react-native-quick-crypto 0.2.0

package/react-native-quick-crypto.podspec

@@ -0,0 +1,44 @@
+require "json"
+
+package = JSON.parse(File.read(File.join(__dir__, "package.json")))
+
+Pod::Spec.new do |s|
+  s.name         = "react-native-quick-crypto"
+  s.version      = package["version"]
+  s.summary      = package["description"]
+  s.homepage     = package["homepage"]
+  s.license      = package["license"]
+  s.authors      = package["authors"]
+
+  s.platforms    = { :ios => "11.0", :tvos => "12.0", :osx => "10.14" }
+  s.source       = { :git => "https://github.com/mrousavy/react-native-quick-crypto.git", :tag => "#{s.version}" }
+
+  # All source files that should be publicly visible
+  # Note how this does not include headers, since those can nameclash.
+  s.source_files = [
+    "ios/**/*.{h,m,mm}",
+    "cpp/**/*.{h,c,cpp}",
+    "ios/QuickCryptoModule.h"
+  ]
+  # Any private headers that are not globally unique should be mentioned here.
+  # Otherwise there will be a nameclash, since CocoaPods flattens out any header directories
+  # See https://github.com/firebase/firebase-ios-sdk/issues/4035 for more details.
+  # s.preserve_paths = [
+  #   'ios/**/*.h',
+  #   'cpp/**/*.h'
+  # ]
+
+  s.pod_target_xcconfig    = {
+    "USE_HEADERMAP" => "YES",
+    "HEADER_SEARCH_PATHS" => "\"$(PODS_TARGET_SRCROOT)/ReactCommon\" \"$(PODS_TARGET_SRCROOT)\"  \"$(PODS_ROOT)/boost\" \"$(PODS_ROOT)/boost-for-react-native\" \"$(PODS_ROOT)/DoubleConversion\" \"$(PODS_ROOT)/Headers/Private/React-Core\" "
+  }
+  s.xcconfig               = {
+    "CLANG_CXX_LANGUAGE_STANDARD" => "c++14",
+    "HEADER_SEARCH_PATHS" => "\"$(PODS_ROOT)/boost\" \"$(PODS_ROOT)/boost-for-react-native\" \"$(PODS_ROOT)/glog\"  \"${PODS_ROOT}/Headers/Public/React-hermes\" \"${PODS_ROOT}/Headers/Public/hermes-engine\""
+  }
+
+  s.dependency "OpenSSL-Universal", "~> 1.1.1300"
+  s.dependency "React-Core"
+  s.dependency "React"
+  s.dependency "React-callinvoker"
+end

package/src/Cipher.ts

@@ -0,0 +1,322 @@
+/* eslint-disable no-dupe-class-members */
+import { NativeQuickCrypto } from './NativeQuickCrypto/NativeQuickCrypto';
+import Stream from 'stream';
+import {
+  BinaryLike,
+  binaryLikeToArrayBuffer,
+  CipherEncoding,
+  Encoding,
+  getDefaultEncoding,
+} from './Utils';
+import type { InternalCipher } from './NativeQuickCrypto/Cipher';
+// TODO(osp) re-enable type specific constructors
+// They are nice to have but not absolutely necessary
+// import type {
+//   CipherCCMOptions,
+//   CipherCCMTypes,
+//   CipherGCMTypes,
+//   CipherGCMOptions,
+//   // CipherKey,
+//   // KeyObject,
+//   // TODO @Szymon20000 This types seem to be missing? Where did you get this definitions from?
+//   // CipherOCBTypes,
+//   // CipherOCBOptions,
+// } from 'crypto'; // Node crypto typings
+import { StringDecoder } from 'string_decoder';
+import type { Buffer } from '@craftzdog/react-native-buffer';
+import { Buffer as SBuffer } from 'safe-buffer';
+
+const createInternalCipher = NativeQuickCrypto.createCipher;
+const createInternalDecipher = NativeQuickCrypto.createDecipher;
+
+function getUIntOption(options: Record<string, any>, key: string) {
+  let value;
+  if (options && (value = options[key]) != null) {
+    // >>> Turns any type into a positive integer (also sets the sign bit to 0)
+    // eslint-disable-next-line no-bitwise
+    if (value >>> 0 !== value) throw new Error(`options.${key}: ${value}`);
+    return value;
+  }
+  return -1;
+}
+
+function normalizeEncoding(enc: string) {
+  if (!enc) return 'utf8';
+  var retried;
+  while (true) {
+    switch (enc) {
+      case 'utf8':
+      case 'utf-8':
+        return 'utf8';
+      case 'ucs2':
+      case 'ucs-2':
+      case 'utf16le':
+      case 'utf-16le':
+        return 'utf16le';
+      case 'latin1':
+      case 'binary':
+        return 'latin1';
+      case 'base64':
+      case 'ascii':
+      case 'hex':
+        return enc;
+      default:
+        if (retried) return; // undefined
+        enc = ('' + enc).toLowerCase();
+        retried = true;
+    }
+  }
+}
+
+function validateEncoding(data: string, encoding: string) {
+  const normalizedEncoding = normalizeEncoding(encoding);
+  const length = data.length;
+
+  if (normalizedEncoding === 'hex' && length % 2 !== 0) {
+    throw new Error(`Encoding ${encoding} not valid for data length ${length}`);
+  }
+}
+
+function getDecoder(decoder?: StringDecoder, encoding?: BufferEncoding) {
+  return decoder ?? new StringDecoder(encoding);
+}
+
+class CipherCommon extends Stream.Transform {
+  private internal: InternalCipher;
+  private decoder: StringDecoder | undefined;
+
+  constructor(
+    cipherType: string,
+    cipherKey: BinaryLike,
+    isCipher: boolean,
+    options: Record<string, any> = {},
+    iv?: BinaryLike | null
+  ) {
+    super(options);
+    const cipherKeyBuffer = binaryLikeToArrayBuffer(cipherKey);
+    // TODO(osp) This might not be smart, check again after release
+    const authTagLength = getUIntOption(options, 'authTagLength');
+    const args = {
+      cipher_type: cipherType,
+      cipher_key: cipherKeyBuffer,
+      iv,
+      ...options,
+      auth_tag_len: authTagLength,
+    };
+    this.internal = isCipher
+      ? createInternalCipher(args)
+      : createInternalDecipher(args);
+  }
+
+  update(
+    data: BinaryLike,
+    inputEncoding?: CipherEncoding,
+    outputEncoding?: CipherEncoding
+  ): ArrayBuffer | string {
+    const defaultEncoding = getDefaultEncoding();
+    inputEncoding = inputEncoding ?? defaultEncoding;
+    outputEncoding = outputEncoding ?? defaultEncoding;
+
+    if (typeof data === 'string') {
+      validateEncoding(data, inputEncoding);
+    } else if (!ArrayBuffer.isView(data)) {
+      throw new Error('Invalid data argument');
+    }
+
+    if (typeof data === 'string') {
+      // On node this is handled on the native side
+      // on our case we need to correctly send the arraybuffer to the jsi side
+      inputEncoding = inputEncoding === 'buffer' ? 'utf8' : inputEncoding;
+      data = binaryLikeToArrayBuffer(data, inputEncoding);
+    } else {
+      data = binaryLikeToArrayBuffer(data as any, inputEncoding);
+    }
+
+    const ret = this.internal.update(data);
+
+    if (outputEncoding && outputEncoding !== 'buffer') {
+      this.decoder = getDecoder(this.decoder, outputEncoding);
+
+      return this.decoder!.write(SBuffer.from(ret) as any);
+    }
+
+    return ret;
+  }
+
+  final(): ArrayBuffer;
+  final(outputEncoding: BufferEncoding | 'buffer'): string;
+  final(outputEncoding?: BufferEncoding | 'buffer'): ArrayBuffer | string {
+    const ret = this.internal.final();
+
+    if (outputEncoding && outputEncoding !== 'buffer') {
+      this.decoder = getDecoder(this.decoder, outputEncoding);
+
+      return this.decoder!.end(SBuffer.from(ret) as any);
+    }
+
+    return ret;
+  }
+
+  _transform(chunk: BinaryLike, encoding: Encoding, callback: () => void) {
+    this.push(this.update(chunk, encoding));
+    callback();
+  }
+
+  _flush(callback: () => void) {
+    this.push(this.final());
+    callback();
+  }
+
+  public setAutoPadding(autoPadding?: boolean): this {
+    this.internal.setAutoPadding(!!autoPadding);
+    return this;
+  }
+
+  public setAAD(
+    buffer: Buffer,
+    options?: {
+      plaintextLength: number;
+    }
+  ): this {
+    this.internal.setAAD({
+      data: buffer.buffer,
+      plaintextLength: options?.plaintextLength,
+    });
+    return this;
+  }
+
+  // protected getAuthTag(): Buffer {
+  //   return Buffer.from(this.internal.getAuthTag());
+  // }
+
+  public setAuthTag(tag: Buffer): this {
+    this.internal.setAuthTag(tag.buffer);
+    return this;
+  }
+}
+
+class Cipher extends CipherCommon {
+  constructor(
+    cipherType: string,
+    cipherKey: BinaryLike,
+    options: Record<string, any> = {},
+    iv?: BinaryLike | null
+  ) {
+    if (iv != null) {
+      iv = binaryLikeToArrayBuffer(iv);
+    }
+    super(cipherType, cipherKey, true, options, iv);
+  }
+}
+
+class Decipher extends CipherCommon {
+  constructor(
+    cipherType: string,
+    cipherKey: BinaryLike,
+    options: Record<string, any> = {},
+    iv?: BinaryLike | null
+  ) {
+    if (iv != null) {
+      iv = binaryLikeToArrayBuffer(iv);
+    }
+
+    super(cipherType, cipherKey, false, options, iv);
+  }
+}
+
+// TODO(osp) This definitions cause typescript errors when using the API
+// export function createDecipher(
+//   algorithm: CipherCCMTypes,
+//   password: BinaryLike,
+//   options: CipherCCMOptions
+// ): Decipher;
+// export function createDecipher(
+//   algorithm: CipherGCMTypes,
+//   password: BinaryLike,
+//   options?: CipherGCMOptions
+// ): Decipher;
+export function createDecipher(
+  algorithm: string,
+  password: BinaryLike,
+  options?: Stream.TransformOptions
+): Decipher {
+  return new Decipher(algorithm, password, options);
+}
+
+// TODO(osp) This definitions cause typescript errors when using the API
+// export function createDecipheriv(
+//   algorithm: CipherCCMTypes,
+//   key: BinaryLike,
+//   iv: BinaryLike,
+//   options: CipherCCMOptions
+// ): Decipher;
+// export function createDecipheriv(
+//   algorithm: CipherOCBTypes,
+//   key: BinaryLike,
+//   iv: BinaryLike,
+//   options: CipherOCBOptions
+// ): DecipherOCB;
+// export function createDecipheriv(
+//   algorithm: CipherGCMTypes,
+//   key: BinaryLike,
+//   iv: BinaryLike,
+//   options?: CipherGCMOptions
+// ): Decipher;
+export function createDecipheriv(
+  algorithm: string,
+  key: BinaryLike,
+  iv: BinaryLike | null,
+  options?: Stream.TransformOptions
+): Decipher {
+  return new Decipher(algorithm, key, options, iv);
+}
+
+// TODO(osp) This definitions cause typescript errors when using the API
+// commenting them out for now
+// export function createCipher(
+//   algorithm: CipherCCMTypes,
+//   password: BinaryLike,
+//   options: CipherCCMOptions
+// ): Cipher;
+// export function createCipher(
+//   algorithm: CipherGCMTypes,
+//   password: BinaryLike,
+//   options?: CipherGCMOptions
+// ): Cipher;
+export function createCipher(
+  algorithm: string,
+  password: BinaryLike,
+  options?: Stream.TransformOptions
+): Cipher {
+  return new Cipher(algorithm, password, options);
+}
+
+// TODO(osp) on all the createCipheriv methods, node seems to use a "KeyObject" is seems to be a thread safe
+// object that creates keys and what not. Not sure if we should support it.
+// Fow now I replaced all of them to BinaryLike
+// export function createCipheriv(
+//   algorithm: CipherCCMTypes,
+//   key: BinaryLike,
+//   iv: BinaryLike,
+//   options: CipherCCMOptions
+// ): Cipher;
+// export function createCipheriv(
+//   algorithm: CipherOCBTypes,
+//   key: BinaryLike,
+//   iv: BinaryLike,
+//   options: CipherOCBOptions
+// ): CipherOCB;
+// export function createCipheriv(
+//   algorithm: CipherGCMTypes,
+//   key: BinaryLike,
+//   iv: BinaryLike,
+//   options?: CipherGCMOptions
+// ): Cipher;
+export function createCipheriv(
+  algorithm: string,
+  key: BinaryLike,
+  iv: BinaryLike | null,
+  options?: Stream.TransformOptions
+): Cipher {
+  return new Cipher(algorithm, key, options, iv);
+}

package/src/Hash.ts

@@ -0,0 +1,98 @@
+/* eslint-disable no-dupe-class-members */
+import 'react-native';
+import { NativeQuickCrypto } from './NativeQuickCrypto/NativeQuickCrypto';
+import type { InternalHash } from './NativeQuickCrypto/hash';
+import { Encoding, toArrayBuffer } from './Utils';
+import Stream from 'stream';
+import { Buffer } from '@craftzdog/react-native-buffer';
+interface HashOptionsBase extends Stream.TransformOptions {
+  outputLength?: number | undefined;
+}
+
+type HashOptions = null | undefined | HashOptionsBase;
+
+global.process.nextTick = setImmediate;
+
+const createInternalHash = NativeQuickCrypto.createHash;
+
+type BinaryLike = ArrayBuffer;
+
+export function createHash(algorithm: string, options?: HashOptions) {
+  return new Hash(algorithm, options);
+}
+
+class Hash extends Stream.Transform {
+  private internalHash: InternalHash;
+
+  constructor(other: Hash, options?: HashOptions);
+  constructor(algorithm: string, options?: HashOptions);
+  constructor(arg: string | Hash, options?: HashOptions) {
+    super(options ?? undefined);
+    if (arg instanceof Hash) {
+      this.internalHash = arg.internalHash.copy(options?.outputLength);
+    } else {
+      this.internalHash = createInternalHash(arg, options?.outputLength);
+    }
+  }
+
+  copy(options?: HashOptionsBase): Hash {
+    const copy = new Hash(this, options);
+    return copy;
+  }
+  /**
+   * Updates the hash content with the given `data`, the encoding of which
+   * is given in `inputEncoding`.
+   * If `encoding` is not provided, and the `data` is a string, an
+   * encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, then `inputEncoding` is ignored.
+   *
+   * This can be called many times with new data as it is streamed.
+   * @since v0.1.92
+   * @param inputEncoding The `encoding` of the `data` string.
+   */
+  update(data: string | BinaryLike, inputEncoding?: Encoding): Hash {
+    if (data instanceof ArrayBuffer) {
+      this.internalHash.update(data);
+      return this;
+    }
+    const buffer = Buffer.from(data, inputEncoding);
+    this.internalHash.update(toArrayBuffer(buffer));
+    return this;
+  }
+
+  _transform(
+    chunk: string | BinaryLike,
+    encoding: Encoding,
+    callback: () => void
+  ) {
+    this.update(chunk, encoding);
+    callback();
+  }
+
+  _flush(callback: () => void) {
+    this.push(this.digest());
+    callback();
+  }
+
+  /**
+   * Calculates the digest of all of the data passed to be hashed (using the `hash.update()` method).
+   * If `encoding` is provided a string will be returned; otherwise
+   * a `Buffer` is returned.
+   *
+   * The `Hash` object can not be used again after `hash.digest()` method has been
+   * called. Multiple calls will cause an error to be thrown.
+   * @since v0.1.92
+   * @param encoding The `encoding` of the return value.
+   */
+  digest(): Buffer;
+  digest(encoding: 'buffer'): Buffer;
+  digest(encoding: Encoding): string;
+  digest(encoding?: Encoding | 'buffer'): string | Buffer {
+    const result: ArrayBuffer = this.internalHash.digest();
+
+    if (encoding && encoding !== 'buffer') {
+      return Buffer.from(result).toString(encoding);
+    }
+
+    return Buffer.from(result);
+  }
+}

package/src/Hmac.ts

@@ -0,0 +1,107 @@
+/* eslint-disable no-dupe-class-members */
+import { NativeQuickCrypto } from './NativeQuickCrypto/NativeQuickCrypto';
+import type { InternalHmac } from './NativeQuickCrypto/hmac';
+import {
+  Encoding,
+  toArrayBuffer,
+  BinaryLike,
+  binaryLikeToArrayBuffer,
+} from './Utils';
+import Stream from 'stream';
+import { Buffer } from '@craftzdog/react-native-buffer';
+
+const createInternalHmac = NativeQuickCrypto.createHmac;
+
+export function createHmac(
+  algorithm: string,
+  key: BinaryLike,
+  options?: Stream.TransformOptions
+) {
+  return new Hmac(algorithm, key, options);
+}
+
+class Hmac extends Stream.Transform {
+  private internalHmac: InternalHmac;
+  private isFinalized: boolean = false;
+
+  constructor(
+    algorithm: string,
+    key: BinaryLike,
+    _options?: Stream.TransformOptions
+  ) {
+    super();
+    let keyAsString = binaryLikeToArrayBuffer(key);
+
+    if (keyAsString === undefined) {
+      throw 'Wrong key type';
+    }
+
+    this.internalHmac = createInternalHmac(
+      algorithm,
+      keyAsString as ArrayBuffer
+    );
+  }
+
+  /**
+   * Updates the `Hmac` content with the given `data`, the encoding of which
+   * is given in `inputEncoding`.
+   * If `encoding` is not provided, and the `data` is a string, an
+   * encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, then `inputEncoding` is ignored.
+   *
+   * This can be called many times with new data as it is streamed.
+   * @since v0.1.94
+   * @param inputEncoding The `encoding` of the `data` string.
+   */
+  update(data: string | BinaryLike, inputEncoding?: Encoding): Hmac {
+    if (data instanceof ArrayBuffer) {
+      this.internalHmac.update(data);
+      return this;
+    }
+    if (typeof data === 'string') {
+      const buffer = Buffer.from(data, inputEncoding);
+      this.internalHmac.update(toArrayBuffer(buffer));
+      return this;
+    }
+
+    this.internalHmac.update(binaryLikeToArrayBuffer(data));
+    return this;
+  }
+
+  _transform(
+    chunk: string | BinaryLike,
+    encoding: Encoding,
+    callback: () => void
+  ) {
+    this.update(chunk, encoding);
+    callback();
+  }
+
+  _flush(callback: () => void) {
+    this.push(this.digest());
+    callback();
+  }
+
+  /**
+   * Calculates the HMAC digest of all of the data passed using `hmac.update()`.
+   * If `encoding` is
+   * provided a string is returned; otherwise a `Buffer` is returned;
+   *
+   * The `Hmac` object can not be used again after `hmac.digest()` has been
+   * called. Multiple calls to `hmac.digest()` will result in an error being thrown.
+   * @since v0.1.94
+   * @param encoding The `encoding` of the return value.
+   */
+  digest(): Buffer;
+  digest(encoding: 'buffer'): Buffer;
+  digest(encoding: Encoding): string;
+  digest(encoding?: Encoding | 'buffer'): string | Buffer {
+    const result: ArrayBuffer = this.isFinalized
+      ? new ArrayBuffer(0)
+      : this.internalHmac.digest();
+    this.isFinalized = true;
+    if (encoding && encoding !== 'buffer') {
+      return Buffer.from(result).toString(encoding);
+    }
+    return Buffer.from(result);
+  }
+}

package/src/NativeQuickCrypto/Cipher.ts

@@ -0,0 +1,25 @@
+import type { BinaryLike } from 'src/Utils';
+
+export type InternalCipher = {
+  update: (data: BinaryLike | ArrayBufferView) => ArrayBuffer;
+  final: () => ArrayBuffer;
+  copy: () => void;
+  setAAD: (args: {
+    data: BinaryLike;
+    plaintextLength?: number;
+  }) => InternalCipher;
+  setAutoPadding: (autoPad: boolean) => boolean;
+  setAuthTag: (tag: ArrayBuffer) => boolean;
+};
+
+export type CreateCipherMethod = (params: {
+  cipher_type: string;
+  cipher_key: ArrayBuffer;
+  auth_tag_len: number;
+}) => InternalCipher;
+
+export type CreateDecipherMethod = (params: {
+  cipher_type: string;
+  cipher_key: ArrayBuffer;
+  auth_tag_len: number;
+}) => InternalCipher;

package/src/NativeQuickCrypto/NativeQuickCrypto.ts

@@ -0,0 +1,79 @@
+import { NativeModules, Platform } from 'react-native';
+import type { CreateHmacMethod } from './hmac';
+import type { CreateHashMethod } from './hash';
+import type { Pbkdf2Object } from './pbkdf2';
+import type { RandomObject } from './random';
+import type { CreateCipherMethod, CreateDecipherMethod } from './Cipher';
+
+interface NativeQuickCryptoSpec {
+  createHmac: CreateHmacMethod;
+  pbkdf2: Pbkdf2Object;
+  random: RandomObject;
+  createHash: CreateHashMethod;
+  createCipher: CreateCipherMethod;
+  createDecipher: CreateDecipherMethod;
+}
+
+// global func declaration for JSI functions
+declare global {
+  function nativeCallSyncHook(): unknown;
+  var __QuickCryptoProxy: object | undefined;
+}
+
+// Check if the constructor exists. If not, try installing the JSI bindings.
+if (global.__QuickCryptoProxy == null) {
+  // Get the native QuickCrypto ReactModule
+  const QuickCryptoModule = NativeModules.QuickCrypto;
+  if (QuickCryptoModule == null) {
+    let message =
+      'Failed to install react-native-quick-crypto: The native `QuickCrypto` Module could not be found.';
+    message +=
+      '\n* Make sure react-native-quick-crypto is correctly autolinked (run `npx react-native config` to verify)';
+    if (Platform.OS === 'ios' || Platform.OS === 'macos') {
+      message += '\n* Make sure you ran `pod install` in the ios/ directory.';
+    }
+    if (Platform.OS === 'android') {
+      message += '\n* Make sure gradle is synced.';
+    }
+    // check if Expo
+    const ExpoConstants =
+      NativeModules.NativeUnimoduleProxy?.modulesConstants?.ExponentConstants;
+    if (ExpoConstants != null) {
+      if (ExpoConstants.appOwnership === 'expo') {
+        // We're running Expo Go
+        throw new Error(
+          'react-native-quick-crypto is not supported in Expo Go! Use EAS (`expo prebuild`) or eject to a bare workflow instead.'
+        );
+      } else {
+        // We're running Expo bare / standalone
+        message += '\n* Make sure you ran `expo prebuild`.';
+      }
+    }
+
+    message += '\n* Make sure you rebuilt the app.';
+    throw new Error(message);
+  }
+
+  // Check if we are running on-device (JSI)
+  if (global.nativeCallSyncHook == null || QuickCryptoModule.install == null) {
+    throw new Error(
+      'Failed to install react-native-quick-crypto: React Native is not running on-device. QuickCrypto can only be used when synchronous method invocations (JSI) are possible. If you are using a remote debugger (e.g. Chrome), switch to an on-device debugger (e.g. Flipper) instead.'
+    );
+  }
+
+  // Call the synchronous blocking install() function
+  const result = QuickCryptoModule.install();
+  if (result !== true)
+    throw new Error(
+      `Failed to install react-native-quick-crypto: The native QuickCrypto Module could not be installed! Looks like something went wrong when installing JSI bindings: ${result}`
+    );
+
+  // Check again if the constructor now exists. If not, throw an error.
+  if (global.__QuickCryptoProxy == null)
+    throw new Error(
+      'Failed to install react-native-quick-crypto, the native initializer function does not exist. Are you trying to use QuickCrypto from different JS Runtimes?'
+    );
+}
+
+const proxy = global.__QuickCryptoProxy;
+export const NativeQuickCrypto = proxy as any as NativeQuickCryptoSpec;

package/src/NativeQuickCrypto/hash.ts

@@ -0,0 +1,10 @@
+export type InternalHash = {
+  update: (data: ArrayBuffer) => InternalHash;
+  digest: () => ArrayBuffer;
+  copy: (len?: number) => InternalHash;
+};
+
+export type CreateHashMethod = (
+  algorithm: string,
+  outputLength?: number
+) => InternalHash;

package/src/NativeQuickCrypto/hmac.ts

@@ -0,0 +1,9 @@
+export type InternalHmac = {
+  update: (data: ArrayBuffer) => InternalHmac;
+  digest: () => ArrayBuffer;
+};
+
+export type CreateHmacMethod = (
+  algorithm: string,
+  key?: ArrayBuffer
+) => InternalHmac;