw new Error('k is undefined')
     kBN = truncateToN(kBN, true)
 
-    if (kBN.cmpn(1) <= 0 || kBN.cmp(ns1) >= 0) {
+    if (kBN.cmpn(1) < 0 || kBN.cmp(ns1) > 0) {
       if (BigNumber.isBN(customK)) {
         throw new Error('Invalid fixed custom K value (must be >1 and <N‑1)')
       }

package/src/primitives/Hash.ts

@@ -1,6 +1,8 @@
 
 // @ts-nocheck
 /* eslint-disable @typescript-eslint/naming-convention */
+import { assertValidHex, normalizeHex } from './hex.js'
+
 const assert = (
   expression: unknown,
   message: string = 'Hash assertion failed'
@@ -169,6 +171,10 @@ abstract class BaseHash {
    */
   private _pad (): number[] {
     const len = this.pendingTotal
+    if (!Number.isSafeInteger(len) || len < 0) {
+      throw new Error('Message too long for this hash function')
+    }
+
     const bytes = this._delta8
     const k = bytes - ((len + this.padLength) % bytes)
     const res = new Array(k + this.padLength)
@@ -177,8 +183,6 @@ abstract class BaseHash {
     for (i = 1; i < k; i++) {
       res[i] = 0
     }
-
-    // Append length
     const lengthBytes = this.padLength
     const maxBits = 1n << BigInt(lengthBytes * 8)
     let totalBits = BigInt(len) * 8n
@@ -204,6 +208,7 @@ abstract class BaseHash {
         totalBits >>= 8n
       }
     }
+
     return res
   }
 }
@@ -262,10 +267,8 @@ export function toArray (
         }
       }
     } else {
-      msg = msg.replace(/[^a-z0-9]+/gi, '')
-      if (msg.length % 2 !== 0) {
-        msg = '0' + msg
-      }
+      assertValidHex(msg)
+      msg = normalizeHex(msg)
       for (let i = 0; i < msg.length; i += 2) {
         res.push(parseInt(msg[i] + msg[i + 1], 16))
       }

package/src/primitives/__tests/DRBG.test.ts

@@ -1,18 +1,281 @@
 import DRBG from '../../primitives/DRBG'
 import DRBGVectors from './DRBG.vectors'
+import { toArray, toHex } from '../../primitives/utils'
+import { SHA256 } from '../../primitives/Hash'
 
-describe('Hmac_DRBG', () => {
-  describe('NIST vector', function () {
-    DRBGVectors.forEach(function (opt) {
-      it('should not fail at ' + opt.name, function () {
-        const drbg = new DRBG(opt.entropy, opt.nonce)
+describe('DRBG', () => {
+  describe('NIST vector compatibility', () => {
+    DRBGVectors.forEach((opt, index) => {
+      it(`handles NIST-style vector ${index} consistently`, () => {
+        const entropyBytes = toArray(opt.entropy, 'hex')
+        const nonceBytes = toArray(opt.nonce, 'hex')
 
-        let last
-        for (let i = 0; i < opt.add.length; i++) {
-          last = drbg.generate(opt.expected.length / 2)
+        const expectedByteLen = opt.expected.length / 2
+
+        if (entropyBytes.length !== 32 || nonceBytes.length !== 32) {
+          expect(() => new DRBG(opt.entropy, opt.nonce)).toThrow()
+          return
         }
-        expect(last).toEqual(opt.expected)
+
+        const drbg1 = new DRBG(opt.entropy, opt.nonce)
+        const out1 = drbg1.generate(expectedByteLen)
+
+        const drbg2 = new DRBG(opt.entropy, opt.nonce)
+        const out2 = drbg2.generate(expectedByteLen)
+
+        expect(out1).toEqual(out2)
+        expect(out1.length).toBe(opt.expected.length)
       })
     })
   })
+
+  describe('constructor input validation', () => {
+    it('throws if entropy is shorter than 32 bytes', () => {
+      const entropy = new Array(31).fill(0x01)
+      const nonce = new Array(32).fill(0x02)
+
+      expect(() => {
+        new DRBG(entropy, nonce)
+      }).toThrow('Entropy must be exactly 32 bytes (256 bits)')
+    })
+
+    it('throws if entropy is longer than 32 bytes', () => {
+      const entropy = new Array(33).fill(0x01)
+      const nonce = new Array(32).fill(0x02)
+
+      expect(() => {
+        new DRBG(entropy, nonce)
+      }).toThrow('Entropy must be exactly 32 bytes (256 bits)')
+    })
+
+    it('throws if nonce is shorter than 32 bytes', () => {
+      const entropy = new Array(32).fill(0x01)
+      const nonce = new Array(31).fill(0x02)
+
+      expect(() => {
+        new DRBG(entropy, nonce)
+      }).toThrow('Nonce must be exactly 32 bytes (256 bits)')
+    })
+
+    it('throws if nonce is longer than 32 bytes', () => {
+      const entropy = new Array(32).fill(0x01)
+      const nonce = new Array(33).fill(0x02)
+
+      expect(() => {
+        new DRBG(entropy, nonce)
+      }).toThrow('Nonce must be exactly 32 bytes (256 bits)')
+    })
+
+    it('accepts both hex strings and number[] inputs equivalently', () => {
+      const entropyArr = new Array(32).fill(0x11)
+      const nonceArr = new Array(32).fill(0x22)
+
+      const entropyHex = Buffer.from(entropyArr).toString('hex')
+      const nonceHex = Buffer.from(nonceArr).toString('hex')
+
+      const drbgArray = new DRBG(entropyArr, nonceArr)
+      const drbgHex = new DRBG(entropyHex, nonceHex)
+
+      const outArray = drbgArray.generate(32)
+      const outHex = drbgHex.generate(32)
+
+      expect(outArray).toEqual(outHex)
+    })
+  })
+
+  describe('determinism', () => {
+    const entropyHex =
+      '1b2e3d4c5f60718293a4b5c6d7e8f9011b2e3d4c5f60718293a4b5c6d7e8f901'
+    const nonceHex =
+      'abcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcd'
+
+    it('produces the same sequence for the same inputs', () => {
+      const drbg1 = new DRBG(entropyHex, nonceHex)
+      const drbg2 = new DRBG(entropyHex, nonceHex)
+
+      const seq1 = [
+        drbg1.generate(32),
+        drbg1.generate(32),
+        drbg1.generate(16)
+      ]
+
+      const seq2 = [
+        drbg2.generate(32),
+        drbg2.generate(32),
+        drbg2.generate(16)
+      ]
+
+      expect(seq1).toEqual(seq2)
+    })
+
+    it('produces different sequences if entropy changes', () => {
+      const entropyHex2 =
+        '2b3e4d5c6f708192a3b4c5d6e7f809112b3e4d5c6f708192a3b4c5d6e7f80911'
+      const drbg1 = new DRBG(entropyHex, nonceHex)
+      const drbg2 = new DRBG(entropyHex2, nonceHex)
+
+      const out1 = drbg1.generate(32)
+      const out2 = drbg2.generate(32)
+
+      expect(out1).not.toEqual(out2)
+    })
+
+    it('produces different sequences if nonce changes', () => {
+      const nonceHex2 =
+        '00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
+      const drbg1 = new DRBG(entropyHex, nonceHex)
+      const drbg2 = new DRBG(entropyHex, nonceHex2)
+
+      const out1 = drbg1.generate(32)
+      const out2 = drbg2.generate(32)
+
+      expect(out1).not.toEqual(out2)
+    })
+  })
+
+  describe('output length and state advancement', () => {
+    const entropyBytes = new Array(32).fill(0x33)
+    const nonceBytes = new Array(32).fill(0x44)
+
+    it('returns hex strings of length 2 * len', () => {
+      const drbg = new DRBG(entropyBytes, nonceBytes)
+
+      const out16 = drbg.generate(16)
+      const out32 = drbg.generate(32)
+
+      expect(out16.length).toBe(16 * 2)
+      expect(out32.length).toBe(32 * 2)
+    })
+
+    it('advances internal state between generate calls', () => {
+      const drbg = new DRBG(entropyBytes, nonceBytes)
+
+      const first = drbg.generate(32)
+      const second = drbg.generate(32)
+
+      expect(second).not.toEqual(first)
+    })
+
+    it('matches output when seeded with explicit number[] arrays', () => {
+      const entropyHex = 'aa'.repeat(32)
+      const nonceHex = 'bb'.repeat(32)
+      const entropyArr = toArray(entropyHex, 'hex')
+      const nonceArr = toArray(nonceHex, 'hex')
+
+      const drbgFromHex = new DRBG(entropyHex, nonceHex)
+      const drbgFromArr = new DRBG(entropyArr, nonceArr)
+
+      const outHex = drbgFromHex.generate(32)
+      const outArr = drbgFromArr.generate(32)
+
+      expect(outHex).toEqual(outArr)
+    })
+  })
+
+  describe('RFC 6979 ECDSA P-256 / SHA-256 vectors', () => {
+    // q for NIST P-256, from RFC 6979 A.2.5
+    const qHex =
+      'FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551'
+    const q = BigInt('0x' + qHex)
+
+    // int2octets: convert a non-negative bigint < 2^256 to a 32-byte big-endian array
+    const intToOctets = (x: bigint): number[] => {
+      const out = new Array<number>(32)
+      let v = x
+      for (let i = 31; i >= 0; i--) {
+        out[i] = Number(v & 0xffn)
+        v >>= 8n
+      }
+      return out
+    }
+
+    // bits2octets(h1): convert hash output to int, reduce mod q, return 32-byte big-endian
+    const bits2octets = (h1: number[]): number[] => {
+      const h1Int = BigInt('0x' + toHex(h1))
+      const z1 = h1Int % q
+      return intToOctets(z1)
+    }
+
+    const normalizeHex = (hex: string): string => hex.toLowerCase()
+
+    it('reproduces RFC 6979 k for P-256, SHA-256, message "sample"', () => {
+      // From RFC 6979 A.2.5 (ECDSA, 256 bits, P-256):
+      // private key x:
+      const xHex =
+        'C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721'
+
+      // expected k for SHA-256, message = "sample"
+      const expectedKHex =
+        'A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60'
+
+      const msg = 'sample'
+
+      const x = BigInt('0x' + xHex)
+      const entropy = intToOctets(x)
+
+      // h1 = SHA-256(message)
+      const h1Bytes = new SHA256().update(msg, 'utf8').digest()
+      const nonce = bits2octets(h1Bytes)
+
+      const drbg = new DRBG(entropy, nonce)
+
+      // First 32-byte block from DRBG
+      const tHex = drbg.generate(32) // 32 bytes = 64 hex chars
+      const tInt = BigInt('0x' + tHex)
+
+      // RFC 6979 derives k as tInt mod q (and retries if out of range; here it’s fine)
+      const k = tInt % q
+      const kHex = k.toString(16).padStart(64, '0')
+
+      expect(normalizeHex(kHex)).toBe(normalizeHex(expectedKHex))
+    })
+
+    it('reproduces RFC 6979 k for P-256, SHA-256, message "test"', () => {
+      // Same key x as above (RFC 6979 A.2.5), different message:
+      const xHex =
+        'C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721'
+
+      // expected k for SHA-256, message = "test"
+      const expectedKHex =
+        'D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0'
+
+      const msg = 'test'
+
+      const x = BigInt('0x' + xHex)
+      const entropy = intToOctets(x)
+
+      const h1Bytes = new SHA256().update(msg, 'utf8').digest()
+      const nonce = bits2octets(h1Bytes)
+
+      const drbg = new DRBG(entropy, nonce)
+
+      const tHex = drbg.generate(32)
+      const tInt = BigInt('0x' + tHex)
+      const k = tInt % q
+      const kHex = k.toString(16).padStart(64, '0')
+
+      expect(normalizeHex(kHex)).toBe(normalizeHex(expectedKHex))
+    })
+
+    it('is deterministic for the same RFC 6979 key and message', () => {
+      const xHex =
+        'C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721'
+      const msg = 'sample'
+
+      const x = BigInt('0x' + xHex)
+      const entropy = intToOctets(x)
+      const h1Bytes = new SHA256().update(msg, 'utf8').digest()
+      const nonce = bits2octets(h1Bytes)
+
+      const drbg1 = new DRBG(entropy, nonce)
+      const drbg2 = new DRBG(entropy, nonce)
+
+      const out1 = drbg1.generate(32)
+      const out2 = drbg2.generate(32)
+
+      expect(out1).toBe(out2)
+    })
+  })
 })
+
+

package/src/primitives/__tests/ECDSA.test.ts

@@ -61,4 +61,33 @@ describe('ECDSA', () => {
     const signature = ECDSA.sign(msg, key)
     expect(ECDSA.verify(msg, signature, wrongPub)).toBeFalsy()
   })
+
+  it('should accept custom k = 1 and k = n-1', () => {
+    const n = curve.n
+    const one = new BigNumber(1)
+
+    // k = 1 → valid
+    const k1 = one
+    const sig1 = ECDSA.sign(msg, key, undefined, k1)
+    expect(ECDSA.verify(msg, sig1, pub)).toBeTruthy()
+
+    // k = n-1 → valid
+    const km1 = n.subn(1)
+    const sig2 = ECDSA.sign(msg, key, undefined, km1)
+    expect(ECDSA.verify(msg, sig2, pub)).toBeTruthy()
+  })
+
+  it('should reject custom k < 1 or k > n-1', () => {
+    const n = curve.n
+
+    // k = 0 → invalid
+    expect(() =>
+      ECDSA.sign(msg, key, undefined, new BigNumber(0))
+    ).toThrow()
+
+    // k = n → invalid
+    expect(() =>
+      ECDSA.sign(msg, key, undefined, n)
+    ).toThrow()
+  })
 })

package/src/primitives/__tests/HMAC.test.ts

@@ -48,11 +48,22 @@ describe('HMAC', function () {
       res: 'cf5ad5984f9e43917aa9087380dac46e410ddc8a7731859c84e9d0f31bd43655'
     })
 
+    function normalizeKey (key: string | number[]): string | number[] {
+      if (typeof key === 'string') {
+        // test-only helper: remove whitespace between hex groups
+        return key.replace(/\s+/g, '')
+      }
+      return key
+    }
+
     function test (opt): void {
       it(`should not fail at ${opt.name as string}`, function (): void {
-        let h = new SHA256HMAC(opt.key)
+        const key = normalizeKey(opt.key)
+
+        let h = new SHA256HMAC(key as any)
         expect(h.update(opt.msg, opt.msgEnc).digestHex()).toEqual(opt.res)
-        h = h = new SHA256HMAC(opt.key)
+
+        h = new SHA256HMAC(key as any)
         expect(
           h
             .update(opt.msg.slice(0, 10), opt.msgEnc)

package/src/primitives/__tests/Hash.test.ts

@@ -3,6 +3,7 @@ import * as hash from '../../primitives/Hash'
 import * as crypto from 'crypto'
 import PBKDF2Vectors from './PBKDF2.vectors'
 import { toArray, toHex } from '../../primitives/utils'
+import { SHA1 } from '../..//primitives/Hash'
 
 describe('Hash', function () {
   function test (Hash, cases): void {
@@ -177,4 +178,27 @@ describe('Hash', function () {
       })
     }
   })
+
+  describe('Hash strict length validation (TOB-21)', () => {
+
+    it('throws when pendingTotal is not a safe integer', () => {
+      const h = new SHA1()
+
+      h.pendingTotal = Number.MAX_SAFE_INTEGER + 10
+
+      expect(() => {
+        h.digest()
+      }).toThrow('Message too long for this hash function')
+    })
+
+    it('throws when pendingTotal is negative', () => {
+      const h = new SHA1()
+
+      h.pendingTotal = -5
+
+      expect(() => {
+        h.digest()
+      }).toThrow('Message too long for this hash function')
+    })
+  })
 })