@gjsify/crypto 0.3.13 → 0.3.15

package/lib/esm/ecdh.js

@@ -1,356 +1,438 @@
-import { Buffer } from "node:buffer";
-import { randomBytes } from "./random.js";
 import { modPow } from "./bigint-math.js";
+import { randomBytes } from "./random.js";
+import { Buffer } from "node:buffer";
+
+//#region src/ecdh.ts
 const CURVES = {
-  secp256k1: {
-    p: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2Fn,
-    a: 0n,
-    b: 7n,
-    Gx: 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798n,
-    Gy: 0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8n,
-    n: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141n,
-    byteLength: 32
-  },
-  prime256v1: {
-    p: 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFn,
-    a: 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFn - 3n,
-    b: 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604Bn,
-    Gx: 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296n,
-    Gy: 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5n,
-    n: 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551n,
-    byteLength: 32
-  },
-  secp384r1: {
-    p: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFFn,
-    a: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFFn - 3n,
-    b: 0xB3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEFn,
-    Gx: 0xAA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7n,
-    Gy: 0x3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5Fn,
-    n: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973n,
-    byteLength: 48
-  },
-  secp521r1: {
-    p: 0x01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFn,
-    a: 0x01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFn - 3n,
-    b: 0x0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00n,
-    Gx: 0x00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66n,
-    Gy: 0x011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650n,
-    n: 0x01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409n,
-    byteLength: 66
-  }
+	secp256k1: {
+		p: 115792089237316195423570985008687907853269984665640564039457584007908834671663n,
+		a: 0n,
+		b: 7n,
+		Gx: 55066263022277343669578718895168534326250603453777594175500187360389116729240n,
+		Gy: 32670510020758816978083085130507043184471273380659243275938904335757337482424n,
+		n: 115792089237316195423570985008687907852837564279074904382605163141518161494337n,
+		byteLength: 32
+	},
+	prime256v1: {
+		p: 115792089210356248762697446949407573530086143415290314195533631308867097853951n,
+		a: 115792089210356248762697446949407573530086143415290314195533631308867097853951n - 3n,
+		b: 41058363725152142129326129780047268409114441015993725554835256314039467401291n,
+		Gx: 48439561293906451759052585252797914202762949526041747995844080717082404635286n,
+		Gy: 36134250956749795798585127919587881956611106672985015071877198253568414405109n,
+		n: 115792089210356248762697446949407573529996955224135760342422259061068512044369n,
+		byteLength: 32
+	},
+	secp384r1: {
+		p: 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319n,
+		a: 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319n - 3n,
+		b: 27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575n,
+		Gx: 26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087n,
+		Gy: 8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871n,
+		n: 39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643n,
+		byteLength: 48
+	},
+	secp521r1: {
+		p: 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151n,
+		a: 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151n - 3n,
+		b: 1093849038073734274511112390766805569936207598951683748994586394495953116150735016013708737573759623248592132296706313309438452531591012912142327488478985984n,
+		Gx: 2661740802050217063228768716723360960729859168756973147706671368418802944996427808491545080627771902352094241225065558662157113545570916814161637315895999846n,
+		Gy: 3757180025770020463545507224491183603594455134769762486694567779615544477440556316691234405012945539562144444537289428522585666729196580810124344277578376784n,
+		n: 6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449n,
+		byteLength: 66
+	}
 };
 const CURVE_ALIASES = {
-  "secp256k1": "secp256k1",
-  "prime256v1": "prime256v1",
-  "secp256r1": "prime256v1",
-  "p-256": "prime256v1",
-  "p256": "prime256v1",
-  "secp384r1": "secp384r1",
-  "p-384": "secp384r1",
-  "p384": "secp384r1",
-  "secp521r1": "secp521r1",
-  "p-521": "secp521r1",
-  "p521": "secp521r1"
+	"secp256k1": "secp256k1",
+	"prime256v1": "prime256v1",
+	"secp256r1": "prime256v1",
+	"p-256": "prime256v1",
+	"p256": "prime256v1",
+	"secp384r1": "secp384r1",
+	"p-384": "secp384r1",
+	"p384": "secp384r1",
+	"secp521r1": "secp521r1",
+	"p-521": "secp521r1",
+	"p521": "secp521r1"
 };
+/**
+* Non-negative modulus: always returns a value in [0, mod).
+*/
 function mod(a, m) {
-  const r = a % m;
-  return r < 0n ? r + m : r;
+	const r = a % m;
+	return r < 0n ? r + m : r;
 }
+/**
+* Modular multiplicative inverse using extended Euclidean algorithm.
+* Returns x such that (a * x) mod m = 1.
+* Throws if a and m are not coprime.
+*/
 function modInverse(a, m) {
-  a = mod(a, m);
-  if (a === 0n) {
-    throw new Error("No modular inverse for zero");
-  }
-  let [old_r, r] = [a, m];
-  let [old_s, s] = [1n, 0n];
-  while (r !== 0n) {
-    const q = old_r / r;
-    [old_r, r] = [r, old_r - q * r];
-    [old_s, s] = [s, old_s - q * s];
-  }
-  if (old_r !== 1n) {
-    throw new Error("Modular inverse does not exist");
-  }
-  return mod(old_s, m);
+	a = mod(a, m);
+	if (a === 0n) {
+		throw new Error("No modular inverse for zero");
+	}
+	let [old_r, r] = [a, m];
+	let [old_s, s] = [1n, 0n];
+	while (r !== 0n) {
+		const q = old_r / r;
+		[old_r, r] = [r, old_r - q * r];
+		[old_s, s] = [s, old_s - q * s];
+	}
+	if (old_r !== 1n) {
+		throw new Error("Modular inverse does not exist");
+	}
+	return mod(old_s, m);
 }
+/**
+* Add two points on the curve.
+* Returns the point at infinity (null) when appropriate.
+*/
 function pointAdd(P, Q, curve) {
-  if (P === null) return Q;
-  if (Q === null) return P;
-  const { p } = curve;
-  if (P.x === Q.x) {
-    if (mod(P.y + Q.y, p) === 0n) {
-      return null;
-    }
-    return pointDouble(P, curve);
-  }
-  const dx = mod(Q.x - P.x, p);
-  const dy = mod(Q.y - P.y, p);
-  const lambda = mod(dy * modInverse(dx, p), p);
-  const x3 = mod(lambda * lambda - P.x - Q.x, p);
-  const y3 = mod(lambda * (P.x - x3) - P.y, p);
-  return { x: x3, y: y3 };
+	if (P === null) return Q;
+	if (Q === null) return P;
+	const { p } = curve;
+	if (P.x === Q.x) {
+		if (mod(P.y + Q.y, p) === 0n) {
+			return null;
+		}
+		return pointDouble(P, curve);
+	}
+	const dx = mod(Q.x - P.x, p);
+	const dy = mod(Q.y - P.y, p);
+	const lambda = mod(dy * modInverse(dx, p), p);
+	const x3 = mod(lambda * lambda - P.x - Q.x, p);
+	const y3 = mod(lambda * (P.x - x3) - P.y, p);
+	return {
+		x: x3,
+		y: y3
+	};
 }
+/**
+* Double a point on the curve.
+*/
 function pointDouble(P, curve) {
-  if (P === null) return null;
-  const { a, p } = curve;
-  if (P.y === 0n) return null;
-  const num = mod(3n * P.x * P.x + a, p);
-  const den = mod(2n * P.y, p);
-  const lambda = mod(num * modInverse(den, p), p);
-  const x3 = mod(lambda * lambda - 2n * P.x, p);
-  const y3 = mod(lambda * (P.x - x3) - P.y, p);
-  return { x: x3, y: y3 };
+	if (P === null) return null;
+	const { a, p } = curve;
+	if (P.y === 0n) return null;
+	const num = mod(3n * P.x * P.x + a, p);
+	const den = mod(2n * P.y, p);
+	const lambda = mod(num * modInverse(den, p), p);
+	const x3 = mod(lambda * lambda - 2n * P.x, p);
+	const y3 = mod(lambda * (P.x - x3) - P.y, p);
+	return {
+		x: x3,
+		y: y3
+	};
 }
+/**
+* Scalar multiplication using the double-and-add method (constant-time-ish
+* with respect to the bit length of the scalar, but not fully
+* constant-time — acceptable since we are not a production crypto library
+* and match the behaviour of refs/create-ecdh which uses elliptic.js).
+*
+* Uses a fixed-window approach of width 1 (Montgomery ladder variant) to
+* avoid the most trivial timing leaks.
+*/
 function scalarMul(k, P, curve) {
-  if (P === null) return null;
-  if (k === 0n) return null;
-  const { n } = curve;
-  k = mod(k, n);
-  if (k === 0n) return null;
-  let R0 = null;
-  let R1 = P;
-  const bits = k.toString(2);
-  for (let i = 0; i < bits.length; i++) {
-    if (bits[i] === "1") {
-      R0 = pointAdd(R0, R1, curve);
-      R1 = pointDouble(R1, curve);
-    } else {
-      R1 = pointAdd(R0, R1, curve);
-      R0 = pointDouble(R0, curve);
-    }
-  }
-  return R0;
+	if (P === null) return null;
+	if (k === 0n) return null;
+	const { n } = curve;
+	k = mod(k, n);
+	if (k === 0n) return null;
+	let R0 = null;
+	let R1 = P;
+	const bits = k.toString(2);
+	for (let i = 0; i < bits.length; i++) {
+		if (bits[i] === "1") {
+			R0 = pointAdd(R0, R1, curve);
+			R1 = pointDouble(R1, curve);
+		} else {
+			R1 = pointAdd(R0, R1, curve);
+			R0 = pointDouble(R0, curve);
+		}
+	}
+	return R0;
 }
+/**
+* Convert a BigInt to a Buffer of exactly `len` bytes (big-endian,
+* zero-padded on the left).
+*/
 function bigintToBuffer(n, len) {
-  const hex = n.toString(16).padStart(len * 2, "0");
-  return Buffer.from(hex, "hex");
+	const hex = n.toString(16).padStart(len * 2, "0");
+	return Buffer.from(hex, "hex");
 }
+/**
+* Convert a Buffer (big-endian unsigned) to a BigInt.
+*/
 function bufferToBigint(buf) {
-  const hex = Buffer.from(buf).toString("hex");
-  if (hex.length === 0) return 0n;
-  return BigInt("0x" + hex);
+	const hex = Buffer.from(buf).toString("hex");
+	if (hex.length === 0) return 0n;
+	return BigInt("0x" + hex);
 }
+/**
+* Encode a public key point to a Buffer.
+*
+* Formats:
+*   'uncompressed' (default) — 0x04 || x || y
+*   'compressed'             — 0x02 (even y) or 0x03 (odd y) || x
+*   'hybrid'                 — 0x06 (even y) or 0x07 (odd y) || x || y
+*/
 function encodePublicKey(point, byteLength, format = "uncompressed") {
-  if (point === null) {
-    throw new Error("Cannot encode the point at infinity");
-  }
-  const xBuf = bigintToBuffer(point.x, byteLength);
-  if (format === "compressed") {
-    const prefix = point.y % 2n === 0n ? 2 : 3;
-    return Buffer.concat([Buffer.from([prefix]), xBuf]);
-  }
-  const yBuf = bigintToBuffer(point.y, byteLength);
-  if (format === "hybrid") {
-    const prefix = point.y % 2n === 0n ? 6 : 7;
-    return Buffer.concat([Buffer.from([prefix]), xBuf, yBuf]);
-  }
-  return Buffer.concat([Buffer.from([4]), xBuf, yBuf]);
+	if (point === null) {
+		throw new Error("Cannot encode the point at infinity");
+	}
+	const xBuf = bigintToBuffer(point.x, byteLength);
+	if (format === "compressed") {
+		const prefix = point.y % 2n === 0n ? 2 : 3;
+		return Buffer.concat([Buffer.from([prefix]), xBuf]);
+	}
+	const yBuf = bigintToBuffer(point.y, byteLength);
+	if (format === "hybrid") {
+		const prefix = point.y % 2n === 0n ? 6 : 7;
+		return Buffer.concat([
+			Buffer.from([prefix]),
+			xBuf,
+			yBuf
+		]);
+	}
+	return Buffer.concat([
+		Buffer.from([4]),
+		xBuf,
+		yBuf
+	]);
 }
+/**
+* Decode a public key from a Buffer to an ECPoint.
+*
+* Supports uncompressed (0x04), compressed (0x02/0x03), and hybrid (0x06/0x07).
+*/
 function decodePublicKey(buf, curve) {
-  const data = Buffer.from(buf);
-  if (data.length === 0) {
-    throw new Error("Invalid public key: empty buffer");
-  }
-  const prefix = data[0];
-  const { p, a, b, byteLength } = curve;
-  if (prefix === 4 || prefix === 6 || prefix === 7) {
-    if (data.length !== 1 + 2 * byteLength) {
-      throw new Error(
-        `Invalid public key length: expected ${1 + 2 * byteLength} bytes, got ${data.length}`
-      );
-    }
-    const x = bufferToBigint(data.subarray(1, 1 + byteLength));
-    const y = bufferToBigint(data.subarray(1 + byteLength));
-    const lhs = mod(y * y, p);
-    const rhs = mod(x * x * x + a * x + b, p);
-    if (lhs !== rhs) {
-      throw new Error("Invalid public key: point is not on the curve");
-    }
-    return { x, y };
-  }
-  if (prefix === 2 || prefix === 3) {
-    if (data.length !== 1 + byteLength) {
-      throw new Error(
-        `Invalid public key length: expected ${1 + byteLength} bytes, got ${data.length}`
-      );
-    }
-    const x = bufferToBigint(data.subarray(1, 1 + byteLength));
-    const ySquared = mod(x * x * x + a * x + b, p);
-    const y = sqrtMod(ySquared, p);
-    if (y === null) {
-      throw new Error("Invalid public key: no valid y coordinate for the given x");
-    }
-    const isOdd = prefix === 3;
-    const finalY = y % 2n !== 0n === isOdd ? y : mod(p - y, p);
-    return { x, y: finalY };
-  }
-  throw new Error(`Invalid public key prefix: 0x${prefix.toString(16).padStart(2, "0")}`);
+	const data = Buffer.from(buf);
+	if (data.length === 0) {
+		throw new Error("Invalid public key: empty buffer");
+	}
+	const prefix = data[0];
+	const { p, a, b, byteLength } = curve;
+	if (prefix === 4 || prefix === 6 || prefix === 7) {
+		if (data.length !== 1 + 2 * byteLength) {
+			throw new Error(`Invalid public key length: expected ${1 + 2 * byteLength} bytes, got ${data.length}`);
+		}
+		const x = bufferToBigint(data.subarray(1, 1 + byteLength));
+		const y = bufferToBigint(data.subarray(1 + byteLength));
+		const lhs = mod(y * y, p);
+		const rhs = mod(x * x * x + a * x + b, p);
+		if (lhs !== rhs) {
+			throw new Error("Invalid public key: point is not on the curve");
+		}
+		return {
+			x,
+			y
+		};
+	}
+	if (prefix === 2 || prefix === 3) {
+		if (data.length !== 1 + byteLength) {
+			throw new Error(`Invalid public key length: expected ${1 + byteLength} bytes, got ${data.length}`);
+		}
+		const x = bufferToBigint(data.subarray(1, 1 + byteLength));
+		const ySquared = mod(x * x * x + a * x + b, p);
+		const y = sqrtMod(ySquared, p);
+		if (y === null) {
+			throw new Error("Invalid public key: no valid y coordinate for the given x");
+		}
+		const isOdd = prefix === 3;
+		const finalY = y % 2n !== 0n === isOdd ? y : mod(p - y, p);
+		return {
+			x,
+			y: finalY
+		};
+	}
+	throw new Error(`Invalid public key prefix: 0x${prefix.toString(16).padStart(2, "0")}`);
 }
+/**
+* Compute the modular square root of a modulo p (Tonelli-Shanks algorithm).
+*
+* For the special case p ≡ 3 (mod 4), uses the simpler formula: a^((p+1)/4) mod p.
+* All four supported NIST curves have p ≡ 3 (mod 4), but we include
+* Tonelli-Shanks for completeness.
+*
+* Returns null if a is not a quadratic residue mod p.
+*/
 function sqrtMod(a, p) {
-  a = mod(a, p);
-  if (a === 0n) return 0n;
-  if (modPow(a, (p - 1n) / 2n, p) !== 1n) {
-    return null;
-  }
-  if (mod(p, 4n) === 3n) {
-    return modPow(a, (p + 1n) / 4n, p);
-  }
-  let S = 0n;
-  let Q = p - 1n;
-  while (mod(Q, 2n) === 0n) {
-    Q /= 2n;
-    S++;
-  }
-  let z = 2n;
-  while (modPow(z, (p - 1n) / 2n, p) !== p - 1n) {
-    z++;
-  }
-  let M = S;
-  let c = modPow(z, Q, p);
-  let t = modPow(a, Q, p);
-  let R = modPow(a, (Q + 1n) / 2n, p);
-  while (true) {
-    if (t === 0n) return 0n;
-    if (t === 1n) return R;
-    let i = 1n;
-    let temp = mod(t * t, p);
-    while (temp !== 1n) {
-      temp = mod(temp * temp, p);
-      i++;
-    }
-    const b = modPow(c, modPow(2n, M - i - 1n, p - 1n), p);
-    M = i;
-    c = mod(b * b, p);
-    t = mod(t * c, p);
-    R = mod(R * b, p);
-  }
+	a = mod(a, p);
+	if (a === 0n) return 0n;
+	if (modPow(a, (p - 1n) / 2n, p) !== 1n) {
+		return null;
+	}
+	if (mod(p, 4n) === 3n) {
+		return modPow(a, (p + 1n) / 4n, p);
+	}
+	let S = 0n;
+	let Q = p - 1n;
+	while (mod(Q, 2n) === 0n) {
+		Q /= 2n;
+		S++;
+	}
+	let z = 2n;
+	while (modPow(z, (p - 1n) / 2n, p) !== p - 1n) {
+		z++;
+	}
+	let M = S;
+	let c = modPow(z, Q, p);
+	let t = modPow(a, Q, p);
+	let R = modPow(a, (Q + 1n) / 2n, p);
+	while (true) {
+		if (t === 0n) return 0n;
+		if (t === 1n) return R;
+		let i = 1n;
+		let temp = mod(t * t, p);
+		while (temp !== 1n) {
+			temp = mod(temp * temp, p);
+			i++;
+		}
+		const b = modPow(c, modPow(2n, M - i - 1n, p - 1n), p);
+		M = i;
+		c = mod(b * b, p);
+		t = mod(t * c, p);
+		R = mod(R * b, p);
+	}
 }
+/**
+* Coerce an input value to a Buffer. Accepts Buffer, Uint8Array, or a string
+* with an optional encoding.
+*/
 function toBuffer(value, encoding) {
-  if (Buffer.isBuffer(value)) return value;
-  if (value instanceof Uint8Array) return Buffer.from(value);
-  if (typeof value === "string") {
-    return Buffer.from(value, encoding || "utf8");
-  }
-  if (ArrayBuffer.isView(value)) {
-    return Buffer.from(value.buffer, value.byteOffset, value.byteLength);
-  }
-  throw new TypeError(
-    'The "key" argument must be of type string or an instance of Buffer, TypedArray, or DataView.'
-  );
+	if (Buffer.isBuffer(value)) return value;
+	if (value instanceof Uint8Array) return Buffer.from(value);
+	if (typeof value === "string") {
+		return Buffer.from(value, encoding || "utf8");
+	}
+	if (ArrayBuffer.isView(value)) {
+		return Buffer.from(value.buffer, value.byteOffset, value.byteLength);
+	}
+	throw new TypeError("The \"key\" argument must be of type string or an instance of Buffer, TypedArray, or DataView.");
 }
+/**
+* Optionally encode a Buffer to a string. If encoding is null/undefined,
+* return the raw Buffer.
+*/
 function formatReturnValue(buf, encoding) {
-  if (encoding) {
-    return buf.toString(encoding);
-  }
-  return buf;
+	if (encoding) {
+		return buf.toString(encoding);
+	}
+	return buf;
 }
 function resolveCurve(curveName) {
-  const lower = curveName.toLowerCase();
-  const canonical = CURVE_ALIASES[lower];
-  if (!canonical) {
-    throw new Error(`Unsupported curve: ${curveName}`);
-  }
-  const params = CURVES[canonical];
-  if (!params) {
-    throw new Error(`Unsupported curve: ${curveName}`);
-  }
-  return { canonical, params };
-}
-class ECDH {
-  _curve;
-  _curveName;
-  _privateKey = null;
-  _publicKey = null;
-  constructor(curveName) {
-    const resolved = resolveCurve(curveName);
-    this._curve = resolved.params;
-    this._curveName = resolved.canonical;
-  }
-  generateKeys(encoding, format) {
-    const { n, byteLength } = this._curve;
-    let k;
-    do {
-      const bytes = randomBytes(byteLength);
-      k = bufferToBigint(bytes);
-    } while (k === 0n || k >= n);
-    this._privateKey = k;
-    const G = { x: this._curve.Gx, y: this._curve.Gy };
-    this._publicKey = scalarMul(k, G, this._curve);
-    return this.getPublicKey(encoding, format);
-  }
-  /**
-   * Compute the shared secret using the other party's public key.
-   */
-  computeSecret(otherPublicKey, inputEncoding, outputEncoding) {
-    if (this._privateKey === null) {
-      throw new Error("ECDH key not generated. Call generateKeys() or setPrivateKey() first.");
-    }
-    const pubBuf = toBuffer(otherPublicKey, inputEncoding);
-    const otherPoint = decodePublicKey(pubBuf, this._curve);
-    if (otherPoint === null) {
-      throw new Error("Invalid public key: point at infinity");
-    }
-    const sharedPoint = scalarMul(this._privateKey, otherPoint, this._curve);
-    if (sharedPoint === null) {
-      throw new Error("Shared secret computation resulted in the point at infinity");
-    }
-    const secret = bigintToBuffer(sharedPoint.x, this._curve.byteLength);
-    return formatReturnValue(secret, outputEncoding);
-  }
-  getPublicKey(encoding, format) {
-    if (this._publicKey === null) {
-      throw new Error("ECDH key not generated. Call generateKeys() or setPrivateKey() first.");
-    }
-    const buf = encodePublicKey(this._publicKey, this._curve.byteLength, format || "uncompressed");
-    return formatReturnValue(buf, encoding);
-  }
-  getPrivateKey(encoding) {
-    if (this._privateKey === null) {
-      throw new Error("ECDH key not generated. Call generateKeys() or setPrivateKey() first.");
-    }
-    const buf = bigintToBuffer(this._privateKey, this._curve.byteLength);
-    return formatReturnValue(buf, encoding);
-  }
-  /**
-   * Set the public key. The key can be in uncompressed, compressed, or hybrid format.
-   */
-  setPublicKey(key, encoding) {
-    const buf = toBuffer(key, encoding);
-    this._publicKey = decodePublicKey(buf, this._curve);
-  }
-  /**
-   * Set the private key and derive the corresponding public key.
-   */
-  setPrivateKey(key, encoding) {
-    const buf = toBuffer(key, encoding);
-    const k = bufferToBigint(buf);
-    if (k === 0n || k >= this._curve.n) {
-      throw new Error("Private key is out of range [1, n-1]");
-    }
-    this._privateKey = k;
-    const G = { x: this._curve.Gx, y: this._curve.Gy };
-    this._publicKey = scalarMul(k, G, this._curve);
-  }
+	const lower = curveName.toLowerCase();
+	const canonical = CURVE_ALIASES[lower];
+	if (!canonical) {
+		throw new Error(`Unsupported curve: ${curveName}`);
+	}
+	const params = CURVES[canonical];
+	if (!params) {
+		throw new Error(`Unsupported curve: ${curveName}`);
+	}
+	return {
+		canonical,
+		params
+	};
 }
+var ECDH = class {
+	_curve;
+	_curveName;
+	_privateKey = null;
+	_publicKey = null;
+	constructor(curveName) {
+		const resolved = resolveCurve(curveName);
+		this._curve = resolved.params;
+		this._curveName = resolved.canonical;
+	}
+	generateKeys(encoding, format) {
+		const { n, byteLength } = this._curve;
+		let k;
+		do {
+			const bytes = randomBytes(byteLength);
+			k = bufferToBigint(bytes);
+		} while (k === 0n || k >= n);
+		this._privateKey = k;
+		const G = {
+			x: this._curve.Gx,
+			y: this._curve.Gy
+		};
+		this._publicKey = scalarMul(k, G, this._curve);
+		return this.getPublicKey(encoding, format);
+	}
+	/**
+	* Compute the shared secret using the other party's public key.
+	*/
+	computeSecret(otherPublicKey, inputEncoding, outputEncoding) {
+		if (this._privateKey === null) {
+			throw new Error("ECDH key not generated. Call generateKeys() or setPrivateKey() first.");
+		}
+		const pubBuf = toBuffer(otherPublicKey, inputEncoding);
+		const otherPoint = decodePublicKey(pubBuf, this._curve);
+		if (otherPoint === null) {
+			throw new Error("Invalid public key: point at infinity");
+		}
+		const sharedPoint = scalarMul(this._privateKey, otherPoint, this._curve);
+		if (sharedPoint === null) {
+			throw new Error("Shared secret computation resulted in the point at infinity");
+		}
+		const secret = bigintToBuffer(sharedPoint.x, this._curve.byteLength);
+		return formatReturnValue(secret, outputEncoding);
+	}
+	getPublicKey(encoding, format) {
+		if (this._publicKey === null) {
+			throw new Error("ECDH key not generated. Call generateKeys() or setPrivateKey() first.");
+		}
+		const buf = encodePublicKey(this._publicKey, this._curve.byteLength, format || "uncompressed");
+		return formatReturnValue(buf, encoding);
+	}
+	getPrivateKey(encoding) {
+		if (this._privateKey === null) {
+			throw new Error("ECDH key not generated. Call generateKeys() or setPrivateKey() first.");
+		}
+		const buf = bigintToBuffer(this._privateKey, this._curve.byteLength);
+		return formatReturnValue(buf, encoding);
+	}
+	/**
+	* Set the public key. The key can be in uncompressed, compressed, or hybrid format.
+	*/
+	setPublicKey(key, encoding) {
+		const buf = toBuffer(key, encoding);
+		this._publicKey = decodePublicKey(buf, this._curve);
+	}
+	/**
+	* Set the private key and derive the corresponding public key.
+	*/
+	setPrivateKey(key, encoding) {
+		const buf = toBuffer(key, encoding);
+		const k = bufferToBigint(buf);
+		if (k === 0n || k >= this._curve.n) {
+			throw new Error("Private key is out of range [1, n-1]");
+		}
+		this._privateKey = k;
+		const G = {
+			x: this._curve.Gx,
+			y: this._curve.Gy
+		};
+		this._publicKey = scalarMul(k, G, this._curve);
+	}
+};
 function createECDH(curveName) {
-  return new ECDH(curveName);
+	return new ECDH(curveName);
 }
+/**
+* Return a list of supported elliptic curve names.
+*/
 function getCurves() {
-  return [
-    "secp256k1",
-    "prime256v1",
-    "secp256r1",
-    "secp384r1",
-    "secp521r1"
-  ];
+	return [
+		"secp256k1",
+		"prime256v1",
+		"secp256r1",
+		"secp384r1",
+		"secp521r1"
+	];
 }
-export {
-  CURVES,
-  CURVE_ALIASES,
-  createECDH,
-  getCurves,
-  mod,
-  modInverse,
-  pointAdd,
-  scalarMul
-};
+
+//#endregion
+export { CURVES, CURVE_ALIASES, createECDH, getCurves, mod, modInverse, pointAdd, scalarMul };