@unknownncat/curve25519-node 2.0.0 → 2.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE +1 -1
  2. package/NOTICE.md +89 -0
  3. package/README.en.md +149 -43
  4. package/README.md +141 -35
  5. package/SECURITY.md +34 -0
  6. package/THIRD_PARTY_NOTICE.md +3 -0
  7. package/THIRD_PARTY_NOTICES.md +5 -0
  8. package/dist/axlsign.d.ts.map +1 -1
  9. package/dist/axlsign.js +50 -7
  10. package/dist/axlsign.js.map +1 -1
  11. package/dist/cjs/axlsign.js +49 -6
  12. package/dist/cjs/axlsign.js.map +1 -1
  13. package/dist/cjs/ed25519.js +46 -10
  14. package/dist/cjs/ed25519.js.map +1 -1
  15. package/dist/cjs/index.js +27 -1
  16. package/dist/cjs/index.js.map +1 -1
  17. package/dist/cjs/internal/assert.js.map +1 -1
  18. package/dist/cjs/internal/axlsign-wasm/LICENSE +1 -1
  19. package/dist/cjs/internal/curve25519-wasm/LICENSE +21 -0
  20. package/dist/cjs/internal/curve25519-wasm/curve25519_wasm.d.ts +12 -0
  21. package/dist/cjs/internal/curve25519-wasm/curve25519_wasm.js +165 -0
  22. package/dist/cjs/internal/curve25519-wasm/curve25519_wasm_bg.wasm +0 -0
  23. package/dist/cjs/internal/curve25519-wasm/curve25519_wasm_bg.wasm.d.ts +13 -0
  24. package/dist/cjs/internal/curve25519-wasm/package.json +17 -0
  25. package/dist/cjs/wasm.js +249 -0
  26. package/dist/cjs/wasm.js.map +1 -0
  27. package/dist/cjs/x25519.js +73 -12
  28. package/dist/cjs/x25519.js.map +1 -1
  29. package/dist/ed25519.d.ts +21 -0
  30. package/dist/ed25519.d.ts.map +1 -1
  31. package/dist/ed25519.js +44 -13
  32. package/dist/ed25519.js.map +1 -1
  33. package/dist/index.d.ts +87 -0
  34. package/dist/index.d.ts.map +1 -1
  35. package/dist/index.js +26 -0
  36. package/dist/index.js.map +1 -1
  37. package/dist/internal/assert.js.map +1 -1
  38. package/dist/internal/axlsign-wasm/LICENSE +1 -1
  39. package/dist/internal/curve25519-wasm/LICENSE +21 -0
  40. package/dist/internal/curve25519-wasm/curve25519_wasm.d.ts +12 -0
  41. package/dist/internal/curve25519-wasm/curve25519_wasm.js +165 -0
  42. package/dist/internal/curve25519-wasm/curve25519_wasm_bg.wasm +0 -0
  43. package/dist/internal/curve25519-wasm/curve25519_wasm_bg.wasm.d.ts +13 -0
  44. package/dist/internal/curve25519-wasm/package.json +17 -0
  45. package/dist/types.d.ts +2 -5
  46. package/dist/types.d.ts.map +1 -1
  47. package/dist/wasm.d.ts +92 -0
  48. package/dist/wasm.d.ts.map +1 -0
  49. package/dist/wasm.js +225 -0
  50. package/dist/wasm.js.map +1 -0
  51. package/dist/x25519.d.ts +29 -0
  52. package/dist/x25519.d.ts.map +1 -1
  53. package/dist/x25519.js +66 -12
  54. package/dist/x25519.js.map +1 -1
  55. package/package.json +30 -4
package/LICENSE CHANGED
@@ -1,6 +1,6 @@
1
1
  MIT License
2
2
 
3
- Copyright (c) 2026 Sem nome bah
3
+ Copyright (c) 2026 unknownncat
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
package/NOTICE.md ADDED
@@ -0,0 +1,89 @@
1
+ # NOTICE
2
+
3
+ This repository is distributed under the MIT license and includes third-party software components.
4
+
5
+ Primary package: `@unknownncat/curve25519-node`
6
+ Repository: <https://github.com/unknownncat/curve25519-node>
7
+
8
+ ## Security and Disclosure
9
+
10
+ - Security policy: [SECURITY.md](./SECURITY.md)
11
+ - Vulnerability reporting should follow the private disclosure flow described in that file.
12
+
13
+ ## Direct ecosystem references
14
+
15
+ - `curve25519-js` — MIT or CC0 (as declared upstream)
16
+ <https://github.com/harveyconnor/curve25519-js>
17
+ - `TweetNaCl.js` — Public Domain (as declared upstream)
18
+ <https://tweetnacl.js.org/>
19
+ - OpenSSL (used through Node.js `node:crypto`) — Apache-2.0
20
+ <https://www.openssl.org/>
21
+
22
+ ## Rust/WASM dependency notices
23
+
24
+ The project contains two Rust/WASM crates:
25
+
26
+ - `wasm/curve25519-wasm`
27
+ - `wasm/axlsign`
28
+
29
+ License inventory was collected with:
30
+
31
+ ```bash
32
+ cargo license -t
33
+ ```
34
+
35
+ ### Crates present in both Rust projects
36
+
37
+ | Crate | License |
38
+ | -------------------------- | ----------------------------------- |
39
+ | block-buffer | Apache-2.0 OR MIT |
40
+ | bumpalo | Apache-2.0 OR MIT |
41
+ | cfg-if | Apache-2.0 OR MIT |
42
+ | cpufeatures | Apache-2.0 OR MIT |
43
+ | crypto-common | Apache-2.0 OR MIT |
44
+ | curve25519-dalek | BSD-3-Clause |
45
+ | curve25519-dalek-derive | Apache-2.0 OR MIT |
46
+ | digest | Apache-2.0 OR MIT |
47
+ | ed25519 | Apache-2.0 OR MIT |
48
+ | ed25519-dalek | BSD-3-Clause |
49
+ | fiat-crypto | Apache-2.0 OR BSD-1-Clause OR MIT |
50
+ | generic-array | MIT |
51
+ | libc | Apache-2.0 OR MIT |
52
+ | once_cell | Apache-2.0 OR MIT |
53
+ | proc-macro2 | Apache-2.0 OR MIT |
54
+ | quote | Apache-2.0 OR MIT |
55
+ | rand_core | Apache-2.0 OR MIT |
56
+ | rustc_version | Apache-2.0 OR MIT |
57
+ | rustversion | Apache-2.0 OR MIT |
58
+ | semver | Apache-2.0 OR MIT |
59
+ | sha2 | Apache-2.0 OR MIT |
60
+ | signature | Apache-2.0 OR MIT |
61
+ | subtle | BSD-3-Clause |
62
+ | syn | Apache-2.0 OR MIT |
63
+ | typenum | Apache-2.0 OR MIT |
64
+ | unicode-ident | (Apache-2.0 OR MIT) AND Unicode-3.0 |
65
+ | version_check | Apache-2.0 OR MIT |
66
+ | wasm-bindgen | Apache-2.0 OR MIT |
67
+ | wasm-bindgen-macro | Apache-2.0 OR MIT |
68
+ | wasm-bindgen-macro-support | Apache-2.0 OR MIT |
69
+ | wasm-bindgen-shared | Apache-2.0 OR MIT |
70
+ | x25519-dalek | BSD-3-Clause |
71
+
72
+ ### Crates present only in `wasm/axlsign`
73
+
74
+ | Crate | License |
75
+ | ------- | ----------------- |
76
+ | zeroize | Apache-2.0 OR MIT |
77
+
78
+ ### Local Rust crates
79
+
80
+ | Crate | License |
81
+ | ----------------------- | ------- |
82
+ | curve25519-node-wasm | MIT |
83
+ | curve25519-node-axlsign | MIT |
84
+
85
+ ## Notes
86
+
87
+ - Upstream licenses remain with their respective authors and projects.
88
+ - This NOTICE summarizes dependencies and does not replace upstream license texts.
89
+ - For full build/runtime details, see `README.md`, `README.en.md`, and `wasm/README.md`.
package/README.en.md CHANGED
@@ -5,6 +5,7 @@
5
5
  Zero-runtime-dependency implementation of:
6
6
 
7
7
  - X25519 + Ed25519 (modern mode via OpenSSL in `node:crypto`)
8
+ - X25519 + Ed25519 (optional modern mode via WASM)
8
9
  - legacy axlsign (optional WASM mode, compatible with `curve25519-js`)
9
10
 
10
11
  [![npm](https://img.shields.io/npm/v/@unknownncat/curve25519-node)](https://www.npmjs.com/package/@unknownncat/curve25519-node)
@@ -66,30 +67,52 @@ import { asBytes32, axlsign } from "@unknownncat/curve25519-node";
66
67
 
67
68
  const seed = asBytes32(new Uint8Array(32));
68
69
  const kp = axlsign.generateKeyPair(seed); // curve25519-js-compatible X25519 keypair
69
- const sig = axlsign.sign(
70
- kp.private,
71
- new TextEncoder().encode("hello"),
72
- new Uint8Array(64),
73
- );
70
+ const sig = axlsign.sign(kp.private, new TextEncoder().encode("hello"), new Uint8Array(64));
74
71
  const ok = axlsign.verify(kp.public, new TextEncoder().encode("hello"), sig);
75
72
  ```
76
73
 
74
+ Modern WASM mode (`wasm`):
75
+
76
+ ```ts
77
+ import { asBytes32, wasm } from "@unknownncat/curve25519-node";
78
+
79
+ const seed = asBytes32(new Uint8Array(32));
80
+ const kp = wasm.x25519.generateKeyPair(seed);
81
+ const shared = wasm.x25519.sharedKey(kp.private, kp.public);
82
+
83
+ const msg = new TextEncoder().encode("hello");
84
+ const sig = wasm.ed25519.sign(seed, msg);
85
+ const ok = wasm.ed25519.verify(wasm.ed25519.publicKey(seed), msg, sig);
86
+ ```
87
+
77
88
  ---
78
89
 
79
90
  ## API
80
91
 
81
92
  ### `x25519`
82
93
 
94
+ - `createPrivateKeyObject(secretKey32: Bytes32): KeyObject`
95
+ - `createPublicKeyObject(publicKey32: Bytes32): KeyObject`
96
+ - `publicKeyFromPrivateKeyObject(privateKey: KeyObject): Bytes32`
83
97
  - `publicKey(secretKey32: Bytes32): Bytes32`
98
+ - `sharedKeyFromKeyObjects(privateKey: KeyObject, publicKey: KeyObject): Bytes32`
84
99
  - `sharedKey(secretKey32: Bytes32, publicKey32: Bytes32): Bytes32`
100
+ - `sharedKeyStrict(secretKey32: Bytes32, publicKey32: Bytes32): Bytes32` (rejects all-zero shared secret)
101
+ - `sharedKeyStrictFromKeyObjects(privateKey: KeyObject, publicKey: KeyObject): Bytes32` (rejects all-zero shared secret)
102
+ - `isAllZero32(bytes32: Bytes32): boolean`
85
103
  - `generateKeyPair(seed32: Bytes32): { public: Bytes32; private: Bytes32 }`
86
104
 
87
105
  ### `ed25519`
88
106
 
107
+ - `createPrivateKeyObject(secretSeed32: Bytes32): KeyObject`
108
+ - `createPublicKeyObject(publicKey32: Bytes32): KeyObject`
109
+ - `publicKeyFromPrivateKeyObject(privateKey: KeyObject): Bytes32`
89
110
  - `publicKey(secretSeed32: Bytes32): Bytes32`
90
111
  - `generateKeyPair(seed32: Bytes32): { public: Bytes32; private: Bytes32 }`
91
112
  - `sign(secretSeed32: Bytes32, msg: Uint8Array): Bytes64`
113
+ - `signWithPrivateKey(privateKey: KeyObject, msg: Uint8Array): Bytes64`
92
114
  - `verify(publicKey32: Bytes32, msg: Uint8Array, signature64: Bytes64): boolean`
115
+ - `verifyWithPublicKey(publicKey: KeyObject, msg: Uint8Array, signature64: Bytes64): boolean`
93
116
  - `signMessage(secretSeed32: Bytes32, msg: Uint8Array): Uint8Array` (`signature || message`)
94
117
  - `openMessage(publicKey32: Bytes32, signedMsg: Uint8Array): Uint8Array | null`
95
118
 
@@ -103,9 +126,39 @@ const ok = axlsign.verify(kp.public, new TextEncoder().encode("hello"), sig);
103
126
  - `signMessage(secretKey32: Bytes32, msg: Uint8Array, opt_random?: Bytes64): Uint8Array`
104
127
  - `openMessage(publicKey32: Bytes32, signedMsg: Uint8Array): Uint8Array | null`
105
128
 
129
+ ### `wasm` (optional modern mode via WASM)
130
+
131
+ `wasm.x25519`:
132
+
133
+ - `createPrivateKeyObject(secretKey32: Bytes32): WasmX25519PrivateKeyObject`
134
+ - `createPublicKeyObject(publicKey32: Bytes32): WasmX25519PublicKeyObject`
135
+ - `publicKeyFromPrivateKeyObject(privateKey: WasmX25519PrivateKeyObject): Bytes32`
136
+ - `publicKey(secretKey32: Bytes32): Bytes32`
137
+ - `sharedKeyFromKeyObjects(privateKey: WasmX25519PrivateKeyObject, publicKey: WasmX25519PublicKeyObject): Bytes32`
138
+ - `sharedKey(secretKey32: Bytes32, publicKey32: Bytes32): Bytes32`
139
+ - `sharedKeyStrict(secretKey32: Bytes32, publicKey32: Bytes32): Bytes32`
140
+ - `sharedKeyStrictFromKeyObjects(privateKey: WasmX25519PrivateKeyObject, publicKey: WasmX25519PublicKeyObject): Bytes32`
141
+ - `isAllZero32(bytes32: Bytes32): boolean`
142
+ - `generateKeyPair(seed32: Bytes32): { public: Bytes32; private: Bytes32 }`
143
+
144
+ `wasm.ed25519`:
145
+
146
+ - `createPrivateKeyObject(secretSeed32: Bytes32): WasmEd25519PrivateKeyObject`
147
+ - `createPublicKeyObject(publicKey32: Bytes32): WasmEd25519PublicKeyObject`
148
+ - `publicKeyFromPrivateKeyObject(privateKey: WasmEd25519PrivateKeyObject): Bytes32`
149
+ - `publicKey(secretSeed32: Bytes32): Bytes32`
150
+ - `generateKeyPair(seed32: Bytes32): { public: Bytes32; private: Bytes32 }`
151
+ - `sign(secretSeed32: Bytes32, msg: Uint8Array): Bytes64`
152
+ - `signWithPrivateKey(privateKey: WasmEd25519PrivateKeyObject, msg: Uint8Array): Bytes64`
153
+ - `verify(publicKey32: Bytes32, msg: Uint8Array, signature64: Bytes64): boolean`
154
+ - `verifyWithPublicKey(publicKey: WasmEd25519PublicKeyObject, msg: Uint8Array, signature64: Bytes64): boolean`
155
+ - `signMessage(secretSeed32: Bytes32, msg: Uint8Array): Uint8Array`
156
+ - `openMessage(publicKey32: Bytes32, signedMsg: Uint8Array): Uint8Array | null`
157
+
106
158
  ### Top-level compatibility aliases
107
159
 
108
160
  - `sharedKey = x25519.sharedKey`
161
+ - `sharedKeyStrict = x25519.sharedKeyStrict`
109
162
  - `generateKeyPair = x25519.generateKeyPair`
110
163
  - `sign`, `verify`, `signMessage`, `openMessage` (Ed25519 semantics)
111
164
  - `generateKeyPairX25519`, `generateKeyPairEd25519`
@@ -114,27 +167,32 @@ const ok = axlsign.verify(kp.public, new TextEncoder().encode("hello"), sig);
114
167
 
115
168
  ## Compatibility Notes
116
169
 
117
- This package provides two modes:
170
+ This package provides three modes:
118
171
 
119
- - **modern (recommended):** `x25519` + `ed25519` via `node:crypto`
172
+ - **modern native (recommended):** `x25519` + `ed25519` via `node:crypto`
173
+ - **modern WASM (optional):** `wasm` namespace (`wasm.x25519` + `wasm.ed25519`)
120
174
  - **legacy:** `axlsign` via WASM for `curve25519-js` compatibility
121
175
 
122
- | Feature | `curve25519-js` | `curve25519-node` |
123
- | ---------------------------- | --------------- | ------------------------------------------- |
124
- | Signature scheme (modern) | axlsign | Ed25519 (standard) |
125
- | Signature scheme (legacy) | axlsign | axlsign (namespace `axlsign`) |
126
- | Key agreement | X25519 | X25519 |
127
- | Same key for signing + ECDH | yes | only in `axlsign` namespace |
128
- | `opt_random` in signing APIs | yes | yes in `axlsign`, no in top-level/`ed25519` |
129
- | OpenSSL backend | no | yes |
176
+ | Feature | `curve25519-js` | `curve25519-node` |
177
+ | -------------------------------- | --------------- | ------------------------------------------- |
178
+ | Signature scheme (modern) | axlsign | Ed25519 (standard) |
179
+ | Alternative modern scheme | no | Ed25519 via WASM (`wasm.ed25519`) |
180
+ | Signature scheme (legacy) | axlsign | axlsign (namespace `axlsign`) |
181
+ | Key agreement | X25519 | X25519 |
182
+ | Alternative modern key agreement | no | X25519 via WASM (`wasm.x25519`) |
183
+ | Same key for signing + ECDH | yes | only in `axlsign` namespace |
184
+ | `opt_random` in signing APIs | yes | yes in `axlsign`, no in top-level/`ed25519` |
185
+ | OpenSSL backend | no | yes |
130
186
 
131
187
  Important:
132
188
 
133
189
  - X25519 public keys and Ed25519 public keys are different.
190
+ - For stricter protocol flows (Signal-like), prefer `sharedKeyStrict` to reject all-zero shared secrets.
134
191
  - `node:crypto` does not expose an API to convert X25519 public keys to/from Ed25519 public keys.
135
192
  - Top-level `sign`/`signMessage` and `ed25519` keep Ed25519 semantics and reject `opt_random`.
136
193
  - For `curve25519-js` compatibility (including `opt_random`), use namespace `axlsign`.
137
194
  - Ed25519 signatures here are deterministic (OpenSSL default behavior).
195
+ - WASM modules (`axlsign` and `wasm`) are lazy-loaded on first call (importing only `x25519`/`ed25519` does not initialize WASM).
138
196
 
139
197
  ---
140
198
 
@@ -149,7 +207,10 @@ This package targets modern Node using OpenSSL primitives:
149
207
  - smaller, explicit API surface
150
208
  - strong typing with zero runtime dependencies
151
209
 
152
- In addition, the WASM `axlsign` namespace enables progressive migration of legacy code without reintroducing manual curve arithmetic in JavaScript.
210
+ In addition:
211
+
212
+ - WASM `axlsign` enables progressive migration of legacy code.
213
+ - WASM `wasm` provides a modern backend option without relying on `node:crypto` in the crypto execution path.
153
214
 
154
215
  ---
155
216
 
@@ -214,7 +275,7 @@ Implementation notes:
214
275
 
215
276
  - Avoids unnecessary byte copies in critical paths.
216
277
  - `signMessage` builds `signature || message` with a single preallocated `Uint8Array`.
217
- - For high-throughput loops, caching `KeyObject` at application level reduces ASN.1 parse overhead.
278
+ - For high-throughput loops, use `KeyObject` helpers (`create*KeyObject`, `*FromKeyObjects`) to reduce ASN.1 parse overhead.
218
279
 
219
280
  ---
220
281
 
@@ -253,20 +314,28 @@ Environment:
253
314
  - Logical cores: `4`
254
315
  - Vectors: `64`
255
316
 
256
- ### Table 1 - Modern API (`x25519` + `ed25519`)
317
+ ### Table 1 - Modern API (native + WASM)
257
318
 
258
319
  `sign`/`verify` rows below compare API throughput, not cryptographic equivalence (Ed25519 vs legacy axlsign).
259
320
 
260
- | Operation | Modern raw | Legacy raw (`curve25519-js`) | Raw speedup | Modern cached | Legacy cached (`curve25519-js`) | Cached speedup |
261
- | ------------------------------ | ---------: | ---------------------------: | ----------: | ------------: | ------------------------------: | -------------: |
262
- | `x25519.generateKeyPair` | 14,378 | 1,591 | 9.04x | 41,120 | 1,478 | 27.83x |
263
- | `x25519.sharedKey` | 9,970 | 1,591 | 6.27x | 23,995 | 1,554 | 15.44x |
264
- | `ed25519.sign (msg32)` | 11,273 | 143 | 78.95x | 23,696 | 133 | 178.10x |
265
- | `ed25519.sign (msg1024)` | 10,800 | 138 | 78.07x | 22,502 | 147 | 152.92x |
266
- | `ed25519.verify (msg32)` | 7,280 | 136 | 53.36x | 8,271 | 155 | 53.37x |
267
- | `ed25519.verify (msg1024)` | 7,160 | 132 | 54.33x | 8,159 | 154 | 52.90x |
268
- | `ed25519.signMessage (msg256)` | 10,624 | 131 | 81.09x | 23,304 | 148 | 156.97x |
269
- | `ed25519.openMessage (msg256)` | 6,574 | 124 | 52.93x | 8,129 | 154 | 52.64x |
321
+ | Operation | Modern raw | Legacy raw (`curve25519-js`) | Raw speedup | Modern cached | Legacy cached (`curve25519-js`) | Cached speedup |
322
+ | ----------------------------------- | ---------: | ---------------------------: | ----------: | ------------: | ------------------------------: | -------------: |
323
+ | `x25519.generateKeyPair` | 14,082 | 1,579 | 8.92x | 49,035 | 1,576 | 31.12x |
324
+ | `x25519.sharedKey` | 10,134 | 1,568 | 6.46x | 25,423 | 1,578 | 16.11x |
325
+ | `wasm.x25519.generateKeyPair` | 8,415 | 1,571 | 5.36x | 8,385 | 1,574 | 5.33x |
326
+ | `wasm.x25519.sharedKey` | 8,333 | 1,577 | 5.28x | 8,350 | 1,583 | 5.28x |
327
+ | `ed25519.sign (msg32)` | 11,273 | 142 | 79.56x | 23,886 | 137 | 174.75x |
328
+ | `wasm.ed25519.sign (msg32)` | 3,945 | 142 | 27.80x | 3,956 | 140 | 28.27x |
329
+ | `ed25519.sign (msg1024)` | 10,759 | 136 | 79.31x | 22,335 | 138 | 162.38x |
330
+ | `wasm.ed25519.sign (msg1024)` | 3,872 | 137 | 28.27x | 3,873 | 137 | 28.37x |
331
+ | `ed25519.verify (msg32)` | 7,333 | 142 | 51.65x | 8,186 | 141 | 58.01x |
332
+ | `wasm.ed25519.verify (msg32)` | 7,747 | 141 | 54.84x | 7,629 | 143 | 53.26x |
333
+ | `ed25519.verify (msg1024)` | 7,241 | 134 | 54.20x | 8,081 | 136 | 59.35x |
334
+ | `wasm.ed25519.verify (msg1024)` | 7,505 | 135 | 55.76x | 7,480 | 134 | 55.66x |
335
+ | `ed25519.signMessage (msg256)` | 10,859 | 140 | 77.67x | 23,607 | 132 | 178.57x |
336
+ | `wasm.ed25519.signMessage (msg256)` | 3,888 | 139 | 27.99x | 3,867 | 137 | 28.23x |
337
+ | `ed25519.openMessage (msg256)` | 7,113 | 145 | 49.03x | 8,012 | 141 | 56.96x |
338
+ | `wasm.ed25519.openMessage (msg256)` | 7,428 | 137 | 54.26x | 7,476 | 137 | 54.74x |
270
339
 
271
340
  ### Table 2 - `axlsign` compatibility mode (equivalent to `curve25519-js`)
272
341
 
@@ -274,18 +343,18 @@ This table compares the same cryptographic scheme (equivalence + throughput).
274
343
 
275
344
  | Operation | Modern raw | Legacy raw (`curve25519-js`) | Raw speedup | Modern cached | Legacy cached (`curve25519-js`) | Cached speedup |
276
345
  | ----------------------------------------- | ---------: | ---------------------------: | ----------: | ------------: | ------------------------------: | -------------: |
277
- | `axlsign.generateKeyPair` | 8,429 | 1,583 | 5.33x | 8,384 | 1,585 | 5.29x |
278
- | `axlsign.sharedKey` | 8,452 | 1,583 | 5.34x | 8,396 | 1,570 | 5.35x |
279
- | `axlsign.sign (msg32)` | 3,973 | 144 | 27.61x | 3,952 | 140 | 28.28x |
280
- | `axlsign.sign (msg32,opt_random)` | 3,969 | 147 | 27.03x | 3,984 | 139 | 28.58x |
281
- | `axlsign.sign (msg1024)` | 3,881 | 143 | 27.16x | 3,864 | 139 | 27.72x |
282
- | `axlsign.verify (msg32)` | 6,527 | 146 | 44.70x | 6,534 | 143 | 45.72x |
283
- | `axlsign.verify (msg32,opt_random)` | 6,506 | 144 | 45.07x | 6,469 | 141 | 45.80x |
284
- | `axlsign.verify (msg1024)` | 6,361 | 141 | 45.03x | 6,337 | 135 | 46.92x |
285
- | `axlsign.signMessage (msg256)` | 3,902 | 140 | 27.79x | 3,935 | 141 | 27.98x |
286
- | `axlsign.signMessage (msg256,opt_random)` | 3,885 | 142 | 27.40x | 3,864 | 145 | 26.60x |
287
- | `axlsign.openMessage (msg256)` | 6,441 | 138 | 46.57x | 6,300 | 131 | 47.93x |
288
- | `axlsign.openMessage (msg256,opt_random)` | 6,362 | 141 | 45.24x | 6,285 | 130 | 48.22x |
346
+ | `axlsign.generateKeyPair` | 8,382 | 1,571 | 5.34x | 8,357 | 1,579 | 5.29x |
347
+ | `axlsign.sharedKey` | 8,361 | 1,583 | 5.28x | 8,422 | 1,564 | 5.39x |
348
+ | `axlsign.sign (msg32)` | 4,010 | 140 | 28.59x | 3,970 | 141 | 28.10x |
349
+ | `axlsign.sign (msg32,opt_random)` | 4,000 | 142 | 28.07x | 3,965 | 136 | 29.08x |
350
+ | `axlsign.sign (msg1024)` | 3,883 | 138 | 28.17x | 3,878 | 138 | 28.03x |
351
+ | `axlsign.verify (msg32)` | 6,604 | 144 | 45.83x | 6,585 | 143 | 46.17x |
352
+ | `axlsign.verify (msg32,opt_random)` | 6,531 | 143 | 45.69x | 6,527 | 142 | 46.08x |
353
+ | `axlsign.verify (msg1024)` | 6,428 | 138 | 46.47x | 6,377 | 136 | 46.82x |
354
+ | `axlsign.signMessage (msg256)` | 3,913 | 140 | 27.85x | 3,935 | 136 | 28.92x |
355
+ | `axlsign.signMessage (msg256,opt_random)` | 3,941 | 139 | 28.39x | 3,878 | 139 | 27.93x |
356
+ | `axlsign.openMessage (msg256)` | 6,440 | 138 | 46.78x | 6,407 | 136 | 47.18x |
357
+ | `axlsign.openMessage (msg256,opt_random)` | 6,513 | 134 | 48.53x | 6,431 | 133 | 48.19x |
289
358
 
290
359
  Notes:
291
360
 
@@ -295,7 +364,7 @@ Notes:
295
364
 
296
365
  ---
297
366
 
298
- ## Building `axlsign`
367
+ ## Building WASM namespaces (`axlsign` and `wasm`)
299
368
 
300
369
  In the npm package, WASM artifacts are already prebuilt under `dist/`.
301
370
 
@@ -307,8 +376,33 @@ To build from source, you need:
307
376
  Then `npm run build` runs:
308
377
 
309
378
  1. `wasm-pack build` (`wasm/axlsign`)
310
- 2. TypeScript ESM + CJS build
311
- 3. copy of WASM artifacts to `dist/internal/axlsign-wasm`
379
+ 2. `wasm-pack build` (`wasm/curve25519-wasm`)
380
+ 3. TypeScript ESM + CJS build
381
+ 4. copy of WASM artifacts to `dist/internal/axlsign-wasm` and `dist/internal/curve25519-wasm`
382
+
383
+ Rust crates reference: [wasm/README.md](./wasm/README.md)
384
+
385
+ ---
386
+
387
+ ## Contributing
388
+
389
+ - Guide: [CONTRIBUTING.md](./CONTRIBUTING.md)
390
+ - Code of conduct: [CODE_OF_CONDUCT.md](./CODE_OF_CONDUCT.md)
391
+ - Security: [SECURITY.md](./SECURITY.md)
392
+
393
+ Full local validation:
394
+
395
+ ```bash
396
+ npm run ci
397
+ ```
398
+
399
+ Extra robustness/supply-chain checks:
400
+
401
+ ```bash
402
+ npm run audit
403
+ npm run audit:prod
404
+ npm run release:check
405
+ ```
312
406
 
313
407
  ---
314
408
 
@@ -316,6 +410,12 @@ Then `npm run build` runs:
316
410
 
317
411
  MIT
318
412
 
413
+ Additional compliance/security documents:
414
+
415
+ - [NOTICE.md](./NOTICE.md) (canonical third-party notice)
416
+ - [THIRD_PARTY_NOTICE.md](./THIRD_PARTY_NOTICE.md) and [THIRD_PARTY_NOTICES.md](./THIRD_PARTY_NOTICES.md) (compatibility aliases)
417
+ - [SECURITY.md](./SECURITY.md) (security policy and vulnerability reporting)
418
+
319
419
  ---
320
420
 
321
421
  ## Credits
@@ -325,6 +425,12 @@ MIT
325
425
  - Trevor Perrin, Curve25519 signatures idea: <https://moderncrypto.org/mail-archive/curves/2014/000205.html>
326
426
  - [Node.js `crypto` docs](https://nodejs.org/api/crypto.html)
327
427
  - [OpenSSL](https://www.openssl.org/)
428
+ - [RustCrypto](https://github.com/RustCrypto)
429
+ - [wasm-bindgen](https://github.com/wasm-bindgen/wasm-bindgen)
430
+ - [curve25519-dalek](https://github.com/dalek-cryptography/curve25519-dalek)
431
+ - [ed25519-dalek](https://github.com/dalek-cryptography/ed25519-dalek)
432
+ - [x25519-dalek](https://github.com/dalek-cryptography/x25519-dalek)
433
+ - [zeroize](https://github.com/RustCrypto/utils/tree/master/zeroize)
328
434
  - [RFC 7748](https://www.rfc-editor.org/rfc/rfc7748)
329
435
  - [RFC 8032](https://www.rfc-editor.org/rfc/rfc8032)
330
436
  - [RFC 8410](https://www.rfc-editor.org/rfc/rfc8410)