UNPKG

@skairipaapps/liboqs-node

Version:

Node.js bindings for liboqs.

github.com/skairipa-apps/liboqs-node

skairipa-apps/liboqs-node

402 lines (291 loc) 11.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
# @skairipaapps/liboqs-node [![npm version](https://badge.fury.io/js/%40skairipaapps%2Fliboqs-node.svg)](https://badge.fury.io/js/%40skairipaapps%2Fliboqs-node) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) Node.js bindings for [liboqs](https://github.com/open-quantum-safe/liboqs) (Open Quantum Safe), providing post-quantum cryptographic algorithms through [liboqs-cpp](https://github.com/open-quantum-safe/liboqs-cpp). ## ⚠️ Security Warning **IMPORTANT: The cryptographic algorithms provided by this library are experimental and should not be used in production environments.** These post-quantum algorithms are still under development and standardization. Use only for research, testing, and development purposes. If you must use this in a production-like environment, ensure that sensitive data is protected by additional layers of established cryptographic algorithms. ## Features - 🔐 **Key Encapsulation Mechanisms (KEMs)**: ML-KEM (Kyber), FrodoKEM, Classic McEliece, BIKE, HQC, and more - ✍️ **Digital Signatures**: ML-DSA (Dilithium), Falcon, SPHINCS+, MAYO, CROSS, and more - 🎲 **Secure Random Number Generation**: Cryptographically secure random bytes with multiple algorithms - 🔧 **Cross-platform**: Support for Linux (x86_64, ARM, ARM64), macOS, and Windows - 📘 **TypeScript Support**: Comprehensive type definitions with detailed documentation - 🚀 **High Performance**: Native C++ implementation with Node.js bindings ## Installation ```bash npm install @skairipaapps/liboqs-node ``` ### System Requirements - **Node.js**: >=12.11.0 - **Operating Systems**: Linux (x86_64, ARM, ARM64), macOS, Windows - **Dependencies**: - CMake >=3.5 - C++ compiler with C++11 support - OpenSSL >=1.1.1 (optional, for enhanced performance) ### Pre-built Binaries Pre-built binaries are available for: - Linux x86_64 - Linux ARM/ARM64 (with cross-compilation support) - macOS x86_64/ARM64 - Windows x86_64 If no pre-built binary is available for your platform, the package will automatically compile from source. ### ARM/Cross-compilation Support For ARM architectures, the package automatically detects cross-compilation and sets appropriate flags: ```bash # For ARM builds, set the architecture flag export OQS_PERMIT_UNSUPPORTED_ARCHITECTURE=ON npm install @skairipaapps/liboqs-node ``` ## Quick Start ### Key Encapsulation (Post-Quantum Key Exchange) ```javascript const { KeyEncapsulation, KEMs } = require('@skairipaapps/liboqs-node'); // List available algorithms console.log('Available KEMs:', KEMs.getEnabledAlgorithms()); // Create Alice and Bob const alice = new KeyEncapsulation('ML-KEM-768'); const bob = new KeyEncapsulation('ML-KEM-768'); // Alice generates her key pair const alicePublicKey = alice.generateKeypair(); // Bob generates his key pair bob.generateKeypair(); // Bob encapsulates a secret using Alice's public key const { ciphertext, sharedSecret: bobSecret } = bob.encapsulateSecret(alicePublicKey); // Alice decapsulates the secret const aliceSecret = alice.decapsulateSecret(ciphertext); // Both parties now have the same shared secret console.log('Shared secrets match:', aliceSecret.equals(bobSecret)); ``` ### Digital Signatures ```javascript const { Signature, Sigs } = require('@skairipaapps/liboqs-node'); // List available algorithms console.log('Available Signatures:', Sigs.getEnabledAlgorithms()); // Create signer const signer = new Signature('ML-DSA-65'); const publicKey = signer.generateKeypair(); // Sign a message const message = Buffer.from('Hello, post-quantum world!', 'utf8'); const signature = signer.sign(message); // Verify signature const verifier = new Signature('ML-DSA-65'); const isValid = verifier.verify(message, signature, publicKey); console.log('Signature valid:', isValid); ``` ### Secure Random Number Generation ```javascript const { Random } = require('@skairipaapps/liboqs-node'); // Generate random bytes const randomBytes = Random.randomBytes(32); console.log('Random bytes:', randomBytes.toString('hex')); // Switch random algorithm (for testing) Random.switchAlgorithm('system'); // Initialize NIST KAT mode (for testing) const entropy = Buffer.alloc(48, 'test-entropy'); Random.initNistKat(entropy); ``` ## API Reference ### Key Encapsulation Mechanisms (KEMs) #### Supported Algorithms | Algorithm | Security Level | Public Key | Secret Key | Ciphertext | Shared Secret | |-----------|----------------|------------|------------|------------|---------------| | ML-KEM-512 | 1 | 800 bytes | 1632 bytes | 768 bytes | 32 bytes | | ML-KEM-768 | 3 | 1184 bytes | 2400 bytes | 1088 bytes | 32 bytes | | ML-KEM-1024 | 5 | 1568 bytes | 3168 bytes | 1568 bytes | 32 bytes | | FrodoKEM-640-SHAKE | 1 | 9616 bytes | 19888 bytes | 9720 bytes | 16 bytes | | FrodoKEM-976-SHAKE | 3 | 15632 bytes | 31296 bytes | 15744 bytes | 24 bytes | | FrodoKEM-1344-SHAKE | 5 | 21520 bytes | 43088 bytes | 21632 bytes | 32 bytes | #### KEMs Namespace ```javascript const { KEMs } = require('@skairipaapps/liboqs-node'); // Get all enabled algorithms const algorithms = KEMs.getEnabledAlgorithms(); // Check if specific algorithm is enabled const isEnabled = KEMs.isAlgorithmEnabled('ML-KEM-768'); ``` #### KeyEncapsulation Class ```javascript const kem = new KeyEncapsulation(algorithmName, optionalSecretKey); // Generate key pair const publicKey = kem.generateKeypair(); // Get algorithm details const details = kem.getDetails(); console.log(details); // { // name: 'ML-KEM-768', // version: '1.0', // claimedNistLevel: 3, // isINDCCA: true, // publicKeyLength: 1184, // secretKeyLength: 2400, // ciphertextLength: 1088, // sharedSecretLength: 32 // } // Export secret key const secretKey = kem.exportSecretKey(); // Encapsulate secret const { ciphertext, sharedSecret } = kem.encapsulateSecret(publicKey); // Decapsulate secret const recoveredSecret = kem.decapsulateSecret(ciphertext); ``` ### Digital Signatures #### Supported Algorithms | Algorithm | Security Level | Public Key | Secret Key | Max Signature | |-----------|----------------|------------|------------|---------------| | ML-DSA-44 | 2 | 1312 bytes | 2560 bytes | 2420 bytes | | ML-DSA-65 | 3 | 1952 bytes | 4032 bytes | 3309 bytes | | ML-DSA-87 | 5 | 2592 bytes | 4896 bytes | 4627 bytes | | Falcon-512 | 1 | 897 bytes | 1281 bytes | 690 bytes | | Falcon-1024 | 5 | 1793 bytes | 2305 bytes | 1330 bytes | | SPHINCS+-SHAKE-128s | 1 | 32 bytes | 64 bytes | 7856 bytes | #### Sigs Namespace ```javascript const { Sigs } = require('@skairipaapps/liboqs-node'); // Get all enabled algorithms const algorithms = Sigs.getEnabledAlgorithms(); // Check if specific algorithm is enabled const isEnabled = Sigs.isAlgorithmEnabled('ML-DSA-65'); ``` #### Signature Class ```javascript const sig = new Signature(algorithmName, optionalSecretKey); // Generate key pair const publicKey = sig.generateKeypair(); // Get algorithm details const details = sig.getDetails(); console.log(details); // { // name: 'ML-DSA-65', // version: '1.0', // claimedNistLevel: 3, // isEUFCMA: true, // publicKeyLength: 1952, // secretKeyLength: 4032, // maxSignatureLength: 3309 // } // Export secret key const secretKey = sig.exportSecretKey(); // Sign message const message = Buffer.from('Important message'); const signature = sig.sign(message); // Verify signature const isValid = sig.verify(message, signature, publicKey); ``` ### Random Number Generation ```javascript const { Random } = require('@skairipaapps/liboqs-node'); // Generate secure random bytes const randomData = Random.randomBytes(32); // Switch random algorithm Random.switchAlgorithm('system'); // or 'OpenSSL' // Initialize NIST KAT mode (for testing) const entropy = Buffer.alloc(48, 'test-entropy'); const personalization = Buffer.alloc(48, 'test-personalization'); Random.initNistKat(entropy, personalization); ``` ## TypeScript Support This package includes comprehensive TypeScript definitions: ```typescript import { KeyEncapsulation, Signature, KEMs, Sigs, Random, KEMDetails, SignatureDetails, EncapsulationResult } from '@skairipaapps/liboqs-node'; // TypeScript will provide full intellisense and type checking const kem: KeyEncapsulation = new KeyEncapsulation('ML-KEM-768'); const details: KEMDetails = kem.getDetails(); const result: EncapsulationResult = kem.encapsulateSecret(publicKey); ``` ## Error Handling All methods throw descriptive errors for invalid inputs: ```javascript try { const kem = new KeyEncapsulation('INVALID-ALGORITHM'); } catch (error) { console.error('Algorithm not supported:', error.message); } try { const randomBytes = Random.randomBytes(-1); } catch (error) { console.error('Invalid length:', error.message); } try { const kem = new KeyEncapsulation('ML-KEM-768'); // This will throw because no keypair was generated const secret = kem.decapsulateSecret(Buffer.alloc(1088)); } catch (error) { console.error('No secret key available:', error.message); } ``` ## Performance Considerations - **Key Generation**: Most expensive operation, especially for algorithms like Classic McEliece - **Encapsulation/Decapsulation**: Generally fast, varies by algorithm - **Signing/Verification**: SPHINCS+ signatures are large but fast to verify; Falcon is compact but slower - **Memory Usage**: Some algorithms (like FrodoKEM) have large key sizes ### Benchmarking ```javascript const { KeyEncapsulation } = require('@skairipaapps/liboqs-node'); function benchmark(algorithm) { console.time(`${algorithm} keygen`); const kem = new KeyEncapsulation(algorithm); const publicKey = kem.generateKeypair(); console.timeEnd(`${algorithm} keygen`); console.time(`${algorithm} encapsulation`); const { ciphertext, sharedSecret } = kem.encapsulateSecret(publicKey); console.timeEnd(`${algorithm} encapsulation`); console.time(`${algorithm} decapsulation`); const recovered = kem.decapsulateSecret(ciphertext); console.timeEnd(`${algorithm} decapsulation`); } benchmark('ML-KEM-768'); benchmark('FrodoKEM-976-SHAKE'); ``` ## Testing ```bash # Run all tests npm test # Run specific test suite npm test test/KeyEncapsulation.test.js # Build umentation npm run s:build ``` ## Contributing We welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details. ### Development Setup 1. Clone the repository: ```bash git clone https://github.com/skairipa-apps/liboqs-node.git cd liboqs-node ``` 2. Install dependencies: ```bash npm install ``` 3. Build the native module: ```bash npm run build ``` 4. Run tests: ```bash npm test ``` ## License MIT License - see [LICENSE](LICENSE) file for details. ## Support - **Issues**: [GitHub Issues](https://github.com/skairipa-apps/liboqs-node/issues) - **Discussions**: [GitHub Discussions](https://github.com/skairipa-apps/liboqs-node/discussions) - **Documentation**: [API Documentation](https://liboqs.js.skairipaapps.com) ## Acknowledgments - [Open Quantum Safe](https://openquantumsafe.org/) project for the liboqs library - [liboqs-cpp](https://github.com/open-quantum-safe/liboqs-cpp) for C++ bindings - Original [liboqs-node](https://github.com/TapuCosmo/liboqs-node) by TapuCosmo ## Security For security issues, please email security@skairipaapps.com instead of using the public issue tracker. --- **Remember**: This library implements experimental post-quantum cryptographic algorithms. Use responsibly and only for research, development, and testing purposes.