/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ import { AffinePoint, BasicCurve, Group, GroupConstructor } from './curve.js'; import * as mod from './modular.js'; import { CHash, Hex, PrivKey } from './utils.js'; export type { AffinePoint }; type HmacFnSync = (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array; type EndomorphismOpts = { beta: bigint; splitScalar: (k: bigint) => { k1neg: boolean; k1: bigint; k2neg: boolean; k2: bigint; }; }; export type BasicWCurve = BasicCurve & { a: T; b: T; allowedPrivateKeyLengths?: readonly number[]; wrapPrivateKey?: boolean; endo?: EndomorphismOpts; isTorsionFree?: (c: ProjConstructor, point: ProjPointType) => boolean; clearCofactor?: (c: ProjConstructor, point: ProjPointType) => ProjPointType; }; type Entropy = Hex | boolean; export type SignOpts = { lowS?: boolean; extraEntropy?: Entropy; prehash?: boolean; }; export type VerOpts = { lowS?: boolean; prehash?: boolean; }; /** * ### Design rationale for types * * * Interaction between classes from different curves should fail: * `k256.Point.BASE.add(p256.Point.BASE)` * * For this purpose we want to use `instanceof` operator, which is fast and works during runtime * * Different calls of `curve()` would return different classes - * `curve(params) !== curve(params)`: if somebody decided to monkey-patch their curve, * it won't affect others * * TypeScript can't infer types for classes created inside a function. Classes is one instance of nominative types in TypeScript and interfaces only check for shape, so it's hard to create unique type for every function call. * * We can use generic types via some param, like curve opts, but that would: * 1. Enable interaction between `curve(params)` and `curve(params)` (curves of same params) * which is hard to debug. * 2. Params can be generic and we can't enforce them to be constant value: * if somebody creates curve from non-constant params, * it would be allowed to interact with other curves with non-constant params * * TODO: https://www.typescriptlang.org/docs/handbook/release-notes/typescript-2-7.html#unique-symbol */ export interface ProjPointType extends Group> { readonly px: T; readonly py: T; readonly pz: T; get x(): T; get y(): T; multiply(scalar: bigint): ProjPointType; toAffine(iz?: T): AffinePoint; isTorsionFree(): boolean; clearCofactor(): ProjPointType; assertValidity(): void; hasEvenY(): boolean; toRawBytes(isCompressed?: boolean): Uint8Array; toHex(isCompressed?: boolean): string; multiplyUnsafe(scalar: bigint): ProjPointType; multiplyAndAddUnsafe(Q: ProjPointType, a: bigint, b: bigint): ProjPointType | undefined; _setWindowSize(windowSize: number): void; } export interface ProjConstructor extends GroupConstructor> { new (x: T, y: T, z: T): ProjPointType; fromAffine(p: AffinePoint): ProjPointType; fromHex(hex: Hex): ProjPointType; fromPrivateKey(privateKey: PrivKey): ProjPointType; normalizeZ(points: ProjPointType[]): ProjPointType[]; } export type CurvePointsType = BasicWCurve & { fromBytes?: (bytes: Uint8Array) => AffinePoint; toBytes?: (c: ProjConstructor, point: ProjPointType, isCompressed: boolean) => Uint8Array; }; declare function validatePointOpts(curve: CurvePointsType): Readonly<{ readonly nBitLength: number; readonly nByteLength: number; readonly Fp: mod.IField; readonly n: bigint; readonly h: bigint; readonly hEff?: bigint; readonly Gx: T; readonly Gy: T; readonly allowInfinityPoint?: boolean; readonly a: T; readonly b: T; readonly allowedPrivateKeyLengths?: readonly number[]; readonly wrapPrivateKey?: boolean; readonly endo?: EndomorphismOpts; readonly isTorsionFree?: ((c: ProjConstructor, point: ProjPointType) => boolean) | undefined; readonly clearCofactor?: ((c: ProjConstructor, point: ProjPointType) => ProjPointType) | undefined; readonly fromBytes?: ((bytes: Uint8Array) => AffinePoint) | undefined; readonly toBytes?: ((c: ProjConstructor, point: ProjPointType, isCompressed: boolean) => Uint8Array) | undefined; readonly p: bigint; }>; export type CurvePointsRes = { CURVE: ReturnType>; ProjectivePoint: ProjConstructor; normPrivateKeyToScalar: (key: PrivKey) => bigint; weierstrassEquation: (x: T) => T; isWithinCurveOrder: (num: bigint) => boolean; }; export declare const DER: { Err: { new (m?: string): { name: string; message: string; stack?: string; }; }; _parseInt(data: Uint8Array): { d: bigint; l: Uint8Array; }; toSig(hex: string | Uint8Array): { r: bigint; s: bigint; }; hexFromSig(sig: { r: bigint; s: bigint; }): string; }; export declare function weierstrassPoints(opts: CurvePointsType): CurvePointsRes; export interface SignatureType { readonly r: bigint; readonly s: bigint; readonly recovery?: number; assertValidity(): void; addRecoveryBit(recovery: number): RecoveredSignatureType; hasHighS(): boolean; normalizeS(): SignatureType; recoverPublicKey(msgHash: Hex): ProjPointType; toCompactRawBytes(): Uint8Array; toCompactHex(): string; toDERRawBytes(isCompressed?: boolean): Uint8Array; toDERHex(isCompressed?: boolean): string; } export type RecoveredSignatureType = SignatureType & { readonly recovery: number; }; export type SignatureConstructor = { new (r: bigint, s: bigint): SignatureType; fromCompact(hex: Hex): SignatureType; fromDER(hex: Hex): SignatureType; }; type SignatureLike = { r: bigint; s: bigint; }; export type PubKey = Hex | ProjPointType; export type CurveType = BasicWCurve & { hash: CHash; hmac: HmacFnSync; randomBytes: (bytesLength?: number) => Uint8Array; lowS?: boolean; bits2int?: (bytes: Uint8Array) => bigint; bits2int_modN?: (bytes: Uint8Array) => bigint; }; declare function validateOpts(curve: CurveType): Readonly<{ readonly nBitLength: number; readonly nByteLength: number; readonly Fp: mod.IField; readonly n: bigint; readonly h: bigint; readonly hEff?: bigint; readonly Gx: bigint; readonly Gy: bigint; readonly allowInfinityPoint?: boolean; readonly a: bigint; readonly b: bigint; readonly allowedPrivateKeyLengths?: readonly number[]; readonly wrapPrivateKey?: boolean; readonly endo?: EndomorphismOpts; readonly isTorsionFree?: ((c: ProjConstructor, point: ProjPointType) => boolean) | undefined; readonly clearCofactor?: ((c: ProjConstructor, point: ProjPointType) => ProjPointType) | undefined; readonly hash: CHash; readonly hmac: HmacFnSync; readonly randomBytes: (bytesLength?: number) => Uint8Array; lowS: boolean; readonly bits2int?: (bytes: Uint8Array) => bigint; readonly bits2int_modN?: (bytes: Uint8Array) => bigint; readonly p: bigint; }>; export type CurveFn = { CURVE: ReturnType; getPublicKey: (privateKey: PrivKey, isCompressed?: boolean) => Uint8Array; getSharedSecret: (privateA: PrivKey, publicB: Hex, isCompressed?: boolean) => Uint8Array; sign: (msgHash: Hex, privKey: PrivKey, opts?: SignOpts) => RecoveredSignatureType; verify: (signature: Hex | SignatureLike, msgHash: Hex, publicKey: Hex, opts?: VerOpts) => boolean; ProjectivePoint: ProjConstructor; Signature: SignatureConstructor; utils: { normPrivateKeyToScalar: (key: PrivKey) => bigint; isValidPrivateKey(privateKey: PrivKey): boolean; randomPrivateKey: () => Uint8Array; precompute: (windowSize?: number, point?: ProjPointType) => ProjPointType; }; }; export declare function weierstrass(curveDef: CurveType): CurveFn; /** * Implementation of the Shallue and van de Woestijne method for any weierstrass curve. * TODO: check if there is a way to merge this with uvRatio in Edwards; move to modular. * b = True and y = sqrt(u / v) if (u / v) is square in F, and * b = False and y = sqrt(Z * (u / v)) otherwise. * @param Fp * @param Z * @returns */ export declare function SWUFpSqrtRatio(Fp: mod.IField, Z: T): (u: T, v: T) => { isValid: boolean; value: T; }; /** * Simplified Shallue-van de Woestijne-Ulas Method * https://www.rfc-editor.org/rfc/rfc9380#section-6.6.2 */ export declare function mapToCurveSimpleSWU(Fp: mod.IField, opts: { A: T; B: T; Z: T; }): (u: T) => { x: T; y: T; }; //# sourceMappingURL=weierstrass.d.ts.map