@noble/curves 0.4.0 → 0.5.1

package/lib/esm/stark.js

@@ -0,0 +1,224 @@
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+import { keccak_256 } from '@noble/hashes/sha3';
+import { sha256 } from '@noble/hashes/sha256';
+import { weierstrass } from './abstract/weierstrass.js';
+import * as cutils from './abstract/utils.js';
+import { Fp } from './abstract/modular.js';
+import { getHash } from './_shortw_utils.js';
+// Stark-friendly elliptic curve
+// https://docs.starkware.co/starkex/stark-curve.html
+const CURVE_N = BigInt('3618502788666131213697322783095070105526743751716087489154079457884512865583');
+const nBitLength = 252;
+export const starkCurve = weierstrass({
+    // Params: a, b
+    a: BigInt(1),
+    b: BigInt('3141592653589793238462643383279502884197169399375105820974944592307816406665'),
+    // Field over which we'll do calculations; 2n**251n + 17n * 2n**192n + 1n
+    // There is no efficient sqrt for field (P%4==1)
+    Fp: Fp(BigInt('0x800000000000011000000000000000000000000000000000000000000000001')),
+    // Curve order, total count of valid points in the field.
+    n: CURVE_N,
+    nBitLength: nBitLength,
+    // Base point (x, y) aka generator point
+    Gx: BigInt('874739451078007766457464989774322083649278607533249481151382481072868806602'),
+    Gy: BigInt('152666792071518830868575557812948353041420400780739481342941381225525861407'),
+    h: BigInt(1),
+    // Default options
+    lowS: false,
+    ...getHash(sha256),
+    truncateHash: (hash, truncateOnly = false) => {
+        // TODO: cleanup, ugly code
+        // Fix truncation
+        if (!truncateOnly) {
+            let hashS = bytesToNumber0x(hash).toString(16);
+            if (hashS.length === 63) {
+                hashS += '0';
+                hash = hexToBytes0x(hashS);
+            }
+        }
+        // Truncate zero bytes on left (compat with elliptic)
+        while (hash[0] === 0)
+            hash = hash.subarray(1);
+        const byteLength = hash.length;
+        const delta = byteLength * 8 - nBitLength; // size of curve.n (252 bits)
+        let h = hash.length ? bytesToNumber0x(hash) : 0n;
+        if (delta > 0)
+            h = h >> BigInt(delta);
+        if (!truncateOnly && h >= CURVE_N)
+            h -= CURVE_N;
+        return h;
+    },
+});
+// Custom Starknet type conversion functions that can handle 0x and unpadded hex
+function hexToBytes0x(hex) {
+    if (typeof hex !== 'string') {
+        throw new TypeError('hexToBytes: expected string, got ' + typeof hex);
+    }
+    hex = strip0x(hex);
+    if (hex.length & 1)
+        hex = '0' + hex; // padding
+    if (hex.length % 2)
+        throw new Error('hexToBytes: received invalid unpadded hex ' + hex.length);
+    const array = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < array.length; i++) {
+        const j = i * 2;
+        const hexByte = hex.slice(j, j + 2);
+        const byte = Number.parseInt(hexByte, 16);
+        if (Number.isNaN(byte) || byte < 0)
+            throw new Error('Invalid byte sequence');
+        array[i] = byte;
+    }
+    return array;
+}
+function hexToNumber0x(hex) {
+    if (typeof hex !== 'string') {
+        throw new TypeError('hexToNumber: expected string, got ' + typeof hex);
+    }
+    // Big Endian
+    // TODO: strip vs no strip?
+    return BigInt(`0x${strip0x(hex)}`);
+}
+function bytesToNumber0x(bytes) {
+    return hexToNumber0x(cutils.bytesToHex(bytes));
+}
+function ensureBytes0x(hex) {
+    // Uint8Array.from() instead of hash.slice() because node.js Buffer
+    // is instance of Uint8Array, and its slice() creates **mutable** copy
+    return hex instanceof Uint8Array ? Uint8Array.from(hex) : hexToBytes0x(hex);
+}
+function normalizePrivateKey(privKey) {
+    return cutils.bytesToHex(ensureBytes0x(privKey)).padStart(32 * 2, '0');
+}
+function getPublicKey0x(privKey, isCompressed) {
+    return starkCurve.getPublicKey(normalizePrivateKey(privKey), isCompressed);
+}
+function getSharedSecret0x(privKeyA, pubKeyB) {
+    return starkCurve.getSharedSecret(normalizePrivateKey(privKeyA), pubKeyB);
+}
+function sign0x(msgHash, privKey, opts) {
+    if (typeof privKey === 'string')
+        privKey = strip0x(privKey).padStart(64, '0');
+    return starkCurve.sign(ensureBytes0x(msgHash), normalizePrivateKey(privKey), opts);
+}
+function verify0x(signature, msgHash, pubKey) {
+    const sig = signature instanceof Signature ? signature : ensureBytes0x(signature);
+    return starkCurve.verify(sig, ensureBytes0x(msgHash), ensureBytes0x(pubKey));
+}
+const { CURVE, Point, ProjectivePoint, Signature } = starkCurve;
+export const utils = starkCurve.utils;
+export { CURVE, Point, Signature, ProjectivePoint, getPublicKey0x as getPublicKey, getSharedSecret0x as getSharedSecret, sign0x as sign, verify0x as verify, };
+const stripLeadingZeros = (s) => s.replace(/^0+/gm, '');
+export const bytesToHexEth = (uint8a) => `0x${stripLeadingZeros(cutils.bytesToHex(uint8a))}`;
+export const strip0x = (hex) => hex.replace(/^0x/i, '');
+export const numberToHexEth = (num) => `0x${num.toString(16)}`;
+// 1. seed generation
+function hashKeyWithIndex(key, index) {
+    let indexHex = cutils.numberToHexUnpadded(index);
+    if (indexHex.length & 1)
+        indexHex = '0' + indexHex;
+    return bytesToNumber0x(sha256(cutils.concatBytes(key, hexToBytes0x(indexHex))));
+}
+export function grindKey(seed) {
+    const _seed = ensureBytes0x(seed);
+    const sha256mask = 2n ** 256n;
+    const limit = sha256mask - starkCurve.utils.mod(sha256mask, starkCurve.CURVE.n);
+    for (let i = 0;; i++) {
+        const key = hashKeyWithIndex(_seed, i);
+        // key should be in [0, limit)
+        if (key < limit)
+            return starkCurve.utils.mod(key, starkCurve.CURVE.n).toString(16);
+    }
+}
+export function getStarkKey(privateKey) {
+    return bytesToHexEth(getPublicKey0x(privateKey, true).slice(1));
+}
+export function ethSigToPrivate(signature) {
+    signature = strip0x(signature.replace(/^0x/, ''));
+    if (signature.length !== 130)
+        throw new Error('Wrong ethereum signature');
+    return grindKey(signature.substring(0, 64));
+}
+const MASK_31 = 2n ** 31n - 1n;
+const int31 = (n) => Number(n & MASK_31);
+export function getAccountPath(layer, application, ethereumAddress, index) {
+    const layerNum = int31(bytesToNumber0x(sha256(layer)));
+    const applicationNum = int31(bytesToNumber0x(sha256(application)));
+    const eth = hexToNumber0x(ethereumAddress);
+    return `m/2645'/${layerNum}'/${applicationNum}'/${int31(eth)}'/${int31(eth >> 31n)}'/${index}`;
+}
+// https://docs.starkware.co/starkex/pedersen-hash-function.html
+const PEDERSEN_POINTS_AFFINE = [
+    new Point(2089986280348253421170679821480865132823066470938446095505822317253594081284n, 1713931329540660377023406109199410414810705867260802078187082345529207694986n),
+    new Point(996781205833008774514500082376783249102396023663454813447423147977397232763n, 1668503676786377725805489344771023921079126552019160156920634619255970485781n),
+    new Point(2251563274489750535117886426533222435294046428347329203627021249169616184184n, 1798716007562728905295480679789526322175868328062420237419143593021674992973n),
+    new Point(2138414695194151160943305727036575959195309218611738193261179310511854807447n, 113410276730064486255102093846540133784865286929052426931474106396135072156n),
+    new Point(2379962749567351885752724891227938183011949129833673362440656643086021394946n, 776496453633298175483985398648758586525933812536653089401905292063708816422n),
+];
+// for (const p of PEDERSEN_POINTS) p._setWindowSize(8);
+const PEDERSEN_POINTS = PEDERSEN_POINTS_AFFINE.map(ProjectivePoint.fromAffine);
+function pedersenPrecompute(p1, p2) {
+    const out = [];
+    let p = p1;
+    for (let i = 0; i < 248; i++) {
+        out.push(p);
+        p = p.double();
+    }
+    // NOTE: we cannot use wNAF here, because last 4 bits will require full 248 bits multiplication
+    // We can add support for this to wNAF, but it will complicate wNAF.
+    p = p2;
+    for (let i = 0; i < 4; i++) {
+        out.push(p);
+        p = p.double();
+    }
+    return out;
+}
+const PEDERSEN_POINTS1 = pedersenPrecompute(PEDERSEN_POINTS[1], PEDERSEN_POINTS[2]);
+const PEDERSEN_POINTS2 = pedersenPrecompute(PEDERSEN_POINTS[3], PEDERSEN_POINTS[4]);
+function pedersenArg(arg) {
+    let value;
+    if (typeof arg === 'bigint')
+        value = arg;
+    else if (typeof arg === 'number') {
+        if (!Number.isSafeInteger(arg))
+            throw new Error(`Invalid pedersenArg: ${arg}`);
+        value = BigInt(arg);
+    }
+    else
+        value = bytesToNumber0x(ensureBytes0x(arg));
+    // [0..Fp)
+    if (!(0n <= value && value < starkCurve.CURVE.Fp.ORDER))
+        throw new Error(`PedersenArg should be 0 <= value < CURVE.P: ${value}`);
+    return value;
+}
+function pedersenSingle(point, value, constants) {
+    let x = pedersenArg(value);
+    for (let j = 0; j < 252; j++) {
+        const pt = constants[j];
+        if (pt.x === point.x)
+            throw new Error('Same point');
+        if ((x & 1n) !== 0n)
+            point = point.add(pt);
+        x >>= 1n;
+    }
+    return point;
+}
+// shift_point + x_low * P_0 + x_high * P1 + y_low * P2  + y_high * P3
+export function pedersen(x, y) {
+    let point = PEDERSEN_POINTS[0];
+    point = pedersenSingle(point, x, PEDERSEN_POINTS1);
+    point = pedersenSingle(point, y, PEDERSEN_POINTS2);
+    return bytesToHexEth(point.toAffine().toRawBytes(true).slice(1));
+}
+export function hashChain(data, fn = pedersen) {
+    if (!Array.isArray(data) || data.length < 1)
+        throw new Error('data should be array of at least 1 element');
+    if (data.length === 1)
+        return numberToHexEth(pedersenArg(data[0]));
+    return Array.from(data)
+        .reverse()
+        .reduce((acc, i) => fn(i, acc));
+}
+// Same as hashChain, but computes hash even for single element and order is not revesed
+export const computeHashOnElements = (data, fn = pedersen) => [0, ...data, data.length].reduce((x, y) => fn(x, y));
+const MASK_250 = 2n ** 250n - 1n;
+export const keccak = (data) => bytesToNumber0x(keccak_256(data)) & MASK_250;

package/lib/index.js

@@ -0,0 +1,2 @@
+"use strict";
+throw new Error('Incorrect usage. Import submodules instead');

package/lib/jubjub.d.ts

@@ -0,0 +1,7 @@
+/**
+ * jubjub Twisted Edwards curve.
+ * https://neuromancer.sk/std/other/JubJub
+ */
+export declare const jubjub: import("./abstract/edwards.js").CurveFn;
+export declare function groupHash(tag: Uint8Array, personalization: Uint8Array): import("./abstract/edwards.js").ExtendedPointType;
+export declare function findGroupHash(m: Uint8Array, personalization: Uint8Array): import("./abstract/edwards.js").ExtendedPointType;

package/lib/jubjub.js

@@ -0,0 +1,57 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.findGroupHash = exports.groupHash = exports.jubjub = void 0;
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const sha256_1 = require("@noble/hashes/sha256");
+const utils_1 = require("@noble/hashes/utils");
+const edwards_js_1 = require("./abstract/edwards.js");
+const blake2s_1 = require("@noble/hashes/blake2s");
+const modular_js_1 = require("./abstract/modular.js");
+/**
+ * jubjub Twisted Edwards curve.
+ * https://neuromancer.sk/std/other/JubJub
+ */
+exports.jubjub = (0, edwards_js_1.twistedEdwards)({
+    // Params: a, d
+    a: BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000'),
+    d: BigInt('0x2a9318e74bfa2b48f5fd9207e6bd7fd4292d7f6d37579d2601065fd6d6343eb1'),
+    // Finite field 𝔽p over which we'll do calculations
+    Fp: (0, modular_js_1.Fp)(BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001')),
+    // Subgroup order: how many points ed25519 has
+    // 2n ** 252n + 27742317777372353535851937790883648493n;
+    n: BigInt('0xe7db4ea6533afa906673b0101343b00a6682093ccc81082d0970e5ed6f72cb7'),
+    // Cofactor
+    h: BigInt(8),
+    // Base point (x, y) aka generator point
+    Gx: BigInt('0x11dafe5d23e1218086a365b99fbf3d3be72f6afd7d1f72623e6b071492d1122b'),
+    Gy: BigInt('0x1d523cf1ddab1a1793132e78c866c0c33e26ba5cc220fed7cc3f870e59d292aa'),
+    hash: sha256_1.sha256,
+    randomBytes: utils_1.randomBytes,
+});
+const GH_FIRST_BLOCK = (0, utils_1.utf8ToBytes)('096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0');
+// Returns point at JubJub curve which is prime order and not zero
+function groupHash(tag, personalization) {
+    const h = blake2s_1.blake2s.create({ personalization, dkLen: 32 });
+    h.update(GH_FIRST_BLOCK);
+    h.update(tag);
+    // NOTE: returns ExtendedPoint, in case it will be multiplied later
+    let p = exports.jubjub.ExtendedPoint.fromAffine(exports.jubjub.Point.fromHex(h.digest()));
+    // NOTE: cannot replace with isSmallOrder, returns Point*8
+    p = p.multiply(exports.jubjub.CURVE.h);
+    if (p.equals(exports.jubjub.ExtendedPoint.ZERO))
+        throw new Error('Point has small order');
+    return p;
+}
+exports.groupHash = groupHash;
+function findGroupHash(m, personalization) {
+    const tag = (0, utils_1.concatBytes)(m, new Uint8Array([0]));
+    for (let i = 0; i < 256; i++) {
+        tag[tag.length - 1] = i;
+        try {
+            return groupHash(tag, personalization);
+        }
+        catch (e) { }
+    }
+    throw new Error('findGroupHash tag overflow');
+}
+exports.findGroupHash = findGroupHash;

package/lib/p192.d.ts

@@ -0,0 +1,130 @@
+export declare const P192: Readonly<{
+    create: (hash: import("./abstract/utils.js").CHash) => import("./abstract/weierstrass.js").CurveFn;
+    CURVE: Readonly<{
+        readonly nBitLength: number;
+        readonly nByteLength: number;
+        readonly Fp: import("./abstract/modular.js").Field<bigint>;
+        readonly n: bigint;
+        readonly h: bigint;
+        readonly hEff?: bigint | undefined;
+        readonly Gx: bigint;
+        readonly Gy: bigint;
+        readonly wrapPrivateKey?: boolean | undefined;
+        readonly allowInfinityPoint?: boolean | undefined;
+        readonly a: bigint;
+        readonly b: bigint;
+        readonly normalizePrivateKey?: ((key: import("./abstract/utils.js").PrivKey) => import("./abstract/utils.js").PrivKey) | undefined;
+        readonly endo?: {
+            beta: bigint;
+            splitScalar: (k: bigint) => {
+                k1neg: boolean;
+                k1: bigint;
+                k2neg: boolean;
+                k2: bigint;
+            };
+        } | undefined;
+        readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjectivePointType<bigint>) => boolean) | undefined;
+        readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjectivePointType<bigint>) => import("./abstract/weierstrass.js").ProjectivePointType<bigint>) | undefined;
+        readonly htfDefaults?: import("./abstract/hash-to-curve.js").htfOpts | undefined;
+        readonly mapToCurve?: ((scalar: bigint[]) => {
+            x: bigint;
+            y: bigint;
+        }) | undefined;
+        lowS: boolean;
+        readonly hash: import("./abstract/utils.js").CHash;
+        readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
+        readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
+        readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
+    }>;
+    getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
+    getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
+    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: {
+        lowS?: boolean | undefined;
+        extraEntropy?: (true | import("./abstract/utils.js").Hex) | undefined;
+    } | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    verify: (signature: import("./abstract/utils.js").Hex | import("./abstract/weierstrass.js").SignatureType, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/weierstrass.js").PubKey, opts?: {
+        lowS?: boolean | undefined;
+    } | undefined) => boolean;
+    Point: import("./abstract/weierstrass.js").PointConstructor<bigint>;
+    ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
+    Signature: import("./abstract/weierstrass.js").SignatureConstructor;
+    utils: {
+        mod: (a: bigint, b?: bigint | undefined) => bigint;
+        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
+        _bigintToBytes: (num: bigint) => Uint8Array;
+        _bigintToString: (num: bigint) => string;
+        _normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;
+        _normalizePublicKey: (publicKey: import("./abstract/weierstrass.js").PubKey) => import("./abstract/weierstrass.js").PointType<bigint>;
+        _isWithinCurveOrder: (num: bigint) => boolean;
+        _isValidFieldElement: (num: bigint) => boolean;
+        _weierstrassEquation: (x: bigint) => bigint;
+        isValidPrivateKey(privateKey: import("./abstract/utils.js").PrivKey): boolean;
+        hashToPrivateKey: (hash: import("./abstract/utils.js").Hex) => Uint8Array;
+        randomPrivateKey: () => Uint8Array;
+    };
+}>;
+export declare const secp192r1: Readonly<{
+    create: (hash: import("./abstract/utils.js").CHash) => import("./abstract/weierstrass.js").CurveFn;
+    CURVE: Readonly<{
+        readonly nBitLength: number;
+        readonly nByteLength: number;
+        readonly Fp: import("./abstract/modular.js").Field<bigint>;
+        readonly n: bigint;
+        readonly h: bigint;
+        readonly hEff?: bigint | undefined;
+        readonly Gx: bigint;
+        readonly Gy: bigint;
+        readonly wrapPrivateKey?: boolean | undefined;
+        readonly allowInfinityPoint?: boolean | undefined;
+        readonly a: bigint;
+        readonly b: bigint;
+        readonly normalizePrivateKey?: ((key: import("./abstract/utils.js").PrivKey) => import("./abstract/utils.js").PrivKey) | undefined;
+        readonly endo?: {
+            beta: bigint;
+            splitScalar: (k: bigint) => {
+                k1neg: boolean;
+                k1: bigint;
+                k2neg: boolean;
+                k2: bigint;
+            };
+        } | undefined;
+        readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjectivePointType<bigint>) => boolean) | undefined;
+        readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjectivePointType<bigint>) => import("./abstract/weierstrass.js").ProjectivePointType<bigint>) | undefined;
+        readonly htfDefaults?: import("./abstract/hash-to-curve.js").htfOpts | undefined;
+        readonly mapToCurve?: ((scalar: bigint[]) => {
+            x: bigint;
+            y: bigint;
+        }) | undefined;
+        lowS: boolean;
+        readonly hash: import("./abstract/utils.js").CHash;
+        readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
+        readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
+        readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
+    }>;
+    getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
+    getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
+    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: {
+        lowS?: boolean | undefined;
+        extraEntropy?: (true | import("./abstract/utils.js").Hex) | undefined;
+    } | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    verify: (signature: import("./abstract/utils.js").Hex | import("./abstract/weierstrass.js").SignatureType, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/weierstrass.js").PubKey, opts?: {
+        lowS?: boolean | undefined;
+    } | undefined) => boolean;
+    Point: import("./abstract/weierstrass.js").PointConstructor<bigint>;
+    ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
+    Signature: import("./abstract/weierstrass.js").SignatureConstructor;
+    utils: {
+        mod: (a: bigint, b?: bigint | undefined) => bigint;
+        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
+        _bigintToBytes: (num: bigint) => Uint8Array;
+        _bigintToString: (num: bigint) => string;
+        _normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;
+        _normalizePublicKey: (publicKey: import("./abstract/weierstrass.js").PubKey) => import("./abstract/weierstrass.js").PointType<bigint>;
+        _isWithinCurveOrder: (num: bigint) => boolean;
+        _isValidFieldElement: (num: bigint) => boolean;
+        _weierstrassEquation: (x: bigint) => bigint;
+        isValidPrivateKey(privateKey: import("./abstract/utils.js").PrivKey): boolean;
+        hashToPrivateKey: (hash: import("./abstract/utils.js").Hex) => Uint8Array;
+        randomPrivateKey: () => Uint8Array;
+    };
+}>;

package/lib/p192.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.secp192r1 = exports.P192 = void 0;
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const _shortw_utils_js_1 = require("./_shortw_utils.js");
+const sha256_1 = require("@noble/hashes/sha256");
+const modular_js_1 = require("./abstract/modular.js");
+// NIST secp192r1 aka P192
+// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/secg/secp192r1
+exports.P192 = (0, _shortw_utils_js_1.createCurve)({
+    // Params: a, b
+    a: BigInt('0xfffffffffffffffffffffffffffffffefffffffffffffffc'),
+    b: BigInt('0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1'),
+    // Field over which we'll do calculations; 2n ** 192n - 2n ** 64n - 1n
+    Fp: (0, modular_js_1.Fp)(BigInt('0xfffffffffffffffffffffffffffffffeffffffffffffffff')),
+    // Curve order, total count of valid points in the field.
+    n: BigInt('0xffffffffffffffffffffffff99def836146bc9b1b4d22831'),
+    // Base point (x, y) aka generator point
+    Gx: BigInt('0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012'),
+    Gy: BigInt('0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811'),
+    h: BigInt(1),
+    lowS: false,
+}, sha256_1.sha256);
+exports.secp192r1 = exports.P192;

package/lib/p224.d.ts

@@ -0,0 +1,130 @@
+export declare const P224: Readonly<{
+    create: (hash: import("./abstract/utils.js").CHash) => import("./abstract/weierstrass.js").CurveFn;
+    CURVE: Readonly<{
+        readonly nBitLength: number;
+        readonly nByteLength: number;
+        readonly Fp: import("./abstract/modular.js").Field<bigint>;
+        readonly n: bigint;
+        readonly h: bigint;
+        readonly hEff?: bigint | undefined;
+        readonly Gx: bigint;
+        readonly Gy: bigint;
+        readonly wrapPrivateKey?: boolean | undefined;
+        readonly allowInfinityPoint?: boolean | undefined;
+        readonly a: bigint;
+        readonly b: bigint;
+        readonly normalizePrivateKey?: ((key: import("./abstract/utils.js").PrivKey) => import("./abstract/utils.js").PrivKey) | undefined;
+        readonly endo?: {
+            beta: bigint;
+            splitScalar: (k: bigint) => {
+                k1neg: boolean;
+                k1: bigint;
+                k2neg: boolean;
+                k2: bigint;
+            };
+        } | undefined;
+        readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjectivePointType<bigint>) => boolean) | undefined;
+        readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjectivePointType<bigint>) => import("./abstract/weierstrass.js").ProjectivePointType<bigint>) | undefined;
+        readonly htfDefaults?: import("./abstract/hash-to-curve.js").htfOpts | undefined;
+        readonly mapToCurve?: ((scalar: bigint[]) => {
+            x: bigint;
+            y: bigint;
+        }) | undefined;
+        lowS: boolean;
+        readonly hash: import("./abstract/utils.js").CHash;
+        readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
+        readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
+        readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
+    }>;
+    getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
+    getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
+    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: {
+        lowS?: boolean | undefined;
+        extraEntropy?: (true | import("./abstract/utils.js").Hex) | undefined;
+    } | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    verify: (signature: import("./abstract/utils.js").Hex | import("./abstract/weierstrass.js").SignatureType, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/weierstrass.js").PubKey, opts?: {
+        lowS?: boolean | undefined;
+    } | undefined) => boolean;
+    Point: import("./abstract/weierstrass.js").PointConstructor<bigint>;
+    ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
+    Signature: import("./abstract/weierstrass.js").SignatureConstructor;
+    utils: {
+        mod: (a: bigint, b?: bigint | undefined) => bigint;
+        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
+        _bigintToBytes: (num: bigint) => Uint8Array;
+        _bigintToString: (num: bigint) => string;
+        _normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;
+        _normalizePublicKey: (publicKey: import("./abstract/weierstrass.js").PubKey) => import("./abstract/weierstrass.js").PointType<bigint>;
+        _isWithinCurveOrder: (num: bigint) => boolean;
+        _isValidFieldElement: (num: bigint) => boolean;
+        _weierstrassEquation: (x: bigint) => bigint;
+        isValidPrivateKey(privateKey: import("./abstract/utils.js").PrivKey): boolean;
+        hashToPrivateKey: (hash: import("./abstract/utils.js").Hex) => Uint8Array;
+        randomPrivateKey: () => Uint8Array;
+    };
+}>;
+export declare const secp224r1: Readonly<{
+    create: (hash: import("./abstract/utils.js").CHash) => import("./abstract/weierstrass.js").CurveFn;
+    CURVE: Readonly<{
+        readonly nBitLength: number;
+        readonly nByteLength: number;
+        readonly Fp: import("./abstract/modular.js").Field<bigint>;
+        readonly n: bigint;
+        readonly h: bigint;
+        readonly hEff?: bigint | undefined;
+        readonly Gx: bigint;
+        readonly Gy: bigint;
+        readonly wrapPrivateKey?: boolean | undefined;
+        readonly allowInfinityPoint?: boolean | undefined;
+        readonly a: bigint;
+        readonly b: bigint;
+        readonly normalizePrivateKey?: ((key: import("./abstract/utils.js").PrivKey) => import("./abstract/utils.js").PrivKey) | undefined;
+        readonly endo?: {
+            beta: bigint;
+            splitScalar: (k: bigint) => {
+                k1neg: boolean;
+                k1: bigint;
+                k2neg: boolean;
+                k2: bigint;
+            };
+        } | undefined;
+        readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjectivePointType<bigint>) => boolean) | undefined;
+        readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjectivePointType<bigint>) => import("./abstract/weierstrass.js").ProjectivePointType<bigint>) | undefined;
+        readonly htfDefaults?: import("./abstract/hash-to-curve.js").htfOpts | undefined;
+        readonly mapToCurve?: ((scalar: bigint[]) => {
+            x: bigint;
+            y: bigint;
+        }) | undefined;
+        lowS: boolean;
+        readonly hash: import("./abstract/utils.js").CHash;
+        readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
+        readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
+        readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
+    }>;
+    getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
+    getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
+    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: {
+        lowS?: boolean | undefined;
+        extraEntropy?: (true | import("./abstract/utils.js").Hex) | undefined;
+    } | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    verify: (signature: import("./abstract/utils.js").Hex | import("./abstract/weierstrass.js").SignatureType, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/weierstrass.js").PubKey, opts?: {
+        lowS?: boolean | undefined;
+    } | undefined) => boolean;
+    Point: import("./abstract/weierstrass.js").PointConstructor<bigint>;
+    ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
+    Signature: import("./abstract/weierstrass.js").SignatureConstructor;
+    utils: {
+        mod: (a: bigint, b?: bigint | undefined) => bigint;
+        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
+        _bigintToBytes: (num: bigint) => Uint8Array;
+        _bigintToString: (num: bigint) => string;
+        _normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;
+        _normalizePublicKey: (publicKey: import("./abstract/weierstrass.js").PubKey) => import("./abstract/weierstrass.js").PointType<bigint>;
+        _isWithinCurveOrder: (num: bigint) => boolean;
+        _isValidFieldElement: (num: bigint) => boolean;
+        _weierstrassEquation: (x: bigint) => bigint;
+        isValidPrivateKey(privateKey: import("./abstract/utils.js").PrivKey): boolean;
+        hashToPrivateKey: (hash: import("./abstract/utils.js").Hex) => Uint8Array;
+        randomPrivateKey: () => Uint8Array;
+    };
+}>;

package/lib/p224.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.secp224r1 = exports.P224 = void 0;
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const _shortw_utils_js_1 = require("./_shortw_utils.js");
+const sha256_1 = require("@noble/hashes/sha256");
+const modular_js_1 = require("./abstract/modular.js");
+// NIST secp224r1 aka P224
+// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-224
+exports.P224 = (0, _shortw_utils_js_1.createCurve)({
+    // Params: a, b
+    a: BigInt('0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe'),
+    b: BigInt('0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4'),
+    // Field over which we'll do calculations; 2n**224n - 2n**96n + 1n
+    Fp: (0, modular_js_1.Fp)(BigInt('0xffffffffffffffffffffffffffffffff000000000000000000000001')),
+    // Curve order, total count of valid points in the field
+    n: BigInt('0xffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d'),
+    // Base point (x, y) aka generator point
+    Gx: BigInt('0xb70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21'),
+    Gy: BigInt('0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34'),
+    h: BigInt(1),
+    lowS: false,
+}, sha256_1.sha224);
+exports.secp224r1 = exports.P224;