@gjsify/crypto 0.1.0

package/README.md

@@ -0,0 +1,27 @@
+# @gjsify/crypto
+
+GJS partial implementation of the Node.js `crypto` module using GLib.Checksum and GLib.Hmac. Supports Hash, Hmac, randomBytes, and UUID.
+
+Part of the [gjsify](https://github.com/gjsify/gjsify) project — Node.js and Web APIs for GJS (GNOME JavaScript).
+
+## Installation
+
+```bash
+npm install @gjsify/crypto
+# or
+yarn add @gjsify/crypto
+```
+
+## Usage
+
+```typescript
+import { createHash, randomBytes, randomUUID } from '@gjsify/crypto';
+
+const hash = createHash('sha256').update('hello').digest('hex');
+const bytes = randomBytes(16);
+const uuid = randomUUID();
+```
+
+## License
+
+MIT

package/lib/esm/asn1.js

@@ -0,0 +1,504 @@
+import { Buffer } from "node:buffer";
+function pemToDer(pem) {
+  const lines = pem.trim().split(/\r?\n/);
+  const headerIdx = lines.findIndex((l) => l.startsWith("-----BEGIN "));
+  if (headerIdx === -1) {
+    throw new Error("Invalid PEM: no BEGIN line found");
+  }
+  const headerLine = lines[headerIdx];
+  const headerMatch = headerLine.match(/^-----BEGIN (.+)-----$/);
+  if (!headerMatch) {
+    throw new Error("Invalid PEM header format");
+  }
+  const type = headerMatch[1];
+  const footerIdx = lines.findIndex((l, i) => i > headerIdx && l.startsWith("-----END "));
+  if (footerIdx === -1) {
+    throw new Error("Invalid PEM: no END line found");
+  }
+  const base64Body = lines.slice(headerIdx + 1, footerIdx).join("");
+  const der = Buffer.from(base64Body, "base64");
+  return { type, der: new Uint8Array(der.buffer, der.byteOffset, der.byteLength) };
+}
+const ASN1_INTEGER = 2;
+const ASN1_BIT_STRING = 3;
+const ASN1_OCTET_STRING = 4;
+const ASN1_NULL = 5;
+const ASN1_OID = 6;
+const ASN1_SEQUENCE = 48;
+function parseTlv(buf, offset) {
+  if (offset >= buf.length) {
+    throw new Error("ASN.1 parse error: unexpected end of data");
+  }
+  const tag = buf[offset++];
+  let length;
+  const firstLenByte = buf[offset++];
+  if (firstLenByte < 128) {
+    length = firstLenByte;
+  } else {
+    const numLenBytes = firstLenByte & 127;
+    if (numLenBytes === 0) {
+      throw new Error("ASN.1 parse error: indefinite length not supported");
+    }
+    length = 0;
+    for (let i = 0; i < numLenBytes; i++) {
+      length = length << 8 | buf[offset++];
+    }
+  }
+  const data = buf.slice(offset, offset + length);
+  const next = offset + length;
+  const result = { tag, data };
+  if (tag === ASN1_SEQUENCE) {
+    result.children = parseSequenceChildren(data);
+  }
+  return { value: result, next };
+}
+function parseSequenceChildren(data) {
+  const children = [];
+  let pos = 0;
+  while (pos < data.length) {
+    const { value, next } = parseTlv(data, pos);
+    children.push(value);
+    pos = next;
+  }
+  return children;
+}
+function parseDer(buf) {
+  const { value } = parseTlv(buf, 0);
+  return value;
+}
+function integerToBigInt(data) {
+  let start = 0;
+  while (start < data.length - 1 && data[start] === 0) {
+    start++;
+  }
+  let result = 0n;
+  for (let i = start; i < data.length; i++) {
+    result = result << 8n | BigInt(data[i]);
+  }
+  return result;
+}
+const RSA_OID = new Uint8Array([42, 134, 72, 134, 247, 13, 1, 1, 1]);
+function oidsEqual(a, b) {
+  if (a.length !== b.length) return false;
+  for (let i = 0; i < a.length; i++) {
+    if (a[i] !== b[i]) return false;
+  }
+  return true;
+}
+function parseRsaPublicKeyPkcs1(seq) {
+  const children = seq.children;
+  if (!children || children.length < 2) {
+    throw new Error("Invalid PKCS#1 RSAPublicKey structure");
+  }
+  return {
+    n: integerToBigInt(children[0].data),
+    e: integerToBigInt(children[1].data)
+  };
+}
+function parseRsaPrivateKeyPkcs1(seq) {
+  const children = seq.children;
+  if (!children || children.length < 6) {
+    throw new Error("Invalid PKCS#1 RSAPrivateKey structure");
+  }
+  return {
+    n: integerToBigInt(children[1].data),
+    e: integerToBigInt(children[2].data),
+    d: integerToBigInt(children[3].data),
+    p: integerToBigInt(children[4].data),
+    q: integerToBigInt(children[5].data)
+  };
+}
+function parseSubjectPublicKeyInfo(seq) {
+  const children = seq.children;
+  if (!children || children.length < 2) {
+    throw new Error("Invalid SubjectPublicKeyInfo structure");
+  }
+  const algIdSeq = children[0];
+  if (!algIdSeq.children || algIdSeq.children.length < 1) {
+    throw new Error("Invalid AlgorithmIdentifier");
+  }
+  const oid = algIdSeq.children[0];
+  if (oid.tag !== ASN1_OID || !oidsEqual(oid.data, RSA_OID)) {
+    throw new Error("Unsupported algorithm: only RSA is supported");
+  }
+  const bitString = children[1];
+  if (bitString.tag !== ASN1_BIT_STRING) {
+    throw new Error("Expected BIT STRING for public key data");
+  }
+  const innerDer = bitString.data.slice(1);
+  const innerSeq = parseDer(innerDer);
+  return parseRsaPublicKeyPkcs1(innerSeq);
+}
+function parsePrivateKeyInfo(seq) {
+  const children = seq.children;
+  if (!children || children.length < 3) {
+    throw new Error("Invalid PrivateKeyInfo structure");
+  }
+  const algIdSeq = children[1];
+  if (!algIdSeq.children || algIdSeq.children.length < 1) {
+    throw new Error("Invalid AlgorithmIdentifier");
+  }
+  const oid = algIdSeq.children[0];
+  if (oid.tag !== ASN1_OID || !oidsEqual(oid.data, RSA_OID)) {
+    throw new Error("Unsupported algorithm: only RSA is supported");
+  }
+  const octetString = children[2];
+  if (octetString.tag !== ASN1_OCTET_STRING) {
+    throw new Error("Expected OCTET STRING for private key data");
+  }
+  const innerSeq = parseDer(octetString.data);
+  return parseRsaPrivateKeyPkcs1(innerSeq);
+}
+function encodeLength(length) {
+  if (length < 128) {
+    return new Uint8Array([length]);
+  }
+  const bytes = [];
+  let val = length;
+  while (val > 0) {
+    bytes.unshift(val & 255);
+    val >>= 8;
+  }
+  return new Uint8Array([128 | bytes.length, ...bytes]);
+}
+function encodeTlv(tag, data) {
+  const len = encodeLength(data.length);
+  const result = new Uint8Array(1 + len.length + data.length);
+  result[0] = tag;
+  result.set(len, 1);
+  result.set(data, 1 + len.length);
+  return result;
+}
+function bigintToAsn1Integer(value) {
+  if (value === 0n) {
+    return encodeTlv(ASN1_INTEGER, new Uint8Array([0]));
+  }
+  const hex = value.toString(16);
+  const paddedHex = hex.length % 2 ? "0" + hex : hex;
+  const bytes = [];
+  for (let i = 0; i < paddedHex.length; i += 2) {
+    bytes.push(parseInt(paddedHex.substring(i, i + 2), 16));
+  }
+  if (bytes[0] & 128) {
+    bytes.unshift(0);
+  }
+  return encodeTlv(ASN1_INTEGER, new Uint8Array(bytes));
+}
+function encodeSequence(children) {
+  let totalLen = 0;
+  for (const child of children) totalLen += child.length;
+  const data = new Uint8Array(totalLen);
+  let offset = 0;
+  for (const child of children) {
+    data.set(child, offset);
+    offset += child.length;
+  }
+  return encodeTlv(ASN1_SEQUENCE, data);
+}
+function encodeBitString(data) {
+  const inner = new Uint8Array(1 + data.length);
+  inner[0] = 0;
+  inner.set(data, 1);
+  return encodeTlv(ASN1_BIT_STRING, inner);
+}
+function encodeOctetString(data) {
+  return encodeTlv(ASN1_OCTET_STRING, data);
+}
+function encodeOid(oidBytes) {
+  return encodeTlv(ASN1_OID, oidBytes);
+}
+function encodeNull() {
+  return new Uint8Array([ASN1_NULL, 0]);
+}
+function encodeRsaPublicKeyPkcs1(components) {
+  return encodeSequence([
+    bigintToAsn1Integer(components.n),
+    bigintToAsn1Integer(components.e)
+  ]);
+}
+function encodeSubjectPublicKeyInfo(components) {
+  const algorithmId = encodeSequence([encodeOid(RSA_OID), encodeNull()]);
+  const rsaPublicKey = encodeRsaPublicKeyPkcs1(components);
+  const bitString = encodeBitString(rsaPublicKey);
+  return encodeSequence([algorithmId, bitString]);
+}
+function encodeRsaPrivateKeyPkcs1(components) {
+  const dp = components.d % (components.p - 1n);
+  const dq = components.d % (components.q - 1n);
+  const qi = modInverse(components.q, components.p);
+  return encodeSequence([
+    bigintToAsn1Integer(0n),
+    // version
+    bigintToAsn1Integer(components.n),
+    bigintToAsn1Integer(components.e),
+    bigintToAsn1Integer(components.d),
+    bigintToAsn1Integer(components.p),
+    bigintToAsn1Integer(components.q),
+    bigintToAsn1Integer(dp),
+    bigintToAsn1Integer(dq),
+    bigintToAsn1Integer(qi)
+  ]);
+}
+function encodePrivateKeyInfo(components) {
+  const algorithmId = encodeSequence([encodeOid(RSA_OID), encodeNull()]);
+  const rsaPrivateKey = encodeRsaPrivateKeyPkcs1(components);
+  const octetString = encodeOctetString(rsaPrivateKey);
+  return encodeSequence([
+    bigintToAsn1Integer(0n),
+    // version
+    algorithmId,
+    octetString
+  ]);
+}
+function derToPem(der, type) {
+  const base64 = Buffer.from(der).toString("base64");
+  const lines = [`-----BEGIN ${type}-----`];
+  for (let i = 0; i < base64.length; i += 64) {
+    lines.push(base64.substring(i, i + 64));
+  }
+  lines.push(`-----END ${type}-----`);
+  return lines.join("\n");
+}
+function modInverse(a, m) {
+  let [old_r, r] = [a % m, m];
+  let [old_s, s] = [1n, 0n];
+  while (r !== 0n) {
+    const q = old_r / r;
+    [old_r, r] = [r, old_r - q * r];
+    [old_s, s] = [s, old_s - q * s];
+  }
+  return (old_s % m + m) % m;
+}
+function parseX509(pem) {
+  const { der } = pemToDer(pem);
+  return parseX509Der(der);
+}
+function parseX509Der(der) {
+  const root = parseDer(der);
+  if (root.tag !== ASN1_SEQUENCE || !root.children || root.children.length < 3) {
+    throw new Error("Invalid X.509 certificate structure");
+  }
+  const tbsCertificate = root.children[0];
+  const signatureAlgorithm = root.children[1];
+  const signatureBitString = root.children[2];
+  if (!tbsCertificate.children || tbsCertificate.children.length < 6) {
+    throw new Error("Invalid TBSCertificate structure");
+  }
+  let idx = 0;
+  if (tbsCertificate.children[0].tag === 160) {
+    idx++;
+  }
+  const serialNumber = integerToBigInt(tbsCertificate.children[idx].data);
+  idx++;
+  idx++;
+  const issuer = parseDN(tbsCertificate.children[idx]);
+  idx++;
+  const validity = tbsCertificate.children[idx];
+  const validFrom = parseAsn1Time(validity.children[0]);
+  const validTo = parseAsn1Time(validity.children[1]);
+  idx++;
+  const subject = parseDN(tbsCertificate.children[idx]);
+  idx++;
+  let publicKey = null;
+  let publicKeyAlgorithm = "unknown";
+  if (idx < tbsCertificate.children.length) {
+    const spki = tbsCertificate.children[idx];
+    try {
+      if (spki.children && spki.children.length >= 2) {
+        const algId = spki.children[0];
+        if (algId.children && algId.children.length >= 1) {
+          const oid = algId.children[0];
+          if (oid.tag === ASN1_OID && oidsEqual(oid.data, RSA_OID)) {
+            publicKeyAlgorithm = "rsa";
+            publicKey = parseSubjectPublicKeyInfo(spki);
+          }
+        }
+      }
+    } catch {
+    }
+    idx++;
+  }
+  let subjectAltName;
+  let extensions;
+  for (let i = idx; i < tbsCertificate.children.length; i++) {
+    const child = tbsCertificate.children[i];
+    if (child.tag === 163 && child.data.length > 0) {
+      const extSeq = parseDer(child.data);
+      if (extSeq.children) {
+        extensions = extSeq.children;
+        const SAN_OID = new Uint8Array([85, 29, 17]);
+        for (const ext of extSeq.children) {
+          if (ext.children && ext.children.length >= 2) {
+            const extOid = ext.children[0];
+            if (extOid.tag === ASN1_OID && oidsEqual(extOid.data, SAN_OID)) {
+              const extValue = ext.children[ext.children.length - 1];
+              subjectAltName = parseSAN(extValue.data);
+            }
+          }
+        }
+      }
+    }
+  }
+  let sigAlg = "unknown";
+  if (signatureAlgorithm.children && signatureAlgorithm.children.length >= 1) {
+    sigAlg = oidToName(signatureAlgorithm.children[0].data);
+  }
+  const signature = signatureBitString.tag === ASN1_BIT_STRING ? signatureBitString.data.slice(1) : signatureBitString.data;
+  return {
+    raw: der,
+    tbsCertificate: tbsCertificate.data,
+    serialNumber,
+    issuer,
+    subject,
+    validFrom,
+    validTo,
+    publicKey,
+    publicKeyAlgorithm,
+    signatureAlgorithm: sigAlg,
+    signature,
+    subjectAltName,
+    extensions
+  };
+}
+const OID_NAMES = {
+  "2.5.4.3": "CN",
+  "2.5.4.6": "C",
+  "2.5.4.7": "L",
+  "2.5.4.8": "ST",
+  "2.5.4.10": "O",
+  "2.5.4.11": "OU",
+  "1.2.840.113549.1.9.1": "emailAddress"
+};
+const SIG_ALG_NAMES = {
+  "1.2.840.113549.1.1.1": "rsaEncryption",
+  "1.2.840.113549.1.1.5": "sha1WithRSAEncryption",
+  "1.2.840.113549.1.1.11": "sha256WithRSAEncryption",
+  "1.2.840.113549.1.1.12": "sha384WithRSAEncryption",
+  "1.2.840.113549.1.1.13": "sha512WithRSAEncryption"
+};
+function decodeOidString(data) {
+  if (data.length === 0) return "";
+  const components = [];
+  components.push(Math.floor(data[0] / 40));
+  components.push(data[0] % 40);
+  let value = 0;
+  for (let i = 1; i < data.length; i++) {
+    value = value << 7 | data[i] & 127;
+    if (!(data[i] & 128)) {
+      components.push(value);
+      value = 0;
+    }
+  }
+  return components.join(".");
+}
+function oidToName(data) {
+  const oidStr = decodeOidString(data);
+  return SIG_ALG_NAMES[oidStr] || oidStr;
+}
+function parseDN(seq) {
+  if (!seq.children) return "";
+  const parts = [];
+  for (const rdn of seq.children) {
+    const rdnChildren = rdn.tag === 49 ? parseSequenceChildren(rdn.data) : rdn.children || [];
+    for (const atv of rdnChildren) {
+      if (atv.children && atv.children.length >= 2) {
+        const oidData = atv.children[0].data;
+        const oidStr = decodeOidString(oidData);
+        const name = OID_NAMES[oidStr] || oidStr;
+        const valueBytes = atv.children[1].data;
+        const value = new TextDecoder().decode(valueBytes);
+        parts.push(`${name}=${value}`);
+      }
+    }
+  }
+  return parts.join(", ");
+}
+function parseAsn1Time(tlv) {
+  const str = new TextDecoder().decode(tlv.data);
+  if (tlv.tag === 23) {
+    let year = parseInt(str.substring(0, 2), 10);
+    year = year >= 50 ? 1900 + year : 2e3 + year;
+    const month = parseInt(str.substring(2, 4), 10) - 1;
+    const day = parseInt(str.substring(4, 6), 10);
+    const hour = parseInt(str.substring(6, 8), 10);
+    const minute = parseInt(str.substring(8, 10), 10);
+    const second = parseInt(str.substring(10, 12), 10);
+    return new Date(Date.UTC(year, month, day, hour, minute, second));
+  }
+  if (tlv.tag === 24) {
+    const year = parseInt(str.substring(0, 4), 10);
+    const month = parseInt(str.substring(4, 6), 10) - 1;
+    const day = parseInt(str.substring(6, 8), 10);
+    const hour = parseInt(str.substring(8, 10), 10);
+    const minute = parseInt(str.substring(10, 12), 10);
+    const second = parseInt(str.substring(12, 14), 10);
+    return new Date(Date.UTC(year, month, day, hour, minute, second));
+  }
+  throw new Error(`Unsupported time tag: 0x${tlv.tag.toString(16)}`);
+}
+function parseSAN(data) {
+  const names = [];
+  try {
+    const seq = parseDer(data);
+    if (seq.tag === ASN1_SEQUENCE && seq.children) {
+      for (const child of seq.children) {
+        if (child.tag === 130) {
+          names.push("DNS:" + new TextDecoder().decode(child.data));
+        } else if (child.tag === 135) {
+          if (child.data.length === 4) {
+            names.push("IP Address:" + child.data.join("."));
+          } else if (child.data.length === 16) {
+            const parts = [];
+            for (let i = 0; i < 16; i += 2) {
+              parts.push((child.data[i] << 8 | child.data[i + 1]).toString(16));
+            }
+            names.push("IP Address:" + parts.join(":"));
+          }
+        }
+      }
+    }
+  } catch {
+  }
+  return names;
+}
+function parsePemKey(pem) {
+  const { type, der } = pemToDer(pem);
+  const root = parseDer(der);
+  if (root.tag !== ASN1_SEQUENCE) {
+    throw new Error("Invalid key format: expected top-level SEQUENCE");
+  }
+  switch (type) {
+    case "RSA PUBLIC KEY":
+      return { type: "rsa-public", components: parseRsaPublicKeyPkcs1(root) };
+    case "PUBLIC KEY":
+      return { type: "rsa-public", components: parseSubjectPublicKeyInfo(root) };
+    case "RSA PRIVATE KEY":
+      return { type: "rsa-private", components: parseRsaPrivateKeyPkcs1(root) };
+    case "PRIVATE KEY":
+      return { type: "rsa-private", components: parsePrivateKeyInfo(root) };
+    default:
+      throw new Error(`Unsupported PEM type: ${type}`);
+  }
+}
+function rsaKeySize(n) {
+  let bits = 0;
+  let val = n;
+  while (val > 0n) {
+    bits++;
+    val >>= 1n;
+  }
+  return Math.ceil(bits / 8);
+}
+export {
+  bigintToAsn1Integer,
+  derToPem,
+  encodePrivateKeyInfo,
+  encodeRsaPrivateKeyPkcs1,
+  encodeRsaPublicKeyPkcs1,
+  encodeSequence,
+  encodeSubjectPublicKeyInfo,
+  parsePemKey,
+  parseX509,
+  parseX509Der,
+  rsaKeySize
+};

package/lib/esm/bigint-math.js

@@ -0,0 +1,34 @@
+function modPow(base, exp, mod) {
+  if (mod === 1n) return 0n;
+  base = (base % mod + mod) % mod;
+  let result = 1n;
+  while (exp > 0n) {
+    if (exp & 1n) {
+      result = result * base % mod;
+    }
+    exp >>= 1n;
+    base = base * base % mod;
+  }
+  return result;
+}
+function bigIntToBytes(value, length) {
+  const result = new Uint8Array(length);
+  let v = value;
+  for (let i = length - 1; i >= 0; i--) {
+    result[i] = Number(v & 0xffn);
+    v >>= 8n;
+  }
+  return result;
+}
+function bytesToBigInt(bytes) {
+  let result = 0n;
+  for (let i = 0; i < bytes.length; i++) {
+    result = result << 8n | BigInt(bytes[i]);
+  }
+  return result;
+}
+export {
+  bigIntToBytes,
+  bytesToBigInt,
+  modPow
+};