@blamejs/blamejs-shop 0.1.0 → 0.1.1

package/lib/vendor/blamejs/test/layer-0-primitives/cose.test.js

@@ -170,12 +170,12 @@ async function testValidation() {
   }
   check("sign/verify: malformed args throw the right codes", ok);
 
-  // Detached payload (nil) is explicitly unsupported in v1.
+  // A detached (nil) payload without opts.externalPayload is refused.
   var protBstr = b.cbor.encode(new Map([[1, -7]]));
   var detached = b.cbor.encode(new b.cbor.Tag(18, [protBstr, new Map(), null, Buffer.from([0, 0])]));
   var det = null;
   try { await b.cose.verify(detached, { algorithms: ["ES256"], publicKey: EC.publicKey }); } catch (e) { det = e; }
-  check("verify: detached payload refused (v1 attached-only)", det && det.code === "cose/detached-unsupported");
+  check("verify: detached payload without externalPayload refused", det && det.code === "cose/detached-no-payload");
 
   // Codex P2 on PR #184 — a non-byte payload (text string here) must
   // be refused, not returned as a non-Buffer.
@@ -192,6 +192,61 @@ async function testValidation() {
   check("verify: non-map unprotected header refused", bu && bu.code === "cose/malformed");
 }
 
+async function testDetachedPayload() {
+  var payload = Buffer.from("detached COSE payload", "utf8");
+  var det = await b.cose.sign(payload, { alg: "ES256", privateKey: EC.privateKey, detached: true });
+  // payload slot must be nil
+  var arr = b.cbor.decode(det, { allowedTags: [18] }).value;
+  check("detached: payload slot is nil", arr[2] === null);
+  var out = await b.cose.verify(det, { algorithms: ["ES256"], publicKey: EC.publicKey, externalPayload: payload });
+  check("detached: verify with externalPayload returns it", out.payload.equals(payload));
+
+  var noPay = null;
+  try { await b.cose.verify(det, { algorithms: ["ES256"], publicKey: EC.publicKey }); } catch (e) { noPay = e; }
+  check("detached: verify without externalPayload refused", noPay && noPay.code === "cose/detached-no-payload");
+
+  var wrong = null;
+  try { await b.cose.verify(det, { algorithms: ["ES256"], publicKey: EC.publicKey, externalPayload: Buffer.from("x") }); } catch (e) { wrong = e; }
+  check("detached: wrong externalPayload fails signature", wrong && wrong.code === "cose/bad-signature");
+
+  // attached token + externalPayload is ambiguous
+  var att = await b.cose.sign(payload, { alg: "ES256", privateKey: EC.privateKey });
+  var amb = null;
+  try { await b.cose.verify(att, { algorithms: ["ES256"], publicKey: EC.publicKey, externalPayload: payload }); } catch (e) { amb = e; }
+  check("detached: externalPayload on an attached token refused", amb && amb.code === "cose/payload-ambiguous");
+}
+
+async function testImportKey() {
+  // EC2 P-256 COSE_Key built from the JWK, then used to verify.
+  var jwk = EC.publicKey.export({ format: "jwk" });
+  var coseKey = new Map([[1, 2], [-1, 1], [-2, Buffer.from(jwk.x, "base64url")], [-3, Buffer.from(jwk.y, "base64url")]]);
+  var imported = b.cose.importKey(coseKey);
+  check("importKey: EC2 P-256 matches the JWK x", imported.export({ format: "jwk" }).x === jwk.x);
+  var att = await b.cose.sign(Buffer.from("k"), { alg: "ES256", privateKey: EC.privateKey });
+  check("importKey: imported key verifies a COSE_Sign1", (await b.cose.verify(att, { algorithms: ["ES256"], publicKey: imported })).payload.toString() === "k");
+
+  // OKP Ed25519
+  var ejwk = ED.publicKey.export({ format: "jwk" });
+  var okp = new Map([[1, 1], [-1, 6], [-2, Buffer.from(ejwk.x, "base64url")]]);
+  check("importKey: OKP Ed25519", b.cose.importKey(okp).asymmetricKeyType === "ed25519");
+
+  // unsupported curve / kty refused
+  var bad = null;
+  try { b.cose.importKey(new Map([[1, 2], [-1, 99], [-2, Buffer.from(jwk.x, "base64url")], [-3, Buffer.from(jwk.y, "base64url")]])); } catch (e) { bad = e; }
+  check("importKey: unsupported EC2 curve refused", bad && bad.code === "cose/unsupported-key");
+  var badKty = null;
+  try { b.cose.importKey(new Map([[1, 4], [-2, Buffer.from(jwk.x, "base64url")]])); } catch (e) { badKty = e; }
+  check("importKey: unsupported kty refused", badKty && (badKty.code === "cose/unsupported-key" || badKty.code === "cose/bad-cose-key"));
+
+  // secp256k1 (crv id 8) is refused — b.cose has no ES256K path, so
+  // accepting it would let it verify under ES256 (alg/curve mis-binding).
+  var k1 = nodeCrypto.generateKeyPairSync("ec", { namedCurve: "secp256k1" });
+  var k1jwk = k1.publicKey.export({ format: "jwk" });
+  var secpBad = null;
+  try { b.cose.importKey(new Map([[1, 2], [-1, 8], [-2, Buffer.from(k1jwk.x, "base64url")], [-3, Buffer.from(k1jwk.y, "base64url")]])); } catch (e) { secpBad = e; }
+  check("importKey: secp256k1 refused (no ES256K binding)", secpBad && secpBad.code === "cose/unsupported-key");
+}
+
 async function run() {
   testSurface();
   testEncrypt0();
@@ -201,6 +256,50 @@ async function run() {
   await testTamperAndAllowlist();
   await testCritBypassDefense();
   await testValidation();
+  await testDetachedPayload();
+  await testImportKey();
+  testMac0();
+}
+
+function testMac0() {
+  var key = nodeCrypto.randomBytes(32);
+  var pt = Buffer.from("cose mac0 payload", "utf8");
+  var m = b.cose.mac0(pt, { alg: "HMAC-256/256", key: key });
+  check("mac0: tagged COSE_Mac0 (tag 17 → 0xd1)", m[0] === 0xd1);
+  var out = b.cose.macVerify0(m, { algorithms: ["HMAC-256/256"], key: key });
+  check("mac0: round-trips payload + alg", out.payload.equals(pt) && out.alg === "HMAC-256/256");
+
+  var wrongKey = null;
+  try { b.cose.macVerify0(m, { algorithms: ["HMAC-256/256"], key: nodeCrypto.randomBytes(32) }); } catch (e) { wrongKey = e; }
+  check("mac0: wrong key refused", wrongKey && wrongKey.code === "cose/bad-tag");
+
+  var tampered = Buffer.from(m); tampered[tampered.length - 1] ^= 0xff;
+  var tamp = null;
+  try { b.cose.macVerify0(tampered, { algorithms: ["HMAC-256/256"], key: key }); } catch (e) { tamp = e; }
+  check("mac0: tampered tag refused", tamp && tamp.code === "cose/bad-tag");
+
+  var notAllowed = null;
+  try { b.cose.macVerify0(m, { algorithms: ["HMAC-512/512"], key: key }); } catch (e) { notAllowed = e; }
+  check("mac0: alg not in allowlist refused", notAllowed && notAllowed.code === "cose/alg-not-allowed");
+
+  var md = b.cose.mac0(pt, { alg: "HMAC-384/384", key: key, detached: true });
+  check("mac0: detached verify with externalPayload", b.cose.macVerify0(md, { algorithms: ["HMAC-384/384"], key: key, externalPayload: pt }).payload.equals(pt));
+  var noPay = null;
+  try { b.cose.macVerify0(md, { algorithms: ["HMAC-384/384"], key: key }); } catch (e) { noPay = e; }
+  check("mac0: detached without externalPayload refused", noPay && noPay.code === "cose/detached-no-payload");
+
+  var ma = b.cose.mac0(pt, { alg: "HMAC-512/512", key: key, externalAad: Buffer.from("ctx-A", "utf8") });
+  var aadBad = null;
+  try { b.cose.macVerify0(ma, { algorithms: ["HMAC-512/512"], key: key, externalAad: Buffer.from("ctx-B", "utf8") }); } catch (e) { aadBad = e; }
+  check("mac0: external_aad mismatch refused", aadBad && aadBad.code === "cose/bad-tag");
+
+  // crit-bypass defense: a COSE_Mac0 marking an unknown critical header
+  // is refused (matching b.cose.verify).
+  var protCrit = b.cbor.encode(new Map([[1, 5], [2, [99]]]));
+  var macCrit = b.cbor.encode(new b.cbor.Tag(17, [protCrit, new Map(), Buffer.from("x", "utf8"), Buffer.alloc(32)]));
+  var critErr = null;
+  try { b.cose.macVerify0(macCrit, { algorithms: ["HMAC-256/256"], key: key }); } catch (e) { critErr = e; }
+  check("mac0: unknown crit header refused", critErr && critErr.code === "cose/crit-unknown");
 }
 
 module.exports = { run: run };

package/lib/vendor/blamejs/test/layer-0-primitives/crypto-self-test.test.js

@@ -0,0 +1,74 @@
+"use strict";
+/**
+ * Layer 0 — b.crypto.selfTest (FIPS 140-3-style power-on self-test).
+ * Confirms the KATs (NIST FIPS 202 SHA3/SHAKE vectors), the AEAD
+ * round-trip + tamper-detect, and the PQC pairwise-consistency +
+ * negative checks all run and pass, and that the report shape +
+ * throwOnFailure contract hold.
+ */
+
+var b = require("../../index");
+var helpers = require("../helpers");
+var check = helpers.check;
+var nodeCrypto = require("node:crypto");
+
+var EXPECTED = [
+  "SHA3-512 KAT (FIPS 202)",
+  "SHA3-256 KAT (FIPS 202)",
+  "SHAKE256 KAT (FIPS 202)",
+  "HMAC-SHA3-512 determinism",
+  "XChaCha20-Poly1305 round-trip + tamper-detect",
+  "ML-KEM-1024 encaps/decaps pairwise consistency",
+  "ML-DSA-87 sign/verify + negative",
+  "SLH-DSA-SHAKE-256f sign/verify + negative",
+];
+
+function testSurface() {
+  check("b.crypto.selfTest is a function", typeof b.crypto.selfTest === "function");
+}
+
+function testAllPass() {
+  var r = b.crypto.selfTest();
+  check("selfTest: ok true", r.ok === true);
+  check("selfTest: no failures", r.failures.length === 0);
+  check("selfTest: ranAt is an ISO timestamp", typeof r.ranAt === "string" && !isNaN(Date.parse(r.ranAt)));
+  // every expected check ran and passed
+  var names = r.results.map(function (x) { return x.name; });
+  EXPECTED.forEach(function (name) {
+    check("selfTest ran + passed: " + name, names.indexOf(name) !== -1 && r.results[names.indexOf(name)].ok === true);
+  });
+}
+
+function testKatMatchesNistVectors() {
+  // Independent cross-check of the KAT references against node's own
+  // FIPS-validated SHA3 (the self-test's hash digests are the standard
+  // FIPS 202 answers, not framework-vs-framework).
+  check("SHA3-512(abc) is the FIPS 202 vector",
+    b.crypto.sha3Hash("abc") === nodeCrypto.createHash("sha3-512").update("abc").digest("hex"));
+  check("SHA3-512(abc) starts with the published prefix",
+    b.crypto.sha3Hash("abc").indexOf("b751850b1a57168a") === 0);
+}
+
+function testReportContract() {
+  // throwOnFailure:false always returns the structured report.
+  var r = b.crypto.selfTest({ throwOnFailure: false });
+  check("throwOnFailure:false returns a report", r && Array.isArray(r.results) && typeof r.ok === "boolean");
+  // each result carries a name + ok boolean
+  check("each result has name + ok", r.results.every(function (x) { return typeof x.name === "string" && typeof x.ok === "boolean"; }));
+}
+
+async function run() {
+  testSurface();
+  testAllPass();
+  testKatMatchesNistVectors();
+  testReportContract();
+}
+
+module.exports = { run: run };
+
+if (require.main === module) {
+  run().then(
+    function () { console.log("[crypto-self-test] OK — " + helpers.getChecks() + " checks passed"); },
+    function (e) { console.error("FAIL:", e && e.stack || e); process.exit(1); }
+  );
+}

package/lib/vendor/blamejs/test/layer-0-primitives/did.test.js

@@ -128,12 +128,41 @@ function testRefusals() {
   check("RSA key → unsupported", code(function () { b.did.keyToDid(rsa.publicKey); }) === "did/unsupported-key");
 }
 
+function testDidJwk() {
+  var ec = nodeCrypto.generateKeyPairSync("ec", { namedCurve: "P-256" });
+  var ed = nodeCrypto.generateKeyPairSync("ed25519");
+
+  var dj = b.did.keyToDid(ec.publicKey, { method: "jwk" });
+  check("did:jwk: keyToDid produces a did:jwk", dj.indexOf("did:jwk:") === 0);
+  check("did:jwk: parse method", b.did.parse(dj).method === "jwk");
+  var r = b.did.resolve(dj);
+  check("did:jwk: resolves to the key", _spkiEq(r.verificationMethods[0].publicKey, ec.publicKey));
+  check("did:jwk: vm type JsonWebKey2020 + publicKeyJwk", r.verificationMethods[0].type === "JsonWebKey2020" && !!r.didDocument.verificationMethod[0].publicKeyJwk);
+  check("did:jwk: Ed25519 round-trips", _spkiEq(b.did.resolve(b.did.keyToDid(ed.publicKey, { method: "jwk" })).verificationMethods[0].publicKey, ed.publicKey));
+  // keyToDid default is still did:key
+  check("did:jwk: keyToDid default is did:key", b.did.keyToDid(ec.publicKey).indexOf("did:key:") === 0);
+  // private member is stripped from the produced did:jwk
+  var decoded = JSON.parse(Buffer.from(dj.slice("did:jwk:".length), "base64url").toString("utf8"));
+  check("did:jwk: no private 'd' member encoded", decoded.d === undefined && typeof decoded.x === "string");
+
+  function code(fn) { try { fn(); return "NO-THROW"; } catch (e) { return e.code; } }
+  check("did:jwk: non-JSON id refused", code(function () { b.did.resolve("did:jwk:" + Buffer.from("not json", "utf8").toString("base64url")); }) === "did/bad-jwk");
+  check("did:jwk: unsupported kty refused", code(function () {
+    b.did.resolve("did:jwk:" + Buffer.from(JSON.stringify({ kty: "RSA", n: "x", e: "AQAB" }), "utf8").toString("base64url"));
+  }) === "did/unsupported-key");
+  // keyToDid must also refuse an unsupported key when emitting did:jwk —
+  // generation and resolution share the allowlist so the DID round-trips.
+  var rsa = nodeCrypto.generateKeyPairSync("rsa", { modulusLength: 2048 });
+  check("did:jwk: keyToDid refuses RSA (round-trip guarantee)", code(function () { b.did.keyToDid(rsa.publicKey, { method: "jwk" }); }) === "did/unsupported-key");
+}
+
 async function run() {
   testSurface();
   testSpecVector();
   testRoundTrips();
   await testCredentialIntegration();
   testDidWeb();
+  testDidJwk();
   testRefusals();
 }
 

package/lib/vendor/blamejs/test/layer-0-primitives/dnssec.test.js

@@ -0,0 +1,130 @@
+"use strict";
+/**
+ * Layer 0 — b.network.dns.dnssec (local DNSSEC RRSIG verification).
+ * The oracles are REAL captured DNSKEY responses (Cloudflare DoH,
+ * application/dns-message) for an ECDSA-P256 zone (cloudflare.com) and
+ * an RSA/SHA-256 zone (verisign.com): a byte off in the RFC 4034
+ * canonicalisation would fail these real-world signatures. Verified at a
+ * fixed instant inside each RRSIG's window so the fixture never expires.
+ */
+
+var b = require("../../index");
+var helpers = require("../helpers");
+var check = helpers.check;
+
+// Real `cloudflare.com` DNSKEY response (ECDSA P-256 / alg 13), captured
+// via Cloudflare DoH with the DO bit set.
+var CF_HEX = "000081a000010003000000010a636c6f7564666c61726503636f6d0000300001c00c003000010000071200440100030da09311112cf9138818cd2feae970ebbd4d6a30f6088c25b325a39abbc5cd1197aa098283e5aaf421177c2aa5d714992a9957d1bcc18f98cd71f1f1806b65e148c00c003000010000071200440101030d99db2cc14cabdc33d6d77da63a2f15f71112584f234e8d1dc428e39e8a4a97e1aa271a555dc90701e17e2a4c4b6f120b7c32d44f4ac02bd894cf2d4be7778a19c00c002e000100000712006200300d0200000e106a604d3e6a0fe1be09430a636c6f7564666c61726503636f6d008a40d46e9ff1d7eae7a3824de100af4eba33c5cc88751c29fb7bf1a931d68ab1d25c19c8be0f06da464aebaad3f171be9ed92e20ae1b1bf25e54cc18939a2a5e00002904d0000080000000";
+// Real `verisign.com` DNSKEY response (RSA/SHA-256 / alg 8).
+var VS_HEX = "000081a0000100040000000108766572697369676e03636f6d0000300001c00c0030000100000cb900880100030803010001a24a87ea79dcc74adda5bad2b0ad3e5514b06c30dd14dcfe1ef3503e1591ccd67a486bf4d87e496c9c5f7009f6796eb54324157d5baa5815063816323bd2f1d2846d278c34c551cd4cf67c1adf21427836603e37c4230bc47ce59845fb697f53471a824be691e683580b92020f12c7a8efeb02f12fc475dbdeca65a0bb0a4f6fc00c0030000100000cb900880100030803010001cc288a535db6a1b542355d84ad07d77cd1729f6eb191b24698becb69ec43aaddbc1714102fd9a8745683d211a33bc88103e96a893e83cff7d27bce7cfeafc6ac2b3b85d0f95e2952d8c413a54aaeee378701f8627805ac97a778a0cd323ce1585139a3a84a9e5a28850ed427e8038fd2f0600f96e0188f46f33acede7811d711c00c0030000100000cb901080101030803010001bfb6a7aca1ef6f910e6dc358935f7132dd3a6fc716550739861b28f4c06ab0e6a4d8082bc7615fa898ed12594cb03e8c89d918d3c2c0d1036bfeae7b73f831ac49634c46cdb3d0c307dd53298f32c52fc16764729b133c105a4ec701ba2a3fbbb60ee6cf9c21dcc0ffbb270e3bc5e6bbf4cf1d07d1b00f50655c5d8e7724f951b3ac69d748265351aa014269ffd31678248ce15168aed3fcfbb1a32704743d76b15fc1abdb157c17b3d7deee5a6742019c32ee87a9bce449281122f586964d3f23cd502fbbb2c0504611876c50ca780ea958313dc9f7dec485aa90cd15bf42a66d80da99df2c46c3974ead4f88332a810b83d6e2a416d7ee8318f3c4c671eaa3c00c002e000100000cb901200030080200000e106a3b146f6a13876fd7a408766572697369676e03636f6d0075ae4e787092f2120d8592cf56d3cd87f06813e38aadd90111ba7e656e90ee1c969591cda2ed4838db2648a68326fa04cbd3886ff2fd48f954284bff78459c8a78c4ecb8b2462f0bd1636555dd96b1e83f7cf322d1a4806480eef57e16b65cf5d2229184cab0c573f30a16f5af94b4cd15c05a04c62cd2ca8afc2f39c6067ec2fed95cc044f88f4a746388de20fe58decccda4b1cbc50d8f011cd56055c56c375464b9999e3e04d6a7180ca5fce5801b445cfc9f33b6fdac4f5c9d9714deaa77420ee4f147f1fefb63187230cfb93c2a3c218130c707fb42dfb4d445a33197ebfbf00087d1012f2dc0f4b29857908a2de33aef8ebbcc326cf4e1ef60181cf82a00002904d0000080000000";
+
+function _rdName(buf, off) {
+  var ls = [], jumped = false, end = off;
+  for (;;) {
+    var len = buf[off];
+    if (len === 0) { off++; if (!jumped) end = off; break; }
+    if ((len & 0xc0) === 0xc0) { if (!jumped) end = off + 2; off = ((len & 0x3f) << 8) | buf[off + 1]; jumped = true; continue; }
+    off++; ls.push(buf.slice(off, off + len).toString("ascii")); off += len;
+  }
+  return { name: ls.join(".") + (ls.length ? "." : ""), end: end };
+}
+
+// Parse a DNSKEY DoH response → { keys: [{rdata, alg, pubkey}], rrsig }.
+function _parse(hex) {
+  var buf = Buffer.from(hex, "hex");
+  var qd = buf.readUInt16BE(4), an = buf.readUInt16BE(6), off = 12;
+  for (var q = 0; q < qd; q++) off = _rdName(buf, off).end + 4;
+  var keys = [], rrsig = null;
+  for (var i = 0; i < an; i++) {
+    off = _rdName(buf, off).end;
+    var type = buf.readUInt16BE(off), rdlen = buf.readUInt16BE(off + 8);
+    off += 10;
+    var rd = buf.slice(off, off + rdlen); off += rdlen;
+    if (type === 48) keys.push({ rdata: rd, alg: rd[3], pubkey: rd.slice(4) });
+    else if (type === 46) {
+      var sn = _rdName(rd, 18);
+      rrsig = { algorithm: rd[2], labels: rd[3], originalTtl: rd.readUInt32BE(4), expiration: rd.readUInt32BE(8), inception: rd.readUInt32BE(12), keyTag: rd.readUInt16BE(16), signerName: sn.name, signature: rd.slice(sn.end) };
+    }
+  }
+  return { keys: keys, rrsig: rrsig };
+}
+
+function _vector(hex, zone) {
+  var p = _parse(hex);
+  var ksk = p.keys.find(function (k) { return b.network.dns.dnssec.keyTag(k.rdata) === p.rrsig.keyTag; });
+  return { zone: zone, keys: p.keys, rrsig: p.rrsig, ksk: ksk, at: new Date(p.rrsig.inception * 1000 + 1000) };
+}
+
+function testSurface() {
+  check("b.network.dns.dnssec.verifyRrset is a function", typeof b.network.dns.dnssec.verifyRrset === "function");
+  check("b.network.dns.dnssec.verifyDs is a function", typeof b.network.dns.dnssec.verifyDs === "function");
+  check("b.network.dns.dnssec.keyTag is a function", typeof b.network.dns.dnssec.keyTag === "function");
+}
+
+function testRealVectors() {
+  var cf = _vector(CF_HEX, "cloudflare.com");
+  check("keyTag computes the real RRSIG key tag (ECDSA)", cf.ksk !== undefined);
+  var ecOut = b.network.dns.dnssec.verifyRrset({ name: cf.zone, type: "DNSKEY", rdatas: cf.keys.map(function (k) { return k.rdata; }), rrsig: cf.rrsig, dnskey: { algorithm: cf.ksk.alg, publicKey: cf.ksk.pubkey }, at: cf.at });
+  check("verifyRrset: real cloudflare.com DNSKEY self-sig verifies (ECDSAP256SHA256)", ecOut.ok && ecOut.algorithm === "ECDSAP256SHA256");
+
+  var vs = _vector(VS_HEX, "verisign.com");
+  check("keyTag computes the real RRSIG key tag (RSA)", vs.ksk !== undefined);
+  var rsaOut = b.network.dns.dnssec.verifyRrset({ name: vs.zone, type: "DNSKEY", rdatas: vs.keys.map(function (k) { return k.rdata; }), rrsig: vs.rrsig, dnskey: { algorithm: vs.ksk.alg, publicKey: vs.ksk.pubkey }, at: vs.at });
+  check("verifyRrset: real verisign.com DNSKEY self-sig verifies (RSASHA256)", rsaOut.ok && rsaOut.algorithm === "RSASHA256");
+}
+
+function testRefusals() {
+  var cf = _vector(CF_HEX, "cloudflare.com");
+  function code(fn) { try { fn(); return "NO-THROW"; } catch (e) { return e.code; } }
+  var base = { name: cf.zone, type: "DNSKEY", rrsig: cf.rrsig, dnskey: { algorithm: cf.ksk.alg, publicKey: cf.ksk.pubkey }, at: cf.at };
+  function withRdatas(rd) { return Object.assign({}, base, { rdatas: rd }); }
+
+  var tampered = cf.keys.map(function (k) { return Buffer.from(k.rdata); });
+  tampered[0][tampered[0].length - 1] ^= 0xff;
+  check("verifyRrset: tampered RRset refused", code(function () { b.network.dns.dnssec.verifyRrset(withRdatas(tampered)); }) === "dnssec/bad-signature");
+
+  var rd = cf.keys.map(function (k) { return k.rdata; });
+  check("verifyRrset: expired RRSIG refused", code(function () { b.network.dns.dnssec.verifyRrset(Object.assign({}, base, { rdatas: rd, at: new Date((cf.rrsig.expiration + 60) * 1000) })); }) === "dnssec/expired");
+  check("verifyRrset: not-yet-valid RRSIG refused", code(function () { b.network.dns.dnssec.verifyRrset(Object.assign({}, base, { rdatas: rd, at: new Date((cf.rrsig.inception - 60) * 1000) })); }) === "dnssec/not-yet-valid");
+  check("verifyRrset: invalid opts.at refused", code(function () { b.network.dns.dnssec.verifyRrset(Object.assign({}, base, { rdatas: rd, at: new Date("nope") })); }) === "dnssec/bad-at");
+  check("verifyRrset: name-bearing RR type refused (not mis-validated)", code(function () { b.network.dns.dnssec.verifyRrset(Object.assign({}, base, { type: "NS", rdatas: rd })); }) === "dnssec/uncanonicalizable-type");
+  check("verifyRrset: DNSKEY/RRSIG algorithm mismatch refused", code(function () { b.network.dns.dnssec.verifyRrset(Object.assign({}, base, { rdatas: rd, dnskey: { algorithm: 8, publicKey: cf.ksk.pubkey } })); }) === "dnssec/alg-mismatch");
+}
+
+function testVerifyDs() {
+  var cf = _vector(CF_HEX, "cloudflare.com");
+  var nodeCrypto = require("node:crypto");
+  // Build the SHA-256 DS digest over (canonical owner name || DNSKEY rdata),
+  // then confirm verifyDs accepts it and rejects a tampered digest / key tag.
+  function canonName(name) {
+    var n = name.replace(/\.$/, ""), parts = [];
+    n.split(".").forEach(function (l) { var b2 = Buffer.from(l.toLowerCase(), "ascii"); parts.push(Buffer.from([b2.length]), b2); });
+    parts.push(Buffer.from([0]));
+    return Buffer.concat(parts);
+  }
+  var tag = b.network.dns.dnssec.keyTag(cf.ksk.rdata);
+  var digest = nodeCrypto.createHash("sha256").update(Buffer.concat([canonName("cloudflare.com"), cf.ksk.rdata])).digest();
+  var ds = { keyTag: tag, algorithm: cf.ksk.alg, digestType: 2, digest: digest };
+  check("verifyDs: matching DS accepted", b.network.dns.dnssec.verifyDs({ ownerName: "cloudflare.com", dnskeyRdata: cf.ksk.rdata, ds: ds }).ok === true);
+
+  function code(fn) { try { fn(); return "NO-THROW"; } catch (e) { return e.code; } }
+  var badDigest = Buffer.from(digest); badDigest[0] ^= 0xff;
+  check("verifyDs: tampered digest refused", code(function () { b.network.dns.dnssec.verifyDs({ ownerName: "cloudflare.com", dnskeyRdata: cf.ksk.rdata, ds: Object.assign({}, ds, { digest: badDigest }) }); }) === "dnssec/ds-mismatch");
+  check("verifyDs: key-tag mismatch refused", code(function () { b.network.dns.dnssec.verifyDs({ ownerName: "cloudflare.com", dnskeyRdata: cf.ksk.rdata, ds: Object.assign({}, ds, { keyTag: (tag + 1) & 0xffff }) }); }) === "dnssec/keytag-mismatch");
+}
+
+async function run() {
+  testSurface();
+  testRealVectors();
+  testRefusals();
+  testVerifyDs();
+}
+
+module.exports = { run: run };
+
+if (require.main === module) {
+  run().then(
+    function () { console.log("[dnssec] OK — " + helpers.getChecks() + " checks passed"); },
+    function (e) { console.error("FAIL:", e && e.stack || e); process.exit(1); }
+  );
+}

package/lib/vendor/blamejs/test/layer-0-primitives/mdoc.test.js

@@ -76,6 +76,14 @@ async function _makeMdoc(cert, opts) {
       ["validUntil", validUntilTag],
     ])],
   ]);
+  // Optional deviceKeyInfo.deviceKey (a COSE_Key) for device-auth tests.
+  if (opts.deviceJwk) {
+    mso.set("deviceKeyInfo", new Map([["deviceKey", new Map([
+      [1, 2], [-1, 1],
+      [-2, Buffer.from(opts.deviceJwk.x, "base64url")],
+      [-3, Buffer.from(opts.deviceJwk.y, "base64url")],
+    ])]]));
+  }
   var payload = cbor.encode(new cbor.Tag(24, cbor.encode(mso)));
   var signed = await b.cose.sign(payload, { alg: opts.alg || "ES256", privateKey: cert.key, unprotectedHeaders: { 33: cert.certDer } });
   var issuerAuth = cbor.decode(signed, { allowedTags: [18, 24] }).value;
@@ -212,12 +220,56 @@ async function testChainAndInputGuards() {
   check("verify: missing algorithms refused", e4 && e4.code === "mdoc/algorithms-required");
 }
 
+async function testDeviceAuth() {
+  var cert = _makeCert();
+  var device = nodeCrypto.generateKeyPairSync("ec", { namedCurve: "P-256" });
+  var deviceJwk = device.publicKey.export({ format: "jwk" });
+  // issuer-signed mdoc carrying the device key in the MSO
+  var mdoc = await _makeMdoc(cert, { deviceJwk: deviceJwk });
+  var issuer = await b.mdoc.verifyIssuerSigned(mdoc, { algorithms: ["ES256"] });
+  check("verifyIssuerSigned: returns the deviceKey", issuer.deviceKey instanceof Map || (issuer.deviceKey && typeof issuer.deviceKey === "object"));
+
+  // build a DeviceSigned: detached COSE_Sign1 over DeviceAuthentication
+  var sessionTranscript = ["DE-bytes", "ER-bytes", ["handover", 1]];
+  var deviceNsBytes = new cbor.Tag(24, cbor.encode(new Map()));
+  var da = ["DeviceAuthentication", sessionTranscript, DOCTYPE, deviceNsBytes];
+  var daBytes = cbor.encode(new cbor.Tag(24, cbor.encode(da)));
+  var sig = await b.cose.sign(daBytes, { alg: "ES256", privateKey: device.privateKey, detached: true });
+  var sigArr = cbor.decode(sig, { allowedTags: [18, 24] }).value;
+  var deviceSigned = new Map([["nameSpaces", deviceNsBytes], ["deviceAuth", new Map([["deviceSignature", sigArr]])]]);
+
+  var out = await b.mdoc.verifyDeviceAuth({ deviceKey: issuer.deviceKey, deviceSigned: deviceSigned, docType: DOCTYPE, sessionTranscript: sessionTranscript, algorithms: ["ES256"] });
+  check("verifyDeviceAuth: verifies with the MSO device key", out.docType === DOCTYPE && out.alg === "ES256");
+
+  // wrong session transcript → signature fails (binding works)
+  var e1 = null;
+  try { await b.mdoc.verifyDeviceAuth({ deviceKey: issuer.deviceKey, deviceSigned: deviceSigned, docType: DOCTYPE, sessionTranscript: ["tampered"], algorithms: ["ES256"] }); } catch (e) { e1 = e; }
+  check("verifyDeviceAuth: wrong sessionTranscript refused", e1 && e1.code === "cose/bad-signature");
+
+  // wrong docType → signature fails
+  var e2 = null;
+  try { await b.mdoc.verifyDeviceAuth({ deviceKey: issuer.deviceKey, deviceSigned: deviceSigned, docType: "org.iso.18013.5.1.other", sessionTranscript: sessionTranscript, algorithms: ["ES256"] }); } catch (e) { e2 = e; }
+  check("verifyDeviceAuth: wrong docType refused", e2 && e2.code === "cose/bad-signature");
+
+  // MAC variant → unsupported (deferred)
+  var dsMac = new Map([["nameSpaces", deviceNsBytes], ["deviceAuth", new Map([["deviceMac", [Buffer.alloc(3), new Map(), null, Buffer.alloc(8)]]])]]);
+  var e3 = null;
+  try { await b.mdoc.verifyDeviceAuth({ deviceKey: issuer.deviceKey, deviceSigned: dsMac, docType: DOCTYPE, sessionTranscript: sessionTranscript, algorithms: ["ES256"] }); } catch (e) { e3 = e; }
+  check("verifyDeviceAuth: MAC variant refused (deferred)", e3 && e3.code === "mdoc/device-mac-unsupported");
+
+  // missing sessionTranscript
+  var e4 = null;
+  try { await b.mdoc.verifyDeviceAuth({ deviceKey: issuer.deviceKey, deviceSigned: deviceSigned, docType: DOCTYPE, algorithms: ["ES256"] }); } catch (e) { e4 = e; }
+  check("verifyDeviceAuth: missing sessionTranscript refused", e4 && e4.code === "mdoc/no-session-transcript");
+}
+
 async function run() {
   testSurface();
   await testRoundTrip();
   await testDigestAndSignatureRefusals();
   await testValidityAndDocType();
   await testChainAndInputGuards();
+  await testDeviceAuth();
 }
 
 module.exports = { run: run };

package/lib/vendor/blamejs/test/layer-0-primitives/vc.test.js

@@ -170,12 +170,75 @@ async function testTemporalAndStructural() {
   check("verify: object issuer id extracted", oo.issuer === "did:example:obj");
 }
 
+async function testPresentation() {
+  var HOLDER = nodeCrypto.generateKeyPairSync("ed25519");
+  var holderId = "did:example:holder";
+  var jws = await b.vc.issue(_cred(), { securing: "jose", alg: "ES256", privateKey: EC.privateKey });
+
+  // jose VP wrapping a VC, with nonce + audience holder-binding
+  var vp = await b.vc.present({
+    credentials: [jws], holder: holderId, securing: "jose", alg: "EdDSA", privateKey: HOLDER.privateKey,
+    nonce: "chal-1", audience: "https://verifier.example",
+  });
+  check("present: VP is a compact JWS", typeof vp === "string" && vp.split(".").length === 3);
+  check("present: typ vp+jwt", JSON.parse(Buffer.from(vp.split(".")[0], "base64url").toString("utf8")).typ === "vp+jwt");
+
+  var out = await b.vc.verifyPresentation(vp, {
+    algorithms: ["EdDSA"], publicKey: HOLDER.publicKey, expectedHolder: holderId,
+    nonce: "chal-1", audience: "https://verifier.example",
+    verifyCredentials: true, credentialOpts: { algorithms: ["ES256"], publicKey: EC.publicKey },
+  });
+  check("verifyPresentation: holder returned", out.holder === holderId && out.securing === "jose");
+  check("verifyPresentation: enclosed VC verified", out.credentials.length === 1 && out.credentials[0].credential.credentialSubject.degree === "BS");
+
+  // cose VP
+  var coseVc = await b.vc.issue(_cred(), { securing: "cose", alg: "ES256", privateKey: EC.privateKey });
+  var vpc = await b.vc.present({ credentials: [coseVc], holder: holderId, securing: "cose", alg: "EdDSA", privateKey: HOLDER.privateKey });
+  var outc = await b.vc.verifyPresentation(vpc, { algorithms: ["EdDSA"], publicKey: HOLDER.publicKey, verifyCredentials: true, credentialOpts: { algorithms: ["ES256"], publicKey: EC.publicKey } });
+  check("cose VP: round-trips + enclosed VC verified", outc.holder === holderId && outc.credentials.length === 1);
+
+  // refusals
+  var e1 = null;
+  try { await b.vc.verifyPresentation(vp, { algorithms: ["EdDSA"], publicKey: HOLDER.publicKey, nonce: "wrong" }); } catch (e) { e1 = e; }
+  check("verifyPresentation: nonce mismatch refused", e1 && e1.code === "vc/nonce-mismatch");
+  var e2 = null;
+  try { await b.vc.verifyPresentation(vp, { algorithms: ["EdDSA"], publicKey: HOLDER.publicKey, audience: "https://other" }); } catch (e) { e2 = e; }
+  check("verifyPresentation: audience mismatch refused", e2 && e2.code === "vc/audience-mismatch");
+  var e3 = null;
+  try { await b.vc.verifyPresentation(vp, { algorithms: ["EdDSA"], publicKey: HOLDER.publicKey, expectedHolder: "did:example:other" }); } catch (e) { e3 = e; }
+  check("verifyPresentation: holder mismatch refused", e3 && e3.code === "vc/holder-mismatch");
+  // verifying the VP with the wrong typ (a VC) must fail typ check
+  var e4 = null;
+  try { await b.vc.verifyPresentation(jws, { algorithms: ["ES256"], publicKey: EC.publicKey }); } catch (e) { e4 = e; }
+  check("verifyPresentation: a VC (vc+jwt) is refused as a VP", e4 && e4.code === "vc/bad-typ");
+  // a VP cannot be verified as a VC
+  var e5 = null;
+  try { await b.vc.verify(vp, { algorithms: ["EdDSA"], publicKey: HOLDER.publicKey }); } catch (e) { e5 = e; }
+  check("verify: a VP (vp+jwt) is refused as a VC", e5 && e5.code === "vc/bad-typ");
+  // present requires credentials + holder
+  var e6 = null;
+  try { await b.vc.present({ credentials: [], holder: holderId, securing: "jose", alg: "EdDSA", privateKey: HOLDER.privateKey }); } catch (e) { e6 = e; }
+  check("present: empty credentials refused", e6 && e6.code === "vc/no-credentials");
+
+  // A holder-signed VP with a NON-ARRAY verifiableCredential must fail
+  // closed (not coerce to [] and skip credential verification).
+  var badVp = { "@context": ["https://www.w3.org/ns/credentials/v2"], type: ["VerifiablePresentation"], holder: holderId, verifiableCredential: { foo: "bar" } };
+  var h = Buffer.from(JSON.stringify({ alg: "EdDSA", typ: "vp+jwt" }), "utf8").toString("base64url");
+  var p = Buffer.from(JSON.stringify(badVp), "utf8").toString("base64url");
+  var si = h + "." + p;
+  var badVpJws = si + "." + nodeCrypto.sign(null, Buffer.from(si, "ascii"), HOLDER.privateKey).toString("base64url");
+  var e7 = null;
+  try { await b.vc.verifyPresentation(badVpJws, { algorithms: ["EdDSA"], publicKey: HOLDER.publicKey, verifyCredentials: true, credentialOpts: { algorithms: ["ES256"], publicKey: EC.publicKey } }); } catch (e) { e7 = e; }
+  check("verifyPresentation: non-array verifiableCredential refused (no bypass)", e7 && e7.code === "vc/bad-presentation");
+}
+
 async function run() {
   testSurface();
   await testJoseRoundTrip();
   await testCoseRoundTrip();
   await testRefusals();
   await testTemporalAndStructural();
+  await testPresentation();
 }
 
 module.exports = { run: run };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/blamejs-shop",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Open-source framework built on blamejs. Vendored stack, zero npm runtime deps, PQC-first crypto, security-on by default.",
   "main": "lib/index.js",
   "scripts": {