@gjsify/crypto 0.3.15 → 0.3.17

package/lib/esm/public-encrypt.js

@@ -1,222 +1 @@
-import { parsePemKey, rsaKeySize } from "./asn1.js";
-import { bigIntToBytes, bytesToBigInt, modPow } from "./bigint-math.js";
-import { randomBytes } from "./random.js";
-import { Buffer } from "node:buffer";
-
-//#region src/public-encrypt.ts
-function extractPem(key) {
-	if (typeof key === "string") {
-		return key;
-	}
-	if (Buffer.isBuffer(key) || key instanceof Uint8Array) {
-		return Buffer.from(key).toString("utf8");
-	}
-	if (key && typeof key === "object" && "key" in key) {
-		const k = key.key;
-		if (typeof k === "string") return k;
-		if (Buffer.isBuffer(k) || k instanceof Uint8Array) return Buffer.from(k).toString("utf8");
-	}
-	throw new TypeError("Invalid key argument");
-}
-/**
-* Apply PKCS#1 v1.5 Type 2 padding (for encryption).
-* Format: 0x00 0x02 [random non-zero bytes] 0x00 [data]
-* The padding string (PS) must be at least 8 bytes.
-*/
-function pkcs1v15Type2Pad(data, keyLen) {
-	const maxDataLen = keyLen - 11;
-	if (data.length > maxDataLen) {
-		throw new Error(`Data too long for key size. Max ${maxDataLen} bytes, got ${data.length}`);
-	}
-	const padLen = keyLen - data.length - 3;
-	const em = new Uint8Array(keyLen);
-	em[0] = 0;
-	em[1] = 2;
-	const padding = randomBytes(padLen);
-	for (let i = 0; i < padLen; i++) {
-		while (padding[i] === 0) {
-			const replacement = randomBytes(1);
-			padding[i] = replacement[0];
-		}
-		em[2 + i] = padding[i];
-	}
-	em[2 + padLen] = 0;
-	em.set(data, 3 + padLen);
-	return em;
-}
-/**
-* Apply PKCS#1 v1.5 Type 1 padding (for private-key encryption / signature).
-* Format: 0x00 0x01 [0xFF bytes] 0x00 [data]
-*/
-function pkcs1v15Type1Pad(data, keyLen) {
-	const maxDataLen = keyLen - 11;
-	if (data.length > maxDataLen) {
-		throw new Error(`Data too long for key size. Max ${maxDataLen} bytes, got ${data.length}`);
-	}
-	const padLen = keyLen - data.length - 3;
-	const em = new Uint8Array(keyLen);
-	em[0] = 0;
-	em[1] = 1;
-	for (let i = 2; i < 2 + padLen; i++) {
-		em[i] = 255;
-	}
-	em[2 + padLen] = 0;
-	em.set(data, 3 + padLen);
-	return em;
-}
-/**
-* Remove PKCS#1 v1.5 Type 2 padding (after decryption with private key).
-* Expects: 0x00 0x02 [random non-zero bytes] 0x00 [data]
-*/
-function pkcs1v15Type2Unpad(em) {
-	if (em.length < 11) {
-		throw new Error("Decryption error: message too short");
-	}
-	if (em[0] !== 0 || em[1] !== 2) {
-		throw new Error("Decryption error: invalid padding");
-	}
-	let sepIdx = 2;
-	while (sepIdx < em.length && em[sepIdx] !== 0) {
-		sepIdx++;
-	}
-	if (sepIdx >= em.length || sepIdx < 10) {
-		throw new Error("Decryption error: invalid padding");
-	}
-	return em.slice(sepIdx + 1);
-}
-/**
-* Remove PKCS#1 v1.5 Type 1 padding (after decryption with public key).
-* Expects: 0x00 0x01 [0xFF bytes] 0x00 [data]
-*/
-function pkcs1v15Type1Unpad(em) {
-	if (em.length < 11) {
-		throw new Error("Decryption error: message too short");
-	}
-	if (em[0] !== 0 || em[1] !== 1) {
-		throw new Error("Decryption error: invalid padding");
-	}
-	let sepIdx = 2;
-	while (sepIdx < em.length && em[sepIdx] === 255) {
-		sepIdx++;
-	}
-	if (sepIdx >= em.length || em[sepIdx] !== 0 || sepIdx < 10) {
-		throw new Error("Decryption error: invalid padding");
-	}
-	return em.slice(sepIdx + 1);
-}
-/**
-* Encrypt data using an RSA public key with PKCS#1 v1.5 Type 2 padding.
-*
-* @param key - PEM-encoded RSA public key (or private key, from which public components are extracted)
-* @param buffer - Data to encrypt (must be <= keyLen - 11 bytes)
-* @returns Encrypted data as a Buffer
-*/
-function publicEncrypt(key, buffer) {
-	const pem = extractPem(key);
-	const parsed = parsePemKey(pem);
-	let n;
-	let e;
-	if (parsed.type === "rsa-public") {
-		n = parsed.components.n;
-		e = parsed.components.e;
-	} else if (parsed.type === "rsa-private") {
-		n = parsed.components.n;
-		e = parsed.components.e;
-	} else {
-		throw new Error("Key must be an RSA public or private key");
-	}
-	const keyLen = rsaKeySize(n);
-	const data = buffer instanceof Uint8Array ? buffer : Buffer.from(buffer);
-	const em = pkcs1v15Type2Pad(data, keyLen);
-	const m = bytesToBigInt(em);
-	const c = modPow(m, e, n);
-	return Buffer.from(bigIntToBytes(c, keyLen));
-}
-/**
-* Decrypt data using an RSA private key (reverses publicEncrypt).
-*
-* @param key - PEM-encoded RSA private key
-* @param buffer - Encrypted data
-* @returns Decrypted data as a Buffer
-*/
-function privateDecrypt(key, buffer) {
-	const pem = extractPem(key);
-	const parsed = parsePemKey(pem);
-	if (parsed.type !== "rsa-private") {
-		throw new Error("Key must be an RSA private key");
-	}
-	const { n, d } = parsed.components;
-	const keyLen = rsaKeySize(n);
-	const data = buffer instanceof Uint8Array ? buffer : Buffer.from(buffer);
-	if (data.length !== keyLen) {
-		throw new Error(`Data length (${data.length}) does not match key length (${keyLen})`);
-	}
-	const c = bytesToBigInt(data);
-	if (c >= n) {
-		throw new Error("Decryption error: cipher value out of range");
-	}
-	const m = modPow(c, d, n);
-	const em = bigIntToBytes(m, keyLen);
-	return Buffer.from(pkcs1v15Type2Unpad(em));
-}
-/**
-* Encrypt data using an RSA private key with PKCS#1 v1.5 Type 1 padding.
-* This is the raw RSA private-key operation used for compatibility with
-* signature-like use cases.
-*
-* @param key - PEM-encoded RSA private key
-* @param buffer - Data to encrypt
-* @returns Encrypted data as a Buffer
-*/
-function privateEncrypt(key, buffer) {
-	const pem = extractPem(key);
-	const parsed = parsePemKey(pem);
-	if (parsed.type !== "rsa-private") {
-		throw new Error("Key must be an RSA private key");
-	}
-	const { n, d } = parsed.components;
-	const keyLen = rsaKeySize(n);
-	const data = buffer instanceof Uint8Array ? buffer : Buffer.from(buffer);
-	const em = pkcs1v15Type1Pad(data, keyLen);
-	const m = bytesToBigInt(em);
-	const c = modPow(m, d, n);
-	return Buffer.from(bigIntToBytes(c, keyLen));
-}
-/**
-* Decrypt data using an RSA public key (reverses privateEncrypt).
-* Removes PKCS#1 v1.5 Type 1 padding.
-*
-* @param key - PEM-encoded RSA public key (or private key for public components)
-* @param buffer - Encrypted data
-* @returns Decrypted data as a Buffer
-*/
-function publicDecrypt(key, buffer) {
-	const pem = extractPem(key);
-	const parsed = parsePemKey(pem);
-	let n;
-	let e;
-	if (parsed.type === "rsa-public") {
-		n = parsed.components.n;
-		e = parsed.components.e;
-	} else if (parsed.type === "rsa-private") {
-		n = parsed.components.n;
-		e = parsed.components.e;
-	} else {
-		throw new Error("Key must be an RSA public or private key");
-	}
-	const keyLen = rsaKeySize(n);
-	const data = buffer instanceof Uint8Array ? buffer : Buffer.from(buffer);
-	if (data.length !== keyLen) {
-		throw new Error(`Data length (${data.length}) does not match key length (${keyLen})`);
-	}
-	const c = bytesToBigInt(data);
-	if (c >= n) {
-		throw new Error("Decryption error: cipher value out of range");
-	}
-	const m = modPow(c, e, n);
-	const em = bigIntToBytes(m, keyLen);
-	return Buffer.from(pkcs1v15Type1Unpad(em));
-}
-
-//#endregion
-export { privateDecrypt, privateEncrypt, publicDecrypt, publicEncrypt };
+import{parsePemKey as e,rsaKeySize as t}from"./asn1.js";import{bigIntToBytes as n,bytesToBigInt as r,modPow as i}from"./bigint-math.js";import{randomBytes as a}from"./random.js";import{Buffer as o}from"node:buffer";function s(e){if(typeof e==`string`)return e;if(o.isBuffer(e)||e instanceof Uint8Array)return o.from(e).toString(`utf8`);if(e&&typeof e==`object`&&`key`in e){let t=e.key;if(typeof t==`string`)return t;if(o.isBuffer(t)||t instanceof Uint8Array)return o.from(t).toString(`utf8`)}throw TypeError(`Invalid key argument`)}function c(e,t){let n=t-11;if(e.length>n)throw Error(`Data too long for key size. Max ${n} bytes, got ${e.length}`);let r=t-e.length-3,i=new Uint8Array(t);i[0]=0,i[1]=2;let o=a(r);for(let e=0;e<r;e++){for(;o[e]===0;)o[e]=a(1)[0];i[2+e]=o[e]}return i[2+r]=0,i.set(e,3+r),i}function l(e,t){let n=t-11;if(e.length>n)throw Error(`Data too long for key size. Max ${n} bytes, got ${e.length}`);let r=t-e.length-3,i=new Uint8Array(t);i[0]=0,i[1]=1;for(let e=2;e<2+r;e++)i[e]=255;return i[2+r]=0,i.set(e,3+r),i}function u(e){if(e.length<11)throw Error(`Decryption error: message too short`);if(e[0]!==0||e[1]!==2)throw Error(`Decryption error: invalid padding`);let t=2;for(;t<e.length&&e[t]!==0;)t++;if(t>=e.length||t<10)throw Error(`Decryption error: invalid padding`);return e.slice(t+1)}function d(e){if(e.length<11)throw Error(`Decryption error: message too short`);if(e[0]!==0||e[1]!==1)throw Error(`Decryption error: invalid padding`);let t=2;for(;t<e.length&&e[t]===255;)t++;if(t>=e.length||e[t]!==0||t<10)throw Error(`Decryption error: invalid padding`);return e.slice(t+1)}function f(a,l){let u=e(s(a)),d,f;if(u.type===`rsa-public`)d=u.components.n,f=u.components.e;else if(u.type===`rsa-private`)d=u.components.n,f=u.components.e;else throw Error(`Key must be an RSA public or private key`);let p=t(d),m=i(r(c(l instanceof Uint8Array?l:o.from(l),p)),f,d);return o.from(n(m,p))}function p(a,c){let l=e(s(a));if(l.type!==`rsa-private`)throw Error(`Key must be an RSA private key`);let{n:d,d:f}=l.components,p=t(d),m=c instanceof Uint8Array?c:o.from(c);if(m.length!==p)throw Error(`Data length (${m.length}) does not match key length (${p})`);let h=r(m);if(h>=d)throw Error(`Decryption error: cipher value out of range`);let g=n(i(h,f,d),p);return o.from(u(g))}function m(a,c){let u=e(s(a));if(u.type!==`rsa-private`)throw Error(`Key must be an RSA private key`);let{n:d,d:f}=u.components,p=t(d),m=i(r(l(c instanceof Uint8Array?c:o.from(c),p)),f,d);return o.from(n(m,p))}function h(a,c){let l=e(s(a)),u,f;if(l.type===`rsa-public`)u=l.components.n,f=l.components.e;else if(l.type===`rsa-private`)u=l.components.n,f=l.components.e;else throw Error(`Key must be an RSA public or private key`);let p=t(u),m=c instanceof Uint8Array?c:o.from(c);if(m.length!==p)throw Error(`Data length (${m.length}) does not match key length (${p})`);let h=r(m);if(h>=u)throw Error(`Decryption error: cipher value out of range`);let g=n(i(h,f,u),p);return o.from(d(g))}export{p as privateDecrypt,m as privateEncrypt,h as publicDecrypt,f as publicEncrypt};

package/lib/esm/random.js

@@ -1,151 +1 @@
-import { Buffer } from "node:buffer";
-
-//#region src/random.ts
-const hasWebCrypto = typeof globalThis.crypto !== "undefined" && typeof globalThis.crypto.getRandomValues === "function";
-/**
-* Fill a Uint8Array with random bytes, using WebCrypto or GLib.Random fallback.
-*/
-function fillRandom(view) {
-	if (hasWebCrypto) {
-		for (let offset = 0; offset < view.length; offset += 65536) {
-			const length = Math.min(view.length - offset, 65536);
-			const slice = new Uint8Array(view.buffer, view.byteOffset + offset, length);
-			globalThis.crypto.getRandomValues(slice);
-		}
-	} else {
-		try {
-			const GLib = imports.gi.GLib;
-			for (let i = 0; i < view.length; i++) {
-				view[i] = GLib.random_int_range(0, 256);
-			}
-		} catch {
-			for (let i = 0; i < view.length; i++) {
-				view[i] = Math.floor(Math.random() * 256);
-			}
-		}
-	}
-}
-function randomBytes(size, callback) {
-	if (typeof size !== "number" || size < 0 || !Number.isInteger(size)) {
-		throw new TypeError(`The "size" argument must be a non-negative integer. Received ${size}`);
-	}
-	try {
-		const buf = Buffer.alloc(size);
-		if (size > 0) {
-			fillRandom(new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength));
-		}
-		if (callback) {
-			callback(null, buf);
-		} else {
-			return buf;
-		}
-	} catch (err) {
-		if (callback) {
-			callback(err, Buffer.alloc(0));
-		} else {
-			throw err;
-		}
-	}
-}
-/**
-* Fill a buffer with cryptographically strong pseudo-random data (synchronous).
-*/
-function randomFillSync(buffer, offset = 0, size) {
-	const length = size ?? buffer.length - offset;
-	if (offset < 0 || offset > buffer.length) {
-		throw new RangeError(`The value of "offset" is out of range. Received ${offset}`);
-	}
-	if (length < 0 || offset + length > buffer.length) {
-		throw new RangeError(`The value of "size" is out of range. Received ${length}`);
-	}
-	if (length > 0) {
-		const byteOffset = buffer instanceof Buffer ? buffer.byteOffset : buffer.byteOffset;
-		const view = new Uint8Array(buffer.buffer, byteOffset + offset, length);
-		fillRandom(view);
-	}
-	return buffer;
-}
-/**
-* Fill a buffer with cryptographically strong pseudo-random data (async).
-*/
-function randomFill(buffer, offset, size, callback) {
-	let _offset;
-	let _size;
-	let _callback;
-	if (typeof offset === "function") {
-		_callback = offset;
-		_offset = 0;
-		_size = buffer.length;
-	} else if (typeof size === "function") {
-		_callback = size;
-		_offset = offset;
-		_size = buffer.length - offset;
-	} else {
-		_callback = callback;
-		_offset = offset;
-		_size = size;
-	}
-	try {
-		randomFillSync(buffer, _offset, _size);
-		_callback(null, buffer);
-	} catch (err) {
-		_callback(err, buffer);
-	}
-}
-/**
-* Generate a random UUID v4 string.
-*/
-function randomUUID() {
-	if (hasWebCrypto && typeof globalThis.crypto.randomUUID === "function") {
-		return globalThis.crypto.randomUUID();
-	}
-	const bytes = new Uint8Array(16);
-	fillRandom(bytes);
-	bytes[6] = bytes[6] & 15 | 64;
-	bytes[8] = bytes[8] & 63 | 128;
-	const hex = Array.from(bytes, (b) => b.toString(16).padStart(2, "0")).join("");
-	return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
-}
-/**
-* Generate a random integer between min (inclusive) and max (exclusive).
-*/
-function randomInt(min, max, callback) {
-	let _min;
-	let _max;
-	let _callback;
-	if (typeof max === "function") {
-		_callback = max;
-		_max = min;
-		_min = 0;
-	} else if (typeof max === "number") {
-		_min = min;
-		_max = max;
-		_callback = callback;
-	} else {
-		_max = min;
-		_min = 0;
-		_callback = callback;
-	}
-	if (!Number.isInteger(_min)) {
-		throw new TypeError(`The "min" argument must be a safe integer. Received ${_min}`);
-	}
-	if (!Number.isInteger(_max)) {
-		throw new TypeError(`The "max" argument must be a safe integer. Received ${_max}`);
-	}
-	if (_min >= _max) {
-		throw new RangeError(`The value of "min" must be less than "max". Received min: ${_min}, max: ${_max}`);
-	}
-	const range = _max - _min;
-	const bytes = new Uint32Array(1);
-	const view = new Uint8Array(bytes.buffer);
-	fillRandom(view);
-	const value = _min + bytes[0] % range;
-	if (_callback) {
-		_callback(null, value);
-	} else {
-		return value;
-	}
-}
-
-//#endregion
-export { randomBytes, randomFill, randomFillSync, randomInt, randomUUID };
+import{Buffer as e}from"node:buffer";const t=globalThis.crypto!==void 0&&typeof globalThis.crypto.getRandomValues==`function`;function n(e){if(t)for(let t=0;t<e.length;t+=65536){let n=Math.min(e.length-t,65536),r=new Uint8Array(e.buffer,e.byteOffset+t,n);globalThis.crypto.getRandomValues(r)}else try{let t=imports.gi.GLib;for(let n=0;n<e.length;n++)e[n]=t.random_int_range(0,256)}catch{for(let t=0;t<e.length;t++)e[t]=Math.floor(Math.random()*256)}}function r(t,r){if(typeof t!=`number`||t<0||!Number.isInteger(t))throw TypeError(`The "size" argument must be a non-negative integer. Received ${t}`);try{let i=e.alloc(t);if(t>0&&n(new Uint8Array(i.buffer,i.byteOffset,i.byteLength)),r)r(null,i);else return i}catch(t){if(r)r(t,e.alloc(0));else throw t}}function i(t,r=0,i){let a=i??t.length-r;if(r<0||r>t.length)throw RangeError(`The value of "offset" is out of range. Received ${r}`);if(a<0||r+a>t.length)throw RangeError(`The value of "size" is out of range. Received ${a}`);if(a>0){let i=(t instanceof e,t.byteOffset);n(new Uint8Array(t.buffer,i+r,a))}return t}function a(e,t,n,r){let a,o,s;typeof t==`function`?(s=t,a=0,o=e.length):typeof n==`function`?(s=n,a=t,o=e.length-t):(s=r,a=t,o=n);try{i(e,a,o),s(null,e)}catch(t){s(t,e)}}function o(){if(t&&typeof globalThis.crypto.randomUUID==`function`)return globalThis.crypto.randomUUID();let e=new Uint8Array(16);n(e),e[6]=e[6]&15|64,e[8]=e[8]&63|128;let r=Array.from(e,e=>e.toString(16).padStart(2,`0`)).join(``);return`${r.slice(0,8)}-${r.slice(8,12)}-${r.slice(12,16)}-${r.slice(16,20)}-${r.slice(20)}`}function s(e,t,r){let i,a,o;if(typeof t==`function`?(o=t,a=e,i=0):typeof t==`number`?(i=e,a=t,o=r):(a=e,i=0,o=r),!Number.isInteger(i))throw TypeError(`The "min" argument must be a safe integer. Received ${i}`);if(!Number.isInteger(a))throw TypeError(`The "max" argument must be a safe integer. Received ${a}`);if(i>=a)throw RangeError(`The value of "min" must be less than "max". Received min: ${i}, max: ${a}`);let s=a-i,c=new Uint32Array(1);n(new Uint8Array(c.buffer));let l=i+c[0]%s;if(o)o(null,l);else return l}export{r as randomBytes,a as randomFill,i as randomFillSync,s as randomInt,o as randomUUID};

package/lib/esm/rsa-oaep.js

@@ -1,102 +1 @@
-import { parsePemKey, rsaKeySize } from "./asn1.js";
-import { bigIntToBytes, bytesToBigInt, modPow } from "./bigint-math.js";
-import { hashSize } from "./crypto-utils.js";
-import { randomBytes } from "./random.js";
-import { Hash } from "./hash.js";
-import { mgf1 } from "./mgf1.js";
-
-//#region src/rsa-oaep.ts
-function hashDigest(algo, data) {
-	const h = new Hash(algo);
-	h.update(data);
-	return new Uint8Array(h.digest());
-}
-/**
-* RSA-OAEP encrypt using PEM public key.
-*/
-function rsaOaepEncrypt(hashAlgo, pubKeyPem, plaintext, label) {
-	const parsed = parsePemKey(pubKeyPem);
-	let n, e;
-	if (parsed.type === "rsa-public") {
-		({n, e} = parsed.components);
-	} else if (parsed.type === "rsa-private") {
-		({n, e} = parsed.components);
-	} else {
-		throw new Error("RSA-OAEP: expected RSA key");
-	}
-	const keyBytes = Math.ceil(rsaKeySize(n) / 8);
-	const hLen = hashSize(hashAlgo);
-	if (plaintext.length > keyBytes - 2 * hLen - 2) {
-		throw new Error("RSA-OAEP: message too long");
-	}
-	const lHash = hashDigest(hashAlgo, label || new Uint8Array(0));
-	const dbLen = keyBytes - hLen - 1;
-	const DB = new Uint8Array(dbLen);
-	DB.set(lHash, 0);
-	DB[dbLen - plaintext.length - 1] = 1;
-	DB.set(plaintext, dbLen - plaintext.length);
-	const seed = new Uint8Array(randomBytes(hLen));
-	const dbMask = mgf1(hashAlgo, seed, dbLen);
-	const maskedDB = new Uint8Array(dbLen);
-	for (let i = 0; i < dbLen; i++) maskedDB[i] = DB[i] ^ dbMask[i];
-	const seedMask = mgf1(hashAlgo, maskedDB, hLen);
-	const maskedSeed = new Uint8Array(hLen);
-	for (let i = 0; i < hLen; i++) maskedSeed[i] = seed[i] ^ seedMask[i];
-	const EM = new Uint8Array(keyBytes);
-	EM[0] = 0;
-	EM.set(maskedSeed, 1);
-	EM.set(maskedDB, 1 + hLen);
-	const m = bytesToBigInt(EM);
-	const c = modPow(m, e, n);
-	return bigIntToBytes(c, keyBytes);
-}
-/**
-* RSA-OAEP decrypt using PEM private key.
-*/
-function rsaOaepDecrypt(hashAlgo, privKeyPem, ciphertext, label) {
-	const parsed = parsePemKey(privKeyPem);
-	if (parsed.type !== "rsa-private") throw new Error("RSA-OAEP: expected RSA private key");
-	const { n, d } = parsed.components;
-	const keyBytes = Math.ceil(rsaKeySize(n) / 8);
-	const hLen = hashSize(hashAlgo);
-	if (ciphertext.length !== keyBytes || keyBytes < 2 * hLen + 2) {
-		throw new Error("RSA-OAEP: decryption error");
-	}
-	const c = bytesToBigInt(ciphertext);
-	const m = modPow(c, d, n);
-	const EM = bigIntToBytes(m, keyBytes);
-	const Y = EM[0];
-	const maskedSeed = EM.slice(1, 1 + hLen);
-	const maskedDB = EM.slice(1 + hLen);
-	const dbLen = keyBytes - hLen - 1;
-	const seedMask = mgf1(hashAlgo, maskedDB, hLen);
-	const seed = new Uint8Array(hLen);
-	for (let i = 0; i < hLen; i++) seed[i] = maskedSeed[i] ^ seedMask[i];
-	const dbMask = mgf1(hashAlgo, seed, dbLen);
-	const DB = new Uint8Array(dbLen);
-	for (let i = 0; i < dbLen; i++) DB[i] = maskedDB[i] ^ dbMask[i];
-	const lHash = hashDigest(hashAlgo, label || new Uint8Array(0));
-	const lHashPrime = DB.slice(0, hLen);
-	let valid = Y === 0 ? 1 : 0;
-	for (let i = 0; i < hLen; i++) {
-		valid &= lHash[i] === lHashPrime[i] ? 1 : 0;
-	}
-	let sepIdx = -1;
-	for (let i = hLen; i < dbLen; i++) {
-		if (DB[i] === 1) {
-			sepIdx = i;
-			break;
-		} else if (DB[i] !== 0) {
-			valid = 0;
-			break;
-		}
-	}
-	if (sepIdx === -1) valid = 0;
-	if (!valid) {
-		throw new Error("RSA-OAEP: decryption error");
-	}
-	return DB.slice(sepIdx + 1);
-}
-
-//#endregion
-export { rsaOaepDecrypt, rsaOaepEncrypt };
+import{parsePemKey as e,rsaKeySize as t}from"./asn1.js";import{bigIntToBytes as n,bytesToBigInt as r,modPow as i}from"./bigint-math.js";import{hashSize as a}from"./crypto-utils.js";import{randomBytes as o}from"./random.js";import{Hash as s}from"./hash.js";import{mgf1 as c}from"./mgf1.js";function l(e,t){let n=new s(e);return n.update(t),new Uint8Array(n.digest())}function u(s,u,d,f){let p=e(u),m,h;if(p.type===`rsa-public`)({n:m,e:h}=p.components);else if(p.type===`rsa-private`)({n:m,e:h}=p.components);else throw Error(`RSA-OAEP: expected RSA key`);let g=Math.ceil(t(m)/8),_=a(s);if(d.length>g-2*_-2)throw Error(`RSA-OAEP: message too long`);let v=l(s,f||new Uint8Array),y=g-_-1,b=new Uint8Array(y);b.set(v,0),b[y-d.length-1]=1,b.set(d,y-d.length);let x=new Uint8Array(o(_)),S=c(s,x,y),C=new Uint8Array(y);for(let e=0;e<y;e++)C[e]=b[e]^S[e];let w=c(s,C,_),T=new Uint8Array(_);for(let e=0;e<_;e++)T[e]=x[e]^w[e];let E=new Uint8Array(g);return E[0]=0,E.set(T,1),E.set(C,1+_),n(i(r(E),h,m),g)}function d(o,s,u,d){let f=e(s);if(f.type!==`rsa-private`)throw Error(`RSA-OAEP: expected RSA private key`);let{n:p,d:m}=f.components,h=Math.ceil(t(p)/8),g=a(o);if(u.length!==h||h<2*g+2)throw Error(`RSA-OAEP: decryption error`);let _=n(i(r(u),m,p),h),v=_[0],y=_.slice(1,1+g),b=_.slice(1+g),x=h-g-1,S=c(o,b,g),C=new Uint8Array(g);for(let e=0;e<g;e++)C[e]=y[e]^S[e];let w=c(o,C,x),T=new Uint8Array(x);for(let e=0;e<x;e++)T[e]=b[e]^w[e];let E=l(o,d||new Uint8Array),D=T.slice(0,g),O=+(v===0);for(let e=0;e<g;e++)O&=+(E[e]===D[e]);let k=-1;for(let e=g;e<x;e++)if(T[e]===1){k=e;break}else if(T[e]!==0){O=0;break}if(k===-1&&(O=0),!O)throw Error(`RSA-OAEP: decryption error`);return T.slice(k+1)}export{d as rsaOaepDecrypt,u as rsaOaepEncrypt};

package/lib/esm/rsa-pss.js

@@ -1,107 +1 @@
-import { parsePemKey, rsaKeySize } from "./asn1.js";
-import { bigIntToBytes, bytesToBigInt, modPow } from "./bigint-math.js";
-import { hashSize } from "./crypto-utils.js";
-import { randomBytes } from "./random.js";
-import { Hash } from "./hash.js";
-import { mgf1 } from "./mgf1.js";
-
-//#region src/rsa-pss.ts
-function hashDigest(algo, data) {
-	const h = new Hash(algo);
-	h.update(data);
-	return new Uint8Array(h.digest());
-}
-function emsaPssEncode(mHash, emBits, hashAlgo, saltLength) {
-	const hLen = hashSize(hashAlgo);
-	const emLen = Math.ceil(emBits / 8);
-	if (emLen < hLen + saltLength + 2) {
-		throw new Error("RSA-PSS: encoding error — key too short");
-	}
-	const salt = saltLength > 0 ? new Uint8Array(randomBytes(saltLength)) : new Uint8Array(0);
-	const mPrime = new Uint8Array(8 + hLen + saltLength);
-	mPrime.set(mHash, 8);
-	mPrime.set(salt, 8 + hLen);
-	const H = hashDigest(hashAlgo, mPrime);
-	const dbLen = emLen - hLen - 1;
-	const DB = new Uint8Array(dbLen);
-	DB[dbLen - saltLength - 1] = 1;
-	DB.set(salt, dbLen - saltLength);
-	const dbMask = mgf1(hashAlgo, H, dbLen);
-	const maskedDB = new Uint8Array(dbLen);
-	for (let i = 0; i < dbLen; i++) maskedDB[i] = DB[i] ^ dbMask[i];
-	const zeroBits = 8 * emLen - emBits;
-	if (zeroBits > 0) maskedDB[0] &= 255 >>> zeroBits;
-	const EM = new Uint8Array(emLen);
-	EM.set(maskedDB, 0);
-	EM.set(H, dbLen);
-	EM[emLen - 1] = 188;
-	return EM;
-}
-function emsaPssVerify(mHash, EM, emBits, hashAlgo, saltLength) {
-	const hLen = hashSize(hashAlgo);
-	const emLen = Math.ceil(emBits / 8);
-	if (emLen < hLen + saltLength + 2) return false;
-	if (EM[emLen - 1] !== 188) return false;
-	const dbLen = emLen - hLen - 1;
-	const maskedDB = EM.slice(0, dbLen);
-	const H = EM.slice(dbLen, dbLen + hLen);
-	const zeroBits = 8 * emLen - emBits;
-	if (zeroBits > 0 && (maskedDB[0] & 255 << 8 - zeroBits) !== 0) return false;
-	const dbMask = mgf1(hashAlgo, H, dbLen);
-	const DB = new Uint8Array(dbLen);
-	for (let i = 0; i < dbLen; i++) DB[i] = maskedDB[i] ^ dbMask[i];
-	if (zeroBits > 0) DB[0] &= 255 >>> zeroBits;
-	for (let i = 0; i < dbLen - saltLength - 1; i++) {
-		if (DB[i] !== 0) return false;
-	}
-	if (DB[dbLen - saltLength - 1] !== 1) return false;
-	const salt = DB.slice(dbLen - saltLength);
-	const mPrime = new Uint8Array(8 + hLen + saltLength);
-	mPrime.set(mHash, 8);
-	mPrime.set(salt, 8 + hLen);
-	const HPrime = hashDigest(hashAlgo, mPrime);
-	if (H.length !== HPrime.length) return false;
-	let diff = 0;
-	for (let i = 0; i < H.length; i++) diff |= H[i] ^ HPrime[i];
-	return diff === 0;
-}
-/**
-* RSA-PSS sign using PEM private key.
-*/
-function rsaPssSign(hashAlgo, privKeyPem, data, saltLength) {
-	const parsed = parsePemKey(privKeyPem);
-	if (parsed.type !== "rsa-private") throw new Error("RSA-PSS: expected RSA private key");
-	const { n, d } = parsed.components;
-	const keyBits = rsaKeySize(n);
-	const keyBytes = Math.ceil(keyBits / 8);
-	const mHash = hashDigest(hashAlgo, data);
-	const EM = emsaPssEncode(mHash, keyBits - 1, hashAlgo, saltLength);
-	const m = bytesToBigInt(EM);
-	const s = modPow(m, d, n);
-	return bigIntToBytes(s, keyBytes);
-}
-/**
-* RSA-PSS verify using PEM public key.
-*/
-function rsaPssVerify(hashAlgo, pubKeyPem, signature, data, saltLength) {
-	const parsed = parsePemKey(pubKeyPem);
-	let n, e;
-	if (parsed.type === "rsa-public") {
-		({n, e} = parsed.components);
-	} else if (parsed.type === "rsa-private") {
-		({n, e} = parsed.components);
-	} else {
-		throw new Error("RSA-PSS: expected RSA key");
-	}
-	const keyBits = rsaKeySize(n);
-	const keyBytes = Math.ceil(keyBits / 8);
-	if (signature.length !== keyBytes) return false;
-	const s = bytesToBigInt(signature);
-	const m = modPow(s, e, n);
-	const EM = bigIntToBytes(m, Math.ceil((keyBits - 1) / 8));
-	const mHash = hashDigest(hashAlgo, data);
-	return emsaPssVerify(mHash, EM, keyBits - 1, hashAlgo, saltLength);
-}
-
-//#endregion
-export { rsaPssSign, rsaPssVerify };
+import{parsePemKey as e,rsaKeySize as t}from"./asn1.js";import{bigIntToBytes as n,bytesToBigInt as r,modPow as i}from"./bigint-math.js";import{hashSize as a}from"./crypto-utils.js";import{randomBytes as o}from"./random.js";import{Hash as s}from"./hash.js";import{mgf1 as c}from"./mgf1.js";function l(e,t){let n=new s(e);return n.update(t),new Uint8Array(n.digest())}function u(e,t,n,r){let i=a(n),s=Math.ceil(t/8);if(s<i+r+2)throw Error(`RSA-PSS: encoding error — key too short`);let u=r>0?new Uint8Array(o(r)):new Uint8Array,d=new Uint8Array(8+i+r);d.set(e,8),d.set(u,8+i);let f=l(n,d),p=s-i-1,m=new Uint8Array(p);m[p-r-1]=1,m.set(u,p-r);let h=c(n,f,p),g=new Uint8Array(p);for(let e=0;e<p;e++)g[e]=m[e]^h[e];let _=8*s-t;_>0&&(g[0]&=255>>>_);let v=new Uint8Array(s);return v.set(g,0),v.set(f,p),v[s-1]=188,v}function d(e,t,n,r,i){let o=a(r),s=Math.ceil(n/8);if(s<o+i+2||t[s-1]!==188)return!1;let u=s-o-1,d=t.slice(0,u),f=t.slice(u,u+o),p=8*s-n;if(p>0&&d[0]&255<<8-p)return!1;let m=c(r,f,u),h=new Uint8Array(u);for(let e=0;e<u;e++)h[e]=d[e]^m[e];p>0&&(h[0]&=255>>>p);for(let e=0;e<u-i-1;e++)if(h[e]!==0)return!1;if(h[u-i-1]!==1)return!1;let g=h.slice(u-i),_=new Uint8Array(8+o+i);_.set(e,8),_.set(g,8+o);let v=l(r,_);if(f.length!==v.length)return!1;let y=0;for(let e=0;e<f.length;e++)y|=f[e]^v[e];return y===0}function f(a,o,s,c){let d=e(o);if(d.type!==`rsa-private`)throw Error(`RSA-PSS: expected RSA private key`);let{n:f,d:p}=d.components,m=t(f),h=Math.ceil(m/8);return n(i(r(u(l(a,s),m-1,a,c)),p,f),h)}function p(a,o,s,c,u){let f=e(o),p,m;if(f.type===`rsa-public`)({n:p,e:m}=f.components);else if(f.type===`rsa-private`)({n:p,e:m}=f.components);else throw Error(`RSA-PSS: expected RSA key`);let h=t(p),g=Math.ceil(h/8);if(s.length!==g)return!1;let _=n(i(r(s),m,p),Math.ceil((h-1)/8));return d(l(a,c),_,h-1,a,u)}export{f as rsaPssSign,p as rsaPssVerify};