UNPKG

xypriss-security

Version:

Advanced High-Performance Security Framework. Military-grade encryption, post-quantum resilience, and fortified data structures.

109 lines 4.11 kB
"use strict"; /*************************************************************************** * XyPriss Security Core - Hash Class ****************************************************************************/ Object.defineProperty(exports, "__esModule", { value: true }); exports.Hash = void 0; const bridge_1 = require("./bridge"); const Random_1 = require("./Random"); const SecureBuffer_1 = require("./SecureBuffer"); /** * ### Hash Class * * Provides high-performance hashing and HMAC operations powered by the Go core. */ class Hash { /** * Creates a secure hash of the provided input data. * * @param input - The string or buffer data to be hashed. * @param options - Configuration for the hashing algorithm and output format. * @returns The resulting hash as a string or SecureBuffer. */ static create(input, options = {}) { const algo = (options.algorithm?.toString() || "sha256").toLowerCase(); let resultHex; if (algo === "pbkdf2") { const salt = options.salt ? typeof options.salt === "string" ? Buffer.from(options.salt) : options.salt : Random_1.Random.getRandomBytes(32).toUint8Array(); const iterations = options.iterations || 100000; const keyLen = options.keyLength || 32; const digest = options.digest || "sha256"; resultHex = bridge_1.Bridge.pbkdf2(input.toString(), salt, iterations, keyLen, digest); } else if (algo === "argon2id" || algo === "scrypt") { resultHex = bridge_1.Bridge.hashPassword(input.toString(), algo); } else { resultHex = bridge_1.Bridge.hash(input, algo); } if (resultHex.startsWith("error:")) throw new Error(resultHex); const format = options.outputFormat || "hex"; switch (format) { case "buffer": case "uint8array": const matches = resultHex.match(/.{1,2}/g) || []; return new SecureBuffer_1.SecureBuffer(new Uint8Array(matches.map((byte) => parseInt(byte, 16)))); case "base64": const buf = Buffer.from(resultHex, "hex"); return buf.toString("base64"); default: return resultHex; } } /** * Generates a PKCE code challenge from a code verifier. * * @param verifier - The code verifier string. * @param method - The challenge method (default: 'S256'). * @returns The generated code challenge. */ static pkce(verifier, method = "S256") { if (method === "plain") return verifier; // S256: base64url(sha256(verifier)) const hashed = bridge_1.Bridge.sha256(verifier); const buf = Buffer.from(hashed, "hex"); return buf .toString("base64") .replace(/\+/g, "-") .replace(/\//g, "_") .replace(/=/g, ""); } /** * Creates a Message Authentication Code (HMAC) using a secret key. * * @param key - The secret key used for authentication. * @param data - The data to be authenticated. * @param algo - The HMAC algorithm (default: "sha256"). * @returns The resulting HMAC signature as a hex string. */ static hmac(key, data, algo = "sha256") { const res = bridge_1.Bridge.hmac(key, data, algo); if (res.startsWith("error:")) throw new Error(res); return res; } /** * Compares two buffers in constant time to prevent timing attacks. * * @param a - First buffer to compare. * @param b - Second buffer to compare. * @returns True if buffers are equal, false otherwise. */ static timingSafeEqual(a, b) { return bridge_1.Bridge.constantTimeCompare(a, b); } /** * Legacy alias for hmac with proper typing. */ static createSecureHMAC(algo, key, data) { return this.hmac(key, data, algo); } } exports.Hash = Hash; //# sourceMappingURL=Hash.js.map