Replace Buffer with Uint8Array

package.json

@@ -60,6 +60,7 @@
     "typescript": "^5.0.3"
   },
   "dependencies": {
+    "@scure/base": "^1.1.3",
     "structured-headers": "^1.0.1"
   }
 }

src/algorithm/index.ts

@@ -28,36 +28,36 @@ export function createSigner(key: BinaryLike | KeyLike | SignKeyObjectInput | Si
     const signer = { alg } as SigningKey;
     switch (alg) {
         case 'hmac-sha256':
-            signer.sign = async (data: Buffer) => createHmac('sha256', key as BinaryLike).update(data).digest();
+            signer.sign = async (data: Uint8Array) => createHmac('sha256', key as BinaryLike).update(data).digest();
             break;
         case 'rsa-pss-sha512':
-            signer.sign = async (data: Buffer) => createSign('sha512').update(data).sign({
+            signer.sign = async (data: Uint8Array) => createSign('sha512').update(data).sign({
                 key,
                 padding: RSA_PKCS1_PSS_PADDING,
             } as SignPrivateKeyInput);
             break;
         case 'rsa-v1_5-sha256':
-            signer.sign = async (data: Buffer) => createSign('sha256').update(data).sign({
+            signer.sign = async (data: Uint8Array) => createSign('sha256').update(data).sign({
                 key,
                 padding: RSA_PKCS1_PADDING,
             } as SignPrivateKeyInput);
             break;
         case 'rsa-v1_5-sha1':
             // this is legacy for cavage
-            signer.sign = async (data: Buffer) => createSign('sha1').update(data).sign({
+            signer.sign = async (data: Uint8Array) => createSign('sha1').update(data).sign({
                 key,
                 padding: RSA_PKCS1_PADDING,
             } as SignPrivateKeyInput);
             break;
         case 'ecdsa-p256-sha256':
-            signer.sign = async (data: Buffer) => createSign('sha256').update(data).sign(key as KeyLike);
+            signer.sign = async (data: Uint8Array) => createSign('sha256').update(data).sign(key as KeyLike);
             break;
         case 'ecdsa-p384-sha384':
-            signer.sign = async (data: Buffer) => createSign('sha384').update(data).sign(key as KeyLike);
+            signer.sign = async (data: Uint8Array) => createSign('sha384').update(data).sign(key as KeyLike);
             break;
         case 'ed25519':
-            signer.sign = async (data: Buffer) => sign(null, data, key as KeyLike);
-            // signer.sign = async (data: Buffer) => createSign('ed25519').update(data).sign(key as KeyLike);
+            signer.sign = async (data: Uint8Array) => sign(null, data, key as KeyLike);
+            // signer.sign = async (data: Uint8Array) => createSign('ed25519').update(data).sign(key as KeyLike);
             break;
         default:
             throw new UnknownAlgorithmError(`Unsupported signing algorithm ${alg}`);
@@ -84,37 +84,37 @@ export function createVerifier(key: BinaryLike | KeyLike | VerifyKeyObjectInput
     let verifier;
     switch (alg) {
         case 'hmac-sha256':
-            verifier = async (data: Buffer, signature: Buffer) => {
+            verifier = async (data: Uint8Array, signature: Uint8Array) => {
                 const expected = createHmac('sha256', key as BinaryLike).update(data).digest();
                 return signature.length === expected.length && timingSafeEqual(signature, expected);
             }
             break;
         case 'rsa-pss-sha512':
-            verifier = async (data: Buffer, signature: Buffer) => createVerify('sha512').update(data).verify({
+            verifier = async (data: Uint8Array, signature: Uint8Array) => createVerify('sha512').update(data).verify({
                 key,
                 padding: RSA_PKCS1_PSS_PADDING,
             } as VerifyPublicKeyInput, signature);
             break;
         case 'rsa-v1_5-sha1':
-            verifier = async (data: Buffer, signature: Buffer) => createVerify('sha1').update(data).verify({
+            verifier = async (data: Uint8Array, signature: Uint8Array) => createVerify('sha1').update(data).verify({
                 key,
                 padding: RSA_PKCS1_PADDING,
             } as VerifyPublicKeyInput, signature);
             break;
         case 'rsa-v1_5-sha256':
-            verifier = async (data: Buffer, signature: Buffer) => createVerify('sha256').update(data).verify({
+            verifier = async (data: Uint8Array, signature: Uint8Array) => createVerify('sha256').update(data).verify({
                 key,
                 padding: RSA_PKCS1_PADDING,
             } as VerifyPublicKeyInput, signature);
             break;
         case 'ecdsa-p256-sha256':
-            verifier = async (data: Buffer, signature: Buffer) => createVerify('sha256').update(data).verify(key as KeyLike, signature);
+            verifier = async (data: Uint8Array, signature: Uint8Array) => createVerify('sha256').update(data).verify(key as KeyLike, signature);
             break;
         case 'ecdsa-p384-sha384':
-            verifier = async (data: Buffer, signature: Buffer) => createVerify('sha384').update(data).verify(key as KeyLike, signature);
+            verifier = async (data: Uint8Array, signature: Uint8Array) => createVerify('sha384').update(data).verify(key as KeyLike, signature);
             break;
         case 'ed25519':
-            verifier = async (data: Buffer, signature: Buffer) => verify(null, data, key as KeyLike, signature) as unknown as boolean;
+            verifier = async (data: Uint8Array, signature: Uint8Array) => verify(null, data, key as KeyLike, signature) as unknown as boolean;
             break;
         default:
             throw new UnknownAlgorithmError(`Unsupported signing algorithm ${alg}`);

src/cavage/index.ts

@@ -1,3 +1,4 @@
+import { base64 } from "@scure/base";
 import { parseItem } from 'structured-headers';
 import { Algorithm, Request, Response, SignConfig, VerifyConfig, defaultParams, isRequest } from '../types';
 import { quoteString } from '../structured-header';
@@ -173,7 +174,7 @@
     const signatureBase = createSignatureBase(config.fields ?? [], message, signingParameters);
     const base = formatSignatureBase(signatureBase);
     // call sign
-    const signature = await config.key.sign(Buffer.from(base));
+    const signature = await config.key.sign(new TextEncoder().encode(base));
     const headerNames = signatureBase.map(([key]) => key);
     const header = [
         ...Array.from(signingParameters.entries()).map(([name, value]) => {
@@ -189,7 +190,7 @@
             return `${name}="${value.toString()}"`
         }),
         `headers="${headerNames.join(' ')}"`,
-        `signature="${signature.toString('base64')}"`,
+        `signature="${base64.encode(signature)}"`,
     ].join(',');
     return {
         ...message,
@@ -297,5 +298,5 @@
         });
     }, {});
     const key = await config.keyLookup(params);
-    return key?.verify(Buffer.from(base), Buffer.from(parsedHeader.get('signature'), 'base64'), params) ?? null;
+    return key?.verify(new TextEncoder().encode(base), base64.decode(parsedHeader.get('signature')), params) ?? null;
 }

src/httpbis/index.ts

@@ -1,3 +1,4 @@
+import { base64 } from "@scure/base";
 import {
     BareItem,
     parseDictionary,
@@ -163,8 +164,8 @@
     }
     if (params.has('bs')) {
         return [values.map((val) => {
-            const encoded = Buffer.from(val.trim().replace(/\n\s*/gm, ' '));
-            return `:${encoded.toString('base64')}:`
+            const encoded = new TextEncoder().encode(val.trim().replace(/\n\s*/gm, ' '));
+            return `:${base64.encode(encoded)}:`
         }).join(', ')];
     }
     // raw encoding
@@ -267,7 +268,7 @@
     }, new Map());
 }
 
-export function augmentHeaders(headers: Record<string, string | string[]>, signature: Buffer, signatureInput: string, name?: string): Record<string, string | string[]> {
+export function augmentHeaders(headers: Record<string, string | string[]>, signature: Uint8Array, signatureInput: string, name?: string): Record<string, string | string[]> {
     let signatureHeaderName = 'Signature';
     let signatureInputHeaderName = 'Signature-Input';
     let signatureHeader: DictionaryType = new Map();
@@ -300,7 +301,7 @@
         signatureName += count.toString();
     }
     // append our signature and signature-inputs to the headers and return
-    signatureHeader.set(signatureName, [new ByteSequence(signature.toString('base64')), new Map()]);
+    signatureHeader.set(signatureName, [new ByteSequence(base64.encode(signature)), new Map()]);
     inputHeader.set(signatureName, parseList(signatureInput)[0]);
     return {
         ...headers,
@@ -327,7 +328,7 @@
     signatureBase.push(['"@signature-params"', [signatureInput]]);
     const base = formatSignatureBase(signatureBase);
     // call sign
-    const signature = await config.key.sign(Buffer.from(base));
+    const signature = await config.key.sign(new TextEncoder().encode(base));
     return {
         ...message,
         headers: augmentHeaders({ ...message.headers }, signature, signatureInput, config.name),
@@ -444,6 +445,6 @@
         if (!isByteSequence(signature[0] as BareItem)) {
             throw new MalformedSignatureError('Malformed signature');
         }
-        return key.verify(Buffer.from(base), Buffer.from((signature[0] as ByteSequence).toBase64(), 'base64'), signatureParams);
+        return key.verify(new TextEncoder().encode(base), base64.decode((signature[0] as ByteSequence).toBase64()), signatureParams);
     }, Promise.resolve(null));
 }

src/types/index.ts

@@ -9,8 +9,8 @@ export interface Response {
     headers: Record<string, string | string[]>;
 }
 
-export type Signer = (data: Buffer) => Promise<Buffer>;
-export type Verifier = (data: Buffer, signature: Buffer, parameters?: SignatureParameters) => Promise<boolean | null>;
+export type Signer = (data: Uint8Array) => Promise<Uint8Array>;
+export type Verifier = (data: Uint8Array, signature: Uint8Array, parameters?: SignatureParameters) => Promise<boolean | null>;
 export type VerifierFinder = (parameters: SignatureParameters) => Promise<VerifyingKey | null>;
 
 export type Algorithm = 'rsa-v1_5-sha256' | 'ecdsa-p256-sha256' | 'hmac-sha256' | 'rsa-pss-sha512' | string;