react-native-quick-crypto 0.6.0 → 0.7.0-rc.0

package/src/subtle.ts

@@ -0,0 +1,358 @@
+import {
+  type ImportFormat,
+  type SubtleAlgorithm,
+  type KeyUsage,
+  CryptoKey,
+  KWebCryptoKeyFormat,
+  createSecretKey,
+  type AnyAlgorithm,
+  type JWK,
+} from './keys';
+import {
+  hasAnyNotIn,
+  type BufferLike,
+  type BinaryLike,
+  normalizeAlgorithm,
+  lazyDOMException,
+  normalizeHashName,
+  HashContext,
+} from './Utils';
+import { ecImportKey, ecExportKey } from './ec';
+import { pbkdf2DeriveBits } from './pbkdf2';
+import { asyncDigest } from './Hash';
+import { aesImportKey, getAlgorithmName } from './aes';
+import { rsaImportKey } from './rsa';
+
+const exportKeySpki = async (key: CryptoKey): Promise<ArrayBuffer | any> => {
+  switch (key.algorithm.name) {
+    // case 'RSASSA-PKCS1-v1_5':
+    // // Fall through
+    // case 'RSA-PSS':
+    // // Fall through
+    // case 'RSA-OAEP':
+    //   if (key.type === 'public') {
+    //     return require('internal/crypto/rsa').rsaExportKey(
+    //       key,
+    //       kWebCryptoKeyFormatSPKI
+    //     );
+    //   }
+    //   break;
+    case 'ECDSA':
+    // Fall through
+    case 'ECDH':
+      if (key.type === 'public') {
+        return ecExportKey(key, KWebCryptoKeyFormat.kWebCryptoKeyFormatSPKI);
+      }
+      break;
+    // case 'Ed25519':
+    // // Fall through
+    // case 'Ed448':
+    // // Fall through
+    // case 'X25519':
+    // // Fall through
+    // case 'X448':
+    //   if (key.type === 'public') {
+    //     return require('internal/crypto/cfrg').cfrgExportKey(
+    //       key,
+    //       kWebCryptoKeyFormatSPKI
+    //     );
+    //   }
+    //   break;
+  }
+
+  throw new Error(
+    `Unable to export a raw ${key.algorithm.name} ${key.type} key`
+  );
+};
+
+const exportKeyRaw = (key: CryptoKey): ArrayBuffer | any => {
+  switch (key.algorithm.name) {
+    case 'ECDSA':
+    // Fall through
+    case 'ECDH':
+      if (key.type === 'public') {
+        return ecExportKey(key, KWebCryptoKeyFormat.kWebCryptoKeyFormatRaw);
+      }
+      break;
+    // case 'Ed25519':
+    //   // Fall through
+    // case 'Ed448':
+    //   // Fall through
+    // case 'X25519':
+    //   // Fall through
+    // case 'X448':
+    //   if (key.type === 'public') {
+    //     return require('internal/crypto/cfrg')
+    //       .cfrgExportKey(key, kWebCryptoKeyFormatRaw);
+    //   }
+    //   break;
+    case 'AES-CTR':
+    // Fall through
+    case 'AES-CBC':
+    // Fall through
+    case 'AES-GCM':
+    // Fall through
+    case 'AES-KW':
+    // Fall through
+    case 'HMAC':
+      return key.keyObject.export();
+  }
+
+  throw lazyDOMException(
+    `Unable to export a raw ${key.algorithm.name} ${key.type} key`,
+    'InvalidAccessError'
+  );
+};
+
+const exportKeyJWK = (key: CryptoKey): ArrayBuffer | any => {
+  const jwk = key.keyObject.handle.exportJwk(
+    {
+      key_ops: key.usages,
+      ext: key.extractable,
+    },
+    true
+  );
+  switch (key.algorithm.name) {
+    case 'RSASSA-PKCS1-v1_5':
+      jwk.alg = normalizeHashName(key.algorithm.hash, HashContext.JwkRsa);
+      return jwk;
+    case 'RSA-PSS':
+      jwk.alg = normalizeHashName(key.algorithm.hash, HashContext.JwkRsaPss);
+      return jwk;
+    case 'RSA-OAEP':
+      jwk.alg = normalizeHashName(key.algorithm.hash, HashContext.JwkRsaOaep);
+      return jwk;
+    case 'ECDSA':
+    // Fall through
+    case 'ECDH':
+      jwk.crv ||= key.algorithm.namedCurve;
+      return jwk;
+    // case 'X25519':
+    //   // Fall through
+    // case 'X448':
+    //   jwk.crv ||= key.algorithm.name;
+    //   return jwk;
+    // case 'Ed25519':
+    //   // Fall through
+    // case 'Ed448':
+    //   jwk.crv ||= key.algorithm.name;
+    //   return jwk;
+    case 'AES-CTR':
+    // Fall through
+    case 'AES-CBC':
+    // Fall through
+    case 'AES-GCM':
+    // Fall through
+    case 'AES-KW':
+      jwk.alg = getAlgorithmName(key.algorithm.name, key.algorithm.length);
+      return jwk;
+    // case 'HMAC':
+    //   jwk.alg = normalizeHashName(
+    //     key.algorithm.hash.name,
+    //     normalizeHashName.kContextJwkHmac);
+    //   return jwk;
+    default:
+    // Fall through
+  }
+
+  throw lazyDOMException(
+    `JWK export not yet supported: ${key.algorithm.name}`,
+    'NotSupportedError'
+  );
+};
+
+const importGenericSecretKey = async (
+  { name, length }: SubtleAlgorithm,
+  format: ImportFormat,
+  keyData: BufferLike | BinaryLike,
+  extractable: boolean,
+  keyUsages: KeyUsage[]
+): Promise<CryptoKey> => {
+  if (extractable) {
+    throw new Error(`${name} keys are not extractable`);
+  }
+  if (hasAnyNotIn(keyUsages, ['deriveKey', 'deriveBits'])) {
+    throw new Error(`Unsupported key usage for a ${name} key`);
+  }
+
+  switch (format) {
+    case 'raw': {
+      if (hasAnyNotIn(keyUsages, ['deriveKey', 'deriveBits'])) {
+        throw new Error(`Unsupported key usage for a ${name} key`);
+      }
+
+      const checkLength =
+        typeof keyData === 'string'
+          ? keyData.length * 8
+          : keyData.byteLength * 8;
+
+      // The Web Crypto spec allows for key lengths that are not multiples of
+      // 8. We don't. Our check here is stricter than that defined by the spec
+      // in that we require that algorithm.length match keyData.length * 8 if
+      // algorithm.length is specified.
+      if (length !== undefined && length !== checkLength) {
+        throw new Error('Invalid key length');
+      }
+
+      const keyObject = createSecretKey(keyData);
+      return new CryptoKey(keyObject, { name }, keyUsages, false);
+    }
+  }
+
+  throw new Error(`Unable to import ${name} key with format ${format}`);
+};
+
+class Subtle {
+  async digest(
+    algorithm: SubtleAlgorithm | AnyAlgorithm,
+    data: BufferLike
+  ): Promise<ArrayBuffer> {
+    const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'digest');
+    return asyncDigest(normalizedAlgorithm, data);
+  }
+
+  async deriveBits(
+    algorithm: SubtleAlgorithm,
+    baseKey: CryptoKey,
+    length: number
+  ): Promise<ArrayBuffer> {
+    if (!baseKey.keyUsages.includes('deriveBits')) {
+      throw new Error('baseKey does not have deriveBits usage');
+    }
+    if (baseKey.algorithm.name !== algorithm.name)
+      throw new Error('Key algorithm mismatch');
+    switch (algorithm.name) {
+      // case 'X25519':
+      //   // Fall through
+      // case 'X448':
+      //   // Fall through
+      // case 'ECDH':
+      //   return require('internal/crypto/diffiehellman')
+      //     .ecdhDeriveBits(algorithm, baseKey, length);
+      // case 'HKDF':
+      //   return require('internal/crypto/hkdf')
+      //     .hkdfDeriveBits(algorithm, baseKey, length);
+      case 'PBKDF2':
+        return pbkdf2DeriveBits(algorithm, baseKey, length);
+    }
+    throw new Error(
+      `'subtle.deriveBits()' for ${algorithm.name} is not implemented.`
+    );
+  }
+
+  async importKey(
+    format: ImportFormat,
+    data: BufferLike | BinaryLike | JWK,
+    algorithm: SubtleAlgorithm,
+    extractable: boolean,
+    keyUsages: KeyUsage[]
+  ): Promise<CryptoKey> {
+    let result: CryptoKey;
+    switch (algorithm.name) {
+      case 'RSASSA-PKCS1-v1_5':
+      // Fall through
+      case 'RSA-PSS':
+      // Fall through
+      case 'RSA-OAEP':
+        result = rsaImportKey(
+          format,
+          data as BufferLike | JWK,
+          algorithm,
+          extractable,
+          keyUsages
+        );
+        break;
+      case 'ECDSA':
+      // Fall through
+      case 'ECDH':
+        result = ecImportKey(format, data, algorithm, extractable, keyUsages);
+        break;
+      // case 'Ed25519':
+      // // Fall through
+      // case 'Ed448':
+      // // Fall through
+      // case 'X25519':
+      // // Fall through
+      // case 'X448':
+      //   result = await require('internal/crypto/cfrg').cfrgImportKey(
+      //     format,
+      //     keyData,
+      //     algorithm,
+      //     extractable,
+      //     keyUsages
+      //   );
+      //   break;
+      // case 'HMAC':
+      //   result = await require('internal/crypto/mac').hmacImportKey(
+      //     format,
+      //     keyData,
+      //     algorithm,
+      //     extractable,
+      //     keyUsages
+      //   );
+      //   break;
+      case 'AES-CTR':
+      // Fall through
+      case 'AES-CBC':
+      // Fall through
+      case 'AES-GCM':
+      // Fall through
+      case 'AES-KW':
+        result = await aesImportKey(
+          algorithm,
+          format,
+          data as BufferLike | JWK,
+          extractable,
+          keyUsages
+        );
+        break;
+      // case 'HKDF':
+      // // Fall through
+      case 'PBKDF2':
+        result = await importGenericSecretKey(
+          algorithm,
+          format,
+          data as BufferLike | BinaryLike,
+          extractable,
+          keyUsages
+        );
+        break;
+      default:
+        throw new Error(
+          `"subtle.importKey()" is not implemented for ${algorithm.name}`
+        );
+    }
+
+    if (
+      (result.type === 'secret' || result.type === 'private') &&
+      result.usages.length === 0
+    ) {
+      throw new Error(
+        `Usages cannot be empty when importing a ${result.type} key.`
+      );
+    }
+
+    return result;
+  }
+
+  async exportKey(
+    format: ImportFormat,
+    key: CryptoKey
+  ): Promise<ArrayBuffer | any> {
+    if (!key.extractable) throw new Error('key is not extractable');
+
+    switch (format) {
+      case 'spki':
+        return await exportKeySpki(key);
+      // case 'pkcs8':
+      //   return await exportKeyPkcs8(key);
+      case 'jwk':
+        return exportKeyJWK(key);
+      case 'raw':
+        return exportKeyRaw(key);
+    }
+    throw new Error(`'subtle.exportKey()' is not implemented for ${format}`);
+  }
+}
+
+export const subtle = new Subtle();

package/lib/commonjs/@types/stream-browserify.d.js

@@ -1,2 +0,0 @@
-"use strict";
-//# sourceMappingURL=stream-browserify.d.js.map

package/lib/commonjs/@types/stream-browserify.d.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":[],"names":[],"mappings":"","sourcesContent":[]}

package/lib/module/@types/stream-browserify.d.js

@@ -1,2 +0,0 @@
-
-//# sourceMappingURL=stream-browserify.d.js.map

package/lib/module/@types/stream-browserify.d.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":[],"names":[],"mappings":"","sourcesContent":[]}

package/lib/typescript/Cipher.d.ts

@@ -1,87 +0,0 @@
-/// <reference types="node" />
-/// <reference types="node" />
-import Stream from 'stream-browserify';
-import { BinaryLike, CipherEncoding, Encoding } from './Utils';
-import { Buffer } from '@craftzdog/react-native-buffer';
-declare class CipherCommon extends Stream.Transform {
-    private internal;
-    private decoder;
-    constructor(cipherType: string, cipherKey: BinaryLike, isCipher: boolean, options?: Record<string, any>, iv?: BinaryLike | null);
-    update(data: BinaryLike, inputEncoding?: CipherEncoding, outputEncoding?: CipherEncoding): ArrayBuffer | string;
-    final(): ArrayBuffer;
-    final(outputEncoding: BufferEncoding | 'buffer'): string;
-    _transform(chunk: BinaryLike, encoding: Encoding, callback: () => void): void;
-    _flush(callback: () => void): void;
-    setAutoPadding(autoPadding?: boolean): this;
-    setAAD(buffer: Buffer, options?: {
-        plaintextLength: number;
-    }): this;
-    setAuthTag(tag: Buffer): this;
-}
-declare class Cipher extends CipherCommon {
-    constructor(cipherType: string, cipherKey: BinaryLike, options?: Record<string, any>, iv?: BinaryLike | null);
-}
-declare class Decipher extends CipherCommon {
-    constructor(cipherType: string, cipherKey: BinaryLike, options?: Record<string, any>, iv?: BinaryLike | null);
-}
-export declare function createDecipher(algorithm: string, password: BinaryLike, options?: Stream.TransformOptions): Decipher;
-export declare function createDecipheriv(algorithm: string, key: BinaryLike, iv: BinaryLike | null, options?: Stream.TransformOptions): Decipher;
-export declare function createCipher(algorithm: string, password: BinaryLike, options?: Stream.TransformOptions): Cipher;
-export declare function createCipheriv(algorithm: string, key: BinaryLike, iv: BinaryLike | null, options?: Stream.TransformOptions): Cipher;
-export declare const publicEncrypt: (options: {
-    key: any;
-    encoding?: string;
-    format?: any;
-    padding?: any;
-    oaepHash?: any;
-    oaepLabel?: any;
-    passphrase?: string;
-}, buffer: BinaryLike) => Buffer;
-export declare const publicDecrypt: (options: {
-    key: any;
-    encoding?: string;
-    format?: any;
-    padding?: any;
-    oaepHash?: any;
-    oaepLabel?: any;
-    passphrase?: string;
-}, buffer: BinaryLike) => Buffer;
-export declare const privateDecrypt: (options: {
-    key: any;
-    encoding?: string;
-    format?: any;
-    padding?: any;
-    oaepHash?: any;
-    oaepLabel?: any;
-    passphrase?: string;
-}, buffer: BinaryLike) => Buffer;
-declare type GenerateKeyPairOptions = {
-    modulusLength: number;
-    publicExponent?: number;
-    hashAlgorithm?: string;
-    mgf1HashAlgorithm?: string;
-    saltLength?: number;
-    divisorLength?: number;
-    namedCurve?: string;
-    prime?: Buffer;
-    primeLength?: number;
-    generator?: number;
-    groupName?: string;
-    publicKeyEncoding?: any;
-    privateKeyEncoding?: any;
-    paramEncoding?: string;
-    hash?: any;
-    mgf1Hash?: any;
-};
-declare type GenerateKeyPairCallback = (error: unknown | null, publicKey?: Buffer, privateKey?: Buffer) => void;
-export declare function generateKeyPair(type: string, callback: GenerateKeyPairCallback): void;
-export declare function generateKeyPair(type: string, options: GenerateKeyPairOptions, callback: GenerateKeyPairCallback): void;
-export declare function generateKeyPairSync(type: string): {
-    publicKey: any;
-    privateKey: any;
-};
-export declare function generateKeyPairSync(type: string, options: GenerateKeyPairOptions): {
-    publicKey: any;
-    privateKey: any;
-};
-export {};

package/lib/typescript/NativeQuickCrypto/Cipher.d.ts

@@ -1,32 +0,0 @@
-import type { BinaryLike } from '../Utils';
-import type { Buffer } from '@craftzdog/react-native-buffer';
-export declare enum RSAKeyVariant {
-    kKeyVariantRSA_SSA_PKCS1_v1_5 = 0,
-    kKeyVariantRSA_PSS = 1,
-    kKeyVariantRSA_OAEP = 2
-}
-export declare type InternalCipher = {
-    update: (data: BinaryLike | ArrayBufferView) => ArrayBuffer;
-    final: () => ArrayBuffer;
-    copy: () => void;
-    setAAD: (args: {
-        data: BinaryLike;
-        plaintextLength?: number;
-    }) => InternalCipher;
-    setAutoPadding: (autoPad: boolean) => boolean;
-    setAuthTag: (tag: ArrayBuffer) => boolean;
-};
-export declare type CreateCipherMethod = (params: {
-    cipher_type: string;
-    cipher_key: ArrayBuffer;
-    auth_tag_len: number;
-}) => InternalCipher;
-export declare type CreateDecipherMethod = (params: {
-    cipher_type: string;
-    cipher_key: ArrayBuffer;
-    auth_tag_len: number;
-}) => InternalCipher;
-export declare type PublicEncryptMethod = (data: ArrayBuffer, format: number, type: any, passphrase: any, buffer: ArrayBuffer, padding: number, oaepHash: any, oaepLabel: any) => Buffer;
-export declare type PrivateDecryptMethod = (data: ArrayBuffer, format: number, type: any, passphrase: any, buffer: ArrayBuffer, padding: number, oaepHash: any, oaepLabel: any) => Buffer;
-export declare type GenerateKeyPairMethod = (keyVariant: RSAKeyVariant, modulusLength: number, publicExponent: number, ...rest: any[]) => Promise<[error: unknown, publicBuffer: any, privateBuffer: any]>;
-export declare type GenerateKeyPairSyncMethod = (keyVariant: RSAKeyVariant, modulusLength: number, publicExponent: number, ...rest: any[]) => [error: unknown, publicBuffer: any, privateBuffer: any];

package/lib/typescript/NativeQuickCrypto/hash.d.ts

@@ -1,6 +0,0 @@
-export declare type InternalHash = {
-    update: (data: ArrayBuffer) => InternalHash;
-    digest: () => ArrayBuffer;
-    copy: (len?: number) => InternalHash;
-};
-export declare type CreateHashMethod = (algorithm: string, outputLength?: number) => InternalHash;

package/lib/typescript/NativeQuickCrypto/hmac.d.ts

@@ -1,5 +0,0 @@
-export declare type InternalHmac = {
-    update: (data: ArrayBuffer) => InternalHmac;
-    digest: () => ArrayBuffer;
-};
-export declare type CreateHmacMethod = (algorithm: string, key?: ArrayBuffer) => InternalHmac;

package/lib/typescript/Utils.d.ts

@@ -1,23 +0,0 @@
-import { Buffer } from '@craftzdog/react-native-buffer';
-export declare type BinaryLike = string | ArrayBuffer | Buffer;
-export declare type BinaryToTextEncoding = 'base64' | 'base64url' | 'hex' | 'binary';
-export declare type CharacterEncoding = 'utf8' | 'utf-8' | 'utf16le' | 'latin1';
-export declare type LegacyCharacterEncoding = 'ascii' | 'binary' | 'ucs2' | 'ucs-2';
-export declare type Encoding = BinaryToTextEncoding | CharacterEncoding | LegacyCharacterEncoding;
-export declare type CipherEncoding = Encoding | 'buffer';
-export declare function setDefaultEncoding(encoding: CipherEncoding): void;
-export declare function getDefaultEncoding(): CipherEncoding;
-export declare const kEmptyObject: any;
-export declare function toArrayBuffer(buf: Buffer): ArrayBuffer;
-export declare function binaryLikeToArrayBuffer(input: BinaryLike, encoding?: string): ArrayBuffer;
-export declare function ab2str(buf: ArrayBuffer, encoding?: string): string;
-export declare function validateString(str: any, name?: string): str is string;
-export declare function validateFunction(f: any): f is Function;
-export declare function isStringOrBuffer(val: any): val is string | ArrayBuffer;
-export declare function validateObject<T>(value: any, name: string, options?: {
-    allowArray: boolean;
-    allowFunction: boolean;
-    nullable: boolean;
-} | null): value is T;
-export declare function validateInt32(value: any, name: string, min?: number, max?: number): void;
-export declare function validateUint32(value: number, name: string, positive?: boolean): void;

package/lib/typescript/keys.d.ts

@@ -1,60 +0,0 @@
-import { BinaryLike } from './Utils';
-declare enum KFormatType {
-    kKeyFormatDER = 0,
-    kKeyFormatPEM = 1,
-    kKeyFormatJWK = 2
-}
-declare enum KeyEncoding {
-    kKeyEncodingPKCS1 = 0,
-    kKeyEncodingPKCS8 = 1,
-    kKeyEncodingSPKI = 2,
-    kKeyEncodingSEC1 = 3
-}
-export declare function preparePrivateKey(key: BinaryLike | {
-    key: any;
-    encoding?: string;
-    format?: any;
-    padding?: number;
-    passphrase?: string;
-}): {
-    format: KFormatType;
-    data: ArrayBuffer;
-    type?: any;
-    passphrase?: any;
-};
-export declare function preparePublicOrPrivateKey(key: BinaryLike | {
-    key: any;
-    encoding?: string;
-    format?: any;
-    padding?: number;
-}): {
-    format: KFormatType;
-    data: ArrayBuffer;
-    type?: any;
-    passphrase?: any;
-};
-export declare function parsePublicKeyEncoding(enc: {
-    key: any;
-    encoding?: string;
-    format?: string;
-    cipher?: string;
-    passphrase?: string;
-}, keyType: string | undefined, objName?: string): {
-    format: KFormatType;
-    type: KeyEncoding | undefined;
-    cipher: string | undefined;
-    passphrase: ArrayBuffer | undefined;
-};
-export declare function parsePrivateKeyEncoding(enc: {
-    key: any;
-    encoding?: string;
-    format?: string;
-    cipher?: string;
-    passphrase?: string;
-}, keyType: string | undefined, objName?: string): {
-    format: KFormatType;
-    type: KeyEncoding | undefined;
-    cipher: string | undefined;
-    passphrase: ArrayBuffer | undefined;
-};
-export {};

package/lib/typescript/pbkdf2.d.ts

@@ -1,9 +0,0 @@
-import { Buffer } from '@craftzdog/react-native-buffer';
-import { BinaryLike } from './Utils';
-declare type Password = BinaryLike;
-declare type Salt = BinaryLike;
-declare type Pbkdf2Callback = (err: Error | null, derivedKey?: Buffer) => void;
-export declare function pbkdf2(password: Password, salt: Salt, iterations: number, keylen: number, digest: string, callback: Pbkdf2Callback): void;
-export declare function pbkdf2(password: Password, salt: Salt, iterations: number, keylen: number, callback: Pbkdf2Callback): void;
-export declare function pbkdf2Sync(password: Password, salt: Salt, iterations: number, keylen: number, digest?: string): Buffer;
-export {};

package/src/@types/stream-browserify.d.ts

@@ -1,4 +0,0 @@
-declare module 'stream-browserify' {
-  import Stream from 'stream';
-  export = Stream;
-}