@noble/curves 0.6.0 → 0.6.2

package/lib/esm/abstract/weierstrass.js

@@ -3,23 +3,24 @@
 import * as mod from './modular.js';
 import * as ut from './utils.js';
 import { ensureBytes } from './utils.js';
-import { wNAF, validateAbsOpts, } from './curve.js';
+import { wNAF, validateBasic } from './curve.js';
 function validatePointOpts(curve) {
-    const opts = validateAbsOpts(curve);
-    const Fp = opts.Fp;
-    for (const i of ['a', 'b']) {
-        if (!Fp.isValid(curve[i]))
-            throw new Error(`Invalid curve param ${i}=${opts[i]} (${typeof opts[i]})`);
-    }
-    for (const i of ['isTorsionFree', 'clearCofactor']) {
-        if (curve[i] === undefined)
-            continue; // Optional
-        if (typeof curve[i] !== 'function')
-            throw new Error(`Invalid ${i} function`);
-    }
-    const endo = opts.endo;
+    const opts = validateBasic(curve);
+    ut.validateObject(opts, {
+        a: 'field',
+        b: 'field',
+        fromBytes: 'function',
+        toBytes: 'function',
+    }, {
+        allowedPrivateKeyLengths: 'array',
+        wrapPrivateKey: 'boolean',
+        isTorsionFree: 'function',
+        clearCofactor: 'function',
+        allowInfinityPoint: 'boolean',
+    });
+    const { endo, Fp, a } = opts;
     if (endo) {
-        if (!Fp.eql(opts.a, Fp.ZERO)) {
+        if (!Fp.eql(a, Fp.ZERO)) {
             throw new Error('Endomorphism can only be defined for Koblitz curves that have a=0');
         }
         if (typeof endo !== 'object' ||
@@ -28,11 +29,6 @@ function validatePointOpts(curve) {
             throw new Error('Expected endomorphism with beta: bigint and splitScalar: function');
         }
     }
-    if (typeof opts.fromBytes !== 'function')
-        throw new Error('Invalid fromBytes function');
-    if (typeof opts.toBytes !== 'function')
-        throw new Error('Invalid fromBytes function');
-    // Set defaults
     return Object.freeze({ ...opts });
 }
 // ASN.1 DER encoding utilities
@@ -113,39 +109,28 @@ export function weierstrassPoints(opts) {
         if (!isWithinCurveOrder(num))
             throw new Error('Expected valid bigint: 0 < bigint < curve.n');
     }
-    /**
-     * Validates if a private key is valid and converts it to bigint form.
-     * Supports two options, that are passed when CURVE is initialized:
-     * - `normalizePrivateKey()` executed before all checks
-     * - `wrapPrivateKey` when true, executed after most checks, but before `0 < key < n`
-     */
+    // Validates if priv key is valid and converts it to bigint.
+    // Supports options CURVE.normalizePrivateKey and CURVE.wrapPrivateKey.
     function normalizePrivateKey(key) {
-        const { normalizePrivateKey: custom, nByteLength: groupLen, wrapPrivateKey, n } = CURVE;
-        if (typeof custom === 'function')
-            key = custom(key);
-        let num;
-        if (typeof key === 'bigint') {
-            // Curve order check is done below
-            num = key;
+        const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n } = CURVE;
+        if (lengths && typeof key !== 'bigint') {
+            if (key instanceof Uint8Array)
+                key = ut.bytesToHex(key);
+            // Normalize to hex string, pad. E.g. P521 would norm 130-132 char hex to 132-char bytes
+            if (typeof key !== 'string' || !lengths.includes(key.length))
+                throw new Error('Invalid key');
+            key = key.padStart(nByteLength * 2, '0');
         }
-        else if (typeof key === 'string') {
-            if (key.length !== 2 * groupLen)
-                throw new Error(`must be ${groupLen} bytes`);
-            // Validates individual octets
-            num = ut.bytesToNumberBE(ensureBytes(key));
-        }
-        else if (key instanceof Uint8Array) {
-            if (key.length !== groupLen)
-                throw new Error(`must be ${groupLen} bytes`);
-            num = ut.bytesToNumberBE(key);
+        let num;
+        try {
+            num = typeof key === 'bigint' ? key : ut.bytesToNumberBE(ensureBytes(key, nByteLength));
         }
-        else {
-            throw new Error('private key must be bytes, hex or bigint, not ' + typeof key);
+        catch (error) {
+            throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`);
         }
-        // Useful for curves with cofactor != 1
         if (wrapPrivateKey)
-            num = mod.mod(num, n);
-        assertGE(num);
+            num = mod.mod(num, n); // disabled by default, enabled for BLS
+        assertGE(num); // num in range [1..N-1]
         return num;
     }
     const pointPrecomputes = new Map();
@@ -170,6 +155,8 @@ export function weierstrassPoints(opts) {
             if (pz == null || !Fp.isValid(pz))
                 throw new Error('z required');
         }
+        // Does not validate if the point is on-curve.
+        // Use fromHex instead, or call assertValidity() later.
         static fromAffine(p) {
             const { x, y } = p || {};
             if (!p || !Fp.isValid(x) || !Fp.isValid(y))
@@ -499,14 +486,16 @@ export function weierstrassPoints(opts) {
     };
 }
 function validateOpts(curve) {
-    const opts = validateAbsOpts(curve);
-    if (typeof opts.hash !== 'function' || !Number.isSafeInteger(opts.hash.outputLen))
-        throw new Error('Invalid hash function');
-    if (typeof opts.hmac !== 'function')
-        throw new Error('Invalid hmac function');
-    if (typeof opts.randomBytes !== 'function')
-        throw new Error('Invalid randomBytes function');
-    // Set defaults
+    const opts = validateBasic(curve);
+    ut.validateObject(opts, {
+        hash: 'hash',
+        hmac: 'function',
+        randomBytes: 'function',
+    }, {
+        bits2int: 'function',
+        bits2int_modN: 'function',
+        lowS: 'boolean',
+    });
     return Object.freeze({ lowS: true, ...opts });
 }
 const u8n = (data) => new Uint8Array(data); // creates Uint8Array
@@ -615,7 +604,7 @@ export function weierstrass(curveDef) {
                 return { x, y };
             }
             else {
-                throw new Error(`Point.fromHex: received invalid point. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes, not ${len}`);
+                throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`);
             }
         },
     });
@@ -677,7 +666,7 @@ export function weierstrass(curveDef) {
             const ir = invN(radj); // r^-1
             const u1 = modN(-h * ir); // -hr^-1
             const u2 = modN(s * ir); // sr^-1
-            const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2); //  (sr^-1)R-(hr^-1)G = -(hr^-1)G + (sr^-1)
+            const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2); // (sr^-1)R-(hr^-1)G = -(hr^-1)G + (sr^-1)
             if (!Q)
                 throw new Error('point at infinify'); // unsafe is fine: no priv data leaked
             Q.assertValidity();
@@ -800,9 +789,10 @@ export function weierstrass(curveDef) {
     const ORDER_MASK = ut.bitMask(CURVE.nBitLength);
     function int2octets(num) {
         if (typeof num !== 'bigint')
-            throw new Error('Expected bigint');
+            throw new Error('bigint expected');
         if (!(_0n <= num && num < ORDER_MASK))
-            throw new Error(`Expected number < 2^${CURVE.nBitLength}`);
+            // n in [0..ORDER_MASK-1]
+            throw new Error(`bigint expected < 2^${CURVE.nBitLength}`);
         // works with order, can have different size than numToField!
         return ut.numberToBytesBE(num, CURVE.nByteLength);
     }
@@ -812,6 +802,7 @@ export function weierstrass(curveDef) {
     // NOTE: we cannot assume here that msgHash has same amount of bytes as curve order, this will be wrong at least for P521.
     // Also it can be bigger for P224 + SHA256
     function prepSig(msgHash, privateKey, opts = defaultSigOpts) {
+        const { hash, randomBytes } = CURVE;
         if (msgHash == null)
             throw new Error(`sign: expected valid message hash, not "${msgHash}"`);
         if (['recovered', 'canonical'].some((k) => k in opts))
@@ -819,28 +810,20 @@ export function weierstrass(curveDef) {
             throw new Error('sign() legacy options not supported');
         let { lowS, prehash, extraEntropy: ent } = opts; // generates low-s sigs by default
         if (prehash)
-            msgHash = CURVE.hash(ensureBytes(msgHash));
+            msgHash = hash(ensureBytes(msgHash));
         if (lowS == null)
-            lowS = true; // RFC6979 3.2: we skip step A, because
-        // Step A is ignored, since we already provide hash instead of msg
-        // NOTE: instead of bits2int, we calling here truncateHash, since we need
-        // custom truncation for stark. For other curves it is essentially same as calling bits2int + mod
-        // However, we cannot later call bits2octets (which is truncateHash + int2octets), since nested bits2int is broken
-        // for curves where nBitLength % 8 !== 0, so we unwrap it here as int2octets call.
-        // const bits2octets = (bits)=>int2octets(bytesToNumberBE(truncateHash(bits)))
+            lowS = true; // RFC6979 3.2: we skip step A, because we already provide hash
+        // We can't later call bits2octets, since nested bits2int is broken for curves
+        // with nBitLength % 8 !== 0. Because of that, we unwrap it here as int2octets call.
+        // const bits2octets = (bits) => int2octets(bits2int_modN(bits))
         const h1int = bits2int_modN(ensureBytes(msgHash));
-        const h1octets = int2octets(h1int);
-        const d = normalizePrivateKey(privateKey);
-        // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k')
-        const seedArgs = [int2octets(d), h1octets];
+        const d = normalizePrivateKey(privateKey); // validate private key, convert to bigint
+        const seedArgs = [int2octets(d), int2octets(h1int)];
+        // extraEntropy. RFC6979 3.6: additional k' (optional).
         if (ent != null) {
-            // RFC6979 3.6: additional k' (optional)
-            if (ent === true)
-                ent = CURVE.randomBytes(Fp.BYTES);
-            const e = ensureBytes(ent);
-            if (e.length !== Fp.BYTES)
-                throw new Error(`sign: Expected ${Fp.BYTES} bytes of extra data`);
-            seedArgs.push(e);
+            // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k')
+            // Either pass as-is, or generate random bytes. Then validate for being ui8a of size BYTES
+            seedArgs.push(ensureBytes(ent === true ? randomBytes(Fp.BYTES) : ent, Fp.BYTES));
         }
         const seed = ut.concatBytes(...seedArgs); // Step D of RFC6979 3.2
         const m = h1int; // NOTE: no need to call bits2int second time here, it is inside truncateHash!
@@ -950,7 +933,6 @@ export function weierstrass(curveDef) {
         getSharedSecret,
         sign,
         verify,
-        // Point,
         ProjectivePoint: Point,
         Signature,
         utils,

package/lib/esm/p224.js

@@ -8,7 +8,7 @@ export const P224 = createCurve({
     // Params: a, b
     a: BigInt('0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe'),
     b: BigInt('0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4'),
-    // Field over which we'll do calculations; 2n**224n - 2n**96n + 1n
+    // Field over which we'll do calculations;
     Fp: Fp(BigInt('0xffffffffffffffffffffffffffffffff000000000000000000000001')),
     // Curve order, total count of valid points in the field
     n: BigInt('0xffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d'),

package/lib/esm/p521.js

@@ -1,7 +1,6 @@
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 import { createCurve } from './_shortw_utils.js';
 import { sha512 } from '@noble/hashes/sha512';
-import { bytesToHex } from './abstract/utils.js';
 import { Fp as Field } from './abstract/modular.js';
 import { mapToCurveSimpleSWU } from './abstract/weierstrass.js';
 import * as htf from './abstract/hash-to-curve.js';
@@ -33,18 +32,7 @@ export const P521 = createCurve({
     Gy: BigInt('0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'),
     h: BigInt(1),
     lowS: false,
-    // P521 keys could be 130, 131, 132 bytes. We normalize to 132 bytes.
-    // Does not replace validation; invalid keys would still be rejected.
-    normalizePrivateKey(key) {
-        if (typeof key === 'bigint')
-            return key;
-        if (key instanceof Uint8Array)
-            key = bytesToHex(key);
-        if (typeof key !== 'string' || !([130, 131, 132].includes(key.length))) {
-            throw new Error('Invalid key');
-        }
-        return key.padStart(66 * 2, '0'); // ensure it's always 132 bytes
-    },
+    allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b
 }, sha512);
 export const secp521r1 = P521;
 const { hashToCurve, encodeToCurve } = htf.hashToCurve(secp521r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {

package/lib/esm/secp256k1.js

@@ -3,7 +3,7 @@ import { sha256 } from '@noble/hashes/sha256';
 import { Fp as Field, mod, pow2 } from './abstract/modular.js';
 import { createCurve } from './_shortw_utils.js';
 import { mapToCurveSimpleSWU } from './abstract/weierstrass.js';
-import { ensureBytes, concatBytes, bytesToNumberBE as bytesToNum, numberToBytesBE, } from './abstract/utils.js';
+import { ensureBytes, concatBytes, bytesToNumberBE as bytesToInt, numberToBytesBE, } from './abstract/utils.js';
 import { randomBytes } from '@noble/hashes/utils';
 import * as htf from './abstract/hash-to-curve.js';
 /**
@@ -112,20 +112,17 @@ function taggedHash(tag, ...messages) {
     }
     return sha256(concatBytes(tagP, ...messages));
 }
-const toRawX = (point) => point.toRawBytes(true).slice(1);
+const pointToBytes = (point) => point.toRawBytes(true).slice(1);
 const numTo32b = (n) => numberToBytesBE(n, 32);
 const modN = (x) => mod(x, secp256k1N);
-const _Point = secp256k1.ProjectivePoint;
-const Gmul = (priv) => _Point.fromPrivateKey(priv);
-const GmulAdd = (Q, a, b) => _Point.BASE.multiplyAndAddUnsafe(Q, a, b);
-function schnorrGetScalar(priv) {
-    // Let d' = int(sk)
-    // Fail if d' = 0 or d' ≥ n
-    // Let P = d'⋅G
-    // Let d = d' if has_even_y(P), otherwise let d = n - d' .
-    const point = Gmul(priv);
-    const scalar = point.hasEvenY() ? priv : modN(-priv);
-    return { point, scalar, x: toRawX(point) };
+const Point = secp256k1.ProjectivePoint;
+const GmulAdd = (Q, a, b) => Point.BASE.multiplyAndAddUnsafe(Q, a, b);
+const hex32ToInt = (key) => bytesToInt(ensureBytes(key, 32));
+function schnorrGetExtPubKey(priv) {
+    let d = typeof priv === 'bigint' ? priv : hex32ToInt(priv);
+    const point = Point.fromPrivateKey(d); // P = d'⋅G; 0 < d' < n check is done inside
+    const scalar = point.hasEvenY() ? d : modN(-d); // d = d' if has_even_y(P), otherwise d = n-d'
+    return { point, scalar, bytes: pointToBytes(point) };
 }
 function lift_x(x) {
     if (!fe(x))
@@ -134,37 +131,31 @@ function lift_x(x) {
     let y = sqrtMod(c); // Let y = c^(p+1)/4 mod p.
     if (y % 2n !== 0n)
         y = mod(-y, secp256k1P); // Return the unique point P such that x(P) = x and
-    const p = new _Point(x, y, _1n); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.
+    const p = new Point(x, y, _1n); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.
     p.assertValidity();
     return p;
 }
 function challenge(...args) {
-    return modN(bytesToNum(taggedHash(TAGS.challenge, ...args)));
+    return modN(bytesToInt(taggedHash(TAGS.challenge, ...args)));
 }
+// Schnorr's pubkey is just `x` of Point (BIP340)
 function schnorrGetPublicKey(privateKey) {
-    return toRawX(Gmul(privateKey)); // Let d' = int(sk). Fail if d' = 0 or d' ≥ n. Return bytes(d'⋅G)
+    return schnorrGetExtPubKey(privateKey).bytes; // d'=int(sk). Fail if d'=0 or d'≥n. Ret bytes(d'⋅G)
 }
-/**
- * Synchronously creates Schnorr signature. Improved security: verifies itself before
- * producing an output.
- * @param msg message (not message hash)
- * @param privateKey private key
- * @param auxRand random bytes that would be added to k. Bad RNG won't break it.
- */
+// Creates Schnorr signature as per BIP340. Verifies itself before returning anything.
+// auxRand is optional and is not the sole source of k generation: bad CSPRNG won't be dangerous
 function schnorrSign(message, privateKey, auxRand = randomBytes(32)) {
     if (message == null)
         throw new Error(`sign: Expected valid message, not "${message}"`);
-    const m = ensureBytes(message);
-    // checks for isWithinCurveOrder
-    const { x: px, scalar: d } = schnorrGetScalar(bytesToNum(ensureBytes(privateKey, 32)));
+    const m = ensureBytes(message); // checks for isWithinCurveOrder
+    const { bytes: px, scalar: d } = schnorrGetExtPubKey(privateKey);
     const a = ensureBytes(auxRand, 32); // Auxiliary random data a: a 32-byte array
-    // TODO: replace with proper xor?
-    const t = numTo32b(d ^ bytesToNum(taggedHash(TAGS.aux, a))); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
+    const t = numTo32b(d ^ bytesToInt(taggedHash(TAGS.aux, a))); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
     const rand = taggedHash(TAGS.nonce, t, px, m); // Let rand = hash/nonce(t || bytes(P) || m)
-    const k_ = modN(bytesToNum(rand)); // Let k' = int(rand) mod n
+    const k_ = modN(bytesToInt(rand)); // Let k' = int(rand) mod n
     if (k_ === _0n)
         throw new Error('sign failed: k is zero'); // Fail if k' = 0.
-    const { point: R, x: rx, scalar: k } = schnorrGetScalar(k_); // Let R = k'⋅G.
+    const { point: R, bytes: rx, scalar: k } = schnorrGetExtPubKey(k_); // Let R = k'⋅G.
     const e = challenge(rx, px, m); // Let e = int(hash/challenge(bytes(R) || bytes(P) || m)) mod n.
     const sig = new Uint8Array(64); // Let sig = bytes(R) || bytes((k + ed) mod n).
     sig.set(numTo32b(R.px), 0);
@@ -179,16 +170,16 @@ function schnorrSign(message, privateKey, auxRand = randomBytes(32)) {
  */
 function schnorrVerify(signature, message, publicKey) {
     try {
-        const P = lift_x(bytesToNum(ensureBytes(publicKey, 32))); // P = lift_x(int(pk)); fail if that fails
+        const P = lift_x(hex32ToInt(publicKey)); // P = lift_x(int(pk)); fail if that fails
         const sig = ensureBytes(signature, 64);
-        const r = bytesToNum(sig.subarray(0, 32)); // Let r = int(sig[0:32]); fail if r ≥ p.
+        const r = bytesToInt(sig.subarray(0, 32)); // Let r = int(sig[0:32]); fail if r ≥ p.
         if (!fe(r))
             return false;
-        const s = bytesToNum(sig.subarray(32, 64)); // Let s = int(sig[32:64]); fail if s ≥ n.
+        const s = bytesToInt(sig.subarray(32, 64)); // Let s = int(sig[32:64]); fail if s ≥ n.
         if (!ge(s))
             return false;
         const m = ensureBytes(message);
-        const e = challenge(numTo32b(r), toRawX(P), m); // int(challenge(bytes(r)||bytes(P)||m)) mod n
+        const e = challenge(numTo32b(r), pointToBytes(P), m); // int(challenge(bytes(r)||bytes(P)||m)) mod n
         const R = GmulAdd(P, s, modN(-e)); // R = s⋅G - e⋅P
         if (!R || !R.hasEvenY() || R.toAffine().x !== r)
             return false; // -eP == (n-e)P
@@ -199,11 +190,18 @@ function schnorrVerify(signature, message, publicKey) {
     }
 }
 export const schnorr = {
-    // Schnorr's pubkey is just `x` of Point (BIP340)
     getPublicKey: schnorrGetPublicKey,
     sign: schnorrSign,
     verify: schnorrVerify,
-    utils: { lift_x, int: bytesToNum, taggedHash },
+    utils: {
+        getExtendedPublicKey: schnorrGetExtPubKey,
+        lift_x,
+        pointToBytes,
+        numberToBytesBE,
+        bytesToNumberBE: bytesToInt,
+        taggedHash,
+        mod,
+    },
 };
 const isoMap = htf.isogenyMap(Fp, [
     // xNum

package/lib/esm/stark.js

@@ -95,7 +95,7 @@ function ensureBytes0x(hex) {
 function normalizePrivateKey(privKey) {
     return cutils.bytesToHex(ensureBytes0x(privKey)).padStart(64, '0');
 }
-function getPublicKey0x(privKey, isCompressed) {
+function getPublicKey0x(privKey, isCompressed = false) {
     return starkCurve.getPublicKey(normalizePrivateKey(privKey), isCompressed);
 }
 function getSharedSecret0x(privKeyA, pubKeyB) {

package/lib/p192.d.ts

@@ -9,11 +9,11 @@ export declare const P192: Readonly<{
         readonly hEff?: bigint | undefined;
         readonly Gx: bigint;
         readonly Gy: bigint;
-        readonly wrapPrivateKey?: boolean | undefined;
         readonly allowInfinityPoint?: boolean | undefined;
         readonly a: bigint;
         readonly b: bigint;
-        readonly normalizePrivateKey?: ((key: import("./abstract/utils.js").PrivKey) => import("./abstract/utils.js").PrivKey) | undefined;
+        readonly allowedPrivateKeyLengths?: readonly number[] | undefined;
+        readonly wrapPrivateKey?: boolean | undefined;
         readonly endo?: {
             beta: bigint;
             splitScalar: (k: bigint) => {
@@ -25,10 +25,10 @@ export declare const P192: Readonly<{
         } | undefined;
         readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined;
         readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined;
-        lowS: boolean;
         readonly hash: import("./abstract/utils.js").CHash;
         readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
         readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
+        lowS: boolean;
         readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
         readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
     }>;
@@ -59,11 +59,11 @@ export declare const secp192r1: Readonly<{
         readonly hEff?: bigint | undefined;
         readonly Gx: bigint;
         readonly Gy: bigint;
-        readonly wrapPrivateKey?: boolean | undefined;
         readonly allowInfinityPoint?: boolean | undefined;
         readonly a: bigint;
         readonly b: bigint;
-        readonly normalizePrivateKey?: ((key: import("./abstract/utils.js").PrivKey) => import("./abstract/utils.js").PrivKey) | undefined;
+        readonly allowedPrivateKeyLengths?: readonly number[] | undefined;
+        readonly wrapPrivateKey?: boolean | undefined;
         readonly endo?: {
             beta: bigint;
             splitScalar: (k: bigint) => {
@@ -75,10 +75,10 @@ export declare const secp192r1: Readonly<{
         } | undefined;
         readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined;
         readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined;
-        lowS: boolean;
         readonly hash: import("./abstract/utils.js").CHash;
         readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
         readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
+        lowS: boolean;
         readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
         readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
     }>;

package/lib/p224.d.ts

@@ -9,11 +9,11 @@ export declare const P224: Readonly<{
         readonly hEff?: bigint | undefined;
         readonly Gx: bigint;
         readonly Gy: bigint;
-        readonly wrapPrivateKey?: boolean | undefined;
         readonly allowInfinityPoint?: boolean | undefined;
         readonly a: bigint;
         readonly b: bigint;
-        readonly normalizePrivateKey?: ((key: import("./abstract/utils.js").PrivKey) => import("./abstract/utils.js").PrivKey) | undefined;
+        readonly allowedPrivateKeyLengths?: readonly number[] | undefined;
+        readonly wrapPrivateKey?: boolean | undefined;
         readonly endo?: {
             beta: bigint;
             splitScalar: (k: bigint) => {
@@ -25,10 +25,10 @@ export declare const P224: Readonly<{
         } | undefined;
         readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined;
         readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined;
-        lowS: boolean;
         readonly hash: import("./abstract/utils.js").CHash;
         readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
         readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
+        lowS: boolean;
         readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
         readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
     }>;
@@ -59,11 +59,11 @@ export declare const secp224r1: Readonly<{
         readonly hEff?: bigint | undefined;
         readonly Gx: bigint;
         readonly Gy: bigint;
-        readonly wrapPrivateKey?: boolean | undefined;
         readonly allowInfinityPoint?: boolean | undefined;
         readonly a: bigint;
         readonly b: bigint;
-        readonly normalizePrivateKey?: ((key: import("./abstract/utils.js").PrivKey) => import("./abstract/utils.js").PrivKey) | undefined;
+        readonly allowedPrivateKeyLengths?: readonly number[] | undefined;
+        readonly wrapPrivateKey?: boolean | undefined;
         readonly endo?: {
             beta: bigint;
             splitScalar: (k: bigint) => {
@@ -75,10 +75,10 @@ export declare const secp224r1: Readonly<{
         } | undefined;
         readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined;
         readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined;
-        lowS: boolean;
         readonly hash: import("./abstract/utils.js").CHash;
         readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
         readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
+        lowS: boolean;
         readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
         readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
     }>;

package/lib/p224.js

@@ -11,7 +11,7 @@ exports.P224 = (0, _shortw_utils_js_1.createCurve)({
     // Params: a, b
     a: BigInt('0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe'),
     b: BigInt('0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4'),
-    // Field over which we'll do calculations; 2n**224n - 2n**96n + 1n
+    // Field over which we'll do calculations;
     Fp: (0, modular_js_1.Fp)(BigInt('0xffffffffffffffffffffffffffffffff000000000000000000000001')),
     // Curve order, total count of valid points in the field
     n: BigInt('0xffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d'),

package/lib/p256.d.ts

@@ -10,11 +10,11 @@ export declare const P256: Readonly<{
         readonly hEff?: bigint | undefined;
         readonly Gx: bigint;
         readonly Gy: bigint;
-        readonly wrapPrivateKey?: boolean | undefined;
         readonly allowInfinityPoint?: boolean | undefined;
         readonly a: bigint;
         readonly b: bigint;
-        readonly normalizePrivateKey?: ((key: import("./abstract/utils.js").PrivKey) => import("./abstract/utils.js").PrivKey) | undefined;
+        readonly allowedPrivateKeyLengths?: readonly number[] | undefined;
+        readonly wrapPrivateKey?: boolean | undefined;
         readonly endo?: {
             beta: bigint;
             splitScalar: (k: bigint) => {
@@ -26,10 +26,10 @@ export declare const P256: Readonly<{
         } | undefined;
         readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined;
         readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined;
-        lowS: boolean;
         readonly hash: import("./abstract/utils.js").CHash;
         readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
         readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
+        lowS: boolean;
         readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
         readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
     }>;
@@ -60,11 +60,11 @@ export declare const secp256r1: Readonly<{
         readonly hEff?: bigint | undefined;
         readonly Gx: bigint;
         readonly Gy: bigint;
-        readonly wrapPrivateKey?: boolean | undefined;
         readonly allowInfinityPoint?: boolean | undefined;
         readonly a: bigint;
         readonly b: bigint;
-        readonly normalizePrivateKey?: ((key: import("./abstract/utils.js").PrivKey) => import("./abstract/utils.js").PrivKey) | undefined;
+        readonly allowedPrivateKeyLengths?: readonly number[] | undefined;
+        readonly wrapPrivateKey?: boolean | undefined;
         readonly endo?: {
             beta: bigint;
             splitScalar: (k: bigint) => {
@@ -76,10 +76,10 @@ export declare const secp256r1: Readonly<{
         } | undefined;
         readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined;
         readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined;
-        lowS: boolean;
         readonly hash: import("./abstract/utils.js").CHash;
         readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
         readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
+        lowS: boolean;
         readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
         readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
     }>;

package/lib/p384.d.ts

@@ -10,11 +10,11 @@ export declare const P384: Readonly<{
         readonly hEff?: bigint | undefined;
         readonly Gx: bigint;
         readonly Gy: bigint;
-        readonly wrapPrivateKey?: boolean | undefined;
         readonly allowInfinityPoint?: boolean | undefined;
         readonly a: bigint;
         readonly b: bigint;
-        readonly normalizePrivateKey?: ((key: import("./abstract/utils.js").PrivKey) => import("./abstract/utils.js").PrivKey) | undefined;
+        readonly allowedPrivateKeyLengths?: readonly number[] | undefined;
+        readonly wrapPrivateKey?: boolean | undefined;
         readonly endo?: {
             beta: bigint;
             splitScalar: (k: bigint) => {
@@ -26,10 +26,10 @@ export declare const P384: Readonly<{
         } | undefined;
         readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined;
         readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined;
-        lowS: boolean;
         readonly hash: import("./abstract/utils.js").CHash;
         readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
         readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
+        lowS: boolean;
         readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
         readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
     }>;
@@ -60,11 +60,11 @@ export declare const secp384r1: Readonly<{
         readonly hEff?: bigint | undefined;
         readonly Gx: bigint;
         readonly Gy: bigint;
-        readonly wrapPrivateKey?: boolean | undefined;
         readonly allowInfinityPoint?: boolean | undefined;
         readonly a: bigint;
         readonly b: bigint;
-        readonly normalizePrivateKey?: ((key: import("./abstract/utils.js").PrivKey) => import("./abstract/utils.js").PrivKey) | undefined;
+        readonly allowedPrivateKeyLengths?: readonly number[] | undefined;
+        readonly wrapPrivateKey?: boolean | undefined;
         readonly endo?: {
             beta: bigint;
             splitScalar: (k: bigint) => {
@@ -76,10 +76,10 @@ export declare const secp384r1: Readonly<{
         } | undefined;
         readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined;
         readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined;
-        lowS: boolean;
         readonly hash: import("./abstract/utils.js").CHash;
         readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
         readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
+        lowS: boolean;
         readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
         readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
     }>;