npm - @neuraiproject/neurai-message - Versions diffs - 0.7.0 → 0.8.0 - Mend

@neuraiproject/neurai-message 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/** returns a base64 encoded string representation of the legacy signature */
+export function sign(message: string, privateKey: Uint8Array, compressed?: boolean): any;
+export function signPQMessage(message: string, privateKey: Uint8Array, publicKey: Uint8Array): string;
+export function verifyLegacyMessage(message: string, address: string, signature: string | Uint8Array): any;
+export function verifyPQMessage(message: string, address: string, signature: string | Uint8Array): any;
+export function verifyMessage(message: string, address: string, signature: string | Uint8Array): any;
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"mappings":"AA0IA,6EAA6E;AAC7E,qBAAqB,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,UAAO,OAS9E;AAED,8BACE,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,UAAU,UAetB;AAED,oCACE,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAAG,UAAU,OAY/B;AAED,gCACE,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAAG,UAAU,OAuD/B;AAED,8BACE,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAAG,UAAU,OAK/B","sources":["index.ts"],"sourcesContent":["import { createHash } from \"crypto\";\nimport { bech32m } from \"bech32\";\nimport * as bitcoinMessage from \"bitcoinjs-message\";\nimport { ml_dsa44 } from \"@noble/post-quantum/ml-dsa.js\";\n\nconst MESSAGE_MAGIC = \"Neurai Signed Message:\\n\";\nconst PQ_MESSAGE_SIGNATURE_PREFIX = 0x35;\nconst PQ_SERIALIZED_PUBKEY_PREFIX = 0x05;\nconst PQ_PUBLIC_KEY_LENGTH = 1312;\nconst PQ_SERIALIZED_PUBKEY_LENGTH = 1 + PQ_PUBLIC_KEY_LENGTH;\nconst PQ_SIGNATURE_LENGTH = 2420;\nconst LEGACY_MESSAGE_PREFIX =\n String.fromCharCode(Buffer.byteLength(MESSAGE_MAGIC, \"utf8\")) +\n MESSAGE_MAGIC;\n\nfunction encodeCompactSize(value: number): Buffer {\n if (!Number.isInteger(value) || value < 0) {\n throw new Error(\"CompactSize value must be a non-negative integer\");\n }\n\n if (value < 253) {\n return Buffer.from([value]);\n }\n\n if (value <= 0xffff) {\n const buffer = Buffer.alloc(3);\n buffer[0] = 0xfd;\n buffer.writeUInt16LE(value, 1);\n return buffer;\n }\n\n if (value <= 0xffffffff) {\n const buffer = Buffer.alloc(5);\n buffer[0] = 0xfe;\n buffer.writeUInt32LE(value, 1);\n return buffer;\n }\n\n throw new Error(\"CompactSize values above uint32 are not supported\");\n}\n\nfunction decodeCompactSize(buffer: Buffer, offset: number) {\n if (offset >= buffer.length) {\n throw new Error(\"Unexpected end of CompactSize data\");\n }\n\n const first = buffer[offset];\n if (first < 253) {\n return { value: first, offset: offset + 1 };\n }\n\n if (first === 0xfd) {\n if (offset + 3 > buffer.length) {\n throw new Error(\"Unexpected end of CompactSize uint16 data\");\n }\n return { value: buffer.readUInt16LE(offset + 1), offset: offset + 3 };\n }\n\n if (first === 0xfe) {\n if (offset + 5 > buffer.length) {\n throw new Error(\"Unexpected end of CompactSize uint32 data\");\n }\n return { value: buffer.readUInt32LE(offset + 1), offset: offset + 5 };\n }\n\n if (first === 0xff) {\n throw new Error(\"CompactSize uint64 is not supported\");\n }\n\n throw new Error(\"Invalid CompactSize prefix\");\n}\n\nfunction sha256(bytes: Uint8Array) {\n return createHash(\"sha256\").update(bytes).digest();\n}\n\nfunction hash256(bytes: Uint8Array) {\n return sha256(sha256(bytes));\n}\n\nfunction hash160(bytes: Uint8Array) {\n return createHash(\"ripemd160\").update(sha256(bytes)).digest();\n}\n\nfunction encodeMessageHash(message: string) {\n const messageBytes = Buffer.from(message, \"utf8\");\n const magicBytes = Buffer.from(MESSAGE_MAGIC, \"utf8\");\n const payload = Buffer.concat([\n encodeCompactSize(magicBytes.length),\n magicBytes,\n encodeCompactSize(messageBytes.length),\n messageBytes,\n ]);\n\n return hash256(payload);\n}\n\nfunction toSignatureBuffer(signature: string | Uint8Array) {\n return typeof signature === \"string\"\n ? Buffer.from(signature, \"base64\")\n : Buffer.from(signature);\n}\n\nfunction normalizePQPublicKey(publicKey: Uint8Array) {\n const buffer = Buffer.from(publicKey);\n\n if (\n buffer.length === PQ_SERIALIZED_PUBKEY_LENGTH &&\n buffer[0] === PQ_SERIALIZED_PUBKEY_PREFIX\n ) {\n return buffer;\n }\n\n if (buffer.length === PQ_PUBLIC_KEY_LENGTH) {\n return Buffer.concat([Buffer.from([PQ_SERIALIZED_PUBKEY_PREFIX]), buffer]);\n }\n\n throw new Error(\"Invalid PQ public key length\");\n}\n\nfunction isPQMessageSignature(signature: string | Uint8Array) {\n const buffer = toSignatureBuffer(signature);\n return buffer.length > 0 && buffer[0] === PQ_MESSAGE_SIGNATURE_PREFIX;\n}\n\nfunction decodePQAddress(address: string) {\n const decoded = bech32m.decode(address);\n if (decoded.words.length === 0) {\n throw new Error(\"Invalid bech32m address\");\n }\n\n return {\n prefix: decoded.prefix,\n version: decoded.words[0],\n program: Buffer.from(bech32m.fromWords(decoded.words.slice(1))),\n };\n}\n\n/** returns a base64 encoded string representation of the legacy signature */\nexport function sign(message: string, privateKey: Uint8Array, compressed = true) {\n const signature = bitcoinMessage.sign(\n message,\n Buffer.from(privateKey),\n compressed,\n LEGACY_MESSAGE_PREFIX\n );\n\n return signature.toString(\"base64\");\n}\n\nexport function signPQMessage(\n message: string,\n privateKey: Uint8Array,\n publicKey: Uint8Array\n) {\n const serializedPublicKey = normalizePQPublicKey(publicKey);\n const hash = encodeMessageHash(message);\n const pqSignature = Buffer.from(ml_dsa44.sign(hash, Buffer.from(privateKey)));\n\n const payload = Buffer.concat([\n Buffer.from([PQ_MESSAGE_SIGNATURE_PREFIX]),\n encodeCompactSize(serializedPublicKey.length),\n serializedPublicKey,\n encodeCompactSize(pqSignature.length),\n pqSignature,\n ]);\n\n return payload.toString(\"base64\");\n}\n\nexport function verifyLegacyMessage(\n message: string,\n address: string,\n signature: string | Uint8Array\n) {\n try {\n return bitcoinMessage.verify(\n message,\n address,\n toSignatureBuffer(signature),\n LEGACY_MESSAGE_PREFIX\n );\n } catch {\n return false;\n }\n}\n\nexport function verifyPQMessage(\n message: string,\n address: string,\n signature: string | Uint8Array\n) {\n try {\n const payload = toSignatureBuffer(signature);\n let offset = 0;\n\n if (payload[offset++] !== PQ_MESSAGE_SIGNATURE_PREFIX) {\n return false;\n }\n\n const publicKeyLength = decodeCompactSize(payload, offset);\n offset = publicKeyLength.offset;\n\n const serializedPublicKey = payload.subarray(\n offset,\n offset + publicKeyLength.value\n );\n offset += publicKeyLength.value;\n\n const signatureLength = decodeCompactSize(payload, offset);\n offset = signatureLength.offset;\n\n const pqSignature = payload.subarray(offset, offset + signatureLength.value);\n offset += signatureLength.value;\n\n if (offset !== payload.length) {\n return false;\n }\n\n if (\n serializedPublicKey.length !== PQ_SERIALIZED_PUBKEY_LENGTH ||\n serializedPublicKey[0] !== PQ_SERIALIZED_PUBKEY_PREFIX ||\n pqSignature.length !== PQ_SIGNATURE_LENGTH\n ) {\n return false;\n }\n\n const decodedAddress = decodePQAddress(address);\n if (decodedAddress.version !== 1 || decodedAddress.program.length !== 20) {\n return false;\n }\n\n const expectedProgram = hash160(serializedPublicKey);\n if (!expectedProgram.equals(decodedAddress.program)) {\n return false;\n }\n\n return ml_dsa44.verify(\n pqSignature,\n encodeMessageHash(message),\n serializedPublicKey.subarray(1)\n );\n } catch {\n return false;\n }\n}\n\nexport function verifyMessage(\n message: string,\n address: string,\n signature: string | Uint8Array\n) {\n return isPQMessageSignature(signature)\n ? verifyPQMessage(message, address, signature)\n : verifyLegacyMessage(message, address, signature);\n}\n"],"names":[],"version":3,"file":"types.d.ts.map"}

package/index.ts CHANGED Viewed

@@ -1,23 +1,256 @@
-import bitcoinMessage from "bitcoinjs-message";
-const MESSAGE_PREFIX = "\x16Neurai Signed Message:\n";
+import { createHash } from "crypto";
+import { bech32m } from "bech32";
+import * as bitcoinMessage from "bitcoinjs-message";
+import { ml_dsa44 } from "@noble/post-quantum/ml-dsa.js";
-/** returns a base64 encoded string representation of the signature */
-export function sign(message: string, privateKey: any, compressed = true) {
+const MESSAGE_MAGIC = "Neurai Signed Message:\n";
+const PQ_MESSAGE_SIGNATURE_PREFIX = 0x35;
+const PQ_SERIALIZED_PUBKEY_PREFIX = 0x05;
+const PQ_PUBLIC_KEY_LENGTH = 1312;
+const PQ_SERIALIZED_PUBKEY_LENGTH = 1 + PQ_PUBLIC_KEY_LENGTH;
+const PQ_SIGNATURE_LENGTH = 2420;
+const LEGACY_MESSAGE_PREFIX =
+  String.fromCharCode(Buffer.byteLength(MESSAGE_MAGIC, "utf8")) +
+  MESSAGE_MAGIC;
+function encodeCompactSize(value: number): Buffer {
+  if (!Number.isInteger(value) || value < 0) {
+    throw new Error("CompactSize value must be a non-negative integer");
+  }
+  if (value < 253) {
+    return Buffer.from([value]);
+  }
+  if (value <= 0xffff) {
+    const buffer = Buffer.alloc(3);
+    buffer[0] = 0xfd;
+    buffer.writeUInt16LE(value, 1);
+    return buffer;
+  }
+  if (value <= 0xffffffff) {
+    const buffer = Buffer.alloc(5);
+    buffer[0] = 0xfe;
+    buffer.writeUInt32LE(value, 1);
+    return buffer;
+  }
+  throw new Error("CompactSize values above uint32 are not supported");
+}
+function decodeCompactSize(buffer: Buffer, offset: number) {
+  if (offset >= buffer.length) {
+    throw new Error("Unexpected end of CompactSize data");
+  }
+  const first = buffer[offset];
+  if (first < 253) {
+    return { value: first, offset: offset + 1 };
+  }
+  if (first === 0xfd) {
+    if (offset + 3 > buffer.length) {
+      throw new Error("Unexpected end of CompactSize uint16 data");
+    }
+    return { value: buffer.readUInt16LE(offset + 1), offset: offset + 3 };
+  }
+  if (first === 0xfe) {
+    if (offset + 5 > buffer.length) {
+      throw new Error("Unexpected end of CompactSize uint32 data");
+    }
+    return { value: buffer.readUInt32LE(offset + 1), offset: offset + 5 };
+  }
+  if (first === 0xff) {
+    throw new Error("CompactSize uint64 is not supported");
+  }
+  throw new Error("Invalid CompactSize prefix");
+}
+function sha256(bytes: Uint8Array) {
+  return createHash("sha256").update(bytes).digest();
+}
+function hash256(bytes: Uint8Array) {
+  return sha256(sha256(bytes));
+}
+function hash160(bytes: Uint8Array) {
+  return createHash("ripemd160").update(sha256(bytes)).digest();
+}
+function encodeMessageHash(message: string) {
+  const messageBytes = Buffer.from(message, "utf8");
+  const magicBytes = Buffer.from(MESSAGE_MAGIC, "utf8");
+  const payload = Buffer.concat([
+    encodeCompactSize(magicBytes.length),
+    magicBytes,
+    encodeCompactSize(messageBytes.length),
+    messageBytes,
+  ]);
+  return hash256(payload);
+}
+function toSignatureBuffer(signature: string | Uint8Array) {
+  return typeof signature === "string"
+    ? Buffer.from(signature, "base64")
+    : Buffer.from(signature);
+}
+function normalizePQPublicKey(publicKey: Uint8Array) {
+  const buffer = Buffer.from(publicKey);
+  if (
+    buffer.length === PQ_SERIALIZED_PUBKEY_LENGTH &&
+    buffer[0] === PQ_SERIALIZED_PUBKEY_PREFIX
+  ) {
+    return buffer;
+  }
+  if (buffer.length === PQ_PUBLIC_KEY_LENGTH) {
+    return Buffer.concat([Buffer.from([PQ_SERIALIZED_PUBKEY_PREFIX]), buffer]);
+  }
+  throw new Error("Invalid PQ public key length");
+}
+function isPQMessageSignature(signature: string | Uint8Array) {
+  const buffer = toSignatureBuffer(signature);
+  return buffer.length > 0 && buffer[0] === PQ_MESSAGE_SIGNATURE_PREFIX;
+}
+function decodePQAddress(address: string) {
+  const decoded = bech32m.decode(address);
+  if (decoded.words.length === 0) {
+    throw new Error("Invalid bech32m address");
+  }
+  return {
+    prefix: decoded.prefix,
+    version: decoded.words[0],
+    program: Buffer.from(bech32m.fromWords(decoded.words.slice(1))),
+  };
+}
+/** returns a base64 encoded string representation of the legacy signature */
+export function sign(message: string, privateKey: Uint8Array, compressed = true) {
   const signature = bitcoinMessage.sign(
     message,
-    privateKey,
+    Buffer.from(privateKey),
     compressed,
-    MESSAGE_PREFIX
+    LEGACY_MESSAGE_PREFIX
   );
   return signature.toString("base64");
 }
+export function signPQMessage(
+  message: string,
+  privateKey: Uint8Array,
+  publicKey: Uint8Array
+) {
+  const serializedPublicKey = normalizePQPublicKey(publicKey);
+  const hash = encodeMessageHash(message);
+  const pqSignature = Buffer.from(ml_dsa44.sign(hash, Buffer.from(privateKey)));
+  const payload = Buffer.concat([
+    Buffer.from([PQ_MESSAGE_SIGNATURE_PREFIX]),
+    encodeCompactSize(serializedPublicKey.length),
+    serializedPublicKey,
+    encodeCompactSize(pqSignature.length),
+    pqSignature,
+  ]);
+  return payload.toString("base64");
+}
+export function verifyLegacyMessage(
+  message: string,
+  address: string,
+  signature: string | Uint8Array
+) {
+  try {
+    return bitcoinMessage.verify(
+      message,
+      address,
+      toSignatureBuffer(signature),
+      LEGACY_MESSAGE_PREFIX
+    );
+  } catch {
+    return false;
+  }
+}
+export function verifyPQMessage(
+  message: string,
+  address: string,
+  signature: string | Uint8Array
+) {
+  try {
+    const payload = toSignatureBuffer(signature);
+    let offset = 0;
+    if (payload[offset++] !== PQ_MESSAGE_SIGNATURE_PREFIX) {
+      return false;
+    }
+    const publicKeyLength = decodeCompactSize(payload, offset);
+    offset = publicKeyLength.offset;
+    const serializedPublicKey = payload.subarray(
+      offset,
+      offset + publicKeyLength.value
+    );
+    offset += publicKeyLength.value;
+    const signatureLength = decodeCompactSize(payload, offset);
+    offset = signatureLength.offset;
+    const pqSignature = payload.subarray(offset, offset + signatureLength.value);
+    offset += signatureLength.value;
+    if (offset !== payload.length) {
+      return false;
+    }
+    if (
+      serializedPublicKey.length !== PQ_SERIALIZED_PUBKEY_LENGTH ||
+      serializedPublicKey[0] !== PQ_SERIALIZED_PUBKEY_PREFIX ||
+      pqSignature.length !== PQ_SIGNATURE_LENGTH
+    ) {
+      return false;
+    }
+    const decodedAddress = decodePQAddress(address);
+    if (decodedAddress.version !== 1 || decodedAddress.program.length !== 20) {
+      return false;
+    }
+    const expectedProgram = hash160(serializedPublicKey);
+    if (!expectedProgram.equals(decodedAddress.program)) {
+      return false;
+    }
+    return ml_dsa44.verify(
+      pqSignature,
+      encodeMessageHash(message),
+      serializedPublicKey.subarray(1)
+    );
+  } catch {
+    return false;
+  }
+}
 export function verifyMessage(
   message: string,
   address: string,
-  signature: string
+  signature: string | Uint8Array
 ) {
-  const m = Buffer.from(message).toString("ascii");
-  const result = bitcoinMessage.verify(m, address, signature, MESSAGE_PREFIX);
-  return result;
+  return isPQMessageSignature(signature)
+    ? verifyPQMessage(message, address, signature)
+    : verifyLegacyMessage(message, address, signature);
 }

package/package.json CHANGED Viewed

@@ -1,14 +1,22 @@
 {
   "name": "@neuraiproject/neurai-message",
-  "version": "0.7.0",
+  "version": "0.8.0",
   "description": "Sign and Verify messages in Neurai",
   "source": "index.ts",
   "main": "dist/main.js",
   "module": "dist/module.js",
   "types": "dist/types.d.ts",
+  "targets": {
+    "main": {
+      "includeNodeModules": true
+    },
+    "module": {
+      "includeNodeModules": true
+    }
+  },
   "scripts": {
-    "test": "jest",
-    "build": "npx parcel build"
+    "test": "npm run build && node --experimental-vm-modules ./node_modules/jest/bin/jest.js",
+    "build": "npx parcel build index.ts --no-autoinstall"
   },
   "repository": {
     "type": "git",
@@ -18,18 +26,20 @@
     "Neurai",
     "XNA"
   ],
-  "author": "Dick Henrik Larsson / Neurai",
+  "author": "Neuraiproject",
   "license": "ISC",
   "bugs": {
     "url": "https://github.com/neuraiproject/neurai-message/issues"
   },
   "homepage": "https://github.com/neuraiproject/neurai-message#readme",
   "dependencies": {
+    "@noble/post-quantum": "^0.6.0",
+    "bech32": "^2.0.0",
     "bitcoinjs-message": "^2.2.0"
   },
   "devDependencies": {
     "@parcel/packager-ts": "^2.8.3",
-    "@parcel/transformer-typescript-types": "^2.8.3",
+    "@parcel/transformer-typescript-types": "2.16.4",
     "@types/jest": "^28.1.4",
     "@types/node": "^18.0.0",
     "jest": "^29.4.0",

package/test.js CHANGED Viewed

@@ -1,9 +1,20 @@
-const { verifyMessage } = require("./dist/main");
+const { createHash } = require("crypto");
+const { bech32m } = require("bech32");
+const {
+  sign,
+  signPQMessage,
+  verifyMessage,
+  verifyPQMessage,
+} = require("./dist/main");
-const address = "RS4EYELZhxMtDAuyrQimVrcSnaeaLCXeo6";
+const compressed = true;
+const privateKey = Buffer.from(
+  "79b4c20524324622cacbf7a7b428542e90d674274b99e3f54816d447e57412ae",
+  "hex"
+);
+const address = "RVDUQTULaceEudDsgqCQBT6bfcdqUSvJPV";
 const message = "Hello world";
-const signature =
-  "H2zo48+tI/KT9eJrHt7PLiEBMaRn1A1Eh49IFu0MbfhAFBxVc0FG2UE5E79PCbhd9KexijsQxYvNM6AsVn9EAEo=";
+const signature = sign(message, privateKey, compressed);
 test("Verify valid message signature", () => {
   const result = verifyMessage(message, address, signature);
@@ -19,3 +30,48 @@ test("Verify unvalid message signature", () => {
   );
   expect(result).toBe(false);
 });
+test("Verify valid PQ message signature", () => {
+  return import("@noble/post-quantum/ml-dsa.js").then(({ ml_dsa44 }) => {
+  const seed = Buffer.alloc(32, 7);
+  const keys = ml_dsa44.keygen(seed);
+  const serializedPublicKey = Buffer.concat([
+    Buffer.from([0x05]),
+    Buffer.from(keys.publicKey),
+  ]);
+  const program = createHash("ripemd160")
+    .update(createHash("sha256").update(serializedPublicKey).digest())
+    .digest();
+  const words = bech32m.toWords(program);
+  words.unshift(1);
+  const pqAddress = bech32m.encode("tnq", words);
+  const pqMessage = "Hello from PQ";
+  const pqSignature = signPQMessage(pqMessage, keys.secretKey, keys.publicKey);
+  expect(verifyPQMessage(pqMessage, pqAddress, pqSignature)).toBe(true);
+  expect(verifyMessage(pqMessage, pqAddress, pqSignature)).toBe(true);
+  });
+});
+test("Reject invalid PQ message signature", () => {
+  return import("@noble/post-quantum/ml-dsa.js").then(({ ml_dsa44 }) => {
+  const seed = Buffer.alloc(32, 9);
+  const keys = ml_dsa44.keygen(seed);
+  const serializedPublicKey = Buffer.concat([
+    Buffer.from([0x05]),
+    Buffer.from(keys.publicKey),
+  ]);
+  const program = createHash("ripemd160")
+    .update(createHash("sha256").update(serializedPublicKey).digest())
+    .digest();
+  const words = bech32m.toWords(program);
+  words.unshift(1);
+  const pqAddress = bech32m.encode("tnq", words);
+  const pqMessage = "Hello from PQ";
+  const pqSignature = signPQMessage(pqMessage, keys.secretKey, keys.publicKey);
+  expect(verifyMessage(pqMessage + " changed", pqAddress, pqSignature)).toBe(
+    false
+  );
+  });
+});

package/tsconfig.json ADDED Viewed

@@ -0,0 +1,13 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "module": "ESNext",
+    "moduleResolution": "Node",
+    "lib": ["ES2020"],
+    "types": ["node"],
+    "strict": false,
+    "esModuleInterop": true,
+    "skipLibCheck": true
+  },
+  "include": ["index.ts"]
+}