@brashkie/signalis-core 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md ADDED
@@ -0,0 +1,110 @@
1
+ # Changelog
2
+
3
+ All notable changes to `@brashkie/signalis-core` are documented here.
4
+
5
+ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
6
+ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
+
8
+ ## [0.2.0] — 2026-05-22
9
+
10
+ ### ✨ Added
11
+
12
+ - **Ed25519 signatures** (RFC 8032) — new `Ed25519` namespace
13
+ - `Ed25519.generateKeyPair()`
14
+ - `Ed25519.keyPairFromSeed(seed)` — deterministic from 32-byte seed
15
+ - `Ed25519.publicFromPrivate(privateKey)`
16
+ - `Ed25519.sign(privateKey, message)` — deterministic
17
+ - `Ed25519.verify(publicKey, message, signature)` — throws on failure
18
+ - `Ed25519.verifyBool(publicKey, message, signature)` — returns boolean
19
+ - Constants: `Ed25519.PRIVATE_KEY_SIZE`, `PUBLIC_KEY_SIZE`, `SIGNATURE_SIZE`, `SEED_SIZE`
20
+
21
+ - **XEd25519 signatures** (Signal Protocol style) — new `XEd25519` namespace
22
+ - Sign with Curve25519 keys: ONE keypair for both ECDH and signing
23
+ - `XEd25519.sign(privateKey, message)` — uses OS RNG, non-deterministic
24
+ - `XEd25519.signWithRandom(privateKey, message, random)` — deterministic with 64-byte nonce
25
+ - `XEd25519.verify(publicKey, message, signature)`
26
+ - `XEd25519.verifyBool(publicKey, message, signature)`
27
+ - Constants: `XEd25519.PRIVATE_KEY_SIZE`, `PUBLIC_KEY_SIZE`, `SIGNATURE_SIZE`, `RANDOM_SIZE`
28
+
29
+ - **AES-GCM with AAD** — Additional Authenticated Data support
30
+ - `AES_GCM.encryptWithAad(key, nonce, plaintext, aad)`
31
+ - `AES_GCM.decryptWithAad(key, nonce, ciphertext, aad)`
32
+ - Bind metadata (headers) to ciphertext without encrypting them
33
+ - Tampering with AAD fails decryption (just like tampering with ciphertext)
34
+
35
+ - **New error class:**
36
+ - `SignatureError extends CryptoError` — thrown by `Ed25519.verify` / `XEd25519.verify`
37
+
38
+ - **New type:**
39
+ - `Signature = Buffer & { __brand?: 'Signature' }` — branded type for signatures
40
+ - Helper: `asSignature(buf): Signature`
41
+
42
+ - **New constants exported:**
43
+ - `ED25519_PRIVATE_KEY_SIZE`, `ED25519_PUBLIC_KEY_SIZE`, `ED25519_SIGNATURE_SIZE`, `ED25519_SEED_SIZE`
44
+ - `XED25519_PRIVATE_KEY_SIZE`, `XED25519_PUBLIC_KEY_SIZE`, `XED25519_SIGNATURE_SIZE`, `XED25519_RANDOM_SIZE`
45
+
46
+ - **New Rust crates:**
47
+ - `sc-ed25519` — Ed25519 signing (built on `ed25519-dalek`)
48
+ - `sc-xed25519` — XEd25519 with Curve25519 keys (built on `curve25519-dalek`)
49
+
50
+ - **New runnable examples** in `examples/`:
51
+ - `basic.mjs` — ECDH + HKDF + AES-GCM
52
+ - `signing.mjs` — Ed25519 + XEd25519
53
+ - `aad.mjs` — AES-GCM with AAD
54
+ - `e2e-channel.mjs` — Complete E2E channel
55
+
56
+ - **New documentation:**
57
+ - `MIGRATION.md` — Upgrade guide v0.1 → v0.2
58
+ - Updated `README.md`, `README.es.md`, `API.md`, `EXAMPLES.md`
59
+
60
+ ### 🔄 Changed
61
+
62
+ - `VERSION` constant bumped to `'0.2.0'`
63
+ - `package.json` keywords expanded with `ed25519`, `xed25519`, `aead`
64
+ - `AesGcmParams` interface now includes optional `aad?: Buffer`
65
+
66
+ ### 🔒 Security
67
+
68
+ - All new primitives use audited crates:
69
+ - `ed25519-dalek 2.x` — RFC 8032 reference implementation
70
+ - `curve25519-dalek 4.x` — Constant-time scalar operations
71
+ - XEd25519 implementation follows the [Signal spec](https://signal.org/docs/specifications/xeddsa/)
72
+ - All new Rust modules carry `#![deny(missing_docs)] #![deny(unsafe_code)] #![deny(clippy::unwrap_used)]`
73
+
74
+ ### ✅ Compatibility
75
+
76
+ **100% backwards compatible with v0.1.0.** Every existing API works unchanged:
77
+
78
+ - All existing imports continue to work
79
+ - All existing function signatures unchanged
80
+ - All existing error classes preserved
81
+ - All existing constants preserved
82
+ - Drop-in upgrade: just bump the version
83
+
84
+ ### 🧪 Testing
85
+
86
+ - **Total: ~269 tests passing**
87
+ - **Rust:** 48 tests (8 sc-aes incl. 3 AAD + 10 sc-ed25519 + 8 sc-xed25519 + existing)
88
+ - **Vitest:** 172 tests across 4 files
89
+ - **CJS:** 12 assertions
90
+ - **ESM:** 15 assertions
91
+
92
+ ## [0.1.0] — 2026-05-18
93
+
94
+ ### ✨ Initial release
95
+
96
+ - `Curve25519` — X25519 ECDH key agreement
97
+ - `HKDF` — RFC 5869 key derivation (extract, expand, derive, deriveMultiple)
98
+ - `AES_GCM` — AES-256-GCM authenticated encryption
99
+ - `AES_CBC` — AES-256-CBC block cipher (paired with HMAC)
100
+ - `HMAC` — HMAC-SHA256 with constant-time verification
101
+ - `SHA256` — SHA-256 hashing (hash, hashAll)
102
+ - Utility helpers: `secureRandom`, `randomNonce`, `randomIv`, `randomKey`, `toHex`, `fromHex`, `toBase64`, `fromBase64`, `toBase64Url`, `fromBase64Url`, `concat`, `zeroize`, `xor`, `constantTimeEqual`
103
+ - Validators: `assertBuffer`, `assertBufferLength`, `assertBufferOfSize`, `assertPositiveInteger`, `assertHkdfLength`
104
+ - Errors: `SignalisError`, `ValidationError`, `CryptoError`, `AuthenticationError`, `KeyDerivationError`, `LengthError`
105
+ - TypeScript types: `KeyPair`, `PublicKey`, `PrivateKey`, `SharedSecret`, `HkdfParams`, etc.
106
+ - Native bindings via napi-rs (7 platforms supported)
107
+ - 172 tests passing
108
+
109
+ [0.2.0]: https://github.com/Brashkie/signalis-core/releases/tag/v0.2.0
110
+ [0.1.0]: https://github.com/Brashkie/signalis-core/releases/tag/v0.1.0
package/MIGRATION.md ADDED
@@ -0,0 +1,256 @@
1
+ # Migration Guide
2
+
3
+ ## v0.1.0 → v0.2.0
4
+
5
+ **TL;DR:** It's a 100% drop-in replacement. Just bump the version.
6
+
7
+ ```bash
8
+ npm install @brashkie/signalis-core@^0.2.0
9
+ ```
10
+
11
+ No code changes needed. All v0.1.0 APIs continue to work identically.
12
+
13
+ ---
14
+
15
+ ## What's New
16
+
17
+ You now have access to:
18
+
19
+ - **`Ed25519`** namespace for standard digital signatures
20
+ - **`XEd25519`** namespace for Signal-style signatures with Curve25519 keys
21
+ - **`AES_GCM.encryptWithAad()` / `decryptWithAad()`** for authenticated encryption with associated data
22
+ - **`SignatureError`** class for signature verification failures
23
+ - **`Signature`** branded type and **`asSignature()`** helper
24
+ - New constants: `ED25519_*` and `XED25519_*`
25
+
26
+ ---
27
+
28
+ ## What's NOT Changed
29
+
30
+ These continue to work exactly as in v0.1.0:
31
+
32
+ | API | Status |
33
+ |-----|--------|
34
+ | `Curve25519.generateKeyPair()` | ✅ Unchanged — still returns `{ privateKey, publicKey }`, still frozen |
35
+ | `Curve25519.publicFromPrivate()` | ✅ Unchanged |
36
+ | `Curve25519.diffieHellman()` | ✅ Unchanged |
37
+ | `HKDF.extract()`, `expand()`, `derive()`, `deriveMultiple()`, `deriveFromParams()` | ✅ Unchanged |
38
+ | `AES_GCM.encrypt()`, `decrypt()` | ✅ Unchanged |
39
+ | `AES_CBC.encrypt()`, `decrypt()` | ✅ Unchanged |
40
+ | `HMAC.sha256()`, `verifySha256()` | ✅ Unchanged |
41
+ | `SHA256.hash()`, `hashAll()` | ✅ Unchanged |
42
+ | All utilities (`secureRandom`, `toHex`, etc.) | ✅ Unchanged |
43
+ | All errors (`SignalisError`, `ValidationError`, etc.) | ✅ Unchanged |
44
+ | All constants (`CURVE25519_*`, `AES_*`, `HKDF_*`, etc.) | ✅ Unchanged |
45
+ | Default export (`SignalisCore`) | ✅ Unchanged (now includes `Ed25519` and `XEd25519`) |
46
+
47
+ The only change you'll observe in your code base is that `VERSION === '0.2.0'`.
48
+
49
+ ---
50
+
51
+ ## Step-by-Step Migration
52
+
53
+ ### 1. Update the package
54
+
55
+ ```bash
56
+ npm install @brashkie/signalis-core@^0.2.0
57
+ ```
58
+
59
+ ### 2. Verify
60
+
61
+ ```bash
62
+ node -e "console.log(require('@brashkie/signalis-core').VERSION)"
63
+ # Should print: 0.2.0
64
+ ```
65
+
66
+ ### 3. Run your tests
67
+
68
+ Your existing test suite should pass without modifications. If anything fails, [open an issue](https://github.com/Brashkie/signalis-core/issues) — that would be a bug in v0.2.0.
69
+
70
+ ### 4. (Optional) Use new features
71
+
72
+ #### Adopt Ed25519 for separate signing keys
73
+
74
+ ```typescript
75
+ import { Ed25519 } from '@brashkie/signalis-core';
76
+
77
+ const keys = Ed25519.generateKeyPair();
78
+ const sig = Ed25519.sign(keys.privateKey, message);
79
+ Ed25519.verify(keys.publicKey, message, sig);
80
+ ```
81
+
82
+ #### Or adopt XEd25519 (Signal-style)
83
+
84
+ ```typescript
85
+ import { Curve25519, XEd25519 } from '@brashkie/signalis-core';
86
+
87
+ const identity = Curve25519.generateKeyPair();
88
+
89
+ // Use the SAME key for both ECDH and signing:
90
+ const shared = Curve25519.diffieHellman(identity.privateKey, peer);
91
+ const sig = XEd25519.sign(identity.privateKey, message);
92
+ XEd25519.verify(identity.publicKey, message, sig);
93
+ ```
94
+
95
+ #### Bind metadata to ciphertext with AAD
96
+
97
+ ```typescript
98
+ import { AES_GCM } from '@brashkie/signalis-core';
99
+
100
+ const header = Buffer.from('msg_id=42|sender=alice');
101
+ const ct = AES_GCM.encryptWithAad(key, nonce, plaintext, header);
102
+
103
+ // Decrypt MUST pass same AAD or fails
104
+ const pt = AES_GCM.decryptWithAad(key, nonce, ct, header);
105
+ ```
106
+
107
+ ---
108
+
109
+ ## Common Patterns
110
+
111
+ ### Pattern: Replacing HMAC-based authentication with proper signatures
112
+
113
+ **Before (v0.1.0):**
114
+
115
+ ```typescript
116
+ // Using HMAC over arbitrary data — symmetric, both parties share the key
117
+ const tag = HMAC.sha256(sharedKey, dataToAuthenticate);
118
+ const valid = HMAC.verifySha256(sharedKey, dataToAuthenticate, receivedTag);
119
+ ```
120
+
121
+ **After (v0.2.0):**
122
+
123
+ ```typescript
124
+ // Using Ed25519 — asymmetric, sender signs, anyone with public key verifies
125
+ const sig = Ed25519.sign(signerPrivateKey, dataToAuthenticate);
126
+ Ed25519.verify(signerPublicKey, dataToAuthenticate, sig);
127
+ ```
128
+
129
+ **When to use which:**
130
+
131
+ - **HMAC** — When both parties already share a secret (e.g., session key)
132
+ - **Ed25519/XEd25519** — When sender's identity needs to be verified by parties who only have the sender's public key
133
+
134
+ ### Pattern: Single identity key for ECDH + Signing
135
+
136
+ **Before (v0.1.0):**
137
+
138
+ ```typescript
139
+ // Needed two separate keypairs
140
+ const ecdhKeys = Curve25519.generateKeyPair();
141
+ // (no native signing — would need to roll your own)
142
+ ```
143
+
144
+ **After (v0.2.0):**
145
+
146
+ ```typescript
147
+ // One keypair for both!
148
+ const identity = Curve25519.generateKeyPair();
149
+
150
+ // ECDH:
151
+ const shared = Curve25519.diffieHellman(identity.privateKey, peerPublic);
152
+
153
+ // Signing with the SAME key:
154
+ const sig = XEd25519.sign(identity.privateKey, message);
155
+ ```
156
+
157
+ This is the Signal Protocol's design: one identity key, multiple uses.
158
+
159
+ ### Pattern: Authenticated metadata in encrypted messages
160
+
161
+ **Before (v0.1.0):**
162
+
163
+ ```typescript
164
+ // Had to manually MAC the header alongside ciphertext
165
+ const ciphertext = AES_GCM.encrypt(key, nonce, body);
166
+ const headerMac = HMAC.sha256(key, header);
167
+ const packet = Buffer.concat([header, headerMac, ciphertext]);
168
+ // Receiver: verify MAC, then decrypt
169
+ ```
170
+
171
+ **After (v0.2.0):**
172
+
173
+ ```typescript
174
+ // AES-GCM with AAD handles both at once
175
+ const ciphertext = AES_GCM.encryptWithAad(key, nonce, body, header);
176
+ const packet = Buffer.concat([header, ciphertext]);
177
+ // Receiver: decrypt with same header
178
+ const body = AES_GCM.decryptWithAad(key, nonce, ciphertext, header);
179
+ // Header tampering → AuthenticationError automatically
180
+ ```
181
+
182
+ ---
183
+
184
+ ## Performance Notes
185
+
186
+ - **No regressions** — all v0.1.0 paths are unchanged
187
+ - **New primitives:**
188
+ - Ed25519 signing: ~25,000 ops/sec
189
+ - Ed25519 verification: ~10,000 ops/sec
190
+ - XEd25519 signing: ~20,000 ops/sec
191
+ - XEd25519 verification: ~10,000 ops/sec
192
+ - AAD adds <5% overhead vs no AAD
193
+ - **Bundle size:** +~50 KB (Ed25519 + XEd25519 Rust bindings, compressed)
194
+
195
+ ---
196
+
197
+ ## Compatibility Matrix
198
+
199
+ | Node.js | Status |
200
+ |---------|--------|
201
+ | 18.x | ✅ Supported |
202
+ | 20.x | ✅ Supported |
203
+ | 22.x | ✅ Supported |
204
+ | 24.x | ✅ Supported |
205
+
206
+ | Platform | Status |
207
+ |----------|--------|
208
+ | Windows x64 (MSVC) | ✅ Prebuilt |
209
+ | macOS x64 | ✅ Prebuilt |
210
+ | macOS ARM64 | ✅ Prebuilt |
211
+ | Linux x64 (glibc) | ✅ Prebuilt |
212
+ | Linux x64 (musl) | ✅ Prebuilt |
213
+ | Linux ARM64 (glibc) | ✅ Prebuilt |
214
+ | Linux ARM64 (musl) | ✅ Prebuilt |
215
+
216
+ ---
217
+
218
+ ## FAQ
219
+
220
+ ### Q: Do I have to change anything in my code?
221
+
222
+ **A:** No. v0.2.0 is 100% backwards compatible.
223
+
224
+ ### Q: When should I use Ed25519 vs XEd25519?
225
+
226
+ **A:**
227
+ - **Ed25519** if you want clean separation between signing and ECDH keys, or you need deterministic signatures.
228
+ - **XEd25519** if you want to follow the Signal Protocol design (one identity key for both).
229
+
230
+ ### Q: Is XEd25519 less secure than Ed25519?
231
+
232
+ **A:** No. Both provide the same 128-bit security level. XEd25519 is a clever construction that lets you reuse a Curve25519 key for signing without compromising security. It's been used by Signal in production for years.
233
+
234
+ ### Q: Does AAD add overhead?
235
+
236
+ **A:** Negligible (<5%). AES-GCM natively supports AAD without performance penalty in the cryptographic operation; the small overhead is just the extra data passed across the NAPI boundary.
237
+
238
+ ### Q: Will there be a v0.3.0?
239
+
240
+ **A:** Yes, but it will be handled by the higher-level `@brashkie/signalis` package, which builds X3DH and Double Ratchet on top of these primitives.
241
+
242
+ ### Q: What if I find a bug?
243
+
244
+ **A:** [Open an issue](https://github.com/Brashkie/signalis-core/issues) on GitHub. For security issues, see [SECURITY.md](SECURITY.md) for the responsible disclosure process.
245
+
246
+ ---
247
+
248
+ ## Resources
249
+
250
+ - [README.md](README.md) — Library overview
251
+ - [API.md](API.md) — Full API reference
252
+ - [EXAMPLES.md](EXAMPLES.md) — More usage examples
253
+ - [`examples/`](examples/) — Runnable code samples
254
+ - [CHANGELOG.md](CHANGELOG.md) — Full release history
255
+
256
+ 🦀 + ❤️ Hepein Oficial
package/NOTICE CHANGED
@@ -1,12 +1,110 @@
1
- Signalis Core
2
- Copyright 2026 Brashkie (Hepein)
1
+ @brashkie/signalis-core
2
+ Copyright 2026 Brashkie / Hepein Oficial
3
3
 
4
- This product includes software developed by:
5
- - The curve25519-dalek authors (https://github.com/dalek-cryptography/curve25519-dalek)
6
- - The RustCrypto project (https://github.com/RustCrypto)
7
- - The napi-rs project (https://github.com/napi-rs/napi-rs)
4
+ This product is licensed under the Apache License, Version 2.0
5
+ (see LICENSE file in the project root).
8
6
 
9
- Signal Protocol design © Open Whisper Systems / Signal Foundation.
10
- This implementation is independent and not affiliated with Signal Foundation.
7
+ ═══════════════════════════════════════════════════════════════════════════
8
+ Third-party software included
9
+ ═══════════════════════════════════════════════════════════════════════════
11
10
 
12
- For the full list of dependencies and their licenses, see Cargo.lock and package.json.
11
+ This product includes the following third-party software, licensed under
12
+ their respective terms:
13
+
14
+ ─── Rust Dependencies ─────────────────────────────────────────────────────
15
+
16
+ curve25519-dalek 4.x
17
+ Copyright (c) Isis Lovecruft, Henry de Valence
18
+ Licensed under BSD-3-Clause
19
+ https://github.com/dalek-cryptography/curve25519-dalek
20
+
21
+ ed25519-dalek 2.x
22
+ Copyright (c) Isis Lovecruft
23
+ Licensed under BSD-3-Clause
24
+ https://github.com/dalek-cryptography/ed25519-dalek
25
+
26
+ x25519-dalek 2.x
27
+ Copyright (c) Isis Lovecruft, Henry de Valence
28
+ Licensed under BSD-3-Clause
29
+ https://github.com/dalek-cryptography/x25519-dalek
30
+
31
+ aes-gcm (RustCrypto)
32
+ Copyright (c) RustCrypto Developers
33
+ Licensed under Apache-2.0 OR MIT
34
+ https://github.com/RustCrypto/AEADs
35
+
36
+ aes (RustCrypto)
37
+ Copyright (c) RustCrypto Developers
38
+ Licensed under Apache-2.0 OR MIT
39
+ https://github.com/RustCrypto/block-ciphers
40
+
41
+ cbc (RustCrypto)
42
+ Copyright (c) RustCrypto Developers
43
+ Licensed under Apache-2.0 OR MIT
44
+ https://github.com/RustCrypto/block-modes
45
+
46
+ sha2 (RustCrypto)
47
+ Copyright (c) RustCrypto Developers
48
+ Licensed under Apache-2.0 OR MIT
49
+ https://github.com/RustCrypto/hashes
50
+
51
+ hmac (RustCrypto)
52
+ Copyright (c) RustCrypto Developers
53
+ Licensed under Apache-2.0 OR MIT
54
+ https://github.com/RustCrypto/MACs
55
+
56
+ hkdf (RustCrypto)
57
+ Copyright (c) RustCrypto Developers
58
+ Licensed under Apache-2.0 OR MIT
59
+ https://github.com/RustCrypto/KDFs
60
+
61
+ zeroize
62
+ Copyright (c) Tony Arcieri
63
+ Licensed under Apache-2.0 OR MIT
64
+ https://github.com/RustCrypto/utils/tree/master/zeroize
65
+
66
+ subtle
67
+ Copyright (c) Isis Lovecruft, Henry de Valence
68
+ Licensed under BSD-3-Clause
69
+ https://github.com/dalek-cryptography/subtle
70
+
71
+ rand
72
+ Licensed under Apache-2.0 OR MIT
73
+ https://github.com/rust-random/rand
74
+
75
+ thiserror
76
+ Copyright (c) David Tolnay
77
+ Licensed under Apache-2.0 OR MIT
78
+ https://github.com/dtolnay/thiserror
79
+
80
+ ─── NAPI Bindings ────────────────────────────────────────────────────────
81
+
82
+ napi-rs
83
+ Copyright (c) napi-rs contributors
84
+ Licensed under MIT
85
+ https://github.com/napi-rs/napi-rs
86
+
87
+ ═══════════════════════════════════════════════════════════════════════════
88
+ Specifications referenced
89
+ ═══════════════════════════════════════════════════════════════════════════
90
+
91
+ - RFC 7748 — Elliptic Curves for Security
92
+ - RFC 8032 — Edwards-Curve Digital Signature Algorithm (EdDSA)
93
+ - RFC 5869 — HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
94
+ - NIST SP 800-38D — AES-GCM
95
+ - FIPS 180-4 — Secure Hash Standard (SHA-256)
96
+ - FIPS 198-1 — HMAC
97
+
98
+ Signal Protocol specifications:
99
+ - X3DH: https://signal.org/docs/specifications/x3dh/
100
+ - Double Ratchet: https://signal.org/docs/specifications/doubleratchet/
101
+ - XEdDSA: https://signal.org/docs/specifications/xeddsa/
102
+
103
+ ═══════════════════════════════════════════════════════════════════════════
104
+
105
+ The full text of all third-party licenses can be found in the respective
106
+ crate repositories linked above, or obtained by running:
107
+
108
+ cargo about generate licenses.html
109
+
110
+ For questions about licensing, contact: brashkie@hepein.com