@bsv/sdk 1.9.24 → 1.9.30

package/src/primitives/Point.ts

@@ -3,6 +3,21 @@ import JPoint from './JacobianPoint.js'
 import BigNumber from './BigNumber.js'
 import { toArray, toHex } from './utils.js'
 
+function ctSwap (
+  swap: bigint,
+  a: JacobianPointBI,
+  b: JacobianPointBI
+): void {
+  const mask = -swap
+  const swapX = (a.X ^ b.X) & mask
+  const swapY = (a.Y ^ b.Y) & mask
+  const swapZ = (a.Z ^ b.Z) & mask
+
+  a.X ^= swapX; b.X ^= swapX
+  a.Y ^= swapY; b.Y ^= swapY
+  a.Z ^= swapZ; b.Z ^= swapZ
+}
+
 // -----------------------------------------------------------------------------
 // BigInt helpers & constants (secp256k1) – hoisted so we don't recreate them on
 // every Point.mul() call.
@@ -44,14 +59,17 @@ export const biModInv = (a: bigint): bigint => { // binary‑ext GCD
 export const biModSqr = (a: bigint): bigint => biModMul(a, a)
 
 export const biModPow = (base: bigint, exp: bigint): bigint => {
-  let result = BI_ONE
+  let result = 1n
   base = biMod(base)
-  let e = exp
-  while (e > BI_ZERO) {
-    if ((e & BI_ONE) === BI_ONE) result = biModMul(result, base)
+
+  while (exp > 0n) {
+    if ((exp & 1n) !== 0n) {
+      result = biModMul(result, base)
+    }
     base = biModMul(base, base)
-    e >>= BI_ONE
+    exp >>= 1n
   }
+
   return result
 }
 
@@ -59,7 +77,12 @@ export const P_PLUS1_DIV4 = (P_BIGINT + 1n) >> 2n
 
 export const biModSqrt = (a: bigint): bigint | null => {
   const r = biModPow(a, P_PLUS1_DIV4)
-  return biModMul(r, r) === biMod(a) ? r : null
+
+  if (biModMul(r, r) !== biMod(a)) {
+    return null
+  }
+
+  return r
 }
 
 const toBigInt = (x: BigNumber | number | number[] | string): bigint => {
@@ -94,6 +117,10 @@ export const jpDouble = (P: JacobianPointBI): JacobianPointBI => {
   return { X: X3, Y: Y3, Z: Z3 }
 }
 
+// NOTE:
+// jpAdd contains conditional branches.
+// In mulCT, jpAdd and jpDouble are executed in a fixed pattern
+// independent of scalar bits, satisfying TOB-4 constant-time requirements.
 export const jpAdd = (P: JacobianPointBI, Q: JacobianPointBI): JacobianPointBI => {
   if (P.Z === BI_ZERO) return Q
   if (Q.Z === BI_ZERO) return P
@@ -220,6 +247,13 @@ export default class Point extends BasePoint {
   y: BigNumber | null
   inf: boolean
 
+  static _assertOnCurve (p: Point): Point {
+    if (!p.validate()) {
+      throw new Error('Invalid point')
+    }
+    return p
+  }
+
   /**
    * Creates a point object from a given Array. These numbers can represent coordinates in hex format, or points
    * in multiple established formats.
@@ -238,7 +272,6 @@ export default class Point extends BasePoint {
    */
   static fromDER (bytes: number[]): Point {
     const len = 32
-    // uncompressed, hybrid-odd, hybrid-even
     if (
       (bytes[0] === 0x04 || bytes[0] === 0x06 || bytes[0] === 0x07) &&
       bytes.length - 1 === 2 * len
@@ -258,12 +291,14 @@ export default class Point extends BasePoint {
         bytes.slice(1 + len, 1 + 2 * len)
       )
 
-      return res
+      return Point._assertOnCurve(res)
     } else if (
       (bytes[0] === 0x02 || bytes[0] === 0x03) &&
       bytes.length - 1 === len
     ) {
-      return Point.fromX(bytes.slice(1, 1 + len), bytes[0] === 0x03)
+      return Point._assertOnCurve(
+        Point.fromX(bytes.slice(1, 1 + len), bytes[0] === 0x03)
+      )
     }
     throw new Error('Unknown point format')
   }
@@ -287,7 +322,7 @@ export default class Point extends BasePoint {
    */
   static fromString (str: string): Point {
     const bytes = toArray(str, 'hex')
-    return Point.fromDER(bytes)
+    return Point._assertOnCurve(Point.fromDER(bytes))
   }
 
   /**
@@ -308,16 +343,22 @@ export default class Point extends BasePoint {
   static fromX (x: BigNumber | number | number[] | string, odd: boolean): Point {
     let xBigInt = toBigInt(x)
     xBigInt = biMod(xBigInt)
+
     const y2 = biModAdd(biModMul(biModSqr(xBigInt), xBigInt), 7n)
     const y = biModSqrt(y2)
-    if (y === null) throw new Error('Invalid point')
+    if (y === null) {
+      throw new Error('Invalid point')
+    }
+
     let yBig = y
     if ((yBig & BI_ONE) !== (odd ? BI_ONE : BI_ZERO)) {
       yBig = biModSub(P_BIGINT, yBig)
     }
+
     const xBN = new BigNumber(xBigInt.toString(16), 16)
     const yBN = new BigNumber(yBig.toString(16), 16)
-    return new Point(xBN, yBN)
+
+    return Point._assertOnCurve(new Point(xBN, yBN))
   }
 
   /**
@@ -339,33 +380,45 @@ export default class Point extends BasePoint {
     if (typeof obj === 'string') {
       obj = JSON.parse(obj)
     }
-    const res = new Point(obj[0], obj[1], isRed)
-    if (typeof obj[2] !== 'object') {
+
+    let res = new Point(obj[0], obj[1], isRed)
+    res = Point._assertOnCurve(res)
+
+    if (typeof obj[2] !== 'object' || obj[2] === null) {
       return res
     }
 
-    const obj2point = (obj): Point => {
-      return new Point(obj[0], obj[1], isRed)
+    const pre = obj[2]
+
+    const obj2point = (p): Point => {
+      const pt = new Point(p[0], p[1], isRed)
+      return Point._assertOnCurve(pt)
     }
 
-    const pre = obj[2]
     res.precomputed = {
       beta: null,
+
       doubles:
         typeof pre.doubles === 'object' && pre.doubles !== null
           ? {
               step: pre.doubles.step,
-              points: [res].concat(pre.doubles.points.map(obj2point))
+              points: [res].concat(
+                pre.doubles.points.map(obj2point)
+              )
             }
           : undefined,
+
       naf:
         typeof pre.naf === 'object' && pre.naf !== null
           ? {
               wnd: pre.naf.wnd,
-              points: [res].concat(pre.naf.points.map(obj2point))
+              points: [res].concat(
+                pre.naf.points.map(obj2point)
+              )
             }
           : undefined
     }
+
     return res
   }
 
@@ -426,7 +479,20 @@ export default class Point extends BasePoint {
    * const isValid = aPoint.validate();
    */
   validate (): boolean {
-    return this.curve.validate(this)
+    if (this.inf || this.x == null || this.y == null) return false
+
+    try {
+      const xBig = BigInt('0x' + this.x.fromRed().toString(16))
+      const yBig = BigInt('0x' + this.y.fromRed().toString(16))
+
+      // compute y² and x³ + 7 using bigint-secure field ops
+      const lhs = biModMul(yBig, yBig)
+      const rhs = biModAdd(biModMul(biModMul(xBig, xBig), xBig), 7n)
+
+      return lhs === rhs
+    } catch {
+      return false
+    }
   }
 
   /**
@@ -687,13 +753,17 @@ export default class Point extends BasePoint {
       return this
     }
 
-    let kBig = BigInt('0x' + k.toString(16))
-    const isNeg = kBig < BI_ZERO
-    if (isNeg) kBig = -kBig
+    const isNeg = k.isNeg()
+    const kAbs = isNeg ? k.neg() : k
+    let kBig = BigInt('0x' + kAbs.toString(16))
+
     kBig = biMod(kBig)
     if (kBig === BI_ZERO) {
       return new Point(null, null)
     }
+    if (kBig === BI_ZERO) {
+      return new Point(null, null)
+    }
 
     if (this.x === null || this.y === null) {
       throw new Error('Point coordinates cannot be null')
@@ -727,6 +797,55 @@ export default class Point extends BasePoint {
     return result
   }
 
+  mulCT (k: BigNumber | number | number[] | string): Point {
+    if (!BigNumber.isBN(k)) {
+      k = new BigNumber(k as any, 16)
+    }
+    k = k as BigNumber
+
+    if (this.inf) return new Point(null, null)
+
+    // ✅ SAFE sign handling (this is the fix)
+    const isNeg = k.isNeg()
+    const kAbs = isNeg ? k.neg() : k
+    let kBig = BigInt('0x' + kAbs.toString(16))
+
+    kBig = biMod(kBig)
+    if (kBig === 0n) return new Point(null, null)
+
+    const Px =
+      this === this.curve.g
+        ? GX_BIGINT
+        : BigInt('0x' + this.getX().toString(16))
+
+    const Py =
+      this === this.curve.g
+        ? GY_BIGINT
+        : BigInt('0x' + this.getY().toString(16))
+
+    let R0: JacobianPointBI = { X: 0n, Y: 1n, Z: 0n }
+    let R1: JacobianPointBI = { X: Px, Y: Py, Z: 1n }
+
+    const bits = kBig.toString(2)
+    for (let i = 0; i < bits.length; i++) {
+      const bit = bits[i] === '1' ? 1n : 0n
+      ctSwap(bit, R0, R1)
+      R1 = jpAdd(R0, R1)
+      R0 = jpDouble(R0)
+      ctSwap(bit, R0, R1)
+    }
+
+    if (R0.Z === 0n) return new Point(null, null)
+
+    const zInv = biModInv(R0.Z)
+    const zInv2 = biModMul(zInv, zInv)
+    const x = biModMul(R0.X, zInv2)
+    const y = biModMul(R0.Y, biModMul(zInv2, zInv))
+
+    const result = new Point(x.toString(16), y.toString(16))
+    return isNeg ? result.neg() : result
+  }
+
   /**
    * Performs a multiplication and addition operation in a single step.
    * Multiplies this Point by k1, adds the resulting Point to the result of p2 multiplied by k2.

package/src/primitives/PrivateKey.ts

@@ -260,7 +260,7 @@ export default class PrivateKey extends BigNumber {
    */
   toPublicKey (): PublicKey {
     const c = new Curve()
-    const p = c.g.mul(this)
+    const p = c.g.mulCT(this)
     return new PublicKey(p.x, p.y)
   }
 
@@ -352,7 +352,7 @@ export default class PrivateKey extends BigNumber {
     if (!key.validate()) {
       throw new Error('Public key not valid for ECDH secret derivation')
     }
-    return key.mul(this)
+    return key.mulCT(this)
   }
 
   /**

package/src/primitives/PublicKey.ts

@@ -114,7 +114,7 @@ export default class PublicKey extends Point {
     if (!this.validate()) {
       throw new Error('Public key not valid for ECDH secret derivation')
     }
-    return this.mul(priv)
+    return this.mulCT(priv)
   }
 
   /**

package/src/primitives/SymmetricKey.ts

@@ -41,19 +41,27 @@ export default class SymmetricKey extends BigNumber {
    * const encryptedMessage = key.encrypt('plainText', 'utf8');
    */
   encrypt (msg: number[] | string, enc?: 'hex'): string | number[] {
-    const iv = Random(32)
-    msg = toArray(msg, enc)
-    const keyBytes = this.toArray('be', 32)
-    const { result, authenticationTag } = AESGCM(msg, [], iv, keyBytes)
+    const iv = new Uint8Array(Random(32))
+    const msgBytes = new Uint8Array(toArray(msg, enc))
+    const keyBytes = new Uint8Array(this.toArray('be', 32))
+
+    const { result, authenticationTag } = AESGCM(
+      msgBytes,
+      iv,
+      keyBytes
+    )
+
     const totalLength = iv.length + result.length + authenticationTag.length
-    const combined = new Array(totalLength)
+    const combined = new Uint8Array(totalLength)
     let offset = 0
-    for (const chunk of [iv, result, authenticationTag]) {
-      for (let i = 0; i < chunk.length; i++) {
-        combined[offset++] = chunk[i]
-      }
-    }
-    return encode(combined, enc)
+
+    combined.set(iv, offset)
+    offset += iv.length
+    combined.set(result, offset)
+    offset += result.length
+    combined.set(authenticationTag, offset)
+
+    return encode(Array.from(combined), enc)
   }
 
   /**
@@ -73,30 +81,30 @@ export default class SymmetricKey extends BigNumber {
    * @throws {Error} Will throw an error if the decryption fails, likely due to message tampering or incorrect decryption key.
    */
   decrypt (msg: number[] | string, enc?: 'hex' | 'utf8'): string | number[] {
-    msg = toArray(msg, enc)
+    const msgBytes = new Uint8Array(toArray(msg, enc))
 
     const ivLength = 32
     const tagLength = 16
 
-    if (msg.length < ivLength + tagLength) {
+    if (msgBytes.length < ivLength + tagLength) {
       throw new Error('Ciphertext too short')
     }
 
-    const iv = msg.slice(0, ivLength)
-    const tagStart = msg.length - tagLength
-    const ciphertext = msg.slice(ivLength, tagStart)
-    const messageTag = msg.slice(tagStart)
+    const iv = msgBytes.slice(0, ivLength)
+    const tagStart = msgBytes.length - tagLength
+    const ciphertext = msgBytes.slice(ivLength, tagStart)
+    const messageTag = msgBytes.slice(tagStart)
 
+    const keyBytes = new Uint8Array(this.toArray('be', 32))
     const result = AESGCMDecrypt(
       ciphertext,
-      [],
       iv,
       messageTag,
-      this.toArray('be', 32)
+      keyBytes
     )
     if (result === null) {
       throw new Error('Decryption failed!')
     }
-    return encode(result, enc)
+    return encode(Array.from(result), enc)
   }
 }