@gjsify/crypto 0.1.0

package/src/gcm.spec.ts

@@ -0,0 +1,141 @@
+// Tests for AES-GCM cipher mode
+// Reference: NIST SP 800-38D test vectors
+
+import { describe, it, expect } from '@gjsify/unit';
+import { createCipheriv, createDecipheriv } from 'node:crypto';
+import { Buffer } from 'node:buffer';
+
+export default async () => {
+
+  await describe('AES-GCM', async () => {
+    await it('should support aes-256-gcm algorithm', async () => {
+      const key = Buffer.alloc(32, 'a');
+      const iv = Buffer.alloc(12, 'b');
+      const cipher = createCipheriv('aes-256-gcm', key, iv);
+      expect(cipher).toBeDefined();
+    });
+
+    await it('should support aes-128-gcm algorithm', async () => {
+      const key = Buffer.alloc(16, 'a');
+      const iv = Buffer.alloc(12, 'b');
+      const cipher = createCipheriv('aes-128-gcm', key, iv);
+      expect(cipher).toBeDefined();
+    });
+
+    await it('should encrypt and decrypt round-trip', async () => {
+      const key = Buffer.from('0123456789abcdef0123456789abcdef', 'utf8');
+      const iv = Buffer.alloc(12, 0);
+      const plaintext = 'Hello, AES-GCM!';
+
+      // Encrypt
+      const cipher = createCipheriv('aes-256-gcm', key, iv);
+      let encrypted = cipher.update(plaintext, 'utf8');
+      encrypted = Buffer.concat([encrypted, cipher.final()]);
+      const tag = cipher.getAuthTag();
+      expect(tag).toBeDefined();
+      expect(tag.length).toBe(16);
+
+      // Decrypt
+      const decipher = createDecipheriv('aes-256-gcm', key, iv);
+      decipher.setAuthTag(tag);
+      let decrypted = decipher.update(encrypted);
+      decrypted = Buffer.concat([decrypted, decipher.final()]);
+
+      expect(decrypted.toString('utf8')).toBe(plaintext);
+    });
+
+    await it('should fail with wrong auth tag', async () => {
+      const key = Buffer.alloc(32, 'k');
+      const iv = Buffer.alloc(12, 'i');
+      const plaintext = 'secret data';
+
+      const cipher = createCipheriv('aes-256-gcm', key, iv);
+      let encrypted = cipher.update(plaintext, 'utf8');
+      encrypted = Buffer.concat([encrypted, cipher.final()]);
+      const tag = cipher.getAuthTag();
+
+      // Tamper with the tag
+      const badTag = Buffer.from(tag);
+      badTag[0] ^= 0xff;
+
+      const decipher = createDecipheriv('aes-256-gcm', key, iv);
+      decipher.setAuthTag(badTag);
+      decipher.update(encrypted);
+      expect(() => decipher.final()).toThrow();
+    });
+
+    await it('should support AAD (additional authenticated data)', async () => {
+      const key = Buffer.alloc(32, 'k');
+      const iv = Buffer.alloc(12, 'i');
+      const plaintext = 'encrypted part';
+      const aad = Buffer.from('authenticated but not encrypted');
+
+      // Encrypt with AAD
+      const cipher = createCipheriv('aes-256-gcm', key, iv);
+      cipher.setAAD(aad);
+      let encrypted = cipher.update(plaintext, 'utf8');
+      encrypted = Buffer.concat([encrypted, cipher.final()]);
+      const tag = cipher.getAuthTag();
+
+      // Decrypt with same AAD
+      const decipher = createDecipheriv('aes-256-gcm', key, iv);
+      decipher.setAuthTag(tag);
+      decipher.setAAD(aad);
+      let decrypted = decipher.update(encrypted);
+      decrypted = Buffer.concat([decrypted, decipher.final()]);
+      expect(decrypted.toString('utf8')).toBe(plaintext);
+    });
+
+    await it('should fail with wrong AAD', async () => {
+      const key = Buffer.alloc(32, 'k');
+      const iv = Buffer.alloc(12, 'i');
+      const plaintext = 'test';
+      const aad = Buffer.from('original AAD');
+
+      const cipher = createCipheriv('aes-256-gcm', key, iv);
+      cipher.setAAD(aad);
+      let encrypted = cipher.update(plaintext, 'utf8');
+      encrypted = Buffer.concat([encrypted, cipher.final()]);
+      const tag = cipher.getAuthTag();
+
+      // Decrypt with different AAD
+      const decipher = createDecipheriv('aes-256-gcm', key, iv);
+      decipher.setAuthTag(tag);
+      decipher.setAAD(Buffer.from('tampered AAD'));
+      decipher.update(encrypted);
+      expect(() => decipher.final()).toThrow();
+    });
+
+    await it('should handle empty plaintext', async () => {
+      const key = Buffer.alloc(32, 'k');
+      const iv = Buffer.alloc(12, 'i');
+
+      const cipher = createCipheriv('aes-256-gcm', key, iv);
+      const encrypted = cipher.final();
+      const tag = cipher.getAuthTag();
+
+      expect(encrypted.length).toBe(0);
+      expect(tag.length).toBe(16);
+
+      const decipher = createDecipheriv('aes-256-gcm', key, iv);
+      decipher.setAuthTag(tag);
+      const decrypted = decipher.final();
+      expect(decrypted.length).toBe(0);
+    });
+
+    await it('should produce different ciphertext for different IVs', async () => {
+      const key = Buffer.alloc(32, 'k');
+      const plaintext = 'same data';
+
+      const cipher1 = createCipheriv('aes-256-gcm', key, Buffer.alloc(12, 1));
+      let enc1 = cipher1.update(plaintext, 'utf8');
+      enc1 = Buffer.concat([enc1, cipher1.final()]);
+
+      const cipher2 = createCipheriv('aes-256-gcm', key, Buffer.alloc(12, 2));
+      let enc2 = cipher2.update(plaintext, 'utf8');
+      enc2 = Buffer.concat([enc2, cipher2.final()]);
+
+      expect(enc1.toString('hex')).not.toBe(enc2.toString('hex'));
+    });
+  });
+};

package/src/hash.spec.ts

@@ -0,0 +1,86 @@
+import { describe, it, expect } from '@gjsify/unit';
+import { createHash, getHashes } from 'node:crypto';
+
+export default async () => {
+  await describe('crypto.createHash', async () => {
+    await it('should hash empty string with sha256', async () => {
+      const hash = createHash('sha256').update('').digest('hex');
+      expect(hash).toBe('e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855');
+    });
+
+    await it('should hash "hello" with sha256', async () => {
+      const hash = createHash('sha256').update('hello').digest('hex');
+      expect(hash).toBe('2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824');
+    });
+
+    await it('should hash "hello" with md5', async () => {
+      const hash = createHash('md5').update('hello').digest('hex');
+      expect(hash).toBe('5d41402abc4b2a76b9719d911017c592');
+    });
+
+    await it('should hash "hello" with sha1', async () => {
+      const hash = createHash('sha1').update('hello').digest('hex');
+      expect(hash).toBe('aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d');
+    });
+
+    await it('should hash "hello" with sha512', async () => {
+      const hash = createHash('sha512').update('hello').digest('hex');
+      expect(hash).toBe('9b71d224bd62f3785d96d46ad3ea3d73319bfbc2890caadae2dff72519673ca72323c3d99ba5c11d7c7acc6e14b8c5da0c4663475c2e5c3adef46f73bcdec043');
+    });
+
+    await it('should support multiple update calls', async () => {
+      const hash = createHash('sha256')
+        .update('hello')
+        .update(' ')
+        .update('world')
+        .digest('hex');
+      const expected = createHash('sha256').update('hello world').digest('hex');
+      expect(hash).toBe(expected);
+    });
+
+    await it('should return Buffer when no encoding specified', async () => {
+      const result = createHash('md5').update('test').digest();
+      expect(result).toBeDefined();
+      expect(result.length).toBe(16);
+    });
+
+    await it('should support base64 encoding', async () => {
+      const hash = createHash('sha256').update('hello').digest('base64');
+      expect(typeof hash).toBe('string');
+      expect(hash.length).toBeGreaterThan(0);
+    });
+
+    await it('should throw on unknown algorithm', async () => {
+      let threw = false;
+      try {
+        createHash('unknown');
+      } catch (e: any) {
+        threw = true;
+        // Node.js may use different error formats; just verify it throws
+      }
+      expect(threw).toBe(true);
+    });
+
+    await it('should throw when digest called twice', async () => {
+      const hash = createHash('sha256').update('test');
+      hash.digest();
+      let threw = false;
+      try {
+        hash.digest();
+      } catch {
+        threw = true;
+      }
+      expect(threw).toBe(true);
+    });
+  });
+
+  await describe('crypto.getHashes', async () => {
+    await it('should return an array of supported algorithms', async () => {
+      const hashes = getHashes();
+      expect(hashes).toContain('sha256');
+      expect(hashes).toContain('md5');
+      expect(hashes).toContain('sha1');
+      expect(hashes).toContain('sha512');
+    });
+  });
+};

package/src/hash.ts

@@ -0,0 +1,119 @@
+// Reference: Node.js lib/internal/crypto/hash.js
+// Reimplemented for GJS using GLib.Checksum
+
+import GLib from '@girs/glib-2.0';
+import { Transform } from 'node:stream';
+import type { TransformCallback } from 'node:stream';
+import { Buffer } from 'node:buffer';
+import { normalizeEncoding } from '@gjsify/utils';
+import { normalizeAlgorithm } from './crypto-utils.js';
+
+const CHECKSUM_TYPES: Record<string, GLib.ChecksumType> = {
+  md5: GLib.ChecksumType.MD5,
+  sha1: GLib.ChecksumType.SHA1,
+  sha256: GLib.ChecksumType.SHA256,
+  sha384: GLib.ChecksumType.SHA384,
+  sha512: GLib.ChecksumType.SHA512,
+};
+
+function getChecksumType(algorithm: string): GLib.ChecksumType {
+  const normalized = normalizeAlgorithm(algorithm);
+  const type = CHECKSUM_TYPES[normalized];
+  if (type === undefined) {
+    const err = new Error(`Unknown message digest: ${algorithm}`);
+    (err as any).code = 'ERR_CRYPTO_HASH_UNKNOWN';
+    throw err;
+  }
+  return type;
+}
+
+/**
+ * Creates and returns a Hash object that can be used to generate hash digests
+ * using the given algorithm.
+ */
+export class Hash extends Transform {
+  private _algorithm: string;
+  private _checksum: GLib.Checksum;
+  private _finalized = false;
+
+  constructor(algorithm: string) {
+    super();
+    const normalized = normalizeAlgorithm(algorithm);
+    const type = getChecksumType(normalized);
+    this._algorithm = normalized;
+    this._checksum = new GLib.Checksum(type);
+  }
+
+  /** Update the hash with data. */
+  update(data: string | Buffer | Uint8Array, inputEncoding?: BufferEncoding): this {
+    if (this._finalized) {
+      throw new Error('Digest already called');
+    }
+
+    let bytes: Uint8Array;
+    if (typeof data === 'string') {
+      const enc = normalizeEncoding(inputEncoding);
+      bytes = Buffer.from(data, enc);
+    } else {
+      bytes = data instanceof Uint8Array ? data : Buffer.from(data);
+    }
+
+    this._checksum.update(bytes);
+    return this;
+  }
+
+  /** Calculate the digest of all data passed to update(). */
+  digest(encoding?: BufferEncoding): Buffer | string {
+    if (this._finalized) {
+      throw new Error('Digest already called');
+    }
+    this._finalized = true;
+
+    const hexStr = this._checksum.get_string();
+    const buf = Buffer.from(hexStr, 'hex');
+    if (encoding) return buf.toString(encoding);
+    return buf;
+  }
+
+  /** Copy this hash to a new Hash object. */
+  copy(): Hash {
+    if (this._finalized) {
+      throw new Error('Digest already called');
+    }
+    const copy = Object.create(Hash.prototype) as Hash;
+    Transform.call(copy);
+    copy._algorithm = this._algorithm;
+    copy._finalized = false;
+    copy._checksum = this._checksum.copy();
+    return copy;
+  }
+
+  // Transform stream interface
+  _transform(chunk: any, encoding: BufferEncoding, callback: TransformCallback): void {
+    try {
+      this.update(chunk, encoding);
+      callback();
+    } catch (err) {
+      callback(err as Error);
+    }
+  }
+
+  _flush(callback: TransformCallback): void {
+    try {
+      this.push(this.digest());
+      callback();
+    } catch (err) {
+      callback(err as Error);
+    }
+  }
+}
+
+/** Get the list of supported hash algorithms. */
+export function getHashes(): string[] {
+  return ['md5', 'sha1', 'sha256', 'sha384', 'sha512'];
+}
+
+/** Convenience: one-shot hash (Node 21+). */
+export function hash(algorithm: string, data: string | Buffer | Uint8Array, encoding?: BufferEncoding): Buffer | string {
+  return new Hash(algorithm).update(data).digest(encoding);
+}

package/src/hkdf.ts

@@ -0,0 +1,99 @@
+// Reference: Node.js lib/internal/crypto/hkdf.js, RFC 5869
+// Reimplemented for GJS using pure-JS Hmac
+
+import { Buffer } from 'node:buffer';
+import { Hmac } from './hmac.js';
+import { normalizeAlgorithm, DIGEST_SIZES, SUPPORTED_ALGORITHMS, toBuffer } from './crypto-utils.js';
+
+function hmacDigest(algo: string, key: Uint8Array, data: Uint8Array) {
+  const hmac = new Hmac(algo, key);
+  hmac.update(data);
+  return hmac.digest() as Buffer;
+}
+
+/**
+ * HKDF-Extract: PRK = HMAC-Hash(salt, IKM)
+ */
+function hkdfExtract(algo: string, ikm: Buffer, salt: Buffer): Buffer {
+  return hmacDigest(algo, salt, ikm);
+}
+
+/**
+ * HKDF-Expand: OKM = T(1) || T(2) || ... || T(N)
+ *   T(i) = HMAC-Hash(PRK, T(i-1) || info || i)
+ */
+function hkdfExpand(algo: string, prk: Buffer, info: Buffer, length: number, hashLen: number): Buffer {
+  const n = Math.ceil(length / hashLen);
+  if (n > 255) {
+    throw new Error('HKDF cannot generate more than 255 * HashLen bytes');
+  }
+
+  const okm = Buffer.allocUnsafe(n * hashLen);
+  let prev: Buffer = Buffer.alloc(0);
+
+  for (let i = 1; i <= n; i++) {
+    const input = Buffer.concat([prev, info, Buffer.from([i])]);
+    prev = hmacDigest(algo, prk, input);
+    prev.copy(okm, (i - 1) * hashLen);
+  }
+
+  return Buffer.from(okm.buffer, okm.byteOffset, length);
+}
+
+/**
+ * Synchronous HKDF key derivation.
+ */
+export function hkdfSync(
+  digest: string,
+  ikm: string | Buffer | Uint8Array | DataView | ArrayBuffer,
+  salt: string | Buffer | Uint8Array | DataView | ArrayBuffer,
+  info: string | Buffer | Uint8Array | DataView | ArrayBuffer,
+  keylen: number
+): ArrayBuffer {
+  const algo = normalizeAlgorithm(digest);
+  const hashLen = DIGEST_SIZES[algo];
+
+  if (!SUPPORTED_ALGORITHMS.has(algo) || hashLen === undefined) {
+    throw new TypeError(`Unknown message digest: ${digest}`);
+  }
+
+  if (typeof keylen !== 'number' || keylen < 0) {
+    throw new TypeError('keylen must be a non-negative number');
+  }
+
+  const ikmBuf = toBuffer(ikm);
+  const saltBuf = toBuffer(salt);
+  const infoBuf = toBuffer(info);
+
+  // If salt is empty, use a zero-filled buffer of hash length
+  const effectiveSalt = saltBuf.length === 0 ? Buffer.alloc(hashLen, 0) : saltBuf;
+
+  const prk = hkdfExtract(algo, ikmBuf, effectiveSalt);
+  const okm = hkdfExpand(algo, prk, infoBuf, keylen, hashLen);
+
+  // Node.js returns ArrayBuffer — copy to ensure a clean ArrayBuffer
+  const result = new ArrayBuffer(okm.length);
+  new Uint8Array(result).set(okm);
+  return result;
+}
+
+/**
+ * Asynchronous HKDF key derivation.
+ */
+export function hkdf(
+  digest: string,
+  ikm: string | Buffer | Uint8Array | DataView | ArrayBuffer,
+  salt: string | Buffer | Uint8Array | DataView | ArrayBuffer,
+  info: string | Buffer | Uint8Array | DataView | ArrayBuffer,
+  keylen: number,
+  callback: (err: Error | null, derivedKey?: ArrayBuffer) => void
+): void {
+  setTimeout(() => {
+    try {
+      const result = hkdfSync(digest, ikm, salt, info, keylen);
+      callback(null, result);
+    } catch (err) {
+      callback(err instanceof Error ? err : new Error(String(err)));
+    }
+  }, 0);
+}

package/src/hmac.spec.ts

@@ -0,0 +1,64 @@
+import { describe, it, expect } from '@gjsify/unit';
+import { createHmac } from 'node:crypto';
+import { Buffer } from 'node:buffer';
+
+// Ported from refs/node/test/parallel/test-crypto-hmac.js
+// Original: MIT license, Node.js contributors
+
+export default async () => {
+	await describe('crypto.createHmac', async () => {
+		await it('should create hmac with sha256', async () => {
+			const hmac = createHmac('sha256', 'secret').update('hello').digest('hex');
+			expect(typeof hmac).toBe('string');
+			expect(hmac.length).toBe(64); // sha256 hex = 64 chars
+		});
+
+		await it('should create hmac with sha1', async () => {
+			const hmac = createHmac('sha1', 'secret').update('hello').digest('hex');
+			expect(typeof hmac).toBe('string');
+			expect(hmac.length).toBe(40); // sha1 hex = 40 chars
+		});
+
+		await it('should create hmac with md5', async () => {
+			const hmac = createHmac('md5', 'secret').update('hello').digest('hex');
+			expect(typeof hmac).toBe('string');
+			expect(hmac.length).toBe(32); // md5 hex = 32 chars
+		});
+
+		await it('should support Buffer key', async () => {
+			const key = Buffer.from('secret');
+			const hmac = createHmac('sha256', key).update('hello').digest('hex');
+			const hmac2 = createHmac('sha256', 'secret').update('hello').digest('hex');
+			expect(hmac).toBe(hmac2);
+		});
+
+		await it('should support multiple update calls', async () => {
+			const hmac1 = createHmac('sha256', 'key')
+				.update('hello')
+				.update(' ')
+				.update('world')
+				.digest('hex');
+			const hmac2 = createHmac('sha256', 'key')
+				.update('hello world')
+				.digest('hex');
+			expect(hmac1).toBe(hmac2);
+		});
+
+		await it('should support base64 encoding', async () => {
+			const hmac = createHmac('sha256', 'secret').update('test').digest('base64');
+			expect(typeof hmac).toBe('string');
+			expect(hmac.length).toBeGreaterThan(0);
+		});
+
+		await it('should return Buffer when no encoding', async () => {
+			const hmac = createHmac('sha256', 'secret').update('test').digest();
+			expect(hmac.length).toBe(32); // sha256 = 32 bytes
+		});
+
+		// RFC 2202 test vector
+		await it('should match HMAC-SHA256 test vector', async () => {
+			const hmac = createHmac('sha256', 'key').update('The quick brown fox jumps over the lazy dog').digest('hex');
+			expect(hmac).toBe('f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8');
+		});
+	});
+};

package/src/hmac.ts

@@ -0,0 +1,123 @@
+// Reference: RFC 2104, Node.js lib/internal/crypto/hash.js
+// Reimplemented for GJS using pure-JS HMAC over GLib.Checksum
+// (GLib.Hmac bindings crash in GJS with segfault)
+
+import { Transform } from 'node:stream';
+import type { TransformCallback } from 'node:stream';
+import { Buffer } from 'node:buffer';
+import { normalizeEncoding } from '@gjsify/utils';
+import { Hash } from './hash.js';
+import { normalizeAlgorithm, BLOCK_SIZES, SUPPORTED_ALGORITHMS } from './crypto-utils.js';
+
+/**
+ * Creates and returns an Hmac object that uses the given algorithm and key.
+ * Implemented using createHash (GLib.Checksum) since GLib.Hmac bindings are broken in GJS.
+ */
+export class Hmac extends Transform {
+  private _algorithm: string;
+  private _innerHash: Hash;
+  private _outerKeyPad: Uint8Array;
+  private _finalized = false;
+
+  constructor(algorithm: string, key: string | Buffer | Uint8Array) {
+    super();
+    const normalized = normalizeAlgorithm(algorithm);
+    if (!SUPPORTED_ALGORITHMS.has(normalized)) {
+      const err = new Error(`Unknown message digest: ${algorithm}`);
+      (err as any).code = 'ERR_CRYPTO_HASH_UNKNOWN';
+      throw err;
+    }
+    this._algorithm = normalized;
+
+    let keyBytes: Uint8Array;
+    if (typeof key === 'string') {
+      keyBytes = Buffer.from(key, 'utf8');
+    } else {
+      keyBytes = key instanceof Uint8Array ? key : Buffer.from(key);
+    }
+
+    const blockSize = BLOCK_SIZES[normalized];
+
+    // If key is longer than block size, hash it first
+    if (keyBytes.length > blockSize) {
+      const h = new Hash(normalized);
+      h.update(keyBytes);
+      keyBytes = h.digest() as Buffer;
+    }
+
+    // Pad key to block size
+    const paddedKey = new Uint8Array(blockSize);
+    paddedKey.set(keyBytes);
+
+    // Compute inner and outer key pads
+    const iKeyPad = new Uint8Array(blockSize);
+    const oKeyPad = new Uint8Array(blockSize);
+    for (let i = 0; i < blockSize; i++) {
+      iKeyPad[i] = paddedKey[i] ^ 0x36;
+      oKeyPad[i] = paddedKey[i] ^ 0x5c;
+    }
+
+    this._outerKeyPad = oKeyPad;
+
+    // Start inner hash: H(iKeyPad || message)
+    this._innerHash = new Hash(normalized);
+    this._innerHash.update(iKeyPad);
+  }
+
+  /** Update the HMAC with data. */
+  update(data: string | Buffer | Uint8Array, inputEncoding?: BufferEncoding): this {
+    if (this._finalized) {
+      throw new Error('Digest already called');
+    }
+
+    let bytes: Uint8Array;
+    if (typeof data === 'string') {
+      const enc = normalizeEncoding(inputEncoding);
+      bytes = Buffer.from(data, enc);
+    } else {
+      bytes = data instanceof Uint8Array ? data : Buffer.from(data);
+    }
+
+    this._innerHash.update(bytes);
+    return this;
+  }
+
+  /** Calculate the HMAC digest. */
+  digest(encoding?: BufferEncoding): Buffer | string {
+    if (this._finalized) {
+      throw new Error('Digest already called');
+    }
+    this._finalized = true;
+
+    // Complete inner hash
+    const innerDigest = this._innerHash.digest() as Buffer;
+
+    // Compute outer hash: H(oKeyPad || innerDigest)
+    const outerHash = new Hash(this._algorithm);
+    outerHash.update(this._outerKeyPad);
+    outerHash.update(innerDigest);
+
+    const result = outerHash.digest() as Buffer;
+    if (encoding) return result.toString(encoding);
+    return result;
+  }
+
+  // Transform stream interface
+  _transform(chunk: any, encoding: BufferEncoding, callback: TransformCallback): void {
+    try {
+      this.update(chunk, encoding);
+      callback();
+    } catch (err) {
+      callback(err as Error);
+    }
+  }
+
+  _flush(callback: TransformCallback): void {
+    try {
+      this.push(this.digest());
+      callback();
+    } catch (err) {
+      callback(err as Error);
+    }
+  }
+}