xypriss-security
Version:
Advanced High-Performance Security Framework. Military-grade encryption, post-quantum resilience, and fortified data structures.
109 lines • 4.11 kB
JavaScript
;
/***************************************************************************
* XyPriss Security Core - Hash Class
****************************************************************************/
Object.defineProperty(exports, "__esModule", { value: true });
exports.Hash = void 0;
const bridge_1 = require("./bridge");
const Random_1 = require("./Random");
const SecureBuffer_1 = require("./SecureBuffer");
/**
* ### Hash Class
*
* Provides high-performance hashing and HMAC operations powered by the Go core.
*/
class Hash {
/**
* Creates a secure hash of the provided input data.
*
* @param input - The string or buffer data to be hashed.
* @param options - Configuration for the hashing algorithm and output format.
* @returns The resulting hash as a string or SecureBuffer.
*/
static create(input, options = {}) {
const algo = (options.algorithm?.toString() || "sha256").toLowerCase();
let resultHex;
if (algo === "pbkdf2") {
const salt = options.salt
? typeof options.salt === "string"
? Buffer.from(options.salt)
: options.salt
: Random_1.Random.getRandomBytes(32).toUint8Array();
const iterations = options.iterations || 100000;
const keyLen = options.keyLength || 32;
const digest = options.digest || "sha256";
resultHex = bridge_1.Bridge.pbkdf2(input.toString(), salt, iterations, keyLen, digest);
}
else if (algo === "argon2id" || algo === "scrypt") {
resultHex = bridge_1.Bridge.hashPassword(input.toString(), algo);
}
else {
resultHex = bridge_1.Bridge.hash(input, algo);
}
if (resultHex.startsWith("error:"))
throw new Error(resultHex);
const format = options.outputFormat || "hex";
switch (format) {
case "buffer":
case "uint8array":
const matches = resultHex.match(/.{1,2}/g) || [];
return new SecureBuffer_1.SecureBuffer(new Uint8Array(matches.map((byte) => parseInt(byte, 16))));
case "base64":
const buf = Buffer.from(resultHex, "hex");
return buf.toString("base64");
default:
return resultHex;
}
}
/**
* Generates a PKCE code challenge from a code verifier.
*
* @param verifier - The code verifier string.
* @param method - The challenge method (default: 'S256').
* @returns The generated code challenge.
*/
static pkce(verifier, method = "S256") {
if (method === "plain")
return verifier;
// S256: base64url(sha256(verifier))
const hashed = bridge_1.Bridge.sha256(verifier);
const buf = Buffer.from(hashed, "hex");
return buf
.toString("base64")
.replace(/\+/g, "-")
.replace(/\//g, "_")
.replace(/=/g, "");
}
/**
* Creates a Message Authentication Code (HMAC) using a secret key.
*
* @param key - The secret key used for authentication.
* @param data - The data to be authenticated.
* @param algo - The HMAC algorithm (default: "sha256").
* @returns The resulting HMAC signature as a hex string.
*/
static hmac(key, data, algo = "sha256") {
const res = bridge_1.Bridge.hmac(key, data, algo);
if (res.startsWith("error:"))
throw new Error(res);
return res;
}
/**
* Compares two buffers in constant time to prevent timing attacks.
*
* @param a - First buffer to compare.
* @param b - Second buffer to compare.
* @returns True if buffers are equal, false otherwise.
*/
static timingSafeEqual(a, b) {
return bridge_1.Bridge.constantTimeCompare(a, b);
}
/**
* Legacy alias for hmac with proper typing.
*/
static createSecureHMAC(algo, key, data) {
return this.hmac(key, data, algo);
}
}
exports.Hash = Hash;
//# sourceMappingURL=Hash.js.map