@theqrl/dilithium5 1.0.4 → 1.0.6

package/README.md

@@ -64,7 +64,7 @@ Generate a keypair from a seed.
 
 Sign a message (combined mode: returns signature || message).
 
-- `message`: `Uint8Array` - message to sign
+- `message`: `Uint8Array` or `string` - message bytes; if `string`, it must be hex only (optional `0x`, even length). Plain-text strings are not accepted.
 - `sk`: `Uint8Array(4896)` - secret key
 - `randomized`: `boolean` - `true` for hedged signing, `false` for deterministic
 - Returns: `Uint8Array` containing signature + message
@@ -82,7 +82,7 @@ Verify and extract message from signed message.
 Create a detached signature.
 
 - `sig`: `Uint8Array(4595)` - output buffer for signature
-- `message`: `Uint8Array` - message to sign
+- `message`: `Uint8Array` or `string` - message bytes; if `string`, it must be hex only (optional `0x`, even length). Plain-text strings are not accepted.
 - `sk`: `Uint8Array(4896)` - secret key
 - `randomized`: `boolean` - `true` for hedged, `false` for deterministic
 - Returns: `0` on success
@@ -92,10 +92,12 @@ Create a detached signature.
 Verify a detached signature.
 
 - `sig`: `Uint8Array(4595)` - signature to verify
-- `message`: `Uint8Array` - original message
+- `message`: `Uint8Array` or `string` - original message bytes; if `string`, it must be hex only (optional `0x`, even length). Plain-text strings are not accepted.
 - `pk`: `Uint8Array(2592)` - public key
 - Returns: `true` if valid, `false` otherwise
 
+**Note:** To sign or verify plain text, convert it to bytes (e.g., `new TextEncoder().encode('Hello')`). String inputs are interpreted as hex only.
+
 #### `zeroize(buffer)`
 
 Zero out sensitive data (best-effort, see security notes).
@@ -139,7 +141,7 @@ See [SECURITY.md](../../SECURITY.md) for important information about:
 
 ## Requirements
 
-- Node.js 18+ or modern browsers with ES2020 support
+- Node.js 18.20+ or modern browsers with ES2020 support
 - Full TypeScript definitions included
 
 ## License

package/dist/cjs/dilithium5.js

@@ -1,8 +1,9 @@
 'use strict';
 
 var sha3_js = require('@noble/hashes/sha3.js');
-var pkg = require('randombytes');
+var utils_js = require('@noble/hashes/utils.js');
 
+var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
 const Shake128Rate = 168;
 const Shake256Rate = 136;
 const Stream128BlockBytes = Shake128Rate;
@@ -367,6 +368,8 @@ function polyUniform(a, seed, nonce) {
 
   let ctr = rejUniform(a.coeffs, 0, N, buf, bufLen);
 
+  // Note: With current parameters, needing extra blocks is vanishingly unlikely.
+  /* c8 ignore start */
   while (ctr < N) {
     off = bufLen % 3;
     for (let i = 0; i < off; ++i) buf[i] = buf[bufLen - off + i];
@@ -375,6 +378,7 @@ function polyUniform(a, seed, nonce) {
     bufLen = Stream128BlockBytes + off;
     ctr += rejUniform(a.coeffs, ctr, N - ctr, buf, bufLen);
   }
+  /* c8 ignore stop */
 }
 
 function rejEta(aP, aOffset, len, buf, bufLen) {
@@ -468,10 +472,13 @@ function polyChallenge(cP, seed) {
   }
   for (let i = N - TAU; i < N; ++i) {
     do {
+      // Note: Re-squeezing here is extremely unlikely with TAU=60.
+      /* c8 ignore start */
       if (pos >= Shake256Rate) {
         shake256SqueezeBlocks(buf, 0, 1, state);
         pos = 0;
       }
+      /* c8 ignore stop */
 
       b = buf[pos++];
     } while (b > i);
@@ -1016,21 +1023,118 @@ function unpackSig(cP, z, hP, sig) {
   return 0;
 }
 
-const randomBytes = pkg;
+const MAX_BYTES = 65536;
+const MAX_UINT32 = 0xffffffff;
+
+function getGlobalScope() {
+  if (typeof globalThis === 'object') return globalThis;
+  if (typeof self === 'object') return self;
+  if (typeof window === 'object') return window;
+  if (typeof global === 'object') return global;
+  return {};
+}
+
+function getWebCrypto() {
+  const scope = getGlobalScope();
+  return scope.crypto || scope.msCrypto || null;
+}
+
+function getNodeRandomBytes() {
+  /* c8 ignore next */
+  const isNode = typeof process === 'object' && process !== null && process.versions && process.versions.node;
+  if (!isNode) return null;
+
+  const req =
+    typeof module !== 'undefined' && module && typeof module.require === 'function'
+      ? module.require.bind(module)
+      : typeof module !== 'undefined' && module && typeof module.createRequire === 'function'
+        ? module.createRequire((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('dilithium5.js', document.baseURI).href)))
+        : typeof require === 'function'
+          ? require
+          : null;
+  if (!req) return null;
+
+  try {
+    const nodeCrypto = req('crypto');
+    if (nodeCrypto && typeof nodeCrypto.randomBytes === 'function') {
+      return nodeCrypto.randomBytes;
+    }
+  } catch {
+    return null;
+  }
+
+  return null;
+}
+
+function randomBytes(size) {
+  if (!Number.isSafeInteger(size) || size < 0) {
+    throw new RangeError('size must be a non-negative integer');
+  }
+  if (size > MAX_UINT32) {
+    throw new RangeError('requested too many random bytes');
+  }
+  if (size === 0) return new Uint8Array(0);
+
+  const cryptoObj = getWebCrypto();
+  if (cryptoObj && typeof cryptoObj.getRandomValues === 'function') {
+    const out = new Uint8Array(size);
+    for (let i = 0; i < size; i += MAX_BYTES) {
+      cryptoObj.getRandomValues(out.subarray(i, Math.min(size, i + MAX_BYTES)));
+    }
+    return out;
+  }
+
+  const nodeRandomBytes = getNodeRandomBytes();
+  if (nodeRandomBytes) {
+    return nodeRandomBytes(size);
+  }
+
+  throw new Error('Secure random number generation is not supported by this environment');
+}
 
 /**
- * Convert hex string to Uint8Array
- * @param {string} hex - Hex-encoded string
- * @returns {Uint8Array} Decoded bytes
+ * Convert hex string to Uint8Array with strict validation.
+ *
+ * NOTE: This function accepts multiple hex formats (with/without 0x prefix,
+ * leading/trailing whitespace). While user-friendly, this flexibility could
+ * mask input errors. Applications requiring strict format validation should
+ * validate hex format before calling cryptographic functions, e.g.:
+ *   - Reject strings with 0x prefix if raw hex is expected
+ *   - Reject strings with whitespace
+ *   - Enforce consistent casing (lowercase/uppercase)
+ *
+ * @param {string} hex - Hex string (optional 0x prefix, even length).
+ * @returns {Uint8Array} Decoded bytes.
  * @private
  */
 function hexToBytes(hex) {
-  const len = hex.length / 2;
-  const result = new Uint8Array(len);
-  for (let i = 0; i < len; i++) {
-    result[i] = parseInt(hex.substr(i * 2, 2), 16);
+  /* c8 ignore start */
+  if (typeof hex !== 'string') {
+    throw new Error('message must be a hex string');
+  }
+  /* c8 ignore stop */
+  let clean = hex.trim();
+  // Accepts both "0x..." and raw hex formats for convenience
+  if (clean.startsWith('0x') || clean.startsWith('0X')) {
+    clean = clean.slice(2);
+  }
+  if (clean.length % 2 !== 0) {
+    throw new Error('hex string must have an even length');
+  }
+  if (!/^[0-9a-fA-F]*$/.test(clean)) {
+    throw new Error('hex string contains non-hex characters');
+  }
+  return utils_js.hexToBytes(clean);
+}
+
+function messageToBytes(message) {
+  if (typeof message === 'string') {
+    return hexToBytes(message);
+  }
+  if (message instanceof Uint8Array) {
+    return message;
   }
-  return result;
+  throw new Error('message must be Uint8Array or hex string');
 }
 
 /**
@@ -1122,7 +1226,7 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * Uses the Dilithium-5 (Round 3) signing algorithm with rejection sampling.
  *
  * @param {Uint8Array} sig - Output buffer for signature (must be at least CryptoBytes = 4595 bytes)
- * @param {string|Uint8Array} m - Message to sign (hex string or Uint8Array)
+ * @param {string|Uint8Array} m - Message to sign (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce for hedged signing.
  *   If false, use deterministic nonce derived from message and key.
@@ -1134,10 +1238,15 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * cryptoSignSignature(sig, message, sk, false);
  */
 function cryptoSignSignature(sig, m, sk, randomizedSigning) {
+  if (!sig || sig.length < CryptoBytes) {
+    throw new Error(`sig must be at least ${CryptoBytes} bytes`);
+  }
   if (sk.length !== CryptoSecretKeyBytes) {
     throw new Error(`invalid sk length ${sk.length} | Expected length ${CryptoSecretKeyBytes}`);
   }
 
+  const mBytes = messageToBytes(m);
+
   const rho = new Uint8Array(SeedBytes);
   const tr = new Uint8Array(TRBytes);
   const key = new Uint8Array(SeedBytes);
@@ -1158,8 +1267,6 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning) {
 
   unpackSk(rho, tr, key, t0, s1, s2, sk);
 
-  // Convert hex message to bytes
-  const mBytes = typeof m === 'string' ? hexToBytes(m) : m;
   const mu = sha3_js.shake256.create({}).update(tr).update(mBytes).xof(CRHBytes);
 
   if (randomizedSigning) {
@@ -1217,15 +1324,19 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning) {
     polyVecKPointWisePolyMontgomery(h, cp, t0);
     polyVecKInvNTTToMont(h);
     polyVecKReduce(h);
+    /* c8 ignore start */
     if (polyVecKChkNorm(h, GAMMA2) !== 0) {
       continue;
     }
+    /* c8 ignore stop */
 
     polyVecKAdd(w0, w0, h);
     const n = polyVecKMakeHint(h, w0, w1);
+    /* c8 ignore start */
     if (n > OMEGA) {
       continue;
     }
+    /* c8 ignore stop */
 
     packSig(sig, sig, z, h);
     return 0;
@@ -1238,7 +1349,7 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning) {
  * This is the combined sign operation that produces a "signed message" containing
  * both the signature and the original message (signature || message).
  *
- * @param {Uint8Array} msg - Message to sign
+ * @param {string|Uint8Array} msg - Message to sign (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce; if false, deterministic
  * @returns {Uint8Array} Signed message (CryptoBytes + msg.length bytes)
@@ -1249,16 +1360,20 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning) {
  * // signedMsg contains: signature (4595 bytes) || message
  */
 function cryptoSign(msg, sk, randomizedSigning) {
-  const sm = new Uint8Array(CryptoBytes + msg.length);
-  const mLen = msg.length;
+  const msgBytes = messageToBytes(msg);
+
+  const sm = new Uint8Array(CryptoBytes + msgBytes.length);
+  const mLen = msgBytes.length;
   for (let i = 0; i < mLen; ++i) {
-    sm[CryptoBytes + mLen - 1 - i] = msg[mLen - 1 - i];
+    sm[CryptoBytes + mLen - 1 - i] = msgBytes[mLen - 1 - i];
   }
-  const result = cryptoSignSignature(sm, msg, sk, randomizedSigning);
+  const result = cryptoSignSignature(sm, msgBytes, sk, randomizedSigning);
 
+  /* c8 ignore start */
   if (result !== 0) {
     throw new Error('failed to sign');
   }
+  /* c8 ignore stop */
   return sm;
 }
 
@@ -1268,7 +1383,7 @@ function cryptoSign(msg, sk, randomizedSigning) {
  * Performs constant-time verification to prevent timing side-channel attacks.
  *
  * @param {Uint8Array} sig - Signature to verify (must be CryptoBytes = 4595 bytes)
- * @param {string|Uint8Array} m - Message that was signed (hex string or Uint8Array)
+ * @param {string|Uint8Array} m - Message that was signed (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} pk - Public key (must be CryptoPublicKeyBytes = 2592 bytes)
  * @returns {boolean} true if signature is valid, false otherwise
  *
@@ -1311,8 +1426,12 @@ function cryptoSignVerify(sig, m, pk) {
   const tr = sha3_js.shake256.create({}).update(pk).xof(TRBytes);
   mu.set(tr);
 
-  // Convert hex message to bytes
-  const mBytes = typeof m === 'string' ? hexToBytes(m) : m;
+  let mBytes;
+  try {
+    mBytes = messageToBytes(m);
+  } catch {
+    return false;
+  }
   const muFull = sha3_js.shake256.create({}).update(mu.slice(0, TRBytes)).update(mBytes).xof(CRHBytes);
   mu.set(muFull);
 

package/dist/mjs/dilithium5.js

@@ -1,5 +1,5 @@
 import { shake128, shake256 } from '@noble/hashes/sha3.js';
-import pkg from 'randombytes';
+import { hexToBytes as hexToBytes$1 } from '@noble/hashes/utils.js';
 
 const Shake128Rate = 168;
 const Shake256Rate = 136;
@@ -365,6 +365,8 @@ function polyUniform(a, seed, nonce) {
 
   let ctr = rejUniform(a.coeffs, 0, N, buf, bufLen);
 
+  // Note: With current parameters, needing extra blocks is vanishingly unlikely.
+  /* c8 ignore start */
   while (ctr < N) {
     off = bufLen % 3;
     for (let i = 0; i < off; ++i) buf[i] = buf[bufLen - off + i];
@@ -373,6 +375,7 @@ function polyUniform(a, seed, nonce) {
     bufLen = Stream128BlockBytes + off;
     ctr += rejUniform(a.coeffs, ctr, N - ctr, buf, bufLen);
   }
+  /* c8 ignore stop */
 }
 
 function rejEta(aP, aOffset, len, buf, bufLen) {
@@ -466,10 +469,13 @@ function polyChallenge(cP, seed) {
   }
   for (let i = N - TAU; i < N; ++i) {
     do {
+      // Note: Re-squeezing here is extremely unlikely with TAU=60.
+      /* c8 ignore start */
       if (pos >= Shake256Rate) {
         shake256SqueezeBlocks(buf, 0, 1, state);
         pos = 0;
       }
+      /* c8 ignore stop */
 
       b = buf[pos++];
     } while (b > i);
@@ -1014,21 +1020,118 @@ function unpackSig(cP, z, hP, sig) {
   return 0;
 }
 
-const randomBytes = pkg;
+const MAX_BYTES = 65536;
+const MAX_UINT32 = 0xffffffff;
+
+function getGlobalScope() {
+  if (typeof globalThis === 'object') return globalThis;
+  if (typeof self === 'object') return self;
+  if (typeof window === 'object') return window;
+  if (typeof global === 'object') return global;
+  return {};
+}
+
+function getWebCrypto() {
+  const scope = getGlobalScope();
+  return scope.crypto || scope.msCrypto || null;
+}
+
+function getNodeRandomBytes() {
+  /* c8 ignore next */
+  const isNode = typeof process === 'object' && process !== null && process.versions && process.versions.node;
+  if (!isNode) return null;
+
+  const req =
+    typeof module !== 'undefined' && module && typeof module.require === 'function'
+      ? module.require.bind(module)
+      : typeof module !== 'undefined' && module && typeof module.createRequire === 'function'
+        ? module.createRequire(import.meta.url)
+        : typeof require === 'function'
+          ? require
+          : null;
+  if (!req) return null;
+
+  try {
+    const nodeCrypto = req('crypto');
+    if (nodeCrypto && typeof nodeCrypto.randomBytes === 'function') {
+      return nodeCrypto.randomBytes;
+    }
+  } catch {
+    return null;
+  }
+
+  return null;
+}
+
+function randomBytes(size) {
+  if (!Number.isSafeInteger(size) || size < 0) {
+    throw new RangeError('size must be a non-negative integer');
+  }
+  if (size > MAX_UINT32) {
+    throw new RangeError('requested too many random bytes');
+  }
+  if (size === 0) return new Uint8Array(0);
+
+  const cryptoObj = getWebCrypto();
+  if (cryptoObj && typeof cryptoObj.getRandomValues === 'function') {
+    const out = new Uint8Array(size);
+    for (let i = 0; i < size; i += MAX_BYTES) {
+      cryptoObj.getRandomValues(out.subarray(i, Math.min(size, i + MAX_BYTES)));
+    }
+    return out;
+  }
+
+  const nodeRandomBytes = getNodeRandomBytes();
+  if (nodeRandomBytes) {
+    return nodeRandomBytes(size);
+  }
+
+  throw new Error('Secure random number generation is not supported by this environment');
+}
 
 /**
- * Convert hex string to Uint8Array
- * @param {string} hex - Hex-encoded string
- * @returns {Uint8Array} Decoded bytes
+ * Convert hex string to Uint8Array with strict validation.
+ *
+ * NOTE: This function accepts multiple hex formats (with/without 0x prefix,
+ * leading/trailing whitespace). While user-friendly, this flexibility could
+ * mask input errors. Applications requiring strict format validation should
+ * validate hex format before calling cryptographic functions, e.g.:
+ *   - Reject strings with 0x prefix if raw hex is expected
+ *   - Reject strings with whitespace
+ *   - Enforce consistent casing (lowercase/uppercase)
+ *
+ * @param {string} hex - Hex string (optional 0x prefix, even length).
+ * @returns {Uint8Array} Decoded bytes.
  * @private
  */
 function hexToBytes(hex) {
-  const len = hex.length / 2;
-  const result = new Uint8Array(len);
-  for (let i = 0; i < len; i++) {
-    result[i] = parseInt(hex.substr(i * 2, 2), 16);
+  /* c8 ignore start */
+  if (typeof hex !== 'string') {
+    throw new Error('message must be a hex string');
+  }
+  /* c8 ignore stop */
+  let clean = hex.trim();
+  // Accepts both "0x..." and raw hex formats for convenience
+  if (clean.startsWith('0x') || clean.startsWith('0X')) {
+    clean = clean.slice(2);
+  }
+  if (clean.length % 2 !== 0) {
+    throw new Error('hex string must have an even length');
+  }
+  if (!/^[0-9a-fA-F]*$/.test(clean)) {
+    throw new Error('hex string contains non-hex characters');
+  }
+  return hexToBytes$1(clean);
+}
+
+function messageToBytes(message) {
+  if (typeof message === 'string') {
+    return hexToBytes(message);
+  }
+  if (message instanceof Uint8Array) {
+    return message;
   }
-  return result;
+  throw new Error('message must be Uint8Array or hex string');
 }
 
 /**
@@ -1120,7 +1223,7 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * Uses the Dilithium-5 (Round 3) signing algorithm with rejection sampling.
  *
  * @param {Uint8Array} sig - Output buffer for signature (must be at least CryptoBytes = 4595 bytes)
- * @param {string|Uint8Array} m - Message to sign (hex string or Uint8Array)
+ * @param {string|Uint8Array} m - Message to sign (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce for hedged signing.
  *   If false, use deterministic nonce derived from message and key.
@@ -1132,10 +1235,15 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * cryptoSignSignature(sig, message, sk, false);
  */
 function cryptoSignSignature(sig, m, sk, randomizedSigning) {
+  if (!sig || sig.length < CryptoBytes) {
+    throw new Error(`sig must be at least ${CryptoBytes} bytes`);
+  }
   if (sk.length !== CryptoSecretKeyBytes) {
     throw new Error(`invalid sk length ${sk.length} | Expected length ${CryptoSecretKeyBytes}`);
   }
 
+  const mBytes = messageToBytes(m);
+
   const rho = new Uint8Array(SeedBytes);
   const tr = new Uint8Array(TRBytes);
   const key = new Uint8Array(SeedBytes);
@@ -1156,8 +1264,6 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning) {
 
   unpackSk(rho, tr, key, t0, s1, s2, sk);
 
-  // Convert hex message to bytes
-  const mBytes = typeof m === 'string' ? hexToBytes(m) : m;
   const mu = shake256.create({}).update(tr).update(mBytes).xof(CRHBytes);
 
   if (randomizedSigning) {
@@ -1215,15 +1321,19 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning) {
     polyVecKPointWisePolyMontgomery(h, cp, t0);
     polyVecKInvNTTToMont(h);
     polyVecKReduce(h);
+    /* c8 ignore start */
     if (polyVecKChkNorm(h, GAMMA2) !== 0) {
       continue;
     }
+    /* c8 ignore stop */
 
     polyVecKAdd(w0, w0, h);
     const n = polyVecKMakeHint(h, w0, w1);
+    /* c8 ignore start */
     if (n > OMEGA) {
       continue;
     }
+    /* c8 ignore stop */
 
     packSig(sig, sig, z, h);
     return 0;
@@ -1236,7 +1346,7 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning) {
  * This is the combined sign operation that produces a "signed message" containing
  * both the signature and the original message (signature || message).
  *
- * @param {Uint8Array} msg - Message to sign
+ * @param {string|Uint8Array} msg - Message to sign (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce; if false, deterministic
  * @returns {Uint8Array} Signed message (CryptoBytes + msg.length bytes)
@@ -1247,16 +1357,20 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning) {
  * // signedMsg contains: signature (4595 bytes) || message
  */
 function cryptoSign(msg, sk, randomizedSigning) {
-  const sm = new Uint8Array(CryptoBytes + msg.length);
-  const mLen = msg.length;
+  const msgBytes = messageToBytes(msg);
+
+  const sm = new Uint8Array(CryptoBytes + msgBytes.length);
+  const mLen = msgBytes.length;
   for (let i = 0; i < mLen; ++i) {
-    sm[CryptoBytes + mLen - 1 - i] = msg[mLen - 1 - i];
+    sm[CryptoBytes + mLen - 1 - i] = msgBytes[mLen - 1 - i];
   }
-  const result = cryptoSignSignature(sm, msg, sk, randomizedSigning);
+  const result = cryptoSignSignature(sm, msgBytes, sk, randomizedSigning);
 
+  /* c8 ignore start */
   if (result !== 0) {
     throw new Error('failed to sign');
   }
+  /* c8 ignore stop */
   return sm;
 }
 
@@ -1266,7 +1380,7 @@ function cryptoSign(msg, sk, randomizedSigning) {
  * Performs constant-time verification to prevent timing side-channel attacks.
  *
  * @param {Uint8Array} sig - Signature to verify (must be CryptoBytes = 4595 bytes)
- * @param {string|Uint8Array} m - Message that was signed (hex string or Uint8Array)
+ * @param {string|Uint8Array} m - Message that was signed (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} pk - Public key (must be CryptoPublicKeyBytes = 2592 bytes)
  * @returns {boolean} true if signature is valid, false otherwise
  *
@@ -1309,8 +1423,12 @@ function cryptoSignVerify(sig, m, pk) {
   const tr = shake256.create({}).update(pk).xof(TRBytes);
   mu.set(tr);
 
-  // Convert hex message to bytes
-  const mBytes = typeof m === 'string' ? hexToBytes(m) : m;
+  let mBytes;
+  try {
+    mBytes = messageToBytes(m);
+  } catch {
+    return false;
+  }
   const muFull = shake256.create({}).update(mu.slice(0, TRBytes)).update(mBytes).xof(CRHBytes);
   mu.set(muFull);
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@theqrl/dilithium5",
-  "version": "1.0.4",
+  "version": "1.0.6",
   "description": "Dilithium-5 cryptography",
   "keywords": [
     "dilithium",
@@ -31,10 +31,12 @@
     "url": "git+https://github.com/theQRL/qrypto.js.git"
   },
   "scripts": {
-    "test": "../../node_modules/mocha/bin/mocha.js --timeout 10000",
+    "test": "../../node_modules/mocha/bin/mocha.js --require ../../scripts/node-test-setup.cjs --timeout 10000",
+    "test:browser": "playwright test",
     "build": "rollup src/index.js --file ./dist/cjs/dilithium5.js --format cjs && rollup src/index.js --file ./dist/mjs/dilithium5.js --format esm && ./fixup",
     "lint-check": "eslint 'src/**/*.js' 'test/**/*.js'",
     "lint": "eslint --fix 'src/**/*.js' 'test/**/*.js'",
+    "coverage": "c8 npm run test",
     "report-coverage": "c8 --reporter=text-lcov npm run test > coverage.lcov"
   },
   "bugs": {
@@ -47,6 +49,9 @@
     }
   },
   "type": "module",
+  "engines": {
+    "node": ">=18.20.0"
+  },
   "devDependencies": {
     "@eslint/js": "^9.39.0",
     "c8": "^10.1.3",
@@ -55,13 +60,12 @@
     "eslint-config-prettier": "^10.1.8",
     "eslint-plugin-import-x": "^4.15.0",
     "eslint-plugin-prettier": "^5.5.4",
-    "globals": "^16.2.0",
+    "globals": "^17.0.0",
     "mocha": "^11.7.5",
     "prettier": "^3.7.4",
     "rollup": "^4.55.1"
   },
   "dependencies": {
-    "@noble/hashes": "^2.0.1",
-    "randombytes": "^2.1.0"
+    "@noble/hashes": "^2.0.1"
   }
 }

package/src/index.d.ts

@@ -56,7 +56,7 @@ export function cryptoSignKeypair(
 /**
  * Create a signature for a message
  * @param sig - Output buffer for signature (must be CryptoBytes length minimum)
- * @param m - Message to sign (hex-encoded string)
+ * @param m - Message to sign (hex string or Uint8Array; strings are parsed as hex only)
  * @param sk - Secret key
  * @param randomizedSigning - If true, use random nonce; if false, deterministic
  * @returns 0 on success
@@ -64,7 +64,7 @@ export function cryptoSignKeypair(
  */
 export function cryptoSignSignature(
   sig: Uint8Array,
-  m: string,
+  m: Uint8Array | string,
   sk: Uint8Array,
   randomizedSigning: boolean
 ): number;
@@ -78,7 +78,7 @@ export function cryptoSignSignature(
  * @throws Error if signing fails
  */
 export function cryptoSign(
-  msg: Uint8Array,
+  msg: Uint8Array | string,
   sk: Uint8Array,
   randomizedSigning: boolean
 ): Uint8Array;
@@ -86,13 +86,13 @@ export function cryptoSign(
 /**
  * Verify a signature
  * @param sig - Signature to verify
- * @param m - Message that was signed (hex-encoded string)
+ * @param m - Message that was signed (hex string or Uint8Array; strings are parsed as hex only)
  * @param pk - Public key
  * @returns true if signature is valid, false otherwise
  */
 export function cryptoSignVerify(
   sig: Uint8Array,
-  m: string,
+  m: Uint8Array | string,
   pk: Uint8Array
 ): boolean;