noble-curves-extended
Version:
This project extends @noble/curves to allow randomBytes to be specified externally
2 lines (1 loc) • 8.56 kB
JavaScript
;Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const r=require("@noble/curves/abstract/modular"),T=require("@noble/hashes/hmac"),B=require("@noble/hashes/utils"),N=require("@noble/curves/abstract/weierstrass"),P=require("@noble/hashes/sha2"),I=require("u8a-utils"),Q=require("@noble/hashes/sha2.js"),z=require("@noble/curves/abstract/edwards"),m=r.Field(BigInt("0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001")),X=t=>({utils:{randomPrivateKey:()=>{const e=r.getMinHashLength(m.ORDER);return r.mapHashToField(t(e),m.ORDER)}}}),C=t=>(f,...e)=>T.hmac(t,f,B.concatBytes(...e));function g(t,f,e){const n=o=>N.weierstrass({...t,hash:o,randomBytes:e,hmac:C(o)});return{...n(f),create:n}}const x=t=>({...t,sign:(e,n,o)=>(B.isBytes(e)&&(e=Uint8Array.from(e)),B.isBytes(n)&&(n=Uint8Array.from(n)),t.sign(e,n,o)),verify:(e,n,o,c)=>(B.isBytes(e)&&(e=Uint8Array.from(e)),B.isBytes(n)&&(n=Uint8Array.from(n)),B.isBytes(o)&&(o=Uint8Array.from(o)),t.verify(e,n,o,c))}),Y=({curve:t,publicKey:f})=>{try{return t.ProjectivePoint.fromHex(f).assertValidity(),!0}catch(e){return console.log(e),!1}},S={p:BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff"),n:BigInt("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),h:BigInt(1),a:BigInt("0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc"),b:BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b"),Gx:BigInt("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),Gy:BigInt("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5")},A={p:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff"),n:BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973"),h:BigInt(1),a:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc"),b:BigInt("0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef"),Gx:BigInt("0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7"),Gy:BigInt("0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f")},G={p:BigInt("0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),n:BigInt("0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409"),h:BigInt(1),a:BigInt("0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc"),b:BigInt("0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00"),Gx:BigInt("0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66"),Gy:BigInt("0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650")},Z=r.Field(S.p),ff=r.Field(A.p),tf=r.Field(G.p),V=t=>{const f=g({...S,Fp:Z,lowS:!1},P.sha256,t);return x(f)},H=t=>{const f=g({...A,Fp:ff,lowS:!1},P.sha384,t);return x(f)},W=t=>{const f=g({...G,Fp:tf,lowS:!1,allowedPrivateKeyLengths:[130,131,132]},P.sha512,t);return x(f)},E=({curve:t,curveName:f,publicKey:e})=>{const o=t.ProjectivePoint.fromHex(e).toRawBytes(!1),c=(o.length-1)/2,i=o.slice(1,1+c),a=o.slice(1+c);return{kty:"EC",crv:f,x:I.toB64U(i),y:I.toB64U(a)}},j=({curve:t,curveName:f,privateKey:e})=>{const n=t.getPublicKey(e);return{...E({curve:t,curveName:f,publicKey:n}),d:I.toB64U(e)}},$=({curve:t,jwkPublicKey:f})=>{const{x:e,y:n}=f;if(!e||!n)throw new Error("Invalid JWK public key: missing x or y coordinates");try{const o=I.fromB64U(e),c=I.fromB64U(n),i=new Uint8Array([4,...o,...c]);return t.ProjectivePoint.fromHex(i),i}catch(o){throw new Error(`Invalid JWK public key: invalid base64url coordinates, ${o}`)}},ef=({curve:t,jwkPrivateKey:f})=>{const{d:e}=f;if(!e)throw new Error("Invalid JWK private key: missing d coordinate");const n=I.fromB64U(e);if(!t.utils.isValidPrivateKey(n))throw new Error("Invalid JWK private key: invalid private key");let o,c;try{o=t.getPublicKey(n,!1),c=$({curve:t,jwkPublicKey:f})}catch(i){throw new Error(`Invalid JWK private key: invalid private key, ${i}`)}if(!I.compareUint8Arrays(o,c))throw new Error("Invalid JWK private key: invalid private key");return n},nf=(t,f)=>{const e=(()=>{switch(t){case"P-256":return V(f);case"P-384":return H(f);case"P-521":return W(f);default:throw new Error(`Unsupported NIST curve: ${t}`)}})();return{...e,curveName:t,randomBytes:f,toJwkPrivateKey:n=>j({curve:e,curveName:t,privateKey:n}),toJwkPublicKey:n=>E({curve:e,curveName:t,publicKey:n}),toRawPrivateKey:n=>ef({curve:e,jwkPrivateKey:n}),toRawPublicKey:n=>$({curve:e,jwkPublicKey:n}),isValidPublicKey:n=>Y({curve:e,publicKey:n})}},v={p:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),n:BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),h:BigInt(1),a:BigInt(0),b:BigInt(7),Gx:BigInt("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),Gy:BigInt("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8")},cf=BigInt(1),k=BigInt(2),J=(t,f)=>(t+f/k)/f;function of(t){const f=v.p,e=BigInt(3),n=BigInt(6),o=BigInt(11),c=BigInt(22),i=BigInt(23),a=BigInt(44),w=BigInt(88),b=t*t*t%f,s=b*b*t%f,d=r.pow2(s,e,f)*s%f,l=r.pow2(d,e,f)*s%f,p=r.pow2(l,k,f)*b%f,u=r.pow2(p,o,f)*p%f,y=r.pow2(u,c,f)*u%f,_=r.pow2(y,a,f)*y%f,F=r.pow2(_,w,f)*_%f,D=r.pow2(F,a,f)*y%f,L=r.pow2(D,e,f)*s%f,M=r.pow2(L,i,f)*u%f,O=r.pow2(M,n,f)*b%f,R=r.pow2(O,k,f);if(!U.eql(U.sqr(R),t))throw new Error("Cannot find square root");return R}const U=r.Field(v.p,void 0,void 0,{sqrt:of}),rf=t=>{const f=g({...v,Fp:U,lowS:!0,endo:{beta:BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),splitScalar:e=>{const n=v.n,o=BigInt("0x3086d221a7d46bcde86c90e49284eb15"),c=-cf*BigInt("0xe4437ed6010e88286f547fa90abfe4c3"),i=BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),a=o,w=BigInt("0x100000000000000000000000000000000"),b=J(a*e,n),s=J(-c*e,n);let d=r.mod(e-b*o-s*i,n),l=r.mod(-b*c-s*a,n);const p=d>w,u=l>w;if(p&&(d=n-d),u&&(l=n-l),d>w||l>w)throw new Error("splitScalar: Endomorphism failed, k="+e);return{k1neg:p,k1:d,k2neg:u,k2:l}}}},Q.sha256,t);return x(f)},af=BigInt(1),K=BigInt(2),sf=BigInt(5),df=BigInt(8),h={p:BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed"),n:BigInt("0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed"),h:df,a:BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec"),d:BigInt("0x52036cee2b6ffe738cc740797779e89800700a4d4141d8ab75eb4dca135978a3"),Gx:BigInt("0x216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a"),Gy:BigInt("0x6666666666666666666666666666666666666666666666666666666666666658")};function bf(t){const f=BigInt(10),e=BigInt(20),n=BigInt(40),o=BigInt(80),c=h.p,a=t*t%c*t%c,w=r.pow2(a,K,c)*a%c,b=r.pow2(w,af,c)*t%c,s=r.pow2(b,sf,c)*b%c,d=r.pow2(s,f,c)*s%c,l=r.pow2(d,e,c)*d%c,p=r.pow2(l,n,c)*l%c,u=r.pow2(p,o,c)*p%c,y=r.pow2(u,o,c)*p%c,_=r.pow2(y,f,c)*s%c;return{pow_p_5_8:r.pow2(_,K,c)*t%c,b2:a}}function lf(t){return t[0]&=248,t[31]&=127,t[31]|=64,t}const q=BigInt("19681161376707505956807079304988542015446066515923890162744021073123829784752");function Bf(t,f){const e=h.p,n=r.mod(f*f*f,e),o=r.mod(n*n*f,e),c=bf(t*o).pow_p_5_8;let i=r.mod(t*n*c,e);const a=r.mod(f*i*i,e),w=i,b=r.mod(i*q,e),s=a===t,d=a===r.mod(-t,e),l=a===r.mod(-t*q,e);return s&&(i=w),(d||l)&&(i=b),r.isNegativeLE(i,e)&&(i=r.mod(-i,e)),{isValid:s||d,value:i}}const wf=r.Field(h.p,void 0,!0),pf={...h,Fp:wf,hash:P.sha512,adjustScalarBytes:lf,uvRatio:Bf},uf=t=>{const f=z.twistedEdwards({...pf,randomBytes:t});return{...f,sign:(n,o,c)=>(B.isBytes(n)&&(n=Uint8Array.from(n)),B.isBytes(o)&&(o=Uint8Array.from(o)),f.sign(n,o,c)),verify:(n,o,c,i)=>(B.isBytes(n)&&(n=Uint8Array.from(n)),B.isBytes(o)&&(o=Uint8Array.from(o)),B.isBytes(c)&&(c=Uint8Array.from(c)),f.verify(n,o,c,i))}};exports.bls12381Fr=m;exports.createBls12_381=X;exports.createCurve=g;exports.createEd25519=uf;exports.createHmacFn=C;exports.createNistCurve=nf;exports.createP256=V;exports.createP384=H;exports.createP521=W;exports.createSecp256k1=rf;exports.modifyCurve=x;exports.toJwkPrivateKey=j;exports.toJwkPublicKey=E;