@gjsify/crypto 0.3.13 → 0.3.14

package/lib/esm/random.js

@@ -1,138 +1,151 @@
 import { Buffer } from "node:buffer";
+
+//#region src/random.ts
 const hasWebCrypto = typeof globalThis.crypto !== "undefined" && typeof globalThis.crypto.getRandomValues === "function";
+/**
+* Fill a Uint8Array with random bytes, using WebCrypto or GLib.Random fallback.
+*/
 function fillRandom(view) {
-  if (hasWebCrypto) {
-    for (let offset = 0; offset < view.length; offset += 65536) {
-      const length = Math.min(view.length - offset, 65536);
-      const slice = new Uint8Array(view.buffer, view.byteOffset + offset, length);
-      globalThis.crypto.getRandomValues(slice);
-    }
-  } else {
-    try {
-      const GLib = imports.gi.GLib;
-      for (let i = 0; i < view.length; i++) {
-        view[i] = GLib.random_int_range(0, 256);
-      }
-    } catch {
-      for (let i = 0; i < view.length; i++) {
-        view[i] = Math.floor(Math.random() * 256);
-      }
-    }
-  }
+	if (hasWebCrypto) {
+		for (let offset = 0; offset < view.length; offset += 65536) {
+			const length = Math.min(view.length - offset, 65536);
+			const slice = new Uint8Array(view.buffer, view.byteOffset + offset, length);
+			globalThis.crypto.getRandomValues(slice);
+		}
+	} else {
+		try {
+			const GLib = imports.gi.GLib;
+			for (let i = 0; i < view.length; i++) {
+				view[i] = GLib.random_int_range(0, 256);
+			}
+		} catch {
+			for (let i = 0; i < view.length; i++) {
+				view[i] = Math.floor(Math.random() * 256);
+			}
+		}
+	}
 }
 function randomBytes(size, callback) {
-  if (typeof size !== "number" || size < 0 || !Number.isInteger(size)) {
-    throw new TypeError(`The "size" argument must be a non-negative integer. Received ${size}`);
-  }
-  try {
-    const buf = Buffer.alloc(size);
-    if (size > 0) {
-      fillRandom(new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength));
-    }
-    if (callback) {
-      callback(null, buf);
-    } else {
-      return buf;
-    }
-  } catch (err) {
-    if (callback) {
-      callback(err, Buffer.alloc(0));
-    } else {
-      throw err;
-    }
-  }
+	if (typeof size !== "number" || size < 0 || !Number.isInteger(size)) {
+		throw new TypeError(`The "size" argument must be a non-negative integer. Received ${size}`);
+	}
+	try {
+		const buf = Buffer.alloc(size);
+		if (size > 0) {
+			fillRandom(new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength));
+		}
+		if (callback) {
+			callback(null, buf);
+		} else {
+			return buf;
+		}
+	} catch (err) {
+		if (callback) {
+			callback(err, Buffer.alloc(0));
+		} else {
+			throw err;
+		}
+	}
 }
+/**
+* Fill a buffer with cryptographically strong pseudo-random data (synchronous).
+*/
 function randomFillSync(buffer, offset = 0, size) {
-  const length = size ?? buffer.length - offset;
-  if (offset < 0 || offset > buffer.length) {
-    throw new RangeError(`The value of "offset" is out of range. Received ${offset}`);
-  }
-  if (length < 0 || offset + length > buffer.length) {
-    throw new RangeError(`The value of "size" is out of range. Received ${length}`);
-  }
-  if (length > 0) {
-    const byteOffset = buffer instanceof Buffer ? buffer.byteOffset : buffer.byteOffset;
-    const view = new Uint8Array(buffer.buffer, byteOffset + offset, length);
-    fillRandom(view);
-  }
-  return buffer;
+	const length = size ?? buffer.length - offset;
+	if (offset < 0 || offset > buffer.length) {
+		throw new RangeError(`The value of "offset" is out of range. Received ${offset}`);
+	}
+	if (length < 0 || offset + length > buffer.length) {
+		throw new RangeError(`The value of "size" is out of range. Received ${length}`);
+	}
+	if (length > 0) {
+		const byteOffset = buffer instanceof Buffer ? buffer.byteOffset : buffer.byteOffset;
+		const view = new Uint8Array(buffer.buffer, byteOffset + offset, length);
+		fillRandom(view);
+	}
+	return buffer;
 }
+/**
+* Fill a buffer with cryptographically strong pseudo-random data (async).
+*/
 function randomFill(buffer, offset, size, callback) {
-  let _offset;
-  let _size;
-  let _callback;
-  if (typeof offset === "function") {
-    _callback = offset;
-    _offset = 0;
-    _size = buffer.length;
-  } else if (typeof size === "function") {
-    _callback = size;
-    _offset = offset;
-    _size = buffer.length - offset;
-  } else {
-    _callback = callback;
-    _offset = offset;
-    _size = size;
-  }
-  try {
-    randomFillSync(buffer, _offset, _size);
-    _callback(null, buffer);
-  } catch (err) {
-    _callback(err, buffer);
-  }
+	let _offset;
+	let _size;
+	let _callback;
+	if (typeof offset === "function") {
+		_callback = offset;
+		_offset = 0;
+		_size = buffer.length;
+	} else if (typeof size === "function") {
+		_callback = size;
+		_offset = offset;
+		_size = buffer.length - offset;
+	} else {
+		_callback = callback;
+		_offset = offset;
+		_size = size;
+	}
+	try {
+		randomFillSync(buffer, _offset, _size);
+		_callback(null, buffer);
+	} catch (err) {
+		_callback(err, buffer);
+	}
 }
+/**
+* Generate a random UUID v4 string.
+*/
 function randomUUID() {
-  if (hasWebCrypto && typeof globalThis.crypto.randomUUID === "function") {
-    return globalThis.crypto.randomUUID();
-  }
-  const bytes = new Uint8Array(16);
-  fillRandom(bytes);
-  bytes[6] = bytes[6] & 15 | 64;
-  bytes[8] = bytes[8] & 63 | 128;
-  const hex = Array.from(bytes, (b) => b.toString(16).padStart(2, "0")).join("");
-  return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
+	if (hasWebCrypto && typeof globalThis.crypto.randomUUID === "function") {
+		return globalThis.crypto.randomUUID();
+	}
+	const bytes = new Uint8Array(16);
+	fillRandom(bytes);
+	bytes[6] = bytes[6] & 15 | 64;
+	bytes[8] = bytes[8] & 63 | 128;
+	const hex = Array.from(bytes, (b) => b.toString(16).padStart(2, "0")).join("");
+	return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
 }
+/**
+* Generate a random integer between min (inclusive) and max (exclusive).
+*/
 function randomInt(min, max, callback) {
-  let _min;
-  let _max;
-  let _callback;
-  if (typeof max === "function") {
-    _callback = max;
-    _max = min;
-    _min = 0;
-  } else if (typeof max === "number") {
-    _min = min;
-    _max = max;
-    _callback = callback;
-  } else {
-    _max = min;
-    _min = 0;
-    _callback = callback;
-  }
-  if (!Number.isInteger(_min)) {
-    throw new TypeError(`The "min" argument must be a safe integer. Received ${_min}`);
-  }
-  if (!Number.isInteger(_max)) {
-    throw new TypeError(`The "max" argument must be a safe integer. Received ${_max}`);
-  }
-  if (_min >= _max) {
-    throw new RangeError(`The value of "min" must be less than "max". Received min: ${_min}, max: ${_max}`);
-  }
-  const range = _max - _min;
-  const bytes = new Uint32Array(1);
-  const view = new Uint8Array(bytes.buffer);
-  fillRandom(view);
-  const value = _min + bytes[0] % range;
-  if (_callback) {
-    _callback(null, value);
-  } else {
-    return value;
-  }
+	let _min;
+	let _max;
+	let _callback;
+	if (typeof max === "function") {
+		_callback = max;
+		_max = min;
+		_min = 0;
+	} else if (typeof max === "number") {
+		_min = min;
+		_max = max;
+		_callback = callback;
+	} else {
+		_max = min;
+		_min = 0;
+		_callback = callback;
+	}
+	if (!Number.isInteger(_min)) {
+		throw new TypeError(`The "min" argument must be a safe integer. Received ${_min}`);
+	}
+	if (!Number.isInteger(_max)) {
+		throw new TypeError(`The "max" argument must be a safe integer. Received ${_max}`);
+	}
+	if (_min >= _max) {
+		throw new RangeError(`The value of "min" must be less than "max". Received min: ${_min}, max: ${_max}`);
+	}
+	const range = _max - _min;
+	const bytes = new Uint32Array(1);
+	const view = new Uint8Array(bytes.buffer);
+	fillRandom(view);
+	const value = _min + bytes[0] % range;
+	if (_callback) {
+		_callback(null, value);
+	} else {
+		return value;
+	}
 }
-export {
-  randomBytes,
-  randomFill,
-  randomFillSync,
-  randomInt,
-  randomUUID
-};
+
+//#endregion
+export { randomBytes, randomFill, randomFillSync, randomInt, randomUUID };

package/lib/esm/rsa-oaep.js

@@ -1,95 +1,102 @@
-import { Hash } from "./hash.js";
-import { randomBytes } from "./random.js";
-import { mgf1 } from "./mgf1.js";
 import { parsePemKey, rsaKeySize } from "./asn1.js";
+import { bigIntToBytes, bytesToBigInt, modPow } from "./bigint-math.js";
 import { hashSize } from "./crypto-utils.js";
-import { modPow, bigIntToBytes, bytesToBigInt } from "./bigint-math.js";
+import { randomBytes } from "./random.js";
+import { Hash } from "./hash.js";
+import { mgf1 } from "./mgf1.js";
+
+//#region src/rsa-oaep.ts
 function hashDigest(algo, data) {
-  const h = new Hash(algo);
-  h.update(data);
-  return new Uint8Array(h.digest());
+	const h = new Hash(algo);
+	h.update(data);
+	return new Uint8Array(h.digest());
 }
+/**
+* RSA-OAEP encrypt using PEM public key.
+*/
 function rsaOaepEncrypt(hashAlgo, pubKeyPem, plaintext, label) {
-  const parsed = parsePemKey(pubKeyPem);
-  let n, e;
-  if (parsed.type === "rsa-public") {
-    ({ n, e } = parsed.components);
-  } else if (parsed.type === "rsa-private") {
-    ({ n, e } = parsed.components);
-  } else {
-    throw new Error("RSA-OAEP: expected RSA key");
-  }
-  const keyBytes = Math.ceil(rsaKeySize(n) / 8);
-  const hLen = hashSize(hashAlgo);
-  if (plaintext.length > keyBytes - 2 * hLen - 2) {
-    throw new Error("RSA-OAEP: message too long");
-  }
-  const lHash = hashDigest(hashAlgo, label || new Uint8Array(0));
-  const dbLen = keyBytes - hLen - 1;
-  const DB = new Uint8Array(dbLen);
-  DB.set(lHash, 0);
-  DB[dbLen - plaintext.length - 1] = 1;
-  DB.set(plaintext, dbLen - plaintext.length);
-  const seed = new Uint8Array(randomBytes(hLen));
-  const dbMask = mgf1(hashAlgo, seed, dbLen);
-  const maskedDB = new Uint8Array(dbLen);
-  for (let i = 0; i < dbLen; i++) maskedDB[i] = DB[i] ^ dbMask[i];
-  const seedMask = mgf1(hashAlgo, maskedDB, hLen);
-  const maskedSeed = new Uint8Array(hLen);
-  for (let i = 0; i < hLen; i++) maskedSeed[i] = seed[i] ^ seedMask[i];
-  const EM = new Uint8Array(keyBytes);
-  EM[0] = 0;
-  EM.set(maskedSeed, 1);
-  EM.set(maskedDB, 1 + hLen);
-  const m = bytesToBigInt(EM);
-  const c = modPow(m, e, n);
-  return bigIntToBytes(c, keyBytes);
+	const parsed = parsePemKey(pubKeyPem);
+	let n, e;
+	if (parsed.type === "rsa-public") {
+		({n, e} = parsed.components);
+	} else if (parsed.type === "rsa-private") {
+		({n, e} = parsed.components);
+	} else {
+		throw new Error("RSA-OAEP: expected RSA key");
+	}
+	const keyBytes = Math.ceil(rsaKeySize(n) / 8);
+	const hLen = hashSize(hashAlgo);
+	if (plaintext.length > keyBytes - 2 * hLen - 2) {
+		throw new Error("RSA-OAEP: message too long");
+	}
+	const lHash = hashDigest(hashAlgo, label || new Uint8Array(0));
+	const dbLen = keyBytes - hLen - 1;
+	const DB = new Uint8Array(dbLen);
+	DB.set(lHash, 0);
+	DB[dbLen - plaintext.length - 1] = 1;
+	DB.set(plaintext, dbLen - plaintext.length);
+	const seed = new Uint8Array(randomBytes(hLen));
+	const dbMask = mgf1(hashAlgo, seed, dbLen);
+	const maskedDB = new Uint8Array(dbLen);
+	for (let i = 0; i < dbLen; i++) maskedDB[i] = DB[i] ^ dbMask[i];
+	const seedMask = mgf1(hashAlgo, maskedDB, hLen);
+	const maskedSeed = new Uint8Array(hLen);
+	for (let i = 0; i < hLen; i++) maskedSeed[i] = seed[i] ^ seedMask[i];
+	const EM = new Uint8Array(keyBytes);
+	EM[0] = 0;
+	EM.set(maskedSeed, 1);
+	EM.set(maskedDB, 1 + hLen);
+	const m = bytesToBigInt(EM);
+	const c = modPow(m, e, n);
+	return bigIntToBytes(c, keyBytes);
 }
+/**
+* RSA-OAEP decrypt using PEM private key.
+*/
 function rsaOaepDecrypt(hashAlgo, privKeyPem, ciphertext, label) {
-  const parsed = parsePemKey(privKeyPem);
-  if (parsed.type !== "rsa-private") throw new Error("RSA-OAEP: expected RSA private key");
-  const { n, d } = parsed.components;
-  const keyBytes = Math.ceil(rsaKeySize(n) / 8);
-  const hLen = hashSize(hashAlgo);
-  if (ciphertext.length !== keyBytes || keyBytes < 2 * hLen + 2) {
-    throw new Error("RSA-OAEP: decryption error");
-  }
-  const c = bytesToBigInt(ciphertext);
-  const m = modPow(c, d, n);
-  const EM = bigIntToBytes(m, keyBytes);
-  const Y = EM[0];
-  const maskedSeed = EM.slice(1, 1 + hLen);
-  const maskedDB = EM.slice(1 + hLen);
-  const dbLen = keyBytes - hLen - 1;
-  const seedMask = mgf1(hashAlgo, maskedDB, hLen);
-  const seed = new Uint8Array(hLen);
-  for (let i = 0; i < hLen; i++) seed[i] = maskedSeed[i] ^ seedMask[i];
-  const dbMask = mgf1(hashAlgo, seed, dbLen);
-  const DB = new Uint8Array(dbLen);
-  for (let i = 0; i < dbLen; i++) DB[i] = maskedDB[i] ^ dbMask[i];
-  const lHash = hashDigest(hashAlgo, label || new Uint8Array(0));
-  const lHashPrime = DB.slice(0, hLen);
-  let valid = Y === 0 ? 1 : 0;
-  for (let i = 0; i < hLen; i++) {
-    valid &= lHash[i] === lHashPrime[i] ? 1 : 0;
-  }
-  let sepIdx = -1;
-  for (let i = hLen; i < dbLen; i++) {
-    if (DB[i] === 1) {
-      sepIdx = i;
-      break;
-    } else if (DB[i] !== 0) {
-      valid = 0;
-      break;
-    }
-  }
-  if (sepIdx === -1) valid = 0;
-  if (!valid) {
-    throw new Error("RSA-OAEP: decryption error");
-  }
-  return DB.slice(sepIdx + 1);
+	const parsed = parsePemKey(privKeyPem);
+	if (parsed.type !== "rsa-private") throw new Error("RSA-OAEP: expected RSA private key");
+	const { n, d } = parsed.components;
+	const keyBytes = Math.ceil(rsaKeySize(n) / 8);
+	const hLen = hashSize(hashAlgo);
+	if (ciphertext.length !== keyBytes || keyBytes < 2 * hLen + 2) {
+		throw new Error("RSA-OAEP: decryption error");
+	}
+	const c = bytesToBigInt(ciphertext);
+	const m = modPow(c, d, n);
+	const EM = bigIntToBytes(m, keyBytes);
+	const Y = EM[0];
+	const maskedSeed = EM.slice(1, 1 + hLen);
+	const maskedDB = EM.slice(1 + hLen);
+	const dbLen = keyBytes - hLen - 1;
+	const seedMask = mgf1(hashAlgo, maskedDB, hLen);
+	const seed = new Uint8Array(hLen);
+	for (let i = 0; i < hLen; i++) seed[i] = maskedSeed[i] ^ seedMask[i];
+	const dbMask = mgf1(hashAlgo, seed, dbLen);
+	const DB = new Uint8Array(dbLen);
+	for (let i = 0; i < dbLen; i++) DB[i] = maskedDB[i] ^ dbMask[i];
+	const lHash = hashDigest(hashAlgo, label || new Uint8Array(0));
+	const lHashPrime = DB.slice(0, hLen);
+	let valid = Y === 0 ? 1 : 0;
+	for (let i = 0; i < hLen; i++) {
+		valid &= lHash[i] === lHashPrime[i] ? 1 : 0;
+	}
+	let sepIdx = -1;
+	for (let i = hLen; i < dbLen; i++) {
+		if (DB[i] === 1) {
+			sepIdx = i;
+			break;
+		} else if (DB[i] !== 0) {
+			valid = 0;
+			break;
+		}
+	}
+	if (sepIdx === -1) valid = 0;
+	if (!valid) {
+		throw new Error("RSA-OAEP: decryption error");
+	}
+	return DB.slice(sepIdx + 1);
 }
-export {
-  rsaOaepDecrypt,
-  rsaOaepEncrypt
-};
+
+//#endregion
+export { rsaOaepDecrypt, rsaOaepEncrypt };

package/lib/esm/rsa-pss.js

@@ -1,100 +1,107 @@
-import { Hash } from "./hash.js";
-import { randomBytes } from "./random.js";
-import { mgf1 } from "./mgf1.js";
 import { parsePemKey, rsaKeySize } from "./asn1.js";
+import { bigIntToBytes, bytesToBigInt, modPow } from "./bigint-math.js";
 import { hashSize } from "./crypto-utils.js";
-import { modPow, bigIntToBytes, bytesToBigInt } from "./bigint-math.js";
+import { randomBytes } from "./random.js";
+import { Hash } from "./hash.js";
+import { mgf1 } from "./mgf1.js";
+
+//#region src/rsa-pss.ts
 function hashDigest(algo, data) {
-  const h = new Hash(algo);
-  h.update(data);
-  return new Uint8Array(h.digest());
+	const h = new Hash(algo);
+	h.update(data);
+	return new Uint8Array(h.digest());
 }
 function emsaPssEncode(mHash, emBits, hashAlgo, saltLength) {
-  const hLen = hashSize(hashAlgo);
-  const emLen = Math.ceil(emBits / 8);
-  if (emLen < hLen + saltLength + 2) {
-    throw new Error("RSA-PSS: encoding error \u2014 key too short");
-  }
-  const salt = saltLength > 0 ? new Uint8Array(randomBytes(saltLength)) : new Uint8Array(0);
-  const mPrime = new Uint8Array(8 + hLen + saltLength);
-  mPrime.set(mHash, 8);
-  mPrime.set(salt, 8 + hLen);
-  const H = hashDigest(hashAlgo, mPrime);
-  const dbLen = emLen - hLen - 1;
-  const DB = new Uint8Array(dbLen);
-  DB[dbLen - saltLength - 1] = 1;
-  DB.set(salt, dbLen - saltLength);
-  const dbMask = mgf1(hashAlgo, H, dbLen);
-  const maskedDB = new Uint8Array(dbLen);
-  for (let i = 0; i < dbLen; i++) maskedDB[i] = DB[i] ^ dbMask[i];
-  const zeroBits = 8 * emLen - emBits;
-  if (zeroBits > 0) maskedDB[0] &= 255 >>> zeroBits;
-  const EM = new Uint8Array(emLen);
-  EM.set(maskedDB, 0);
-  EM.set(H, dbLen);
-  EM[emLen - 1] = 188;
-  return EM;
+	const hLen = hashSize(hashAlgo);
+	const emLen = Math.ceil(emBits / 8);
+	if (emLen < hLen + saltLength + 2) {
+		throw new Error("RSA-PSS: encoding error — key too short");
+	}
+	const salt = saltLength > 0 ? new Uint8Array(randomBytes(saltLength)) : new Uint8Array(0);
+	const mPrime = new Uint8Array(8 + hLen + saltLength);
+	mPrime.set(mHash, 8);
+	mPrime.set(salt, 8 + hLen);
+	const H = hashDigest(hashAlgo, mPrime);
+	const dbLen = emLen - hLen - 1;
+	const DB = new Uint8Array(dbLen);
+	DB[dbLen - saltLength - 1] = 1;
+	DB.set(salt, dbLen - saltLength);
+	const dbMask = mgf1(hashAlgo, H, dbLen);
+	const maskedDB = new Uint8Array(dbLen);
+	for (let i = 0; i < dbLen; i++) maskedDB[i] = DB[i] ^ dbMask[i];
+	const zeroBits = 8 * emLen - emBits;
+	if (zeroBits > 0) maskedDB[0] &= 255 >>> zeroBits;
+	const EM = new Uint8Array(emLen);
+	EM.set(maskedDB, 0);
+	EM.set(H, dbLen);
+	EM[emLen - 1] = 188;
+	return EM;
 }
 function emsaPssVerify(mHash, EM, emBits, hashAlgo, saltLength) {
-  const hLen = hashSize(hashAlgo);
-  const emLen = Math.ceil(emBits / 8);
-  if (emLen < hLen + saltLength + 2) return false;
-  if (EM[emLen - 1] !== 188) return false;
-  const dbLen = emLen - hLen - 1;
-  const maskedDB = EM.slice(0, dbLen);
-  const H = EM.slice(dbLen, dbLen + hLen);
-  const zeroBits = 8 * emLen - emBits;
-  if (zeroBits > 0 && (maskedDB[0] & 255 << 8 - zeroBits) !== 0) return false;
-  const dbMask = mgf1(hashAlgo, H, dbLen);
-  const DB = new Uint8Array(dbLen);
-  for (let i = 0; i < dbLen; i++) DB[i] = maskedDB[i] ^ dbMask[i];
-  if (zeroBits > 0) DB[0] &= 255 >>> zeroBits;
-  for (let i = 0; i < dbLen - saltLength - 1; i++) {
-    if (DB[i] !== 0) return false;
-  }
-  if (DB[dbLen - saltLength - 1] !== 1) return false;
-  const salt = DB.slice(dbLen - saltLength);
-  const mPrime = new Uint8Array(8 + hLen + saltLength);
-  mPrime.set(mHash, 8);
-  mPrime.set(salt, 8 + hLen);
-  const HPrime = hashDigest(hashAlgo, mPrime);
-  if (H.length !== HPrime.length) return false;
-  let diff = 0;
-  for (let i = 0; i < H.length; i++) diff |= H[i] ^ HPrime[i];
-  return diff === 0;
+	const hLen = hashSize(hashAlgo);
+	const emLen = Math.ceil(emBits / 8);
+	if (emLen < hLen + saltLength + 2) return false;
+	if (EM[emLen - 1] !== 188) return false;
+	const dbLen = emLen - hLen - 1;
+	const maskedDB = EM.slice(0, dbLen);
+	const H = EM.slice(dbLen, dbLen + hLen);
+	const zeroBits = 8 * emLen - emBits;
+	if (zeroBits > 0 && (maskedDB[0] & 255 << 8 - zeroBits) !== 0) return false;
+	const dbMask = mgf1(hashAlgo, H, dbLen);
+	const DB = new Uint8Array(dbLen);
+	for (let i = 0; i < dbLen; i++) DB[i] = maskedDB[i] ^ dbMask[i];
+	if (zeroBits > 0) DB[0] &= 255 >>> zeroBits;
+	for (let i = 0; i < dbLen - saltLength - 1; i++) {
+		if (DB[i] !== 0) return false;
+	}
+	if (DB[dbLen - saltLength - 1] !== 1) return false;
+	const salt = DB.slice(dbLen - saltLength);
+	const mPrime = new Uint8Array(8 + hLen + saltLength);
+	mPrime.set(mHash, 8);
+	mPrime.set(salt, 8 + hLen);
+	const HPrime = hashDigest(hashAlgo, mPrime);
+	if (H.length !== HPrime.length) return false;
+	let diff = 0;
+	for (let i = 0; i < H.length; i++) diff |= H[i] ^ HPrime[i];
+	return diff === 0;
 }
+/**
+* RSA-PSS sign using PEM private key.
+*/
 function rsaPssSign(hashAlgo, privKeyPem, data, saltLength) {
-  const parsed = parsePemKey(privKeyPem);
-  if (parsed.type !== "rsa-private") throw new Error("RSA-PSS: expected RSA private key");
-  const { n, d } = parsed.components;
-  const keyBits = rsaKeySize(n);
-  const keyBytes = Math.ceil(keyBits / 8);
-  const mHash = hashDigest(hashAlgo, data);
-  const EM = emsaPssEncode(mHash, keyBits - 1, hashAlgo, saltLength);
-  const m = bytesToBigInt(EM);
-  const s = modPow(m, d, n);
-  return bigIntToBytes(s, keyBytes);
+	const parsed = parsePemKey(privKeyPem);
+	if (parsed.type !== "rsa-private") throw new Error("RSA-PSS: expected RSA private key");
+	const { n, d } = parsed.components;
+	const keyBits = rsaKeySize(n);
+	const keyBytes = Math.ceil(keyBits / 8);
+	const mHash = hashDigest(hashAlgo, data);
+	const EM = emsaPssEncode(mHash, keyBits - 1, hashAlgo, saltLength);
+	const m = bytesToBigInt(EM);
+	const s = modPow(m, d, n);
+	return bigIntToBytes(s, keyBytes);
 }
+/**
+* RSA-PSS verify using PEM public key.
+*/
 function rsaPssVerify(hashAlgo, pubKeyPem, signature, data, saltLength) {
-  const parsed = parsePemKey(pubKeyPem);
-  let n, e;
-  if (parsed.type === "rsa-public") {
-    ({ n, e } = parsed.components);
-  } else if (parsed.type === "rsa-private") {
-    ({ n, e } = parsed.components);
-  } else {
-    throw new Error("RSA-PSS: expected RSA key");
-  }
-  const keyBits = rsaKeySize(n);
-  const keyBytes = Math.ceil(keyBits / 8);
-  if (signature.length !== keyBytes) return false;
-  const s = bytesToBigInt(signature);
-  const m = modPow(s, e, n);
-  const EM = bigIntToBytes(m, Math.ceil((keyBits - 1) / 8));
-  const mHash = hashDigest(hashAlgo, data);
-  return emsaPssVerify(mHash, EM, keyBits - 1, hashAlgo, saltLength);
+	const parsed = parsePemKey(pubKeyPem);
+	let n, e;
+	if (parsed.type === "rsa-public") {
+		({n, e} = parsed.components);
+	} else if (parsed.type === "rsa-private") {
+		({n, e} = parsed.components);
+	} else {
+		throw new Error("RSA-PSS: expected RSA key");
+	}
+	const keyBits = rsaKeySize(n);
+	const keyBytes = Math.ceil(keyBits / 8);
+	if (signature.length !== keyBytes) return false;
+	const s = bytesToBigInt(signature);
+	const m = modPow(s, e, n);
+	const EM = bigIntToBytes(m, Math.ceil((keyBits - 1) / 8));
+	const mHash = hashDigest(hashAlgo, data);
+	return emsaPssVerify(mHash, EM, keyBits - 1, hashAlgo, saltLength);
 }
-export {
-  rsaPssSign,
-  rsaPssVerify
-};
+
+//#endregion
+export { rsaPssSign, rsaPssVerify };