@gjsify/crypto 0.1.0

package/src/mgf1.ts

@@ -0,0 +1,37 @@
+// MGF1 (Mask Generation Function 1) per RFC 8017 Section B.2.1
+// Used by RSA-PSS and RSA-OAEP
+
+import { Hash } from './hash.js';
+import { hashSize } from './crypto-utils.js';
+
+/**
+ * MGF1 mask generation function.
+ * Produces a mask of `length` bytes from `seed` using `hashAlgo`.
+ */
+export function mgf1(hashAlgo: string, seed: Uint8Array, length: number): Uint8Array {
+  const hashLen = hashSize(hashAlgo);
+  const mask = new Uint8Array(length);
+  let offset = 0;
+  let counter = 0;
+
+  while (offset < length) {
+    // counter as 4-byte big-endian
+    const C = new Uint8Array(4);
+    C[0] = (counter >>> 24) & 0xff;
+    C[1] = (counter >>> 16) & 0xff;
+    C[2] = (counter >>> 8) & 0xff;
+    C[3] = counter & 0xff;
+
+    const hash = new Hash(hashAlgo);
+    hash.update(seed);
+    hash.update(C);
+    const digest = new Uint8Array(hash.digest() as any);
+
+    const toCopy = Math.min(digest.length, length - offset);
+    mask.set(digest.slice(0, toCopy), offset);
+    offset += toCopy;
+    counter++;
+  }
+
+  return mask;
+}

package/src/pbkdf2.spec.ts

@@ -0,0 +1,76 @@
+import { describe, it, expect } from '@gjsify/unit';
+import { pbkdf2, pbkdf2Sync } from 'node:crypto';
+import { Buffer } from 'node:buffer';
+
+export default async () => {
+  await describe('crypto.pbkdf2Sync', async () => {
+    await it('should be a function', async () => {
+      expect(typeof pbkdf2Sync).toBe('function');
+    });
+
+    await it('should derive key with sha256', async () => {
+      const key = pbkdf2Sync('password', 'salt', 1000, 32, 'sha256');
+      expect(key).toBeDefined();
+      expect(key.length).toBe(32);
+    });
+
+    await it('should derive key with sha1 (default)', async () => {
+      const key = pbkdf2Sync('password', 'salt', 1, 20, 'sha1');
+      expect(key).toBeDefined();
+      expect(key.length).toBe(20);
+      // Known test vector: PBKDF2-HMAC-SHA1("password", "salt", 1, 20)
+      expect(key.toString('hex')).toBe('0c60c80f961f0e71f3a9b524af6012062fe037a6');
+    });
+
+    await it('should derive key with sha512', async () => {
+      const key = pbkdf2Sync('password', 'salt', 1, 64, 'sha512');
+      expect(key).toBeDefined();
+      expect(key.length).toBe(64);
+    });
+
+    await it('should accept Buffer inputs', async () => {
+      const key = pbkdf2Sync(Buffer.from('password'), Buffer.from('salt'), 1000, 32, 'sha256');
+      expect(key.length).toBe(32);
+    });
+
+    await it('should handle keylen 0', async () => {
+      // Node.js native throws on keylen 0, our GJS impl returns empty buffer
+      // Both behaviors are acceptable — test that it doesn't crash
+      try {
+        const key = pbkdf2Sync('password', 'salt', 1, 0, 'sha256');
+        expect(key.length).toBe(0);
+      } catch (_e) {
+        // Node.js throws "Deriving bits failed" for keylen 0
+        expect(true).toBe(true);
+      }
+    });
+
+    await it('should throw on invalid iterations', async () => {
+      expect(() => {
+        pbkdf2Sync('password', 'salt', 0, 32, 'sha256');
+      }).toThrow();
+    });
+
+    await it('should throw on unsupported digest', async () => {
+      expect(() => {
+        pbkdf2Sync('password', 'salt', 1, 32, 'unsupported');
+      }).toThrow();
+    });
+  });
+
+  await describe('crypto.pbkdf2', async () => {
+    await it('should be a function', async () => {
+      expect(typeof pbkdf2).toBe('function');
+    });
+
+    await it('should derive key asynchronously', async () => {
+      await new Promise<void>((resolve) => {
+        pbkdf2('password', 'salt', 1000, 32, 'sha256', (err, key) => {
+          expect(err).toBeNull();
+          expect(key!.length).toBe(32);
+          resolve();
+        });
+      });
+    });
+  });
+};

package/src/pbkdf2.ts

@@ -0,0 +1,106 @@
+// Reference: Node.js lib/internal/crypto/pbkdf2.js, RFC 2898
+// Reimplemented for GJS using pure-JS Hmac (over GLib.Checksum)
+
+import { Buffer } from 'node:buffer';
+import { Hmac } from './hmac.js';
+import { normalizeAlgorithm, DIGEST_SIZES, SUPPORTED_ALGORITHMS, toBuffer } from './crypto-utils.js';
+
+function hmacDigest(algo: string, key: Uint8Array, data: Uint8Array): Buffer {
+  const hmac = new Hmac(algo, key);
+  hmac.update(data);
+  return hmac.digest() as Buffer;
+}
+
+function validateParameters(iterations: number, keylen: number): void {
+  if (typeof iterations !== 'number' || iterations < 0 || !Number.isFinite(iterations)) {
+    throw new TypeError('iterations must be a positive number');
+  }
+  if (iterations === 0) {
+    throw new TypeError('iterations must be a positive number');
+  }
+  if (typeof keylen !== 'number' || keylen < 0 || !Number.isFinite(keylen) || keylen > 2147483647) {
+    throw new TypeError('keylen must be a positive number');
+  }
+}
+
+/**
+ * Synchronous PBKDF2 key derivation.
+ */
+export function pbkdf2Sync(
+  password: string | Buffer | Uint8Array | DataView,
+  salt: string | Buffer | Uint8Array | DataView,
+  iterations: number,
+  keylen: number,
+  digest?: string
+): Buffer {
+  validateParameters(iterations, keylen);
+
+  const passwordBuf = toBuffer(password);
+  const saltBuf = toBuffer(salt);
+  const algo = normalizeAlgorithm(digest || 'sha1');
+  const hashLen = DIGEST_SIZES[algo];
+
+  if (!SUPPORTED_ALGORITHMS.has(algo) || hashLen === undefined) {
+    throw new TypeError(`Unknown message digest: ${digest || 'sha1'}`);
+  }
+
+  if (keylen === 0) {
+    return Buffer.alloc(0);
+  }
+
+  const numBlocks = Math.ceil(keylen / hashLen);
+  const dk = Buffer.allocUnsafe(numBlocks * hashLen);
+
+  // RFC 2898 Section 5.2
+  for (let blockIndex = 1; blockIndex <= numBlocks; blockIndex++) {
+    // U_1 = PRF(Password, Salt || INT_32_BE(i))
+    const block = Buffer.allocUnsafe(saltBuf.length + 4);
+    saltBuf.copy(block, 0);
+    block.writeUInt32BE(blockIndex, saltBuf.length);
+
+    let u = hmacDigest(algo, passwordBuf, block);
+    let t = Buffer.from(u);
+
+    // U_2 ... U_c
+    for (let iter = 1; iter < iterations; iter++) {
+      u = hmacDigest(algo, passwordBuf, u);
+      for (let k = 0; k < hashLen; k++) {
+        t[k] ^= u[k];
+      }
+    }
+
+    t.copy(dk, (blockIndex - 1) * hashLen);
+  }
+
+  // Return a proper Buffer slice
+  return Buffer.from(dk.buffer, dk.byteOffset, keylen);
+}
+
+/**
+ * Asynchronous PBKDF2 key derivation.
+ */
+export function pbkdf2(
+  password: string | Buffer | Uint8Array | DataView,
+  salt: string | Buffer | Uint8Array | DataView,
+  iterations: number,
+  keylen: number,
+  digest: string,
+  callback: (err: Error | null, derivedKey?: Buffer) => void
+): void {
+  try {
+    validateParameters(iterations, keylen);
+  } catch (err) {
+    // Match Node.js behavior: validation errors are thrown synchronously
+    throw err;
+  }
+
+  // Run in next tick to be truly async
+  setTimeout(() => {
+    try {
+      const result = pbkdf2Sync(password, salt, iterations, keylen, digest);
+      callback(null, result);
+    } catch (err) {
+      callback(err instanceof Error ? err : new Error(String(err)));
+    }
+  }, 0);
+}

package/src/public-encrypt.ts

@@ -0,0 +1,288 @@
+// Public-key encryption — RSA PKCS#1 v1.5 for GJS
+// Reference: refs/public-encrypt/publicEncrypt.js, refs/public-encrypt/privateDecrypt.js
+// Reimplemented for GJS using native BigInt (ES2024)
+
+import { Buffer } from 'node:buffer';
+import { randomBytes } from './random.js';
+import { parsePemKey, rsaKeySize } from './asn1.js';
+import { modPow, bigIntToBytes, bytesToBigInt } from './bigint-math.js';
+
+// ============================================================================
+// Key extraction helpers
+// ============================================================================
+
+interface KeyInput {
+  key: string | Buffer;
+  passphrase?: string;
+  padding?: number;
+}
+
+function extractPem(key: string | Buffer | KeyInput): string {
+  if (typeof key === 'string') {
+    return key;
+  }
+  if (Buffer.isBuffer(key) || key instanceof Uint8Array) {
+    return Buffer.from(key).toString('utf8');
+  }
+  if (key && typeof key === 'object' && 'key' in key) {
+    const k = key.key;
+    if (typeof k === 'string') return k;
+    if (Buffer.isBuffer(k) || (k as unknown) instanceof Uint8Array) return Buffer.from(k as Uint8Array).toString('utf8');
+  }
+  throw new TypeError('Invalid key argument');
+}
+
+// ============================================================================
+// PKCS#1 v1.5 padding
+// ============================================================================
+
+/**
+ * Apply PKCS#1 v1.5 Type 2 padding (for encryption).
+ * Format: 0x00 0x02 [random non-zero bytes] 0x00 [data]
+ * The padding string (PS) must be at least 8 bytes.
+ */
+function pkcs1v15Type2Pad(data: Uint8Array, keyLen: number): Uint8Array {
+  const maxDataLen = keyLen - 11; // 3 bytes overhead + 8 min padding
+  if (data.length > maxDataLen) {
+    throw new Error(`Data too long for key size. Max ${maxDataLen} bytes, got ${data.length}`);
+  }
+
+  const padLen = keyLen - data.length - 3;
+  const em = new Uint8Array(keyLen);
+  em[0] = 0x00;
+  em[1] = 0x02;
+
+  // Generate random non-zero padding bytes
+  const padding = randomBytes(padLen);
+  for (let i = 0; i < padLen; i++) {
+    // Ensure no zero bytes in the padding
+    while (padding[i] === 0) {
+      const replacement = randomBytes(1);
+      padding[i] = replacement[0];
+    }
+    em[2 + i] = padding[i];
+  }
+
+  em[2 + padLen] = 0x00;
+  em.set(data, 3 + padLen);
+
+  return em;
+}
+
+/**
+ * Apply PKCS#1 v1.5 Type 1 padding (for private-key encryption / signature).
+ * Format: 0x00 0x01 [0xFF bytes] 0x00 [data]
+ */
+function pkcs1v15Type1Pad(data: Uint8Array, keyLen: number): Uint8Array {
+  const maxDataLen = keyLen - 11;
+  if (data.length > maxDataLen) {
+    throw new Error(`Data too long for key size. Max ${maxDataLen} bytes, got ${data.length}`);
+  }
+
+  const padLen = keyLen - data.length - 3;
+  const em = new Uint8Array(keyLen);
+  em[0] = 0x00;
+  em[1] = 0x01;
+  for (let i = 2; i < 2 + padLen; i++) {
+    em[i] = 0xff;
+  }
+  em[2 + padLen] = 0x00;
+  em.set(data, 3 + padLen);
+
+  return em;
+}
+
+/**
+ * Remove PKCS#1 v1.5 Type 2 padding (after decryption with private key).
+ * Expects: 0x00 0x02 [random non-zero bytes] 0x00 [data]
+ */
+function pkcs1v15Type2Unpad(em: Uint8Array): Uint8Array {
+  if (em.length < 11) {
+    throw new Error('Decryption error: message too short');
+  }
+  if (em[0] !== 0x00 || em[1] !== 0x02) {
+    throw new Error('Decryption error: invalid padding');
+  }
+
+  // Find the 0x00 separator (must be at least at index 10 for 8 bytes of padding)
+  let sepIdx = 2;
+  while (sepIdx < em.length && em[sepIdx] !== 0x00) {
+    sepIdx++;
+  }
+  if (sepIdx >= em.length || sepIdx < 10) {
+    throw new Error('Decryption error: invalid padding');
+  }
+
+  return em.slice(sepIdx + 1);
+}
+
+/**
+ * Remove PKCS#1 v1.5 Type 1 padding (after decryption with public key).
+ * Expects: 0x00 0x01 [0xFF bytes] 0x00 [data]
+ */
+function pkcs1v15Type1Unpad(em: Uint8Array): Uint8Array {
+  if (em.length < 11) {
+    throw new Error('Decryption error: message too short');
+  }
+  if (em[0] !== 0x00 || em[1] !== 0x01) {
+    throw new Error('Decryption error: invalid padding');
+  }
+
+  // Skip 0xFF bytes
+  let sepIdx = 2;
+  while (sepIdx < em.length && em[sepIdx] === 0xff) {
+    sepIdx++;
+  }
+  if (sepIdx >= em.length || em[sepIdx] !== 0x00 || sepIdx < 10) {
+    throw new Error('Decryption error: invalid padding');
+  }
+
+  return em.slice(sepIdx + 1);
+}
+
+// ============================================================================
+// Public API
+// ============================================================================
+
+/**
+ * Encrypt data using an RSA public key with PKCS#1 v1.5 Type 2 padding.
+ *
+ * @param key - PEM-encoded RSA public key (or private key, from which public components are extracted)
+ * @param buffer - Data to encrypt (must be <= keyLen - 11 bytes)
+ * @returns Encrypted data as a Buffer
+ */
+export function publicEncrypt(key: string | Buffer | KeyInput, buffer: Buffer | Uint8Array): Buffer {
+  const pem = extractPem(key);
+  const parsed = parsePemKey(pem);
+
+  let n: bigint;
+  let e: bigint;
+  if (parsed.type === 'rsa-public') {
+    n = parsed.components.n;
+    e = parsed.components.e;
+  } else if (parsed.type === 'rsa-private') {
+    n = parsed.components.n;
+    e = parsed.components.e;
+  } else {
+    throw new Error('Key must be an RSA public or private key');
+  }
+
+  const keyLen = rsaKeySize(n);
+  const data = buffer instanceof Uint8Array ? buffer : Buffer.from(buffer);
+
+  // Apply PKCS#1 v1.5 Type 2 padding
+  const em = pkcs1v15Type2Pad(data, keyLen);
+
+  // RSA encrypt: c = m^e mod n
+  const m = bytesToBigInt(em);
+  const c = modPow(m, e, n);
+  return Buffer.from(bigIntToBytes(c, keyLen));
+}
+
+/**
+ * Decrypt data using an RSA private key (reverses publicEncrypt).
+ *
+ * @param key - PEM-encoded RSA private key
+ * @param buffer - Encrypted data
+ * @returns Decrypted data as a Buffer
+ */
+export function privateDecrypt(key: string | Buffer | KeyInput, buffer: Buffer | Uint8Array): Buffer {
+  const pem = extractPem(key);
+  const parsed = parsePemKey(pem);
+
+  if (parsed.type !== 'rsa-private') {
+    throw new Error('Key must be an RSA private key');
+  }
+
+  const { n, d } = parsed.components;
+  const keyLen = rsaKeySize(n);
+  const data = buffer instanceof Uint8Array ? buffer : Buffer.from(buffer);
+
+  if (data.length !== keyLen) {
+    throw new Error(`Data length (${data.length}) does not match key length (${keyLen})`);
+  }
+
+  // RSA decrypt: m = c^d mod n
+  const c = bytesToBigInt(data);
+  if (c >= n) {
+    throw new Error('Decryption error: cipher value out of range');
+  }
+  const m = modPow(c, d, n);
+  const em = bigIntToBytes(m, keyLen);
+
+  // Remove PKCS#1 v1.5 Type 2 padding
+  return Buffer.from(pkcs1v15Type2Unpad(em));
+}
+
+/**
+ * Encrypt data using an RSA private key with PKCS#1 v1.5 Type 1 padding.
+ * This is the raw RSA private-key operation used for compatibility with
+ * signature-like use cases.
+ *
+ * @param key - PEM-encoded RSA private key
+ * @param buffer - Data to encrypt
+ * @returns Encrypted data as a Buffer
+ */
+export function privateEncrypt(key: string | Buffer | KeyInput, buffer: Buffer | Uint8Array): Buffer {
+  const pem = extractPem(key);
+  const parsed = parsePemKey(pem);
+
+  if (parsed.type !== 'rsa-private') {
+    throw new Error('Key must be an RSA private key');
+  }
+
+  const { n, d } = parsed.components;
+  const keyLen = rsaKeySize(n);
+  const data = buffer instanceof Uint8Array ? buffer : Buffer.from(buffer);
+
+  // Apply PKCS#1 v1.5 Type 1 padding
+  const em = pkcs1v15Type1Pad(data, keyLen);
+
+  // RSA private key operation: c = m^d mod n
+  const m = bytesToBigInt(em);
+  const c = modPow(m, d, n);
+  return Buffer.from(bigIntToBytes(c, keyLen));
+}
+
+/**
+ * Decrypt data using an RSA public key (reverses privateEncrypt).
+ * Removes PKCS#1 v1.5 Type 1 padding.
+ *
+ * @param key - PEM-encoded RSA public key (or private key for public components)
+ * @param buffer - Encrypted data
+ * @returns Decrypted data as a Buffer
+ */
+export function publicDecrypt(key: string | Buffer | KeyInput, buffer: Buffer | Uint8Array): Buffer {
+  const pem = extractPem(key);
+  const parsed = parsePemKey(pem);
+
+  let n: bigint;
+  let e: bigint;
+  if (parsed.type === 'rsa-public') {
+    n = parsed.components.n;
+    e = parsed.components.e;
+  } else if (parsed.type === 'rsa-private') {
+    n = parsed.components.n;
+    e = parsed.components.e;
+  } else {
+    throw new Error('Key must be an RSA public or private key');
+  }
+
+  const keyLen = rsaKeySize(n);
+  const data = buffer instanceof Uint8Array ? buffer : Buffer.from(buffer);
+
+  if (data.length !== keyLen) {
+    throw new Error(`Data length (${data.length}) does not match key length (${keyLen})`);
+  }
+
+  // RSA public key operation: m = c^e mod n
+  const c = bytesToBigInt(data);
+  if (c >= n) {
+    throw new Error('Decryption error: cipher value out of range');
+  }
+  const m = modPow(c, e, n);
+  const em = bigIntToBytes(m, keyLen);
+
+  // Remove PKCS#1 v1.5 Type 1 padding
+  return Buffer.from(pkcs1v15Type1Unpad(em));
+}

package/src/random.spec.ts

@@ -0,0 +1,133 @@
+import { describe, it, expect } from '@gjsify/unit';
+import { randomBytes, randomUUID, randomInt, randomFillSync, timingSafeEqual } from 'node:crypto';
+import { Buffer } from 'node:buffer';
+
+export default async () => {
+  await describe('crypto.randomBytes', async () => {
+    await it('should return a Buffer of requested size', async () => {
+      const buf = randomBytes(32);
+      expect(buf.length).toBe(32);
+    });
+
+    await it('should return empty buffer for size 0', async () => {
+      const buf = randomBytes(0);
+      expect(buf.length).toBe(0);
+    });
+
+    await it('should return different values on each call', async () => {
+      const a = randomBytes(16);
+      const b = randomBytes(16);
+      // Extremely unlikely to be equal
+      let equal = true;
+      for (let i = 0; i < 16; i++) {
+        if (a[i] !== b[i]) { equal = false; break; }
+      }
+      expect(equal).toBe(false);
+    });
+
+    await it('should work with callback', async () => {
+      const result = await new Promise<Buffer>((resolve, reject) => {
+        randomBytes(16, (err, buf) => {
+          if (err) reject(err);
+          else resolve(buf);
+        });
+      });
+      expect(result.length).toBe(16);
+    });
+
+    await it('should handle large sizes (> 65536)', async () => {
+      const buf = randomBytes(100000);
+      expect(buf.length).toBe(100000);
+    });
+  });
+
+  await describe('crypto.randomUUID', async () => {
+    await it('should return a valid UUID v4 string', async () => {
+      const uuid = randomUUID();
+      expect(uuid.length).toBe(36);
+      expect(uuid).toMatch(/^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/);
+    });
+
+    await it('should return different UUIDs', async () => {
+      const a = randomUUID();
+      const b = randomUUID();
+      expect(a).not.toBe(b);
+    });
+  });
+
+  await describe('crypto.randomInt', async () => {
+    await it('should return integer in range [0, max)', async () => {
+      for (let i = 0; i < 20; i++) {
+        const val = randomInt(10) as number;
+        expect(val).toBeGreaterThan(-1);
+        expect(val).toBeLessThan(10);
+      }
+    });
+
+    await it('should return integer in range [min, max)', async () => {
+      for (let i = 0; i < 20; i++) {
+        const val = randomInt(5, 10) as number;
+        expect(val).toBeGreaterThan(4);
+        expect(val).toBeLessThan(10);
+      }
+    });
+
+    await it('should throw when min >= max', async () => {
+      let threw = false;
+      try {
+        randomInt(10, 5);
+      } catch {
+        threw = true;
+      }
+      expect(threw).toBe(true);
+    });
+  });
+
+  await describe('crypto.randomFillSync', async () => {
+    await it('should fill a buffer with random data', async () => {
+      const buf = Buffer.alloc(16);
+      randomFillSync(buf);
+      let allZero = true;
+      for (let i = 0; i < 16; i++) {
+        if (buf[i] !== 0) { allZero = false; break; }
+      }
+      expect(allZero).toBe(false);
+    });
+
+    await it('should fill with offset and size', async () => {
+      const buf = Buffer.alloc(16, 0);
+      randomFillSync(buf, 4, 8);
+      // First 4 bytes should be zero
+      expect(buf[0]).toBe(0);
+      expect(buf[1]).toBe(0);
+      expect(buf[2]).toBe(0);
+      expect(buf[3]).toBe(0);
+    });
+  });
+
+  await describe('crypto.timingSafeEqual', async () => {
+    await it('should return true for equal buffers', async () => {
+      const a = Buffer.from('hello');
+      const b = Buffer.from('hello');
+      expect(timingSafeEqual(a, b)).toBe(true);
+    });
+
+    await it('should return false for different buffers', async () => {
+      const a = Buffer.from('hello');
+      const b = Buffer.from('world');
+      expect(timingSafeEqual(a, b)).toBe(false);
+    });
+
+    await it('should throw for different lengths', async () => {
+      const a = Buffer.from('hello');
+      const b = Buffer.from('hi');
+      let threw = false;
+      try {
+        timingSafeEqual(a, b);
+      } catch {
+        threw = true;
+      }
+      expect(threw).toBe(true);
+    });
+  });
+};