@pinkparrot/qsafe-sig 0.0.4 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/qsafe-sig.browser.min.js +13 -11
  2. package/index.mjs +8 -8
  3. package/package.json +1 -1
package/dist/qsafe-sig.browser.min.js CHANGED
@@ -3001,21 +3001,23 @@ var QsafeSigner = class _QsafeSigner {
3001
3001
  crypto.getRandomValues(seed);
3002
3002
  return seed;
3003
3003
  }
3004
- /** Checks that a signature buffer has a valid header and correct byte length.
3005
- * - Zero crypto safe to call as a fast pre-filter. @param {Uint8Array} signature */
3006
- static checkFormat(signature) {
3007
- const h = QsafeHelper.parseHeader(signature);
3008
- if (h) return signature.length === HEADER_SIZE + ED25519_SIG_SIZE + h.desc.sigSize;
3009
- else return false;
3004
+ /** Parses a signature header and resolves its protocol version and variant.
3005
+ * - Returns null if the header is invalid or references an unknown version/variant.
3006
+ * @param {Uint8Array} headerOrSignature */
3007
+ static parseHeader(headerOrSignature) {
3008
+ return QsafeHelper.parseHeader(headerOrSignature);
3010
3009
  }
3011
3010
  /** Verifies a hybrid signature. Lazy-loads the required WASM variant if not already cached.
3012
- * - Works with any protocol version whose descriptors are registered above.
3013
- * @param {Uint8Array} message
3014
- * @param {Uint8Array} signature - from sign()
3015
- * @param {Uint8Array} publicKey - from loadMasterKey() */
3011
+ * - Works with any protocol version whose descriptors are registered above.
3012
+ * - Do not parallelize calls to verify(), async is justified by the lazy WASM loading. To parallelize, please use workers
3013
+ * @param {Uint8Array} message
3014
+ * @param {Uint8Array} signature - from sign()
3015
+ * @param {Uint8Array} publicKey - from loadMasterKey() */
3016
3016
  async verify(message, signature, publicKey) {
3017
3017
  const h = QsafeHelper.parseHeader(signature);
3018
- if (!h || !_QsafeSigner.checkFormat(signature)) return false;
3018
+ if (!h) return false;
3019
+ if (signature.length !== HEADER_SIZE + ED25519_SIG_SIZE + h.desc.sigSize) return false;
3020
+ if (publicKey.length !== ED25519_PUB_SIZE + h.desc.pubKeySize) return false;
3019
3021
  const sigReader = new BinaryReader(signature);
3020
3022
  sigReader.read(HEADER_SIZE);
3021
3023
  const edSig = sigReader.read(ED25519_SIG_SIZE);
package/index.mjs CHANGED
@@ -67,22 +67,22 @@ export class QsafeSigner {
67
67
  return seed;
68
68
  }
69
69
 
70
- /** Checks that a signature buffer has a valid header and correct byte length.
71
- * - Zero crypto safe to call as a fast pre-filter. @param {Uint8Array} signature */
72
- static checkFormat(signature) {
73
- const h = QsafeHelper.parseHeader(signature);
74
- if (h) return signature.length === HEADER_SIZE + ED25519_SIG_SIZE + h.desc.sigSize;
75
- else return false;
76
- }
70
+ /** Parses a signature header and resolves its protocol version and variant.
71
+ * - Returns null if the header is invalid or references an unknown version/variant.
72
+ * @param {Uint8Array} headerOrSignature */
73
+ static parseHeader(headerOrSignature) { return QsafeHelper.parseHeader(headerOrSignature); }
77
74
 
78
75
  /** Verifies a hybrid signature. Lazy-loads the required WASM variant if not already cached.
79
76
  * - Works with any protocol version whose descriptors are registered above.
77
+ * - Do not parallelize calls to verify(), async is justified by the lazy WASM loading. To parallelize, please use workers
80
78
  * @param {Uint8Array} message
81
79
  * @param {Uint8Array} signature - from sign()
82
80
  * @param {Uint8Array} publicKey - from loadMasterKey() */
83
81
  async verify(message, signature, publicKey) {
84
82
  const h = QsafeHelper.parseHeader(signature);
85
- if (!h || !QsafeSigner.checkFormat(signature)) return false;
83
+ if (!h) return false; // invalid header or unknown version/variant
84
+ if (signature.length !== HEADER_SIZE + ED25519_SIG_SIZE + h.desc.sigSize) return false;
85
+ if (publicKey.length !== ED25519_PUB_SIZE + h.desc.pubKeySize) return false;
86
86
 
87
87
  const sigReader = new BinaryReader(signature);
88
88
  sigReader.read(HEADER_SIZE); // skip header already parsed
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pinkparrot/qsafe-sig",
3
- "version": "0.0.4",
3
+ "version": "0.0.5",
4
4
  "author": "PinkParrot",
5
5
  "license": "GPL-3.0",
6
6
  "description": "Combination of pre quantum and post quantum signature, designed for a smooth migration.",