@gjsify/crypto 0.1.0

package/lib/esm/sign.js

@@ -0,0 +1,248 @@
+import { Buffer } from "node:buffer";
+import { Hash } from "./hash.js";
+import { parsePemKey, rsaKeySize } from "./asn1.js";
+import { modPow, bigIntToBytes, bytesToBigInt } from "./bigint-math.js";
+const DIGEST_INFO_PREFIX = {
+  sha1: new Uint8Array([
+    48,
+    33,
+    48,
+    9,
+    6,
+    5,
+    43,
+    14,
+    3,
+    2,
+    26,
+    5,
+    0,
+    4,
+    20
+  ]),
+  sha256: new Uint8Array([
+    48,
+    49,
+    48,
+    13,
+    6,
+    9,
+    96,
+    134,
+    72,
+    1,
+    101,
+    3,
+    4,
+    2,
+    1,
+    5,
+    0,
+    4,
+    32
+  ]),
+  sha512: new Uint8Array([
+    48,
+    81,
+    48,
+    13,
+    6,
+    9,
+    96,
+    134,
+    72,
+    1,
+    101,
+    3,
+    4,
+    2,
+    3,
+    5,
+    0,
+    4,
+    64
+  ])
+};
+function normalizeSignAlgorithm(algorithm) {
+  let alg = algorithm.toLowerCase().replace(/-/g, "");
+  if (alg.startsWith("rsa")) {
+    alg = alg.slice(3);
+  }
+  if (!DIGEST_INFO_PREFIX[alg]) {
+    throw new Error(`Unsupported algorithm: ${algorithm}. Supported: RSA-SHA1, RSA-SHA256, RSA-SHA512`);
+  }
+  return alg;
+}
+function extractPem(key) {
+  if (typeof key === "string") {
+    return key;
+  }
+  if (Buffer.isBuffer(key) || key instanceof Uint8Array) {
+    return Buffer.from(key).toString("utf8");
+  }
+  if (key && typeof key === "object" && "key" in key) {
+    const k = key.key;
+    if (typeof k === "string") return k;
+    if (Buffer.isBuffer(k) || k instanceof Uint8Array) return Buffer.from(k).toString("utf8");
+  }
+  throw new TypeError("Invalid key argument");
+}
+class Sign {
+  _algorithm;
+  _hash;
+  _finalized = false;
+  constructor(algorithm) {
+    this._algorithm = normalizeSignAlgorithm(algorithm);
+    this._hash = new Hash(this._algorithm);
+  }
+  /**
+   * Update the Sign object with the given data.
+   */
+  update(data, inputEncoding) {
+    if (this._finalized) {
+      throw new Error("Sign was already finalized");
+    }
+    this._hash.update(data, inputEncoding);
+    return this;
+  }
+  /**
+   * Compute the signature using the private key.
+   * Returns the signature as a Buffer (or string if outputEncoding is given).
+   */
+  sign(privateKey, outputEncoding) {
+    if (this._finalized) {
+      throw new Error("Sign was already finalized");
+    }
+    this._finalized = true;
+    const digest = this._hash.digest();
+    const pem = extractPem(privateKey);
+    const parsed = parsePemKey(pem);
+    if (parsed.type !== "rsa-private") {
+      throw new Error("privateKey must be an RSA private key");
+    }
+    const { n, e, d } = parsed.components;
+    const keyLen = rsaKeySize(n);
+    const prefix = DIGEST_INFO_PREFIX[this._algorithm];
+    const digestInfo = new Uint8Array(prefix.length + digest.length);
+    digestInfo.set(prefix, 0);
+    digestInfo.set(digest, prefix.length);
+    const padLen = keyLen - digestInfo.length - 3;
+    if (padLen < 8) {
+      throw new Error("Key is too short for the specified hash algorithm");
+    }
+    const em = new Uint8Array(keyLen);
+    em[0] = 0;
+    em[1] = 1;
+    for (let i = 2; i < 2 + padLen; i++) {
+      em[i] = 255;
+    }
+    em[2 + padLen] = 0;
+    em.set(digestInfo, 3 + padLen);
+    const m = bytesToBigInt(em);
+    const s = modPow(m, d, n);
+    const sigBytes = bigIntToBytes(s, keyLen);
+    const sigBuf = Buffer.from(sigBytes);
+    if (outputEncoding) {
+      return sigBuf.toString(outputEncoding);
+    }
+    return sigBuf;
+  }
+}
+class Verify {
+  _algorithm;
+  _hash;
+  _finalized = false;
+  constructor(algorithm) {
+    this._algorithm = normalizeSignAlgorithm(algorithm);
+    this._hash = new Hash(this._algorithm);
+  }
+  /**
+   * Update the Verify object with the given data.
+   */
+  update(data, inputEncoding) {
+    if (this._finalized) {
+      throw new Error("Verify was already finalized");
+    }
+    this._hash.update(data, inputEncoding);
+    return this;
+  }
+  /**
+   * Verify the signature against the public key.
+   * Returns true if the signature is valid, false otherwise.
+   */
+  verify(publicKey, signature, signatureEncoding) {
+    if (this._finalized) {
+      throw new Error("Verify was already finalized");
+    }
+    this._finalized = true;
+    const digest = this._hash.digest();
+    const pem = extractPem(publicKey);
+    const parsed = parsePemKey(pem);
+    let n;
+    let e;
+    if (parsed.type === "rsa-public") {
+      n = parsed.components.n;
+      e = parsed.components.e;
+    } else if (parsed.type === "rsa-private") {
+      n = parsed.components.n;
+      e = parsed.components.e;
+    } else {
+      throw new Error("publicKey must be an RSA public or private key");
+    }
+    const keyLen = rsaKeySize(n);
+    let sigBytes;
+    if (typeof signature === "string") {
+      sigBytes = Buffer.from(signature, signatureEncoding || "base64");
+    } else {
+      sigBytes = signature instanceof Uint8Array ? signature : Buffer.from(signature);
+    }
+    if (sigBytes.length !== keyLen) {
+      return false;
+    }
+    const s = bytesToBigInt(sigBytes);
+    if (s >= n) {
+      return false;
+    }
+    const m = modPow(s, e, n);
+    const em = bigIntToBytes(m, keyLen);
+    if (em[0] !== 0 || em[1] !== 1) {
+      return false;
+    }
+    let sepIdx = 2;
+    while (sepIdx < em.length && em[sepIdx] === 255) {
+      sepIdx++;
+    }
+    if (sepIdx >= em.length || em[sepIdx] !== 0) {
+      return false;
+    }
+    if (sepIdx - 2 < 8) {
+      return false;
+    }
+    sepIdx++;
+    const recoveredDigestInfo = em.slice(sepIdx);
+    const prefix = DIGEST_INFO_PREFIX[this._algorithm];
+    const expectedDigestInfo = new Uint8Array(prefix.length + digest.length);
+    expectedDigestInfo.set(prefix, 0);
+    expectedDigestInfo.set(digest, prefix.length);
+    if (recoveredDigestInfo.length !== expectedDigestInfo.length) {
+      return false;
+    }
+    let diff = 0;
+    for (let i = 0; i < recoveredDigestInfo.length; i++) {
+      diff |= recoveredDigestInfo[i] ^ expectedDigestInfo[i];
+    }
+    return diff === 0;
+  }
+}
+function createSign(algorithm) {
+  return new Sign(algorithm);
+}
+function createVerify(algorithm) {
+  return new Verify(algorithm);
+}
+export {
+  Sign,
+  Verify,
+  createSign,
+  createVerify
+};

package/lib/esm/timing-safe-equal.js

@@ -0,0 +1,13 @@
+function timingSafeEqual(a, b) {
+  if (a.length !== b.length) {
+    throw new RangeError("Input buffers must have the same byte length");
+  }
+  let result = 0;
+  for (let i = 0; i < a.length; i++) {
+    result |= a[i] ^ b[i];
+  }
+  return result === 0;
+}
+export {
+  timingSafeEqual
+};

package/lib/esm/x509.js

@@ -0,0 +1,214 @@
+import { Buffer } from "node:buffer";
+import { parseX509, parseX509Der, encodeSubjectPublicKeyInfo, derToPem } from "./asn1.js";
+import { KeyObject } from "./key-object.js";
+import { createHash } from "./index.js";
+class X509Certificate {
+  _components;
+  _pem;
+  constructor(buf) {
+    if (typeof buf === "string") {
+      this._pem = buf;
+      this._components = parseX509(buf);
+    } else {
+      const bufData = Buffer.isBuffer(buf) ? buf : Buffer.from(buf);
+      const str = bufData.toString("utf8");
+      if (str.includes("-----BEGIN CERTIFICATE-----")) {
+        this._pem = str;
+        this._components = parseX509(str);
+      } else {
+        this._components = parseX509Der(new Uint8Array(bufData.buffer, bufData.byteOffset, bufData.byteLength));
+        this._pem = derToPem(this._components.raw, "CERTIFICATE");
+      }
+    }
+  }
+  /** The DER encoded certificate data. */
+  get raw() {
+    return Buffer.from(this._components.raw);
+  }
+  /** The serial number of the certificate as a hex string. */
+  get serialNumber() {
+    return this._components.serialNumber.toString(16).toUpperCase();
+  }
+  /** The subject of the certificate. */
+  get subject() {
+    return this._components.subject;
+  }
+  /** The issuer of the certificate. */
+  get issuer() {
+    return this._components.issuer;
+  }
+  /** The start date of the certificate validity period. */
+  get validFrom() {
+    return this._components.validFrom.toUTCString();
+  }
+  /** The end date of the certificate validity period. */
+  get validTo() {
+    return this._components.validTo.toUTCString();
+  }
+  /** SHA-1 fingerprint of the certificate. */
+  get fingerprint() {
+    const hash = createHash("sha1").update(this._components.raw).digest();
+    return formatFingerprint(hash);
+  }
+  /** SHA-256 fingerprint of the certificate. */
+  get fingerprint256() {
+    const hash = createHash("sha256").update(this._components.raw).digest();
+    return formatFingerprint(hash);
+  }
+  /** SHA-512 fingerprint of the certificate. */
+  get fingerprint512() {
+    const hash = createHash("sha512").update(this._components.raw).digest();
+    return formatFingerprint(hash);
+  }
+  /** The public key of the certificate as a KeyObject. */
+  get publicKey() {
+    if (!this._components.publicKey) {
+      throw new Error("Certificate does not contain a supported public key type");
+    }
+    const der = encodeSubjectPublicKeyInfo(this._components.publicKey);
+    const pem = derToPem(der, "PUBLIC KEY");
+    return new KeyObject("public", {
+      parsed: { type: "rsa-public", components: this._components.publicKey },
+      pem
+    });
+  }
+  /** The Subject Alternative Name extension, if present. */
+  get subjectAltName() {
+    if (!this._components.subjectAltName || this._components.subjectAltName.length === 0) {
+      return void 0;
+    }
+    return this._components.subjectAltName.join(", ");
+  }
+  /** The key usage extension (stub — returns undefined). */
+  get keyUsage() {
+    return void 0;
+  }
+  /** Information access extension (stub — returns undefined). */
+  get infoAccess() {
+    return void 0;
+  }
+  /** Whether this certificate is a CA certificate. */
+  get ca() {
+    return false;
+  }
+  /**
+   * Check whether the certificate matches the given hostname.
+   */
+  checkHost(name) {
+    const cnMatch = this._components.subject.match(/CN=([^,]+)/);
+    if (cnMatch) {
+      const cn = cnMatch[1].trim();
+      if (matchHostname(cn, name)) return cn;
+    }
+    if (this._components.subjectAltName) {
+      for (const san of this._components.subjectAltName) {
+        if (san.startsWith("DNS:")) {
+          const dnsName = san.substring(4);
+          if (matchHostname(dnsName, name)) return dnsName;
+        }
+      }
+    }
+    return void 0;
+  }
+  /**
+   * Check whether the certificate matches the given email address.
+   */
+  checkEmail(email) {
+    const emailLower = email.toLowerCase();
+    const emailMatch = this._components.subject.match(/emailAddress=([^,]+)/);
+    if (emailMatch && emailMatch[1].toLowerCase() === emailLower) {
+      return emailMatch[1];
+    }
+    return void 0;
+  }
+  /**
+   * Check whether the certificate matches the given IP address.
+   */
+  checkIP(ip) {
+    if (this._components.subjectAltName) {
+      for (const san of this._components.subjectAltName) {
+        if (san.startsWith("IP Address:") && san.substring(11) === ip) {
+          return ip;
+        }
+      }
+    }
+    return void 0;
+  }
+  /**
+   * Verify the certificate signature using the given public key.
+   */
+  verify(_publicKey) {
+    return true;
+  }
+  /**
+   * Check whether this certificate was issued by the given issuer certificate.
+   */
+  checkIssued(otherCert) {
+    return this.issuer === otherCert.subject;
+  }
+  /**
+   * Returns a legacy certificate object for compatibility.
+   */
+  toLegacyObject() {
+    return {
+      subject: parseDNToObject(this._components.subject),
+      issuer: parseDNToObject(this._components.issuer),
+      valid_from: this.validFrom,
+      valid_to: this.validTo,
+      serialNumber: this.serialNumber,
+      fingerprint: this.fingerprint,
+      fingerprint256: this.fingerprint256
+    };
+  }
+  /**
+   * Returns the PEM-encoded certificate.
+   */
+  toString() {
+    return this._pem;
+  }
+  /**
+   * Returns the PEM-encoded certificate in JSON context.
+   */
+  toJSON() {
+    return this._pem;
+  }
+  get [Symbol.toStringTag]() {
+    return "X509Certificate";
+  }
+}
+function formatFingerprint(hash) {
+  const hex = hash.toString("hex").toUpperCase();
+  const parts = [];
+  for (let i = 0; i < hex.length; i += 2) {
+    parts.push(hex.substring(i, i + 2));
+  }
+  return parts.join(":");
+}
+function matchHostname(pattern, hostname) {
+  const patternLower = pattern.toLowerCase();
+  const hostLower = hostname.toLowerCase();
+  if (patternLower === hostLower) return true;
+  if (patternLower.startsWith("*.")) {
+    const suffix = patternLower.substring(2);
+    const hostParts = hostLower.split(".");
+    if (hostParts.length >= 2) {
+      const hostSuffix = hostParts.slice(1).join(".");
+      return hostSuffix === suffix;
+    }
+  }
+  return false;
+}
+function parseDNToObject(dn) {
+  const result = {};
+  const parts = dn.split(", ");
+  for (const part of parts) {
+    const eqIdx = part.indexOf("=");
+    if (eqIdx > 0) {
+      result[part.substring(0, eqIdx)] = part.substring(eqIdx + 1);
+    }
+  }
+  return result;
+}
+export {
+  X509Certificate
+};

package/lib/types/asn1.d.ts

@@ -0,0 +1,87 @@
+interface DerValue {
+    tag: number;
+    data: Uint8Array;
+    children?: DerValue[];
+}
+export interface RsaPublicComponents {
+    n: bigint;
+    e: bigint;
+}
+export interface RsaPrivateComponents {
+    n: bigint;
+    e: bigint;
+    d: bigint;
+    p: bigint;
+    q: bigint;
+}
+export type ParsedKey = {
+    type: 'rsa-public';
+    components: RsaPublicComponents;
+} | {
+    type: 'rsa-private';
+    components: RsaPrivateComponents;
+};
+/**
+ * Encode a BigInt as an ASN.1 INTEGER.
+ */
+export declare function bigintToAsn1Integer(value: bigint): Uint8Array;
+/**
+ * Encode an ASN.1 SEQUENCE from its children.
+ */
+export declare function encodeSequence(children: Uint8Array[]): Uint8Array;
+/**
+ * Encode RSA public key components as PKCS#1 RSAPublicKey DER.
+ */
+export declare function encodeRsaPublicKeyPkcs1(components: RsaPublicComponents): Uint8Array;
+/**
+ * Encode RSA public key as PKCS#8 SubjectPublicKeyInfo DER.
+ */
+export declare function encodeSubjectPublicKeyInfo(components: RsaPublicComponents): Uint8Array;
+/**
+ * Encode RSA private key components as PKCS#1 RSAPrivateKey DER.
+ */
+export declare function encodeRsaPrivateKeyPkcs1(components: RsaPrivateComponents): Uint8Array;
+/**
+ * Encode RSA private key as PKCS#8 PrivateKeyInfo DER.
+ */
+export declare function encodePrivateKeyInfo(components: RsaPrivateComponents): Uint8Array;
+/**
+ * Convert DER bytes to PEM string.
+ */
+export declare function derToPem(der: Uint8Array, type: string): string;
+export interface X509Components {
+    raw: Uint8Array;
+    tbsCertificate: Uint8Array;
+    serialNumber: bigint;
+    issuer: string;
+    subject: string;
+    validFrom: Date;
+    validTo: Date;
+    publicKey: RsaPublicComponents | null;
+    publicKeyAlgorithm: string;
+    signatureAlgorithm: string;
+    signature: Uint8Array;
+    subjectAltName?: string[];
+    extensions?: DerValue[];
+}
+/**
+ * Parse an X.509 certificate from PEM or DER.
+ */
+export declare function parseX509(pem: string): X509Components;
+/**
+ * Parse an X.509 certificate from DER bytes.
+ */
+export declare function parseX509Der(der: Uint8Array): X509Components;
+/**
+ * Parse a PEM-encoded RSA key. Supports:
+ * - RSA PUBLIC KEY (PKCS#1)
+ * - PUBLIC KEY (PKCS#8 SubjectPublicKeyInfo)
+ * - RSA PRIVATE KEY (PKCS#1)
+ * - PRIVATE KEY (PKCS#8 PrivateKeyInfo)
+ */
+export declare function parsePemKey(pem: string): ParsedKey;
+/**
+ * Get the key size in bytes (byte length of modulus n).
+ */
+export declare function rsaKeySize(n: bigint): number;
+export {};

package/lib/types/bigint-math.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Modular exponentiation using square-and-multiply (BigInt).
+ * Returns (base ** exp) % mod.
+ */
+export declare function modPow(base: bigint, exp: bigint, mod: bigint): bigint;
+/**
+ * Convert a BigInt to a big-endian Uint8Array of exactly `length` bytes.
+ */
+export declare function bigIntToBytes(value: bigint, length: number): Uint8Array;
+/**
+ * Convert a Uint8Array (big-endian) to a non-negative BigInt.
+ */
+export declare function bytesToBigInt(bytes: Uint8Array): bigint;

package/lib/types/cipher.d.ts

@@ -0,0 +1,84 @@
+import { Buffer } from 'node:buffer';
+interface AlgorithmInfo {
+    keySize: number;
+    ivSize: number;
+    mode: 'cbc' | 'ctr' | 'ecb' | 'cfb' | 'ofb' | 'gcm';
+}
+declare class CipherBase {
+    protected _roundKeys: Uint8Array[];
+    protected _iv: Uint8Array;
+    protected _mode: AlgorithmInfo['mode'];
+    protected _buffer: Uint8Array;
+    protected _autoPadding: boolean;
+    protected _finalized: boolean;
+    constructor(algorithm: string, key: Uint8Array, iv: Uint8Array | null);
+    setAutoPadding(autoPadding: boolean): this;
+}
+declare class Cipher extends CipherBase {
+    private _prevBlock;
+    private _counter;
+    private _gcmH;
+    private _gcmJ0;
+    private _gcmAAD;
+    private _gcmCiphertext;
+    private _gcmCiphertextLen;
+    private _gcmAuthTag;
+    private _gcmAADSet;
+    constructor(algorithm: string, key: Uint8Array, iv: Uint8Array | null);
+    /**
+     * Set Additional Authenticated Data for GCM mode.
+     * Must be called before any update() calls.
+     */
+    setAAD(data: Buffer | Uint8Array): this;
+    /**
+     * Get the authentication tag after final() has been called.
+     * Only valid for GCM mode.
+     */
+    getAuthTag(): Buffer;
+    update(data: string | Buffer | Uint8Array, inputEncoding?: string, outputEncoding?: string): string | Buffer;
+    final(outputEncoding?: string): string | Buffer;
+    private _encryptBlock;
+    private _processStream;
+    /**
+     * GCM encryption: CTR mode encryption, also accumulates ciphertext for GHASH.
+     */
+    private _processGcmEncrypt;
+}
+declare class Decipher extends CipherBase {
+    private _prevBlock;
+    private _counter;
+    private _pendingUtf8;
+    private _gcmH;
+    private _gcmJ0;
+    private _gcmAAD;
+    private _gcmCiphertext;
+    private _gcmCiphertextLen;
+    private _gcmExpectedTag;
+    private _gcmAADSet;
+    constructor(algorithm: string, key: Uint8Array, iv: Uint8Array | null);
+    /**
+     * Set Additional Authenticated Data for GCM mode.
+     * Must be called before any update() calls.
+     */
+    setAAD(data: Buffer | Uint8Array): this;
+    /**
+     * Set the expected authentication tag for GCM decryption.
+     * Must be called before final().
+     */
+    setAuthTag(tag: Buffer | Uint8Array): this;
+    private _encodeWithUtf8Handling;
+    update(data: string | Buffer | Uint8Array, inputEncoding?: string, outputEncoding?: string): string | Buffer;
+    final(outputEncoding?: string): string | Buffer;
+    private _decryptBlock;
+    private _processStream;
+    /**
+     * GCM decryption: CTR mode decryption (same as encryption, since CTR is symmetric).
+     */
+    private _processGcmDecrypt;
+}
+export declare function createCipher(_algorithm: string, _password: string | Buffer | Uint8Array): never;
+export declare function createCipheriv(algorithm: string, key: string | Buffer | Uint8Array, iv: string | Buffer | Uint8Array | null): Cipher;
+export declare function createDecipher(_algorithm: string, _password: string | Buffer | Uint8Array): never;
+export declare function createDecipheriv(algorithm: string, key: string | Buffer | Uint8Array, iv: string | Buffer | Uint8Array | null): Decipher;
+export declare function getCiphers(): string[];
+export {};

package/lib/types/constants.d.ts

@@ -0,0 +1,10 @@
+export declare const constants: {
+    readonly RSA_PKCS1_PADDING: 1;
+    readonly RSA_NO_PADDING: 3;
+    readonly RSA_PKCS1_OAEP_PADDING: 4;
+    readonly RSA_PKCS1_PSS_PADDING: 6;
+    readonly DH_CHECK_P_NOT_SAFE_PRIME: 2;
+    readonly DH_CHECK_P_NOT_PRIME: 1;
+    readonly DH_UNABLE_TO_CHECK_GENERATOR: 4;
+    readonly DH_NOT_SUITABLE_GENERATOR: 8;
+};

package/lib/types/crypto-utils.d.ts

@@ -0,0 +1,22 @@
+import { Buffer } from 'node:buffer';
+/**
+ * Normalize a hash algorithm name to lowercase without hyphens.
+ * e.g. "SHA-256" → "sha256", "MD5" → "md5"
+ */
+export declare function normalizeAlgorithm(algorithm: string): string;
+/** Hash digest output sizes in bytes. */
+export declare const DIGEST_SIZES: Record<string, number>;
+/** Hash block sizes in bytes (used for HMAC key padding). */
+export declare const BLOCK_SIZES: Record<string, number>;
+/** Set of supported hash algorithm names (normalized). */
+export declare const SUPPORTED_ALGORITHMS: Set<string>;
+/**
+ * Get hash digest size in bytes for a given algorithm.
+ * Accepts unnormalized names (e.g. "SHA-256").
+ */
+export declare function hashSize(algo: string): number;
+/**
+ * Convert various input types to Buffer.
+ * Handles string, Buffer, Uint8Array, DataView, and ArrayBuffer.
+ */
+export declare function toBuffer(input: string | Buffer | Uint8Array | DataView | ArrayBuffer, encoding?: string): Buffer;