@noble/curves 0.5.1 → 0.6.0

package/lib/abstract/utils.d.ts

@@ -1,7 +1,5 @@
-/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import * as mod from './modular.js';
 export declare type Hex = Uint8Array | string;
-export declare type PrivKey = Hex | bigint | number;
+export declare type PrivKey = Hex | bigint;
 export declare type CHash = {
     (message: Uint8Array | string): Uint8Array;
     blockLen: number;
@@ -10,45 +8,18 @@ export declare type CHash = {
         dkLen?: number;
     }): any;
 };
-export declare type BasicCurve<T> = {
-    Fp: mod.Field<T>;
-    n: bigint;
-    nBitLength?: number;
-    nByteLength?: number;
-    h: bigint;
-    hEff?: bigint;
-    Gx: T;
-    Gy: T;
-    wrapPrivateKey?: boolean;
-    allowInfinityPoint?: boolean;
-};
-export declare function validateOpts<FP, T>(curve: BasicCurve<FP> & T): Readonly<{
-    readonly nBitLength: number;
-    readonly nByteLength: number;
-} & BasicCurve<FP> & T>;
-export declare function bytesToHex(uint8a: Uint8Array): string;
+export declare type FHash = (message: Uint8Array | string) => Uint8Array;
+export declare function bytesToHex(bytes: Uint8Array): string;
 export declare function numberToHexUnpadded(num: number | bigint): string;
 export declare function hexToNumber(hex: string): bigint;
 export declare function hexToBytes(hex: string): Uint8Array;
 export declare function bytesToNumberBE(bytes: Uint8Array): bigint;
-export declare function bytesToNumberLE(uint8a: Uint8Array): bigint;
+export declare function bytesToNumberLE(bytes: Uint8Array): bigint;
 export declare const numberToBytesBE: (n: bigint, len: number) => Uint8Array;
 export declare const numberToBytesLE: (n: bigint, len: number) => Uint8Array;
+export declare const numberToVarBytesBE: (n: bigint) => Uint8Array;
 export declare function ensureBytes(hex: Hex, expectedLength?: number): Uint8Array;
 export declare function concatBytes(...arrays: Uint8Array[]): Uint8Array;
-export declare function nLength(n: bigint, nBitLength?: number): {
-    nBitLength: number;
-    nByteLength: number;
-};
-/**
- * Can take (n+8) or more bytes of uniform input e.g. from CSPRNG or KDF
- * and convert them into private scalar, with the modulo bias being neglible.
- * As per FIPS 186 B.4.1.
- * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/
- * @param hash hash output from sha512, or a similar function
- * @returns valid private scalar
- */
-export declare function hashToPrivateScalar(hash: Hex, CURVE_ORDER: bigint, isLE?: boolean): bigint;
 export declare function equalBytes(b1: Uint8Array, b2: Uint8Array): boolean;
 export declare function bitLen(n: bigint): number;
 export declare const bitGet: (n: bigint, pos: number) => bigint;

package/lib/abstract/utils.js

@@ -1,39 +1,19 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.bitMask = exports.bitSet = exports.bitGet = exports.bitLen = exports.equalBytes = exports.hashToPrivateScalar = exports.nLength = exports.concatBytes = exports.ensureBytes = exports.numberToBytesLE = exports.numberToBytesBE = exports.bytesToNumberLE = exports.bytesToNumberBE = exports.hexToBytes = exports.hexToNumber = exports.numberToHexUnpadded = exports.bytesToHex = exports.validateOpts = void 0;
+exports.bitMask = exports.bitSet = exports.bitGet = exports.bitLen = exports.equalBytes = exports.concatBytes = exports.ensureBytes = exports.numberToVarBytesBE = exports.numberToBytesLE = exports.numberToBytesBE = exports.bytesToNumberLE = exports.bytesToNumberBE = exports.hexToBytes = exports.hexToNumber = exports.numberToHexUnpadded = exports.bytesToHex = void 0;
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const mod = require("./modular.js");
 const _0n = BigInt(0);
 const _1n = BigInt(1);
 const _2n = BigInt(2);
-function validateOpts(curve) {
-    mod.validateField(curve.Fp);
-    for (const i of ['n', 'h']) {
-        if (typeof curve[i] !== 'bigint')
-            throw new Error(`Invalid curve param ${i}=${curve[i]} (${typeof curve[i]})`);
-    }
-    if (!curve.Fp.isValid(curve.Gx))
-        throw new Error('Invalid generator X coordinate Fp element');
-    if (!curve.Fp.isValid(curve.Gy))
-        throw new Error('Invalid generator Y coordinate Fp element');
-    for (const i of ['nBitLength', 'nByteLength']) {
-        if (curve[i] === undefined)
-            continue; // Optional
-        if (!Number.isSafeInteger(curve[i]))
-            throw new Error(`Invalid curve param ${i}=${curve[i]} (${typeof curve[i]})`);
-    }
-    // Set defaults
-    return Object.freeze({ ...nLength(curve.n, curve.nBitLength), ...curve });
-}
-exports.validateOpts = validateOpts;
+const u8a = (a) => a instanceof Uint8Array;
 const hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, '0'));
-function bytesToHex(uint8a) {
-    if (!(uint8a instanceof Uint8Array))
+function bytesToHex(bytes) {
+    if (!u8a(bytes))
         throw new Error('Expected Uint8Array');
     // pre-caching improves the speed 6x
     let hex = '';
-    for (let i = 0; i < uint8a.length; i++) {
-        hex += hexes[uint8a[i]];
+    for (let i = 0; i < bytes.length; i++) {
+        hex += hexes[bytes[i]];
     }
     return hex;
 }
@@ -44,18 +24,16 @@ function numberToHexUnpadded(num) {
 }
 exports.numberToHexUnpadded = numberToHexUnpadded;
 function hexToNumber(hex) {
-    if (typeof hex !== 'string') {
-        throw new TypeError('hexToNumber: expected string, got ' + typeof hex);
-    }
+    if (typeof hex !== 'string')
+        throw new Error('hexToNumber: expected string, got ' + typeof hex);
     // Big Endian
     return BigInt(`0x${hex}`);
 }
 exports.hexToNumber = hexToNumber;
 // Caching slows it down 2-3x
 function hexToBytes(hex) {
-    if (typeof hex !== 'string') {
-        throw new TypeError('hexToBytes: expected string, got ' + typeof hex);
-    }
+    if (typeof hex !== 'string')
+        throw new Error('hexToBytes: expected string, got ' + typeof hex);
     if (hex.length % 2)
         throw new Error('hexToBytes: received invalid unpadded hex ' + hex.length);
     const array = new Uint8Array(hex.length / 2);
@@ -75,20 +53,28 @@ function bytesToNumberBE(bytes) {
     return hexToNumber(bytesToHex(bytes));
 }
 exports.bytesToNumberBE = bytesToNumberBE;
-function bytesToNumberLE(uint8a) {
-    if (!(uint8a instanceof Uint8Array))
+function bytesToNumberLE(bytes) {
+    if (!u8a(bytes))
         throw new Error('Expected Uint8Array');
-    return BigInt('0x' + bytesToHex(Uint8Array.from(uint8a).reverse()));
+    return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));
 }
 exports.bytesToNumberLE = bytesToNumberLE;
 const numberToBytesBE = (n, len) => hexToBytes(n.toString(16).padStart(len * 2, '0'));
 exports.numberToBytesBE = numberToBytesBE;
 const numberToBytesLE = (n, len) => (0, exports.numberToBytesBE)(n, len).reverse();
 exports.numberToBytesLE = numberToBytesLE;
+// Returns variable number bytes (minimal bigint encoding?)
+const numberToVarBytesBE = (n) => {
+    let hex = n.toString(16);
+    if (hex.length & 1)
+        hex = '0' + hex;
+    return hexToBytes(hex);
+};
+exports.numberToVarBytesBE = numberToVarBytesBE;
 function ensureBytes(hex, expectedLength) {
     // Uint8Array.from() instead of hash.slice() because node.js Buffer
     // is instance of Uint8Array, and its slice() creates **mutable** copy
-    const bytes = hex instanceof Uint8Array ? Uint8Array.from(hex) : hexToBytes(hex);
+    const bytes = u8a(hex) ? Uint8Array.from(hex) : hexToBytes(hex);
     if (typeof expectedLength === 'number' && bytes.length !== expectedLength)
         throw new Error(`Expected ${expectedLength} bytes`);
     return bytes;
@@ -96,7 +82,7 @@ function ensureBytes(hex, expectedLength) {
 exports.ensureBytes = ensureBytes;
 // Copies several Uint8Arrays into one.
 function concatBytes(...arrays) {
-    if (!arrays.every((b) => b instanceof Uint8Array))
+    if (!arrays.every((b) => u8a(b)))
         throw new Error('Uint8Array list expected');
     if (arrays.length === 1)
         return arrays[0];
@@ -110,32 +96,6 @@ function concatBytes(...arrays) {
     return result;
 }
 exports.concatBytes = concatBytes;
-// CURVE.n lengths
-function nLength(n, nBitLength) {
-    // Bit size, byte size of CURVE.n
-    const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length;
-    const nByteLength = Math.ceil(_nBitLength / 8);
-    return { nBitLength: _nBitLength, nByteLength };
-}
-exports.nLength = nLength;
-/**
- * Can take (n+8) or more bytes of uniform input e.g. from CSPRNG or KDF
- * and convert them into private scalar, with the modulo bias being neglible.
- * As per FIPS 186 B.4.1.
- * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/
- * @param hash hash output from sha512, or a similar function
- * @returns valid private scalar
- */
-function hashToPrivateScalar(hash, CURVE_ORDER, isLE = false) {
-    hash = ensureBytes(hash);
-    const orderLen = nLength(CURVE_ORDER).nByteLength;
-    const minLen = orderLen + 8;
-    if (orderLen < 16 || hash.length < minLen || hash.length > 1024)
-        throw new Error('Expected valid bytes of private key as per FIPS 186');
-    const num = isLE ? bytesToNumberLE(hash) : bytesToNumberBE(hash);
-    return mod.mod(num, CURVE_ORDER - _1n) + _1n;
-}
-exports.hashToPrivateScalar = hashToPrivateScalar;
 function equalBytes(b1, b2) {
     // We don't care about timing attacks here
     if (b1.length !== b2.length)

package/lib/abstract/weierstrass.d.ts

@@ -1,9 +1,9 @@
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 import * as mod from './modular.js';
-import { Hex, PrivKey } from './utils.js';
-import * as utils from './utils.js';
-import { htfOpts } from './hash-to-curve.js';
-import { Group, GroupConstructor } from './group.js';
+import * as ut from './utils.js';
+import { Hex, PrivKey, CHash } from './utils.js';
+import { Group, GroupConstructor, AbstractCurve, AffinePoint } from './curve.js';
+export type { AffinePoint };
 declare type HmacFnSync = (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
 declare type EndomorphismOpts = {
     beta: bigint;
@@ -14,23 +14,24 @@ declare type EndomorphismOpts = {
         k2: bigint;
     };
 };
-export declare type BasicCurve<T> = utils.BasicCurve<T> & {
+export declare type BasicCurve<T> = AbstractCurve<T> & {
     a: T;
     b: T;
     normalizePrivateKey?: (key: PrivKey) => PrivKey;
+    wrapPrivateKey?: boolean;
     endo?: EndomorphismOpts;
-    isTorsionFree?: (c: ProjectiveConstructor<T>, point: ProjectivePointType<T>) => boolean;
-    clearCofactor?: (c: ProjectiveConstructor<T>, point: ProjectivePointType<T>) => ProjectivePointType<T>;
-    htfDefaults?: htfOpts;
-    mapToCurve?: (scalar: bigint[]) => {
-        x: T;
-        y: T;
-    };
+    isTorsionFree?: (c: ProjConstructor<T>, point: ProjPointType<T>) => boolean;
+    clearCofactor?: (c: ProjConstructor<T>, point: ProjPointType<T>) => ProjPointType<T>;
 };
 declare type Entropy = Hex | true;
-declare type SignOpts = {
+export declare type SignOpts = {
     lowS?: boolean;
     extraEntropy?: Entropy;
+    prehash?: boolean;
+};
+export declare type VerOpts = {
+    lowS?: boolean;
+    prehash?: boolean;
 };
 /**
  * ### Design rationale for types
@@ -53,54 +54,41 @@ declare type SignOpts = {
  *
  * TODO: https://www.typescriptlang.org/docs/handbook/release-notes/typescript-2-7.html#unique-symbol
  */
-export interface ProjectivePointType<T> extends Group<ProjectivePointType<T>> {
-    readonly x: T;
-    readonly y: T;
-    readonly z: T;
-    multiply(scalar: number | bigint, affinePoint?: PointType<T>): ProjectivePointType<T>;
-    multiplyUnsafe(scalar: bigint): ProjectivePointType<T>;
-    toAffine(invZ?: T): PointType<T>;
-}
-export interface ProjectiveConstructor<T> extends GroupConstructor<ProjectivePointType<T>> {
-    new (x: T, y: T, z: T): ProjectivePointType<T>;
-    fromAffine(p: PointType<T>): ProjectivePointType<T>;
-    toAffineBatch(points: ProjectivePointType<T>[]): PointType<T>[];
-    normalizeZ(points: ProjectivePointType<T>[]): ProjectivePointType<T>[];
-}
-export interface PointType<T> extends Group<PointType<T>> {
-    readonly x: T;
-    readonly y: T;
+export interface ProjPointType<T> extends Group<ProjPointType<T>> {
+    readonly px: T;
+    readonly py: T;
+    readonly pz: T;
+    multiply(scalar: bigint): ProjPointType<T>;
+    multiplyUnsafe(scalar: bigint): ProjPointType<T>;
+    multiplyAndAddUnsafe(Q: ProjPointType<T>, a: bigint, b: bigint): ProjPointType<T> | undefined;
     _setWindowSize(windowSize: number): void;
+    toAffine(iz?: T): AffinePoint<T>;
+    isTorsionFree(): boolean;
+    clearCofactor(): ProjPointType<T>;
+    assertValidity(): void;
     hasEvenY(): boolean;
     toRawBytes(isCompressed?: boolean): Uint8Array;
     toHex(isCompressed?: boolean): string;
-    assertValidity(): void;
-    multiplyAndAddUnsafe(Q: PointType<T>, a: bigint, b: bigint): PointType<T> | undefined;
 }
-export interface PointConstructor<T> extends GroupConstructor<PointType<T>> {
-    new (x: T, y: T): PointType<T>;
-    fromHex(hex: Hex): PointType<T>;
-    fromPrivateKey(privateKey: PrivKey): PointType<T>;
-    hashToCurve(msg: Hex, options?: Partial<htfOpts>): PointType<T>;
-    encodeToCurve(msg: Hex, options?: Partial<htfOpts>): PointType<T>;
+export interface ProjConstructor<T> extends GroupConstructor<ProjPointType<T>> {
+    new (x: T, y: T, z: T): ProjPointType<T>;
+    fromAffine(p: AffinePoint<T>): ProjPointType<T>;
+    fromHex(hex: Hex): ProjPointType<T>;
+    fromPrivateKey(privateKey: PrivKey): ProjPointType<T>;
+    normalizeZ(points: ProjPointType<T>[]): ProjPointType<T>[];
 }
 export declare type CurvePointsType<T> = BasicCurve<T> & {
-    fromBytes: (bytes: Uint8Array) => {
-        x: T;
-        y: T;
-    };
-    toBytes: (c: PointConstructor<T>, point: PointType<T>, compressed: boolean) => Uint8Array;
+    fromBytes: (bytes: Uint8Array) => AffinePoint<T>;
+    toBytes: (c: ProjConstructor<T>, point: ProjPointType<T>, compressed: boolean) => Uint8Array;
 };
 export declare type CurvePointsRes<T> = {
-    Point: PointConstructor<T>;
-    ProjectivePoint: ProjectiveConstructor<T>;
+    ProjectivePoint: ProjConstructor<T>;
     normalizePrivateKey: (key: PrivKey) => bigint;
     weierstrassEquation: (x: T) => T;
     isWithinCurveOrder: (num: bigint) => boolean;
 };
 export declare function weierstrassPoints<T>(opts: CurvePointsType<T>): {
-    Point: PointConstructor<T>;
-    ProjectivePoint: ProjectiveConstructor<T>;
+    ProjectivePoint: ProjConstructor<T>;
     normalizePrivateKey: (key: PrivKey) => bigint;
     weierstrassEquation: (x: T) => T;
     isWithinCurveOrder: (num: bigint) => boolean;
@@ -110,27 +98,32 @@ export interface SignatureType {
     readonly s: bigint;
     readonly recovery?: number;
     assertValidity(): void;
-    copyWithRecoveryBit(recovery: number): SignatureType;
+    addRecoveryBit(recovery: number): SignatureType;
     hasHighS(): boolean;
     normalizeS(): SignatureType;
-    recoverPublicKey(msgHash: Hex): PointType<bigint>;
-    toDERRawBytes(isCompressed?: boolean): Uint8Array;
-    toDERHex(isCompressed?: boolean): string;
+    recoverPublicKey(msgHash: Hex): ProjPointType<bigint>;
     toCompactRawBytes(): Uint8Array;
     toCompactHex(): string;
+    toDERRawBytes(isCompressed?: boolean): Uint8Array;
+    toDERHex(isCompressed?: boolean): string;
 }
 export declare type SignatureConstructor = {
     new (r: bigint, s: bigint): SignatureType;
     fromCompact(hex: Hex): SignatureType;
     fromDER(hex: Hex): SignatureType;
 };
-export declare type PubKey = Hex | PointType<bigint>;
+declare type SignatureLike = {
+    r: bigint;
+    s: bigint;
+};
+export declare type PubKey = Hex | ProjPointType<bigint>;
 export declare type CurveType = BasicCurve<bigint> & {
     lowS?: boolean;
-    hash: utils.CHash;
+    hash: CHash;
     hmac: HmacFnSync;
     randomBytes: (bytesLength?: number) => Uint8Array;
-    truncateHash?: (hash: Uint8Array, truncateOnly?: boolean) => bigint;
+    bits2int?: (bytes: Uint8Array) => bigint;
+    bits2int_modN?: (bytes: Uint8Array) => bigint;
 };
 declare function validateOpts(curve: CurveType): Readonly<{
     readonly nBitLength: number;
@@ -145,42 +138,27 @@ declare function validateOpts(curve: CurveType): Readonly<{
     readonly allowInfinityPoint?: boolean | undefined;
     readonly a: bigint;
     readonly b: bigint;
-    readonly normalizePrivateKey?: ((key: PrivKey) => PrivKey) | undefined;
+    readonly normalizePrivateKey?: ((key: ut.PrivKey) => ut.PrivKey) | undefined;
     readonly endo?: EndomorphismOpts | undefined;
-    readonly isTorsionFree?: ((c: ProjectiveConstructor<bigint>, point: ProjectivePointType<bigint>) => boolean) | undefined;
-    readonly clearCofactor?: ((c: ProjectiveConstructor<bigint>, point: ProjectivePointType<bigint>) => ProjectivePointType<bigint>) | undefined;
-    readonly htfDefaults?: htfOpts | undefined;
-    readonly mapToCurve?: ((scalar: bigint[]) => {
-        x: bigint;
-        y: bigint;
-    }) | undefined;
+    readonly isTorsionFree?: ((c: ProjConstructor<bigint>, point: ProjPointType<bigint>) => boolean) | undefined;
+    readonly clearCofactor?: ((c: ProjConstructor<bigint>, point: ProjPointType<bigint>) => ProjPointType<bigint>) | undefined;
     lowS: boolean;
-    readonly hash: utils.CHash;
+    readonly hash: ut.CHash;
     readonly hmac: HmacFnSync;
     readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
-    readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
+    readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
+    readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
 }>;
 export declare type CurveFn = {
     CURVE: ReturnType<typeof validateOpts>;
     getPublicKey: (privateKey: PrivKey, isCompressed?: boolean) => Uint8Array;
-    getSharedSecret: (privateA: PrivKey, publicB: PubKey, isCompressed?: boolean) => Uint8Array;
+    getSharedSecret: (privateA: PrivKey, publicB: Hex, isCompressed?: boolean) => Uint8Array;
     sign: (msgHash: Hex, privKey: PrivKey, opts?: SignOpts) => SignatureType;
-    verify: (signature: Hex | SignatureType, msgHash: Hex, publicKey: PubKey, opts?: {
-        lowS?: boolean;
-    }) => boolean;
-    Point: PointConstructor<bigint>;
-    ProjectivePoint: ProjectiveConstructor<bigint>;
+    verify: (signature: Hex | SignatureLike, msgHash: Hex, publicKey: Hex, opts?: VerOpts) => boolean;
+    ProjectivePoint: ProjConstructor<bigint>;
     Signature: SignatureConstructor;
     utils: {
-        mod: (a: bigint, b?: bigint) => bigint;
-        invert: (number: bigint, modulo?: bigint) => bigint;
-        _bigintToBytes: (num: bigint) => Uint8Array;
-        _bigintToString: (num: bigint) => string;
         _normalizePrivateKey: (key: PrivKey) => bigint;
-        _normalizePublicKey: (publicKey: PubKey) => PointType<bigint>;
-        _isWithinCurveOrder: (num: bigint) => boolean;
-        _isValidFieldElement: (num: bigint) => boolean;
-        _weierstrassEquation: (x: bigint) => bigint;
         isValidPrivateKey(privateKey: PrivKey): boolean;
         hashToPrivateKey: (hash: Hex) => Uint8Array;
         randomPrivateKey: () => Uint8Array;
@@ -199,4 +177,3 @@ export declare function mapToCurveSimpleSWU<T>(Fp: mod.Field<T>, opts: {
     x: T;
     y: T;
 };
-export {};