npm - @gjsify/crypto - Versions diffs - 0.1.0 - Mend

@gjsify/crypto 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/README.md +27 -0
package/lib/esm/asn1.js +504 -0
package/lib/esm/bigint-math.js +34 -0
package/lib/esm/cipher.js +1272 -0
package/lib/esm/constants.js +15 -0
package/lib/esm/crypto-utils.js +47 -0
package/lib/esm/dh.js +411 -0
package/lib/esm/ecdh.js +356 -0
package/lib/esm/ecdsa.js +125 -0
package/lib/esm/hash.js +100 -0
package/lib/esm/hkdf.js +58 -0
package/lib/esm/hmac.js +93 -0
package/lib/esm/index.js +158 -0
package/lib/esm/key-object.js +330 -0
package/lib/esm/mgf1.js +27 -0
package/lib/esm/pbkdf2.js +68 -0
package/lib/esm/public-encrypt.js +175 -0
package/lib/esm/random.js +138 -0
package/lib/esm/rsa-oaep.js +95 -0
package/lib/esm/rsa-pss.js +100 -0
package/lib/esm/scrypt.js +134 -0
package/lib/esm/sign.js +248 -0
package/lib/esm/timing-safe-equal.js +13 -0
package/lib/esm/x509.js +214 -0
package/lib/types/asn1.d.ts +87 -0
package/lib/types/bigint-math.d.ts +13 -0
package/lib/types/cipher.d.ts +84 -0
package/lib/types/constants.d.ts +10 -0
package/lib/types/crypto-utils.d.ts +22 -0
package/lib/types/dh.d.ts +79 -0
package/lib/types/ecdh.d.ts +96 -0
package/lib/types/ecdsa.d.ts +21 -0
package/lib/types/hash.d.ts +25 -0
package/lib/types/hkdf.d.ts +9 -0
package/lib/types/hmac.d.ts +20 -0
package/lib/types/index.d.ts +105 -0
package/lib/types/key-object.d.ts +36 -0
package/lib/types/mgf1.d.ts +5 -0
package/lib/types/pbkdf2.d.ts +9 -0
package/lib/types/public-encrypt.d.ts +42 -0
package/lib/types/random.d.ts +22 -0
package/lib/types/rsa-oaep.d.ts +8 -0
package/lib/types/rsa-pss.d.ts +8 -0
package/lib/types/scrypt.d.ts +11 -0
package/lib/types/sign.d.ts +61 -0
package/lib/types/timing-safe-equal.d.ts +6 -0
package/lib/types/x509.d.ts +72 -0
package/package.json +45 -0
package/src/asn1.ts +797 -0
package/src/bigint-math.ts +45 -0
package/src/cipher.spec.ts +332 -0
package/src/cipher.ts +952 -0
package/src/constants.ts +16 -0
package/src/crypto-utils.ts +64 -0
package/src/dh.spec.ts +111 -0
package/src/dh.ts +761 -0
package/src/ecdh.spec.ts +116 -0
package/src/ecdh.ts +624 -0
package/src/ecdsa.ts +243 -0
package/src/extended.spec.ts +444 -0
package/src/gcm.spec.ts +141 -0
package/src/hash.spec.ts +86 -0
package/src/hash.ts +119 -0
package/src/hkdf.ts +99 -0
package/src/hmac.spec.ts +64 -0
package/src/hmac.ts +123 -0
package/src/index.ts +93 -0
package/src/key-object.spec.ts +202 -0
package/src/key-object.ts +401 -0
package/src/mgf1.ts +37 -0
package/src/pbkdf2.spec.ts +76 -0
package/src/pbkdf2.ts +106 -0
package/src/public-encrypt.ts +288 -0
package/src/random.spec.ts +133 -0
package/src/random.ts +183 -0
package/src/rsa-oaep.ts +167 -0
package/src/rsa-pss.ts +190 -0
package/src/scrypt.spec.ts +90 -0
package/src/scrypt.ts +191 -0
package/src/sign.spec.ts +160 -0
package/src/sign.ts +319 -0
package/src/test.mts +19 -0
package/src/timing-safe-equal.ts +21 -0
package/src/x509.spec.ts +210 -0
package/src/x509.ts +262 -0
package/tsconfig.json +31 -0
package/tsconfig.tsbuildinfo +1 -0

package/lib/esm/hmac.js ADDED Viewed

@@ -0,0 +1,93 @@
+import { Transform } from "node:stream";
+import { Buffer } from "node:buffer";
+import { normalizeEncoding } from "@gjsify/utils";
+import { Hash } from "./hash.js";
+import { normalizeAlgorithm, BLOCK_SIZES, SUPPORTED_ALGORITHMS } from "./crypto-utils.js";
+class Hmac extends Transform {
+  _algorithm;
+  _innerHash;
+  _outerKeyPad;
+  _finalized = false;
+  constructor(algorithm, key) {
+    super();
+    const normalized = normalizeAlgorithm(algorithm);
+    if (!SUPPORTED_ALGORITHMS.has(normalized)) {
+      const err = new Error(`Unknown message digest: ${algorithm}`);
+      err.code = "ERR_CRYPTO_HASH_UNKNOWN";
+      throw err;
+    }
+    this._algorithm = normalized;
+    let keyBytes;
+    if (typeof key === "string") {
+      keyBytes = Buffer.from(key, "utf8");
+    } else {
+      keyBytes = key instanceof Uint8Array ? key : Buffer.from(key);
+    }
+    const blockSize = BLOCK_SIZES[normalized];
+    if (keyBytes.length > blockSize) {
+      const h = new Hash(normalized);
+      h.update(keyBytes);
+      keyBytes = h.digest();
+    }
+    const paddedKey = new Uint8Array(blockSize);
+    paddedKey.set(keyBytes);
+    const iKeyPad = new Uint8Array(blockSize);
+    const oKeyPad = new Uint8Array(blockSize);
+    for (let i = 0; i < blockSize; i++) {
+      iKeyPad[i] = paddedKey[i] ^ 54;
+      oKeyPad[i] = paddedKey[i] ^ 92;
+    }
+    this._outerKeyPad = oKeyPad;
+    this._innerHash = new Hash(normalized);
+    this._innerHash.update(iKeyPad);
+  }
+  /** Update the HMAC with data. */
+  update(data, inputEncoding) {
+    if (this._finalized) {
+      throw new Error("Digest already called");
+    }
+    let bytes;
+    if (typeof data === "string") {
+      const enc = normalizeEncoding(inputEncoding);
+      bytes = Buffer.from(data, enc);
+    } else {
+      bytes = data instanceof Uint8Array ? data : Buffer.from(data);
+    }
+    this._innerHash.update(bytes);
+    return this;
+  }
+  /** Calculate the HMAC digest. */
+  digest(encoding) {
+    if (this._finalized) {
+      throw new Error("Digest already called");
+    }
+    this._finalized = true;
+    const innerDigest = this._innerHash.digest();
+    const outerHash = new Hash(this._algorithm);
+    outerHash.update(this._outerKeyPad);
+    outerHash.update(innerDigest);
+    const result = outerHash.digest();
+    if (encoding) return result.toString(encoding);
+    return result;
+  }
+  // Transform stream interface
+  _transform(chunk, encoding, callback) {
+    try {
+      this.update(chunk, encoding);
+      callback();
+    } catch (err) {
+      callback(err);
+    }
+  }
+  _flush(callback) {
+    try {
+      this.push(this.digest());
+      callback();
+    } catch (err) {
+      callback(err);
+    }
+  }
+}
+export {
+  Hmac
+};

package/lib/esm/index.js ADDED Viewed

@@ -0,0 +1,158 @@
+import { Hash, getHashes, hash } from "./hash.js";
+import { Hmac } from "./hmac.js";
+import {
+  randomBytes,
+  randomFill,
+  randomFillSync,
+  randomUUID,
+  randomInt
+} from "./random.js";
+import { timingSafeEqual } from "./timing-safe-equal.js";
+import { constants } from "./constants.js";
+import { pbkdf2, pbkdf2Sync } from "./pbkdf2.js";
+import { hkdf, hkdfSync } from "./hkdf.js";
+import { scrypt, scryptSync } from "./scrypt.js";
+import { Hash as Hash2 } from "./hash.js";
+import { Hmac as Hmac2 } from "./hmac.js";
+function createHash(algorithm) {
+  return new Hash2(algorithm);
+}
+function createHmac(algorithm, key) {
+  return new Hmac2(algorithm, key);
+}
+import { createCipher, createCipheriv, createDecipher, createDecipheriv, getCiphers } from "./cipher.js";
+import { Sign, Verify, createSign, createVerify } from "./sign.js";
+import { createDiffieHellman, getDiffieHellman, DiffieHellman, DiffieHellmanGroup, createDiffieHellmanGroup } from "./dh.js";
+import { createECDH, getCurves } from "./ecdh.js";
+import { ecdsaSign, ecdsaVerify } from "./ecdsa.js";
+import { publicEncrypt, privateDecrypt, privateEncrypt, publicDecrypt } from "./public-encrypt.js";
+import { rsaPssSign, rsaPssVerify } from "./rsa-pss.js";
+import { rsaOaepEncrypt, rsaOaepDecrypt } from "./rsa-oaep.js";
+import { mgf1 } from "./mgf1.js";
+import { KeyObject, createSecretKey, createPublicKey, createPrivateKey } from "./key-object.js";
+import { X509Certificate } from "./x509.js";
+import { getHashes as getHashes2, hash as hash2 } from "./hash.js";
+import { randomBytes as randomBytes2, randomFill as randomFill2, randomFillSync as randomFillSync2, randomUUID as randomUUID2, randomInt as randomInt2 } from "./random.js";
+import { timingSafeEqual as timingSafeEqual2 } from "./timing-safe-equal.js";
+import { constants as constants2 } from "./constants.js";
+import { pbkdf2 as pbkdf22, pbkdf2Sync as pbkdf2Sync2 } from "./pbkdf2.js";
+import { hkdf as hkdf2, hkdfSync as hkdfSync2 } from "./hkdf.js";
+import { scrypt as scrypt2, scryptSync as scryptSync2 } from "./scrypt.js";
+import { createCipher as createCipher2, createCipheriv as createCipheriv2, createDecipher as createDecipher2, createDecipheriv as createDecipheriv2, getCiphers as getCiphers2 } from "./cipher.js";
+import { Sign as Sign2, Verify as Verify2, createSign as createSign2, createVerify as createVerify2 } from "./sign.js";
+import { createDiffieHellman as createDiffieHellman2, getDiffieHellman as getDiffieHellman2, DiffieHellman as DiffieHellman2, DiffieHellmanGroup as DiffieHellmanGroup2, createDiffieHellmanGroup as createDiffieHellmanGroup2 } from "./dh.js";
+import { createECDH as createECDH2, getCurves as getCurves2 } from "./ecdh.js";
+import { ecdsaSign as ecdsaSign2, ecdsaVerify as ecdsaVerify2 } from "./ecdsa.js";
+import { publicEncrypt as publicEncrypt2, privateDecrypt as privateDecrypt2, privateEncrypt as privateEncrypt2, publicDecrypt as publicDecrypt2 } from "./public-encrypt.js";
+import { rsaPssSign as rsaPssSign2, rsaPssVerify as rsaPssVerify2 } from "./rsa-pss.js";
+import { rsaOaepEncrypt as rsaOaepEncrypt2, rsaOaepDecrypt as rsaOaepDecrypt2 } from "./rsa-oaep.js";
+import { mgf1 as mgf12 } from "./mgf1.js";
+import { KeyObject as KeyObject2, createSecretKey as createSecretKey2, createPublicKey as createPublicKey2, createPrivateKey as createPrivateKey2 } from "./key-object.js";
+import { X509Certificate as X509Certificate2 } from "./x509.js";
+var index_default = {
+  Hash: Hash2,
+  getHashes: getHashes2,
+  hash: hash2,
+  Hmac: Hmac2,
+  randomBytes: randomBytes2,
+  randomFill: randomFill2,
+  randomFillSync: randomFillSync2,
+  randomUUID: randomUUID2,
+  randomInt: randomInt2,
+  timingSafeEqual: timingSafeEqual2,
+  constants: constants2,
+  pbkdf2: pbkdf22,
+  pbkdf2Sync: pbkdf2Sync2,
+  hkdf: hkdf2,
+  hkdfSync: hkdfSync2,
+  scrypt: scrypt2,
+  scryptSync: scryptSync2,
+  createHash,
+  createHmac,
+  createCipher: createCipher2,
+  createCipheriv: createCipheriv2,
+  createDecipher: createDecipher2,
+  createDecipheriv: createDecipheriv2,
+  getCiphers: getCiphers2,
+  Sign: Sign2,
+  Verify: Verify2,
+  createSign: createSign2,
+  createVerify: createVerify2,
+  createDiffieHellman: createDiffieHellman2,
+  getDiffieHellman: getDiffieHellman2,
+  DiffieHellman: DiffieHellman2,
+  DiffieHellmanGroup: DiffieHellmanGroup2,
+  createDiffieHellmanGroup: createDiffieHellmanGroup2,
+  createECDH: createECDH2,
+  getCurves: getCurves2,
+  ecdsaSign: ecdsaSign2,
+  ecdsaVerify: ecdsaVerify2,
+  publicEncrypt: publicEncrypt2,
+  privateDecrypt: privateDecrypt2,
+  privateEncrypt: privateEncrypt2,
+  publicDecrypt: publicDecrypt2,
+  rsaPssSign: rsaPssSign2,
+  rsaPssVerify: rsaPssVerify2,
+  rsaOaepEncrypt: rsaOaepEncrypt2,
+  rsaOaepDecrypt: rsaOaepDecrypt2,
+  mgf1: mgf12,
+  KeyObject: KeyObject2,
+  createSecretKey: createSecretKey2,
+  createPublicKey: createPublicKey2,
+  createPrivateKey: createPrivateKey2,
+  X509Certificate: X509Certificate2
+};
+export {
+  DiffieHellman,
+  DiffieHellmanGroup,
+  Hash,
+  Hmac,
+  KeyObject,
+  Sign,
+  Verify,
+  X509Certificate,
+  constants,
+  createCipher,
+  createCipheriv,
+  createDecipher,
+  createDecipheriv,
+  createDiffieHellman,
+  createDiffieHellmanGroup,
+  createECDH,
+  createHash,
+  createHmac,
+  createPrivateKey,
+  createPublicKey,
+  createSecretKey,
+  createSign,
+  createVerify,
+  index_default as default,
+  ecdsaSign,
+  ecdsaVerify,
+  getCiphers,
+  getCurves,
+  getDiffieHellman,
+  getHashes,
+  hash,
+  hkdf,
+  hkdfSync,
+  mgf1,
+  pbkdf2,
+  pbkdf2Sync,
+  privateDecrypt,
+  privateEncrypt,
+  publicDecrypt,
+  publicEncrypt,
+  randomBytes,
+  randomFill,
+  randomFillSync,
+  randomInt,
+  randomUUID,
+  rsaOaepDecrypt,
+  rsaOaepEncrypt,
+  rsaPssSign,
+  rsaPssVerify,
+  scrypt,
+  scryptSync,
+  timingSafeEqual
+};

package/lib/esm/key-object.js ADDED Viewed

@@ -0,0 +1,330 @@
+import { Buffer } from "node:buffer";
+import {
+  parsePemKey,
+  rsaKeySize,
+  encodeSubjectPublicKeyInfo,
+  encodeRsaPublicKeyPkcs1,
+  encodeRsaPrivateKeyPkcs1,
+  encodePrivateKeyInfo,
+  derToPem
+} from "./asn1.js";
+function bigintToBase64url(value) {
+  if (value === 0n) return "AA";
+  const hex = value.toString(16);
+  const paddedHex = hex.length % 2 ? "0" + hex : hex;
+  const bytes = [];
+  for (let i = 0; i < paddedHex.length; i += 2) {
+    bytes.push(parseInt(paddedHex.substring(i, i + 2), 16));
+  }
+  return Buffer.from(bytes).toString("base64url");
+}
+function base64urlToBigint(b64) {
+  const buf = Buffer.from(b64, "base64url");
+  let result = 0n;
+  for (let i = 0; i < buf.length; i++) {
+    result = result << 8n | BigInt(buf[i]);
+  }
+  return result;
+}
+class KeyObject {
+  type;
+  /** @internal */
+  _handle;
+  constructor(type, handle) {
+    if (type !== "secret" && type !== "public" && type !== "private") {
+      throw new TypeError(`Invalid KeyObject type: ${type}`);
+    }
+    this.type = type;
+    this._handle = handle;
+  }
+  get symmetricKeySize() {
+    if (this.type !== "secret") return void 0;
+    return this._handle.byteLength;
+  }
+  get asymmetricKeyType() {
+    if (this.type === "secret") return void 0;
+    const handle = this._handle;
+    if (handle.parsed.type === "rsa-public" || handle.parsed.type === "rsa-private") {
+      return "rsa";
+    }
+    return void 0;
+  }
+  get asymmetricKeySize() {
+    if (this.type === "secret") return void 0;
+    const handle = this._handle;
+    if (handle.parsed.type === "rsa-public") {
+      return rsaKeySize(handle.parsed.components.n) / 8;
+    }
+    if (handle.parsed.type === "rsa-private") {
+      return rsaKeySize(handle.parsed.components.n) / 8;
+    }
+    return void 0;
+  }
+  equals(otherKeyObject) {
+    if (!(otherKeyObject instanceof KeyObject)) return false;
+    if (this.type !== otherKeyObject.type) return false;
+    if (this.type === "secret") {
+      const a2 = this._handle;
+      const b2 = otherKeyObject._handle;
+      if (a2.byteLength !== b2.byteLength) return false;
+      for (let i = 0; i < a2.byteLength; i++) {
+        if (a2[i] !== b2[i]) return false;
+      }
+      return true;
+    }
+    const a = this._handle;
+    const b = otherKeyObject._handle;
+    return a.pem === b.pem;
+  }
+  export(options) {
+    if (this.type === "secret") {
+      const key = this._handle;
+      if (options?.format === "jwk") {
+        return {
+          kty: "oct",
+          k: Buffer.from(key).toString("base64url")
+        };
+      }
+      return Buffer.from(key);
+    }
+    const handle = this._handle;
+    const format = options?.format ?? "pem";
+    const keyType = options?.type;
+    if (format === "jwk") {
+      return exportJwk(handle.parsed, this.type);
+    }
+    if (format === "pem") {
+      if (handle.pem && !handle.pem.startsWith("[")) {
+        return handle.pem;
+      }
+      return generatePem(handle.parsed, this.type, keyType);
+    }
+    if (format === "der") {
+      if (handle.pem && !handle.pem.startsWith("[")) {
+        const lines = handle.pem.trim().split(/\r?\n/);
+        const headerIdx = lines.findIndex((l) => l.startsWith("-----BEGIN "));
+        const footerIdx = lines.findIndex((l, i) => i > headerIdx && l.startsWith("-----END "));
+        const base64Body = lines.slice(headerIdx + 1, footerIdx).join("");
+        return Buffer.from(base64Body, "base64");
+      }
+      return generateDer(handle.parsed, this.type, keyType);
+    }
+    throw new TypeError(`Unsupported export format: ${format}`);
+  }
+  get [Symbol.toStringTag]() {
+    return "KeyObject";
+  }
+}
+function exportJwk(parsed, keyType) {
+  if (parsed.type === "rsa-public") {
+    return {
+      kty: "RSA",
+      n: bigintToBase64url(parsed.components.n),
+      e: bigintToBase64url(parsed.components.e)
+    };
+  }
+  if (parsed.type === "rsa-private") {
+    if (keyType === "public") {
+      return {
+        kty: "RSA",
+        n: bigintToBase64url(parsed.components.n),
+        e: bigintToBase64url(parsed.components.e)
+      };
+    }
+    const { n, e, d, p, q } = parsed.components;
+    const dp = d % (p - 1n);
+    const dq = d % (q - 1n);
+    const qi = modInverse(q, p);
+    return {
+      kty: "RSA",
+      n: bigintToBase64url(n),
+      e: bigintToBase64url(e),
+      d: bigintToBase64url(d),
+      p: bigintToBase64url(p),
+      q: bigintToBase64url(q),
+      dp: bigintToBase64url(dp),
+      dq: bigintToBase64url(dq),
+      qi: bigintToBase64url(qi)
+    };
+  }
+  throw new Error("Unsupported key type for JWK export");
+}
+function importJwkRsa(jwk) {
+  if (jwk.d) {
+    const components2 = {
+      n: base64urlToBigint(jwk.n),
+      e: base64urlToBigint(jwk.e),
+      d: base64urlToBigint(jwk.d),
+      p: base64urlToBigint(jwk.p),
+      q: base64urlToBigint(jwk.q)
+    };
+    const parsed2 = { type: "rsa-private", components: components2 };
+    const der2 = encodeRsaPrivateKeyPkcs1(components2);
+    const pem2 = derToPem(der2, "RSA PRIVATE KEY");
+    return { parsed: parsed2, pem: pem2 };
+  }
+  const components = {
+    n: base64urlToBigint(jwk.n),
+    e: base64urlToBigint(jwk.e)
+  };
+  const parsed = { type: "rsa-public", components };
+  const der = encodeSubjectPublicKeyInfo(components);
+  const pem = derToPem(der, "PUBLIC KEY");
+  return { parsed, pem };
+}
+function generatePem(parsed, keyType, type) {
+  if (parsed.type === "rsa-public") {
+    if (type === "pkcs1") {
+      const der2 = encodeRsaPublicKeyPkcs1(parsed.components);
+      return derToPem(der2, "RSA PUBLIC KEY");
+    }
+    const der = encodeSubjectPublicKeyInfo(parsed.components);
+    return derToPem(der, "PUBLIC KEY");
+  }
+  if (parsed.type === "rsa-private" && keyType === "public") {
+    const pubComponents = {
+      n: parsed.components.n,
+      e: parsed.components.e
+    };
+    if (type === "pkcs1") {
+      const der2 = encodeRsaPublicKeyPkcs1(pubComponents);
+      return derToPem(der2, "RSA PUBLIC KEY");
+    }
+    const der = encodeSubjectPublicKeyInfo(pubComponents);
+    return derToPem(der, "PUBLIC KEY");
+  }
+  if (parsed.type === "rsa-private") {
+    if (type === "pkcs8") {
+      const der2 = encodePrivateKeyInfo(parsed.components);
+      return derToPem(der2, "PRIVATE KEY");
+    }
+    const der = encodeRsaPrivateKeyPkcs1(parsed.components);
+    return derToPem(der, "RSA PRIVATE KEY");
+  }
+  throw new Error("Cannot generate PEM for this key type");
+}
+function generateDer(parsed, keyType, type) {
+  if (parsed.type === "rsa-public") {
+    if (type === "pkcs1") {
+      return Buffer.from(encodeRsaPublicKeyPkcs1(parsed.components));
+    }
+    return Buffer.from(encodeSubjectPublicKeyInfo(parsed.components));
+  }
+  if (parsed.type === "rsa-private" && keyType === "public") {
+    const pubComponents = {
+      n: parsed.components.n,
+      e: parsed.components.e
+    };
+    if (type === "pkcs1") {
+      return Buffer.from(encodeRsaPublicKeyPkcs1(pubComponents));
+    }
+    return Buffer.from(encodeSubjectPublicKeyInfo(pubComponents));
+  }
+  if (parsed.type === "rsa-private") {
+    if (type === "pkcs8") {
+      return Buffer.from(encodePrivateKeyInfo(parsed.components));
+    }
+    return Buffer.from(encodeRsaPrivateKeyPkcs1(parsed.components));
+  }
+  throw new Error("Cannot generate DER for this key type");
+}
+function modInverse(a, m) {
+  let [old_r, r] = [a % m, m];
+  let [old_s, s] = [1n, 0n];
+  while (r !== 0n) {
+    const q = old_r / r;
+    [old_r, r] = [r, old_r - q * r];
+    [old_s, s] = [s, old_s - q * s];
+  }
+  return (old_s % m + m) % m;
+}
+function createSecretKey(key, encoding) {
+  let keyBuf;
+  if (typeof key === "string") {
+    keyBuf = Buffer.from(key, encoding ?? "utf8");
+  } else {
+    keyBuf = new Uint8Array(key);
+  }
+  return new KeyObject("secret", keyBuf);
+}
+function createPublicKey(key) {
+  if (key instanceof KeyObject) {
+    if (key.type === "public") return key;
+    if (key.type === "private") {
+      const handle = key._handle;
+      if (handle.parsed.type === "rsa-private") {
+        const pubComponents = {
+          n: handle.parsed.components.n,
+          e: handle.parsed.components.e
+        };
+        const pubParsed = { type: "rsa-public", components: pubComponents };
+        const der = encodeSubjectPublicKeyInfo(pubComponents);
+        const pem2 = derToPem(der, "PUBLIC KEY");
+        return new KeyObject("public", { parsed: pubParsed, pem: pem2 });
+      }
+    }
+    throw new TypeError("Cannot create public key from secret key");
+  }
+  if (typeof key === "object" && !Buffer.isBuffer(key) && "key" in key) {
+    const input = key;
+    if (input.format === "jwk") {
+      const jwk = input.key;
+      if (jwk.kty === "RSA") {
+        const { parsed: parsed2, pem: pem2 } = importJwkRsa({ n: jwk.n, e: jwk.e });
+        return new KeyObject("public", { parsed: parsed2, pem: pem2 });
+      }
+      throw new Error(`Unsupported JWK key type: ${jwk.kty}`);
+    }
+  }
+  const pem = normalizePem(key);
+  const parsed = parsePemKey(pem);
+  if (parsed.type === "rsa-private") {
+    const pubComponents = {
+      n: parsed.components.n,
+      e: parsed.components.e
+    };
+    const pubParsed = { type: "rsa-public", components: pubComponents };
+    const der = encodeSubjectPublicKeyInfo(pubComponents);
+    const pubPem = derToPem(der, "PUBLIC KEY");
+    return new KeyObject("public", { parsed: pubParsed, pem: pubPem });
+  }
+  return new KeyObject("public", { parsed, pem });
+}
+function createPrivateKey(key) {
+  if (typeof key === "object" && !Buffer.isBuffer(key) && "key" in key) {
+    const input = key;
+    if (input.format === "jwk") {
+      const jwk = input.key;
+      if (jwk.kty === "RSA" && jwk.d) {
+        const { parsed: parsed2, pem: pem2 } = importJwkRsa(jwk);
+        return new KeyObject("private", { parsed: parsed2, pem: pem2 });
+      }
+      throw new Error("JWK does not contain a private key");
+    }
+  }
+  const pem = normalizePem(key);
+  const parsed = parsePemKey(pem);
+  if (parsed.type !== "rsa-private") {
+    throw new TypeError("Key is not a private key");
+  }
+  return new KeyObject("private", { parsed, pem });
+}
+function normalizePem(key) {
+  if (typeof key === "string") return key;
+  if (Buffer.isBuffer(key)) return key.toString("utf8");
+  if (key && typeof key === "object" && "key" in key) {
+    const input = key;
+    if (typeof input.key === "string") return input.key;
+    if (Buffer.isBuffer(input.key)) return input.key.toString(input.encoding ?? "utf8");
+    if (input.key instanceof KeyObject) {
+      return input.key.export({ format: "pem" });
+    }
+  }
+  throw new TypeError("Invalid key input");
+}
+export {
+  KeyObject,
+  createPrivateKey,
+  createPublicKey,
+  createSecretKey
+};

package/lib/esm/mgf1.js ADDED Viewed

@@ -0,0 +1,27 @@
+import { Hash } from "./hash.js";
+import { hashSize } from "./crypto-utils.js";
+function mgf1(hashAlgo, seed, length) {
+  const hashLen = hashSize(hashAlgo);
+  const mask = new Uint8Array(length);
+  let offset = 0;
+  let counter = 0;
+  while (offset < length) {
+    const C = new Uint8Array(4);
+    C[0] = counter >>> 24 & 255;
+    C[1] = counter >>> 16 & 255;
+    C[2] = counter >>> 8 & 255;
+    C[3] = counter & 255;
+    const hash = new Hash(hashAlgo);
+    hash.update(seed);
+    hash.update(C);
+    const digest = new Uint8Array(hash.digest());
+    const toCopy = Math.min(digest.length, length - offset);
+    mask.set(digest.slice(0, toCopy), offset);
+    offset += toCopy;
+    counter++;
+  }
+  return mask;
+}
+export {
+  mgf1
+};

package/lib/esm/pbkdf2.js ADDED Viewed

@@ -0,0 +1,68 @@
+import { Buffer } from "node:buffer";
+import { Hmac } from "./hmac.js";
+import { normalizeAlgorithm, DIGEST_SIZES, SUPPORTED_ALGORITHMS, toBuffer } from "./crypto-utils.js";
+function hmacDigest(algo, key, data) {
+  const hmac = new Hmac(algo, key);
+  hmac.update(data);
+  return hmac.digest();
+}
+function validateParameters(iterations, keylen) {
+  if (typeof iterations !== "number" || iterations < 0 || !Number.isFinite(iterations)) {
+    throw new TypeError("iterations must be a positive number");
+  }
+  if (iterations === 0) {
+    throw new TypeError("iterations must be a positive number");
+  }
+  if (typeof keylen !== "number" || keylen < 0 || !Number.isFinite(keylen) || keylen > 2147483647) {
+    throw new TypeError("keylen must be a positive number");
+  }
+}
+function pbkdf2Sync(password, salt, iterations, keylen, digest) {
+  validateParameters(iterations, keylen);
+  const passwordBuf = toBuffer(password);
+  const saltBuf = toBuffer(salt);
+  const algo = normalizeAlgorithm(digest || "sha1");
+  const hashLen = DIGEST_SIZES[algo];
+  if (!SUPPORTED_ALGORITHMS.has(algo) || hashLen === void 0) {
+    throw new TypeError(`Unknown message digest: ${digest || "sha1"}`);
+  }
+  if (keylen === 0) {
+    return Buffer.alloc(0);
+  }
+  const numBlocks = Math.ceil(keylen / hashLen);
+  const dk = Buffer.allocUnsafe(numBlocks * hashLen);
+  for (let blockIndex = 1; blockIndex <= numBlocks; blockIndex++) {
+    const block = Buffer.allocUnsafe(saltBuf.length + 4);
+    saltBuf.copy(block, 0);
+    block.writeUInt32BE(blockIndex, saltBuf.length);
+    let u = hmacDigest(algo, passwordBuf, block);
+    let t = Buffer.from(u);
+    for (let iter = 1; iter < iterations; iter++) {
+      u = hmacDigest(algo, passwordBuf, u);
+      for (let k = 0; k < hashLen; k++) {
+        t[k] ^= u[k];
+      }
+    }
+    t.copy(dk, (blockIndex - 1) * hashLen);
+  }
+  return Buffer.from(dk.buffer, dk.byteOffset, keylen);
+}
+function pbkdf2(password, salt, iterations, keylen, digest, callback) {
+  try {
+    validateParameters(iterations, keylen);
+  } catch (err) {
+    throw err;
+  }
+  setTimeout(() => {
+    try {
+      const result = pbkdf2Sync(password, salt, iterations, keylen, digest);
+      callback(null, result);
+    } catch (err) {
+      callback(err instanceof Error ? err : new Error(String(err)));
+    }
+  }, 0);
+}
+export {
+  pbkdf2,
+  pbkdf2Sync
+};