changelog

Author: ty-everett

CHANGELOG.md

@@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file. The format
 ## Table of Contents
 
 - [Unreleased](#unreleased)
+- [1.9.12 - 2025-12-01](#1912---2025-12-01)
 - [1.9.11 - 2025-11-24](#1911---2025-11-24)
 - [1.9.10 - 2025-11-17](#1910---2025-11-17)
 - [1.9.9 - 2025-11-15](#199---2025-11-15)
@@ -182,6 +183,13 @@ All notable changes to this project will be documented in this file. The format
 
 ### Security
 
+---
+### [1.9.12] - 2025-12-01
+
+### Added
+
+- Added a standalone secp256r1 (P-256) BigInt implementation with ECDSA signing, verification, and tests.
+
 ---
 ### [1.9.11] - 2025-11-24
 

docs/reference/primitives.md

@@ -48,11 +48,11 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 | [BigNumber](#class-bignumber) | [Polynomial](#class-polynomial) | [SHA512](#class-sha512) |
 | [Curve](#class-curve) | [PrivateKey](#class-privatekey) | [SHA512HMAC](#class-sha512hmac) |
 | [DRBG](#class-drbg) | [PublicKey](#class-publickey) | [Schnorr](#class-schnorr) |
-| [JacobianPoint](#class-jacobianpoint) | [RIPEMD160](#class-ripemd160) | [Signature](#class-signature) |
-| [K256](#class-k256) | [Reader](#class-reader) | [SymmetricKey](#class-symmetrickey) |
-| [KeyShares](#class-keyshares) | [ReductionContext](#class-reductioncontext) | [TransactionSignature](#class-transactionsignature) |
-| [Mersenne](#class-mersenne) | [SHA1](#class-sha1) | [Writer](#class-writer) |
-| [MontgomoryMethod](#class-montgomorymethod) | [SHA1HMAC](#class-sha1hmac) |  |
+| [JacobianPoint](#class-jacobianpoint) | [RIPEMD160](#class-ripemd160) | [Secp256r1](#class-secp256r1) |
+| [K256](#class-k256) | [Reader](#class-reader) | [Signature](#class-signature) |
+| [KeyShares](#class-keyshares) | [ReductionContext](#class-reductioncontext) | [SymmetricKey](#class-symmetrickey) |
+| [Mersenne](#class-mersenne) | [SHA1](#class-sha1) | [TransactionSignature](#class-transactionsignature) |
+| [MontgomoryMethod](#class-montgomorymethod) | [SHA1HMAC](#class-sha1hmac) | [Writer](#class-writer) |
 | [Point](#class-point) | [SHA256](#class-sha256) |  |
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
@@ -4320,6 +4320,141 @@ Argument Details
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
 
+---
+### Class: Secp256r1
+
+Pure BigInt implementation of the NIST P-256 (secp256r1) curve with ECDSA sign/verify.
+
+This class is standalone (no dependency on the existing secp256k1 primitives) and exposes
+key generation, point encoding/decoding, scalar multiplication, and SHA-256 based ECDSA.
+
+```ts
+export default class Secp256r1 {
+    readonly p = P;
+    readonly n = N;
+    readonly a = A;
+    readonly b = B;
+    readonly g = G;
+    pointFromAffine(x: bigint, y: bigint): P256Point 
+    pointFromHex(hex: string): P256Point 
+    pointToHex(p: P256Point, compressed = false): string 
+    add(p1: P256Point, p2: P256Point): P256Point 
+    multiply(point: P256Point, scalar: bigint): P256Point 
+    multiplyBase(scalar: bigint): P256Point 
+    isOnCurve(p: P256Point): boolean 
+    generatePrivateKeyHex(): string 
+    publicKeyFromPrivate(privateKey: string | bigint): P256Point 
+    sign(message: ByteSource, privateKey: string | bigint, opts: {
+        prehashed?: boolean;
+        nonce?: bigint;
+    } = {}): {
+        r: string;
+        s: string;
+    } 
+    verify(message: ByteSource, signature: {
+        r: string | bigint;
+        s: string | bigint;
+    }, publicKey: P256Point | string, opts: {
+        prehashed?: boolean;
+    } = {}): boolean 
+}
+```
+
+See also: [P256Point](./primitives.md#type-p256point), [multiply](./primitives.md#variable-multiply), [sign](./compat.md#variable-sign), [verify](./compat.md#variable-verify)
+
+#### Method add
+
+Add two points (handles infinity).
+
+```ts
+add(p1: P256Point, p2: P256Point): P256Point 
+```
+See also: [P256Point](./primitives.md#type-p256point)
+
+#### Method generatePrivateKeyHex
+
+Generate a new random private key as 32-byte hex.
+
+```ts
+generatePrivateKeyHex(): string 
+```
+
+#### Method isOnCurve
+
+Check if a point lies on the curve (including infinity).
+
+```ts
+isOnCurve(p: P256Point): boolean 
+```
+See also: [P256Point](./primitives.md#type-p256point)
+
+#### Method multiply
+
+Scalar multiply an arbitrary point using double-and-add.
+
+```ts
+multiply(point: P256Point, scalar: bigint): P256Point 
+```
+See also: [P256Point](./primitives.md#type-p256point)
+
+#### Method multiplyBase
+
+Scalar multiply the base point.
+
+```ts
+multiplyBase(scalar: bigint): P256Point 
+```
+See also: [P256Point](./primitives.md#type-p256point)
+
+#### Method pointFromHex
+
+Decode a point from compressed or uncompressed hex.
+
+```ts
+pointFromHex(hex: string): P256Point 
+```
+See also: [P256Point](./primitives.md#type-p256point)
+
+#### Method pointToHex
+
+Encode a point to compressed or uncompressed hex. Infinity is encoded as `00`.
+
+```ts
+pointToHex(p: P256Point, compressed = false): string 
+```
+See also: [P256Point](./primitives.md#type-p256point)
+
+#### Method sign
+
+Create an ECDSA signature over a message. Uses SHA-256 unless `prehashed` is true.
+Returns low-s normalized signature hex parts.
+
+```ts
+sign(message: ByteSource, privateKey: string | bigint, opts: {
+    prehashed?: boolean;
+    nonce?: bigint;
+} = {}): {
+    r: string;
+    s: string;
+} 
+```
+
+#### Method verify
+
+Verify an ECDSA signature against a message and public key.
+
+```ts
+verify(message: ByteSource, signature: {
+    r: string | bigint;
+    s: string | bigint;
+}, publicKey: P256Point | string, opts: {
+    prehashed?: boolean;
+} = {}): boolean 
+```
+See also: [P256Point](./primitives.md#type-p256point)
+
+Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
+
 ---
 ### Class: Signature
 
@@ -4984,6 +5119,18 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 ---
 ## Types
 
+### Type: P256Point
+
+```ts
+export type P256Point = {
+    x: bigint;
+    y: bigint;
+} | null
+```
+
+Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
+
+---
 ## Enums
 
 ## Variables

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@bsv/sdk",
-  "version": "1.9.11",
+  "version": "1.9.12",
   "type": "module",
   "description": "BSV Blockchain Software Development Kit",
   "main": "dist/cjs/mod.js",

package.json

@@ -1,4 +1,5 @@
-import crypto from 'crypto'
+import Random from './Random.js'
+import { sha256 } from './Hash.js'
 
 export type P256Point = { x: bigint, y: bigint } | null
 
@@ -19,6 +20,12 @@ const COMPRESSED_EVEN = '02'
 const COMPRESSED_ODD = '03'
 const UNCOMPRESSED = '04'
 
+/**
+ * Pure BigInt implementation of the NIST P-256 (secp256r1) curve with ECDSA sign/verify.
+ *
+ * This class is standalone (no dependency on the existing secp256k1 primitives) and exposes
+ * key generation, point encoding/decoding, scalar multiplication, and SHA-256 based ECDSA.
+ */
 export default class Secp256r1 {
   readonly p = P
   readonly n = N
@@ -50,7 +57,7 @@ export default class Secp256r1 {
     let b = this.mod(base, modulus)
     let e = exponent
     while (e > 0n) {
-      if (e & 1n) result = this.mod(result * b, modulus)
+      if ((e & 1n) === 1n) result = this.mod(result * b, modulus)
       e >>= 1n
       b = this.mod(b * b, modulus)
     }
@@ -77,6 +84,9 @@ export default class Secp256r1 {
     return point
   }
 
+  /**
+   * Decode a point from compressed or uncompressed hex.
+   */
   pointFromHex (hex: string): P256Point {
     if (hex.startsWith(UNCOMPRESSED)) {
       const x = BigInt('0x' + hex.slice(2, 66))
@@ -95,6 +105,9 @@ export default class Secp256r1 {
     throw new Error('Invalid point encoding')
   }
 
+  /**
+   * Encode a point to compressed or uncompressed hex. Infinity is encoded as `00`.
+   */
   pointToHex (p: P256Point, compressed = false): string {
     if (this.isInfinity(p)) return '00'
     const xHex = this.to32BytesHex(p.x)
@@ -104,6 +117,9 @@ export default class Secp256r1 {
     return prefix + xHex
   }
 
+  /**
+   * Add two affine points (handles infinity).
+   */
   private addPoints (p1: P256Point, p2: P256Point): P256Point {
     if (this.isInfinity(p1)) return p2
     if (this.isInfinity(p2)) return p1
@@ -133,17 +149,23 @@ export default class Secp256r1 {
     return { x: x3, y: y3 }
   }
 
+  /**
+   * Add two points (handles infinity).
+   */
   add (p1: P256Point, p2: P256Point): P256Point {
     return this.addPoints(p1, p2)
   }
 
+  /**
+   * Scalar multiply an arbitrary point using double-and-add.
+   */
   multiply (point: P256Point, scalar: bigint): P256Point {
     if (scalar === 0n || this.isInfinity(point)) return null
     let k = this.mod(scalar, this.n)
     let result: P256Point = null
     let addend: P256Point = point
     while (k > 0n) {
-      if (k & 1n) {
+      if ((k & 1n) === 1n) {
         result = this.addPoints(result, addend)
       }
       addend = this.doublePoint(addend)
@@ -152,10 +174,16 @@ export default class Secp256r1 {
     return result
   }
 
+  /**
+   * Scalar multiply the base point.
+   */
   multiplyBase (scalar: bigint): P256Point {
     return this.multiply(this.g, scalar)
   }
 
+  /**
+   * Check if a point lies on the curve (including infinity).
+   */
   isOnCurve (p: P256Point): boolean {
     try {
       this.assertOnCurve(p)
@@ -165,14 +193,17 @@ export default class Secp256r1 {
     }
   }
 
+  /**
+   * Generate a new random private key as 32-byte hex.
+   */
   generatePrivateKeyHex (): string {
     return this.to32BytesHex(this.randomScalar())
   }
 
   private randomScalar (): bigint {
     while (true) {
-      const bytes = crypto.randomBytes(32)
-      const k = BigInt('0x' + bytes.toString('hex'))
+      const bytes = Random(32)
+      const k = BigInt('0x' + Buffer.from(bytes).toString('hex'))
       if (k > 0n && k < this.n) return k
     }
   }
@@ -198,6 +229,10 @@ export default class Secp256r1 {
     return this.multiplyBase(d)
   }
 
+  /**
+   * Create an ECDSA signature over a message. Uses SHA-256 unless `prehashed` is true.
+   * Returns low-s normalized signature hex parts.
+   */
   sign (message: ByteSource, privateKey: string | bigint, opts: { prehashed?: boolean, nonce?: bigint } = {}): { r: string, s: string } {
     const { prehashed = false, nonce } = opts
     const d = this.toScalar(privateKey)
@@ -226,10 +261,13 @@ export default class Secp256r1 {
     }
   }
 
+  /**
+   * Verify an ECDSA signature against a message and public key.
+   */
   verify (message: ByteSource, signature: { r: string | bigint, s: string | bigint }, publicKey: P256Point | string, opts: { prehashed?: boolean } = {}): boolean {
     const { prehashed = false } = opts
     const q = typeof publicKey === 'string' ? this.pointFromHex(publicKey) : publicKey
-    if (!q || !this.isOnCurve(q)) return false
+    if ((q == null) || !this.isOnCurve(q)) return false
 
     const r = typeof signature.r === 'bigint' ? signature.r : BigInt('0x' + signature.r)
     const s = typeof signature.s === 'bigint' ? signature.s : BigInt('0x' + signature.s)
@@ -247,7 +285,7 @@ export default class Secp256r1 {
 
   private messageToBigInt (message: ByteSource, prehashed: boolean): bigint {
     const bytes = this.toBuffer(message)
-    const digest = prehashed ? bytes : crypto.createHash('sha256').update(bytes).digest()
+    const digest = prehashed ? bytes : Buffer.from(sha256(bytes))
     const hex = digest.toString('hex')
     return BigInt('0x' + hex) % this.n
   }

src/primitives/Secp256r1.ts

@@ -13,3 +13,4 @@ export { default as Random } from './Random.js'
 export { default as TransactionSignature } from './TransactionSignature.js'
 export { default as Polynomial, PointInFiniteField } from './Polynomial.js'
 export { default as Schnorr } from './Schnorr.js'
+export { default as Secp256r1 } from './Secp256r1.js'