@noble/curves 0.5.2 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +49 -5
- package/lib/_shortw_utils.d.ts +10 -21
- package/lib/abstract/bls.d.ts +39 -32
- package/lib/abstract/bls.js +74 -73
- package/lib/abstract/{group.d.ts → curve.d.ts} +31 -1
- package/lib/abstract/{group.js → curve.js} +39 -2
- package/lib/abstract/edwards.d.ts +30 -72
- package/lib/abstract/edwards.js +197 -375
- package/lib/abstract/hash-to-curve.d.ts +25 -6
- package/lib/abstract/hash-to-curve.js +40 -12
- package/lib/abstract/modular.d.ts +20 -7
- package/lib/abstract/modular.js +61 -35
- package/lib/abstract/montgomery.js +4 -5
- package/lib/abstract/poseidon.d.ts +29 -0
- package/lib/abstract/poseidon.js +115 -0
- package/lib/abstract/utils.d.ts +5 -36
- package/lib/abstract/utils.js +23 -71
- package/lib/abstract/weierstrass.d.ts +51 -74
- package/lib/abstract/weierstrass.js +455 -628
- package/lib/bls12-381.js +63 -58
- package/lib/bn.js +1 -1
- package/lib/ed25519.d.ts +7 -5
- package/lib/ed25519.js +82 -79
- package/lib/ed448.d.ts +3 -0
- package/lib/ed448.js +86 -83
- package/lib/esm/abstract/bls.js +75 -74
- package/lib/esm/abstract/{group.js → curve.js} +37 -1
- package/lib/esm/abstract/edwards.js +196 -374
- package/lib/esm/abstract/hash-to-curve.js +38 -11
- package/lib/esm/abstract/modular.js +58 -34
- package/lib/esm/abstract/montgomery.js +5 -6
- package/lib/esm/abstract/poseidon.js +109 -0
- package/lib/esm/abstract/utils.js +21 -66
- package/lib/esm/abstract/weierstrass.js +454 -627
- package/lib/esm/bls12-381.js +75 -70
- package/lib/esm/bn.js +1 -1
- package/lib/esm/ed25519.js +80 -78
- package/lib/esm/ed448.js +84 -82
- package/lib/esm/jubjub.js +1 -1
- package/lib/esm/p256.js +11 -9
- package/lib/esm/p384.js +11 -9
- package/lib/esm/p521.js +13 -12
- package/lib/esm/secp256k1.js +115 -151
- package/lib/esm/stark.js +104 -40
- package/lib/jubjub.d.ts +2 -2
- package/lib/jubjub.js +1 -1
- package/lib/p192.d.ts +20 -42
- package/lib/p224.d.ts +20 -42
- package/lib/p256.d.ts +23 -42
- package/lib/p256.js +13 -10
- package/lib/p384.d.ts +23 -42
- package/lib/p384.js +13 -10
- package/lib/p521.d.ts +23 -42
- package/lib/p521.js +15 -13
- package/lib/secp256k1.d.ts +25 -37
- package/lib/secp256k1.js +115 -151
- package/lib/stark.d.ts +36 -19
- package/lib/stark.js +107 -40
- package/package.json +13 -8
package/lib/esm/stark.js
CHANGED
|
@@ -3,12 +3,23 @@ import { keccak_256 } from '@noble/hashes/sha3';
|
|
|
3
3
|
import { sha256 } from '@noble/hashes/sha256';
|
|
4
4
|
import { weierstrass } from './abstract/weierstrass.js';
|
|
5
5
|
import * as cutils from './abstract/utils.js';
|
|
6
|
-
import { Fp } from './abstract/modular.js';
|
|
6
|
+
import { Fp, mod, validateField } from './abstract/modular.js';
|
|
7
7
|
import { getHash } from './_shortw_utils.js';
|
|
8
|
+
import * as poseidon from './abstract/poseidon.js';
|
|
9
|
+
import { utf8ToBytes } from '@noble/hashes/utils';
|
|
8
10
|
// Stark-friendly elliptic curve
|
|
9
11
|
// https://docs.starkware.co/starkex/stark-curve.html
|
|
10
12
|
const CURVE_N = BigInt('3618502788666131213697322783095070105526743751716087489154079457884512865583');
|
|
11
13
|
const nBitLength = 252;
|
|
14
|
+
// Copy-pasted from weierstrass.ts
|
|
15
|
+
function bits2int(bytes) {
|
|
16
|
+
const delta = bytes.length * 8 - nBitLength;
|
|
17
|
+
const num = cutils.bytesToNumberBE(bytes);
|
|
18
|
+
return delta > 0 ? num >> BigInt(delta) : num;
|
|
19
|
+
}
|
|
20
|
+
function bits2int_modN(bytes) {
|
|
21
|
+
return mod(bits2int(bytes), CURVE_N);
|
|
22
|
+
}
|
|
12
23
|
export const starkCurve = weierstrass({
|
|
13
24
|
// Params: a, b
|
|
14
25
|
a: BigInt(1),
|
|
@@ -26,33 +37,28 @@ export const starkCurve = weierstrass({
|
|
|
26
37
|
// Default options
|
|
27
38
|
lowS: false,
|
|
28
39
|
...getHash(sha256),
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
40
|
+
// Custom truncation routines for stark curve
|
|
41
|
+
bits2int: (bytes) => {
|
|
42
|
+
while (bytes[0] === 0)
|
|
43
|
+
bytes = bytes.subarray(1);
|
|
44
|
+
return bits2int(bytes);
|
|
45
|
+
},
|
|
46
|
+
bits2int_modN: (bytes) => {
|
|
47
|
+
let hashS = cutils.bytesToNumberBE(bytes).toString(16);
|
|
48
|
+
if (hashS.length === 63) {
|
|
49
|
+
hashS += '0';
|
|
50
|
+
bytes = hexToBytes0x(hashS);
|
|
38
51
|
}
|
|
39
52
|
// Truncate zero bytes on left (compat with elliptic)
|
|
40
|
-
while (
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
const delta = byteLength * 8 - nBitLength; // size of curve.n (252 bits)
|
|
44
|
-
let h = hash.length ? bytesToNumber0x(hash) : 0n;
|
|
45
|
-
if (delta > 0)
|
|
46
|
-
h = h >> BigInt(delta);
|
|
47
|
-
if (!truncateOnly && h >= CURVE_N)
|
|
48
|
-
h -= CURVE_N;
|
|
49
|
-
return h;
|
|
53
|
+
while (bytes[0] === 0)
|
|
54
|
+
bytes = bytes.subarray(1);
|
|
55
|
+
return bits2int_modN(bytes);
|
|
50
56
|
},
|
|
51
57
|
});
|
|
52
58
|
// Custom Starknet type conversion functions that can handle 0x and unpadded hex
|
|
53
59
|
function hexToBytes0x(hex) {
|
|
54
60
|
if (typeof hex !== 'string') {
|
|
55
|
-
throw new
|
|
61
|
+
throw new Error('hexToBytes: expected string, got ' + typeof hex);
|
|
56
62
|
}
|
|
57
63
|
hex = strip0x(hex);
|
|
58
64
|
if (hex.length & 1)
|
|
@@ -72,7 +78,7 @@ function hexToBytes0x(hex) {
|
|
|
72
78
|
}
|
|
73
79
|
function hexToNumber0x(hex) {
|
|
74
80
|
if (typeof hex !== 'string') {
|
|
75
|
-
throw new
|
|
81
|
+
throw new Error('hexToNumber: expected string, got ' + typeof hex);
|
|
76
82
|
}
|
|
77
83
|
// Big Endian
|
|
78
84
|
// TODO: strip vs no strip?
|
|
@@ -87,7 +93,7 @@ function ensureBytes0x(hex) {
|
|
|
87
93
|
return hex instanceof Uint8Array ? Uint8Array.from(hex) : hexToBytes0x(hex);
|
|
88
94
|
}
|
|
89
95
|
function normalizePrivateKey(privKey) {
|
|
90
|
-
return cutils.bytesToHex(ensureBytes0x(privKey)).padStart(
|
|
96
|
+
return cutils.bytesToHex(ensureBytes0x(privKey)).padStart(64, '0');
|
|
91
97
|
}
|
|
92
98
|
function getPublicKey0x(privKey, isCompressed) {
|
|
93
99
|
return starkCurve.getPublicKey(normalizePrivateKey(privKey), isCompressed);
|
|
@@ -104,9 +110,9 @@ function verify0x(signature, msgHash, pubKey) {
|
|
|
104
110
|
const sig = signature instanceof Signature ? signature : ensureBytes0x(signature);
|
|
105
111
|
return starkCurve.verify(sig, ensureBytes0x(msgHash), ensureBytes0x(pubKey));
|
|
106
112
|
}
|
|
107
|
-
const { CURVE,
|
|
113
|
+
const { CURVE, ProjectivePoint, Signature } = starkCurve;
|
|
108
114
|
export const utils = starkCurve.utils;
|
|
109
|
-
export { CURVE,
|
|
115
|
+
export { CURVE, Signature, ProjectivePoint, getPublicKey0x as getPublicKey, getSharedSecret0x as getSharedSecret, sign0x as sign, verify0x as verify, };
|
|
110
116
|
const stripLeadingZeros = (s) => s.replace(/^0+/gm, '');
|
|
111
117
|
export const bytesToHexEth = (uint8a) => `0x${stripLeadingZeros(cutils.bytesToHex(uint8a))}`;
|
|
112
118
|
export const strip0x = (hex) => hex.replace(/^0x/i, '');
|
|
@@ -116,18 +122,17 @@ function hashKeyWithIndex(key, index) {
|
|
|
116
122
|
let indexHex = cutils.numberToHexUnpadded(index);
|
|
117
123
|
if (indexHex.length & 1)
|
|
118
124
|
indexHex = '0' + indexHex;
|
|
119
|
-
return
|
|
125
|
+
return sha256Num(cutils.concatBytes(key, hexToBytes0x(indexHex)));
|
|
120
126
|
}
|
|
121
127
|
export function grindKey(seed) {
|
|
122
128
|
const _seed = ensureBytes0x(seed);
|
|
123
129
|
const sha256mask = 2n ** 256n;
|
|
124
|
-
const
|
|
125
|
-
const limit = sha256mask - Fn.create(sha256mask);
|
|
130
|
+
const limit = sha256mask - mod(sha256mask, CURVE_N);
|
|
126
131
|
for (let i = 0;; i++) {
|
|
127
132
|
const key = hashKeyWithIndex(_seed, i);
|
|
128
133
|
// key should be in [0, limit)
|
|
129
134
|
if (key < limit)
|
|
130
|
-
return
|
|
135
|
+
return mod(key, CURVE_N).toString(16);
|
|
131
136
|
}
|
|
132
137
|
}
|
|
133
138
|
export function getStarkKey(privateKey) {
|
|
@@ -142,21 +147,21 @@ export function ethSigToPrivate(signature) {
|
|
|
142
147
|
const MASK_31 = 2n ** 31n - 1n;
|
|
143
148
|
const int31 = (n) => Number(n & MASK_31);
|
|
144
149
|
export function getAccountPath(layer, application, ethereumAddress, index) {
|
|
145
|
-
const layerNum = int31(
|
|
146
|
-
const applicationNum = int31(
|
|
150
|
+
const layerNum = int31(sha256Num(layer));
|
|
151
|
+
const applicationNum = int31(sha256Num(application));
|
|
147
152
|
const eth = hexToNumber0x(ethereumAddress);
|
|
148
153
|
return `m/2645'/${layerNum}'/${applicationNum}'/${int31(eth)}'/${int31(eth >> 31n)}'/${index}`;
|
|
149
154
|
}
|
|
150
155
|
// https://docs.starkware.co/starkex/pedersen-hash-function.html
|
|
151
156
|
const PEDERSEN_POINTS_AFFINE = [
|
|
152
|
-
new
|
|
153
|
-
new
|
|
154
|
-
new
|
|
155
|
-
new
|
|
156
|
-
new
|
|
157
|
+
new ProjectivePoint(2089986280348253421170679821480865132823066470938446095505822317253594081284n, 1713931329540660377023406109199410414810705867260802078187082345529207694986n, 1n),
|
|
158
|
+
new ProjectivePoint(996781205833008774514500082376783249102396023663454813447423147977397232763n, 1668503676786377725805489344771023921079126552019160156920634619255970485781n, 1n),
|
|
159
|
+
new ProjectivePoint(2251563274489750535117886426533222435294046428347329203627021249169616184184n, 1798716007562728905295480679789526322175868328062420237419143593021674992973n, 1n),
|
|
160
|
+
new ProjectivePoint(2138414695194151160943305727036575959195309218611738193261179310511854807447n, 113410276730064486255102093846540133784865286929052426931474106396135072156n, 1n),
|
|
161
|
+
new ProjectivePoint(2379962749567351885752724891227938183011949129833673362440656643086021394946n, 776496453633298175483985398648758586525933812536653089401905292063708816422n, 1n),
|
|
157
162
|
];
|
|
158
163
|
// for (const p of PEDERSEN_POINTS) p._setWindowSize(8);
|
|
159
|
-
const PEDERSEN_POINTS = PEDERSEN_POINTS_AFFINE
|
|
164
|
+
const PEDERSEN_POINTS = PEDERSEN_POINTS_AFFINE;
|
|
160
165
|
function pedersenPrecompute(p1, p2) {
|
|
161
166
|
const out = [];
|
|
162
167
|
let p = p1;
|
|
@@ -195,7 +200,7 @@ function pedersenSingle(point, value, constants) {
|
|
|
195
200
|
let x = pedersenArg(value);
|
|
196
201
|
for (let j = 0; j < 252; j++) {
|
|
197
202
|
const pt = constants[j];
|
|
198
|
-
if (pt.
|
|
203
|
+
if (pt.px === point.px)
|
|
199
204
|
throw new Error('Same point');
|
|
200
205
|
if ((x & 1n) !== 0n)
|
|
201
206
|
point = point.add(pt);
|
|
@@ -208,7 +213,7 @@ export function pedersen(x, y) {
|
|
|
208
213
|
let point = PEDERSEN_POINTS[0];
|
|
209
214
|
point = pedersenSingle(point, x, PEDERSEN_POINTS1);
|
|
210
215
|
point = pedersenSingle(point, y, PEDERSEN_POINTS2);
|
|
211
|
-
return bytesToHexEth(point.
|
|
216
|
+
return bytesToHexEth(point.toRawBytes(true).slice(1));
|
|
212
217
|
}
|
|
213
218
|
export function hashChain(data, fn = pedersen) {
|
|
214
219
|
if (!Array.isArray(data) || data.length < 1)
|
|
@@ -221,5 +226,64 @@ export function hashChain(data, fn = pedersen) {
|
|
|
221
226
|
}
|
|
222
227
|
// Same as hashChain, but computes hash even for single element and order is not revesed
|
|
223
228
|
export const computeHashOnElements = (data, fn = pedersen) => [0, ...data, data.length].reduce((x, y) => fn(x, y));
|
|
224
|
-
const MASK_250 =
|
|
229
|
+
const MASK_250 = cutils.bitMask(250);
|
|
225
230
|
export const keccak = (data) => bytesToNumber0x(keccak_256(data)) & MASK_250;
|
|
231
|
+
const sha256Num = (data) => cutils.bytesToNumberBE(sha256(data));
|
|
232
|
+
// Poseidon hash
|
|
233
|
+
export const Fp253 = Fp(BigInt('14474011154664525231415395255581126252639794253786371766033694892385558855681')); // 2^253 + 2^199 + 1
|
|
234
|
+
export const Fp251 = Fp(BigInt('3618502788666131213697322783095070105623107215331596699973092056135872020481')); // 2^251 + 17 * 2^192 + 1
|
|
235
|
+
function poseidonRoundConstant(Fp, name, idx) {
|
|
236
|
+
const val = Fp.fromBytes(sha256(utf8ToBytes(`${name}${idx}`)));
|
|
237
|
+
return Fp.create(val);
|
|
238
|
+
}
|
|
239
|
+
// NOTE: doesn't check eiginvalues and possible can create unsafe matrix. But any filtration here will break compatibility with starknet
|
|
240
|
+
// Please use only if you really know what you doing.
|
|
241
|
+
// https://eprint.iacr.org/2019/458.pdf Section 2.3 (Avoiding Insecure Matrices)
|
|
242
|
+
export function _poseidonMDS(Fp, name, m, attempt = 0) {
|
|
243
|
+
const x_values = [];
|
|
244
|
+
const y_values = [];
|
|
245
|
+
for (let i = 0; i < m; i++) {
|
|
246
|
+
x_values.push(poseidonRoundConstant(Fp, `${name}x`, attempt * m + i));
|
|
247
|
+
y_values.push(poseidonRoundConstant(Fp, `${name}y`, attempt * m + i));
|
|
248
|
+
}
|
|
249
|
+
if (new Set([...x_values, ...y_values]).size !== 2 * m)
|
|
250
|
+
throw new Error('X and Y values are not distinct');
|
|
251
|
+
return x_values.map((x) => y_values.map((y) => Fp.inv(Fp.sub(x, y))));
|
|
252
|
+
}
|
|
253
|
+
const MDS_SMALL = [
|
|
254
|
+
[3, 1, 1],
|
|
255
|
+
[1, -1, 1],
|
|
256
|
+
[1, 1, -2],
|
|
257
|
+
].map((i) => i.map(BigInt));
|
|
258
|
+
export function poseidonBasic(opts, mds) {
|
|
259
|
+
validateField(opts.Fp);
|
|
260
|
+
if (!Number.isSafeInteger(opts.rate) || !Number.isSafeInteger(opts.capacity))
|
|
261
|
+
throw new Error(`Wrong poseidon opts: ${opts}`);
|
|
262
|
+
const m = opts.rate + opts.capacity;
|
|
263
|
+
const rounds = opts.roundsFull + opts.roundsPartial;
|
|
264
|
+
const roundConstants = [];
|
|
265
|
+
for (let i = 0; i < rounds; i++) {
|
|
266
|
+
const row = [];
|
|
267
|
+
for (let j = 0; j < m; j++)
|
|
268
|
+
row.push(poseidonRoundConstant(opts.Fp, 'Hades', m * i + j));
|
|
269
|
+
roundConstants.push(row);
|
|
270
|
+
}
|
|
271
|
+
return poseidon.poseidon({
|
|
272
|
+
...opts,
|
|
273
|
+
t: m,
|
|
274
|
+
sboxPower: 3,
|
|
275
|
+
reversePartialPowIdx: true,
|
|
276
|
+
mds,
|
|
277
|
+
roundConstants,
|
|
278
|
+
});
|
|
279
|
+
}
|
|
280
|
+
export function poseidonCreate(opts, mdsAttempt = 0) {
|
|
281
|
+
const m = opts.rate + opts.capacity;
|
|
282
|
+
if (!Number.isSafeInteger(mdsAttempt))
|
|
283
|
+
throw new Error(`Wrong mdsAttempt=${mdsAttempt}`);
|
|
284
|
+
return poseidonBasic(opts, _poseidonMDS(opts.Fp, 'HadesMDS', m, mdsAttempt));
|
|
285
|
+
}
|
|
286
|
+
export const poseidonSmall = poseidonBasic({ Fp: Fp251, rate: 2, capacity: 1, roundsFull: 8, roundsPartial: 83 }, MDS_SMALL);
|
|
287
|
+
export function poseidonHash(x, y, fn = poseidonSmall) {
|
|
288
|
+
return fn([x, y, 2n])[0];
|
|
289
|
+
}
|
package/lib/jubjub.d.ts
CHANGED
|
@@ -4,5 +4,5 @@
|
|
|
4
4
|
* jubjub does not use EdDSA, so `hash`/sha512 params are passed because interface expects them.
|
|
5
5
|
*/
|
|
6
6
|
export declare const jubjub: import("./abstract/edwards.js").CurveFn;
|
|
7
|
-
export declare function groupHash(tag: Uint8Array, personalization: Uint8Array): import("./abstract/edwards.js").
|
|
8
|
-
export declare function findGroupHash(m: Uint8Array, personalization: Uint8Array): import("./abstract/edwards.js").
|
|
7
|
+
export declare function groupHash(tag: Uint8Array, personalization: Uint8Array): import("./abstract/edwards.js").ExtPointType;
|
|
8
|
+
export declare function findGroupHash(m: Uint8Array, personalization: Uint8Array): import("./abstract/edwards.js").ExtPointType;
|
package/lib/jubjub.js
CHANGED
|
@@ -36,7 +36,7 @@ function groupHash(tag, personalization) {
|
|
|
36
36
|
h.update(GH_FIRST_BLOCK);
|
|
37
37
|
h.update(tag);
|
|
38
38
|
// NOTE: returns ExtendedPoint, in case it will be multiplied later
|
|
39
|
-
let p = exports.jubjub.ExtendedPoint.
|
|
39
|
+
let p = exports.jubjub.ExtendedPoint.fromHex(h.digest());
|
|
40
40
|
// NOTE: cannot replace with isSmallOrder, returns Point*8
|
|
41
41
|
p = p.multiply(exports.jubjub.CURVE.h);
|
|
42
42
|
if (p.equals(exports.jubjub.ExtendedPoint.ZERO))
|
package/lib/p192.d.ts
CHANGED
|
@@ -23,37 +23,26 @@ export declare const P192: Readonly<{
|
|
|
23
23
|
k2: bigint;
|
|
24
24
|
};
|
|
25
25
|
} | undefined;
|
|
26
|
-
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").
|
|
27
|
-
readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").
|
|
28
|
-
readonly htfDefaults?: import("./abstract/hash-to-curve.js").htfOpts | undefined;
|
|
29
|
-
readonly mapToCurve?: ((scalar: bigint[]) => {
|
|
30
|
-
x: bigint;
|
|
31
|
-
y: bigint;
|
|
32
|
-
}) | undefined;
|
|
26
|
+
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined;
|
|
27
|
+
readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined;
|
|
33
28
|
lowS: boolean;
|
|
34
29
|
readonly hash: import("./abstract/utils.js").CHash;
|
|
35
30
|
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
|
|
36
31
|
readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
|
|
37
|
-
readonly
|
|
32
|
+
readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
|
|
33
|
+
readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
|
|
38
34
|
}>;
|
|
39
35
|
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
|
|
40
|
-
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/
|
|
36
|
+
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean | undefined) => Uint8Array;
|
|
41
37
|
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
} | undefined) => boolean;
|
|
46
|
-
|
|
47
|
-
ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
|
|
38
|
+
verify: (signature: import("./abstract/utils.js").Hex | {
|
|
39
|
+
r: bigint;
|
|
40
|
+
s: bigint;
|
|
41
|
+
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts | undefined) => boolean;
|
|
42
|
+
ProjectivePoint: import("./abstract/weierstrass.js").ProjConstructor<bigint>;
|
|
48
43
|
Signature: import("./abstract/weierstrass.js").SignatureConstructor;
|
|
49
44
|
utils: {
|
|
50
|
-
_bigintToBytes: (num: bigint) => Uint8Array;
|
|
51
|
-
_bigintToString: (num: bigint) => string;
|
|
52
45
|
_normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;
|
|
53
|
-
_normalizePublicKey: (publicKey: import("./abstract/weierstrass.js").PubKey) => import("./abstract/weierstrass.js").PointType<bigint>;
|
|
54
|
-
_isWithinCurveOrder: (num: bigint) => boolean;
|
|
55
|
-
_isValidFieldElement: (num: bigint) => boolean;
|
|
56
|
-
_weierstrassEquation: (x: bigint) => bigint;
|
|
57
46
|
isValidPrivateKey(privateKey: import("./abstract/utils.js").PrivKey): boolean;
|
|
58
47
|
hashToPrivateKey: (hash: import("./abstract/utils.js").Hex) => Uint8Array;
|
|
59
48
|
randomPrivateKey: () => Uint8Array;
|
|
@@ -84,37 +73,26 @@ export declare const secp192r1: Readonly<{
|
|
|
84
73
|
k2: bigint;
|
|
85
74
|
};
|
|
86
75
|
} | undefined;
|
|
87
|
-
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").
|
|
88
|
-
readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").
|
|
89
|
-
readonly htfDefaults?: import("./abstract/hash-to-curve.js").htfOpts | undefined;
|
|
90
|
-
readonly mapToCurve?: ((scalar: bigint[]) => {
|
|
91
|
-
x: bigint;
|
|
92
|
-
y: bigint;
|
|
93
|
-
}) | undefined;
|
|
76
|
+
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined;
|
|
77
|
+
readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined;
|
|
94
78
|
lowS: boolean;
|
|
95
79
|
readonly hash: import("./abstract/utils.js").CHash;
|
|
96
80
|
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
|
|
97
81
|
readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
|
|
98
|
-
readonly
|
|
82
|
+
readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
|
|
83
|
+
readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
|
|
99
84
|
}>;
|
|
100
85
|
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
|
|
101
|
-
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/
|
|
86
|
+
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean | undefined) => Uint8Array;
|
|
102
87
|
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
} | undefined) => boolean;
|
|
107
|
-
|
|
108
|
-
ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
|
|
88
|
+
verify: (signature: import("./abstract/utils.js").Hex | {
|
|
89
|
+
r: bigint;
|
|
90
|
+
s: bigint;
|
|
91
|
+
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts | undefined) => boolean;
|
|
92
|
+
ProjectivePoint: import("./abstract/weierstrass.js").ProjConstructor<bigint>;
|
|
109
93
|
Signature: import("./abstract/weierstrass.js").SignatureConstructor;
|
|
110
94
|
utils: {
|
|
111
|
-
_bigintToBytes: (num: bigint) => Uint8Array;
|
|
112
|
-
_bigintToString: (num: bigint) => string;
|
|
113
95
|
_normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;
|
|
114
|
-
_normalizePublicKey: (publicKey: import("./abstract/weierstrass.js").PubKey) => import("./abstract/weierstrass.js").PointType<bigint>;
|
|
115
|
-
_isWithinCurveOrder: (num: bigint) => boolean;
|
|
116
|
-
_isValidFieldElement: (num: bigint) => boolean;
|
|
117
|
-
_weierstrassEquation: (x: bigint) => bigint;
|
|
118
96
|
isValidPrivateKey(privateKey: import("./abstract/utils.js").PrivKey): boolean;
|
|
119
97
|
hashToPrivateKey: (hash: import("./abstract/utils.js").Hex) => Uint8Array;
|
|
120
98
|
randomPrivateKey: () => Uint8Array;
|
package/lib/p224.d.ts
CHANGED
|
@@ -23,37 +23,26 @@ export declare const P224: Readonly<{
|
|
|
23
23
|
k2: bigint;
|
|
24
24
|
};
|
|
25
25
|
} | undefined;
|
|
26
|
-
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").
|
|
27
|
-
readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").
|
|
28
|
-
readonly htfDefaults?: import("./abstract/hash-to-curve.js").htfOpts | undefined;
|
|
29
|
-
readonly mapToCurve?: ((scalar: bigint[]) => {
|
|
30
|
-
x: bigint;
|
|
31
|
-
y: bigint;
|
|
32
|
-
}) | undefined;
|
|
26
|
+
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined;
|
|
27
|
+
readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined;
|
|
33
28
|
lowS: boolean;
|
|
34
29
|
readonly hash: import("./abstract/utils.js").CHash;
|
|
35
30
|
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
|
|
36
31
|
readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
|
|
37
|
-
readonly
|
|
32
|
+
readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
|
|
33
|
+
readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
|
|
38
34
|
}>;
|
|
39
35
|
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
|
|
40
|
-
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/
|
|
36
|
+
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean | undefined) => Uint8Array;
|
|
41
37
|
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
} | undefined) => boolean;
|
|
46
|
-
|
|
47
|
-
ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
|
|
38
|
+
verify: (signature: import("./abstract/utils.js").Hex | {
|
|
39
|
+
r: bigint;
|
|
40
|
+
s: bigint;
|
|
41
|
+
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts | undefined) => boolean;
|
|
42
|
+
ProjectivePoint: import("./abstract/weierstrass.js").ProjConstructor<bigint>;
|
|
48
43
|
Signature: import("./abstract/weierstrass.js").SignatureConstructor;
|
|
49
44
|
utils: {
|
|
50
|
-
_bigintToBytes: (num: bigint) => Uint8Array;
|
|
51
|
-
_bigintToString: (num: bigint) => string;
|
|
52
45
|
_normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;
|
|
53
|
-
_normalizePublicKey: (publicKey: import("./abstract/weierstrass.js").PubKey) => import("./abstract/weierstrass.js").PointType<bigint>;
|
|
54
|
-
_isWithinCurveOrder: (num: bigint) => boolean;
|
|
55
|
-
_isValidFieldElement: (num: bigint) => boolean;
|
|
56
|
-
_weierstrassEquation: (x: bigint) => bigint;
|
|
57
46
|
isValidPrivateKey(privateKey: import("./abstract/utils.js").PrivKey): boolean;
|
|
58
47
|
hashToPrivateKey: (hash: import("./abstract/utils.js").Hex) => Uint8Array;
|
|
59
48
|
randomPrivateKey: () => Uint8Array;
|
|
@@ -84,37 +73,26 @@ export declare const secp224r1: Readonly<{
|
|
|
84
73
|
k2: bigint;
|
|
85
74
|
};
|
|
86
75
|
} | undefined;
|
|
87
|
-
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").
|
|
88
|
-
readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").
|
|
89
|
-
readonly htfDefaults?: import("./abstract/hash-to-curve.js").htfOpts | undefined;
|
|
90
|
-
readonly mapToCurve?: ((scalar: bigint[]) => {
|
|
91
|
-
x: bigint;
|
|
92
|
-
y: bigint;
|
|
93
|
-
}) | undefined;
|
|
76
|
+
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined;
|
|
77
|
+
readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined;
|
|
94
78
|
lowS: boolean;
|
|
95
79
|
readonly hash: import("./abstract/utils.js").CHash;
|
|
96
80
|
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
|
|
97
81
|
readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
|
|
98
|
-
readonly
|
|
82
|
+
readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
|
|
83
|
+
readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
|
|
99
84
|
}>;
|
|
100
85
|
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
|
|
101
|
-
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/
|
|
86
|
+
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean | undefined) => Uint8Array;
|
|
102
87
|
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
} | undefined) => boolean;
|
|
107
|
-
|
|
108
|
-
ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
|
|
88
|
+
verify: (signature: import("./abstract/utils.js").Hex | {
|
|
89
|
+
r: bigint;
|
|
90
|
+
s: bigint;
|
|
91
|
+
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts | undefined) => boolean;
|
|
92
|
+
ProjectivePoint: import("./abstract/weierstrass.js").ProjConstructor<bigint>;
|
|
109
93
|
Signature: import("./abstract/weierstrass.js").SignatureConstructor;
|
|
110
94
|
utils: {
|
|
111
|
-
_bigintToBytes: (num: bigint) => Uint8Array;
|
|
112
|
-
_bigintToString: (num: bigint) => string;
|
|
113
95
|
_normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;
|
|
114
|
-
_normalizePublicKey: (publicKey: import("./abstract/weierstrass.js").PubKey) => import("./abstract/weierstrass.js").PointType<bigint>;
|
|
115
|
-
_isWithinCurveOrder: (num: bigint) => boolean;
|
|
116
|
-
_isValidFieldElement: (num: bigint) => boolean;
|
|
117
|
-
_weierstrassEquation: (x: bigint) => bigint;
|
|
118
96
|
isValidPrivateKey(privateKey: import("./abstract/utils.js").PrivKey): boolean;
|
|
119
97
|
hashToPrivateKey: (hash: import("./abstract/utils.js").Hex) => Uint8Array;
|
|
120
98
|
randomPrivateKey: () => Uint8Array;
|
package/lib/p256.d.ts
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import * as htf from './abstract/hash-to-curve.js';
|
|
1
2
|
export declare const P256: Readonly<{
|
|
2
3
|
create: (hash: import("./abstract/utils.js").CHash) => import("./abstract/weierstrass.js").CurveFn;
|
|
3
4
|
CURVE: Readonly<{
|
|
@@ -23,37 +24,26 @@ export declare const P256: Readonly<{
|
|
|
23
24
|
k2: bigint;
|
|
24
25
|
};
|
|
25
26
|
} | undefined;
|
|
26
|
-
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").
|
|
27
|
-
readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").
|
|
28
|
-
readonly htfDefaults?: import("./abstract/hash-to-curve.js").htfOpts | undefined;
|
|
29
|
-
readonly mapToCurve?: ((scalar: bigint[]) => {
|
|
30
|
-
x: bigint;
|
|
31
|
-
y: bigint;
|
|
32
|
-
}) | undefined;
|
|
27
|
+
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined;
|
|
28
|
+
readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined;
|
|
33
29
|
lowS: boolean;
|
|
34
30
|
readonly hash: import("./abstract/utils.js").CHash;
|
|
35
31
|
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
|
|
36
32
|
readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
|
|
37
|
-
readonly
|
|
33
|
+
readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
|
|
34
|
+
readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
|
|
38
35
|
}>;
|
|
39
36
|
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
|
|
40
|
-
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/
|
|
37
|
+
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean | undefined) => Uint8Array;
|
|
41
38
|
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
} | undefined) => boolean;
|
|
46
|
-
|
|
47
|
-
ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
|
|
39
|
+
verify: (signature: import("./abstract/utils.js").Hex | {
|
|
40
|
+
r: bigint;
|
|
41
|
+
s: bigint;
|
|
42
|
+
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts | undefined) => boolean;
|
|
43
|
+
ProjectivePoint: import("./abstract/weierstrass.js").ProjConstructor<bigint>;
|
|
48
44
|
Signature: import("./abstract/weierstrass.js").SignatureConstructor;
|
|
49
45
|
utils: {
|
|
50
|
-
_bigintToBytes: (num: bigint) => Uint8Array;
|
|
51
|
-
_bigintToString: (num: bigint) => string;
|
|
52
46
|
_normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;
|
|
53
|
-
_normalizePublicKey: (publicKey: import("./abstract/weierstrass.js").PubKey) => import("./abstract/weierstrass.js").PointType<bigint>;
|
|
54
|
-
_isWithinCurveOrder: (num: bigint) => boolean;
|
|
55
|
-
_isValidFieldElement: (num: bigint) => boolean;
|
|
56
|
-
_weierstrassEquation: (x: bigint) => bigint;
|
|
57
47
|
isValidPrivateKey(privateKey: import("./abstract/utils.js").PrivKey): boolean;
|
|
58
48
|
hashToPrivateKey: (hash: import("./abstract/utils.js").Hex) => Uint8Array;
|
|
59
49
|
randomPrivateKey: () => Uint8Array;
|
|
@@ -84,39 +74,30 @@ export declare const secp256r1: Readonly<{
|
|
|
84
74
|
k2: bigint;
|
|
85
75
|
};
|
|
86
76
|
} | undefined;
|
|
87
|
-
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").
|
|
88
|
-
readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").
|
|
89
|
-
readonly htfDefaults?: import("./abstract/hash-to-curve.js").htfOpts | undefined;
|
|
90
|
-
readonly mapToCurve?: ((scalar: bigint[]) => {
|
|
91
|
-
x: bigint;
|
|
92
|
-
y: bigint;
|
|
93
|
-
}) | undefined;
|
|
77
|
+
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined;
|
|
78
|
+
readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined;
|
|
94
79
|
lowS: boolean;
|
|
95
80
|
readonly hash: import("./abstract/utils.js").CHash;
|
|
96
81
|
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
|
|
97
82
|
readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
|
|
98
|
-
readonly
|
|
83
|
+
readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
|
|
84
|
+
readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
|
|
99
85
|
}>;
|
|
100
86
|
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
|
|
101
|
-
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/
|
|
87
|
+
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean | undefined) => Uint8Array;
|
|
102
88
|
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
} | undefined) => boolean;
|
|
107
|
-
|
|
108
|
-
ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
|
|
89
|
+
verify: (signature: import("./abstract/utils.js").Hex | {
|
|
90
|
+
r: bigint;
|
|
91
|
+
s: bigint;
|
|
92
|
+
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts | undefined) => boolean;
|
|
93
|
+
ProjectivePoint: import("./abstract/weierstrass.js").ProjConstructor<bigint>;
|
|
109
94
|
Signature: import("./abstract/weierstrass.js").SignatureConstructor;
|
|
110
95
|
utils: {
|
|
111
|
-
_bigintToBytes: (num: bigint) => Uint8Array;
|
|
112
|
-
_bigintToString: (num: bigint) => string;
|
|
113
96
|
_normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;
|
|
114
|
-
_normalizePublicKey: (publicKey: import("./abstract/weierstrass.js").PubKey) => import("./abstract/weierstrass.js").PointType<bigint>;
|
|
115
|
-
_isWithinCurveOrder: (num: bigint) => boolean;
|
|
116
|
-
_isValidFieldElement: (num: bigint) => boolean;
|
|
117
|
-
_weierstrassEquation: (x: bigint) => bigint;
|
|
118
97
|
isValidPrivateKey(privateKey: import("./abstract/utils.js").PrivKey): boolean;
|
|
119
98
|
hashToPrivateKey: (hash: import("./abstract/utils.js").Hex) => Uint8Array;
|
|
120
99
|
randomPrivateKey: () => Uint8Array;
|
|
121
100
|
};
|
|
122
101
|
}>;
|
|
102
|
+
declare const hashToCurve: (msg: import("./abstract/utils.js").Hex, options?: htf.htfBasicOpts | undefined) => htf.H2CPoint<bigint>, encodeToCurve: (msg: import("./abstract/utils.js").Hex, options?: htf.htfBasicOpts | undefined) => htf.H2CPoint<bigint>;
|
|
103
|
+
export { hashToCurve, encodeToCurve };
|
package/lib/p256.js
CHANGED
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.secp256r1 = exports.P256 = void 0;
|
|
3
|
+
exports.encodeToCurve = exports.hashToCurve = exports.secp256r1 = exports.P256 = void 0;
|
|
4
4
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
5
5
|
const _shortw_utils_js_1 = require("./_shortw_utils.js");
|
|
6
6
|
const sha256_1 = require("@noble/hashes/sha256");
|
|
7
7
|
const modular_js_1 = require("./abstract/modular.js");
|
|
8
8
|
const weierstrass_js_1 = require("./abstract/weierstrass.js");
|
|
9
|
+
const htf = require("./abstract/hash-to-curve.js");
|
|
9
10
|
// NIST secp256r1 aka P256
|
|
10
11
|
// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256
|
|
11
12
|
// Field over which we'll do calculations; 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n
|
|
@@ -29,14 +30,16 @@ exports.P256 = (0, _shortw_utils_js_1.createCurve)({
|
|
|
29
30
|
Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'),
|
|
30
31
|
h: BigInt(1),
|
|
31
32
|
lowS: false,
|
|
32
|
-
mapToCurve: (scalars) => mapSWU(scalars[0]),
|
|
33
|
-
htfDefaults: {
|
|
34
|
-
DST: 'P256_XMD:SHA-256_SSWU_RO_',
|
|
35
|
-
p: Fp.ORDER,
|
|
36
|
-
m: 1,
|
|
37
|
-
k: 128,
|
|
38
|
-
expand: 'xmd',
|
|
39
|
-
hash: sha256_1.sha256,
|
|
40
|
-
},
|
|
41
33
|
}, sha256_1.sha256);
|
|
42
34
|
exports.secp256r1 = exports.P256;
|
|
35
|
+
const { hashToCurve, encodeToCurve } = htf.hashToCurve(exports.secp256r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {
|
|
36
|
+
DST: 'P256_XMD:SHA-256_SSWU_RO_',
|
|
37
|
+
encodeDST: 'P256_XMD:SHA-256_SSWU_NU_',
|
|
38
|
+
p: Fp.ORDER,
|
|
39
|
+
m: 1,
|
|
40
|
+
k: 128,
|
|
41
|
+
expand: 'xmd',
|
|
42
|
+
hash: sha256_1.sha256,
|
|
43
|
+
});
|
|
44
|
+
exports.hashToCurve = hashToCurve;
|
|
45
|
+
exports.encodeToCurve = encodeToCurve;
|