@noble/curves 0.2.1 → 0.3.0

package/lib/definitions/ed448.js

@@ -0,0 +1,127 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.x448 = exports.ed448ph = exports.ed448 = void 0;
+/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const sha3_1 = require("@noble/hashes/sha3");
+const utils_1 = require("@noble/hashes/utils");
+const edwards_1 = require("../edwards");
+const modular_1 = require("../modular");
+const montgomery_1 = require("../montgomery");
+/**
+ * Edwards448 (not Ed448-Goldilocks) curve with following addons:
+ * * X448 ECDH
+ * Conforms to RFC 8032 https://www.rfc-editor.org/rfc/rfc8032.html#section-5.2
+ */
+const shake256_114 = (0, utils_1.wrapConstructor)(() => sha3_1.shake256.create({ dkLen: 114 }));
+const shake256_64 = (0, utils_1.wrapConstructor)(() => sha3_1.shake256.create({ dkLen: 64 }));
+const ed448P = BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439');
+// powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4.
+function ed448_pow_Pminus3div4(x) {
+    const P = ed448P;
+    // prettier-ignore
+    let [_1n, _2n, _3n, _11n, _22n, _44n, _88n, _223n] = [1, 2, 3, 11, 22, 44, 88, 223]
+        .map(n => BigInt(n));
+    // x ** ((P - 3n)/4n) % P
+    // [223 of 1, 0, 222 of 1], almost same as secp!
+    const b2 = (x * x * x) % P;
+    const b3 = (b2 * b2 * x) % P;
+    const b6 = ((0, modular_1.pow2)(b3, _3n, P) * b3) % P;
+    const b9 = ((0, modular_1.pow2)(b6, _3n, P) * b3) % P;
+    const b11 = ((0, modular_1.pow2)(b9, _2n, P) * b2) % P;
+    const b22 = ((0, modular_1.pow2)(b11, _11n, P) * b11) % P;
+    const b44 = ((0, modular_1.pow2)(b22, _22n, P) * b22) % P;
+    const b88 = ((0, modular_1.pow2)(b44, _44n, P) * b44) % P;
+    const b176 = ((0, modular_1.pow2)(b88, _88n, P) * b88) % P;
+    const b220 = ((0, modular_1.pow2)(b176, _44n, P) * b44) % P;
+    const b222 = ((0, modular_1.pow2)(b220, _2n, P) * b2) % P;
+    const b223 = ((0, modular_1.pow2)(b222, _1n, P) * x) % P;
+    return ((0, modular_1.pow2)(b223, _223n, P) * b222) % P;
+}
+function adjustScalarBytes(bytes) {
+    // Section 5: Likewise, for X448, set the two least significant bits of the first byte to 0, and the most
+    // significant bit of the last byte to 1.
+    bytes[0] &= 252; // 0b11111100
+    // and the most significant bit of the last byte to 1.
+    bytes[55] |= 128; // 0b10000000
+    // NOTE: is is NOOP for 56 bytes scalars (X25519/X448)
+    bytes[56] = 0; // Byte outside of group (456 buts vs 448 bits)
+    return bytes;
+}
+const ED448_DEF = {
+    // Param: a
+    a: BigInt(1),
+    // -39081. Negative number is P - number
+    d: BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358'),
+    // Finite field 𝔽p over which we'll do calculations; 2n ** 448n - 2n ** 224n - 1n
+    P: ed448P,
+    // Subgroup order: how many points ed448 has; 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n
+    n: BigInt('181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779'),
+    nBitLength: 456,
+    // Cofactor
+    h: BigInt(4),
+    // Base point (x, y) aka generator point
+    Gx: BigInt('224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710'),
+    Gy: BigInt('298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660'),
+    // SHAKE256(dom4(phflag,context)||x, 114)
+    hash: shake256_114,
+    adjustScalarBytes,
+    // dom4
+    domain: (data, ctx, phflag) => {
+        if (ctx.length > 255)
+            throw new Error(`Context is too big: ${ctx.length}`);
+        return (0, utils_1.concatBytes)((0, utils_1.utf8ToBytes)('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);
+    },
+    // Constant-time ratio of u to v. Allows to combine inversion and square root u/√v.
+    // Uses algo from RFC8032 5.1.3.
+    uvRatio: (u, v) => {
+        const P = ed448P;
+        // https://datatracker.ietf.org/doc/html/rfc8032#section-5.2.3
+        // To compute the square root of (u/v), the first step is to compute the
+        //   candidate root x = (u/v)^((p+1)/4).  This can be done using the
+        // following trick, to use a single modular powering for both the
+        // inversion of v and the square root:
+        //           (p+1)/4    3            (p-3)/4
+        // x = (u/v)        = u  v (u^5 v^3)         (mod p)
+        const u2v = (0, modular_1.mod)(u * u * v, P);
+        const u3v = (0, modular_1.mod)(u2v * u, P); // u^2v
+        const u5v3 = (0, modular_1.mod)(u3v * u2v * v, P); // u^5v^3
+        const root = ed448_pow_Pminus3div4(u5v3);
+        const x = (0, modular_1.mod)(u3v * root, P);
+        // Verify that root is exists
+        const x2 = (0, modular_1.mod)(x * x, P); // x^2
+        // If v * x^2 = u, the recovered x-coordinate is x.  Otherwise, no
+        // square root exists, and the decoding fails.
+        return { isValid: (0, modular_1.mod)(x2 * v, P) === u, value: x };
+    },
+};
+exports.ed448 = (0, edwards_1.twistedEdwards)(ED448_DEF);
+// NOTE: there is no ed448ctx, since ed448 supports ctx by default
+exports.ed448ph = (0, edwards_1.twistedEdwards)({ ...ED448_DEF, preHash: shake256_64 });
+exports.x448 = (0, montgomery_1.montgomery)({
+    a24: BigInt(39081),
+    montgomeryBits: 448,
+    nByteLength: 57,
+    P: ed448P,
+    Gu: '0500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000',
+    powPminus2: (x) => {
+        const P = ed448P;
+        const Pminus3div4 = ed448_pow_Pminus3div4(x);
+        const Pminus3 = (0, modular_1.pow2)(Pminus3div4, BigInt(2), P);
+        return (0, modular_1.mod)(Pminus3 * x, P); // Pminus3 * x = Pminus2
+    },
+    adjustScalarBytes,
+    // The 4-isogeny maps between the Montgomery curve and this Edwards
+    // curve are:
+    //   (u, v) = (y^2/x^2, (2 - x^2 - y^2)*y/x^3)
+    //   (x, y) = (4*v*(u^2 - 1)/(u^4 - 2*u^2 + 4*v^2 + 1),
+    //             -(u^5 - 2*u^3 - 4*u*v^2 + u)/
+    //             (u^5 - 2*u^2*v^2 - 2*u^3 - 2*v^2 + u))
+    // xyToU: (p: PointType) => {
+    //   const P = ed448P;
+    //   const { x, y } = p;
+    //   if (x === _0n) throw new Error(`Point with x=0 doesn't have mapping`);
+    //   const invX = invert(x * x, P); // x^2
+    //   const u = mod(y * y * invX, P); // (y^2/x^2)
+    //   return numberToBytesLE(u, 56);
+    // },
+});

package/lib/definitions/index.js

@@ -0,0 +1,2 @@
+"use strict";
+throw new Error('Incorrect usage. Import submodules instead');

package/lib/definitions/jubjub.d.ts

@@ -0,0 +1,7 @@
+/**
+ * jubjub Twisted Edwards curve.
+ * https://neuromancer.sk/std/other/JubJub
+ */
+export declare const jubjub: import("../edwards").CurveFn;
+export declare function groupHash(tag: Uint8Array, personalization: Uint8Array): import("../edwards").ExtendedPointType;
+export declare function findGroupHash(m: Uint8Array, personalization: Uint8Array): import("../edwards").ExtendedPointType;

package/lib/definitions/jubjub.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.findGroupHash = exports.groupHash = exports.jubjub = void 0;
+/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const sha256_1 = require("@noble/hashes/sha256");
+const utils_1 = require("@noble/hashes/utils");
+const edwards_1 = require("../edwards");
+const blake2s_1 = require("@noble/hashes/blake2s");
+/**
+ * jubjub Twisted Edwards curve.
+ * https://neuromancer.sk/std/other/JubJub
+ */
+exports.jubjub = (0, edwards_1.twistedEdwards)({
+    // Params: a, d
+    a: BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000'),
+    d: BigInt('0x2a9318e74bfa2b48f5fd9207e6bd7fd4292d7f6d37579d2601065fd6d6343eb1'),
+    // Finite field 𝔽p over which we'll do calculations
+    P: BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001'),
+    // Subgroup order: how many points ed25519 has
+    // 2n ** 252n + 27742317777372353535851937790883648493n;
+    n: BigInt('0xe7db4ea6533afa906673b0101343b00a6682093ccc81082d0970e5ed6f72cb7'),
+    // Cofactor
+    h: BigInt(8),
+    // Base point (x, y) aka generator point
+    Gx: BigInt('0x11dafe5d23e1218086a365b99fbf3d3be72f6afd7d1f72623e6b071492d1122b'),
+    Gy: BigInt('0x1d523cf1ddab1a1793132e78c866c0c33e26ba5cc220fed7cc3f870e59d292aa'),
+    hash: sha256_1.sha256,
+});
+const GH_FIRST_BLOCK = (0, utils_1.utf8ToBytes)('096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0');
+// Returns point at JubJub curve which is prime order and not zero
+function groupHash(tag, personalization) {
+    const h = blake2s_1.blake2s.create({ personalization, dkLen: 32 });
+    h.update(GH_FIRST_BLOCK);
+    h.update(tag);
+    // NOTE: returns ExtendedPoint, in case it will be multiplied later
+    let p = exports.jubjub.ExtendedPoint.fromAffine(exports.jubjub.Point.fromHex(h.digest()));
+    // NOTE: cannot replace with isSmallOrder, returns Point*8
+    p = p.multiply(exports.jubjub.CURVE.h);
+    if (p.equals(exports.jubjub.ExtendedPoint.ZERO))
+        throw new Error('Point has small order');
+    return p;
+}
+exports.groupHash = groupHash;
+function findGroupHash(m, personalization) {
+    const tag = (0, utils_1.concatBytes)(m, new Uint8Array([0]));
+    for (let i = 0; i < 256; i++) {
+        tag[tag.length - 1] = i;
+        try {
+            return groupHash(tag, personalization);
+        }
+        catch (e) { }
+    }
+    throw new Error('findGroupHash tag overflow');
+}
+exports.findGroupHash = findGroupHash;

package/lib/definitions/p192.d.ts

@@ -0,0 +1,112 @@
+export declare const P192: Readonly<{
+    create: (hash: import("../weierstrass.js").CHash) => import("../weierstrass.js").CurveFn;
+    CURVE: Readonly<{
+        readonly nBitLength: number;
+        readonly nByteLength: number;
+        readonly P: bigint;
+        readonly n: bigint;
+        readonly h: bigint;
+        readonly Gx: bigint;
+        readonly Gy: bigint;
+        readonly a: bigint;
+        readonly b: bigint;
+        lowS: boolean;
+        readonly hash: import("../weierstrass.js").CHash;
+        readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
+        randomBytes: typeof import("../utils.js").randomBytes;
+        readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
+        readonly sqrtMod?: ((n: bigint) => bigint) | undefined;
+        readonly normalizePrivateKey?: ((key: import("../utils.js").PrivKey) => import("../utils.js").PrivKey) | undefined;
+        readonly endo?: {
+            beta: bigint;
+            splitScalar: (k: bigint) => {
+                k1neg: boolean;
+                k1: bigint;
+                k2neg: boolean;
+                k2: bigint;
+            };
+        } | undefined;
+    }>;
+    getPublicKey: (privateKey: import("../utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
+    getSharedSecret: (privateA: import("../utils.js").PrivKey, publicB: import("../weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
+    sign: (msgHash: import("../utils.js").Hex, privKey: import("../utils.js").PrivKey, opts?: {
+        lowS?: boolean | undefined;
+        extraEntropy?: (true | import("../utils.js").Hex) | undefined;
+    } | undefined) => import("../weierstrass.js").SignatureType;
+    verify: (signature: import("../utils.js").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils.js").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: {
+        lowS?: boolean | undefined;
+    } | undefined) => boolean;
+    Point: import("../weierstrass.js").PointConstructor;
+    JacobianPoint: import("../weierstrass.js").JacobianPointConstructor;
+    Signature: import("../weierstrass.js").SignatureConstructor;
+    utils: {
+        mod: (a: bigint, b?: bigint | undefined) => bigint;
+        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
+        _bigintToBytes: (num: bigint) => Uint8Array;
+        _bigintToString: (num: bigint) => string;
+        _normalizePrivateKey: (key: import("../utils.js").PrivKey) => bigint;
+        _normalizePublicKey: (publicKey: import("../weierstrass.js").PubKey) => import("../weierstrass.js").PointType;
+        _isWithinCurveOrder: (num: bigint) => boolean;
+        _isValidFieldElement: (num: bigint) => boolean;
+        _weierstrassEquation: (x: bigint) => bigint;
+        isValidPrivateKey(privateKey: import("../utils.js").PrivKey): boolean;
+        hashToPrivateKey: (hash: import("../utils.js").Hex) => Uint8Array;
+        randomPrivateKey: () => Uint8Array;
+    };
+}>;
+export declare const secp192r1: Readonly<{
+    create: (hash: import("../weierstrass.js").CHash) => import("../weierstrass.js").CurveFn;
+    CURVE: Readonly<{
+        readonly nBitLength: number;
+        readonly nByteLength: number;
+        readonly P: bigint;
+        readonly n: bigint;
+        readonly h: bigint;
+        readonly Gx: bigint;
+        readonly Gy: bigint;
+        readonly a: bigint;
+        readonly b: bigint;
+        lowS: boolean;
+        readonly hash: import("../weierstrass.js").CHash;
+        readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
+        randomBytes: typeof import("../utils.js").randomBytes;
+        readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
+        readonly sqrtMod?: ((n: bigint) => bigint) | undefined;
+        readonly normalizePrivateKey?: ((key: import("../utils.js").PrivKey) => import("../utils.js").PrivKey) | undefined;
+        readonly endo?: {
+            beta: bigint;
+            splitScalar: (k: bigint) => {
+                k1neg: boolean;
+                k1: bigint;
+                k2neg: boolean;
+                k2: bigint;
+            };
+        } | undefined;
+    }>;
+    getPublicKey: (privateKey: import("../utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
+    getSharedSecret: (privateA: import("../utils.js").PrivKey, publicB: import("../weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
+    sign: (msgHash: import("../utils.js").Hex, privKey: import("../utils.js").PrivKey, opts?: {
+        lowS?: boolean | undefined;
+        extraEntropy?: (true | import("../utils.js").Hex) | undefined;
+    } | undefined) => import("../weierstrass.js").SignatureType;
+    verify: (signature: import("../utils.js").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils.js").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: {
+        lowS?: boolean | undefined;
+    } | undefined) => boolean;
+    Point: import("../weierstrass.js").PointConstructor;
+    JacobianPoint: import("../weierstrass.js").JacobianPointConstructor;
+    Signature: import("../weierstrass.js").SignatureConstructor;
+    utils: {
+        mod: (a: bigint, b?: bigint | undefined) => bigint;
+        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
+        _bigintToBytes: (num: bigint) => Uint8Array;
+        _bigintToString: (num: bigint) => string;
+        _normalizePrivateKey: (key: import("../utils.js").PrivKey) => bigint;
+        _normalizePublicKey: (publicKey: import("../weierstrass.js").PubKey) => import("../weierstrass.js").PointType;
+        _isWithinCurveOrder: (num: bigint) => boolean;
+        _isValidFieldElement: (num: bigint) => boolean;
+        _weierstrassEquation: (x: bigint) => bigint;
+        isValidPrivateKey(privateKey: import("../utils.js").PrivKey): boolean;
+        hashToPrivateKey: (hash: import("../utils.js").Hex) => Uint8Array;
+        randomPrivateKey: () => Uint8Array;
+    };
+}>;

package/lib/definitions/p192.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.secp192r1 = exports.P192 = void 0;
+/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const _shortw_utils_js_1 = require("./_shortw_utils.js");
+const sha256_1 = require("@noble/hashes/sha256");
+// NIST secp192r1 aka P192
+// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/secg/secp192r1
+exports.P192 = (0, _shortw_utils_js_1.createCurve)({
+    // Params: a, b
+    a: BigInt('0xfffffffffffffffffffffffffffffffefffffffffffffffc'),
+    b: BigInt('0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1'),
+    // Field over which we'll do calculations; 2n ** 192n - 2n ** 64n - 1n
+    P: BigInt('0xfffffffffffffffffffffffffffffffeffffffffffffffff'),
+    // Curve order, total count of valid points in the field.
+    n: BigInt('0xffffffffffffffffffffffff99def836146bc9b1b4d22831'),
+    // Base point (x, y) aka generator point
+    Gx: BigInt('0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012'),
+    Gy: BigInt('0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811'),
+    h: BigInt(1),
+    lowS: false,
+}, sha256_1.sha256);
+exports.secp192r1 = exports.P192;

package/lib/definitions/p224.d.ts

@@ -0,0 +1,112 @@
+export declare const P224: Readonly<{
+    create: (hash: import("../weierstrass.js").CHash) => import("../weierstrass.js").CurveFn;
+    CURVE: Readonly<{
+        readonly nBitLength: number;
+        readonly nByteLength: number;
+        readonly P: bigint;
+        readonly n: bigint;
+        readonly h: bigint;
+        readonly Gx: bigint;
+        readonly Gy: bigint;
+        readonly a: bigint;
+        readonly b: bigint;
+        lowS: boolean;
+        readonly hash: import("../weierstrass.js").CHash;
+        readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
+        randomBytes: typeof import("../utils.js").randomBytes;
+        readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
+        readonly sqrtMod?: ((n: bigint) => bigint) | undefined;
+        readonly normalizePrivateKey?: ((key: import("../utils.js").PrivKey) => import("../utils.js").PrivKey) | undefined;
+        readonly endo?: {
+            beta: bigint;
+            splitScalar: (k: bigint) => {
+                k1neg: boolean;
+                k1: bigint;
+                k2neg: boolean;
+                k2: bigint;
+            };
+        } | undefined;
+    }>;
+    getPublicKey: (privateKey: import("../utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
+    getSharedSecret: (privateA: import("../utils.js").PrivKey, publicB: import("../weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
+    sign: (msgHash: import("../utils.js").Hex, privKey: import("../utils.js").PrivKey, opts?: {
+        lowS?: boolean | undefined;
+        extraEntropy?: (true | import("../utils.js").Hex) | undefined;
+    } | undefined) => import("../weierstrass.js").SignatureType;
+    verify: (signature: import("../utils.js").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils.js").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: {
+        lowS?: boolean | undefined;
+    } | undefined) => boolean;
+    Point: import("../weierstrass.js").PointConstructor;
+    JacobianPoint: import("../weierstrass.js").JacobianPointConstructor;
+    Signature: import("../weierstrass.js").SignatureConstructor;
+    utils: {
+        mod: (a: bigint, b?: bigint | undefined) => bigint;
+        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
+        _bigintToBytes: (num: bigint) => Uint8Array;
+        _bigintToString: (num: bigint) => string;
+        _normalizePrivateKey: (key: import("../utils.js").PrivKey) => bigint;
+        _normalizePublicKey: (publicKey: import("../weierstrass.js").PubKey) => import("../weierstrass.js").PointType;
+        _isWithinCurveOrder: (num: bigint) => boolean;
+        _isValidFieldElement: (num: bigint) => boolean;
+        _weierstrassEquation: (x: bigint) => bigint;
+        isValidPrivateKey(privateKey: import("../utils.js").PrivKey): boolean;
+        hashToPrivateKey: (hash: import("../utils.js").Hex) => Uint8Array;
+        randomPrivateKey: () => Uint8Array;
+    };
+}>;
+export declare const secp224r1: Readonly<{
+    create: (hash: import("../weierstrass.js").CHash) => import("../weierstrass.js").CurveFn;
+    CURVE: Readonly<{
+        readonly nBitLength: number;
+        readonly nByteLength: number;
+        readonly P: bigint;
+        readonly n: bigint;
+        readonly h: bigint;
+        readonly Gx: bigint;
+        readonly Gy: bigint;
+        readonly a: bigint;
+        readonly b: bigint;
+        lowS: boolean;
+        readonly hash: import("../weierstrass.js").CHash;
+        readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
+        randomBytes: typeof import("../utils.js").randomBytes;
+        readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
+        readonly sqrtMod?: ((n: bigint) => bigint) | undefined;
+        readonly normalizePrivateKey?: ((key: import("../utils.js").PrivKey) => import("../utils.js").PrivKey) | undefined;
+        readonly endo?: {
+            beta: bigint;
+            splitScalar: (k: bigint) => {
+                k1neg: boolean;
+                k1: bigint;
+                k2neg: boolean;
+                k2: bigint;
+            };
+        } | undefined;
+    }>;
+    getPublicKey: (privateKey: import("../utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
+    getSharedSecret: (privateA: import("../utils.js").PrivKey, publicB: import("../weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
+    sign: (msgHash: import("../utils.js").Hex, privKey: import("../utils.js").PrivKey, opts?: {
+        lowS?: boolean | undefined;
+        extraEntropy?: (true | import("../utils.js").Hex) | undefined;
+    } | undefined) => import("../weierstrass.js").SignatureType;
+    verify: (signature: import("../utils.js").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils.js").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: {
+        lowS?: boolean | undefined;
+    } | undefined) => boolean;
+    Point: import("../weierstrass.js").PointConstructor;
+    JacobianPoint: import("../weierstrass.js").JacobianPointConstructor;
+    Signature: import("../weierstrass.js").SignatureConstructor;
+    utils: {
+        mod: (a: bigint, b?: bigint | undefined) => bigint;
+        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
+        _bigintToBytes: (num: bigint) => Uint8Array;
+        _bigintToString: (num: bigint) => string;
+        _normalizePrivateKey: (key: import("../utils.js").PrivKey) => bigint;
+        _normalizePublicKey: (publicKey: import("../weierstrass.js").PubKey) => import("../weierstrass.js").PointType;
+        _isWithinCurveOrder: (num: bigint) => boolean;
+        _isValidFieldElement: (num: bigint) => boolean;
+        _weierstrassEquation: (x: bigint) => bigint;
+        isValidPrivateKey(privateKey: import("../utils.js").PrivKey): boolean;
+        hashToPrivateKey: (hash: import("../utils.js").Hex) => Uint8Array;
+        randomPrivateKey: () => Uint8Array;
+    };
+}>;

package/lib/definitions/p224.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.secp224r1 = exports.P224 = void 0;
+/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const _shortw_utils_js_1 = require("./_shortw_utils.js");
+const sha256_1 = require("@noble/hashes/sha256");
+// NIST secp224r1 aka P224
+// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-224
+exports.P224 = (0, _shortw_utils_js_1.createCurve)({
+    // Params: a, b
+    a: BigInt('0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe'),
+    b: BigInt('0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4'),
+    // Field over which we'll do calculations; 2n**224n - 2n**96n + 1n
+    P: BigInt('0xffffffffffffffffffffffffffffffff000000000000000000000001'),
+    // Curve order, total count of valid points in the field
+    n: BigInt('0xffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d'),
+    // Base point (x, y) aka generator point
+    Gx: BigInt('0xb70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21'),
+    Gy: BigInt('0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34'),
+    h: BigInt(1),
+    lowS: false,
+}, sha256_1.sha256 // TODO: replace with sha224 when new @noble/hashes released
+);
+exports.secp224r1 = exports.P224;

package/lib/definitions/p256.d.ts

@@ -0,0 +1,112 @@
+export declare const P256: Readonly<{
+    create: (hash: import("../weierstrass.js").CHash) => import("../weierstrass.js").CurveFn;
+    CURVE: Readonly<{
+        readonly nBitLength: number;
+        readonly nByteLength: number;
+        readonly P: bigint;
+        readonly n: bigint;
+        readonly h: bigint;
+        readonly Gx: bigint;
+        readonly Gy: bigint;
+        readonly a: bigint;
+        readonly b: bigint;
+        lowS: boolean;
+        readonly hash: import("../weierstrass.js").CHash;
+        readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
+        randomBytes: typeof import("../utils.js").randomBytes;
+        readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
+        readonly sqrtMod?: ((n: bigint) => bigint) | undefined;
+        readonly normalizePrivateKey?: ((key: import("../utils.js").PrivKey) => import("../utils.js").PrivKey) | undefined;
+        readonly endo?: {
+            beta: bigint;
+            splitScalar: (k: bigint) => {
+                k1neg: boolean;
+                k1: bigint;
+                k2neg: boolean;
+                k2: bigint;
+            };
+        } | undefined;
+    }>;
+    getPublicKey: (privateKey: import("../utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
+    getSharedSecret: (privateA: import("../utils.js").PrivKey, publicB: import("../weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
+    sign: (msgHash: import("../utils.js").Hex, privKey: import("../utils.js").PrivKey, opts?: {
+        lowS?: boolean | undefined;
+        extraEntropy?: (true | import("../utils.js").Hex) | undefined;
+    } | undefined) => import("../weierstrass.js").SignatureType;
+    verify: (signature: import("../utils.js").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils.js").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: {
+        lowS?: boolean | undefined;
+    } | undefined) => boolean;
+    Point: import("../weierstrass.js").PointConstructor;
+    JacobianPoint: import("../weierstrass.js").JacobianPointConstructor;
+    Signature: import("../weierstrass.js").SignatureConstructor;
+    utils: {
+        mod: (a: bigint, b?: bigint | undefined) => bigint;
+        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
+        _bigintToBytes: (num: bigint) => Uint8Array;
+        _bigintToString: (num: bigint) => string;
+        _normalizePrivateKey: (key: import("../utils.js").PrivKey) => bigint;
+        _normalizePublicKey: (publicKey: import("../weierstrass.js").PubKey) => import("../weierstrass.js").PointType;
+        _isWithinCurveOrder: (num: bigint) => boolean;
+        _isValidFieldElement: (num: bigint) => boolean;
+        _weierstrassEquation: (x: bigint) => bigint;
+        isValidPrivateKey(privateKey: import("../utils.js").PrivKey): boolean;
+        hashToPrivateKey: (hash: import("../utils.js").Hex) => Uint8Array;
+        randomPrivateKey: () => Uint8Array;
+    };
+}>;
+export declare const secp256r1: Readonly<{
+    create: (hash: import("../weierstrass.js").CHash) => import("../weierstrass.js").CurveFn;
+    CURVE: Readonly<{
+        readonly nBitLength: number;
+        readonly nByteLength: number;
+        readonly P: bigint;
+        readonly n: bigint;
+        readonly h: bigint;
+        readonly Gx: bigint;
+        readonly Gy: bigint;
+        readonly a: bigint;
+        readonly b: bigint;
+        lowS: boolean;
+        readonly hash: import("../weierstrass.js").CHash;
+        readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
+        randomBytes: typeof import("../utils.js").randomBytes;
+        readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
+        readonly sqrtMod?: ((n: bigint) => bigint) | undefined;
+        readonly normalizePrivateKey?: ((key: import("../utils.js").PrivKey) => import("../utils.js").PrivKey) | undefined;
+        readonly endo?: {
+            beta: bigint;
+            splitScalar: (k: bigint) => {
+                k1neg: boolean;
+                k1: bigint;
+                k2neg: boolean;
+                k2: bigint;
+            };
+        } | undefined;
+    }>;
+    getPublicKey: (privateKey: import("../utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
+    getSharedSecret: (privateA: import("../utils.js").PrivKey, publicB: import("../weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
+    sign: (msgHash: import("../utils.js").Hex, privKey: import("../utils.js").PrivKey, opts?: {
+        lowS?: boolean | undefined;
+        extraEntropy?: (true | import("../utils.js").Hex) | undefined;
+    } | undefined) => import("../weierstrass.js").SignatureType;
+    verify: (signature: import("../utils.js").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils.js").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: {
+        lowS?: boolean | undefined;
+    } | undefined) => boolean;
+    Point: import("../weierstrass.js").PointConstructor;
+    JacobianPoint: import("../weierstrass.js").JacobianPointConstructor;
+    Signature: import("../weierstrass.js").SignatureConstructor;
+    utils: {
+        mod: (a: bigint, b?: bigint | undefined) => bigint;
+        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
+        _bigintToBytes: (num: bigint) => Uint8Array;
+        _bigintToString: (num: bigint) => string;
+        _normalizePrivateKey: (key: import("../utils.js").PrivKey) => bigint;
+        _normalizePublicKey: (publicKey: import("../weierstrass.js").PubKey) => import("../weierstrass.js").PointType;
+        _isWithinCurveOrder: (num: bigint) => boolean;
+        _isValidFieldElement: (num: bigint) => boolean;
+        _weierstrassEquation: (x: bigint) => bigint;
+        isValidPrivateKey(privateKey: import("../utils.js").PrivKey): boolean;
+        hashToPrivateKey: (hash: import("../utils.js").Hex) => Uint8Array;
+        randomPrivateKey: () => Uint8Array;
+    };
+}>;

package/lib/definitions/p256.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.secp256r1 = exports.P256 = void 0;
+/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const _shortw_utils_js_1 = require("./_shortw_utils.js");
+const sha256_1 = require("@noble/hashes/sha256");
+// NIST secp256r1 aka P256
+// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256
+exports.P256 = (0, _shortw_utils_js_1.createCurve)({
+    // Params: a, b
+    a: BigInt('0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc'),
+    b: BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b'),
+    // Field over which we'll do calculations; 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n
+    P: BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'),
+    // Curve order, total count of valid points in the field
+    n: BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'),
+    // Base point (x, y) aka generator point
+    Gx: BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296'),
+    Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'),
+    h: BigInt(1),
+    lowS: false,
+}, sha256_1.sha256);
+exports.secp256r1 = exports.P256;