@bsv/sdk 1.9.20 → 1.9.23

package/docs/reference/auth.md

@@ -502,7 +502,7 @@ export class MasterCertificate extends Certificate {
     static async createKeyringForVerifier(subjectWallet: ProtoWallet, certifier: WalletCounterparty, verifier: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, fieldsToReveal: string[], masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, serialNumber: Base64String, privileged?: boolean, privilegedReason?: string): Promise<Record<CertificateFieldNameUnder50Bytes, string>> 
     static async issueCertificateForSubject(certifierWallet: ProtoWallet, subject: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, string>, certificateType: string, getRevocationOutpoint = async (_serial: string): Promise<string> => {
         void _serial;
-        return "Certificate revocation not tracked.";
+        return "00".repeat(32);
     }, serialNumber?: string): Promise<MasterCertificate> 
     static async decryptFields(subjectOrCertifierWallet: ProtoWallet, masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, counterparty: WalletCounterparty, privileged?: boolean, privilegedReason?: string): Promise<Record<CertificateFieldNameUnder50Bytes, string>> 
     static async decryptField(subjectOrCertifierWallet: ProtoWallet, masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, fieldName: Base64String, fieldValue: Base64String, counterparty: WalletCounterparty, privileged?: boolean, privilegedReason?: string): Promise<{
@@ -634,7 +634,7 @@ can also includes a revocation outpoint to manage potential revocation.
 ```ts
 static async issueCertificateForSubject(certifierWallet: ProtoWallet, subject: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, string>, certificateType: string, getRevocationOutpoint = async (_serial: string): Promise<string> => {
     void _serial;
-    return "Certificate revocation not tracked.";
+    return "00".repeat(32);
 }, serialNumber?: string): Promise<MasterCertificate> 
 ```
 See also: [CertificateFieldNameUnder50Bytes](./wallet.md#type-certificatefieldnameunder50bytes), [MasterCertificate](./auth.md#class-mastercertificate), [ProtoWallet](./wallet.md#class-protowallet), [WalletCounterparty](./wallet.md#type-walletcounterparty)

package/docs/reference/primitives.md

@@ -829,7 +829,17 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 ---
 ### Class: DRBG
 
-This class behaves as a HMAC-based deterministic random bit generator (DRBG). It implements a deterministic random number generator using SHA256HMAC HASH function. It takes an initial entropy and nonce when instantiated for seeding purpose.
+HMAC-DRBG used **only** for deterministic ECDSA nonce generation.
+
+This implementation follows the RFC 6979-style HMAC-DRBG construction for secp256k1
+and is wired internally into the ECDSA signing code. It is **not forward-secure**
+and MUST NOT be used as a general-purpose DRBG, key generator, or randomness source.
+
+Security note:
+- Intended scope: internal ECDSA nonce generation with fixed-size inputs.
+- Out-of-scope: generic randomness, long-lived session keys, or any context
+  where forward secrecy is required.
+- API stability: this class is internal.
 
 Example
 
@@ -4953,8 +4963,10 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 | [AES](#function-aes) |
 | [AESGCM](#function-aesgcm) |
 | [AESGCMDecrypt](#function-aesgcmdecrypt) |
+| [assertValidHex](#function-assertvalidhex) |
 | [base64ToArray](#function-base64toarray) |
 | [ghash](#function-ghash) |
+| [normalizeHex](#function-normalizehex) |
 | [pbkdf2](#function-pbkdf2) |
 | [red](#function-red) |
 | [toArray](#function-toarray) |
@@ -4994,6 +5006,15 @@ export function AESGCMDecrypt(cipherText: number[], additionalAuthenticatedData:
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
 
+---
+### Function: assertValidHex
+
+```ts
+export function assertValidHex(msg: string): void 
+```
+
+Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
+
 ---
 ### Function: base64ToArray
 
@@ -5012,6 +5033,15 @@ export function ghash(input: number[], hashSubKey: number[]): number[]
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
 
+---
+### Function: normalizeHex
+
+```ts
+export function normalizeHex(msg: string): string 
+```
+
+Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
+
 ---
 ### Function: pbkdf2
 
@@ -5939,7 +5969,7 @@ sign = (msg: BigNumber, key: BigNumber, forceLowS: boolean = false, customK?: Bi
         if (kBN == null)
             throw new Error("k is undefined");
         kBN = truncateToN(kBN, true);
-        if (kBN.cmpn(1) <= 0 || kBN.cmp(ns1) >= 0) {
+        if (kBN.cmpn(1) < 0 || kBN.cmp(ns1) > 0) {
             if (BigNumber.isBN(customK)) {
                 throw new Error("Invalid fixed custom K value (must be >1 and <N\u20111)");
             }
@@ -6090,49 +6120,78 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 ```ts
 toUTF8 = (arr: number[]): string => {
     let result = "";
-    let skip = 0;
+    const replacementChar = "\uFFFD";
     for (let i = 0; i < arr.length; i++) {
-        const byte = arr[i];
-        if (skip > 0) {
-            skip--;
+        const byte1 = arr[i];
+        if (byte1 <= 127) {
+            result += String.fromCharCode(byte1);
             continue;
         }
-        if (byte <= 127) {
-            result += String.fromCharCode(byte);
-            continue;
-        }
-        if (byte >= 192 && byte <= 223) {
-            const avail = arr.length - (i + 1);
-            const byte2 = avail >= 1 ? arr[i + 1] : 0;
-            skip = Math.min(1, avail);
-            const codePoint = ((byte & 31) << 6) | (byte2 & 63);
+        const emitReplacement = (): void => {
+            result += replacementChar;
+        };
+        if (byte1 >= 192 && byte1 <= 223) {
+            if (i + 1 >= arr.length) {
+                emitReplacement();
+                continue;
+            }
+            const byte2 = arr[i + 1];
+            if ((byte2 & 192) !== 128) {
+                emitReplacement();
+                i += 1;
+                continue;
+            }
+            const codePoint = ((byte1 & 31) << 6) | (byte2 & 63);
             result += String.fromCharCode(codePoint);
+            i += 1;
             continue;
         }
-        if (byte >= 224 && byte <= 239) {
-            const avail = arr.length - (i + 1);
-            const byte2 = avail >= 1 ? arr[i + 1] : 0;
-            const byte3 = avail >= 2 ? arr[i + 2] : 0;
-            skip = Math.min(2, avail);
-            const codePoint = ((byte & 15) << 12) | ((byte2 & 63) << 6) | (byte3 & 63);
+        if (byte1 >= 224 && byte1 <= 239) {
+            if (i + 2 >= arr.length) {
+                emitReplacement();
+                continue;
+            }
+            const byte2 = arr[i + 1];
+            const byte3 = arr[i + 2];
+            if ((byte2 & 192) !== 128 || (byte3 & 192) !== 128) {
+                emitReplacement();
+                i += 2;
+                continue;
+            }
+            const codePoint = ((byte1 & 15) << 12) |
+                ((byte2 & 63) << 6) |
+                (byte3 & 63);
             result += String.fromCharCode(codePoint);
+            i += 2;
             continue;
         }
-        if (byte >= 240 && byte <= 247) {
-            const avail = arr.length - (i + 1);
-            const byte2 = avail >= 1 ? arr[i + 1] : 0;
-            const byte3 = avail >= 2 ? arr[i + 2] : 0;
-            const byte4 = avail >= 3 ? arr[i + 3] : 0;
-            skip = Math.min(3, avail);
-            const codePoint = ((byte & 7) << 18) |
+        if (byte1 >= 240 && byte1 <= 247) {
+            if (i + 3 >= arr.length) {
+                emitReplacement();
+                continue;
+            }
+            const byte2 = arr[i + 1];
+            const byte3 = arr[i + 2];
+            const byte4 = arr[i + 3];
+            if ((byte2 & 192) !== 128 ||
+                (byte3 & 192) !== 128 ||
+                (byte4 & 192) !== 128) {
+                emitReplacement();
+                i += 3;
+                continue;
+            }
+            const codePoint = ((byte1 & 7) << 18) |
                 ((byte2 & 63) << 12) |
                 ((byte3 & 63) << 6) |
                 (byte4 & 63);
-            const surrogate1 = 55296 + ((codePoint - 65536) >> 10);
-            const surrogate2 = 56320 + ((codePoint - 65536) & 1023);
-            result += String.fromCharCode(surrogate1, surrogate2);
+            const offset = codePoint - 65536;
+            const highSurrogate = 55296 + (offset >> 10);
+            const lowSurrogate = 56320 + (offset & 1023);
+            result += String.fromCharCode(highSurrogate, lowSurrogate);
+            i += 3;
             continue;
         }
+        emitReplacement();
     }
     return result;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bsv/sdk",
-  "version": "1.9.20",
+  "version": "1.9.23",
   "type": "module",
   "description": "BSV Blockchain Software Development Kit",
   "main": "dist/cjs/mod.js",

package/src/primitives/DRBG.ts

@@ -2,7 +2,18 @@ import { SHA256HMAC } from './Hash.js'
 import { toHex, toArray } from './utils.js'
 
 /**
- * This class behaves as a HMAC-based deterministic random bit generator (DRBG). It implements a deterministic random number generator using SHA256HMAC HASH function. It takes an initial entropy and nonce when instantiated for seeding purpose.
+ * HMAC-DRBG used **only** for deterministic ECDSA nonce generation.
+ *
+ * This implementation follows the RFC 6979-style HMAC-DRBG construction for secp256k1
+ * and is wired internally into the ECDSA signing code. It is **not forward-secure**
+ * and MUST NOT be used as a general-purpose DRBG, key generator, or randomness source.
+ *
+ * Security note:
+ * - Intended scope: internal ECDSA nonce generation with fixed-size inputs.
+ * - Out-of-scope: generic randomness, long-lived session keys, or any context
+ *   where forward secrecy is required.
+ * - API stability: this class is internal.
+ *
  * @class DRBG
  *
  * @constructor

package/src/primitives/JacobianPoint.ts

@@ -73,6 +73,14 @@ export default class JacobianPoint extends BasePoint {
     }
 
     this.zOne = this.z === this.curve.one
+
+    // --- Canonicalize point at infinity ---
+    if (this.isInfinity()) {
+      this.x = this.curve.one
+      this.y = this.curve.one
+      this.z = new BigNumber(0).toRed(this.curve.red)
+      this.zOne = false
+    }
   }
 
   /**
@@ -361,9 +369,18 @@ export default class JacobianPoint extends BasePoint {
       return true
     }
 
+    p = p as JacobianPoint
+
+    // --- Infinity handling ---
+    if (this.isInfinity() && p.isInfinity()) {
+      return true
+    }
+    if (this.isInfinity() !== p.isInfinity()) {
+      return false
+    }
+
     // x1 * z2^2 == x2 * z1^2
     const z2 = this.z.redSqr()
-    p = p as JacobianPoint
     const pz2 = p.z.redSqr()
     if (this.x.redMul(pz2).redISub(p.x.redMul(z2)).cmpn(0) !== 0) {
       return false

package/src/primitives/Point.ts

@@ -445,6 +445,10 @@ export default class Point extends BasePoint {
    * const encodedPointHex = aPoint.encode(true, 'hex');
    */
   encode (compact: boolean = true, enc?: 'hex'): number[] | string {
+    if (this.inf) {
+      if (enc === 'hex') return '00'
+      return [0x00]
+    }
     const len = this.curve.p.byteLength()
     const x = this.getX().toArray('be', len)
     let res: number[]

package/src/primitives/__tests/Curve.unit.test.ts

@@ -212,3 +212,66 @@ describe('Point codec', () => {
     makeShortTest(shortPointOddY)
   )
 })
+
+describe('JacobianPoint – Infinity handling and equality (TOB-18)', () => {
+  function J(x: any, y: any, z: any) {
+    return new JPoint(x, y, z)
+  }
+
+  it('Multiple infinity representations are canonicalized and equal', () => {
+    const inf1 = J(null, null, null)
+    const inf2 = J('0', '0', '0')
+    const inf3 = J(new BigNumber(0), new BigNumber(0), new BigNumber(0))
+
+    expect(inf1.isInfinity()).toBe(true)
+    expect(inf2.isInfinity()).toBe(true)
+    expect(inf3.isInfinity()).toBe(true)
+
+    expect(inf1.eq(inf2)).toBe(true)
+    expect(inf2.eq(inf3)).toBe(true)
+    expect(inf1.eq(inf3)).toBe(true)
+  })
+
+  it('Infinity must not equal a finite point', () => {
+    const inf = J(null, null, null)
+
+    const good = J(
+      new BigNumber('e7789226', 16),
+      new BigNumber('4b76b191', 16),
+      new BigNumber('cbf8d990', 16)
+    )
+
+    expect(inf.eq(good)).toBe(false)
+    expect(good.eq(inf)).toBe(false)
+  })
+
+  it('Infinity equals infinity (canonicalized)', () => {
+    const inf1 = J(null, null, null)
+    const inf2 = J('0', '0', '0')
+
+    expect(inf1.eq(inf2)).toBe(true)
+    expect(inf2.eq(inf1)).toBe(true)
+  })
+
+  it('Infinity is detected when z is zero in RED form', () => {
+    const redZero = new BigNumber(0).toRed(new Curve().red)
+    const p = J('1', '2', redZero)
+
+    expect(p.isInfinity()).toBe(true)
+
+    const clean = J(null, null, null)
+    expect(p.eq(clean)).toBe(true)
+    expect(clean.eq(p)).toBe(true)
+  })
+
+  it('eq() must handle mixed canonical and non-canonical infinity cases', () => {
+    const canonical = J(null, null, null)
+    const messy = J('1', '1', new BigNumber(0))
+
+    expect(messy.isInfinity()).toBe(true)
+    expect(canonical.eq(messy)).toBe(true)
+    expect(messy.eq(canonical)).toBe(true)
+  })
+})
+
+

package/src/primitives/__tests/utils.test.ts

@@ -11,6 +11,7 @@ import {
   toBase58Check,
   verifyNotNull
 } from '../../primitives/utils'
+import Point from '../../primitives/Point'
 
 describe('utils', () => {
   it('should convert to array', () => {
@@ -359,3 +360,19 @@ describe('toUTF8 strict UTF-8 decoding (TOB-21)', () => {
 
 })
 
+describe('Point.encode infinity handling', () => {
+  it('encodes infinity as 00 (array)', () => {
+    const p = new Point(null, null)
+    expect(p.encode()).toEqual([0x00])
+  })
+
+  it('encodes infinity as 00 (hex)', () => {
+    const p = new Point(null, null)
+    expect(p.encode(true, 'hex')).toBe('00')
+  })
+
+  it('does not throw for infinity', () => {
+    const p = new Point(null, null)
+    expect(() => p.encode()).not.toThrow()
+  })
+})

package/src/primitives/index.ts

@@ -5,7 +5,6 @@ export { default as PublicKey } from './PublicKey.js'
 export { default as Signature } from './Signature.js'
 export { default as PrivateKey, KeyShares } from './PrivateKey.js'
 export { default as SymmetricKey } from './SymmetricKey.js'
-export { default as DRBG } from './DRBG.js'
 export * as ECDSA from './ECDSA.js'
 export * as Utils from './utils.js'
 export * as Hash from './Hash.js'