@gjsify/crypto 0.3.16 → 0.3.17

package/lib/esm/key-object.js

@@ -1,371 +1 @@
-import { derToPem, encodePrivateKeyInfo, encodeRsaPrivateKeyPkcs1, encodeRsaPublicKeyPkcs1, encodeSubjectPublicKeyInfo, parsePemKey, rsaKeySize } from "./asn1.js";
-import { Buffer } from "node:buffer";
-
-//#region src/key-object.ts
-/** Convert BigInt to base64url-encoded string (no padding). */
-function bigintToBase64url(value) {
-	if (value === 0n) return "AA";
-	const hex = value.toString(16);
-	const paddedHex = hex.length % 2 ? "0" + hex : hex;
-	const bytes = [];
-	for (let i = 0; i < paddedHex.length; i += 2) {
-		bytes.push(parseInt(paddedHex.substring(i, i + 2), 16));
-	}
-	return Buffer.from(bytes).toString("base64url");
-}
-/** Convert base64url-encoded string to BigInt. */
-function base64urlToBigint(b64) {
-	const buf = Buffer.from(b64, "base64url");
-	let result = 0n;
-	for (let i = 0; i < buf.length; i++) {
-		result = result << 8n | BigInt(buf[i]);
-	}
-	return result;
-}
-var KeyObject = class KeyObject {
-	type;
-	/** @internal */
-	_handle;
-	constructor(type, handle) {
-		if (type !== "secret" && type !== "public" && type !== "private") {
-			throw new TypeError(`Invalid KeyObject type: ${type}`);
-		}
-		this.type = type;
-		this._handle = handle;
-	}
-	get symmetricKeySize() {
-		if (this.type !== "secret") return undefined;
-		return this._handle.byteLength;
-	}
-	get asymmetricKeyType() {
-		if (this.type === "secret") return undefined;
-		const handle = this._handle;
-		if (handle.parsed.type === "rsa-public" || handle.parsed.type === "rsa-private") {
-			return "rsa";
-		}
-		return undefined;
-	}
-	get asymmetricKeySize() {
-		if (this.type === "secret") return undefined;
-		const handle = this._handle;
-		if (handle.parsed.type === "rsa-public") {
-			return rsaKeySize(handle.parsed.components.n) / 8;
-		}
-		if (handle.parsed.type === "rsa-private") {
-			return rsaKeySize(handle.parsed.components.n) / 8;
-		}
-		return undefined;
-	}
-	equals(otherKeyObject) {
-		if (!(otherKeyObject instanceof KeyObject)) return false;
-		if (this.type !== otherKeyObject.type) return false;
-		if (this.type === "secret") {
-			const a = this._handle;
-			const b = otherKeyObject._handle;
-			if (a.byteLength !== b.byteLength) return false;
-			for (let i = 0; i < a.byteLength; i++) {
-				if (a[i] !== b[i]) return false;
-			}
-			return true;
-		}
-		const a = this._handle;
-		const b = otherKeyObject._handle;
-		return a.pem === b.pem;
-	}
-	export(options) {
-		if (this.type === "secret") {
-			const key = this._handle;
-			if (options?.format === "jwk") {
-				return {
-					kty: "oct",
-					k: Buffer.from(key).toString("base64url")
-				};
-			}
-			return Buffer.from(key);
-		}
-		const handle = this._handle;
-		const format = options?.format ?? "pem";
-		const keyType = options?.type;
-		if (format === "jwk") {
-			return exportJwk(handle.parsed, this.type);
-		}
-		if (format === "pem") {
-			if (handle.pem && !handle.pem.startsWith("[")) {
-				return handle.pem;
-			}
-			return generatePem(handle.parsed, this.type, keyType);
-		}
-		if (format === "der") {
-			if (handle.pem && !handle.pem.startsWith("[")) {
-				const lines = handle.pem.trim().split(/\r?\n/);
-				const headerIdx = lines.findIndex((l) => l.startsWith("-----BEGIN "));
-				const footerIdx = lines.findIndex((l, i) => i > headerIdx && l.startsWith("-----END "));
-				const base64Body = lines.slice(headerIdx + 1, footerIdx).join("");
-				return Buffer.from(base64Body, "base64");
-			}
-			return generateDer(handle.parsed, this.type, keyType);
-		}
-		throw new TypeError(`Unsupported export format: ${format}`);
-	}
-	get [Symbol.toStringTag]() {
-		return "KeyObject";
-	}
-};
-function exportJwk(parsed, keyType) {
-	if (parsed.type === "rsa-public") {
-		return {
-			kty: "RSA",
-			n: bigintToBase64url(parsed.components.n),
-			e: bigintToBase64url(parsed.components.e)
-		};
-	}
-	if (parsed.type === "rsa-private") {
-		if (keyType === "public") {
-			return {
-				kty: "RSA",
-				n: bigintToBase64url(parsed.components.n),
-				e: bigintToBase64url(parsed.components.e)
-			};
-		}
-		const { n, e, d, p, q } = parsed.components;
-		const dp = d % (p - 1n);
-		const dq = d % (q - 1n);
-		const qi = modInverse(q, p);
-		return {
-			kty: "RSA",
-			n: bigintToBase64url(n),
-			e: bigintToBase64url(e),
-			d: bigintToBase64url(d),
-			p: bigintToBase64url(p),
-			q: bigintToBase64url(q),
-			dp: bigintToBase64url(dp),
-			dq: bigintToBase64url(dq),
-			qi: bigintToBase64url(qi)
-		};
-	}
-	throw new Error("Unsupported key type for JWK export");
-}
-function importJwkRsa(jwk) {
-	if (jwk.d) {
-		const components = {
-			n: base64urlToBigint(jwk.n),
-			e: base64urlToBigint(jwk.e),
-			d: base64urlToBigint(jwk.d),
-			p: base64urlToBigint(jwk.p),
-			q: base64urlToBigint(jwk.q)
-		};
-		const parsed = {
-			type: "rsa-private",
-			components
-		};
-		const der = encodeRsaPrivateKeyPkcs1(components);
-		const pem = derToPem(der, "RSA PRIVATE KEY");
-		return {
-			parsed,
-			pem
-		};
-	}
-	const components = {
-		n: base64urlToBigint(jwk.n),
-		e: base64urlToBigint(jwk.e)
-	};
-	const parsed = {
-		type: "rsa-public",
-		components
-	};
-	const der = encodeSubjectPublicKeyInfo(components);
-	const pem = derToPem(der, "PUBLIC KEY");
-	return {
-		parsed,
-		pem
-	};
-}
-function generatePem(parsed, keyType, type) {
-	if (parsed.type === "rsa-public") {
-		if (type === "pkcs1") {
-			const der = encodeRsaPublicKeyPkcs1(parsed.components);
-			return derToPem(der, "RSA PUBLIC KEY");
-		}
-		const der = encodeSubjectPublicKeyInfo(parsed.components);
-		return derToPem(der, "PUBLIC KEY");
-	}
-	if (parsed.type === "rsa-private" && keyType === "public") {
-		const pubComponents = {
-			n: parsed.components.n,
-			e: parsed.components.e
-		};
-		if (type === "pkcs1") {
-			const der = encodeRsaPublicKeyPkcs1(pubComponents);
-			return derToPem(der, "RSA PUBLIC KEY");
-		}
-		const der = encodeSubjectPublicKeyInfo(pubComponents);
-		return derToPem(der, "PUBLIC KEY");
-	}
-	if (parsed.type === "rsa-private") {
-		if (type === "pkcs8") {
-			const der = encodePrivateKeyInfo(parsed.components);
-			return derToPem(der, "PRIVATE KEY");
-		}
-		const der = encodeRsaPrivateKeyPkcs1(parsed.components);
-		return derToPem(der, "RSA PRIVATE KEY");
-	}
-	throw new Error("Cannot generate PEM for this key type");
-}
-function generateDer(parsed, keyType, type) {
-	if (parsed.type === "rsa-public") {
-		if (type === "pkcs1") {
-			return Buffer.from(encodeRsaPublicKeyPkcs1(parsed.components));
-		}
-		return Buffer.from(encodeSubjectPublicKeyInfo(parsed.components));
-	}
-	if (parsed.type === "rsa-private" && keyType === "public") {
-		const pubComponents = {
-			n: parsed.components.n,
-			e: parsed.components.e
-		};
-		if (type === "pkcs1") {
-			return Buffer.from(encodeRsaPublicKeyPkcs1(pubComponents));
-		}
-		return Buffer.from(encodeSubjectPublicKeyInfo(pubComponents));
-	}
-	if (parsed.type === "rsa-private") {
-		if (type === "pkcs8") {
-			return Buffer.from(encodePrivateKeyInfo(parsed.components));
-		}
-		return Buffer.from(encodeRsaPrivateKeyPkcs1(parsed.components));
-	}
-	throw new Error("Cannot generate DER for this key type");
-}
-function modInverse(a, m) {
-	let [old_r, r] = [a % m, m];
-	let [old_s, s] = [1n, 0n];
-	while (r !== 0n) {
-		const q = old_r / r;
-		[old_r, r] = [r, old_r - q * r];
-		[old_s, s] = [s, old_s - q * s];
-	}
-	return (old_s % m + m) % m;
-}
-/**
-* Create a secret key from raw bytes.
-*/
-function createSecretKey(key, encoding) {
-	let keyBuf;
-	if (typeof key === "string") {
-		keyBuf = Buffer.from(key, encoding ?? "utf8");
-	} else {
-		keyBuf = new Uint8Array(key);
-	}
-	return new KeyObject("secret", keyBuf);
-}
-/**
-* Create a public key from PEM, DER, JWK, or another KeyObject.
-*/
-function createPublicKey(key) {
-	if (key instanceof KeyObject) {
-		if (key.type === "public") return key;
-		if (key.type === "private") {
-			const handle = key._handle;
-			if (handle.parsed.type === "rsa-private") {
-				const pubComponents = {
-					n: handle.parsed.components.n,
-					e: handle.parsed.components.e
-				};
-				const pubParsed = {
-					type: "rsa-public",
-					components: pubComponents
-				};
-				const der = encodeSubjectPublicKeyInfo(pubComponents);
-				const pem = derToPem(der, "PUBLIC KEY");
-				return new KeyObject("public", {
-					parsed: pubParsed,
-					pem
-				});
-			}
-		}
-		throw new TypeError("Cannot create public key from secret key");
-	}
-	if (typeof key === "object" && !Buffer.isBuffer(key) && "key" in key) {
-		const input = key;
-		if (input.format === "jwk") {
-			const jwk = input.key;
-			if (jwk.kty === "RSA") {
-				const { parsed, pem } = importJwkRsa({
-					n: jwk.n,
-					e: jwk.e
-				});
-				return new KeyObject("public", {
-					parsed,
-					pem
-				});
-			}
-			throw new Error(`Unsupported JWK key type: ${jwk.kty}`);
-		}
-	}
-	const pem = normalizePem(key);
-	const parsed = parsePemKey(pem);
-	if (parsed.type === "rsa-private") {
-		const pubComponents = {
-			n: parsed.components.n,
-			e: parsed.components.e
-		};
-		const pubParsed = {
-			type: "rsa-public",
-			components: pubComponents
-		};
-		const der = encodeSubjectPublicKeyInfo(pubComponents);
-		const pubPem = derToPem(der, "PUBLIC KEY");
-		return new KeyObject("public", {
-			parsed: pubParsed,
-			pem: pubPem
-		});
-	}
-	return new KeyObject("public", {
-		parsed,
-		pem
-	});
-}
-/**
-* Create a private key from PEM, DER, JWK, or KeyInput.
-*/
-function createPrivateKey(key) {
-	if (typeof key === "object" && !Buffer.isBuffer(key) && "key" in key) {
-		const input = key;
-		if (input.format === "jwk") {
-			const jwk = input.key;
-			if (jwk.kty === "RSA" && jwk.d) {
-				const { parsed, pem } = importJwkRsa(jwk);
-				return new KeyObject("private", {
-					parsed,
-					pem
-				});
-			}
-			throw new Error("JWK does not contain a private key");
-		}
-	}
-	const pem = normalizePem(key);
-	const parsed = parsePemKey(pem);
-	if (parsed.type !== "rsa-private") {
-		throw new TypeError("Key is not a private key");
-	}
-	return new KeyObject("private", {
-		parsed,
-		pem
-	});
-}
-function normalizePem(key) {
-	if (typeof key === "string") return key;
-	if (Buffer.isBuffer(key)) return key.toString("utf8");
-	if (key && typeof key === "object" && "key" in key) {
-		const input = key;
-		if (typeof input.key === "string") return input.key;
-		if (Buffer.isBuffer(input.key)) return input.key.toString(input.encoding ?? "utf8");
-		if (input.key instanceof KeyObject) {
-			return input.key.export({ format: "pem" });
-		}
-	}
-	throw new TypeError("Invalid key input");
-}
-
-//#endregion
-export { KeyObject, createPrivateKey, createPublicKey, createSecretKey };
+import{derToPem as e,encodePrivateKeyInfo as t,encodeRsaPrivateKeyPkcs1 as n,encodeRsaPublicKeyPkcs1 as r,encodeSubjectPublicKeyInfo as i,parsePemKey as a,rsaKeySize as o}from"./asn1.js";import{Buffer as s}from"node:buffer";function c(e){if(e===0n)return`AA`;let t=e.toString(16),n=t.length%2?`0`+t:t,r=[];for(let e=0;e<n.length;e+=2)r.push(parseInt(n.substring(e,e+2),16));return s.from(r).toString(`base64url`)}function l(e){let t=s.from(e,`base64url`),n=0n;for(let e=0;e<t.length;e++)n=n<<8n|BigInt(t[e]);return n}var u=class e{type;_handle;constructor(e,t){if(e!==`secret`&&e!==`public`&&e!==`private`)throw TypeError(`Invalid KeyObject type: ${e}`);this.type=e,this._handle=t}get symmetricKeySize(){if(this.type===`secret`)return this._handle.byteLength}get asymmetricKeyType(){if(this.type===`secret`)return;let e=this._handle;if(e.parsed.type===`rsa-public`||e.parsed.type===`rsa-private`)return`rsa`}get asymmetricKeySize(){if(this.type===`secret`)return;let e=this._handle;if(e.parsed.type===`rsa-public`||e.parsed.type===`rsa-private`)return o(e.parsed.components.n)/8}equals(t){if(!(t instanceof e)||this.type!==t.type)return!1;if(this.type===`secret`){let e=this._handle,n=t._handle;if(e.byteLength!==n.byteLength)return!1;for(let t=0;t<e.byteLength;t++)if(e[t]!==n[t])return!1;return!0}let n=this._handle,r=t._handle;return n.pem===r.pem}export(e){if(this.type===`secret`){let t=this._handle;return e?.format===`jwk`?{kty:`oct`,k:s.from(t).toString(`base64url`)}:s.from(t)}let t=this._handle,n=e?.format??`pem`,r=e?.type;if(n===`jwk`)return d(t.parsed,this.type);if(n===`pem`)return t.pem&&!t.pem.startsWith(`[`)?t.pem:p(t.parsed,this.type,r);if(n===`der`){if(t.pem&&!t.pem.startsWith(`[`)){let e=t.pem.trim().split(/\r?\n/),n=e.findIndex(e=>e.startsWith(`-----BEGIN `)),r=e.findIndex((e,t)=>t>n&&e.startsWith(`-----END `)),i=e.slice(n+1,r).join(``);return s.from(i,`base64`)}return m(t.parsed,this.type,r)}throw TypeError(`Unsupported export format: ${n}`)}get[Symbol.toStringTag](){return`KeyObject`}};function d(e,t){if(e.type===`rsa-public`)return{kty:`RSA`,n:c(e.components.n),e:c(e.components.e)};if(e.type===`rsa-private`){if(t===`public`)return{kty:`RSA`,n:c(e.components.n),e:c(e.components.e)};let{n,e:r,d:i,p:a,q:o}=e.components,s=i%(a-1n),l=i%(o-1n),u=h(o,a);return{kty:`RSA`,n:c(n),e:c(r),d:c(i),p:c(a),q:c(o),dp:c(s),dq:c(l),qi:c(u)}}throw Error(`Unsupported key type for JWK export`)}function f(t){if(t.d){let r={n:l(t.n),e:l(t.e),d:l(t.d),p:l(t.p),q:l(t.q)};return{parsed:{type:`rsa-private`,components:r},pem:e(n(r),`RSA PRIVATE KEY`)}}let r={n:l(t.n),e:l(t.e)};return{parsed:{type:`rsa-public`,components:r},pem:e(i(r),`PUBLIC KEY`)}}function p(a,o,s){if(a.type===`rsa-public`)return s===`pkcs1`?e(r(a.components),`RSA PUBLIC KEY`):e(i(a.components),`PUBLIC KEY`);if(a.type===`rsa-private`&&o===`public`){let t={n:a.components.n,e:a.components.e};return s===`pkcs1`?e(r(t),`RSA PUBLIC KEY`):e(i(t),`PUBLIC KEY`)}if(a.type===`rsa-private`)return s===`pkcs8`?e(t(a.components),`PRIVATE KEY`):e(n(a.components),`RSA PRIVATE KEY`);throw Error(`Cannot generate PEM for this key type`)}function m(e,a,o){if(e.type===`rsa-public`)return o===`pkcs1`?s.from(r(e.components)):s.from(i(e.components));if(e.type===`rsa-private`&&a===`public`){let t={n:e.components.n,e:e.components.e};return o===`pkcs1`?s.from(r(t)):s.from(i(t))}if(e.type===`rsa-private`)return o===`pkcs8`?s.from(t(e.components)):s.from(n(e.components));throw Error(`Cannot generate DER for this key type`)}function h(e,t){let[n,r]=[e%t,t],[i,a]=[1n,0n];for(;r!==0n;){let e=n/r;[n,r]=[r,n-e*r],[i,a]=[a,i-e*a]}return(i%t+t)%t}function g(e,t){let n;return n=typeof e==`string`?s.from(e,t??`utf8`):new Uint8Array(e),new u(`secret`,n)}function _(t){if(t instanceof u){if(t.type===`public`)return t;if(t.type===`private`){let n=t._handle;if(n.parsed.type===`rsa-private`){let t={n:n.parsed.components.n,e:n.parsed.components.e};return new u(`public`,{parsed:{type:`rsa-public`,components:t},pem:e(i(t),`PUBLIC KEY`)})}}throw TypeError(`Cannot create public key from secret key`)}if(typeof t==`object`&&!s.isBuffer(t)&&`key`in t){let e=t;if(e.format===`jwk`){let t=e.key;if(t.kty===`RSA`){let{parsed:e,pem:n}=f({n:t.n,e:t.e});return new u(`public`,{parsed:e,pem:n})}throw Error(`Unsupported JWK key type: ${t.kty}`)}}let n=y(t),r=a(n);if(r.type===`rsa-private`){let t={n:r.components.n,e:r.components.e};return new u(`public`,{parsed:{type:`rsa-public`,components:t},pem:e(i(t),`PUBLIC KEY`)})}return new u(`public`,{parsed:r,pem:n})}function v(e){if(typeof e==`object`&&!s.isBuffer(e)&&`key`in e){let t=e;if(t.format===`jwk`){let e=t.key;if(e.kty===`RSA`&&e.d){let{parsed:t,pem:n}=f(e);return new u(`private`,{parsed:t,pem:n})}throw Error(`JWK does not contain a private key`)}}let t=y(e),n=a(t);if(n.type!==`rsa-private`)throw TypeError(`Key is not a private key`);return new u(`private`,{parsed:n,pem:t})}function y(e){if(typeof e==`string`)return e;if(s.isBuffer(e))return e.toString(`utf8`);if(e&&typeof e==`object`&&`key`in e){let t=e;if(typeof t.key==`string`)return t.key;if(s.isBuffer(t.key))return t.key.toString(t.encoding??`utf8`);if(t.key instanceof u)return t.key.export({format:`pem`})}throw TypeError(`Invalid key input`)}export{u as KeyObject,v as createPrivateKey,_ as createPublicKey,g as createSecretKey};

package/lib/esm/mgf1.js

@@ -1,33 +1 @@
-import { hashSize } from "./crypto-utils.js";
-import { Hash } from "./hash.js";
-
-//#region src/mgf1.ts
-/**
-* MGF1 mask generation function.
-* Produces a mask of `length` bytes from `seed` using `hashAlgo`.
-*/
-function mgf1(hashAlgo, seed, length) {
-	const hashLen = hashSize(hashAlgo);
-	const mask = new Uint8Array(length);
-	let offset = 0;
-	let counter = 0;
-	while (offset < length) {
-		const C = new Uint8Array(4);
-		C[0] = counter >>> 24 & 255;
-		C[1] = counter >>> 16 & 255;
-		C[2] = counter >>> 8 & 255;
-		C[3] = counter & 255;
-		const hash = new Hash(hashAlgo);
-		hash.update(seed);
-		hash.update(C);
-		const digest = new Uint8Array(hash.digest());
-		const toCopy = Math.min(digest.length, length - offset);
-		mask.set(digest.slice(0, toCopy), offset);
-		offset += toCopy;
-		counter++;
-	}
-	return mask;
-}
-
-//#endregion
-export { mgf1 };
+import{hashSize as e}from"./crypto-utils.js";import{Hash as t}from"./hash.js";function n(n,r,i){e(n);let a=new Uint8Array(i),o=0,s=0;for(;o<i;){let e=new Uint8Array(4);e[0]=s>>>24&255,e[1]=s>>>16&255,e[2]=s>>>8&255,e[3]=s&255;let c=new t(n);c.update(r),c.update(e);let l=new Uint8Array(c.digest()),u=Math.min(l.length,i-o);a.set(l.slice(0,u),o),o+=u,s++}return a}export{n as mgf1};

package/lib/esm/pbkdf2.js

@@ -1,75 +1 @@
-import { DIGEST_SIZES, SUPPORTED_ALGORITHMS, normalizeAlgorithm, toBuffer } from "./crypto-utils.js";
-import { Hmac } from "./hmac.js";
-import { Buffer } from "node:buffer";
-
-//#region src/pbkdf2.ts
-function hmacDigest(algo, key, data) {
-	const hmac = new Hmac(algo, key);
-	hmac.update(data);
-	return hmac.digest();
-}
-function validateParameters(iterations, keylen) {
-	if (typeof iterations !== "number" || iterations < 0 || !Number.isFinite(iterations)) {
-		throw new TypeError("iterations must be a positive number");
-	}
-	if (iterations === 0) {
-		throw new TypeError("iterations must be a positive number");
-	}
-	if (typeof keylen !== "number" || keylen < 0 || !Number.isFinite(keylen) || keylen > 2147483647) {
-		throw new TypeError("keylen must be a positive number");
-	}
-}
-/**
-* Synchronous PBKDF2 key derivation.
-*/
-function pbkdf2Sync(password, salt, iterations, keylen, digest) {
-	validateParameters(iterations, keylen);
-	const passwordBuf = toBuffer(password);
-	const saltBuf = toBuffer(salt);
-	const algo = normalizeAlgorithm(digest || "sha1");
-	const hashLen = DIGEST_SIZES[algo];
-	if (!SUPPORTED_ALGORITHMS.has(algo) || hashLen === undefined) {
-		throw new TypeError(`Unknown message digest: ${digest || "sha1"}`);
-	}
-	if (keylen === 0) {
-		return Buffer.alloc(0);
-	}
-	const numBlocks = Math.ceil(keylen / hashLen);
-	const dk = Buffer.allocUnsafe(numBlocks * hashLen);
-	for (let blockIndex = 1; blockIndex <= numBlocks; blockIndex++) {
-		const block = Buffer.allocUnsafe(saltBuf.length + 4);
-		saltBuf.copy(block, 0);
-		block.writeUInt32BE(blockIndex, saltBuf.length);
-		let u = hmacDigest(algo, passwordBuf, block);
-		let t = Buffer.from(u);
-		for (let iter = 1; iter < iterations; iter++) {
-			u = hmacDigest(algo, passwordBuf, u);
-			for (let k = 0; k < hashLen; k++) {
-				t[k] ^= u[k];
-			}
-		}
-		t.copy(dk, (blockIndex - 1) * hashLen);
-	}
-	return Buffer.from(dk.buffer, dk.byteOffset, keylen);
-}
-/**
-* Asynchronous PBKDF2 key derivation.
-*/
-function pbkdf2(password, salt, iterations, keylen, digest, callback) {
-	try {
-		validateParameters(iterations, keylen);
-	} catch (err) {
-		throw err;
-	}
-	setTimeout(() => {
-		try {
-			const result = pbkdf2Sync(password, salt, iterations, keylen, digest);
-			callback(null, result);
-		} catch (err) {
-			callback(err instanceof Error ? err : new Error(String(err)));
-		}
-	}, 0);
-}
-
-//#endregion
-export { pbkdf2, pbkdf2Sync };
+import{DIGEST_SIZES as e,SUPPORTED_ALGORITHMS as t,normalizeAlgorithm as n,toBuffer as r}from"./crypto-utils.js";import{Hmac as i}from"./hmac.js";import{Buffer as a}from"node:buffer";function o(e,t,n){let r=new i(e,t);return r.update(n),r.digest()}function s(e,t){if(typeof e!=`number`||e<0||!Number.isFinite(e)||e===0)throw TypeError(`iterations must be a positive number`);if(typeof t!=`number`||t<0||!Number.isFinite(t)||t>2147483647)throw TypeError(`keylen must be a positive number`)}function c(i,c,l,u,d){s(l,u);let f=r(i),p=r(c),m=n(d||`sha1`),h=e[m];if(!t.has(m)||h===void 0)throw TypeError(`Unknown message digest: ${d||`sha1`}`);if(u===0)return a.alloc(0);let g=Math.ceil(u/h),_=a.allocUnsafe(g*h);for(let e=1;e<=g;e++){let t=a.allocUnsafe(p.length+4);p.copy(t,0),t.writeUInt32BE(e,p.length);let n=o(m,f,t),r=a.from(n);for(let e=1;e<l;e++){n=o(m,f,n);for(let e=0;e<h;e++)r[e]^=n[e]}r.copy(_,(e-1)*h)}return a.from(_.buffer,_.byteOffset,u)}function l(e,t,n,r,i,a){try{s(n,r)}catch(e){throw e}setTimeout(()=>{try{a(null,c(e,t,n,r,i))}catch(e){a(e instanceof Error?e:Error(String(e)))}},0)}export{l as pbkdf2,c as pbkdf2Sync};