@gjsify/webcrypto 0.1.0

package/lib/esm/util.js

@@ -0,0 +1,133 @@
+import "@gjsify/dom-exception";
+function normalizeAlgorithm(algorithm) {
+  if (typeof algorithm === "string") {
+    return { name: algorithm };
+  }
+  if (!algorithm || typeof algorithm.name !== "string") {
+    throw new TypeError("Algorithm must have a name property");
+  }
+  return algorithm;
+}
+const HASH_NAMES = {
+  "SHA-1": "sha1",
+  "SHA-256": "sha256",
+  "SHA-384": "sha384",
+  "SHA-512": "sha512"
+};
+function toNodeHashName(name) {
+  const resolved = HASH_NAMES[name.toUpperCase()] || HASH_NAMES[name];
+  if (!resolved) {
+    throw new DOMException(`Unrecognized hash name: ${name}`, "NotSupportedError");
+  }
+  return resolved;
+}
+function toWebCryptoHashName(name) {
+  const upper = name.toUpperCase().replace(/[^A-Z0-9]/g, "");
+  for (const [web, node] of Object.entries(HASH_NAMES)) {
+    if (node === name || upper === web.replace("-", "")) return web;
+  }
+  throw new DOMException(`Unrecognized hash name: ${name}`, "NotSupportedError");
+}
+const CURVE_NAMES = {
+  "P-256": "prime256v1",
+  "P-384": "secp384r1",
+  "P-521": "secp521r1"
+};
+function toNodeCurveName(name) {
+  const resolved = CURVE_NAMES[name];
+  if (!resolved) {
+    throw new DOMException(`Unrecognized curve name: ${name}`, "NotSupportedError");
+  }
+  return resolved;
+}
+function hashSize(hash) {
+  switch (toNodeHashName(hash)) {
+    case "sha1":
+      return 20;
+    case "sha256":
+      return 32;
+    case "sha384":
+      return 48;
+    case "sha512":
+      return 64;
+    default:
+      throw new DOMException(`Unsupported hash: ${hash}`, "NotSupportedError");
+  }
+}
+function validateUsages(usages, allowed) {
+  for (const usage of usages) {
+    if (!allowed.includes(usage)) {
+      throw new DOMException(`Invalid key usage: ${usage}`, "SyntaxError");
+    }
+  }
+  if (usages.length === 0) {
+    throw new DOMException("Key usages must not be empty", "SyntaxError");
+  }
+}
+function checkUsage(key, required) {
+  if (!key.usages.includes(required)) {
+    throw new DOMException(
+      `Key does not support the '${required}' usage`,
+      "InvalidAccessError"
+    );
+  }
+}
+const B64_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+const B64_LOOKUP = new Uint8Array(128);
+for (let i = 0; i < B64_CHARS.length; i++) B64_LOOKUP[B64_CHARS.charCodeAt(i)] = i;
+function bytesToBase64(bytes) {
+  let result = "";
+  const len = bytes.length;
+  for (let i = 0; i < len; i += 3) {
+    const b0 = bytes[i];
+    const b1 = i + 1 < len ? bytes[i + 1] : 0;
+    const b2 = i + 2 < len ? bytes[i + 2] : 0;
+    result += B64_CHARS[b0 >> 2 & 63];
+    result += B64_CHARS[(b0 << 4 | b1 >> 4) & 63];
+    result += i + 1 < len ? B64_CHARS[(b1 << 2 | b2 >> 6) & 63] : "=";
+    result += i + 2 < len ? B64_CHARS[b2 & 63] : "=";
+  }
+  return result;
+}
+function base64ToBytes(str) {
+  let s = str;
+  while (s.endsWith("=")) s = s.slice(0, -1);
+  const out = [];
+  let bits = 0;
+  let val = 0;
+  for (let i = 0; i < s.length; i++) {
+    val = val << 6 | B64_LOOKUP[s.charCodeAt(i)];
+    bits += 6;
+    if (bits >= 8) {
+      bits -= 8;
+      out.push(val >> bits & 255);
+    }
+  }
+  return new Uint8Array(out);
+}
+function base64urlEncode(data) {
+  return bytesToBase64(data).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function base64urlDecode(str) {
+  let s = str.replace(/-/g, "+").replace(/_/g, "/");
+  while (s.length % 4) s += "=";
+  return base64ToBytes(s);
+}
+function toUint8Array(data) {
+  if (data instanceof Uint8Array) return data;
+  if (data instanceof ArrayBuffer) return new Uint8Array(data);
+  if (ArrayBuffer.isView(data)) return new Uint8Array(data.buffer, data.byteOffset, data.byteLength);
+  throw new TypeError("Expected BufferSource");
+}
+export {
+  base64urlDecode,
+  base64urlEncode,
+  checkUsage,
+  hashSize,
+  normalizeAlgorithm,
+  toNodeCurveName,
+  toNodeHashName,
+  toUint8Array,
+  toWebCryptoHashName,
+  validateUsages
+};

package/lib/types/crypto-key.d.ts

@@ -0,0 +1,182 @@
+export type KeyType = 'public' | 'private' | 'secret';
+export type KeyUsage = 'encrypt' | 'decrypt' | 'sign' | 'verify' | 'deriveKey' | 'deriveBits' | 'wrapKey' | 'unwrapKey';
+export interface KeyAlgorithm {
+    name: string;
+    [key: string]: unknown;
+}
+export interface AesKeyAlgorithm extends KeyAlgorithm {
+    length: number;
+}
+export interface HmacKeyAlgorithm extends KeyAlgorithm {
+    hash: {
+        name: string;
+    };
+    length: number;
+}
+export interface EcKeyAlgorithm extends KeyAlgorithm {
+    namedCurve: string;
+}
+export interface RsaHashedKeyAlgorithm extends KeyAlgorithm {
+    hash: {
+        name: string;
+    };
+    modulusLength: number;
+    publicExponent: Uint8Array;
+}
+export interface AesKeyGenParams {
+    name: string;
+    length: number;
+    [key: string]: unknown;
+}
+export interface HmacKeyGenParams {
+    name: string;
+    hash: string | {
+        name: string;
+    };
+    length?: number;
+    [key: string]: unknown;
+}
+export interface EcKeyGenParams {
+    name: string;
+    namedCurve: string;
+    [key: string]: unknown;
+}
+export interface HmacImportParams {
+    name: string;
+    hash: string | {
+        name: string;
+    };
+    length?: number;
+    [key: string]: unknown;
+}
+export interface EcKeyImportParams {
+    name: string;
+    namedCurve: string;
+    [key: string]: unknown;
+}
+export interface AesCbcParams {
+    name: string;
+    iv: BufferSource;
+    [key: string]: unknown;
+}
+export interface AesCtrParams {
+    name: string;
+    counter: BufferSource;
+    length: number;
+    [key: string]: unknown;
+}
+export interface AesGcmParams {
+    name: string;
+    iv: BufferSource;
+    additionalData?: BufferSource;
+    tagLength?: number;
+    [key: string]: unknown;
+}
+export interface RsaOaepParams {
+    name: string;
+    label?: BufferSource;
+    [key: string]: unknown;
+}
+export interface EcdsaParams {
+    name: string;
+    hash: string | {
+        name: string;
+    };
+    [key: string]: unknown;
+}
+export interface RsaPssParams {
+    name: string;
+    saltLength: number;
+    [key: string]: unknown;
+}
+export interface Pbkdf2Params {
+    name: string;
+    hash: string | {
+        name: string;
+    };
+    salt: BufferSource;
+    iterations: number;
+    [key: string]: unknown;
+}
+export interface HkdfParams {
+    name: string;
+    hash: string | {
+        name: string;
+    };
+    salt: BufferSource;
+    info: BufferSource;
+    [key: string]: unknown;
+}
+export interface EcdhKeyDeriveParams {
+    name: string;
+    public: CryptoKey;
+    [key: string]: unknown;
+}
+/** Union of all supported algorithm parameter types */
+export type AlgorithmIdentifier = string | {
+    name: string;
+    [key: string]: unknown;
+};
+/** Handle for EC private keys: contains both public and private bytes */
+export interface EcKeyPairHandle {
+    pub: Uint8Array;
+    priv: Uint8Array;
+}
+/** Handle for RSA keys: PEM-encoded key */
+export interface RsaPemHandle {
+    pem: string;
+}
+export interface HashLike {
+    update(data: Uint8Array): void;
+    digest(): Uint8Array;
+}
+export interface HmacLike {
+    update(data: Uint8Array): void;
+    digest(): Uint8Array;
+}
+export interface CipherLike {
+    update(data: Uint8Array): Uint8Array;
+    final(): Uint8Array;
+    setAAD?(aad: Uint8Array): void;
+    getAuthTag?(): Uint8Array;
+}
+export interface DecipherLike {
+    update(data: Uint8Array): Uint8Array;
+    final(): Uint8Array;
+    setAuthTag?(tag: Uint8Array): void;
+    setAAD?(aad: Uint8Array): void;
+}
+export interface SignerLike {
+    update(data: Uint8Array): void;
+    sign(key: string): Uint8Array;
+}
+export interface VerifierLike {
+    update(data: Uint8Array): void;
+    verify(key: string, sig: Uint8Array): boolean;
+}
+export interface EcdhLike {
+    generateKeys(): void;
+    getPublicKey(): Uint8Array;
+    getPrivateKey(): Uint8Array;
+    setPrivateKey(key: Uint8Array): void;
+    computeSecret(key: Uint8Array): Uint8Array;
+}
+/**
+ * CryptoKey represents a cryptographic key obtained from SubtleCrypto methods.
+ * It stores algorithm metadata, key type, extractability, and usage flags
+ * alongside the raw key material (internal handle).
+ */
+export declare class CryptoKey {
+    readonly type: KeyType;
+    readonly extractable: boolean;
+    readonly algorithm: KeyAlgorithm;
+    readonly usages: KeyUsage[];
+    /** @internal Raw key material — not visible to user code */
+    _handle: unknown;
+    constructor(type: KeyType, extractable: boolean, algorithm: KeyAlgorithm, usages: KeyUsage[], handle: unknown);
+    get [Symbol.toStringTag](): string;
+}
+export interface CryptoKeyPair {
+    publicKey: CryptoKey;
+    privateKey: CryptoKey;
+}

package/lib/types/index.d.ts

@@ -0,0 +1,17 @@
+import { SubtleCrypto } from './subtle.js';
+import { CryptoKey } from './crypto-key.js';
+export type { CryptoKeyPair, KeyUsage, KeyAlgorithm, KeyType } from './crypto-key.js';
+/**
+ * Crypto object per the W3C WebCrypto API.
+ * Provides getRandomValues(), randomUUID(), and subtle (SubtleCrypto).
+ */
+declare class CryptoPolyfill {
+    readonly subtle: SubtleCrypto;
+    getRandomValues<T extends ArrayBufferView>(array: T): T;
+    randomUUID(): `${string}-${string}-${string}-${string}-${string}`;
+}
+declare const cryptoInstance: Crypto | CryptoPolyfill;
+declare const subtleInstance: SubtleCrypto | globalThis.SubtleCrypto;
+export { CryptoKey, SubtleCrypto, CryptoPolyfill as Crypto };
+export { subtleInstance as subtle, cryptoInstance as crypto };
+export default cryptoInstance;

package/lib/types/subtle.d.ts

@@ -0,0 +1,22 @@
+import { CryptoKey, type CryptoKeyPair, type KeyUsage, type AlgorithmIdentifier } from './crypto-key.js';
+/**
+ * SubtleCrypto provides cryptographic primitives per the W3C WebCrypto API.
+ */
+export declare class SubtleCrypto {
+    digest(algorithm: string | {
+        name: string;
+    }, data: BufferSource): Promise<ArrayBuffer>;
+    generateKey(algorithm: AlgorithmIdentifier, extractable: boolean, keyUsages: KeyUsage[]): Promise<CryptoKey | CryptoKeyPair>;
+    importKey(format: 'raw' | 'jwk' | 'pkcs8' | 'spki', keyData: BufferSource | JsonWebKey, algorithm: AlgorithmIdentifier, extractable: boolean, keyUsages: KeyUsage[]): Promise<CryptoKey>;
+    exportKey(format: 'raw' | 'jwk' | 'pkcs8' | 'spki', key: CryptoKey): Promise<ArrayBuffer | JsonWebKey>;
+    encrypt(algorithm: AlgorithmIdentifier, key: CryptoKey, data: BufferSource): Promise<ArrayBuffer>;
+    decrypt(algorithm: AlgorithmIdentifier, key: CryptoKey, data: BufferSource): Promise<ArrayBuffer>;
+    sign(algorithm: AlgorithmIdentifier, key: CryptoKey, data: BufferSource): Promise<ArrayBuffer>;
+    verify(algorithm: AlgorithmIdentifier, key: CryptoKey, signature: BufferSource, data: BufferSource): Promise<boolean>;
+    /** Internal deriveBits without usage check (used by deriveKey) */
+    private _deriveBitsInternal;
+    deriveBits(algorithm: AlgorithmIdentifier, baseKey: CryptoKey, length: number): Promise<ArrayBuffer>;
+    deriveKey(algorithm: AlgorithmIdentifier, baseKey: CryptoKey, derivedKeyAlgorithm: AlgorithmIdentifier, extractable: boolean, keyUsages: KeyUsage[]): Promise<CryptoKey>;
+    wrapKey(_format: 'raw' | 'jwk' | 'pkcs8' | 'spki', _key: CryptoKey, _wrappingKey: CryptoKey, _wrapAlgorithm: AlgorithmIdentifier): Promise<ArrayBuffer>;
+    unwrapKey(_format: 'raw' | 'jwk' | 'pkcs8' | 'spki', _wrappedKey: BufferSource, _unwrappingKey: CryptoKey, _unwrapAlgorithm: AlgorithmIdentifier, _unwrappedKeyAlgorithm: AlgorithmIdentifier, _extractable: boolean, _keyUsages: KeyUsage[]): Promise<CryptoKey>;
+}

package/lib/types/util.d.ts

@@ -0,0 +1,27 @@
+import type { KeyUsage } from './crypto-key.js';
+import '@gjsify/dom-exception';
+/** Normalize algorithm identifier to {name: string, ...} form */
+export declare function normalizeAlgorithm(algorithm: string | {
+    name: string;
+    [key: string]: unknown;
+}): {
+    name: string;
+    [key: string]: unknown;
+};
+export declare function toNodeHashName(name: string): string;
+export declare function toWebCryptoHashName(name: string): string;
+export declare function toNodeCurveName(name: string): string;
+/** Get hash output size in bytes */
+export declare function hashSize(hash: string): number;
+/** Validate key usages */
+export declare function validateUsages(usages: KeyUsage[], allowed: KeyUsage[]): void;
+/** Check key has required usage */
+export declare function checkUsage(key: {
+    usages: KeyUsage[];
+}, required: KeyUsage): void;
+/** Base64url encode */
+export declare function base64urlEncode(data: Uint8Array): string;
+/** Base64url decode */
+export declare function base64urlDecode(str: string): Uint8Array;
+/** Convert ArrayBuffer or view to Uint8Array */
+export declare function toUint8Array(data: BufferSource): Uint8Array;

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "@gjsify/webcrypto",
+  "version": "0.1.0",
+  "description": "W3C WebCrypto API (SubtleCrypto) for GJS using @gjsify/crypto primitives",
+  "type": "module",
+  "module": "lib/esm/index.js",
+  "types": "lib/types/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./lib/types/index.d.ts",
+      "default": "./lib/esm/index.js"
+    },
+    "./globals": "./globals.mjs"
+  },
+  "scripts": {
+    "clear": "rm -rf lib tsconfig.tsbuildinfo tsconfig.types.tsbuildinfo test.gjs.mjs test.node.mjs || exit 0",
+    "check": "tsc --noEmit",
+    "build": "yarn build:gjsify && yarn build:types",
+    "build:gjsify": "gjsify build --library 'src/**/*.{ts,js}' --exclude 'src/**/*.spec.{mts,ts}' 'src/test.{mts,ts}'",
+    "build:types": "tsc",
+    "build:test": "yarn build:test:gjs && yarn build:test:node",
+    "build:test:gjs": "gjsify build src/test.mts --app gjs --outfile test.gjs.mjs",
+    "build:test:node": "gjsify build src/test.mts --app node --outfile test.node.mjs",
+    "test": "yarn build:gjsify && yarn build:test && yarn test:node",
+    "test:gjs": "gjs -m test.gjs.mjs",
+    "test:node": "node test.node.mjs"
+  },
+  "keywords": [
+    "gjs",
+    "webcrypto",
+    "subtle",
+    "crypto"
+  ],
+  "dependencies": {
+    "@gjsify/dom-exception": "^0.1.0"
+  },
+  "devDependencies": {
+    "@gjsify/cli": "^0.1.0",
+    "@gjsify/unit": "^0.1.0",
+    "@types/node": "^25.5.0",
+    "typescript": "^6.0.2"
+  }
+}

package/src/crypto-key.ts

@@ -0,0 +1,226 @@
+// W3C CryptoKey for GJS
+// Reference: refs/deno/ext/crypto/00_crypto.js
+// Copyright (c) 2018-2026 the Deno authors. MIT license.
+// Reimplemented for GJS using @gjsify/crypto primitives.
+
+export type KeyType = 'public' | 'private' | 'secret';
+export type KeyUsage = 'encrypt' | 'decrypt' | 'sign' | 'verify' | 'deriveKey' | 'deriveBits' | 'wrapKey' | 'unwrapKey';
+
+export interface KeyAlgorithm {
+  name: string;
+  [key: string]: unknown;
+}
+
+// ---- Specific KeyAlgorithm sub-interfaces ----
+
+export interface AesKeyAlgorithm extends KeyAlgorithm {
+  length: number;
+}
+
+export interface HmacKeyAlgorithm extends KeyAlgorithm {
+  hash: { name: string };
+  length: number;
+}
+
+export interface EcKeyAlgorithm extends KeyAlgorithm {
+  namedCurve: string;
+}
+
+export interface RsaHashedKeyAlgorithm extends KeyAlgorithm {
+  hash: { name: string };
+  modulusLength: number;
+  publicExponent: Uint8Array;
+}
+
+// ---- Algorithm parameter interfaces (W3C WebCrypto) ----
+
+export interface AesKeyGenParams {
+  name: string;
+  length: number;
+  [key: string]: unknown;
+}
+
+export interface HmacKeyGenParams {
+  name: string;
+  hash: string | { name: string };
+  length?: number;
+  [key: string]: unknown;
+}
+
+export interface EcKeyGenParams {
+  name: string;
+  namedCurve: string;
+  [key: string]: unknown;
+}
+
+export interface HmacImportParams {
+  name: string;
+  hash: string | { name: string };
+  length?: number;
+  [key: string]: unknown;
+}
+
+export interface EcKeyImportParams {
+  name: string;
+  namedCurve: string;
+  [key: string]: unknown;
+}
+
+export interface AesCbcParams {
+  name: string;
+  iv: BufferSource;
+  [key: string]: unknown;
+}
+
+export interface AesCtrParams {
+  name: string;
+  counter: BufferSource;
+  length: number;
+  [key: string]: unknown;
+}
+
+export interface AesGcmParams {
+  name: string;
+  iv: BufferSource;
+  additionalData?: BufferSource;
+  tagLength?: number;
+  [key: string]: unknown;
+}
+
+export interface RsaOaepParams {
+  name: string;
+  label?: BufferSource;
+  [key: string]: unknown;
+}
+
+export interface EcdsaParams {
+  name: string;
+  hash: string | { name: string };
+  [key: string]: unknown;
+}
+
+export interface RsaPssParams {
+  name: string;
+  saltLength: number;
+  [key: string]: unknown;
+}
+
+export interface Pbkdf2Params {
+  name: string;
+  hash: string | { name: string };
+  salt: BufferSource;
+  iterations: number;
+  [key: string]: unknown;
+}
+
+export interface HkdfParams {
+  name: string;
+  hash: string | { name: string };
+  salt: BufferSource;
+  info: BufferSource;
+  [key: string]: unknown;
+}
+
+export interface EcdhKeyDeriveParams {
+  name: string;
+  public: CryptoKey;
+  [key: string]: unknown;
+}
+
+/** Union of all supported algorithm parameter types */
+export type AlgorithmIdentifier = string | { name: string; [key: string]: unknown };
+
+// ---- Internal handle types (not part of public API) ----
+
+/** Handle for EC private keys: contains both public and private bytes */
+export interface EcKeyPairHandle {
+  pub: Uint8Array;
+  priv: Uint8Array;
+}
+
+/** Handle for RSA keys: PEM-encoded key */
+export interface RsaPemHandle {
+  pem: string;
+}
+
+// ---- Lazy-loaded Node.js crypto function types ----
+
+export interface HashLike {
+  update(data: Uint8Array): void;
+  digest(): Uint8Array;
+}
+
+export interface HmacLike {
+  update(data: Uint8Array): void;
+  digest(): Uint8Array;
+}
+
+export interface CipherLike {
+  update(data: Uint8Array): Uint8Array;
+  final(): Uint8Array;
+  setAAD?(aad: Uint8Array): void;
+  getAuthTag?(): Uint8Array;
+}
+
+export interface DecipherLike {
+  update(data: Uint8Array): Uint8Array;
+  final(): Uint8Array;
+  setAuthTag?(tag: Uint8Array): void;
+  setAAD?(aad: Uint8Array): void;
+}
+
+export interface SignerLike {
+  update(data: Uint8Array): void;
+  sign(key: string): Uint8Array;
+}
+
+export interface VerifierLike {
+  update(data: Uint8Array): void;
+  verify(key: string, sig: Uint8Array): boolean;
+}
+
+export interface EcdhLike {
+  generateKeys(): void;
+  getPublicKey(): Uint8Array;
+  getPrivateKey(): Uint8Array;
+  setPrivateKey(key: Uint8Array): void;
+  computeSecret(key: Uint8Array): Uint8Array;
+}
+
+/**
+ * CryptoKey represents a cryptographic key obtained from SubtleCrypto methods.
+ * It stores algorithm metadata, key type, extractability, and usage flags
+ * alongside the raw key material (internal handle).
+ */
+export class CryptoKey {
+  readonly type: KeyType;
+  readonly extractable: boolean;
+  readonly algorithm: KeyAlgorithm;
+  readonly usages: KeyUsage[];
+
+  /** @internal Raw key material — not visible to user code */
+  _handle: unknown;
+
+  constructor(
+    type: KeyType,
+    extractable: boolean,
+    algorithm: KeyAlgorithm,
+    usages: KeyUsage[],
+    handle: unknown,
+  ) {
+    this.type = type;
+    this.extractable = extractable;
+    this.algorithm = Object.freeze({ ...algorithm });
+    this.usages = Object.freeze([...usages]) as unknown as KeyUsage[];
+    this._handle = handle;
+  }
+
+  get [Symbol.toStringTag](): string {
+    return 'CryptoKey';
+  }
+}
+
+export interface CryptoKeyPair {
+  publicKey: CryptoKey;
+  privateKey: CryptoKey;
+}