@theqrl/mldsa87 1.0.4 → 1.0.5

package/dist/cjs/mldsa87.js

@@ -2,6 +2,7 @@
 
 var sha3_js = require('@noble/hashes/sha3.js');
 var pkg = require('randombytes');
+var utils_js = require('@noble/hashes/utils.js');
 
 const Shake128Rate = 168;
 const Shake256Rate = 136;
@@ -1030,18 +1031,36 @@ const randomBytes = pkg;
 const DEFAULT_CTX = new Uint8Array([0x5a, 0x4f, 0x4e, 0x44]); // "ZOND"
 
 /**
- * Convert hex string to Uint8Array
- * @param {string} hex - Hex-encoded string
- * @returns {Uint8Array} Decoded bytes
+ * Convert hex string to Uint8Array with strict validation.
+ * @param {string} hex - Hex string (optional 0x prefix, even length).
+ * @returns {Uint8Array} Decoded bytes.
  * @private
  */
 function hexToBytes(hex) {
-  const len = hex.length / 2;
-  const result = new Uint8Array(len);
-  for (let i = 0; i < len; i++) {
-    result[i] = parseInt(hex.substr(i * 2, 2), 16);
+  if (typeof hex !== 'string') {
+    throw new Error('message must be a hex string');
   }
-  return result;
+  let clean = hex.trim();
+  if (clean.startsWith('0x') || clean.startsWith('0X')) {
+    clean = clean.slice(2);
+  }
+  if (clean.length % 2 !== 0) {
+    throw new Error('hex string must have an even length');
+  }
+  if (!/^[0-9a-fA-F]*$/.test(clean)) {
+    throw new Error('hex string contains non-hex characters');
+  }
+  return utils_js.hexToBytes(clean);
+}
+
+function messageToBytes(message) {
+  if (typeof message === 'string') {
+    return hexToBytes(message);
+  }
+  if (message instanceof Uint8Array) {
+    return message;
+  }
+  return null;
 }
 
 /**
@@ -1138,7 +1157,7 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * The context parameter provides domain separation as required by FIPS 204.
  *
  * @param {Uint8Array} sig - Output buffer for signature (must be at least CryptoBytes = 4627 bytes)
- * @param {string|Uint8Array} m - Message to sign (hex string or Uint8Array)
+ * @param {string|Uint8Array} m - Message to sign (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce for hedged signing.
  *   If false, use deterministic nonce derived from message and key.
@@ -1154,6 +1173,9 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * cryptoSignSignature(sig, message, sk, false, new Uint8Array([0x01, 0x02]));
  */
 function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx = DEFAULT_CTX) {
+  if (!sig || sig.length < CryptoBytes) {
+    throw new Error(`sig must be at least ${CryptoBytes} bytes`);
+  }
   if (ctx.length > 255) throw new Error(`invalid context length: ${ctx.length} (max 255)`);
   if (sk.length !== CryptoSecretKeyBytes) {
     throw new Error(`invalid sk length ${sk.length} | Expected length ${CryptoSecretKeyBytes}`);
@@ -1185,8 +1207,10 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx = DEFAULT_CTX) {
   pre[1] = ctx.length;
   pre.set(ctx, 2);
 
-  // Convert hex message to bytes
-  const mBytes = typeof m === 'string' ? hexToBytes(m) : m;
+  const mBytes = messageToBytes(m);
+  if (!mBytes) {
+    throw new Error('message must be Uint8Array or hex string');
+  }
 
   // mu = SHAKE256(tr || pre || m)
   const mu = sha3_js.shake256.create({}).update(tr).update(pre).update(mBytes).xof(CRHBytes);
@@ -1265,7 +1289,7 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx = DEFAULT_CTX) {
  * This is the combined sign operation that produces a "signed message" containing
  * both the signature and the original message (signature || message).
  *
- * @param {Uint8Array} msg - Message to sign
+ * @param {string|Uint8Array} msg - Message to sign (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce; if false, deterministic
  * @param {Uint8Array} [ctx=DEFAULT_CTX] - Context string for domain separation (max 255 bytes).
@@ -1278,12 +1302,17 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx = DEFAULT_CTX) {
  * // signedMsg contains: signature (4627 bytes) || message
  */
 function cryptoSign(msg, sk, randomizedSigning, ctx = DEFAULT_CTX) {
-  const sm = new Uint8Array(CryptoBytes + msg.length);
-  const mLen = msg.length;
+  const msgBytes = messageToBytes(msg);
+  if (!msgBytes) {
+    throw new Error('message must be Uint8Array or hex string');
+  }
+
+  const sm = new Uint8Array(CryptoBytes + msgBytes.length);
+  const mLen = msgBytes.length;
   for (let i = 0; i < mLen; ++i) {
-    sm[CryptoBytes + mLen - 1 - i] = msg[mLen - 1 - i];
+    sm[CryptoBytes + mLen - 1 - i] = msgBytes[mLen - 1 - i];
   }
-  const result = cryptoSignSignature(sm, msg, sk, randomizedSigning, ctx);
+  const result = cryptoSignSignature(sm, msgBytes, sk, randomizedSigning, ctx);
 
   if (result !== 0) {
     throw new Error('failed to sign');
@@ -1298,7 +1327,7 @@ function cryptoSign(msg, sk, randomizedSigning, ctx = DEFAULT_CTX) {
  * The context must match the one used during signing.
  *
  * @param {Uint8Array} sig - Signature to verify (must be CryptoBytes = 4627 bytes)
- * @param {string|Uint8Array} m - Message that was signed (hex string or Uint8Array)
+ * @param {string|Uint8Array} m - Message that was signed (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} pk - Public key (must be CryptoPublicKeyBytes = 2592 bytes)
  * @param {Uint8Array} [ctx=DEFAULT_CTX] - Context string used during signing (max 255 bytes).
  *   Defaults to "ZOND" for QRL compatibility.
@@ -1348,8 +1377,15 @@ function cryptoSignVerify(sig, m, pk, ctx = DEFAULT_CTX) {
   pre[1] = ctx.length;
   pre.set(ctx, 2);
 
-  // Convert hex message to bytes
-  const mBytes = typeof m === 'string' ? hexToBytes(m) : m;
+  let mBytes;
+  try {
+    mBytes = messageToBytes(m);
+  } catch {
+    return false;
+  }
+  if (!mBytes) {
+    return false;
+  }
   const muFull = sha3_js.shake256.create({}).update(tr).update(pre).update(mBytes).xof(CRHBytes);
   mu.set(muFull);
 

package/dist/mjs/mldsa87.js

@@ -1,5 +1,6 @@
 import { shake128, shake256 } from '@noble/hashes/sha3.js';
 import pkg from 'randombytes';
+import { hexToBytes as hexToBytes$1 } from '@noble/hashes/utils.js';
 
 const Shake128Rate = 168;
 const Shake256Rate = 136;
@@ -1028,18 +1029,36 @@ const randomBytes = pkg;
 const DEFAULT_CTX = new Uint8Array([0x5a, 0x4f, 0x4e, 0x44]); // "ZOND"
 
 /**
- * Convert hex string to Uint8Array
- * @param {string} hex - Hex-encoded string
- * @returns {Uint8Array} Decoded bytes
+ * Convert hex string to Uint8Array with strict validation.
+ * @param {string} hex - Hex string (optional 0x prefix, even length).
+ * @returns {Uint8Array} Decoded bytes.
  * @private
  */
 function hexToBytes(hex) {
-  const len = hex.length / 2;
-  const result = new Uint8Array(len);
-  for (let i = 0; i < len; i++) {
-    result[i] = parseInt(hex.substr(i * 2, 2), 16);
+  if (typeof hex !== 'string') {
+    throw new Error('message must be a hex string');
   }
-  return result;
+  let clean = hex.trim();
+  if (clean.startsWith('0x') || clean.startsWith('0X')) {
+    clean = clean.slice(2);
+  }
+  if (clean.length % 2 !== 0) {
+    throw new Error('hex string must have an even length');
+  }
+  if (!/^[0-9a-fA-F]*$/.test(clean)) {
+    throw new Error('hex string contains non-hex characters');
+  }
+  return hexToBytes$1(clean);
+}
+
+function messageToBytes(message) {
+  if (typeof message === 'string') {
+    return hexToBytes(message);
+  }
+  if (message instanceof Uint8Array) {
+    return message;
+  }
+  return null;
 }
 
 /**
@@ -1136,7 +1155,7 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * The context parameter provides domain separation as required by FIPS 204.
  *
  * @param {Uint8Array} sig - Output buffer for signature (must be at least CryptoBytes = 4627 bytes)
- * @param {string|Uint8Array} m - Message to sign (hex string or Uint8Array)
+ * @param {string|Uint8Array} m - Message to sign (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce for hedged signing.
  *   If false, use deterministic nonce derived from message and key.
@@ -1152,6 +1171,9 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * cryptoSignSignature(sig, message, sk, false, new Uint8Array([0x01, 0x02]));
  */
 function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx = DEFAULT_CTX) {
+  if (!sig || sig.length < CryptoBytes) {
+    throw new Error(`sig must be at least ${CryptoBytes} bytes`);
+  }
   if (ctx.length > 255) throw new Error(`invalid context length: ${ctx.length} (max 255)`);
   if (sk.length !== CryptoSecretKeyBytes) {
     throw new Error(`invalid sk length ${sk.length} | Expected length ${CryptoSecretKeyBytes}`);
@@ -1183,8 +1205,10 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx = DEFAULT_CTX) {
   pre[1] = ctx.length;
   pre.set(ctx, 2);
 
-  // Convert hex message to bytes
-  const mBytes = typeof m === 'string' ? hexToBytes(m) : m;
+  const mBytes = messageToBytes(m);
+  if (!mBytes) {
+    throw new Error('message must be Uint8Array or hex string');
+  }
 
   // mu = SHAKE256(tr || pre || m)
   const mu = shake256.create({}).update(tr).update(pre).update(mBytes).xof(CRHBytes);
@@ -1263,7 +1287,7 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx = DEFAULT_CTX) {
  * This is the combined sign operation that produces a "signed message" containing
  * both the signature and the original message (signature || message).
  *
- * @param {Uint8Array} msg - Message to sign
+ * @param {string|Uint8Array} msg - Message to sign (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce; if false, deterministic
  * @param {Uint8Array} [ctx=DEFAULT_CTX] - Context string for domain separation (max 255 bytes).
@@ -1276,12 +1300,17 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx = DEFAULT_CTX) {
  * // signedMsg contains: signature (4627 bytes) || message
  */
 function cryptoSign(msg, sk, randomizedSigning, ctx = DEFAULT_CTX) {
-  const sm = new Uint8Array(CryptoBytes + msg.length);
-  const mLen = msg.length;
+  const msgBytes = messageToBytes(msg);
+  if (!msgBytes) {
+    throw new Error('message must be Uint8Array or hex string');
+  }
+
+  const sm = new Uint8Array(CryptoBytes + msgBytes.length);
+  const mLen = msgBytes.length;
   for (let i = 0; i < mLen; ++i) {
-    sm[CryptoBytes + mLen - 1 - i] = msg[mLen - 1 - i];
+    sm[CryptoBytes + mLen - 1 - i] = msgBytes[mLen - 1 - i];
   }
-  const result = cryptoSignSignature(sm, msg, sk, randomizedSigning, ctx);
+  const result = cryptoSignSignature(sm, msgBytes, sk, randomizedSigning, ctx);
 
   if (result !== 0) {
     throw new Error('failed to sign');
@@ -1296,7 +1325,7 @@ function cryptoSign(msg, sk, randomizedSigning, ctx = DEFAULT_CTX) {
  * The context must match the one used during signing.
  *
  * @param {Uint8Array} sig - Signature to verify (must be CryptoBytes = 4627 bytes)
- * @param {string|Uint8Array} m - Message that was signed (hex string or Uint8Array)
+ * @param {string|Uint8Array} m - Message that was signed (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} pk - Public key (must be CryptoPublicKeyBytes = 2592 bytes)
  * @param {Uint8Array} [ctx=DEFAULT_CTX] - Context string used during signing (max 255 bytes).
  *   Defaults to "ZOND" for QRL compatibility.
@@ -1346,8 +1375,15 @@ function cryptoSignVerify(sig, m, pk, ctx = DEFAULT_CTX) {
   pre[1] = ctx.length;
   pre.set(ctx, 2);
 
-  // Convert hex message to bytes
-  const mBytes = typeof m === 'string' ? hexToBytes(m) : m;
+  let mBytes;
+  try {
+    mBytes = messageToBytes(m);
+  } catch {
+    return false;
+  }
+  if (!mBytes) {
+    return false;
+  }
   const muFull = shake256.create({}).update(tr).update(pre).update(mBytes).xof(CRHBytes);
   mu.set(muFull);
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@theqrl/mldsa87",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "description": "ML-DSA-87 cryptography",
   "keywords": [
     "ml-dsa",
@@ -55,7 +55,7 @@
     "eslint-config-prettier": "^10.1.8",
     "eslint-plugin-import-x": "^4.15.0",
     "eslint-plugin-prettier": "^5.5.4",
-    "globals": "^16.2.0",
+    "globals": "^17.0.0",
     "mocha": "^11.7.5",
     "prettier": "^3.7.4",
     "rollup": "^4.55.1"

package/src/index.d.ts

@@ -58,7 +58,7 @@ export function cryptoSignKeypair(
 /**
  * Create a signature for a message with optional context
  * @param sig - Output buffer for signature (must be CryptoBytes length minimum)
- * @param m - Message to sign (hex-encoded string)
+ * @param m - Message to sign (hex string or Uint8Array)
  * @param sk - Secret key
  * @param randomizedSigning - If true, use random nonce; if false, deterministic
  * @param ctx - Optional context string (max 255 bytes, defaults to "ZOND")
@@ -67,7 +67,7 @@ export function cryptoSignKeypair(
  */
 export function cryptoSignSignature(
   sig: Uint8Array,
-  m: string,
+  m: Uint8Array | string,
   sk: Uint8Array,
   randomizedSigning: boolean,
   ctx?: Uint8Array
@@ -83,7 +83,7 @@ export function cryptoSignSignature(
  * @throws Error if signing fails
  */
 export function cryptoSign(
-  msg: Uint8Array,
+  msg: Uint8Array | string,
   sk: Uint8Array,
   randomizedSigning: boolean,
   ctx?: Uint8Array
@@ -92,14 +92,14 @@ export function cryptoSign(
 /**
  * Verify a signature with optional context
  * @param sig - Signature to verify
- * @param m - Message that was signed (hex-encoded string)
+ * @param m - Message that was signed (hex string or Uint8Array)
  * @param pk - Public key
  * @param ctx - Optional context string (max 255 bytes, defaults to "ZOND")
  * @returns true if signature is valid, false otherwise
  */
 export function cryptoSignVerify(
   sig: Uint8Array,
-  m: string,
+  m: Uint8Array | string,
   pk: Uint8Array,
   ctx?: Uint8Array
 ): boolean;