react-native-quick-crypto 0.3.2 → 0.4.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "react-native-quick-crypto",
-  "version": "0.3.2",
+  "version": "0.4.2",
   "description": "A fast implementation of Node's `crypto` module written in C/C++ JSI",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",
@@ -128,7 +128,8 @@
       ]
     },
     "globals": {
-      "BufferEncoding": true
+      "BufferEncoding": true,
+      "Buffer": true
     }
   },
   "eslintIgnore": [
@@ -161,7 +162,6 @@
     "@types/node": "^17.0.31",
     "events": "^3.3.0",
     "react-native-quick-base64": "^2.0.2",
-    "stream": "^0.0.2",
     "stream-browserify": "^3.0.0",
     "string_decoder": "^1.3.0",
     "crypto-browserify": "^3.12.0"

package/src/NativeQuickCrypto/NativeQuickCrypto.ts

@@ -11,6 +11,7 @@ import type {
   GenerateKeyPairMethod,
   GenerateKeyPairSyncMethod,
 } from './Cipher';
+import type { CreateSignMethod, CreateVerifyMethod } from './sig';
 
 interface NativeQuickCryptoSpec {
   createHmac: CreateHmacMethod;
@@ -24,6 +25,8 @@ interface NativeQuickCryptoSpec {
   privateDecrypt: PrivateDecryptMethod;
   generateKeyPair: GenerateKeyPairMethod;
   generateKeyPairSync: GenerateKeyPairSyncMethod;
+  createSign: CreateSignMethod;
+  createVerify: CreateVerifyMethod;
 }
 
 // global func declaration for JSI functions

package/src/NativeQuickCrypto/sig.ts

@@ -0,0 +1,17 @@
+// TODO Add real types to sign/verify, the problem is that because of encryption schemes
+// they will have variable amount of parameters
+export type InternalSign = {
+  init: (algorithm: string) => void;
+  update: (data: ArrayBuffer) => void;
+  sign: (...args: any) => Uint8Array; // returns raw bytes
+};
+
+export type InternalVerify = {
+  init: (algorithm: string) => void;
+  update: (data: ArrayBuffer) => void;
+  verify: (...args: any) => boolean;
+};
+
+export type CreateSignMethod = () => InternalSign;
+
+export type CreateVerifyMethod = () => InternalVerify;

package/src/QuickCrypto.ts

@@ -11,6 +11,7 @@ import {
   generateKeyPair,
   generateKeyPairSync,
 } from './Cipher';
+import { createSign, createVerify } from './sig';
 import { createHmac } from './Hmac';
 import { createHash } from './Hash';
 import { constants } from './constants';
@@ -29,6 +30,8 @@ export const QuickCrypto = {
   privateDecrypt,
   generateKeyPair,
   generateKeyPairSync,
+  createSign,
+  createVerify,
   constants,
   ...pbkdf2,
   ...random,

package/src/keys.ts

@@ -36,7 +36,7 @@ function option(name: string, objName: string | undefined) {
 }
 
 function parseKeyFormat(
-  formatStr: string,
+  formatStr: string | undefined,
   defaultFormat: KFormatType | undefined,
   optionName?: string
 ) {
@@ -50,10 +50,10 @@ function parseKeyFormat(
 }
 
 function parseKeyType(
-  typeStr: string,
+  typeStr: string | undefined,
   required: boolean,
-  keyType: string,
-  isPublic: boolean,
+  keyType: string | undefined,
+  isPublic: boolean | undefined,
   optionName: string
 ) {
   if (typeStr === undefined && !required) {
@@ -63,10 +63,6 @@ function parseKeyType(
       throw new Error(
         `Crypto incompatible key options: ${typeStr} can only be used for RSA keys`
       );
-      // throw new ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS(
-      //   typeStr,
-      //   'can only be used for RSA keys'
-      // );
     }
     return KeyEncoding.kKeyEncodingPKCS1;
   } else if (typeStr === 'spki' && isPublic !== false) {
@@ -86,10 +82,17 @@ function parseKeyType(
 }
 
 function parseKeyFormatAndType(
-  enc: any,
-  keyType: any,
-  isPublic: any,
-  objName: any
+  enc: {
+    key: any;
+    type?: string;
+    encoding?: string;
+    format?: string;
+    cipher?: string;
+    passphrase?: string;
+  },
+  keyType: string | undefined,
+  isPublic: boolean | undefined,
+  objName: string | undefined
 ) {
   const { format: formatStr, type: typeStr } = enc;
 
@@ -103,6 +106,7 @@ function parseKeyFormatAndType(
   const isRequired =
     (!isInput || format === KFormatType.kKeyFormatDER) &&
     format !== KFormatType.kKeyFormatJWK;
+
   const type = parseKeyType(
     typeStr,
     isRequired,
@@ -116,6 +120,7 @@ function parseKeyFormatAndType(
 function parseKeyEncoding(
   enc: {
     key: any;
+    type?: string;
     encoding?: string;
     format?: string;
     cipher?: string;
@@ -123,7 +128,7 @@ function parseKeyEncoding(
   },
   keyType: string | undefined,
   isPublic: boolean | undefined,
-  objName?: string
+  objName?: string | undefined
 ) {
   // validateObject(enc, 'options');
 

package/src/sig.ts

@@ -0,0 +1,179 @@
+import { NativeQuickCrypto } from './NativeQuickCrypto/NativeQuickCrypto';
+import type { InternalSign, InternalVerify } from './NativeQuickCrypto/sig';
+import Stream from 'stream-browserify';
+
+// TODO(osp) same as publicCipher on node this are defined on C++ and exposed to node
+// Do the same here
+enum DSASigEnc {
+  kSigEncDER,
+  kSigEncP1363,
+}
+
+import {
+  BinaryLike,
+  binaryLikeToArrayBuffer,
+  getDefaultEncoding,
+} from './Utils';
+import { preparePrivateKey, preparePublicOrPrivateKey } from './keys';
+
+const createInternalSign = NativeQuickCrypto.createSign;
+const createInternalVerify = NativeQuickCrypto.createVerify;
+
+function getPadding(options: any) {
+  return getIntOption('padding', options);
+}
+
+function getSaltLength(options: any) {
+  return getIntOption('saltLength', options);
+}
+
+function getDSASignatureEncoding(options: any) {
+  if (typeof options === 'object') {
+    const { dsaEncoding = 'der' } = options;
+    if (dsaEncoding === 'der') return DSASigEnc.kSigEncDER;
+    else if (dsaEncoding === 'ieee-p1363') return DSASigEnc.kSigEncP1363;
+    throw new Error(`options.dsaEncoding: ${dsaEncoding} not a valid encoding`);
+  }
+
+  return DSASigEnc.kSigEncDER;
+}
+
+function getIntOption(name: string, options: any) {
+  const value = options[name];
+  if (value !== undefined) {
+    if (value === value >> 0) {
+      return value;
+    }
+    throw new Error(`options.${name}: ${value} not a valid int value`);
+  }
+  return undefined;
+}
+
+class Verify extends Stream.Writable {
+  private internal: InternalVerify;
+  constructor(algorithm: string, options: Stream.WritableOptions) {
+    super(options);
+    this.internal = createInternalVerify();
+    this.internal.init(algorithm);
+  }
+
+  _write(chunk: BinaryLike, encoding: string, callback: () => void) {
+    this.update(chunk, encoding);
+    callback();
+  }
+
+  update(data: BinaryLike, encoding?: string) {
+    encoding = encoding ?? getDefaultEncoding();
+    data = binaryLikeToArrayBuffer(data, encoding);
+    this.internal.update(data);
+    return this;
+  }
+
+  verify(
+    options: {
+      key: string | Buffer;
+      format?: string;
+      type?: string;
+      passphrase?: string;
+      padding?: number;
+      saltLength?: number;
+    },
+    signature: BinaryLike
+  ): boolean {
+    if (!options) {
+      throw new Error('Crypto sign key required');
+    }
+
+    const { data, format, type, passphrase } =
+      preparePublicOrPrivateKey(options);
+
+    const rsaPadding = getPadding(options);
+    const pssSaltLength = getSaltLength(options);
+
+    // Options specific to (EC)DSA
+    const dsaSigEnc = getDSASignatureEncoding(options);
+
+    const ret = this.internal.verify(
+      data,
+      format,
+      type,
+      passphrase,
+      binaryLikeToArrayBuffer(signature),
+      rsaPadding,
+      pssSaltLength,
+      dsaSigEnc
+    );
+
+    return ret;
+  }
+}
+
+class Sign extends Stream.Writable {
+  private internal: InternalSign;
+  constructor(algorithm: string, options: Stream.WritableOptions) {
+    super(options);
+    this.internal = createInternalSign();
+    this.internal.init(algorithm);
+  }
+
+  _write(chunk: BinaryLike, encoding: string, callback: () => void) {
+    this.update(chunk, encoding);
+    callback();
+  }
+
+  update(data: BinaryLike, encoding?: string) {
+    encoding = encoding ?? getDefaultEncoding();
+    data = binaryLikeToArrayBuffer(data, encoding);
+    this.internal.update(data);
+    return this;
+  }
+
+  sign(
+    options: {
+      key: string | Buffer;
+      format?: string;
+      type?: string;
+      passphrase?: string;
+      padding?: number;
+      saltLength?: number;
+    },
+    encoding?: string
+  ) {
+    if (!options) {
+      throw new Error('Crypto sign key required');
+    }
+
+    const { data, format, type, passphrase } = preparePrivateKey(options);
+
+    const rsaPadding = getPadding(options);
+    const pssSaltLength = getSaltLength(options);
+
+    // Options specific to (EC)DSA
+    const dsaSigEnc = getDSASignatureEncoding(options);
+
+    const ret = this.internal.sign(
+      data,
+      format,
+      type,
+      passphrase,
+      rsaPadding,
+      pssSaltLength,
+      dsaSigEnc
+    );
+
+    encoding = encoding || getDefaultEncoding();
+    if (encoding && encoding !== 'buffer') {
+      return Buffer.from(ret).toString(encoding as any);
+    }
+
+    return Buffer.from(ret);
+  }
+}
+
+export function createSign(algorithm: string, options?: any) {
+  return new Sign(algorithm, options);
+}
+
+export function createVerify(algorithm: string, options?: any) {
+  return new Verify(algorithm, options);
+}