@pinkparrot/qsafe-sig 0.0.2 → 0.0.4

package/.vscode/launch.json

@@ -0,0 +1,20 @@
+{
+    "configurations": [
+		{
+			"type": "node",
+			"request": "launch",
+			"name": "test",
+			"skipFiles": ["<node_internals>/**"],
+			"program": "${workspaceFolder}/test.mjs",
+			"runtimeArgs": ["--inspect"]
+		},
+		{
+			"type": "node",
+			"request": "launch",
+			"name": "benchmark",
+			"skipFiles": ["<node_internals>/**"],
+			"program": "${workspaceFolder}/benchmark.mjs",
+			"runtimeArgs": ["--inspect"]
+		}
+    ]
+}

package/README.md

@@ -10,7 +10,8 @@ Built on top of [`@pinkparrot/qsafe-mayo-wasm`](https://github.com/Seigneur-Mach
 
 ## Links
 
-- **NPM:** https://www.npmjs.com/package/qsafe-sig
+- **NPM:** [qsafe-sig] (https://www.npmjs.com/package/@pinkparrot/qsafe-sig)
+- **Browser bundle:** https://unpkg.com/@pinkparrot/qsafe-sig/dist/qsafe-sig.browser.min.js
 - **MAYO-WASM:** https://github.com/Seigneur-Machiavel/qsafe-mayo-wasm
 - **MAYO spec:** [pqmayo.org](https://pqmayo.org)
 

package/benchmark.mjs

@@ -0,0 +1,45 @@
+// @ts-check
+import { QsafeSigner } from './index.mjs';
+import { createRandomMessage } from './test-helpers.mjs';
+
+const SEED = crypto.getRandomValues(new Uint8Array(32));
+const COUNT = 1000;
+const MSG_SIZE = 256;
+
+/** @param {'mayo1'|'mayo2'} variant */
+async function chainVerify(variant) {
+    console.log(`\n-- Chain verify x${COUNT}: ${variant} --`);
+
+    const signer = await QsafeSigner.create(variant);
+    const { publicKey } = signer.loadMasterKey(SEED);
+
+    // -- Sign phase --
+    const messages = [];
+    const sigs = [];
+    for (let i = 0; i < COUNT; i++) messages.push(createRandomMessage(MSG_SIZE));
+	
+    const t0sign = performance.now();
+	for (const msg of messages) sigs.push(signer.sign(msg));
+	
+    const signMs = performance.now() - t0sign;
+    console.log(`Sign   : ${signMs.toFixed(2)} ms total | ~${(signMs / COUNT).toFixed(3)} ms/op`);
+
+    // -- Verify phase --
+    const verifier = await QsafeSigner.createFull();
+    let failures = 0;
+
+    const t0verify = performance.now();
+    for (let i = 0; i < COUNT; i++)
+        if (!await verifier.verify(messages[i], sigs[i], publicKey)) failures++;
+	
+    const verifyMs = performance.now() - t0verify;
+    console.log(`Verify : ${verifyMs.toFixed(2)} ms total | ~${(verifyMs / COUNT).toFixed(3)} ms/op`);
+
+    if (failures > 0) console.error(`✗ ${failures} verification(s) failed!`);
+    else console.log(`✓ All ${COUNT} signatures verified successfully`);
+}
+
+await chainVerify('mayo1');
+await chainVerify('mayo2');
+
+console.log('\n-- DONE --');

package/binary-writer-reader.mjs

@@ -0,0 +1,20 @@
+// Minimal binary writer/reader for the custom signature format. Not a general-purpose library, just enough for our needs.
+export class BinaryWriter {
+    cursor = 0;
+    view;
+
+    constructor(size) { this.view = new Uint8Array(size); }
+    writeByte(b)    { this.view[this.cursor++] = b; }
+    writeU16BE(v)   { this.view[this.cursor++] = (v >> 8) & 0xff; this.view[this.cursor++] = v & 0xff; }
+    writeBytes(buf) { this.view.set(buf, this.cursor); this.cursor += buf.length; }
+    getBytes()      { return this.view; }
+}
+
+export class BinaryReader {
+    cursor = 0;
+    view;
+    constructor(buf) { this.view = new Uint8Array(buf); }
+    readByte()      { return this.view[this.cursor++]; }
+    readU16BE()     { return (this.view[this.cursor++] << 8) | this.view[this.cursor++]; }
+    read(n)         { const s = this.cursor; this.cursor += n; return this.view.slice(s, this.cursor); }
+}

package/constants.mjs

@@ -0,0 +1,56 @@
+// @ts-check
+import { MayoSigner } from '@pinkparrot/qsafe-mayo-wasm';
+
+/**
+ * @typedef {{ sigSize: number, pubKeySize: number, seedSize: number }} VariantDesc
+ * @typedef {{ publicKey: Uint8Array, secretKey: Uint8Array }} Keypair */
+
+/** Versioned protocol descriptors and loaders.
+ * - Each version entry describes the crypto params for that protocol version.
+ * - When MAYO bumps its params, add a new version entry pointing to the new package.
+ * - Never remove old entries — they are needed for backward-compatible verify().
+ * @type {Record<string, { variants: Record<string, VariantDesc>, loader: (variant: string) => Promise<MayoSigner> }>} */
+const PROTOCOL_VERSIONS = {
+    '1': {
+        variants: {
+            /** @type {VariantDesc} */
+            'mayo1': { sigSize: 454,  pubKeySize: 1420, seedSize: 24 },
+            /** @type {VariantDesc} */
+            'mayo2': { sigSize: 186,  pubKeySize: 4912, seedSize: 24 },
+        },
+        // If a future version needs a different wasm package, add a loader here.
+        // For v1 both variants come from the same @pinkparrot/qsafe-mayo-wasm import.
+        loader: /** @param {string} variant */ async (variant) => await MayoSigner.create(variant),
+    },
+};
+
+const CURRENT_VERSION  = '1';      // Current protocol version used when signing.
+const DEFAULT_VARIANT  = 'mayo1';  // Default variant used when signing.
+const AVAILABLE_VERSIONS = Object.keys(PROTOCOL_VERSIONS);
+
+const HKDF_INFO_ED25519 = new TextEncoder().encode('qsafe-ed25519');
+const HKDF_INFO_MAYO    = new TextEncoder().encode('qsafe-mayo');
+
+const ED25519_PRIV_SIZE = 32;
+const ED25519_PUB_SIZE  = 32;
+const ED25519_SIG_SIZE  = 64;
+
+const HEADER_SIZE = 3; // Header layout: version(u16 BE) + variant_id(u8) = 3 bytes
+const VARIANT_ID    = { 'mayo1': 0x01, 'mayo2': 0x02 }; // variant_id byte values — stable across protocol versions
+/** @type {Record<number, 'mayo1' | 'mayo2'>} */
+const VARIANT_BY_ID = { 0x01: 'mayo1', 0x02: 'mayo2' }; // Reverse lookup for parsing signature headers
+
+export {
+	PROTOCOL_VERSIONS,
+	CURRENT_VERSION,
+	DEFAULT_VARIANT,
+	AVAILABLE_VERSIONS,
+	HKDF_INFO_ED25519,
+	HKDF_INFO_MAYO,
+	ED25519_PRIV_SIZE,
+	ED25519_PUB_SIZE,
+	ED25519_SIG_SIZE,
+	HEADER_SIZE,
+	VARIANT_ID,
+	VARIANT_BY_ID
+}