@gjsify/crypto 0.1.0

package/lib/esm/public-encrypt.js

@@ -0,0 +1,175 @@
+import { Buffer } from "node:buffer";
+import { randomBytes } from "./random.js";
+import { parsePemKey, rsaKeySize } from "./asn1.js";
+import { modPow, bigIntToBytes, bytesToBigInt } from "./bigint-math.js";
+function extractPem(key) {
+  if (typeof key === "string") {
+    return key;
+  }
+  if (Buffer.isBuffer(key) || key instanceof Uint8Array) {
+    return Buffer.from(key).toString("utf8");
+  }
+  if (key && typeof key === "object" && "key" in key) {
+    const k = key.key;
+    if (typeof k === "string") return k;
+    if (Buffer.isBuffer(k) || k instanceof Uint8Array) return Buffer.from(k).toString("utf8");
+  }
+  throw new TypeError("Invalid key argument");
+}
+function pkcs1v15Type2Pad(data, keyLen) {
+  const maxDataLen = keyLen - 11;
+  if (data.length > maxDataLen) {
+    throw new Error(`Data too long for key size. Max ${maxDataLen} bytes, got ${data.length}`);
+  }
+  const padLen = keyLen - data.length - 3;
+  const em = new Uint8Array(keyLen);
+  em[0] = 0;
+  em[1] = 2;
+  const padding = randomBytes(padLen);
+  for (let i = 0; i < padLen; i++) {
+    while (padding[i] === 0) {
+      const replacement = randomBytes(1);
+      padding[i] = replacement[0];
+    }
+    em[2 + i] = padding[i];
+  }
+  em[2 + padLen] = 0;
+  em.set(data, 3 + padLen);
+  return em;
+}
+function pkcs1v15Type1Pad(data, keyLen) {
+  const maxDataLen = keyLen - 11;
+  if (data.length > maxDataLen) {
+    throw new Error(`Data too long for key size. Max ${maxDataLen} bytes, got ${data.length}`);
+  }
+  const padLen = keyLen - data.length - 3;
+  const em = new Uint8Array(keyLen);
+  em[0] = 0;
+  em[1] = 1;
+  for (let i = 2; i < 2 + padLen; i++) {
+    em[i] = 255;
+  }
+  em[2 + padLen] = 0;
+  em.set(data, 3 + padLen);
+  return em;
+}
+function pkcs1v15Type2Unpad(em) {
+  if (em.length < 11) {
+    throw new Error("Decryption error: message too short");
+  }
+  if (em[0] !== 0 || em[1] !== 2) {
+    throw new Error("Decryption error: invalid padding");
+  }
+  let sepIdx = 2;
+  while (sepIdx < em.length && em[sepIdx] !== 0) {
+    sepIdx++;
+  }
+  if (sepIdx >= em.length || sepIdx < 10) {
+    throw new Error("Decryption error: invalid padding");
+  }
+  return em.slice(sepIdx + 1);
+}
+function pkcs1v15Type1Unpad(em) {
+  if (em.length < 11) {
+    throw new Error("Decryption error: message too short");
+  }
+  if (em[0] !== 0 || em[1] !== 1) {
+    throw new Error("Decryption error: invalid padding");
+  }
+  let sepIdx = 2;
+  while (sepIdx < em.length && em[sepIdx] === 255) {
+    sepIdx++;
+  }
+  if (sepIdx >= em.length || em[sepIdx] !== 0 || sepIdx < 10) {
+    throw new Error("Decryption error: invalid padding");
+  }
+  return em.slice(sepIdx + 1);
+}
+function publicEncrypt(key, buffer) {
+  const pem = extractPem(key);
+  const parsed = parsePemKey(pem);
+  let n;
+  let e;
+  if (parsed.type === "rsa-public") {
+    n = parsed.components.n;
+    e = parsed.components.e;
+  } else if (parsed.type === "rsa-private") {
+    n = parsed.components.n;
+    e = parsed.components.e;
+  } else {
+    throw new Error("Key must be an RSA public or private key");
+  }
+  const keyLen = rsaKeySize(n);
+  const data = buffer instanceof Uint8Array ? buffer : Buffer.from(buffer);
+  const em = pkcs1v15Type2Pad(data, keyLen);
+  const m = bytesToBigInt(em);
+  const c = modPow(m, e, n);
+  return Buffer.from(bigIntToBytes(c, keyLen));
+}
+function privateDecrypt(key, buffer) {
+  const pem = extractPem(key);
+  const parsed = parsePemKey(pem);
+  if (parsed.type !== "rsa-private") {
+    throw new Error("Key must be an RSA private key");
+  }
+  const { n, d } = parsed.components;
+  const keyLen = rsaKeySize(n);
+  const data = buffer instanceof Uint8Array ? buffer : Buffer.from(buffer);
+  if (data.length !== keyLen) {
+    throw new Error(`Data length (${data.length}) does not match key length (${keyLen})`);
+  }
+  const c = bytesToBigInt(data);
+  if (c >= n) {
+    throw new Error("Decryption error: cipher value out of range");
+  }
+  const m = modPow(c, d, n);
+  const em = bigIntToBytes(m, keyLen);
+  return Buffer.from(pkcs1v15Type2Unpad(em));
+}
+function privateEncrypt(key, buffer) {
+  const pem = extractPem(key);
+  const parsed = parsePemKey(pem);
+  if (parsed.type !== "rsa-private") {
+    throw new Error("Key must be an RSA private key");
+  }
+  const { n, d } = parsed.components;
+  const keyLen = rsaKeySize(n);
+  const data = buffer instanceof Uint8Array ? buffer : Buffer.from(buffer);
+  const em = pkcs1v15Type1Pad(data, keyLen);
+  const m = bytesToBigInt(em);
+  const c = modPow(m, d, n);
+  return Buffer.from(bigIntToBytes(c, keyLen));
+}
+function publicDecrypt(key, buffer) {
+  const pem = extractPem(key);
+  const parsed = parsePemKey(pem);
+  let n;
+  let e;
+  if (parsed.type === "rsa-public") {
+    n = parsed.components.n;
+    e = parsed.components.e;
+  } else if (parsed.type === "rsa-private") {
+    n = parsed.components.n;
+    e = parsed.components.e;
+  } else {
+    throw new Error("Key must be an RSA public or private key");
+  }
+  const keyLen = rsaKeySize(n);
+  const data = buffer instanceof Uint8Array ? buffer : Buffer.from(buffer);
+  if (data.length !== keyLen) {
+    throw new Error(`Data length (${data.length}) does not match key length (${keyLen})`);
+  }
+  const c = bytesToBigInt(data);
+  if (c >= n) {
+    throw new Error("Decryption error: cipher value out of range");
+  }
+  const m = modPow(c, e, n);
+  const em = bigIntToBytes(m, keyLen);
+  return Buffer.from(pkcs1v15Type1Unpad(em));
+}
+export {
+  privateDecrypt,
+  privateEncrypt,
+  publicDecrypt,
+  publicEncrypt
+};

package/lib/esm/random.js

@@ -0,0 +1,138 @@
+import { Buffer } from "node:buffer";
+const hasWebCrypto = typeof globalThis.crypto !== "undefined" && typeof globalThis.crypto.getRandomValues === "function";
+function fillRandom(view) {
+  if (hasWebCrypto) {
+    for (let offset = 0; offset < view.length; offset += 65536) {
+      const length = Math.min(view.length - offset, 65536);
+      const slice = new Uint8Array(view.buffer, view.byteOffset + offset, length);
+      globalThis.crypto.getRandomValues(slice);
+    }
+  } else {
+    try {
+      const GLib = imports.gi.GLib;
+      for (let i = 0; i < view.length; i++) {
+        view[i] = GLib.random_int_range(0, 256);
+      }
+    } catch {
+      for (let i = 0; i < view.length; i++) {
+        view[i] = Math.floor(Math.random() * 256);
+      }
+    }
+  }
+}
+function randomBytes(size, callback) {
+  if (typeof size !== "number" || size < 0 || !Number.isInteger(size)) {
+    throw new TypeError(`The "size" argument must be a non-negative integer. Received ${size}`);
+  }
+  try {
+    const buf = Buffer.alloc(size);
+    if (size > 0) {
+      fillRandom(new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength));
+    }
+    if (callback) {
+      callback(null, buf);
+    } else {
+      return buf;
+    }
+  } catch (err) {
+    if (callback) {
+      callback(err, Buffer.alloc(0));
+    } else {
+      throw err;
+    }
+  }
+}
+function randomFillSync(buffer, offset = 0, size) {
+  const length = size ?? buffer.length - offset;
+  if (offset < 0 || offset > buffer.length) {
+    throw new RangeError(`The value of "offset" is out of range. Received ${offset}`);
+  }
+  if (length < 0 || offset + length > buffer.length) {
+    throw new RangeError(`The value of "size" is out of range. Received ${length}`);
+  }
+  if (length > 0) {
+    const byteOffset = buffer instanceof Buffer ? buffer.byteOffset : buffer.byteOffset;
+    const view = new Uint8Array(buffer.buffer, byteOffset + offset, length);
+    fillRandom(view);
+  }
+  return buffer;
+}
+function randomFill(buffer, offset, size, callback) {
+  let _offset;
+  let _size;
+  let _callback;
+  if (typeof offset === "function") {
+    _callback = offset;
+    _offset = 0;
+    _size = buffer.length;
+  } else if (typeof size === "function") {
+    _callback = size;
+    _offset = offset;
+    _size = buffer.length - offset;
+  } else {
+    _callback = callback;
+    _offset = offset;
+    _size = size;
+  }
+  try {
+    randomFillSync(buffer, _offset, _size);
+    _callback(null, buffer);
+  } catch (err) {
+    _callback(err, buffer);
+  }
+}
+function randomUUID() {
+  if (hasWebCrypto && typeof globalThis.crypto.randomUUID === "function") {
+    return globalThis.crypto.randomUUID();
+  }
+  const bytes = new Uint8Array(16);
+  fillRandom(bytes);
+  bytes[6] = bytes[6] & 15 | 64;
+  bytes[8] = bytes[8] & 63 | 128;
+  const hex = Array.from(bytes, (b) => b.toString(16).padStart(2, "0")).join("");
+  return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
+}
+function randomInt(min, max, callback) {
+  let _min;
+  let _max;
+  let _callback;
+  if (typeof max === "function") {
+    _callback = max;
+    _max = min;
+    _min = 0;
+  } else if (typeof max === "number") {
+    _min = min;
+    _max = max;
+    _callback = callback;
+  } else {
+    _max = min;
+    _min = 0;
+    _callback = callback;
+  }
+  if (!Number.isInteger(_min)) {
+    throw new TypeError(`The "min" argument must be a safe integer. Received ${_min}`);
+  }
+  if (!Number.isInteger(_max)) {
+    throw new TypeError(`The "max" argument must be a safe integer. Received ${_max}`);
+  }
+  if (_min >= _max) {
+    throw new RangeError(`The value of "min" must be less than "max". Received min: ${_min}, max: ${_max}`);
+  }
+  const range = _max - _min;
+  const bytes = new Uint32Array(1);
+  const view = new Uint8Array(bytes.buffer);
+  fillRandom(view);
+  const value = _min + bytes[0] % range;
+  if (_callback) {
+    _callback(null, value);
+  } else {
+    return value;
+  }
+}
+export {
+  randomBytes,
+  randomFill,
+  randomFillSync,
+  randomInt,
+  randomUUID
+};

package/lib/esm/rsa-oaep.js

@@ -0,0 +1,95 @@
+import { Hash } from "./hash.js";
+import { randomBytes } from "./random.js";
+import { mgf1 } from "./mgf1.js";
+import { parsePemKey, rsaKeySize } from "./asn1.js";
+import { hashSize } from "./crypto-utils.js";
+import { modPow, bigIntToBytes, bytesToBigInt } from "./bigint-math.js";
+function hashDigest(algo, data) {
+  const h = new Hash(algo);
+  h.update(data);
+  return new Uint8Array(h.digest());
+}
+function rsaOaepEncrypt(hashAlgo, pubKeyPem, plaintext, label) {
+  const parsed = parsePemKey(pubKeyPem);
+  let n, e;
+  if (parsed.type === "rsa-public") {
+    ({ n, e } = parsed.components);
+  } else if (parsed.type === "rsa-private") {
+    ({ n, e } = parsed.components);
+  } else {
+    throw new Error("RSA-OAEP: expected RSA key");
+  }
+  const keyBytes = Math.ceil(rsaKeySize(n) / 8);
+  const hLen = hashSize(hashAlgo);
+  if (plaintext.length > keyBytes - 2 * hLen - 2) {
+    throw new Error("RSA-OAEP: message too long");
+  }
+  const lHash = hashDigest(hashAlgo, label || new Uint8Array(0));
+  const dbLen = keyBytes - hLen - 1;
+  const DB = new Uint8Array(dbLen);
+  DB.set(lHash, 0);
+  DB[dbLen - plaintext.length - 1] = 1;
+  DB.set(plaintext, dbLen - plaintext.length);
+  const seed = new Uint8Array(randomBytes(hLen));
+  const dbMask = mgf1(hashAlgo, seed, dbLen);
+  const maskedDB = new Uint8Array(dbLen);
+  for (let i = 0; i < dbLen; i++) maskedDB[i] = DB[i] ^ dbMask[i];
+  const seedMask = mgf1(hashAlgo, maskedDB, hLen);
+  const maskedSeed = new Uint8Array(hLen);
+  for (let i = 0; i < hLen; i++) maskedSeed[i] = seed[i] ^ seedMask[i];
+  const EM = new Uint8Array(keyBytes);
+  EM[0] = 0;
+  EM.set(maskedSeed, 1);
+  EM.set(maskedDB, 1 + hLen);
+  const m = bytesToBigInt(EM);
+  const c = modPow(m, e, n);
+  return bigIntToBytes(c, keyBytes);
+}
+function rsaOaepDecrypt(hashAlgo, privKeyPem, ciphertext, label) {
+  const parsed = parsePemKey(privKeyPem);
+  if (parsed.type !== "rsa-private") throw new Error("RSA-OAEP: expected RSA private key");
+  const { n, d } = parsed.components;
+  const keyBytes = Math.ceil(rsaKeySize(n) / 8);
+  const hLen = hashSize(hashAlgo);
+  if (ciphertext.length !== keyBytes || keyBytes < 2 * hLen + 2) {
+    throw new Error("RSA-OAEP: decryption error");
+  }
+  const c = bytesToBigInt(ciphertext);
+  const m = modPow(c, d, n);
+  const EM = bigIntToBytes(m, keyBytes);
+  const Y = EM[0];
+  const maskedSeed = EM.slice(1, 1 + hLen);
+  const maskedDB = EM.slice(1 + hLen);
+  const dbLen = keyBytes - hLen - 1;
+  const seedMask = mgf1(hashAlgo, maskedDB, hLen);
+  const seed = new Uint8Array(hLen);
+  for (let i = 0; i < hLen; i++) seed[i] = maskedSeed[i] ^ seedMask[i];
+  const dbMask = mgf1(hashAlgo, seed, dbLen);
+  const DB = new Uint8Array(dbLen);
+  for (let i = 0; i < dbLen; i++) DB[i] = maskedDB[i] ^ dbMask[i];
+  const lHash = hashDigest(hashAlgo, label || new Uint8Array(0));
+  const lHashPrime = DB.slice(0, hLen);
+  let valid = Y === 0 ? 1 : 0;
+  for (let i = 0; i < hLen; i++) {
+    valid &= lHash[i] === lHashPrime[i] ? 1 : 0;
+  }
+  let sepIdx = -1;
+  for (let i = hLen; i < dbLen; i++) {
+    if (DB[i] === 1) {
+      sepIdx = i;
+      break;
+    } else if (DB[i] !== 0) {
+      valid = 0;
+      break;
+    }
+  }
+  if (sepIdx === -1) valid = 0;
+  if (!valid) {
+    throw new Error("RSA-OAEP: decryption error");
+  }
+  return DB.slice(sepIdx + 1);
+}
+export {
+  rsaOaepDecrypt,
+  rsaOaepEncrypt
+};

package/lib/esm/rsa-pss.js

@@ -0,0 +1,100 @@
+import { Hash } from "./hash.js";
+import { randomBytes } from "./random.js";
+import { mgf1 } from "./mgf1.js";
+import { parsePemKey, rsaKeySize } from "./asn1.js";
+import { hashSize } from "./crypto-utils.js";
+import { modPow, bigIntToBytes, bytesToBigInt } from "./bigint-math.js";
+function hashDigest(algo, data) {
+  const h = new Hash(algo);
+  h.update(data);
+  return new Uint8Array(h.digest());
+}
+function emsaPssEncode(mHash, emBits, hashAlgo, saltLength) {
+  const hLen = hashSize(hashAlgo);
+  const emLen = Math.ceil(emBits / 8);
+  if (emLen < hLen + saltLength + 2) {
+    throw new Error("RSA-PSS: encoding error \u2014 key too short");
+  }
+  const salt = saltLength > 0 ? new Uint8Array(randomBytes(saltLength)) : new Uint8Array(0);
+  const mPrime = new Uint8Array(8 + hLen + saltLength);
+  mPrime.set(mHash, 8);
+  mPrime.set(salt, 8 + hLen);
+  const H = hashDigest(hashAlgo, mPrime);
+  const dbLen = emLen - hLen - 1;
+  const DB = new Uint8Array(dbLen);
+  DB[dbLen - saltLength - 1] = 1;
+  DB.set(salt, dbLen - saltLength);
+  const dbMask = mgf1(hashAlgo, H, dbLen);
+  const maskedDB = new Uint8Array(dbLen);
+  for (let i = 0; i < dbLen; i++) maskedDB[i] = DB[i] ^ dbMask[i];
+  const zeroBits = 8 * emLen - emBits;
+  if (zeroBits > 0) maskedDB[0] &= 255 >>> zeroBits;
+  const EM = new Uint8Array(emLen);
+  EM.set(maskedDB, 0);
+  EM.set(H, dbLen);
+  EM[emLen - 1] = 188;
+  return EM;
+}
+function emsaPssVerify(mHash, EM, emBits, hashAlgo, saltLength) {
+  const hLen = hashSize(hashAlgo);
+  const emLen = Math.ceil(emBits / 8);
+  if (emLen < hLen + saltLength + 2) return false;
+  if (EM[emLen - 1] !== 188) return false;
+  const dbLen = emLen - hLen - 1;
+  const maskedDB = EM.slice(0, dbLen);
+  const H = EM.slice(dbLen, dbLen + hLen);
+  const zeroBits = 8 * emLen - emBits;
+  if (zeroBits > 0 && (maskedDB[0] & 255 << 8 - zeroBits) !== 0) return false;
+  const dbMask = mgf1(hashAlgo, H, dbLen);
+  const DB = new Uint8Array(dbLen);
+  for (let i = 0; i < dbLen; i++) DB[i] = maskedDB[i] ^ dbMask[i];
+  if (zeroBits > 0) DB[0] &= 255 >>> zeroBits;
+  for (let i = 0; i < dbLen - saltLength - 1; i++) {
+    if (DB[i] !== 0) return false;
+  }
+  if (DB[dbLen - saltLength - 1] !== 1) return false;
+  const salt = DB.slice(dbLen - saltLength);
+  const mPrime = new Uint8Array(8 + hLen + saltLength);
+  mPrime.set(mHash, 8);
+  mPrime.set(salt, 8 + hLen);
+  const HPrime = hashDigest(hashAlgo, mPrime);
+  if (H.length !== HPrime.length) return false;
+  let diff = 0;
+  for (let i = 0; i < H.length; i++) diff |= H[i] ^ HPrime[i];
+  return diff === 0;
+}
+function rsaPssSign(hashAlgo, privKeyPem, data, saltLength) {
+  const parsed = parsePemKey(privKeyPem);
+  if (parsed.type !== "rsa-private") throw new Error("RSA-PSS: expected RSA private key");
+  const { n, d } = parsed.components;
+  const keyBits = rsaKeySize(n);
+  const keyBytes = Math.ceil(keyBits / 8);
+  const mHash = hashDigest(hashAlgo, data);
+  const EM = emsaPssEncode(mHash, keyBits - 1, hashAlgo, saltLength);
+  const m = bytesToBigInt(EM);
+  const s = modPow(m, d, n);
+  return bigIntToBytes(s, keyBytes);
+}
+function rsaPssVerify(hashAlgo, pubKeyPem, signature, data, saltLength) {
+  const parsed = parsePemKey(pubKeyPem);
+  let n, e;
+  if (parsed.type === "rsa-public") {
+    ({ n, e } = parsed.components);
+  } else if (parsed.type === "rsa-private") {
+    ({ n, e } = parsed.components);
+  } else {
+    throw new Error("RSA-PSS: expected RSA key");
+  }
+  const keyBits = rsaKeySize(n);
+  const keyBytes = Math.ceil(keyBits / 8);
+  if (signature.length !== keyBytes) return false;
+  const s = bytesToBigInt(signature);
+  const m = modPow(s, e, n);
+  const EM = bigIntToBytes(m, Math.ceil((keyBits - 1) / 8));
+  const mHash = hashDigest(hashAlgo, data);
+  return emsaPssVerify(mHash, EM, keyBits - 1, hashAlgo, saltLength);
+}
+export {
+  rsaPssSign,
+  rsaPssVerify
+};

package/lib/esm/scrypt.js

@@ -0,0 +1,134 @@
+import { Buffer } from "node:buffer";
+import { pbkdf2Sync } from "./pbkdf2.js";
+function R(a, b) {
+  return (a << b | a >>> 32 - b) >>> 0;
+}
+function salsa20_8(B) {
+  const x = new Uint32Array(16);
+  for (let i = 0; i < 16; i++) x[i] = B[i];
+  for (let i = 0; i < 4; i++) {
+    x[4] ^= R(x[0] + x[12], 7);
+    x[8] ^= R(x[4] + x[0], 9);
+    x[12] ^= R(x[8] + x[4], 13);
+    x[0] ^= R(x[12] + x[8], 18);
+    x[9] ^= R(x[5] + x[1], 7);
+    x[13] ^= R(x[9] + x[5], 9);
+    x[1] ^= R(x[13] + x[9], 13);
+    x[5] ^= R(x[1] + x[13], 18);
+    x[14] ^= R(x[10] + x[6], 7);
+    x[2] ^= R(x[14] + x[10], 9);
+    x[6] ^= R(x[2] + x[14], 13);
+    x[10] ^= R(x[6] + x[2], 18);
+    x[3] ^= R(x[15] + x[11], 7);
+    x[7] ^= R(x[3] + x[15], 9);
+    x[11] ^= R(x[7] + x[3], 13);
+    x[15] ^= R(x[11] + x[7], 18);
+    x[1] ^= R(x[0] + x[3], 7);
+    x[2] ^= R(x[1] + x[0], 9);
+    x[3] ^= R(x[2] + x[1], 13);
+    x[0] ^= R(x[3] + x[2], 18);
+    x[6] ^= R(x[5] + x[4], 7);
+    x[7] ^= R(x[6] + x[5], 9);
+    x[4] ^= R(x[7] + x[6], 13);
+    x[5] ^= R(x[4] + x[7], 18);
+    x[11] ^= R(x[10] + x[9], 7);
+    x[8] ^= R(x[11] + x[10], 9);
+    x[9] ^= R(x[8] + x[11], 13);
+    x[10] ^= R(x[9] + x[8], 18);
+    x[12] ^= R(x[15] + x[14], 7);
+    x[13] ^= R(x[12] + x[15], 9);
+    x[14] ^= R(x[13] + x[12], 13);
+    x[15] ^= R(x[14] + x[13], 18);
+  }
+  for (let i = 0; i < 16; i++) B[i] = B[i] + x[i] >>> 0;
+}
+function blockMix(B, r) {
+  const blockWords = 2 * r * 16;
+  const X = new Uint32Array(16);
+  for (let i = 0; i < 16; i++) X[i] = B[blockWords - 16 + i];
+  const Y = new Uint32Array(blockWords);
+  for (let i = 0; i < 2 * r; i++) {
+    for (let j = 0; j < 16; j++) X[j] ^= B[i * 16 + j];
+    salsa20_8(X);
+    for (let j = 0; j < 16; j++) Y[i * 16 + j] = X[j];
+  }
+  for (let i = 0; i < r; i++) {
+    for (let j = 0; j < 16; j++) B[i * 16 + j] = Y[2 * i * 16 + j];
+  }
+  for (let i = 0; i < r; i++) {
+    for (let j = 0; j < 16; j++) B[(r + i) * 16 + j] = Y[(2 * i + 1) * 16 + j];
+  }
+}
+function roMix(B, N, r) {
+  const blockWords = 2 * r * 16;
+  const V = new Array(N);
+  for (let i = 0; i < N; i++) {
+    V[i] = new Uint32Array(B);
+    blockMix(B, r);
+  }
+  for (let i = 0; i < N; i++) {
+    const j = B[blockWords - 16] & N - 1;
+    for (let k = 0; k < blockWords; k++) B[k] ^= V[j][k];
+    blockMix(B, r);
+  }
+}
+function bytesToWords(bytes) {
+  const words = new Uint32Array(bytes.length / 4);
+  for (let i = 0; i < words.length; i++) {
+    words[i] = bytes[i * 4] | bytes[i * 4 + 1] << 8 | bytes[i * 4 + 2] << 16 | bytes[i * 4 + 3] << 24;
+  }
+  return words;
+}
+function wordsToBytes(words) {
+  const bytes = new Uint8Array(words.length * 4);
+  for (let i = 0; i < words.length; i++) {
+    bytes[i * 4] = words[i] & 255;
+    bytes[i * 4 + 1] = words[i] >> 8 & 255;
+    bytes[i * 4 + 2] = words[i] >> 16 & 255;
+    bytes[i * 4 + 3] = words[i] >> 24 & 255;
+  }
+  return bytes;
+}
+function scryptCore(password, salt, N, r, p, keyLen) {
+  const blockSize = 128 * r;
+  const B = pbkdf2Sync(password, salt, 1, p * blockSize, "sha256");
+  for (let i = 0; i < p; i++) {
+    const blockBytes = new Uint8Array(B.buffer, B.byteOffset + i * blockSize, blockSize);
+    const blockWords = bytesToWords(blockBytes);
+    roMix(blockWords, N, r);
+    const result = wordsToBytes(blockWords);
+    blockBytes.set(result);
+  }
+  return pbkdf2Sync(password, B, 1, keyLen, "sha256");
+}
+function scryptSync(password, salt, keylen, options) {
+  const pwd = typeof password === "string" ? Buffer.from(password) : Buffer.from(password);
+  const slt = typeof salt === "string" ? Buffer.from(salt) : Buffer.from(salt);
+  const N = options?.N ?? 16384;
+  const r = options?.r ?? 8;
+  const p = options?.p ?? 1;
+  if (N <= 0 || (N & N - 1) !== 0) {
+    throw new Error("N must be a positive power of 2");
+  }
+  return scryptCore(pwd, slt, N, r, p, keylen);
+}
+function scrypt(password, salt, keylen, optionsOrCallback, callback) {
+  let options = {};
+  let cb;
+  if (typeof optionsOrCallback === "function") {
+    cb = optionsOrCallback;
+  } else {
+    options = optionsOrCallback;
+    cb = callback;
+  }
+  try {
+    const result = scryptSync(password, salt, keylen, options);
+    setTimeout(() => cb(null, result), 0);
+  } catch (err) {
+    setTimeout(() => cb(err instanceof Error ? err : new Error(String(err)), Buffer.alloc(0)), 0);
+  }
+}
+export {
+  scrypt,
+  scryptSync
+};