react-native-quick-crypto 0.2.0 → 0.3.0

package/src/NativeQuickCrypto/Cipher.ts

@@ -1,4 +1,13 @@
 import type { BinaryLike } from 'src/Utils';
+import type { Buffer } from '@craftzdog/react-native-buffer';
+
+// TODO(osp) on node this is defined on the native side
+// Need to do the same so that values are always in sync
+export enum RSAKeyVariant {
+  kKeyVariantRSA_SSA_PKCS1_v1_5,
+  kKeyVariantRSA_PSS,
+  kKeyVariantRSA_OAEP,
+}
 
 export type InternalCipher = {
   update: (data: BinaryLike | ArrayBufferView) => ArrayBuffer;
@@ -23,3 +32,38 @@ export type CreateDecipherMethod = (params: {
   cipher_key: ArrayBuffer;
   auth_tag_len: number;
 }) => InternalCipher;
+
+export type PublicEncryptMethod = (
+  data: ArrayBuffer,
+  format: number,
+  type: any,
+  passphrase: any,
+  buffer: ArrayBuffer,
+  padding: number,
+  oaepHash: any,
+  oaepLabel: any
+) => Buffer;
+export type PrivateDecryptMethod = (
+  data: ArrayBuffer,
+  format: number,
+  type: any,
+  passphrase: any,
+  buffer: ArrayBuffer,
+  padding: number,
+  oaepHash: any,
+  oaepLabel: any
+) => Buffer;
+
+export type GenerateKeyPairMethod = (
+  keyVariant: RSAKeyVariant,
+  modulusLength: number,
+  publicExponent: number,
+  ...rest: any[]
+) => Promise<[error: unknown, publicBuffer: any, privateBuffer: any]>;
+
+export type GenerateKeyPairSyncMethod = (
+  keyVariant: RSAKeyVariant,
+  modulusLength: number,
+  publicExponent: number,
+  ...rest: any[]
+) => [error: unknown, publicBuffer: any, privateBuffer: any];

package/src/NativeQuickCrypto/NativeQuickCrypto.ts

@@ -3,7 +3,14 @@ import type { CreateHmacMethod } from './hmac';
 import type { CreateHashMethod } from './hash';
 import type { Pbkdf2Object } from './pbkdf2';
 import type { RandomObject } from './random';
-import type { CreateCipherMethod, CreateDecipherMethod } from './Cipher';
+import type {
+  CreateCipherMethod,
+  CreateDecipherMethod,
+  PublicEncryptMethod,
+  PrivateDecryptMethod,
+  GenerateKeyPairMethod,
+  GenerateKeyPairSyncMethod,
+} from './Cipher';
 
 interface NativeQuickCryptoSpec {
   createHmac: CreateHmacMethod;
@@ -12,6 +19,11 @@ interface NativeQuickCryptoSpec {
   createHash: CreateHashMethod;
   createCipher: CreateCipherMethod;
   createDecipher: CreateDecipherMethod;
+  publicEncrypt: PublicEncryptMethod;
+  publicDecrypt: PublicEncryptMethod;
+  privateDecrypt: PrivateDecryptMethod;
+  generateKeyPair: GenerateKeyPairMethod;
+  generateKeyPairSync: GenerateKeyPairSyncMethod;
 }
 
 // global func declaration for JSI functions

package/src/QuickCrypto.ts

@@ -5,9 +5,15 @@ import {
   createCipheriv,
   createDecipher,
   createDecipheriv,
+  publicEncrypt,
+  publicDecrypt,
+  privateDecrypt,
+  generateKeyPair,
+  generateKeyPairSync,
 } from './Cipher';
 import { createHmac } from './Hmac';
 import { createHash } from './Hash';
+import { constants } from './constants';
 
 export const QuickCrypto = {
   createHmac,
@@ -18,6 +24,12 @@ export const QuickCrypto = {
   createCipheriv,
   createDecipher,
   createDecipheriv,
+  publicEncrypt,
+  publicDecrypt,
+  privateDecrypt,
+  generateKeyPair,
+  generateKeyPairSync,
+  constants,
   ...pbkdf2,
   ...random,
 };

package/src/Utils.ts

@@ -24,6 +24,9 @@ export function getDefaultEncoding(): CipherEncoding {
   return defaultEncoding;
 }
 
+export const kEmptyObject = Object.freeze(Object.create(null));
+
+// Should be used by Cipher (or any other module that requires valid encodings)
 // function slowCases(enc: string) {
 //   switch (enc.length) {
 //     case 4:
@@ -149,3 +152,91 @@ export function binaryLikeToArrayBuffer(
 export function ab2str(buf: ArrayBuffer, encoding: string = 'hex') {
   return Buffer.from(buf).toString(encoding);
 }
+
+export function validateString(str: any, name?: string): str is string {
+  const isString = typeof str === 'string';
+  if (isString) {
+    throw new Error(`${name} is not a string`);
+  }
+  return isString;
+}
+
+export function validateFunction(f: any): f is Function {
+  return f != null && typeof f === 'function';
+}
+
+export function isStringOrBuffer(val: any): val is string | ArrayBuffer {
+  return typeof val === 'string' || ArrayBuffer.isView(val);
+}
+
+export function validateObject<T>(
+  value: any,
+  name: string,
+  options?: {
+    allowArray: boolean;
+    allowFunction: boolean;
+    nullable: boolean;
+  } | null
+): value is T {
+  const useDefaultOptions = options == null;
+  const allowArray = useDefaultOptions ? false : options.allowArray;
+  const allowFunction = useDefaultOptions ? false : options.allowFunction;
+  const nullable = useDefaultOptions ? false : options.nullable;
+  if (
+    (!nullable && value === null) ||
+    (!allowArray && Array.isArray(value)) ||
+    (typeof value !== 'object' &&
+      (!allowFunction || typeof value !== 'function'))
+  ) {
+    throw new Error(`${name} is not a valid object $${value}`);
+  }
+  return true;
+}
+
+export function validateInt32(
+  value: any,
+  name: string,
+  min = -2147483648,
+  max = 2147483647
+) {
+  // The defaults for min and max correspond to the limits of 32-bit integers.
+  if (typeof value !== 'number') {
+    throw new Error(`Invalid argument - ${name} is not a number: ${value}`);
+  }
+  if (!Number.isInteger(value)) {
+    throw new Error(
+      `Argument out of range - ${name} out of integer range: ${value}`
+    );
+  }
+  if (value < min || value > max) {
+    throw new Error(
+      `Invalid argument - ${name} out of range >= ${min} && <= ${max}: ${value}`
+    );
+  }
+}
+
+export function validateUint32(
+  value: number,
+  name: string,
+  positive?: boolean
+) {
+  if (typeof value !== 'number') {
+    // throw new ERR_INVALID_ARG_TYPE(name, 'number', value);
+    throw new Error(`Invalid argument - ${name} is not a number: ${value}`);
+  }
+  if (!Number.isInteger(value)) {
+    // throw new ERR_OUT_OF_RANGE(name, 'an integer', value);
+    throw new Error(
+      `Argument out of range - ${name} out of integer range: ${value}`
+    );
+  }
+  const min = positive ? 1 : 0;
+  // 2 ** 32 === 4294967296
+  const max = 4_294_967_295;
+  if (value < min || value > max) {
+    // throw new ERR_OUT_OF_RANGE(name, `>= ${min} && <= ${max}`, value);
+    throw new Error(
+      `Invalid argument - ${name} out of range >= ${min} && <= ${max}: ${value}`
+    );
+  }
+}

package/src/constants.ts

@@ -0,0 +1,79 @@
+// Taken by printing node.crypto.constants
+// Node declares them as enums on v8 directly
+// Whenever the API gets updated (or some dependency like OpenSSL) I guess we will have to revisit these
+export const constants = {
+  OPENSSL_VERSION_NUMBER: 269488367,
+  SSL_OP_ALL: 2147485780,
+  SSL_OP_ALLOW_NO_DHE_KEX: 1024,
+  SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: 262144,
+  SSL_OP_CIPHER_SERVER_PREFERENCE: 4194304,
+  SSL_OP_CISCO_ANYCONNECT: 32768,
+  SSL_OP_COOKIE_EXCHANGE: 8192,
+  SSL_OP_CRYPTOPRO_TLSEXT_BUG: 2147483648,
+  SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: 2048,
+  SSL_OP_EPHEMERAL_RSA: 0,
+  SSL_OP_LEGACY_SERVER_CONNECT: 4,
+  SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: 0,
+  SSL_OP_MICROSOFT_SESS_ID_BUG: 0,
+  SSL_OP_MSIE_SSLV2_RSA_PADDING: 0,
+  SSL_OP_NETSCAPE_CA_DN_BUG: 0,
+  SSL_OP_NETSCAPE_CHALLENGE_BUG: 0,
+  SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG: 0,
+  SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: 0,
+  SSL_OP_NO_COMPRESSION: 131072,
+  SSL_OP_NO_ENCRYPT_THEN_MAC: 524288,
+  SSL_OP_NO_QUERY_MTU: 4096,
+  SSL_OP_NO_RENEGOTIATION: 1073741824,
+  SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: 65536,
+  SSL_OP_NO_SSLv2: 0,
+  SSL_OP_NO_SSLv3: 33554432,
+  SSL_OP_NO_TICKET: 16384,
+  SSL_OP_NO_TLSv1: 67108864,
+  SSL_OP_NO_TLSv1_1: 268435456,
+  SSL_OP_NO_TLSv1_2: 134217728,
+  SSL_OP_NO_TLSv1_3: 536870912,
+  SSL_OP_PKCS1_CHECK_1: 0,
+  SSL_OP_PKCS1_CHECK_2: 0,
+  SSL_OP_PRIORITIZE_CHACHA: 2097152,
+  SSL_OP_SINGLE_DH_USE: 0,
+  SSL_OP_SINGLE_ECDH_USE: 0,
+  SSL_OP_SSLEAY_080_CLIENT_DH_BUG: 0,
+  SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG: 0,
+  SSL_OP_TLS_BLOCK_PADDING_BUG: 0,
+  SSL_OP_TLS_D5_BUG: 0,
+  SSL_OP_TLS_ROLLBACK_BUG: 8388608,
+  ENGINE_METHOD_RSA: 1,
+  ENGINE_METHOD_DSA: 2,
+  ENGINE_METHOD_DH: 4,
+  ENGINE_METHOD_RAND: 8,
+  ENGINE_METHOD_EC: 2048,
+  ENGINE_METHOD_CIPHERS: 64,
+  ENGINE_METHOD_DIGESTS: 128,
+  ENGINE_METHOD_PKEY_METHS: 512,
+  ENGINE_METHOD_PKEY_ASN1_METHS: 1024,
+  ENGINE_METHOD_ALL: 65535,
+  ENGINE_METHOD_NONE: 0,
+  DH_CHECK_P_NOT_SAFE_PRIME: 2,
+  DH_CHECK_P_NOT_PRIME: 1,
+  DH_UNABLE_TO_CHECK_GENERATOR: 4,
+  DH_NOT_SUITABLE_GENERATOR: 8,
+  ALPN_ENABLED: 1,
+  RSA_PKCS1_PADDING: 1,
+  RSA_SSLV23_PADDING: 2,
+  RSA_NO_PADDING: 3,
+  RSA_PKCS1_OAEP_PADDING: 4,
+  RSA_X931_PADDING: 5,
+  RSA_PKCS1_PSS_PADDING: 6,
+  RSA_PSS_SALTLEN_DIGEST: -1,
+  RSA_PSS_SALTLEN_MAX_SIGN: -2,
+  RSA_PSS_SALTLEN_AUTO: -2,
+  defaultCoreCipherList:
+    'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA',
+  TLS1_VERSION: 769,
+  TLS1_1_VERSION: 770,
+  TLS1_2_VERSION: 771,
+  TLS1_3_VERSION: 772,
+  POINT_CONVERSION_COMPRESSED: 2,
+  POINT_CONVERSION_UNCOMPRESSED: 4,
+  POINT_CONVERSION_HYBRID: 6,
+};

package/src/index.ts

@@ -1 +1,5 @@
+import { QuickCrypto } from './QuickCrypto';
+
 export * from './QuickCrypto';
+
+export default QuickCrypto;

package/src/keys.ts

@@ -0,0 +1,297 @@
+import { BinaryLike, binaryLikeToArrayBuffer, isStringOrBuffer } from './Utils';
+
+// On node this value is defined on the native side, for now I'm just creating it here in JS
+// TODO(osp) move this into native side to make sure they always match
+enum KFormatType {
+  kKeyFormatDER,
+  kKeyFormatPEM,
+  kKeyFormatJWK,
+}
+
+enum KeyInputContext {
+  kConsumePublic,
+  kConsumePrivate,
+  kCreatePublic,
+  kCreatePrivate,
+}
+
+enum KeyEncoding {
+  kKeyEncodingPKCS1,
+  kKeyEncodingPKCS8,
+  kKeyEncodingSPKI,
+  kKeyEncodingSEC1,
+}
+
+const encodingNames = {
+  [KeyEncoding.kKeyEncodingPKCS1]: 'pkcs1',
+  [KeyEncoding.kKeyEncodingPKCS8]: 'pkcs8',
+  [KeyEncoding.kKeyEncodingSPKI]: 'spki',
+  [KeyEncoding.kKeyEncodingSEC1]: 'sec1',
+};
+
+function option(name: string, objName: string | undefined) {
+  return objName === undefined
+    ? `options.${name}`
+    : `options.${objName}.${name}`;
+}
+
+function parseKeyFormat(
+  formatStr: string,
+  defaultFormat: KFormatType | undefined,
+  optionName?: string
+) {
+  if (formatStr === undefined && defaultFormat !== undefined)
+    return defaultFormat;
+  else if (formatStr === 'pem') return KFormatType.kKeyFormatPEM;
+  else if (formatStr === 'der') return KFormatType.kKeyFormatDER;
+  else if (formatStr === 'jwk') return KFormatType.kKeyFormatJWK;
+  throw new Error(`Invalid key format str: ${optionName}`);
+  // throw new ERR_INVALID_ARG_VALUE(optionName, formatStr);
+}
+
+function parseKeyType(
+  typeStr: string,
+  required: boolean,
+  keyType: string,
+  isPublic: boolean,
+  optionName: string
+) {
+  if (typeStr === undefined && !required) {
+    return undefined;
+  } else if (typeStr === 'pkcs1') {
+    if (keyType !== undefined && keyType !== 'rsa') {
+      throw new Error(
+        `Crypto incompatible key options: ${typeStr} can only be used for RSA keys`
+      );
+      // throw new ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS(
+      //   typeStr,
+      //   'can only be used for RSA keys'
+      // );
+    }
+    return KeyEncoding.kKeyEncodingPKCS1;
+  } else if (typeStr === 'spki' && isPublic !== false) {
+    return KeyEncoding.kKeyEncodingSPKI;
+  } else if (typeStr === 'pkcs8' && isPublic !== true) {
+    return KeyEncoding.kKeyEncodingPKCS8;
+  } else if (typeStr === 'sec1' && isPublic !== true) {
+    if (keyType !== undefined && keyType !== 'ec') {
+      throw new Error(
+        `Incompatible key options ${typeStr} can only be used for EC keys`
+      );
+    }
+    return KeyEncoding.kKeyEncodingSEC1;
+  }
+
+  throw new Error(`Invalid option ${optionName} - ${typeStr}`);
+}
+
+function parseKeyFormatAndType(
+  enc: any,
+  keyType: any,
+  isPublic: any,
+  objName: any
+) {
+  const { format: formatStr, type: typeStr } = enc;
+
+  const isInput = keyType === undefined;
+  const format = parseKeyFormat(
+    formatStr,
+    isInput ? KFormatType.kKeyFormatPEM : undefined,
+    option('format', objName)
+  );
+
+  const isRequired =
+    (!isInput || format === KFormatType.kKeyFormatDER) &&
+    format !== KFormatType.kKeyFormatJWK;
+  const type = parseKeyType(
+    typeStr,
+    isRequired,
+    keyType,
+    isPublic,
+    option('type', objName)
+  );
+  return { format, type };
+}
+
+function parseKeyEncoding(
+  enc: {
+    key: any;
+    encoding?: string;
+    format?: string;
+    cipher?: string;
+    passphrase?: string;
+  },
+  keyType: string | undefined,
+  isPublic: boolean | undefined,
+  objName?: string
+) {
+  // validateObject(enc, 'options');
+
+  const isInput = keyType === undefined;
+
+  const { format, type } = parseKeyFormatAndType(
+    enc,
+    keyType,
+    isPublic,
+    objName
+  );
+
+  let cipher, passphrase, encoding;
+  if (isPublic !== true) {
+    ({ cipher, passphrase, encoding } = enc);
+
+    if (!isInput) {
+      if (cipher != null) {
+        if (typeof cipher !== 'string')
+          throw new Error(
+            `Invalid argument ${option('cipher', objName)}: ${cipher}`
+          );
+        if (
+          format === KFormatType.kKeyFormatDER &&
+          (type === KeyEncoding.kKeyEncodingPKCS1 ||
+            type === KeyEncoding.kKeyEncodingSEC1)
+        ) {
+          throw new Error(
+            `Incompatible key options ${encodingNames[type]} does not support encryption`
+          );
+        }
+      } else if (passphrase !== undefined) {
+        throw new Error(
+          `invalid argument ${option('cipher', objName)}: ${cipher}`
+        );
+      }
+    }
+
+    if (
+      (isInput && passphrase !== undefined && !isStringOrBuffer(passphrase)) ||
+      (!isInput && cipher != null && !isStringOrBuffer(passphrase))
+    ) {
+      throw new Error(
+        `Invalid argument value ${option('passphrase', objName)}: ${passphrase}`
+      );
+    }
+  }
+
+  if (passphrase !== undefined)
+    passphrase = binaryLikeToArrayBuffer(passphrase, encoding);
+
+  return { format, type, cipher, passphrase };
+}
+
+function prepareAsymmetricKey(
+  key:
+    | BinaryLike
+    | { key: any; encoding?: string; format?: any; passphrase?: string },
+  ctx: KeyInputContext
+): {
+  format: KFormatType;
+  data: ArrayBuffer;
+  type?: any;
+  passphrase?: any;
+} {
+  // TODO(osp) check, KeyObject some node object
+  // if (isKeyObject(key)) {
+  //   // Best case: A key object, as simple as that.
+  //   return { data: getKeyObjectHandle(key, ctx) };
+  // } else
+  // if (isCryptoKey(key)) {
+  //   return { data: getKeyObjectHandle(key[kKeyObject], ctx) };
+  // } else
+  if (isStringOrBuffer(key)) {
+    // Expect PEM by default, mostly for backward compatibility.
+    return {
+      format: KFormatType.kKeyFormatPEM,
+      data: binaryLikeToArrayBuffer(key),
+    };
+  } else if (typeof key === 'object') {
+    const {
+      key: data,
+      encoding,
+      // format
+    } = key;
+    // // The 'key' property can be a KeyObject as well to allow specifying
+    // // additional options such as padding along with the key.
+    // if (isKeyObject(data)) return { data: getKeyObjectHandle(data, ctx) };
+    // else if (isCryptoKey(data))
+    //   return { data: getKeyObjectHandle(data[kKeyObject], ctx) };
+    // else if (isJwk(data) && format === 'jwk')
+    //   return { data: getKeyObjectHandleFromJwk(data, ctx), format: 'jwk' };
+    // Either PEM or DER using PKCS#1 or SPKI.
+    if (!isStringOrBuffer(data)) {
+      throw new Error(
+        'prepareAsymmetricKey: key is not a string or ArrayBuffer'
+      );
+    }
+
+    const isPublic =
+      ctx === KeyInputContext.kConsumePrivate ||
+      ctx === KeyInputContext.kCreatePrivate
+        ? false
+        : undefined;
+
+    return {
+      data: binaryLikeToArrayBuffer(data, encoding),
+      ...parseKeyEncoding(key, undefined, isPublic),
+    };
+  }
+
+  throw new Error('[prepareAsymetricKey] Invalid argument key: ${key}');
+}
+
+// TODO(osp) any here is a node KeyObject
+export function preparePrivateKey(
+  key:
+    | BinaryLike
+    | {
+        key: any;
+        encoding?: string;
+        format?: any;
+        padding?: number;
+        passphrase?: string;
+      }
+) {
+  return prepareAsymmetricKey(key, KeyInputContext.kConsumePrivate);
+}
+
+// TODO(osp) any here is a node KeyObject
+export function preparePublicOrPrivateKey(
+  key:
+    | BinaryLike
+    | { key: any; encoding?: string; format?: any; padding?: number }
+) {
+  return prepareAsymmetricKey(key, KeyInputContext.kConsumePublic);
+}
+
+// Parses the public key encoding based on an object. keyType must be undefined
+// when this is used to parse an input encoding and must be a valid key type if
+// used to parse an output encoding.
+export function parsePublicKeyEncoding(
+  enc: {
+    key: any;
+    encoding?: string;
+    format?: string;
+    cipher?: string;
+    passphrase?: string;
+  },
+  keyType: string | undefined,
+  objName?: string
+) {
+  return parseKeyEncoding(enc, keyType, keyType ? true : undefined, objName);
+}
+
+// Parses the private key encoding based on an object. keyType must be undefined
+// when this is used to parse an input encoding and must be a valid key type if
+// used to parse an output encoding.
+export function parsePrivateKeyEncoding(
+  enc: {
+    key: any;
+    encoding?: string;
+    format?: string;
+    cipher?: string;
+    passphrase?: string;
+  },
+  keyType: string | undefined,
+  objName?: string
+) {
+  return parseKeyEncoding(enc, keyType, false, objName);
+}