npm - @theqrl/mldsa87 - Versions diffs - 2.0.0 → 2.0.1 - Mend

@theqrl/mldsa87 2.0.0 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -74,7 +74,7 @@ Context is a required `Uint8Array` and can be 0-255 bytes. Use an empty `Uint8Ar
 Generate a keypair from a seed.
-- `seed`: `Uint8Array(32)` or `null` for random
+- `seed`: `Uint8Array(32)`, `null`, or `undefined` for random
 - `pk`: `Uint8Array(2592)` - output buffer for public key
 - `sk`: `Uint8Array(4896)` - output buffer for secret key
 - Returns: The seed used (useful when `seed` is `null`)
@@ -125,10 +125,17 @@ Verify a detached signature.
 Zero out sensitive data (best-effort, see security notes).
+- `buffer`: `Uint8Array` - the buffer to zero
+- Throws: `TypeError` if buffer is not a `Uint8Array`
 #### `isZero(buffer)`
 Check if buffer is all zeros (constant-time).
+- `buffer`: `Uint8Array` - the buffer to check
+- Returns: `true` if all bytes are zero
+- Throws: `TypeError` if buffer is not a `Uint8Array`
 ## Interoperability
 Both this library and go-qrllib process ML-DSA-87 seeds identically. Raw seeds produce matching keys:

package/dist/cjs/mldsa87.js CHANGED Viewed

@@ -539,12 +539,16 @@ function montgomeryReduce(a) {
   return t;
 }
+// Partial reduction modulo Q. Input must satisfy |a| < 2^31 - 2^22.
+// Output is in (-Q, Q). Mirrors the reference C implementation.
 function reduce32(a) {
   let t = (a + (1 << 22)) >> 23;
   t = a - t * Q;
   return t;
 }
+// Conditional add Q: if a is negative, add Q. Input must satisfy -Q < a < 2^31.
+// Output is in [0, Q). Mirrors the reference C implementation.
 function cAddQ(a) {
   let ar = a;
   ar += (ar >> 31) & Q;
@@ -706,10 +710,7 @@ function polyChkNorm(a, b) {
   }
   for (let i = 0; i < N; i++) {
-    let t = a.coeffs[i] >> 31;
-    t = a.coeffs[i] - (t & (2 * a.coeffs[i]));
-    if (t >= b) {
+    if (Math.abs(a.coeffs[i]) >= b) {
       return 1;
     }
   }
@@ -1250,6 +1251,9 @@ function packPk(pkp, rho, t1) {
 }
 function unpackPk(rhop, t1, pk) {
+  if (!(pk instanceof Uint8Array) || pk.length !== CryptoPublicKeyBytes) {
+    throw new Error(`pk must be a Uint8Array of ${CryptoPublicKeyBytes} bytes`);
+  }
   const rho = rhop;
   for (let i = 0; i < SeedBytes; ++i) {
     rho[i] = pk[i];
@@ -1294,6 +1298,9 @@ function packSk(skp, rho, tr, key, t0, s1, s2) {
 }
 function unpackSk(rhoP, trP, keyP, t0, s1, s2, sk) {
+  if (!(sk instanceof Uint8Array) || sk.length !== CryptoSecretKeyBytes) {
+    throw new Error(`sk must be a Uint8Array of ${CryptoSecretKeyBytes} bytes`);
+  }
   let skOffset = 0;
   const rho = rhoP;
   const tr = trP;
@@ -1357,7 +1364,12 @@ function packSig(sigP, ctilde, z, h) {
   }
 }
+// Returns 0 on success, 1 on failure. On failure, output buffers (c, z, h)
+// may contain partial data and must not be used.
 function unpackSig(cP, z, hP, sig) {
+  if (!(sig instanceof Uint8Array) || sig.length !== CryptoBytes) {
+    throw new Error(`sig must be a Uint8Array of ${CryptoBytes} bytes`);
+  }
   let sigOffset = 0;
   const c = cP; // ctilde
   const h = hP;
@@ -1452,6 +1464,8 @@ function randomBytes(size) {
  *
  * @param {Uint8Array} buffer - The buffer to zero
  * @returns {void}
+ * @throws {TypeError} If buffer is not a Uint8Array
+ * @throws {Error} If zeroization verification fails
  */
 function zeroize(buffer) {
   if (!(buffer instanceof Uint8Array)) {
@@ -1474,6 +1488,7 @@ function zeroize(buffer) {
  *
  * @param {Uint8Array} buffer - The buffer to check
  * @returns {boolean} True if all bytes are zero
+ * @throws {TypeError} If buffer is not a Uint8Array
  */
 function isZero(buffer) {
   if (!(buffer instanceof Uint8Array)) {
@@ -1489,16 +1504,12 @@ function isZero(buffer) {
 /**
  * Convert hex string to Uint8Array with strict validation.
  *
- * NOTE: This function accepts multiple hex formats (with/without 0x prefix,
- * leading/trailing whitespace). While user-friendly, this flexibility could
- * mask input errors. Applications requiring strict format validation should
- * validate hex format before calling cryptographic functions, e.g.:
- *   - Reject strings with 0x prefix if raw hex is expected
- *   - Reject strings with whitespace
- *   - Enforce consistent casing (lowercase/uppercase)
+ * Accepts an optional 0x/0X prefix. Leading/trailing whitespace is rejected.
+ * Empty strings and whitespace-only strings are rejected.
  *
- * @param {string} hex - Hex string (optional 0x prefix, even length).
+ * @param {string} hex - Hex string (optional 0x prefix, even length, no whitespace).
  * @returns {Uint8Array} Decoded bytes.
+ * @throws {Error} If input is not a valid hex string
  * @private
  */
 function hexToBytes(hex) {
@@ -1507,11 +1518,16 @@ function hexToBytes(hex) {
     throw new Error('message must be a hex string');
   }
   /* c8 ignore stop */
-  let clean = hex.trim();
-  // Accepts both "0x..." and raw hex formats for convenience
+  if (hex !== hex.trim()) {
+    throw new Error('hex string must not have leading or trailing whitespace');
+  }
+  let clean = hex;
   if (clean.startsWith('0x') || clean.startsWith('0X')) {
     clean = clean.slice(2);
   }
+  if (clean.length === 0) {
+    throw new Error('hex string must not be empty');
+  }
   if (clean.length % 2 !== 0) {
     throw new Error('hex string must have an even length');
   }
@@ -1521,6 +1537,14 @@ function hexToBytes(hex) {
   return hexToBytes$1(clean);
 }
+/**
+ * Convert a message to Uint8Array.
+ *
+ * @param {string|Uint8Array} message - Message as hex string (optional 0x prefix) or Uint8Array.
+ * @returns {Uint8Array} Message bytes.
+ * @throws {Error} If message is not a Uint8Array or valid hex string
+ * @private
+ */
 function messageToBytes(message) {
   if (typeof message === 'string') {
     return hexToBytes(message);
@@ -1537,8 +1561,8 @@ function messageToBytes(message) {
  * Key generation follows FIPS 204, using domain separator [K, L] during
  * seed expansion to ensure algorithm binding.
  *
- * @param {Uint8Array|null} passedSeed - Optional 32-byte seed for deterministic key generation.
- *   Pass null for random key generation.
+ * @param {Uint8Array|null} [passedSeed=null] - Optional 32-byte seed for deterministic key generation.
+ *   Pass null or undefined for random key generation.
  * @param {Uint8Array} pk - Output buffer for public key (must be CryptoPublicKeyBytes = 2592 bytes)
  * @param {Uint8Array} sk - Output buffer for secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @returns {Uint8Array} The seed used for key generation (useful when passedSeed is null)
@@ -1630,7 +1654,7 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
 }
 /**
- * Create a detached signature for a message with optional context.
+ * Create a detached signature for a message with context.
  *
  * Uses the ML-DSA-87 (FIPS 204) signing algorithm with rejection sampling.
  * The context parameter provides domain separation as required by FIPS 204.
@@ -1640,9 +1664,16 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce for hedged signing.
  *   If false, use deterministic nonce derived from message and key.
- * @param {Uint8Array} ctx - Context string for domain separation (max 255 bytes).
+ * @param {Uint8Array} ctx - Context string for domain separation (required, max 255 bytes).
+ *   Pass an empty Uint8Array for no context.
  * @returns {number} 0 on success
- * @throws {Error} If ctx is missing, sk is wrong size, or context exceeds 255 bytes
+ * @throws {TypeError} If sig is not a Uint8Array or is smaller than CryptoBytes
+ * @throws {TypeError} If sk is not a Uint8Array
+ * @throws {TypeError} If ctx is not a Uint8Array
+ * @throws {TypeError} If randomizedSigning is not a boolean
+ * @throws {Error} If ctx exceeds 255 bytes
+ * @throws {Error} If sk length does not equal CryptoSecretKeyBytes
+ * @throws {Error} If message is not a Uint8Array or valid hex string
  *
  * @example
  * const sig = new Uint8Array(CryptoBytes);
@@ -1650,13 +1681,19 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * cryptoSignSignature(sig, message, sk, false, ctx);
  */
 function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx) {
-  if (!sig || sig.length < CryptoBytes) {
-    throw new Error(`sig must be at least ${CryptoBytes} bytes`);
+  if (!(sig instanceof Uint8Array) || sig.length < CryptoBytes) {
+    throw new TypeError(`sig must be at least ${CryptoBytes} bytes and a Uint8Array`);
+  }
+  if (!(sk instanceof Uint8Array)) {
+    throw new TypeError('sk must be a Uint8Array');
   }
   if (!(ctx instanceof Uint8Array)) {
     throw new TypeError('ctx is required and must be a Uint8Array');
   }
   if (ctx.length > 255) throw new Error(`invalid context length: ${ctx.length} (max 255)`);
+  if (typeof randomizedSigning !== 'boolean') {
+    throw new TypeError('randomizedSigning must be a boolean');
+  }
   if (sk.length !== CryptoSecretKeyBytes) {
     throw new Error(`invalid sk length ${sk.length} | Expected length ${CryptoSecretKeyBytes}`);
   }
@@ -1782,9 +1819,11 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx) {
  * @param {string|Uint8Array} msg - Message to sign (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce; if false, deterministic
- * @param {Uint8Array} ctx - Context string for domain separation (max 255 bytes).
+ * @param {Uint8Array} ctx - Context string for domain separation (required, max 255 bytes).
  * @returns {Uint8Array} Signed message (CryptoBytes + msg.length bytes)
- * @throws {Error} If signing fails
+ * @throws {TypeError} If ctx is not a Uint8Array
+ * @throws {TypeError} If sk or randomizedSigning fail type validation (see cryptoSignSignature)
+ * @throws {Error} If signing fails or message/sk/ctx are invalid
  *
  * @example
  * const signedMsg = cryptoSign(message, sk, false, ctx);
@@ -1812,7 +1851,7 @@ function cryptoSign(msg, sk, randomizedSigning, ctx) {
 }
 /**
- * Verify a detached signature with optional context.
+ * Verify a detached signature with context.
  *
  * Performs constant-time verification to prevent timing side-channel attacks.
  * The context must match the one used during signing.
@@ -1820,8 +1859,9 @@ function cryptoSign(msg, sk, randomizedSigning, ctx) {
  * @param {Uint8Array} sig - Signature to verify (must be CryptoBytes = 4627 bytes)
  * @param {string|Uint8Array} m - Message that was signed (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} pk - Public key (must be CryptoPublicKeyBytes = 2592 bytes)
- * @param {Uint8Array} ctx - Context string used during signing (max 255 bytes).
+ * @param {Uint8Array} ctx - Context string used during signing (required, max 255 bytes).
  * @returns {boolean} true if signature is valid, false otherwise
+ * @throws {TypeError} If ctx is not a Uint8Array
  *
  * @example
  * const isValid = cryptoSignVerify(signature, message, pk, ctx);
@@ -1847,10 +1887,10 @@ function cryptoSignVerify(sig, m, pk, ctx) {
   const w1 = new PolyVecK();
   const h = new PolyVecK();
-  if (sig.length !== CryptoBytes) {
+  if (!(sig instanceof Uint8Array) || sig.length !== CryptoBytes) {
     return false;
   }
-  if (pk.length !== CryptoPublicKeyBytes) {
+  if (!(pk instanceof Uint8Array) || pk.length !== CryptoPublicKeyBytes) {
     return false;
   }
@@ -1920,8 +1960,9 @@ function cryptoSignVerify(sig, m, pk, ctx) {
  *
  * @param {Uint8Array} sm - Signed message (signature || message)
  * @param {Uint8Array} pk - Public key (must be CryptoPublicKeyBytes = 2592 bytes)
- * @param {Uint8Array} ctx - Context string used during signing (max 255 bytes).
+ * @param {Uint8Array} ctx - Context string used during signing (required, max 255 bytes).
  * @returns {Uint8Array|undefined} The original message if valid, undefined if verification fails
+ * @throws {TypeError} If ctx is not a Uint8Array
  *
  * @example
  * const message = cryptoSignOpen(signedMsg, pk, ctx);

package/dist/mjs/mldsa87.js CHANGED Viewed

@@ -160,12 +160,16 @@ function montgomeryReduce(a) {
   return t;
 }
+// Partial reduction modulo Q. Input must satisfy |a| < 2^31 - 2^22.
+// Output is in (-Q, Q). Mirrors the reference C implementation.
 function reduce32(a) {
   let t = (a + (1 << 22)) >> 23;
   t = a - t * Q;
   return t;
 }
+// Conditional add Q: if a is negative, add Q. Input must satisfy -Q < a < 2^31.
+// Output is in [0, Q). Mirrors the reference C implementation.
 function cAddQ(a) {
   let ar = a;
   ar += (ar >> 31) & Q;
@@ -327,10 +331,7 @@ function polyChkNorm(a, b) {
   }
   for (let i = 0; i < N; i++) {
-    let t = a.coeffs[i] >> 31;
-    t = a.coeffs[i] - (t & (2 * a.coeffs[i]));
-    if (t >= b) {
+    if (Math.abs(a.coeffs[i]) >= b) {
       return 1;
     }
   }
@@ -871,6 +872,9 @@ function packPk(pkp, rho, t1) {
 }
 function unpackPk(rhop, t1, pk) {
+  if (!(pk instanceof Uint8Array) || pk.length !== CryptoPublicKeyBytes) {
+    throw new Error(`pk must be a Uint8Array of ${CryptoPublicKeyBytes} bytes`);
+  }
   const rho = rhop;
   for (let i = 0; i < SeedBytes; ++i) {
     rho[i] = pk[i];
@@ -915,6 +919,9 @@ function packSk(skp, rho, tr, key, t0, s1, s2) {
 }
 function unpackSk(rhoP, trP, keyP, t0, s1, s2, sk) {
+  if (!(sk instanceof Uint8Array) || sk.length !== CryptoSecretKeyBytes) {
+    throw new Error(`sk must be a Uint8Array of ${CryptoSecretKeyBytes} bytes`);
+  }
   let skOffset = 0;
   const rho = rhoP;
   const tr = trP;
@@ -978,7 +985,12 @@ function packSig(sigP, ctilde, z, h) {
   }
 }
+// Returns 0 on success, 1 on failure. On failure, output buffers (c, z, h)
+// may contain partial data and must not be used.
 function unpackSig(cP, z, hP, sig) {
+  if (!(sig instanceof Uint8Array) || sig.length !== CryptoBytes) {
+    throw new Error(`sig must be a Uint8Array of ${CryptoBytes} bytes`);
+  }
   let sigOffset = 0;
   const c = cP; // ctilde
   const h = hP;
@@ -1073,6 +1085,8 @@ function randomBytes(size) {
  *
  * @param {Uint8Array} buffer - The buffer to zero
  * @returns {void}
+ * @throws {TypeError} If buffer is not a Uint8Array
+ * @throws {Error} If zeroization verification fails
  */
 function zeroize(buffer) {
   if (!(buffer instanceof Uint8Array)) {
@@ -1095,6 +1109,7 @@ function zeroize(buffer) {
  *
  * @param {Uint8Array} buffer - The buffer to check
  * @returns {boolean} True if all bytes are zero
+ * @throws {TypeError} If buffer is not a Uint8Array
  */
 function isZero(buffer) {
   if (!(buffer instanceof Uint8Array)) {
@@ -1110,16 +1125,12 @@ function isZero(buffer) {
 /**
  * Convert hex string to Uint8Array with strict validation.
  *
- * NOTE: This function accepts multiple hex formats (with/without 0x prefix,
- * leading/trailing whitespace). While user-friendly, this flexibility could
- * mask input errors. Applications requiring strict format validation should
- * validate hex format before calling cryptographic functions, e.g.:
- *   - Reject strings with 0x prefix if raw hex is expected
- *   - Reject strings with whitespace
- *   - Enforce consistent casing (lowercase/uppercase)
+ * Accepts an optional 0x/0X prefix. Leading/trailing whitespace is rejected.
+ * Empty strings and whitespace-only strings are rejected.
  *
- * @param {string} hex - Hex string (optional 0x prefix, even length).
+ * @param {string} hex - Hex string (optional 0x prefix, even length, no whitespace).
  * @returns {Uint8Array} Decoded bytes.
+ * @throws {Error} If input is not a valid hex string
  * @private
  */
 function hexToBytes(hex) {
@@ -1128,11 +1139,16 @@ function hexToBytes(hex) {
     throw new Error('message must be a hex string');
   }
   /* c8 ignore stop */
-  let clean = hex.trim();
-  // Accepts both "0x..." and raw hex formats for convenience
+  if (hex !== hex.trim()) {
+    throw new Error('hex string must not have leading or trailing whitespace');
+  }
+  let clean = hex;
   if (clean.startsWith('0x') || clean.startsWith('0X')) {
     clean = clean.slice(2);
   }
+  if (clean.length === 0) {
+    throw new Error('hex string must not be empty');
+  }
   if (clean.length % 2 !== 0) {
     throw new Error('hex string must have an even length');
   }
@@ -1142,6 +1158,14 @@ function hexToBytes(hex) {
   return hexToBytes$1(clean);
 }
+/**
+ * Convert a message to Uint8Array.
+ *
+ * @param {string|Uint8Array} message - Message as hex string (optional 0x prefix) or Uint8Array.
+ * @returns {Uint8Array} Message bytes.
+ * @throws {Error} If message is not a Uint8Array or valid hex string
+ * @private
+ */
 function messageToBytes(message) {
   if (typeof message === 'string') {
     return hexToBytes(message);
@@ -1158,8 +1182,8 @@ function messageToBytes(message) {
  * Key generation follows FIPS 204, using domain separator [K, L] during
  * seed expansion to ensure algorithm binding.
  *
- * @param {Uint8Array|null} passedSeed - Optional 32-byte seed for deterministic key generation.
- *   Pass null for random key generation.
+ * @param {Uint8Array|null} [passedSeed=null] - Optional 32-byte seed for deterministic key generation.
+ *   Pass null or undefined for random key generation.
  * @param {Uint8Array} pk - Output buffer for public key (must be CryptoPublicKeyBytes = 2592 bytes)
  * @param {Uint8Array} sk - Output buffer for secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @returns {Uint8Array} The seed used for key generation (useful when passedSeed is null)
@@ -1251,7 +1275,7 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
 }
 /**
- * Create a detached signature for a message with optional context.
+ * Create a detached signature for a message with context.
  *
  * Uses the ML-DSA-87 (FIPS 204) signing algorithm with rejection sampling.
  * The context parameter provides domain separation as required by FIPS 204.
@@ -1261,9 +1285,16 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce for hedged signing.
  *   If false, use deterministic nonce derived from message and key.
- * @param {Uint8Array} ctx - Context string for domain separation (max 255 bytes).
+ * @param {Uint8Array} ctx - Context string for domain separation (required, max 255 bytes).
+ *   Pass an empty Uint8Array for no context.
  * @returns {number} 0 on success
- * @throws {Error} If ctx is missing, sk is wrong size, or context exceeds 255 bytes
+ * @throws {TypeError} If sig is not a Uint8Array or is smaller than CryptoBytes
+ * @throws {TypeError} If sk is not a Uint8Array
+ * @throws {TypeError} If ctx is not a Uint8Array
+ * @throws {TypeError} If randomizedSigning is not a boolean
+ * @throws {Error} If ctx exceeds 255 bytes
+ * @throws {Error} If sk length does not equal CryptoSecretKeyBytes
+ * @throws {Error} If message is not a Uint8Array or valid hex string
  *
  * @example
  * const sig = new Uint8Array(CryptoBytes);
@@ -1271,13 +1302,19 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * cryptoSignSignature(sig, message, sk, false, ctx);
  */
 function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx) {
-  if (!sig || sig.length < CryptoBytes) {
-    throw new Error(`sig must be at least ${CryptoBytes} bytes`);
+  if (!(sig instanceof Uint8Array) || sig.length < CryptoBytes) {
+    throw new TypeError(`sig must be at least ${CryptoBytes} bytes and a Uint8Array`);
+  }
+  if (!(sk instanceof Uint8Array)) {
+    throw new TypeError('sk must be a Uint8Array');
   }
   if (!(ctx instanceof Uint8Array)) {
     throw new TypeError('ctx is required and must be a Uint8Array');
   }
   if (ctx.length > 255) throw new Error(`invalid context length: ${ctx.length} (max 255)`);
+  if (typeof randomizedSigning !== 'boolean') {
+    throw new TypeError('randomizedSigning must be a boolean');
+  }
   if (sk.length !== CryptoSecretKeyBytes) {
     throw new Error(`invalid sk length ${sk.length} | Expected length ${CryptoSecretKeyBytes}`);
   }
@@ -1403,9 +1440,11 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx) {
  * @param {string|Uint8Array} msg - Message to sign (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce; if false, deterministic
- * @param {Uint8Array} ctx - Context string for domain separation (max 255 bytes).
+ * @param {Uint8Array} ctx - Context string for domain separation (required, max 255 bytes).
  * @returns {Uint8Array} Signed message (CryptoBytes + msg.length bytes)
- * @throws {Error} If signing fails
+ * @throws {TypeError} If ctx is not a Uint8Array
+ * @throws {TypeError} If sk or randomizedSigning fail type validation (see cryptoSignSignature)
+ * @throws {Error} If signing fails or message/sk/ctx are invalid
  *
  * @example
  * const signedMsg = cryptoSign(message, sk, false, ctx);
@@ -1433,7 +1472,7 @@ function cryptoSign(msg, sk, randomizedSigning, ctx) {
 }
 /**
- * Verify a detached signature with optional context.
+ * Verify a detached signature with context.
  *
  * Performs constant-time verification to prevent timing side-channel attacks.
  * The context must match the one used during signing.
@@ -1441,8 +1480,9 @@ function cryptoSign(msg, sk, randomizedSigning, ctx) {
  * @param {Uint8Array} sig - Signature to verify (must be CryptoBytes = 4627 bytes)
  * @param {string|Uint8Array} m - Message that was signed (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} pk - Public key (must be CryptoPublicKeyBytes = 2592 bytes)
- * @param {Uint8Array} ctx - Context string used during signing (max 255 bytes).
+ * @param {Uint8Array} ctx - Context string used during signing (required, max 255 bytes).
  * @returns {boolean} true if signature is valid, false otherwise
+ * @throws {TypeError} If ctx is not a Uint8Array
  *
  * @example
  * const isValid = cryptoSignVerify(signature, message, pk, ctx);
@@ -1468,10 +1508,10 @@ function cryptoSignVerify(sig, m, pk, ctx) {
   const w1 = new PolyVecK();
   const h = new PolyVecK();
-  if (sig.length !== CryptoBytes) {
+  if (!(sig instanceof Uint8Array) || sig.length !== CryptoBytes) {
     return false;
   }
-  if (pk.length !== CryptoPublicKeyBytes) {
+  if (!(pk instanceof Uint8Array) || pk.length !== CryptoPublicKeyBytes) {
     return false;
   }
@@ -1541,8 +1581,9 @@ function cryptoSignVerify(sig, m, pk, ctx) {
  *
  * @param {Uint8Array} sm - Signed message (signature || message)
  * @param {Uint8Array} pk - Public key (must be CryptoPublicKeyBytes = 2592 bytes)
- * @param {Uint8Array} ctx - Context string used during signing (max 255 bytes).
+ * @param {Uint8Array} ctx - Context string used during signing (required, max 255 bytes).
  * @returns {Uint8Array|undefined} The original message if valid, undefined if verification fails
+ * @throws {TypeError} If ctx is not a Uint8Array
  *
  * @example
  * const message = cryptoSignOpen(signedMsg, pk, ctx);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@theqrl/mldsa87",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "ML-DSA-87 cryptography",
   "keywords": [
     "ml-dsa",