@theqrl/dilithium5 1.0.3 → 1.0.5

package/dist/cjs/dilithium5.js

@@ -1,7 +1,8 @@
 'use strict';
 
-var sha3 = require('@noble/hashes/sha3');
+var sha3_js = require('@noble/hashes/sha3.js');
 var pkg = require('randombytes');
+var utils_js = require('@noble/hashes/utils.js');
 
 const Shake128Rate = 168;
 const Shake256Rate = 136;
@@ -85,7 +86,7 @@ class KeccakState {
 // SHAKE-128 functions
 
 function shake128Init(state) {
-  state.hasher = sha3.shake128.create({});
+  state.hasher = sha3_js.shake128.create({});
   state.finalized = false;
 }
 
@@ -107,7 +108,7 @@ function shake128SqueezeBlocks(out, outputOffset, nBlocks, state) {
 // SHAKE-256 functions
 
 function shake256Init(state) {
-  state.hasher = sha3.shake256.create({});
+  state.hasher = sha3_js.shake256.create({});
   state.finalized = false;
 }
 
@@ -1019,18 +1020,36 @@ function unpackSig(cP, z, hP, sig) {
 const randomBytes = pkg;
 
 /**
- * Convert hex string to Uint8Array
- * @param {string} hex - Hex-encoded string
- * @returns {Uint8Array} Decoded bytes
+ * Convert hex string to Uint8Array with strict validation.
+ * @param {string} hex - Hex string (optional 0x prefix, even length).
+ * @returns {Uint8Array} Decoded bytes.
  * @private
  */
 function hexToBytes(hex) {
-  const len = hex.length / 2;
-  const result = new Uint8Array(len);
-  for (let i = 0; i < len; i++) {
-    result[i] = parseInt(hex.substr(i * 2, 2), 16);
+  if (typeof hex !== 'string') {
+    throw new Error('message must be a hex string');
   }
-  return result;
+  let clean = hex.trim();
+  if (clean.startsWith('0x') || clean.startsWith('0X')) {
+    clean = clean.slice(2);
+  }
+  if (clean.length % 2 !== 0) {
+    throw new Error('hex string must have an even length');
+  }
+  if (!/^[0-9a-fA-F]*$/.test(clean)) {
+    throw new Error('hex string contains non-hex characters');
+  }
+  return utils_js.hexToBytes(clean);
+}
+
+function messageToBytes(message) {
+  if (typeof message === 'string') {
+    return hexToBytes(message);
+  }
+  if (message instanceof Uint8Array) {
+    return message;
+  }
+  return null;
 }
 
 /**
@@ -1081,7 +1100,7 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
   const seed = passedSeed || randomBytes(SeedBytes);
 
   const outputLength = 2 * SeedBytes + CRHBytes;
-  const seedBuf = sha3.shake256.create({}).update(seed).xof(outputLength);
+  const seedBuf = sha3_js.shake256.create({}).update(seed).xof(outputLength);
   const rho = seedBuf.slice(0, SeedBytes);
   const rhoPrime = seedBuf.slice(SeedBytes, SeedBytes + CRHBytes);
   const key = seedBuf.slice(SeedBytes + CRHBytes);
@@ -1110,7 +1129,7 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
   packPk(pk, rho, t1);
 
   // Compute H(rho, t1) and write secret key
-  const tr = sha3.shake256.create({}).update(pk).xof(TRBytes);
+  const tr = sha3_js.shake256.create({}).update(pk).xof(TRBytes);
   packSk(sk, rho, tr, key, t0, s1, s2);
 
   return seed;
@@ -1122,7 +1141,7 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * Uses the Dilithium-5 (Round 3) signing algorithm with rejection sampling.
  *
  * @param {Uint8Array} sig - Output buffer for signature (must be at least CryptoBytes = 4595 bytes)
- * @param {string|Uint8Array} m - Message to sign (hex string or Uint8Array)
+ * @param {string|Uint8Array} m - Message to sign (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce for hedged signing.
  *   If false, use deterministic nonce derived from message and key.
@@ -1134,10 +1153,18 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * cryptoSignSignature(sig, message, sk, false);
  */
 function cryptoSignSignature(sig, m, sk, randomizedSigning) {
+  if (!sig || sig.length < CryptoBytes) {
+    throw new Error(`sig must be at least ${CryptoBytes} bytes`);
+  }
   if (sk.length !== CryptoSecretKeyBytes) {
     throw new Error(`invalid sk length ${sk.length} | Expected length ${CryptoSecretKeyBytes}`);
   }
 
+  const mBytes = messageToBytes(m);
+  if (!mBytes) {
+    throw new Error('message must be Uint8Array or hex string');
+  }
+
   const rho = new Uint8Array(SeedBytes);
   const tr = new Uint8Array(TRBytes);
   const key = new Uint8Array(SeedBytes);
@@ -1158,14 +1185,12 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning) {
 
   unpackSk(rho, tr, key, t0, s1, s2, sk);
 
-  // Convert hex message to bytes
-  const mBytes = typeof m === 'string' ? hexToBytes(m) : m;
-  const mu = sha3.shake256.create({}).update(tr).update(mBytes).xof(CRHBytes);
+  const mu = sha3_js.shake256.create({}).update(tr).update(mBytes).xof(CRHBytes);
 
   if (randomizedSigning) {
     rhoPrime = new Uint8Array(randomBytes(CRHBytes));
   } else {
-    rhoPrime = sha3.shake256.create({}).update(key).update(mu).xof(CRHBytes);
+    rhoPrime = sha3_js.shake256.create({}).update(key).update(mu).xof(CRHBytes);
   }
 
   polyVecMatrixExpand(mat, rho);
@@ -1187,7 +1212,7 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning) {
     polyVecKDecompose(w1, w0, w1);
     polyVecKPackW1(sig, w1);
 
-    const cHash = sha3.shake256
+    const cHash = sha3_js.shake256
       .create({})
       .update(mu)
       .update(sig.slice(0, K * PolyW1PackedBytes))
@@ -1238,7 +1263,7 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning) {
  * This is the combined sign operation that produces a "signed message" containing
  * both the signature and the original message (signature || message).
  *
- * @param {Uint8Array} msg - Message to sign
+ * @param {string|Uint8Array} msg - Message to sign (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce; if false, deterministic
  * @returns {Uint8Array} Signed message (CryptoBytes + msg.length bytes)
@@ -1249,12 +1274,17 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning) {
  * // signedMsg contains: signature (4595 bytes) || message
  */
 function cryptoSign(msg, sk, randomizedSigning) {
-  const sm = new Uint8Array(CryptoBytes + msg.length);
-  const mLen = msg.length;
+  const msgBytes = messageToBytes(msg);
+  if (!msgBytes) {
+    throw new Error('message must be Uint8Array or hex string');
+  }
+
+  const sm = new Uint8Array(CryptoBytes + msgBytes.length);
+  const mLen = msgBytes.length;
   for (let i = 0; i < mLen; ++i) {
-    sm[CryptoBytes + mLen - 1 - i] = msg[mLen - 1 - i];
+    sm[CryptoBytes + mLen - 1 - i] = msgBytes[mLen - 1 - i];
   }
-  const result = cryptoSignSignature(sm, msg, sk, randomizedSigning);
+  const result = cryptoSignSignature(sm, msgBytes, sk, randomizedSigning);
 
   if (result !== 0) {
     throw new Error('failed to sign');
@@ -1268,7 +1298,7 @@ function cryptoSign(msg, sk, randomizedSigning) {
  * Performs constant-time verification to prevent timing side-channel attacks.
  *
  * @param {Uint8Array} sig - Signature to verify (must be CryptoBytes = 4595 bytes)
- * @param {string|Uint8Array} m - Message that was signed (hex string or Uint8Array)
+ * @param {string|Uint8Array} m - Message that was signed (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} pk - Public key (must be CryptoPublicKeyBytes = 2592 bytes)
  * @returns {boolean} true if signature is valid, false otherwise
  *
@@ -1308,12 +1338,19 @@ function cryptoSignVerify(sig, m, pk) {
   }
 
   /* Compute CRH(H(rho, t1), msg) */
-  const tr = sha3.shake256.create({}).update(pk).xof(TRBytes);
+  const tr = sha3_js.shake256.create({}).update(pk).xof(TRBytes);
   mu.set(tr);
 
-  // Convert hex message to bytes
-  const mBytes = typeof m === 'string' ? hexToBytes(m) : m;
-  const muFull = sha3.shake256.create({}).update(mu.slice(0, TRBytes)).update(mBytes).xof(CRHBytes);
+  let mBytes;
+  try {
+    mBytes = messageToBytes(m);
+  } catch {
+    return false;
+  }
+  if (!mBytes) {
+    return false;
+  }
+  const muFull = sha3_js.shake256.create({}).update(mu.slice(0, TRBytes)).update(mBytes).xof(CRHBytes);
   mu.set(muFull);
 
   /* Matrix-vector multiplication; compute Az - c2^dt1 */
@@ -1338,7 +1375,7 @@ function cryptoSignVerify(sig, m, pk) {
   polyVecKPackW1(buf, w1);
 
   /* Call random oracle and verify challenge */
-  const c2Hash = sha3.shake256.create({}).update(mu).update(buf).xof(SeedBytes);
+  const c2Hash = sha3_js.shake256.create({}).update(mu).update(buf).xof(SeedBytes);
   c2.set(c2Hash);
 
   // Constant-time comparison to prevent timing attacks

package/dist/mjs/dilithium5.js

@@ -1,5 +1,6 @@
-import { shake128, shake256 } from '@noble/hashes/sha3';
+import { shake128, shake256 } from '@noble/hashes/sha3.js';
 import pkg from 'randombytes';
+import { hexToBytes as hexToBytes$1 } from '@noble/hashes/utils.js';
 
 const Shake128Rate = 168;
 const Shake256Rate = 136;
@@ -1017,18 +1018,36 @@ function unpackSig(cP, z, hP, sig) {
 const randomBytes = pkg;
 
 /**
- * Convert hex string to Uint8Array
- * @param {string} hex - Hex-encoded string
- * @returns {Uint8Array} Decoded bytes
+ * Convert hex string to Uint8Array with strict validation.
+ * @param {string} hex - Hex string (optional 0x prefix, even length).
+ * @returns {Uint8Array} Decoded bytes.
  * @private
  */
 function hexToBytes(hex) {
-  const len = hex.length / 2;
-  const result = new Uint8Array(len);
-  for (let i = 0; i < len; i++) {
-    result[i] = parseInt(hex.substr(i * 2, 2), 16);
+  if (typeof hex !== 'string') {
+    throw new Error('message must be a hex string');
   }
-  return result;
+  let clean = hex.trim();
+  if (clean.startsWith('0x') || clean.startsWith('0X')) {
+    clean = clean.slice(2);
+  }
+  if (clean.length % 2 !== 0) {
+    throw new Error('hex string must have an even length');
+  }
+  if (!/^[0-9a-fA-F]*$/.test(clean)) {
+    throw new Error('hex string contains non-hex characters');
+  }
+  return hexToBytes$1(clean);
+}
+
+function messageToBytes(message) {
+  if (typeof message === 'string') {
+    return hexToBytes(message);
+  }
+  if (message instanceof Uint8Array) {
+    return message;
+  }
+  return null;
 }
 
 /**
@@ -1120,7 +1139,7 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * Uses the Dilithium-5 (Round 3) signing algorithm with rejection sampling.
  *
  * @param {Uint8Array} sig - Output buffer for signature (must be at least CryptoBytes = 4595 bytes)
- * @param {string|Uint8Array} m - Message to sign (hex string or Uint8Array)
+ * @param {string|Uint8Array} m - Message to sign (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce for hedged signing.
  *   If false, use deterministic nonce derived from message and key.
@@ -1132,10 +1151,18 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * cryptoSignSignature(sig, message, sk, false);
  */
 function cryptoSignSignature(sig, m, sk, randomizedSigning) {
+  if (!sig || sig.length < CryptoBytes) {
+    throw new Error(`sig must be at least ${CryptoBytes} bytes`);
+  }
   if (sk.length !== CryptoSecretKeyBytes) {
     throw new Error(`invalid sk length ${sk.length} | Expected length ${CryptoSecretKeyBytes}`);
   }
 
+  const mBytes = messageToBytes(m);
+  if (!mBytes) {
+    throw new Error('message must be Uint8Array or hex string');
+  }
+
   const rho = new Uint8Array(SeedBytes);
   const tr = new Uint8Array(TRBytes);
   const key = new Uint8Array(SeedBytes);
@@ -1156,8 +1183,6 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning) {
 
   unpackSk(rho, tr, key, t0, s1, s2, sk);
 
-  // Convert hex message to bytes
-  const mBytes = typeof m === 'string' ? hexToBytes(m) : m;
   const mu = shake256.create({}).update(tr).update(mBytes).xof(CRHBytes);
 
   if (randomizedSigning) {
@@ -1236,7 +1261,7 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning) {
  * This is the combined sign operation that produces a "signed message" containing
  * both the signature and the original message (signature || message).
  *
- * @param {Uint8Array} msg - Message to sign
+ * @param {string|Uint8Array} msg - Message to sign (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce; if false, deterministic
  * @returns {Uint8Array} Signed message (CryptoBytes + msg.length bytes)
@@ -1247,12 +1272,17 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning) {
  * // signedMsg contains: signature (4595 bytes) || message
  */
 function cryptoSign(msg, sk, randomizedSigning) {
-  const sm = new Uint8Array(CryptoBytes + msg.length);
-  const mLen = msg.length;
+  const msgBytes = messageToBytes(msg);
+  if (!msgBytes) {
+    throw new Error('message must be Uint8Array or hex string');
+  }
+
+  const sm = new Uint8Array(CryptoBytes + msgBytes.length);
+  const mLen = msgBytes.length;
   for (let i = 0; i < mLen; ++i) {
-    sm[CryptoBytes + mLen - 1 - i] = msg[mLen - 1 - i];
+    sm[CryptoBytes + mLen - 1 - i] = msgBytes[mLen - 1 - i];
   }
-  const result = cryptoSignSignature(sm, msg, sk, randomizedSigning);
+  const result = cryptoSignSignature(sm, msgBytes, sk, randomizedSigning);
 
   if (result !== 0) {
     throw new Error('failed to sign');
@@ -1266,7 +1296,7 @@ function cryptoSign(msg, sk, randomizedSigning) {
  * Performs constant-time verification to prevent timing side-channel attacks.
  *
  * @param {Uint8Array} sig - Signature to verify (must be CryptoBytes = 4595 bytes)
- * @param {string|Uint8Array} m - Message that was signed (hex string or Uint8Array)
+ * @param {string|Uint8Array} m - Message that was signed (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} pk - Public key (must be CryptoPublicKeyBytes = 2592 bytes)
  * @returns {boolean} true if signature is valid, false otherwise
  *
@@ -1309,8 +1339,15 @@ function cryptoSignVerify(sig, m, pk) {
   const tr = shake256.create({}).update(pk).xof(TRBytes);
   mu.set(tr);
 
-  // Convert hex message to bytes
-  const mBytes = typeof m === 'string' ? hexToBytes(m) : m;
+  let mBytes;
+  try {
+    mBytes = messageToBytes(m);
+  } catch {
+    return false;
+  }
+  if (!mBytes) {
+    return false;
+  }
   const muFull = shake256.create({}).update(mu.slice(0, TRBytes)).update(mBytes).xof(CRHBytes);
   mu.set(muFull);
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@theqrl/dilithium5",
-  "version": "1.0.3",
+  "version": "1.0.5",
   "description": "Dilithium-5 cryptography",
   "keywords": [
     "dilithium",
@@ -48,19 +48,20 @@
   },
   "type": "module",
   "devDependencies": {
+    "@eslint/js": "^9.39.0",
     "c8": "^10.1.3",
-    "chai": "^5.2.1",
-    "eslint": "^8.57.1",
-    "eslint-config-airbnb": "^19.0.4",
-    "eslint-config-prettier": "^9.1.0",
-    "eslint-plugin-import": "^2.32.0",
+    "chai": "^6.2.2",
+    "eslint": "^9.39.2",
+    "eslint-config-prettier": "^10.1.8",
+    "eslint-plugin-import-x": "^4.15.0",
     "eslint-plugin-prettier": "^5.5.4",
-    "mocha": "^10.8.2",
+    "globals": "^17.0.0",
+    "mocha": "^11.7.5",
     "prettier": "^3.7.4",
     "rollup": "^4.55.1"
   },
   "dependencies": {
-    "@noble/hashes": "^1.7.1",
+    "@noble/hashes": "^2.0.1",
     "randombytes": "^2.1.0"
   }
 }

package/src/index.d.ts

@@ -56,7 +56,7 @@ export function cryptoSignKeypair(
 /**
  * Create a signature for a message
  * @param sig - Output buffer for signature (must be CryptoBytes length minimum)
- * @param m - Message to sign (hex-encoded string)
+ * @param m - Message to sign (hex string or Uint8Array)
  * @param sk - Secret key
  * @param randomizedSigning - If true, use random nonce; if false, deterministic
  * @returns 0 on success
@@ -64,7 +64,7 @@ export function cryptoSignKeypair(
  */
 export function cryptoSignSignature(
   sig: Uint8Array,
-  m: string,
+  m: Uint8Array | string,
   sk: Uint8Array,
   randomizedSigning: boolean
 ): number;
@@ -78,7 +78,7 @@ export function cryptoSignSignature(
  * @throws Error if signing fails
  */
 export function cryptoSign(
-  msg: Uint8Array,
+  msg: Uint8Array | string,
   sk: Uint8Array,
   randomizedSigning: boolean
 ): Uint8Array;
@@ -86,13 +86,13 @@ export function cryptoSign(
 /**
  * Verify a signature
  * @param sig - Signature to verify
- * @param m - Message that was signed (hex-encoded string)
+ * @param m - Message that was signed (hex string or Uint8Array)
  * @param pk - Public key
  * @returns true if signature is valid, false otherwise
  */
 export function cryptoSignVerify(
   sig: Uint8Array,
-  m: string,
+  m: Uint8Array | string,
   pk: Uint8Array
 ): boolean;