@gjsify/crypto 0.1.0

package/lib/esm/ecdh.js

@@ -0,0 +1,356 @@
+import { Buffer } from "node:buffer";
+import { randomBytes } from "./random.js";
+import { modPow } from "./bigint-math.js";
+const CURVES = {
+  secp256k1: {
+    p: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2Fn,
+    a: 0n,
+    b: 7n,
+    Gx: 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798n,
+    Gy: 0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8n,
+    n: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141n,
+    byteLength: 32
+  },
+  prime256v1: {
+    p: 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFn,
+    a: 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFn - 3n,
+    b: 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604Bn,
+    Gx: 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296n,
+    Gy: 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5n,
+    n: 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551n,
+    byteLength: 32
+  },
+  secp384r1: {
+    p: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFFn,
+    a: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFFn - 3n,
+    b: 0xB3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEFn,
+    Gx: 0xAA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7n,
+    Gy: 0x3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5Fn,
+    n: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973n,
+    byteLength: 48
+  },
+  secp521r1: {
+    p: 0x01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFn,
+    a: 0x01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFn - 3n,
+    b: 0x0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00n,
+    Gx: 0x00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66n,
+    Gy: 0x011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650n,
+    n: 0x01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409n,
+    byteLength: 66
+  }
+};
+const CURVE_ALIASES = {
+  "secp256k1": "secp256k1",
+  "prime256v1": "prime256v1",
+  "secp256r1": "prime256v1",
+  "p-256": "prime256v1",
+  "p256": "prime256v1",
+  "secp384r1": "secp384r1",
+  "p-384": "secp384r1",
+  "p384": "secp384r1",
+  "secp521r1": "secp521r1",
+  "p-521": "secp521r1",
+  "p521": "secp521r1"
+};
+function mod(a, m) {
+  const r = a % m;
+  return r < 0n ? r + m : r;
+}
+function modInverse(a, m) {
+  a = mod(a, m);
+  if (a === 0n) {
+    throw new Error("No modular inverse for zero");
+  }
+  let [old_r, r] = [a, m];
+  let [old_s, s] = [1n, 0n];
+  while (r !== 0n) {
+    const q = old_r / r;
+    [old_r, r] = [r, old_r - q * r];
+    [old_s, s] = [s, old_s - q * s];
+  }
+  if (old_r !== 1n) {
+    throw new Error("Modular inverse does not exist");
+  }
+  return mod(old_s, m);
+}
+function pointAdd(P, Q, curve) {
+  if (P === null) return Q;
+  if (Q === null) return P;
+  const { p } = curve;
+  if (P.x === Q.x) {
+    if (mod(P.y + Q.y, p) === 0n) {
+      return null;
+    }
+    return pointDouble(P, curve);
+  }
+  const dx = mod(Q.x - P.x, p);
+  const dy = mod(Q.y - P.y, p);
+  const lambda = mod(dy * modInverse(dx, p), p);
+  const x3 = mod(lambda * lambda - P.x - Q.x, p);
+  const y3 = mod(lambda * (P.x - x3) - P.y, p);
+  return { x: x3, y: y3 };
+}
+function pointDouble(P, curve) {
+  if (P === null) return null;
+  const { a, p } = curve;
+  if (P.y === 0n) return null;
+  const num = mod(3n * P.x * P.x + a, p);
+  const den = mod(2n * P.y, p);
+  const lambda = mod(num * modInverse(den, p), p);
+  const x3 = mod(lambda * lambda - 2n * P.x, p);
+  const y3 = mod(lambda * (P.x - x3) - P.y, p);
+  return { x: x3, y: y3 };
+}
+function scalarMul(k, P, curve) {
+  if (P === null) return null;
+  if (k === 0n) return null;
+  const { n } = curve;
+  k = mod(k, n);
+  if (k === 0n) return null;
+  let R0 = null;
+  let R1 = P;
+  const bits = k.toString(2);
+  for (let i = 0; i < bits.length; i++) {
+    if (bits[i] === "1") {
+      R0 = pointAdd(R0, R1, curve);
+      R1 = pointDouble(R1, curve);
+    } else {
+      R1 = pointAdd(R0, R1, curve);
+      R0 = pointDouble(R0, curve);
+    }
+  }
+  return R0;
+}
+function bigintToBuffer(n, len) {
+  const hex = n.toString(16).padStart(len * 2, "0");
+  return Buffer.from(hex, "hex");
+}
+function bufferToBigint(buf) {
+  const hex = Buffer.from(buf).toString("hex");
+  if (hex.length === 0) return 0n;
+  return BigInt("0x" + hex);
+}
+function encodePublicKey(point, byteLength, format = "uncompressed") {
+  if (point === null) {
+    throw new Error("Cannot encode the point at infinity");
+  }
+  const xBuf = bigintToBuffer(point.x, byteLength);
+  if (format === "compressed") {
+    const prefix = point.y % 2n === 0n ? 2 : 3;
+    return Buffer.concat([Buffer.from([prefix]), xBuf]);
+  }
+  const yBuf = bigintToBuffer(point.y, byteLength);
+  if (format === "hybrid") {
+    const prefix = point.y % 2n === 0n ? 6 : 7;
+    return Buffer.concat([Buffer.from([prefix]), xBuf, yBuf]);
+  }
+  return Buffer.concat([Buffer.from([4]), xBuf, yBuf]);
+}
+function decodePublicKey(buf, curve) {
+  const data = Buffer.from(buf);
+  if (data.length === 0) {
+    throw new Error("Invalid public key: empty buffer");
+  }
+  const prefix = data[0];
+  const { p, a, b, byteLength } = curve;
+  if (prefix === 4 || prefix === 6 || prefix === 7) {
+    if (data.length !== 1 + 2 * byteLength) {
+      throw new Error(
+        `Invalid public key length: expected ${1 + 2 * byteLength} bytes, got ${data.length}`
+      );
+    }
+    const x = bufferToBigint(data.subarray(1, 1 + byteLength));
+    const y = bufferToBigint(data.subarray(1 + byteLength));
+    const lhs = mod(y * y, p);
+    const rhs = mod(x * x * x + a * x + b, p);
+    if (lhs !== rhs) {
+      throw new Error("Invalid public key: point is not on the curve");
+    }
+    return { x, y };
+  }
+  if (prefix === 2 || prefix === 3) {
+    if (data.length !== 1 + byteLength) {
+      throw new Error(
+        `Invalid public key length: expected ${1 + byteLength} bytes, got ${data.length}`
+      );
+    }
+    const x = bufferToBigint(data.subarray(1, 1 + byteLength));
+    const ySquared = mod(x * x * x + a * x + b, p);
+    const y = sqrtMod(ySquared, p);
+    if (y === null) {
+      throw new Error("Invalid public key: no valid y coordinate for the given x");
+    }
+    const isOdd = prefix === 3;
+    const finalY = y % 2n !== 0n === isOdd ? y : mod(p - y, p);
+    return { x, y: finalY };
+  }
+  throw new Error(`Invalid public key prefix: 0x${prefix.toString(16).padStart(2, "0")}`);
+}
+function sqrtMod(a, p) {
+  a = mod(a, p);
+  if (a === 0n) return 0n;
+  if (modPow(a, (p - 1n) / 2n, p) !== 1n) {
+    return null;
+  }
+  if (mod(p, 4n) === 3n) {
+    return modPow(a, (p + 1n) / 4n, p);
+  }
+  let S = 0n;
+  let Q = p - 1n;
+  while (mod(Q, 2n) === 0n) {
+    Q /= 2n;
+    S++;
+  }
+  let z = 2n;
+  while (modPow(z, (p - 1n) / 2n, p) !== p - 1n) {
+    z++;
+  }
+  let M = S;
+  let c = modPow(z, Q, p);
+  let t = modPow(a, Q, p);
+  let R = modPow(a, (Q + 1n) / 2n, p);
+  while (true) {
+    if (t === 0n) return 0n;
+    if (t === 1n) return R;
+    let i = 1n;
+    let temp = mod(t * t, p);
+    while (temp !== 1n) {
+      temp = mod(temp * temp, p);
+      i++;
+    }
+    const b = modPow(c, modPow(2n, M - i - 1n, p - 1n), p);
+    M = i;
+    c = mod(b * b, p);
+    t = mod(t * c, p);
+    R = mod(R * b, p);
+  }
+}
+function toBuffer(value, encoding) {
+  if (Buffer.isBuffer(value)) return value;
+  if (value instanceof Uint8Array) return Buffer.from(value);
+  if (typeof value === "string") {
+    return Buffer.from(value, encoding || "utf8");
+  }
+  if (ArrayBuffer.isView(value)) {
+    return Buffer.from(value.buffer, value.byteOffset, value.byteLength);
+  }
+  throw new TypeError(
+    'The "key" argument must be of type string or an instance of Buffer, TypedArray, or DataView.'
+  );
+}
+function formatReturnValue(buf, encoding) {
+  if (encoding) {
+    return buf.toString(encoding);
+  }
+  return buf;
+}
+function resolveCurve(curveName) {
+  const lower = curveName.toLowerCase();
+  const canonical = CURVE_ALIASES[lower];
+  if (!canonical) {
+    throw new Error(`Unsupported curve: ${curveName}`);
+  }
+  const params = CURVES[canonical];
+  if (!params) {
+    throw new Error(`Unsupported curve: ${curveName}`);
+  }
+  return { canonical, params };
+}
+class ECDH {
+  _curve;
+  _curveName;
+  _privateKey = null;
+  _publicKey = null;
+  constructor(curveName) {
+    const resolved = resolveCurve(curveName);
+    this._curve = resolved.params;
+    this._curveName = resolved.canonical;
+  }
+  generateKeys(encoding, format) {
+    const { n, byteLength } = this._curve;
+    let k;
+    do {
+      const bytes = randomBytes(byteLength);
+      k = bufferToBigint(bytes);
+    } while (k === 0n || k >= n);
+    this._privateKey = k;
+    const G = { x: this._curve.Gx, y: this._curve.Gy };
+    this._publicKey = scalarMul(k, G, this._curve);
+    return this.getPublicKey(encoding, format);
+  }
+  /**
+   * Compute the shared secret using the other party's public key.
+   */
+  computeSecret(otherPublicKey, inputEncoding, outputEncoding) {
+    if (this._privateKey === null) {
+      throw new Error("ECDH key not generated. Call generateKeys() or setPrivateKey() first.");
+    }
+    const pubBuf = toBuffer(otherPublicKey, inputEncoding);
+    const otherPoint = decodePublicKey(pubBuf, this._curve);
+    if (otherPoint === null) {
+      throw new Error("Invalid public key: point at infinity");
+    }
+    const sharedPoint = scalarMul(this._privateKey, otherPoint, this._curve);
+    if (sharedPoint === null) {
+      throw new Error("Shared secret computation resulted in the point at infinity");
+    }
+    const secret = bigintToBuffer(sharedPoint.x, this._curve.byteLength);
+    return formatReturnValue(secret, outputEncoding);
+  }
+  getPublicKey(encoding, format) {
+    if (this._publicKey === null) {
+      throw new Error("ECDH key not generated. Call generateKeys() or setPrivateKey() first.");
+    }
+    const buf = encodePublicKey(this._publicKey, this._curve.byteLength, format || "uncompressed");
+    return formatReturnValue(buf, encoding);
+  }
+  getPrivateKey(encoding) {
+    if (this._privateKey === null) {
+      throw new Error("ECDH key not generated. Call generateKeys() or setPrivateKey() first.");
+    }
+    const buf = bigintToBuffer(this._privateKey, this._curve.byteLength);
+    return formatReturnValue(buf, encoding);
+  }
+  /**
+   * Set the public key. The key can be in uncompressed, compressed, or hybrid format.
+   */
+  setPublicKey(key, encoding) {
+    const buf = toBuffer(key, encoding);
+    this._publicKey = decodePublicKey(buf, this._curve);
+  }
+  /**
+   * Set the private key and derive the corresponding public key.
+   */
+  setPrivateKey(key, encoding) {
+    const buf = toBuffer(key, encoding);
+    const k = bufferToBigint(buf);
+    if (k === 0n || k >= this._curve.n) {
+      throw new Error("Private key is out of range [1, n-1]");
+    }
+    this._privateKey = k;
+    const G = { x: this._curve.Gx, y: this._curve.Gy };
+    this._publicKey = scalarMul(k, G, this._curve);
+  }
+}
+function createECDH(curveName) {
+  return new ECDH(curveName);
+}
+function getCurves() {
+  return [
+    "secp256k1",
+    "prime256v1",
+    "secp256r1",
+    "secp384r1",
+    "secp521r1"
+  ];
+}
+export {
+  CURVES,
+  CURVE_ALIASES,
+  createECDH,
+  getCurves,
+  mod,
+  modInverse,
+  pointAdd,
+  scalarMul
+};

package/lib/esm/ecdsa.js

@@ -0,0 +1,125 @@
+import { Hash } from "./hash.js";
+import { Hmac } from "./hmac.js";
+import {
+  mod,
+  modInverse,
+  scalarMul,
+  pointAdd,
+  CURVES,
+  CURVE_ALIASES
+} from "./ecdh.js";
+import { bigIntToBytes as bigintToBytes, bytesToBigInt as bytesToBigint } from "./bigint-math.js";
+function getCurve(curveName) {
+  const alias = CURVE_ALIASES[curveName.toLowerCase()];
+  if (!alias) throw new Error(`Unsupported curve: ${curveName}`);
+  return CURVES[alias];
+}
+function truncateHash(hash, curve) {
+  const orderBits = curve.n.toString(2).length;
+  let e = bytesToBigint(hash);
+  const hashBits = hash.length * 8;
+  if (hashBits > orderBits) {
+    e >>= BigInt(hashBits - orderBits);
+  }
+  return e;
+}
+function hmacDigest(algo, key, data) {
+  const hmac = new Hmac(algo, key);
+  hmac.update(data);
+  return new Uint8Array(hmac.digest());
+}
+function rfc6979(hashAlgo, privKey, msgHash, curve) {
+  const qLen = curve.byteLength;
+  const hLen = msgHash.length;
+  let V = new Uint8Array(hLen).fill(1);
+  let K = new Uint8Array(hLen).fill(0);
+  const x = bigintToBytes(privKey, qLen);
+  const z = bigintToBytes(mod(truncateHash(msgHash, curve), curve.n), qLen);
+  const concat0 = new Uint8Array(hLen + 1 + qLen + qLen);
+  concat0.set(V, 0);
+  concat0[hLen] = 0;
+  concat0.set(x, hLen + 1);
+  concat0.set(z, hLen + 1 + qLen);
+  K = hmacDigest(hashAlgo, K, concat0);
+  V = hmacDigest(hashAlgo, K, V);
+  const concat1 = new Uint8Array(hLen + 1 + qLen + qLen);
+  concat1.set(V, 0);
+  concat1[hLen] = 1;
+  concat1.set(x, hLen + 1);
+  concat1.set(z, hLen + 1 + qLen);
+  K = hmacDigest(hashAlgo, K, concat1);
+  V = hmacDigest(hashAlgo, K, V);
+  for (let attempt = 0; attempt < 100; attempt++) {
+    let T = new Uint8Array(0);
+    while (T.length < qLen) {
+      V = hmacDigest(hashAlgo, K, V);
+      const newT = new Uint8Array(T.length + V.length);
+      newT.set(T, 0);
+      newT.set(V, T.length);
+      T = newT;
+    }
+    const k = truncateHash(T.slice(0, qLen), curve);
+    if (k >= 1n && k < curve.n) {
+      return k;
+    }
+    const retryConcat = new Uint8Array(hLen + 1);
+    retryConcat.set(V, 0);
+    retryConcat[hLen] = 0;
+    K = hmacDigest(hashAlgo, K, retryConcat);
+    V = hmacDigest(hashAlgo, K, V);
+  }
+  throw new Error("RFC 6979: failed to generate valid k after 100 attempts");
+}
+function ecdsaSign(hashAlgo, privKeyBytes, data, curveName) {
+  const curve = getCurve(curveName);
+  const G = { x: curve.Gx, y: curve.Gy };
+  const d = bytesToBigint(privKeyBytes);
+  const hash = new Hash(hashAlgo);
+  hash.update(data);
+  const msgHash = new Uint8Array(hash.digest());
+  const e = truncateHash(msgHash, curve);
+  const k = rfc6979(hashAlgo, d, msgHash, curve);
+  const R = scalarMul(k, G, curve);
+  if (R === null) throw new Error("ECDSA: k * G is point at infinity");
+  const r = mod(R.x, curve.n);
+  if (r === 0n) throw new Error("ECDSA: r is zero");
+  const kInv = modInverse(k, curve.n);
+  const s = mod(kInv * (e + r * d), curve.n);
+  if (s === 0n) throw new Error("ECDSA: s is zero");
+  const sigLen = curve.byteLength;
+  const sig = new Uint8Array(sigLen * 2);
+  sig.set(bigintToBytes(r, sigLen), 0);
+  sig.set(bigintToBytes(s, sigLen), sigLen);
+  return sig;
+}
+function ecdsaVerify(hashAlgo, pubKeyBytes, signature, data, curveName) {
+  const curve = getCurve(curveName);
+  const G = { x: curve.Gx, y: curve.Gy };
+  const sigLen = curve.byteLength;
+  if (pubKeyBytes[0] !== 4 || pubKeyBytes.length !== 1 + sigLen * 2) {
+    return false;
+  }
+  const Qx = bytesToBigint(pubKeyBytes.slice(1, 1 + sigLen));
+  const Qy = bytesToBigint(pubKeyBytes.slice(1 + sigLen));
+  const Q = { x: Qx, y: Qy };
+  if (signature.length !== sigLen * 2) return false;
+  const r = bytesToBigint(signature.slice(0, sigLen));
+  const s = bytesToBigint(signature.slice(sigLen));
+  if (r < 1n || r >= curve.n || s < 1n || s >= curve.n) return false;
+  const hash = new Hash(hashAlgo);
+  hash.update(data);
+  const msgHash = new Uint8Array(hash.digest());
+  const e = truncateHash(msgHash, curve);
+  const w = modInverse(s, curve.n);
+  const u1 = mod(e * w, curve.n);
+  const u2 = mod(r * w, curve.n);
+  const R1 = scalarMul(u1, G, curve);
+  const R2 = scalarMul(u2, Q, curve);
+  const R = pointAdd(R1, R2, curve);
+  if (R === null) return false;
+  return mod(R.x, curve.n) === r;
+}
+export {
+  ecdsaSign,
+  ecdsaVerify
+};

package/lib/esm/hash.js

@@ -0,0 +1,100 @@
+import GLib from "@girs/glib-2.0";
+import { Transform } from "node:stream";
+import { Buffer } from "node:buffer";
+import { normalizeEncoding } from "@gjsify/utils";
+import { normalizeAlgorithm } from "./crypto-utils.js";
+const CHECKSUM_TYPES = {
+  md5: GLib.ChecksumType.MD5,
+  sha1: GLib.ChecksumType.SHA1,
+  sha256: GLib.ChecksumType.SHA256,
+  sha384: GLib.ChecksumType.SHA384,
+  sha512: GLib.ChecksumType.SHA512
+};
+function getChecksumType(algorithm) {
+  const normalized = normalizeAlgorithm(algorithm);
+  const type = CHECKSUM_TYPES[normalized];
+  if (type === void 0) {
+    const err = new Error(`Unknown message digest: ${algorithm}`);
+    err.code = "ERR_CRYPTO_HASH_UNKNOWN";
+    throw err;
+  }
+  return type;
+}
+class Hash extends Transform {
+  _algorithm;
+  _checksum;
+  _finalized = false;
+  constructor(algorithm) {
+    super();
+    const normalized = normalizeAlgorithm(algorithm);
+    const type = getChecksumType(normalized);
+    this._algorithm = normalized;
+    this._checksum = new GLib.Checksum(type);
+  }
+  /** Update the hash with data. */
+  update(data, inputEncoding) {
+    if (this._finalized) {
+      throw new Error("Digest already called");
+    }
+    let bytes;
+    if (typeof data === "string") {
+      const enc = normalizeEncoding(inputEncoding);
+      bytes = Buffer.from(data, enc);
+    } else {
+      bytes = data instanceof Uint8Array ? data : Buffer.from(data);
+    }
+    this._checksum.update(bytes);
+    return this;
+  }
+  /** Calculate the digest of all data passed to update(). */
+  digest(encoding) {
+    if (this._finalized) {
+      throw new Error("Digest already called");
+    }
+    this._finalized = true;
+    const hexStr = this._checksum.get_string();
+    const buf = Buffer.from(hexStr, "hex");
+    if (encoding) return buf.toString(encoding);
+    return buf;
+  }
+  /** Copy this hash to a new Hash object. */
+  copy() {
+    if (this._finalized) {
+      throw new Error("Digest already called");
+    }
+    const copy = Object.create(Hash.prototype);
+    Transform.call(copy);
+    copy._algorithm = this._algorithm;
+    copy._finalized = false;
+    copy._checksum = this._checksum.copy();
+    return copy;
+  }
+  // Transform stream interface
+  _transform(chunk, encoding, callback) {
+    try {
+      this.update(chunk, encoding);
+      callback();
+    } catch (err) {
+      callback(err);
+    }
+  }
+  _flush(callback) {
+    try {
+      this.push(this.digest());
+      callback();
+    } catch (err) {
+      callback(err);
+    }
+  }
+}
+function getHashes() {
+  return ["md5", "sha1", "sha256", "sha384", "sha512"];
+}
+function hash(algorithm, data, encoding) {
+  return new Hash(algorithm).update(data).digest(encoding);
+}
+export {
+  Hash,
+  getHashes,
+  hash
+};

package/lib/esm/hkdf.js

@@ -0,0 +1,58 @@
+import { Buffer } from "node:buffer";
+import { Hmac } from "./hmac.js";
+import { normalizeAlgorithm, DIGEST_SIZES, SUPPORTED_ALGORITHMS, toBuffer } from "./crypto-utils.js";
+function hmacDigest(algo, key, data) {
+  const hmac = new Hmac(algo, key);
+  hmac.update(data);
+  return hmac.digest();
+}
+function hkdfExtract(algo, ikm, salt) {
+  return hmacDigest(algo, salt, ikm);
+}
+function hkdfExpand(algo, prk, info, length, hashLen) {
+  const n = Math.ceil(length / hashLen);
+  if (n > 255) {
+    throw new Error("HKDF cannot generate more than 255 * HashLen bytes");
+  }
+  const okm = Buffer.allocUnsafe(n * hashLen);
+  let prev = Buffer.alloc(0);
+  for (let i = 1; i <= n; i++) {
+    const input = Buffer.concat([prev, info, Buffer.from([i])]);
+    prev = hmacDigest(algo, prk, input);
+    prev.copy(okm, (i - 1) * hashLen);
+  }
+  return Buffer.from(okm.buffer, okm.byteOffset, length);
+}
+function hkdfSync(digest, ikm, salt, info, keylen) {
+  const algo = normalizeAlgorithm(digest);
+  const hashLen = DIGEST_SIZES[algo];
+  if (!SUPPORTED_ALGORITHMS.has(algo) || hashLen === void 0) {
+    throw new TypeError(`Unknown message digest: ${digest}`);
+  }
+  if (typeof keylen !== "number" || keylen < 0) {
+    throw new TypeError("keylen must be a non-negative number");
+  }
+  const ikmBuf = toBuffer(ikm);
+  const saltBuf = toBuffer(salt);
+  const infoBuf = toBuffer(info);
+  const effectiveSalt = saltBuf.length === 0 ? Buffer.alloc(hashLen, 0) : saltBuf;
+  const prk = hkdfExtract(algo, ikmBuf, effectiveSalt);
+  const okm = hkdfExpand(algo, prk, infoBuf, keylen, hashLen);
+  const result = new ArrayBuffer(okm.length);
+  new Uint8Array(result).set(okm);
+  return result;
+}
+function hkdf(digest, ikm, salt, info, keylen, callback) {
+  setTimeout(() => {
+    try {
+      const result = hkdfSync(digest, ikm, salt, info, keylen);
+      callback(null, result);
+    } catch (err) {
+      callback(err instanceof Error ? err : new Error(String(err)));
+    }
+  }, 0);
+}
+export {
+  hkdf,
+  hkdfSync
+};