@pinkparrot/qsafe-sig 0.0.7 → 0.0.9

package/.vscode/launch.json

@@ -15,6 +15,14 @@
 			"skipFiles": ["<node_internals>/**"],
 			"program": "${workspaceFolder}/benchmark.mjs",
 			"runtimeArgs": ["--inspect"]
+		},
+		{
+			"type": "node",
+			"request": "launch",
+			"name": "serve-front-test",
+			"skipFiles": ["<node_internals>/**"],
+			"program": "${workspaceFolder}/serve-front-test.mjs",
+			"runtimeArgs": ["--inspect"]
 		}
     ]
 }

package/README.md

@@ -58,7 +58,7 @@ Each `hybridKey` follow the format:
 
 The header encodes the protocol version and MAYO variant so `verify()` always knows what it's reading — no out-of-band metadata needed.
 
-Both keys are derived from the same master seed via **HKDF-SHA256**, using separate info tags (`qsafe-ed25519` / `qsafe-mayo`). One seed → two independent keys → one hybrid keypair.
+Both keys are derived from the same master seed via **HKDF-SHA512**, using separate info tags (`qsafe-ed25519` / `qsafe-mayo`). One seed → two independent keys → one hybrid keypair.
 
 `verify()` runs Ed25519 first (pure JS, fast), and only hits WASM if that passes. Both must succeed for the signature to be valid.
 

package/dist/qsafe-sig.browser.min.js

@@ -1789,11 +1789,11 @@ var QsafeHelper = class _QsafeHelper {
     if (!desc) throw new Error(`Unknown variant '${variant}' for protocol version ${version}`);
     return desc;
   }
-  /** Derives ed25519 + mayo seeds from a master seed via HKDF-SHA256.
+  /** Derives ed25519 + mayo seeds from a master seed via HKDF-SHA512.
    * @param {Uint8Array} masterSeed  @param {number} mayoSeedSize */
   static deriveSeeds(masterSeed, mayoSeedSize) {
-    const edSeed = hkdf(sha256, masterSeed, void 0, HKDF_INFO_ED25519, ED25519_PRIV_SIZE);
-    const mayoSeed = hkdf(sha256, masterSeed, void 0, HKDF_INFO_MAYO, mayoSeedSize);
+    const edSeed = hkdf(sha512, masterSeed, void 0, HKDF_INFO_ED25519, ED25519_PRIV_SIZE);
+    const mayoSeed = hkdf(sha512, masterSeed, void 0, HKDF_INFO_MAYO, mayoSeedSize);
     return { edSeed, mayoSeed };
   }
   /** Build a QsafeSigner header for the given version and variant: <version(u16 BE) + variantId(u8)>
@@ -3108,6 +3108,8 @@ var QsafeSigner = class _QsafeSigner {
     return signer;
   }
 };
+var Qsafe = { QsafeSigner, QsafeHelper, sha256, sha512, ed25519, HEADER_SIZE, PROTOCOL_VERSIONS, CURRENT_VERSION, AVAILABLE_VERSIONS };
+var index_default = Qsafe;
 export {
   AVAILABLE_VERSIONS,
   CURRENT_VERSION,
@@ -3115,7 +3117,10 @@ export {
   PROTOCOL_VERSIONS,
   QsafeHelper,
   QsafeSigner,
-  ed25519
+  index_default as default,
+  ed25519,
+  sha256,
+  sha512
 };
 /*! Bundled license information:
 

package/index.mjs

@@ -1,18 +1,17 @@
 // @ts-check
 import { QsafeHelper } from './qsafeHelper.mjs';
+import { sha256, sha512 } from '@noble/hashes/sha2.js';
 import { ed25519 } from '@noble/curves/ed25519.js';
 import { BinaryWriter, BinaryReader } from './binary-writer-reader.mjs';
 import { PROTOCOL_VERSIONS, CURRENT_VERSION, DEFAULT_VARIANT, AVAILABLE_VERSIONS,
 		 ED25519_PRIV_SIZE, ED25519_PUB_SIZE, ED25519_SIG_SIZE,
 		 HEADER_SIZE, VARIANT_ID } from './constants.mjs';
 
-export { ed25519, QsafeHelper, HEADER_SIZE, PROTOCOL_VERSIONS, CURRENT_VERSION, AVAILABLE_VERSIONS };
-
 /** 
  * @typedef {{ hybridKey : Uint8Array, secretKey: Uint8Array }} Keypair
  * @typedef {import('@pinkparrot/qsafe-mayo-wasm').MayoSigner} MayoSigner */
 
-export class QsafeSigner {
+class QsafeSigner {
     // Shared stateless instances for verify() — one per "version:variant", loaded once.
     // These never have keypairFromSeed() called on them, so they are safe to share.
     /** @type {Record<string, MayoSigner>} */
@@ -159,4 +158,8 @@ export class QsafeSigner {
         QsafeSigner.#sharedSigners[key] = signer;
         return signer;
     }
-}
+}
+
+const Qsafe = { QsafeSigner, QsafeHelper, sha256, sha512, ed25519, HEADER_SIZE, PROTOCOL_VERSIONS, CURRENT_VERSION, AVAILABLE_VERSIONS };
+export { QsafeSigner, QsafeHelper, sha256, sha512, ed25519, HEADER_SIZE, PROTOCOL_VERSIONS, CURRENT_VERSION, AVAILABLE_VERSIONS };
+export default Qsafe;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pinkparrot/qsafe-sig",
-  "version": "0.0.7",
+  "version": "0.0.9",
   "author": "PinkParrot",
   "license": "GPL-3.0",
   "description": "Combination of pre quantum and post quantum signature, designed for a smooth migration.",

package/qsafeHelper.mjs

@@ -1,6 +1,6 @@
 // @ts-check
 import { hkdf } from '@noble/hashes/hkdf.js';
-import { sha256 } from '@noble/hashes/sha2.js';
+import { sha512 } from '@noble/hashes/sha2.js';
 import { BinaryReader, BinaryWriter } from './binary-writer-reader.mjs';
 import { HKDF_INFO_ED25519, HKDF_INFO_MAYO, DEFAULT_VARIANT, CURRENT_VERSION,
 		 ED25519_SIG_SIZE, ED25519_PUB_SIZE, ED25519_PRIV_SIZE,
@@ -18,11 +18,11 @@ export class QsafeHelper {
 		return desc;
 	}
 
-    /** Derives ed25519 + mayo seeds from a master seed via HKDF-SHA256.
+    /** Derives ed25519 + mayo seeds from a master seed via HKDF-SHA512.
      * @param {Uint8Array} masterSeed  @param {number} mayoSeedSize */
     static deriveSeeds(masterSeed, mayoSeedSize) {
-        const edSeed   = hkdf(sha256, masterSeed, undefined, HKDF_INFO_ED25519, ED25519_PRIV_SIZE);
-        const mayoSeed = hkdf(sha256, masterSeed, undefined, HKDF_INFO_MAYO, mayoSeedSize);
+        const edSeed   = hkdf(sha512, masterSeed, undefined, HKDF_INFO_ED25519, ED25519_PRIV_SIZE);
+        const mayoSeed = hkdf(sha512, masterSeed, undefined, HKDF_INFO_MAYO, mayoSeedSize);
         return { edSeed, mayoSeed };
     }
 

package/serve-front-test.mjs

@@ -0,0 +1,43 @@
+// Simple static server for the browser test — no external deps.
+// Usage: node serve-front-test.mjs [port]
+import { createServer } from 'node:http';
+import { readFile }     from 'node:fs/promises';
+import { extname, join, resolve } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const ROOT = resolve(fileURLToPath(import.meta.url), '..');
+const PORT = Number(process.argv[2]) || 3000;
+
+const MIME = {
+  '.html': 'text/html',
+  '.mjs':  'application/javascript',
+  '.js':   'application/javascript',
+  '.wasm': 'application/wasm',
+  '.json': 'application/json',
+};
+
+createServer(async (req, res) => {
+  // Normalize path — default to test.html
+  const urlPath  = req.url === '/' ? '/test.html' : req.url;
+  const filePath = join(ROOT, urlPath);
+
+  // Safety: stay inside ROOT
+  if (!filePath.startsWith(ROOT)) {
+    res.writeHead(403);
+    return res.end('Forbidden');
+  }
+
+  try {
+    const data = await readFile(filePath);
+    const mime = MIME[extname(filePath)] ?? 'application/octet-stream';
+    res.writeHead(200, {
+      'Content-Type': mime,
+      'Cross-Origin-Opener-Policy':   'same-origin',
+      'Cross-Origin-Embedder-Policy': 'require-corp',
+    });
+    res.end(data);
+  } catch {
+    res.writeHead(404);
+    res.end(`Not found: ${urlPath}`);
+  }
+}).listen(PORT, () => console.log(`→ http://localhost:${PORT}`));

package/test.html

@@ -0,0 +1,112 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <title>QSAFE-SIG — Browser Test</title>
+  <style>
+    body { font-family: monospace; background: #111; color: #ccc; padding: 1rem; }
+    .pass  { color: #4f4; }
+    .fail  { color: #f44; font-weight: bold; }
+    .info  { color: #88f; }
+    .group { color: #ff8; margin-top: 1rem; }
+  </style>
+</head>
+<body>
+<pre id="log">Loading…</pre>
+
+<script type="module">
+  import { QsafeSigner }             from './dist/qsafe-sig.browser.min.js';
+  import { createRandomMessage, eq } from './test-helpers.mjs';
+
+  const NB_OF_TESTS = 100;
+  const SEED_A = crypto.getRandomValues(new Uint8Array(32));
+  const SEED_B = crypto.getRandomValues(new Uint8Array(32));
+
+  // -- Logger --
+  const out  = document.getElementById('log');
+  out.textContent = '';
+  const log  = (msg, cls = '') => out.innerHTML += `<span class="${cls}">${msg}\n</span>`;
+  const pass = msg => log(`✓ ${msg}`, 'pass');
+  const fail = msg => log(`✗ ${msg}`, 'fail');
+  const info = msg => log(`  ${msg}`, 'info');
+
+  const assert = (condition, msg) => {
+    console.assert(condition, msg);
+    if (!condition) fail(`ASSERT FAILED: ${msg}`);
+  };
+
+  /** @param {'mayo1'|'mayo2'} variant @param {boolean} verbose */
+  async function testVariant(variant, verbose) {
+    const msg1 = createRandomMessage(256);
+    const msg2 = createRandomMessage(2 ** 17);
+    let start = performance.now();
+
+    // -- Keypair determinism --
+    const signerA1 = await QsafeSigner.create(variant);
+    const signerA2 = await QsafeSigner.create(variant);
+    const kpA1 = signerA1.loadMasterKey(SEED_A);
+    const kpA2 = signerA2.loadMasterKey(SEED_A);
+    if (verbose) info(`keypair generation ~${((performance.now() - start) / 2).toFixed(2)} ms`);
+    assert(eq(kpA1.hybridKey, kpA2.hybridKey), `${variant} hybridKey should be deterministic`);
+    assert(eq(kpA1.secretKey, kpA2.secretKey), `${variant} secretKey should be deterministic`);
+    if (verbose) pass(`${variant} keypair determinism OK`);
+
+    // -- Different seeds → different keypairs --
+    const signerB = await QsafeSigner.create(variant);
+    const kpB = signerB.loadMasterKey(SEED_B);
+    assert(!eq(kpA1.hybridKey, kpB.hybridKey), `${variant} collision: same pubKey from different seeds`);
+    assert(!eq(kpA1.secretKey, kpB.secretKey), `${variant} collision: same secKey from different seeds`);
+    if (verbose) pass(`${variant} seed isolation OK`);
+
+    // -- Sign/verify roundtrip --
+    start = performance.now();
+    const sig1 = signerA1.sign(msg1);
+    const sig2 = signerA1.sign(msg2);
+    if (verbose) info(`signing ~${((performance.now() - start) / 2).toFixed(2)} ms`);
+
+    start = performance.now();
+    const verifier = await QsafeSigner.createFull();
+    assert( await verifier.verify(msg1, sig1, kpA1.hybridKey), `${variant} sig1/msg1 rejected`);
+    assert( await verifier.verify(msg2, sig2, kpA1.hybridKey), `${variant} sig2/msg2 rejected`);
+    assert(!await verifier.verify(msg2, sig1, kpA1.hybridKey), `${variant} sig1 wrongly accepts msg2`);
+    assert(!await verifier.verify(msg1, sig2, kpA1.hybridKey), `${variant} sig2 wrongly accepts msg1`);
+    if (verbose) info(`verifying ~${((performance.now() - start) / 4).toFixed(2)} ms`);
+    if (verbose) pass(`${variant} sign/verify roundtrip OK`);
+
+    // -- Wrong public key → rejected --
+    assert(!await verifier.verify(msg1, sig1, kpB.hybridKey), `${variant} wrong pubkey wrongly accepted`);
+    if (verbose) pass(`${variant} cross-key rejection OK`);
+
+    // -- Tampered signature → rejected --
+    const sigTampered = sig1.slice();
+    const tamperedIdx = 3 + Math.floor(Math.random() * (sig1.length - 3));
+    sigTampered[tamperedIdx] ^= 0xFF;
+    assert(!await verifier.verify(msg1, sigTampered, kpA1.hybridKey), `${variant} tampered sig wrongly accepted (idx ${tamperedIdx})`);
+    if (verbose) pass(`${variant} tampered sig rejection OK (flipped byte at index ${tamperedIdx})`);
+
+    // -- Tampered message → rejected --
+    const msgTampered = msg1.slice();
+    const msgTamperedIdx = Math.floor(Math.random() * msg1.length);
+    msgTampered[msgTamperedIdx] ^= 0xFF;
+    assert(!await verifier.verify(msgTampered, sig1, kpA1.hybridKey), `${variant} tampered msg wrongly accepted (idx ${msgTamperedIdx})`);
+    if (verbose) pass(`${variant} tampered msg rejection OK (flipped byte at index ${msgTamperedIdx})`);
+  }
+
+  async function run() {
+    try {
+      for (const variant of ['mayo1', 'mayo2']) {
+        log(`-- Testing ${variant} --`, 'group');
+        for (let i = 0; i < NB_OF_TESTS - 1; i++) await testVariant(variant, false);
+        await testVariant(variant, true);
+      }
+      log('-- TEST END --', 'group');
+    } catch (err) {
+      log(`UNCAUGHT ERROR: ${err?.message ?? err}`, 'fail');
+      console.error(err);
+    }
+  }
+
+  run();
+</script>
+</body>
+</html>