@noble/curves 1.3.0 → 1.4.0

package/src/abstract/bls.ts

@@ -83,12 +83,12 @@ export type CurveFn<Fp, Fp2, Fp6, Fp12> = {
   getPublicKey: (privateKey: PrivKey) => Uint8Array;
   getPublicKeyForShortSignatures: (privateKey: PrivKey) => Uint8Array;
   sign: {
-    (message: Hex, privateKey: PrivKey): Uint8Array;
-    (message: ProjPointType<Fp2>, privateKey: PrivKey): ProjPointType<Fp2>;
+    (message: Hex, privateKey: PrivKey, htfOpts?: htfBasicOpts): Uint8Array;
+    (message: ProjPointType<Fp2>, privateKey: PrivKey, htfOpts?: htfBasicOpts): ProjPointType<Fp2>;
   };
   signShortSignature: {
-    (message: Hex, privateKey: PrivKey): Uint8Array;
-    (message: ProjPointType<Fp>, privateKey: PrivKey): ProjPointType<Fp>;
+    (message: Hex, privateKey: PrivKey, htfOpts?: htfBasicOpts): Uint8Array;
+    (message: ProjPointType<Fp>, privateKey: PrivKey, htfOpts?: htfBasicOpts): ProjPointType<Fp>;
   };
   verify: (
     signature: Hex | ProjPointType<Fp2>,

package/src/abstract/hash-to-curve.ts

@@ -2,7 +2,7 @@
 import type { Group, GroupConstructor, AffinePoint } from './curve.js';
 import { mod, IField } from './modular.js';
 import type { CHash } from './utils.js';
-import { bytesToNumberBE, isBytes, concatBytes, utf8ToBytes, validateObject } from './utils.js';
+import { bytesToNumberBE, abytes, concatBytes, utf8ToBytes, validateObject } from './utils.js';
 
 /**
  * * `DST` is a domain separation tag, defined in section 2.2.5
@@ -22,12 +22,6 @@ export type Opts = {
   hash: CHash;
 };
 
-function validateDST(dst: UnicodeOrBytes): Uint8Array {
-  if (isBytes(dst)) return dst;
-  if (typeof dst === 'string') return utf8ToBytes(dst);
-  throw new Error('DST must be Uint8Array or string');
-}
-
 // Octet Stream to Integer. "spec" implementation of os2ip is 2.5x slower vs bytesToNumberBE.
 const os2ip = bytesToNumberBE;
 
@@ -52,10 +46,7 @@ function strxor(a: Uint8Array, b: Uint8Array): Uint8Array {
   return arr;
 }
 
-function abytes(item: unknown): void {
-  if (!isBytes(item)) throw new Error('Uint8Array expected');
-}
-function isNum(item: unknown): void {
+function anum(item: unknown): void {
   if (!Number.isSafeInteger(item)) throw new Error('number expected');
 }
 
@@ -69,7 +60,7 @@ export function expand_message_xmd(
 ): Uint8Array {
   abytes(msg);
   abytes(DST);
-  isNum(lenInBytes);
+  anum(lenInBytes);
   // https://www.rfc-editor.org/rfc/rfc9380#section-5.3.3
   if (DST.length > 255) DST = H(concatBytes(utf8ToBytes('H2C-OVERSIZE-DST-'), DST));
   const { outputLen: b_in_bytes, blockLen: r_in_bytes } = H;
@@ -103,7 +94,7 @@ export function expand_message_xof(
 ): Uint8Array {
   abytes(msg);
   abytes(DST);
-  isNum(lenInBytes);
+  anum(lenInBytes);
   // https://www.rfc-editor.org/rfc/rfc9380#section-5.3.3
   // DST = H('H2C-OVERSIZE-DST-' || a_very_long_DST, Math.ceil((lenInBytes * k) / 8));
   if (DST.length > 255) {
@@ -141,8 +132,8 @@ export function hash_to_field(msg: Uint8Array, count: number, options: Opts): bi
   });
   const { p, k, m, hash, expand, DST: _DST } = options;
   abytes(msg);
-  isNum(count);
-  const DST = validateDST(_DST);
+  anum(count);
+  const DST = typeof _DST === 'string' ? utf8ToBytes(_DST) : _DST;
   const log2p = p.toString(2).length;
   const L = Math.ceil((log2p + k) / 8); // section 5.1 of ietf draft link above
   const len_in_bytes = count * m * L;

package/src/abstract/utils.ts

@@ -23,6 +23,10 @@ export function isBytes(a: unknown): a is Uint8Array {
   );
 }
 
+export function abytes(item: unknown): void {
+  if (!isBytes(item)) throw new Error('Uint8Array expected');
+}
+
 // Array where index 0xf0 (240) is mapped to string 'f0'
 const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) =>
   i.toString(16).padStart(2, '0')
@@ -31,7 +35,7 @@ const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) =>
  * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'
  */
 export function bytesToHex(bytes: Uint8Array): string {
-  if (!isBytes(bytes)) throw new Error('Uint8Array expected');
+  abytes(bytes);
   // pre-caching improves the speed 6x
   let hex = '';
   for (let i = 0; i < bytes.length; i++) {
@@ -86,7 +90,7 @@ export function bytesToNumberBE(bytes: Uint8Array): bigint {
   return hexToNumber(bytesToHex(bytes));
 }
 export function bytesToNumberLE(bytes: Uint8Array): bigint {
-  if (!isBytes(bytes)) throw new Error('Uint8Array expected');
+  abytes(bytes);
   return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));
 }
 
@@ -138,12 +142,11 @@ export function concatBytes(...arrays: Uint8Array[]): Uint8Array {
   let sum = 0;
   for (let i = 0; i < arrays.length; i++) {
     const a = arrays[i];
-    if (!isBytes(a)) throw new Error('Uint8Array expected');
+    abytes(a);
     sum += a.length;
   }
-  let res = new Uint8Array(sum);
-  let pad = 0;
-  for (let i = 0; i < arrays.length; i++) {
+  const res = new Uint8Array(sum);
+  for (let i = 0, pad = 0; i < arrays.length; i++) {
     const a = arrays[i];
     res.set(a, pad);
     pad += a.length;
@@ -195,9 +198,9 @@ export function bitGet(n: bigint, pos: number) {
 /**
  * Sets single bit at position.
  */
-export const bitSet = (n: bigint, pos: number, value: boolean) => {
+export function bitSet(n: bigint, pos: number, value: boolean) {
   return n | ((value ? _1n : _0n) << BigInt(pos));
-};
+}
 
 /**
  * Calculate mask for N bits. Not using ** operator with bigints because of old engines.

package/src/abstract/weierstrass.ts

@@ -27,7 +27,7 @@ export type BasicWCurve<T> = BasicCurve<T> & {
   clearCofactor?: (c: ProjConstructor<T>, point: ProjPointType<T>) => ProjPointType<T>;
 };
 
-type Entropy = Hex | true;
+type Entropy = Hex | boolean;
 export type SignOpts = { lowS?: boolean; extraEntropy?: Entropy; prehash?: boolean };
 export type VerOpts = { lowS?: boolean; prehash?: boolean };
 
@@ -158,7 +158,7 @@ export const DER = {
     // parse DER signature
     const { Err: E } = DER;
     const data = typeof hex === 'string' ? h2b(hex) : hex;
-    if (!ut.isBytes(data)) throw new Error('ui8a expected');
+    ut.abytes(data);
     let l = data.length;
     if (l < 2 || data[0] != 0x30) throw new E('Invalid signature tag');
     if (data[1] !== l - 2) throw new E('Invalid signature: incorrect length');
@@ -733,7 +733,13 @@ export function weierstrass(curveDef: CurveType): CurveFn {
         const x = ut.bytesToNumberBE(tail);
         if (!isValidFieldElement(x)) throw new Error('Point is not on curve');
         const y2 = weierstrassEquation(x); // y² = x³ + ax + b
-        let y = Fp.sqrt(y2); // y = y² ^ (p+1)/4
+        let y: bigint;
+        try {
+          y = Fp.sqrt(y2); // y = y² ^ (p+1)/4
+        } catch (sqrtError) {
+          const suffix = sqrtError instanceof Error ? ': ' + sqrtError.message : '';
+          throw new Error('Point is not on curve' + suffix);
+        }
         const isYOdd = (y & _1n) === _1n;
         // ECDSA
         const isHeadOdd = (head & 1) === 1;
@@ -971,7 +977,7 @@ export function weierstrass(curveDef: CurveType): CurveFn {
     const d = normPrivateKeyToScalar(privateKey); // validate private key, convert to bigint
     const seedArgs = [int2octets(d), int2octets(h1int)];
     // extraEntropy. RFC6979 3.6: additional k' (optional).
-    if (ent != null) {
+    if (ent != null && ent !== false) {
       // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k')
       const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is
       seedArgs.push(ensureBytes('extraEntropy', e)); // check for being bytes

package/src/bls12-381.ts

@@ -1364,7 +1364,7 @@ export const bls12_381: CurveFn<Fp, Fp2, Fp6, Fp12> = bls({
       fromHex(hex: Hex): ProjPointType<Fp2> {
         const { infinity, sort, value } = parseMask(ensureBytes('signatureHex', hex));
         const P = Fp.ORDER;
-        const half = hex.length / 2;
+        const half = value.length / 2;
         if (half !== 48 && half !== 96)
           throw new Error('Invalid compressed signature length, must be 96 or 192');
         const z1 = bytesToNumberBE(value.slice(0, half));

package/src/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "module"
+}