Interface Secp256k1Wasm

An object that wraps the WebAssembly implementation of libsecp256k1.

It's very unlikely that consumers will need to use this interface directly. See Secp256k1 for a more purely-functional API.

Hierarchy

  • Secp256k1Wasm

Properties

contextCreate: ((context: ContextFlag) => number)

Type declaration

    • (context: ContextFlag): number
    • Create a Secp256k1 context object.

      The purpose of context structures is to cache large precomputed data tables that are expensive to construct, and also to maintain the randomization data for blinding.

      Do not create a new context object for each operation, as construction is far slower than all other API calls (~100 times slower than an ECDSA verification).

      Parameters

      • context: ContextFlag

        a Context flag representing the capabilities needed

      Returns number

contextRandomize: ((contextPtr: number, seedPtr: number) => 0 | 1)

Type declaration

    • (contextPtr: number, seedPtr: number): 0 | 1
    • Updates the context randomization to protect against side-channel leakage.

      Returns 1 if the randomization was successfully updated, or 0 if not.

      While secp256k1 code is written to be constant-time no matter what secret values are, it's possible that a future compiler may output code that isn't, and also that the CPU may not emit the same radio frequencies or draw the same amount power for all values.

      This function provides a seed that is combined into the blinding value: that blinding value is added before each multiplication (and removed afterwards) so that it does not affect function results, but shields against attacks that rely on any input-dependent behavior.

      You should call this after contextCreate or secp256k1_context_clone, and may call this repeatedly afterwards.

      Parameters

      • contextPtr: number

        pointer to a context object

      • seedPtr: number

        pointer to a 32-byte random seed

      Returns 0 | 1

free: ((pointer: number) => number)

Type declaration

    • (pointer: number): number
    • Frees a pointer allocated by the malloc method.

      Parameters

      • pointer: number

        the pointer to be freed

      Returns number

heapU32: Uint32Array
heapU8: Uint8Array
instance: Instance
malloc: ((bytes: number) => number)

Type declaration

    • (bytes: number): number
    • Allocates the given number of bytes in WebAssembly memory.

      Parameters

      • bytes: number

      Returns number

mallocSizeT: ((value: number) => number)

Type declaration

    • (value: number): number
    • The Secp256k1 library accepts a pointer to a size_t outputlen for both ec_pubkey_serialize & ecdsa_signature_serialize_der.

      This is a convenience method to create and set the value of those pointers.

      Parameters

      • value: number

        the value of the size_t (e.g. the buffer length)

      Returns number

mallocUint8Array: ((array: Uint8Array) => number)

Type declaration

    • (array: Uint8Array): number
    • Allocates space for the provided array, and assigns the array to the space.

      Parameters

      • array: Uint8Array

        a Uint8Array to allocate in WebAssembly memory

      Returns number

privkeyTweakAdd: ((contextPtr: number, secretKeyPtr: number, tweakNum256Ptr: number) => 0 | 1)

Type declaration

    • (contextPtr: number, secretKeyPtr: number, tweakNum256Ptr: number): 0 | 1
    • Tweak a privateKey by adding tweak to it. Returns 1 if adding succeeded, 0 otherwise.

      Parameters

      • contextPtr: number

        pointer to a context object

      • secretKeyPtr: number

        pointer to a 32 byte private key

      • tweakNum256Ptr: number

        pointer to a 256 bit int representing the tweak value

      Returns 0 | 1

privkeyTweakMul: ((contextPtr: number, secretKeyPtr: number, tweakNum256Ptr: number) => 0 | 1)

Type declaration

    • (contextPtr: number, secretKeyPtr: number, tweakNum256Ptr: number): 0 | 1
    • Tweak a privateKey by multiplying tweak to it. Returns 1 if multiplying succeeded, 0 otherwise.

      Parameters

      • contextPtr: number

        pointer to a context object

      • secretKeyPtr: number

        pointer to a 32 byte private key

      • tweakNum256Ptr: number

        pointer to a 256 bit int representing the tweak value

      Returns 0 | 1

pubkeyCreate: ((contextPtr: number, publicKeyPtr: number, secretKeyPtr: number) => 0 | 1)

Type declaration

    • (contextPtr: number, publicKeyPtr: number, secretKeyPtr: number): 0 | 1
    • Compute the public key for a secret key.

      Returns 1 if the secret was valid and public key stored, otherwise 0.

      Parameters

      • contextPtr: number

        pointer to a context object, initialized for signing

      • publicKeyPtr: number

        pointer to the created public key (note, this is an internal representation, and must be serialized for outside use)

      • secretKeyPtr: number

        pointer to a 32-byte private key

      Returns 0 | 1

pubkeyParse: ((contextPtr: number, publicKeyOutPtr: number, publicKeyInPtr: number, publicKeyInLength: 33 | 65) => 0 | 1)

Type declaration

    • (contextPtr: number, publicKeyOutPtr: number, publicKeyInPtr: number, publicKeyInLength: 33 | 65): 0 | 1
    • Parse a variable-length public key into the pubkey object.

      Returns 1 if the public key was fully valid, or 0 if the public key could not be parsed or is invalid.

      This function supports parsing compressed (33 bytes, header byte 0x02 or 0x03), uncompressed (65 bytes, header byte 0x04), or hybrid (65 bytes, header byte 0x06 or 0x07) format public keys.

      Parameters

      • contextPtr: number

        pointer to a context object

      • publicKeyOutPtr: number

        a pointer to a 64 byte space where the parsed public key will be written. (internal format)

      • publicKeyInPtr: number

        pointer to a serialized public key

      • publicKeyInLength: 33 | 65

        the number of bytes to read from publicKeyInPtr (Note, this should be a simple integer, rather than a size_t pointer as is required by the serialization methods.)

      Returns 0 | 1

pubkeySerialize: ((contextPtr: number, outputPtr: number, outputLengthPtr: number, publicKeyPtr: number, compression: CompressionFlag) => 1)

Type declaration

    • (contextPtr: number, outputPtr: number, outputLengthPtr: number, publicKeyPtr: number, compression: CompressionFlag): 1
    • Serialize a pubkey object into a serialized byte sequence.

      Always returns 1.

      Parameters

      • contextPtr: number

        pointer to a context object

      • outputPtr: number

        pointer to a 65-byte (if uncompressed) or 33-byte (if compressed) byte array in which to place the serialized key

      • outputLengthPtr: number

        pointer to an integer that is initially set to the size of output, and is overwritten with the written size

      • publicKeyPtr: number

        pointer to a public key (parsed, internal format)

      • compression: CompressionFlag

        a CompressionFlag indicating compressed or uncompressed

      Returns 1

pubkeyTweakAdd: ((contextPtr: number, publicKeyPtr: number, tweakNum256Ptr: number) => 0 | 1)

Type declaration

    • (contextPtr: number, publicKeyPtr: number, tweakNum256Ptr: number): 0 | 1
    • Tweak a publicKey by adding tweak times the generator to it. Returns 1 if adding succeeded, 0 otherwise.

      Parameters

      • contextPtr: number

        pointer to a context object

      • publicKeyPtr: number

        pointer to a 64 byte space representing a public key (internal format)

      • tweakNum256Ptr: number

        pointer to a 256 bit int representing the tweak value

      Returns 0 | 1

pubkeyTweakMul: ((contextPtr: number, publicKeyPtr: number, tweakNum256Ptr: number) => 0 | 1)

Type declaration

    • (contextPtr: number, publicKeyPtr: number, tweakNum256Ptr: number): 0 | 1
    • Tweak a publicKey by multiplying it by a tweak value. Returns 1 if multiplying succeeded, 0 otherwise.

      Parameters

      • contextPtr: number

        pointer to a context object

      • publicKeyPtr: number

        pointer to a 64 byte space representing a public key (internal format)

      • tweakNum256Ptr: number

        pointer to a 256 bit int representing the tweak value

      Returns 0 | 1

readHeapU8: ((pointer: number, bytes: number) => Uint8Array)

Type declaration

    • (pointer: number, bytes: number): Uint8Array
    • Read from WebAssembly memory by creating a new Uint8Array beginning at pointer and continuing through the number of bytes provided.

      Parameters

      • pointer: number

        a pointer to the beginning of the Uint8Array element

      • bytes: number

        the number of bytes to copy

      Returns Uint8Array

readSizeT: ((pointer: number) => number)

Type declaration

    • (pointer: number): number
    • Read a size_t from WebAssembly memory.

      Parameters

      • pointer: number

        a pointer to the size_t variable to read

      Returns number

recover: ((contextPtr: number, publicKeyPtr: number, rSigPtr: number, msg32Ptr: number) => 0 | 1)

Type declaration

    • (contextPtr: number, publicKeyPtr: number, rSigPtr: number, msg32Ptr: number): 0 | 1
    • Compute the public key given a recoverable signature and message hash.

      Returns 1 if the signature was valid and public key stored, otherwise 0.

      Parameters

      • contextPtr: number

        pointer to a context object, initialized for signing

      • publicKeyPtr: number

        pointer to the created public key (note, this is an internal representation, and must be serialized for outside use)

      • rSigPtr: number

        pointer to a recoverable signature (internal format)

      • msg32Ptr: number

        pointer to the 32-byte message hash the signed by this signature

      Returns 0 | 1

recoverableSignatureParse: ((contextPtr: number, outputRSigPtr: number, inputSigPtr: number, rid: number) => 0 | 1)

Type declaration

    • (contextPtr: number, outputRSigPtr: number, inputSigPtr: number, rid: number): 0 | 1
    • Parse an ECDSA signature in compact (64 bytes) format with a recovery number. Returns 1 when the signature could be parsed, 0 otherwise.

      The signature must consist of a 32-byte big endian R value, followed by a 32-byte big endian S value. If R or S fall outside of [0..order-1], the encoding is invalid. R and S with value 0 are allowed in the encoding.

      After the call, sig will always be initialized. If parsing failed or R or S are zero, the resulting sig value is guaranteed to fail validation for any message and public key.

      Parameters

      • contextPtr: number

        pointer to a context object

      • outputRSigPtr: number

        a pointer to a 65 byte space where the parsed signature will be written. (internal format)

      • inputSigPtr: number

        pointer to a serialized signature in compact format

      • rid: number

        the recovery number, as an int. (Not a pointer)

      Returns 0 | 1

recoverableSignatureSerialize: ((contextPtr: number, sigOutPtr: number, recIDOutPtr: number, rSigPtr: number) => 1)

Type declaration

    • (contextPtr: number, sigOutPtr: number, recIDOutPtr: number, rSigPtr: number): 1
    • Serialize a recoverable ECDSA signature in compact (64 byte) format along with the recovery number. Always returns 1.

      See recoverableSignatureParse for details about the encoding.

      Parameters

      • contextPtr: number

        pointer to a context object

      • sigOutPtr: number

        pointer to a 64-byte space to store the compact serialization

      • recIDOutPtr: number

        pointer to an int that will store the recovery number

      • rSigPtr: number

        pointer to the 65-byte signature to be serialized (internal format)

      Returns 1

schnorrSign: ((contextPtr: number, outputSigPtr: number, msg32Ptr: number, secretKeyPtr: number) => 0 | 1)

Type declaration

    • (contextPtr: number, outputSigPtr: number, msg32Ptr: number, secretKeyPtr: number): 0 | 1
    • Create a Secp256k1 EC-Schnorr-SHA256 signature (BCH construction).

      Signatures are 64-bytes, non-malleable, and support both batch validation and multiparty signing. Nonces are generated using RFC6979, where the Section 3.6, 16-byte ASCII "additional data" is set to Schnorr+SHA256 . This avoids leaking a private key by inadvertently creating both an ECDSA signature and a Schnorr signature using the same nonce.

      Returns 1 if the signature was created, 0 if the nonce generation function failed, or the private key was invalid.

      Note, this WebAssembly Secp256k1 implementation does not currently support the final two arguments from the C library, noncefp and ndata. The default nonce generation function, secp256k1_nonce_function_default, is always used.

      Parameters

      • contextPtr: number

        pointer to a context object, initialized for signing

      • outputSigPtr: number

        pointer to a 64 byte space where the signature will be written

      • msg32Ptr: number

        pointer to the 32-byte message hash being signed

      • secretKeyPtr: number

        pointer to a 32-byte secret key

      Returns 0 | 1

schnorrVerify: ((contextPtr: number, sigPtr: number, msg32Ptr: number, publicKeyPtr: number) => 0 | 1)

Type declaration

    • (contextPtr: number, sigPtr: number, msg32Ptr: number, publicKeyPtr: number): 0 | 1
    • Verify a Secp256k1 EC-Schnorr-SHA256 signature (BCH construction).

      Returns 1 if the signature is valid or 0 on failure.

      Parameters

      • contextPtr: number

        pointer to a context object, initialized for verification.

      • sigPtr: number

        pointer to the 64-byte schnorr signature being verified

      • msg32Ptr: number

        pointer to the 32-byte message hash being verified

      • publicKeyPtr: number

      Returns 0 | 1

seckeyVerify: ((contextPtr: number, secretKeyPtr: number) => 0 | 1)

Type declaration

    • (contextPtr: number, secretKeyPtr: number): 0 | 1
    • Verify an ECDSA secret key.

      Returns 1 if the secret key is valid, or 0 if the secret key is invalid.

      Parameters

      • contextPtr: number

        pointer to a context object

      • secretKeyPtr: number

        pointer to a 32-byte secret key

      Returns 0 | 1

sign: ((contextPtr: number, outputSigPtr: number, msg32Ptr: number, secretKeyPtr: number) => 0 | 1)

Type declaration

    • (contextPtr: number, outputSigPtr: number, msg32Ptr: number, secretKeyPtr: number): 0 | 1
    • Create an ECDSA signature. The created signature is always in lower-S form.

      Returns 1 if the signature was created, 0 if the nonce generation function failed, or the private key was invalid.

      Note, this WebAssembly Secp256k1 implementation does not currently support the final two arguments from the C library, noncefp and ndata. The default nonce generation function, secp256k1_nonce_function_default, is always used.

      Parameters

      • contextPtr: number

        pointer to a context object, initialized for signing

      • outputSigPtr: number

        pointer to a 64 byte space where the signature will be written (internal format)

      • msg32Ptr: number

        pointer to the 32-byte message hash being signed

      • secretKeyPtr: number

        pointer to a 32-byte secret key

      Returns 0 | 1

signRecoverable: ((contextPtr: number, outputRSigPtr: number, msg32Ptr: number, secretKeyPtr: number) => 0 | 1)

Type declaration

    • (contextPtr: number, outputRSigPtr: number, msg32Ptr: number, secretKeyPtr: number): 0 | 1
    • Create a recoverable ECDSA signature. The created signature is always in lower-S form.

      Returns 1 if the signature was created, 0 if the nonce generation function failed, or the private key was invalid.

      Note, this WebAssembly Secp256k1 implementation does not currently support the final two arguments from the C library, noncefp and ndata. The default nonce generation function, secp256k1_nonce_function_default, is always used.

      Parameters

      • contextPtr: number

        pointer to a context object, initialized for signing

      • outputRSigPtr: number

        pointer to a 65 byte space where the signature will be written (internal format)

      • msg32Ptr: number

        pointer to the 32-byte message hash being signed

      • secretKeyPtr: number

        pointer to a 32-byte secret key

      Returns 0 | 1

signatureMalleate: ((contextPtr: number, outputSigPtr: number, inputSigPtr: number) => 1)

Type declaration

    • (contextPtr: number, outputSigPtr: number, inputSigPtr: number): 1
    • Malleate an ECDSA signature.

      This is done by negating the S value modulo the order of the curve, "flipping" the sign of the random point R that is not included in the signature.

      This method is added by Libauth to make testing of signatureNormalize easier.

      Parameters

      • contextPtr: number

        pointer to a context object

      • outputSigPtr: number

        pointer to a 64 byte space where the malleated signature will be written (internal format)

      • inputSigPtr: number

        pointer to a signature to malleate

      Returns 1

signatureNormalize: ((contextPtr: number, outputSigPtr: number, inputSigPtr: number) => 0 | 1)

Type declaration

    • (contextPtr: number, outputSigPtr: number, inputSigPtr: number): 0 | 1
    • Convert a signature to a normalized lower-S form.

      Returns 1 if inputSigPtr was not normalized, 0 if inputSigPtr was already normalized.

      With ECDSA a third-party can forge a second distinct signature of the same message, given a single initial signature, but without knowing the key. This is done by negating the S value modulo the order of the curve, "flipping" the sign of the random point R which is not included in the signature.

      Forgery of the same message isn't universally problematic, but in systems where message malleability or uniqueness of signatures is important this can cause issues. This forgery can be blocked by all verifiers forcing signers to use a normalized form.

      The lower-S form reduces the size of signatures slightly on average when variable length encodings (such as DER) are used and is cheap to verify, making it a good choice. Security of always using lower-S is assured because anyone can trivially modify a signature after the fact to enforce this property anyway.

      The lower S value is always between 0x1 and 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, inclusive.

      No other forms of ECDSA malleability are known and none seem likely, but there is no formal proof that ECDSA, even with this additional restriction, is free of other malleability. Commonly used serialization schemes will also accept various non-unique encodings, so care should be taken when this property is required for an application.

      The sign function will by default create signatures in the lower-S form, and verify will not accept others. In case signatures come from a system that cannot enforce this property, signatureNormalize must be called before verification.

      Parameters

      • contextPtr: number

        pointer to a context object

      • outputSigPtr: number

        pointer to a 64 byte space where the normalized signature will be written (internal format)

      • inputSigPtr: number

        pointer to a signature to check/normalize (internal format)

      Returns 0 | 1

signatureParseCompact: ((contextPtr: number, sigOutPtr: number, compactSigInPtr: number) => 0 | 1)

Type declaration

    • (contextPtr: number, sigOutPtr: number, compactSigInPtr: number): 0 | 1
    • Parse an ECDSA signature in compact (64 bytes) format. Returns 1 when the signature could be parsed, 0 otherwise.

      The signature must consist of a 32-byte big endian R value, followed by a 32-byte big endian S value. If R or S fall outside of [0..order-1], the encoding is invalid. R and S with value 0 are allowed in the encoding.

      After the call, sig will always be initialized. If parsing failed or R or S are zero, the resulting sig value is guaranteed to fail validation for any message and public key.

      Parameters

      • contextPtr: number

        pointer to a context object

      • sigOutPtr: number

        a pointer to a 64 byte space where the parsed signature will be written. (internal format)

      • compactSigInPtr: number

        pointer to a serialized signature in compact format

      Returns 0 | 1

signatureParseDER: ((contextPtr: number, sigOutPtr: number, sigDERInPtr: number, sigDERInLength: number) => 0 | 1)

Type declaration

    • (contextPtr: number, sigOutPtr: number, sigDERInPtr: number, sigDERInLength: number): 0 | 1
    • Parse a DER ECDSA signature.

      Returns 1 when the signature could be parsed, 0 otherwise.

      This function will accept any valid DER encoded signature, even if the encoded numbers are out of range.

      After the call, sig will always be initialized. If parsing failed or the encoded numbers are out of range, signature validation with it is guaranteed to fail for every message and public key.

      Parameters

      • contextPtr: number

        pointer to a context object

      • sigOutPtr: number

        a pointer to a 64 byte space where the parsed signature will be written. (internal format)

      • sigDERInPtr: number

        pointer to a DER serialized signature

      • sigDERInLength: number

        the number of bytes to read from sigDERInPtr (Note, this should be a simple integer, rather than a size_t pointer as is required by the serialization methods.)

      Returns 0 | 1

signatureSerializeCompact: ((contextPtr: number, outputCompactSigPtr: number, inputSigPtr: number) => 1)

Type declaration

    • (contextPtr: number, outputCompactSigPtr: number, inputSigPtr: number): 1
    • Serialize an ECDSA signature in compact (64 byte) format. Always returns 1.

      See signatureParseCompact for details about the encoding.

      Parameters

      • contextPtr: number

        pointer to a context object

      • outputCompactSigPtr: number

        pointer to a 64-byte space to store the compact serialization

      • inputSigPtr: number

        pointer to the 64-byte signature to be serialized (internal format)

      Returns 1

signatureSerializeDER: ((contextPtr: number, outputDERSigPtr: number, outputDERSigLengthPtr: number, inputSigPtr: number) => 0 | 1)

Type declaration

    • (contextPtr: number, outputDERSigPtr: number, outputDERSigLengthPtr: number, inputSigPtr: number): 0 | 1
    • Serialize an ECDSA signature in DER format.

      Returns 1 if enough space was available to serialize, 0 otherwise.

      Parameters

      • contextPtr: number

        pointer to a context object

      • outputDERSigPtr: number

        pointer to a 72 byte space to store the DER serialization

      • outputDERSigLengthPtr: number

        pointer to a size_t integer. Initially, this should be set to the length of outputDERSigPtr (72). After the call it will be set to the length of the serialization (even if 0 was returned).

      • inputSigPtr: number

        pointer to the 64-byte signature to be serialized (internal format)

      Returns 0 | 1

verify: ((contextPtr: number, sigPtr: number, msg32Ptr: number, pubkeyPtr: number) => 0 | 1)

Type declaration

    • (contextPtr: number, sigPtr: number, msg32Ptr: number, pubkeyPtr: number): 0 | 1
    • Verify an ECDSA signature.

      Returns 1 if the signature is valid, 0 if the signature is incorrect or failed parsing.

      To avoid accepting malleable signatures, only ECDSA signatures in lower-S form are accepted.

      If you need to accept ECDSA signatures from sources that do not obey this rule, apply secp256k1_ecdsa_signature_normalize to the signature prior to validation, but be aware that doing so results in malleable signatures.

      Parameters

      • contextPtr: number

        pointer to a context object, initialized for verification.

      • sigPtr: number

        pointer to the parsed signature being verified (internal format)

      • msg32Ptr: number

        pointer to the 32-byte message hash being verified

      • pubkeyPtr: number

        pointer to the parsed pubkey with which to verify (internal format)

      Returns 0 | 1

Generated using TypeDoc