@gjsify/crypto 0.3.12 → 0.3.14

package/lib/esm/ecdsa.js

@@ -1,125 +1,152 @@
+import { bigIntToBytes, bytesToBigInt } from "./bigint-math.js";
+import { CURVES, CURVE_ALIASES, mod, modInverse, pointAdd, scalarMul } from "./ecdh.js";
 import { Hash } from "./hash.js";
 import { Hmac } from "./hmac.js";
-import {
-  mod,
-  modInverse,
-  scalarMul,
-  pointAdd,
-  CURVES,
-  CURVE_ALIASES
-} from "./ecdh.js";
-import { bigIntToBytes as bigintToBytes, bytesToBigInt as bytesToBigint } from "./bigint-math.js";
+
+//#region src/ecdsa.ts
 function getCurve(curveName) {
-  const alias = CURVE_ALIASES[curveName.toLowerCase()];
-  if (!alias) throw new Error(`Unsupported curve: ${curveName}`);
-  return CURVES[alias];
+	const alias = CURVE_ALIASES[curveName.toLowerCase()];
+	if (!alias) throw new Error(`Unsupported curve: ${curveName}`);
+	return CURVES[alias];
 }
+/** Truncate hash to curve order bit length (FIPS 186-4 Section 6.4) */
 function truncateHash(hash, curve) {
-  const orderBits = curve.n.toString(2).length;
-  let e = bytesToBigint(hash);
-  const hashBits = hash.length * 8;
-  if (hashBits > orderBits) {
-    e >>= BigInt(hashBits - orderBits);
-  }
-  return e;
+	const orderBits = curve.n.toString(2).length;
+	let e = bytesToBigInt(hash);
+	const hashBits = hash.length * 8;
+	if (hashBits > orderBits) {
+		e >>= BigInt(hashBits - orderBits);
+	}
+	return e;
 }
 function hmacDigest(algo, key, data) {
-  const hmac = new Hmac(algo, key);
-  hmac.update(data);
-  return new Uint8Array(hmac.digest());
+	const hmac = new Hmac(algo, key);
+	hmac.update(data);
+	return new Uint8Array(hmac.digest());
 }
+/**
+* Generate deterministic k per RFC 6979 Section 3.2.
+* Uses HMAC-DRBG seeded with private key and message hash.
+*/
 function rfc6979(hashAlgo, privKey, msgHash, curve) {
-  const qLen = curve.byteLength;
-  const hLen = msgHash.length;
-  let V = new Uint8Array(hLen).fill(1);
-  let K = new Uint8Array(hLen).fill(0);
-  const x = bigintToBytes(privKey, qLen);
-  const z = bigintToBytes(mod(truncateHash(msgHash, curve), curve.n), qLen);
-  const concat0 = new Uint8Array(hLen + 1 + qLen + qLen);
-  concat0.set(V, 0);
-  concat0[hLen] = 0;
-  concat0.set(x, hLen + 1);
-  concat0.set(z, hLen + 1 + qLen);
-  K = hmacDigest(hashAlgo, K, concat0);
-  V = hmacDigest(hashAlgo, K, V);
-  const concat1 = new Uint8Array(hLen + 1 + qLen + qLen);
-  concat1.set(V, 0);
-  concat1[hLen] = 1;
-  concat1.set(x, hLen + 1);
-  concat1.set(z, hLen + 1 + qLen);
-  K = hmacDigest(hashAlgo, K, concat1);
-  V = hmacDigest(hashAlgo, K, V);
-  for (let attempt = 0; attempt < 100; attempt++) {
-    let T = new Uint8Array(0);
-    while (T.length < qLen) {
-      V = hmacDigest(hashAlgo, K, V);
-      const newT = new Uint8Array(T.length + V.length);
-      newT.set(T, 0);
-      newT.set(V, T.length);
-      T = newT;
-    }
-    const k = truncateHash(T.slice(0, qLen), curve);
-    if (k >= 1n && k < curve.n) {
-      return k;
-    }
-    const retryConcat = new Uint8Array(hLen + 1);
-    retryConcat.set(V, 0);
-    retryConcat[hLen] = 0;
-    K = hmacDigest(hashAlgo, K, retryConcat);
-    V = hmacDigest(hashAlgo, K, V);
-  }
-  throw new Error("RFC 6979: failed to generate valid k after 100 attempts");
+	const qLen = curve.byteLength;
+	const hLen = msgHash.length;
+	let V = new Uint8Array(hLen).fill(1);
+	let K = new Uint8Array(hLen).fill(0);
+	const x = bigIntToBytes(privKey, qLen);
+	const z = bigIntToBytes(mod(truncateHash(msgHash, curve), curve.n), qLen);
+	const concat0 = new Uint8Array(hLen + 1 + qLen + qLen);
+	concat0.set(V, 0);
+	concat0[hLen] = 0;
+	concat0.set(x, hLen + 1);
+	concat0.set(z, hLen + 1 + qLen);
+	K = hmacDigest(hashAlgo, K, concat0);
+	V = hmacDigest(hashAlgo, K, V);
+	const concat1 = new Uint8Array(hLen + 1 + qLen + qLen);
+	concat1.set(V, 0);
+	concat1[hLen] = 1;
+	concat1.set(x, hLen + 1);
+	concat1.set(z, hLen + 1 + qLen);
+	K = hmacDigest(hashAlgo, K, concat1);
+	V = hmacDigest(hashAlgo, K, V);
+	for (let attempt = 0; attempt < 100; attempt++) {
+		let T = new Uint8Array(0);
+		while (T.length < qLen) {
+			V = hmacDigest(hashAlgo, K, V);
+			const newT = new Uint8Array(T.length + V.length);
+			newT.set(T, 0);
+			newT.set(V, T.length);
+			T = newT;
+		}
+		const k = truncateHash(T.slice(0, qLen), curve);
+		if (k >= 1n && k < curve.n) {
+			return k;
+		}
+		const retryConcat = new Uint8Array(hLen + 1);
+		retryConcat.set(V, 0);
+		retryConcat[hLen] = 0;
+		K = hmacDigest(hashAlgo, K, retryConcat);
+		V = hmacDigest(hashAlgo, K, V);
+	}
+	throw new Error("RFC 6979: failed to generate valid k after 100 attempts");
 }
+/**
+* ECDSA signature generation per FIPS 186-4 Section 6.4.
+*
+* @param hashAlgo Hash algorithm name (e.g. 'sha256')
+* @param privKeyBytes Private key as big-endian bytes
+* @param data Data to sign (will be hashed)
+* @param curveName Curve name (e.g. 'P-256')
+* @returns Signature as r || s concatenated (each curve.byteLength bytes)
+*/
 function ecdsaSign(hashAlgo, privKeyBytes, data, curveName) {
-  const curve = getCurve(curveName);
-  const G = { x: curve.Gx, y: curve.Gy };
-  const d = bytesToBigint(privKeyBytes);
-  const hash = new Hash(hashAlgo);
-  hash.update(data);
-  const msgHash = new Uint8Array(hash.digest());
-  const e = truncateHash(msgHash, curve);
-  const k = rfc6979(hashAlgo, d, msgHash, curve);
-  const R = scalarMul(k, G, curve);
-  if (R === null) throw new Error("ECDSA: k * G is point at infinity");
-  const r = mod(R.x, curve.n);
-  if (r === 0n) throw new Error("ECDSA: r is zero");
-  const kInv = modInverse(k, curve.n);
-  const s = mod(kInv * (e + r * d), curve.n);
-  if (s === 0n) throw new Error("ECDSA: s is zero");
-  const sigLen = curve.byteLength;
-  const sig = new Uint8Array(sigLen * 2);
-  sig.set(bigintToBytes(r, sigLen), 0);
-  sig.set(bigintToBytes(s, sigLen), sigLen);
-  return sig;
+	const curve = getCurve(curveName);
+	const G = {
+		x: curve.Gx,
+		y: curve.Gy
+	};
+	const d = bytesToBigInt(privKeyBytes);
+	const hash = new Hash(hashAlgo);
+	hash.update(data);
+	const msgHash = new Uint8Array(hash.digest());
+	const e = truncateHash(msgHash, curve);
+	const k = rfc6979(hashAlgo, d, msgHash, curve);
+	const R = scalarMul(k, G, curve);
+	if (R === null) throw new Error("ECDSA: k * G is point at infinity");
+	const r = mod(R.x, curve.n);
+	if (r === 0n) throw new Error("ECDSA: r is zero");
+	const kInv = modInverse(k, curve.n);
+	const s = mod(kInv * (e + r * d), curve.n);
+	if (s === 0n) throw new Error("ECDSA: s is zero");
+	const sigLen = curve.byteLength;
+	const sig = new Uint8Array(sigLen * 2);
+	sig.set(bigIntToBytes(r, sigLen), 0);
+	sig.set(bigIntToBytes(s, sigLen), sigLen);
+	return sig;
 }
+/**
+* ECDSA signature verification per FIPS 186-4 Section 6.4.
+*
+* @param hashAlgo Hash algorithm name (e.g. 'sha256')
+* @param pubKeyBytes Public key as uncompressed point (0x04 || x || y)
+* @param signature Signature as r || s concatenated
+* @param data Signed data (will be hashed)
+* @param curveName Curve name (e.g. 'P-256')
+* @returns true if signature is valid
+*/
 function ecdsaVerify(hashAlgo, pubKeyBytes, signature, data, curveName) {
-  const curve = getCurve(curveName);
-  const G = { x: curve.Gx, y: curve.Gy };
-  const sigLen = curve.byteLength;
-  if (pubKeyBytes[0] !== 4 || pubKeyBytes.length !== 1 + sigLen * 2) {
-    return false;
-  }
-  const Qx = bytesToBigint(pubKeyBytes.slice(1, 1 + sigLen));
-  const Qy = bytesToBigint(pubKeyBytes.slice(1 + sigLen));
-  const Q = { x: Qx, y: Qy };
-  if (signature.length !== sigLen * 2) return false;
-  const r = bytesToBigint(signature.slice(0, sigLen));
-  const s = bytesToBigint(signature.slice(sigLen));
-  if (r < 1n || r >= curve.n || s < 1n || s >= curve.n) return false;
-  const hash = new Hash(hashAlgo);
-  hash.update(data);
-  const msgHash = new Uint8Array(hash.digest());
-  const e = truncateHash(msgHash, curve);
-  const w = modInverse(s, curve.n);
-  const u1 = mod(e * w, curve.n);
-  const u2 = mod(r * w, curve.n);
-  const R1 = scalarMul(u1, G, curve);
-  const R2 = scalarMul(u2, Q, curve);
-  const R = pointAdd(R1, R2, curve);
-  if (R === null) return false;
-  return mod(R.x, curve.n) === r;
+	const curve = getCurve(curveName);
+	const G = {
+		x: curve.Gx,
+		y: curve.Gy
+	};
+	const sigLen = curve.byteLength;
+	if (pubKeyBytes[0] !== 4 || pubKeyBytes.length !== 1 + sigLen * 2) {
+		return false;
+	}
+	const Qx = bytesToBigInt(pubKeyBytes.slice(1, 1 + sigLen));
+	const Qy = bytesToBigInt(pubKeyBytes.slice(1 + sigLen));
+	const Q = {
+		x: Qx,
+		y: Qy
+	};
+	if (signature.length !== sigLen * 2) return false;
+	const r = bytesToBigInt(signature.slice(0, sigLen));
+	const s = bytesToBigInt(signature.slice(sigLen));
+	if (r < 1n || r >= curve.n || s < 1n || s >= curve.n) return false;
+	const hash = new Hash(hashAlgo);
+	hash.update(data);
+	const msgHash = new Uint8Array(hash.digest());
+	const e = truncateHash(msgHash, curve);
+	const w = modInverse(s, curve.n);
+	const u1 = mod(e * w, curve.n);
+	const u2 = mod(r * w, curve.n);
+	const R1 = scalarMul(u1, G, curve);
+	const R2 = scalarMul(u2, Q, curve);
+	const R = pointAdd(R1, R2, curve);
+	if (R === null) return false;
+	return mod(R.x, curve.n) === r;
 }
-export {
-  ecdsaSign,
-  ecdsaVerify
-};
+
+//#endregion
+export { ecdsaSign, ecdsaVerify };

package/lib/esm/hash.js

@@ -1,100 +1,111 @@
+import { normalizeAlgorithm } from "./crypto-utils.js";
+import { Buffer } from "node:buffer";
 import GLib from "@girs/glib-2.0";
 import { Transform } from "node:stream";
-import { Buffer } from "node:buffer";
 import { normalizeEncoding } from "@gjsify/utils";
-import { normalizeAlgorithm } from "./crypto-utils.js";
+
+//#region src/hash.ts
 const CHECKSUM_TYPES = {
-  md5: GLib.ChecksumType.MD5,
-  sha1: GLib.ChecksumType.SHA1,
-  sha256: GLib.ChecksumType.SHA256,
-  sha384: GLib.ChecksumType.SHA384,
-  sha512: GLib.ChecksumType.SHA512
+	md5: GLib.ChecksumType.MD5,
+	sha1: GLib.ChecksumType.SHA1,
+	sha256: GLib.ChecksumType.SHA256,
+	sha384: GLib.ChecksumType.SHA384,
+	sha512: GLib.ChecksumType.SHA512
 };
 function getChecksumType(algorithm) {
-  const normalized = normalizeAlgorithm(algorithm);
-  const type = CHECKSUM_TYPES[normalized];
-  if (type === void 0) {
-    const err = new Error(`Unknown message digest: ${algorithm}`);
-    err.code = "ERR_CRYPTO_HASH_UNKNOWN";
-    throw err;
-  }
-  return type;
-}
-class Hash extends Transform {
-  _algorithm;
-  _checksum;
-  _finalized = false;
-  constructor(algorithm) {
-    super();
-    const normalized = normalizeAlgorithm(algorithm);
-    const type = getChecksumType(normalized);
-    this._algorithm = normalized;
-    this._checksum = new GLib.Checksum(type);
-  }
-  /** Update the hash with data. */
-  update(data, inputEncoding) {
-    if (this._finalized) {
-      throw new Error("Digest already called");
-    }
-    let bytes;
-    if (typeof data === "string") {
-      const enc = normalizeEncoding(inputEncoding);
-      bytes = Buffer.from(data, enc);
-    } else {
-      bytes = data instanceof Uint8Array ? data : Buffer.from(data);
-    }
-    this._checksum.update(bytes);
-    return this;
-  }
-  /** Calculate the digest of all data passed to update(). */
-  digest(encoding) {
-    if (this._finalized) {
-      throw new Error("Digest already called");
-    }
-    this._finalized = true;
-    const hexStr = this._checksum.get_string();
-    const buf = Buffer.from(hexStr, "hex");
-    if (encoding) return buf.toString(encoding);
-    return buf;
-  }
-  /** Copy this hash to a new Hash object. */
-  copy() {
-    if (this._finalized) {
-      throw new Error("Digest already called");
-    }
-    const copy = Object.create(Hash.prototype);
-    Transform.call(copy);
-    copy._algorithm = this._algorithm;
-    copy._finalized = false;
-    copy._checksum = this._checksum.copy();
-    return copy;
-  }
-  // Transform stream interface
-  _transform(chunk, encoding, callback) {
-    try {
-      this.update(chunk, encoding);
-      callback();
-    } catch (err) {
-      callback(err);
-    }
-  }
-  _flush(callback) {
-    try {
-      this.push(this.digest());
-      callback();
-    } catch (err) {
-      callback(err);
-    }
-  }
+	const normalized = normalizeAlgorithm(algorithm);
+	const type = CHECKSUM_TYPES[normalized];
+	if (type === undefined) {
+		const err = new Error(`Unknown message digest: ${algorithm}`);
+		err.code = "ERR_CRYPTO_HASH_UNKNOWN";
+		throw err;
+	}
+	return type;
 }
+/**
+* Creates and returns a Hash object that can be used to generate hash digests
+* using the given algorithm.
+*/
+var Hash = class Hash extends Transform {
+	_algorithm;
+	_checksum;
+	_finalized = false;
+	constructor(algorithm) {
+		super();
+		const normalized = normalizeAlgorithm(algorithm);
+		const type = getChecksumType(normalized);
+		this._algorithm = normalized;
+		this._checksum = new GLib.Checksum(type);
+	}
+	/** Update the hash with data. */
+	update(data, inputEncoding) {
+		if (this._finalized) {
+			throw new Error("Digest already called");
+		}
+		let bytes;
+		if (typeof data === "string") {
+			const enc = normalizeEncoding(inputEncoding);
+			bytes = Buffer.from(data, enc);
+		} else {
+			bytes = data instanceof Uint8Array ? data : Buffer.from(data);
+		}
+		this._checksum.update(bytes);
+		return this;
+	}
+	/** Calculate the digest of all data passed to update(). */
+	digest(encoding) {
+		if (this._finalized) {
+			throw new Error("Digest already called");
+		}
+		this._finalized = true;
+		const hexStr = this._checksum.get_string();
+		const buf = Buffer.from(hexStr, "hex");
+		if (encoding) return buf.toString(encoding);
+		return buf;
+	}
+	/** Copy this hash to a new Hash object. */
+	copy() {
+		if (this._finalized) {
+			throw new Error("Digest already called");
+		}
+		const copy = Object.create(Hash.prototype);
+		Transform.call(copy);
+		copy._algorithm = this._algorithm;
+		copy._finalized = false;
+		copy._checksum = this._checksum.copy();
+		return copy;
+	}
+	_transform(chunk, encoding, callback) {
+		try {
+			this.update(chunk, encoding);
+			callback();
+		} catch (err) {
+			callback(err);
+		}
+	}
+	_flush(callback) {
+		try {
+			this.push(this.digest());
+			callback();
+		} catch (err) {
+			callback(err);
+		}
+	}
+};
+/** Get the list of supported hash algorithms. */
 function getHashes() {
-  return ["md5", "sha1", "sha256", "sha384", "sha512"];
+	return [
+		"md5",
+		"sha1",
+		"sha256",
+		"sha384",
+		"sha512"
+	];
 }
+/** Convenience: one-shot hash (Node 21+). */
 function hash(algorithm, data, encoding) {
-  return new Hash(algorithm).update(data).digest(encoding);
+	return new Hash(algorithm).update(data).digest(encoding);
 }
-export {
-  Hash,
-  getHashes,
-  hash
-};
+
+//#endregion
+export { Hash, getHashes, hash };

package/lib/esm/hkdf.js

@@ -1,58 +1,76 @@
-import { Buffer } from "node:buffer";
+import { DIGEST_SIZES, SUPPORTED_ALGORITHMS, normalizeAlgorithm, toBuffer } from "./crypto-utils.js";
 import { Hmac } from "./hmac.js";
-import { normalizeAlgorithm, DIGEST_SIZES, SUPPORTED_ALGORITHMS, toBuffer } from "./crypto-utils.js";
+import { Buffer } from "node:buffer";
+
+//#region src/hkdf.ts
 function hmacDigest(algo, key, data) {
-  const hmac = new Hmac(algo, key);
-  hmac.update(data);
-  return hmac.digest();
+	const hmac = new Hmac(algo, key);
+	hmac.update(data);
+	return hmac.digest();
 }
+/**
+* HKDF-Extract: PRK = HMAC-Hash(salt, IKM)
+*/
 function hkdfExtract(algo, ikm, salt) {
-  return hmacDigest(algo, salt, ikm);
+	return hmacDigest(algo, salt, ikm);
 }
+/**
+* HKDF-Expand: OKM = T(1) || T(2) || ... || T(N)
+*   T(i) = HMAC-Hash(PRK, T(i-1) || info || i)
+*/
 function hkdfExpand(algo, prk, info, length, hashLen) {
-  const n = Math.ceil(length / hashLen);
-  if (n > 255) {
-    throw new Error("HKDF cannot generate more than 255 * HashLen bytes");
-  }
-  const okm = Buffer.allocUnsafe(n * hashLen);
-  let prev = Buffer.alloc(0);
-  for (let i = 1; i <= n; i++) {
-    const input = Buffer.concat([prev, info, Buffer.from([i])]);
-    prev = hmacDigest(algo, prk, input);
-    prev.copy(okm, (i - 1) * hashLen);
-  }
-  return Buffer.from(okm.buffer, okm.byteOffset, length);
+	const n = Math.ceil(length / hashLen);
+	if (n > 255) {
+		throw new Error("HKDF cannot generate more than 255 * HashLen bytes");
+	}
+	const okm = Buffer.allocUnsafe(n * hashLen);
+	let prev = Buffer.alloc(0);
+	for (let i = 1; i <= n; i++) {
+		const input = Buffer.concat([
+			prev,
+			info,
+			Buffer.from([i])
+		]);
+		prev = hmacDigest(algo, prk, input);
+		prev.copy(okm, (i - 1) * hashLen);
+	}
+	return Buffer.from(okm.buffer, okm.byteOffset, length);
 }
+/**
+* Synchronous HKDF key derivation.
+*/
 function hkdfSync(digest, ikm, salt, info, keylen) {
-  const algo = normalizeAlgorithm(digest);
-  const hashLen = DIGEST_SIZES[algo];
-  if (!SUPPORTED_ALGORITHMS.has(algo) || hashLen === void 0) {
-    throw new TypeError(`Unknown message digest: ${digest}`);
-  }
-  if (typeof keylen !== "number" || keylen < 0) {
-    throw new TypeError("keylen must be a non-negative number");
-  }
-  const ikmBuf = toBuffer(ikm);
-  const saltBuf = toBuffer(salt);
-  const infoBuf = toBuffer(info);
-  const effectiveSalt = saltBuf.length === 0 ? Buffer.alloc(hashLen, 0) : saltBuf;
-  const prk = hkdfExtract(algo, ikmBuf, effectiveSalt);
-  const okm = hkdfExpand(algo, prk, infoBuf, keylen, hashLen);
-  const result = new ArrayBuffer(okm.length);
-  new Uint8Array(result).set(okm);
-  return result;
+	const algo = normalizeAlgorithm(digest);
+	const hashLen = DIGEST_SIZES[algo];
+	if (!SUPPORTED_ALGORITHMS.has(algo) || hashLen === undefined) {
+		throw new TypeError(`Unknown message digest: ${digest}`);
+	}
+	if (typeof keylen !== "number" || keylen < 0) {
+		throw new TypeError("keylen must be a non-negative number");
+	}
+	const ikmBuf = toBuffer(ikm);
+	const saltBuf = toBuffer(salt);
+	const infoBuf = toBuffer(info);
+	const effectiveSalt = saltBuf.length === 0 ? Buffer.alloc(hashLen, 0) : saltBuf;
+	const prk = hkdfExtract(algo, ikmBuf, effectiveSalt);
+	const okm = hkdfExpand(algo, prk, infoBuf, keylen, hashLen);
+	const result = new ArrayBuffer(okm.length);
+	new Uint8Array(result).set(okm);
+	return result;
 }
+/**
+* Asynchronous HKDF key derivation.
+*/
 function hkdf(digest, ikm, salt, info, keylen, callback) {
-  setTimeout(() => {
-    try {
-      const result = hkdfSync(digest, ikm, salt, info, keylen);
-      callback(null, result);
-    } catch (err) {
-      callback(err instanceof Error ? err : new Error(String(err)));
-    }
-  }, 0);
+	setTimeout(() => {
+		try {
+			const result = hkdfSync(digest, ikm, salt, info, keylen);
+			callback(null, result);
+		} catch (err) {
+			callback(err instanceof Error ? err : new Error(String(err)));
+		}
+	}, 0);
 }
-export {
-  hkdf,
-  hkdfSync
-};
+
+//#endregion
+export { hkdf, hkdfSync };