react-native-quick-crypto 0.7.0-rc.8 → 0.7.0

package/src/ec.ts

@@ -1,4 +1,6 @@
+import { generateKeyPairPromise, type GenerateKeyPairOptions } from './Cipher';
 import { NativeQuickCrypto } from './NativeQuickCrypto/NativeQuickCrypto';
+import { DSASigEnc, SignMode } from './NativeQuickCrypto/sig';
 import {
   bufferLikeToArrayBuffer,
   type BufferLike,
@@ -8,6 +10,8 @@ import {
   validateKeyOps,
   hasAnyNotIn,
   ab2str,
+  getUsagesUnion,
+  normalizeHashName,
 } from './Utils';
 import {
   type ImportFormat,
@@ -22,7 +26,9 @@ import {
   type AnyAlgorithm,
   PrivateKeyObject,
   KeyType,
+  type CryptoKeyPair,
 } from './keys';
+import type { KeyObjectHandle } from './NativeQuickCrypto/webcrypto';
 
 // const {
 //   ArrayPrototypeIncludes,
@@ -114,71 +120,6 @@ function createECPublicKeyRaw(
   return new PublicKeyObject(handle);
 }
 
-// async function ecGenerateKey(algorithm, extractable, keyUsages) {
-//   const { name, namedCurve } = algorithm;
-
-//   if (!ArrayPrototypeIncludes(ObjectKeys(kNamedCurveAliases), namedCurve)) {
-//     throw lazyDOMException(
-//       'Unrecognized namedCurve',
-//       'NotSupportedError');
-//   }
-
-//   const usageSet = new SafeSet(keyUsages);
-//   switch (name) {
-//     case 'ECDSA':
-//       if (hasAnyNotIn(usageSet, ['sign', 'verify'])) {
-//         throw lazyDOMException(
-//           'Unsupported key usage for an ECDSA key',
-//           'SyntaxError');
-//       }
-//       break;
-//     case 'ECDH':
-//       if (hasAnyNotIn(usageSet, ['deriveKey', 'deriveBits'])) {
-//         throw lazyDOMException(
-//           'Unsupported key usage for an ECDH key',
-//           'SyntaxError');
-//       }
-//       // Fall through
-//   }
-
-//   const keypair = await generateKeyPair('ec', { namedCurve }).catch((err) => {
-//     throw lazyDOMException(
-//       'The operation failed for an operation-specific reason',
-//       { name: 'OperationError', cause: err });
-//   });
-
-//   let publicUsages;
-//   let privateUsages;
-//   switch (name) {
-//     case 'ECDSA':
-//       publicUsages = getUsagesUnion(usageSet, 'verify');
-//       privateUsages = getUsagesUnion(usageSet, 'sign');
-//       break;
-//     case 'ECDH':
-//       publicUsages = [];
-//       privateUsages = getUsagesUnion(usageSet, 'deriveKey', 'deriveBits');
-//       break;
-//   }
-
-//   const keyAlgorithm = { name, namedCurve };
-
-//   const publicKey =
-//     new InternalCryptoKey(
-//       keypair.publicKey,
-//       keyAlgorithm,
-//       publicUsages,
-//       true);
-
-//   const privateKey =
-//     new InternalCryptoKey(
-//       keypair.privateKey,
-//       keyAlgorithm,
-//       privateUsages,
-//       extractable);
-
-//   return { __proto__: null, publicKey, privateKey };
-// }
-
 export function ecExportKey(
   key: CryptoKey,
   format: KWebCryptoKeyFormat
@@ -310,8 +251,8 @@ export function ecImportKey(
     case 'ECDSA':
     // Fall through
     case 'ECDH':
-      // if (keyObject.asymmetricKeyType !== 'ec')
-      //   throw new Error('Invalid key type');
+      if (keyObject.asymmetricKeyType !== 'ec')
+        throw new Error('Invalid key type');
       break;
   }
 
@@ -326,26 +267,109 @@ export function ecImportKey(
   return new CryptoKey(keyObject, { name, namedCurve }, keyUsages, extractable);
 }
 
-// function ecdsaSignVerify(key, data, { name, hash }, signature) {
-//   const mode = signature === undefined ? kSignJobModeSign : kSignJobModeVerify;
-//   const type = mode === kSignJobModeSign ? 'private' : 'public';
-
-//   if (key.type !== type)
-//     throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');
-
-//   const hashname = normalizeHashName(hash.name);
-
-//   return jobPromise(() => new SignJob(
-//     kCryptoJobAsync,
-//     mode,
-//     key[kKeyObject][kHandle],
-//     undefined,
-//     undefined,
-//     undefined,
-//     data,
-//     hashname,
-//     undefined,  // Salt length, not used with ECDSA
-//     undefined,  // PSS Padding, not used with ECDSA
-//     kSigEncP1363,
-//     signature));
-// }
+export const ecdsaSignVerify = (
+  key: CryptoKey,
+  data: BufferLike,
+  { hash }: SubtleAlgorithm,
+  signature?: BufferLike
+) => {
+  const mode: SignMode =
+    signature === undefined
+      ? SignMode.kSignJobModeSign
+      : SignMode.kSignJobModeVerify;
+  const type = mode === SignMode.kSignJobModeSign ? 'private' : 'public';
+
+  if (key.type !== type)
+    throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');
+
+  const hashname = normalizeHashName(hash);
+
+  return NativeQuickCrypto.webcrypto.signVerify(
+    mode,
+    key.keyObject.handle,
+    // three undefined args because C++ uses `GetPublicOrPrivateKeyFromJs` & friends
+    undefined,
+    undefined,
+    undefined,
+    bufferLikeToArrayBuffer(data),
+    hashname,
+    undefined, // salt length, not used with ECDSA
+    undefined, // pss padding, not used with ECDSA
+    DSASigEnc.kSigEncP1363,
+    bufferLikeToArrayBuffer(signature || new ArrayBuffer(0))
+  );
+};
+
+export const ecGenerateKey = async (
+  algorithm: SubtleAlgorithm,
+  extractable: boolean,
+  keyUsages: KeyUsage[]
+): Promise<CryptoKeyPair> => {
+  const { name, namedCurve } = algorithm;
+
+  if (!Object.keys(kNamedCurveAliases).includes(namedCurve || '')) {
+    throw lazyDOMException(
+      `Unrecognized namedCurve '${namedCurve}'`,
+      'NotSupportedError'
+    );
+  }
+
+  // const usageSet = new SafeSet(keyUsages);
+  switch (name) {
+    case 'ECDSA':
+      const checkUsages = ['sign', 'verify'];
+      if (hasAnyNotIn(keyUsages, checkUsages)) {
+        throw lazyDOMException(
+          'Unsupported key usage for an ECDSA key',
+          'SyntaxError'
+        );
+      }
+      break;
+    case 'ECDH':
+      if (hasAnyNotIn(keyUsages, ['deriveKey', 'deriveBits'])) {
+        throw lazyDOMException(
+          'Unsupported key usage for an ECDH key',
+          'SyntaxError'
+        );
+      }
+    // Fall through
+  }
+
+  const options: GenerateKeyPairOptions = { namedCurve };
+  const [err, keypair] = await generateKeyPairPromise('ec', options);
+
+  if (err) {
+    throw lazyDOMException('ecGenerateKey (generateKeyPairPromise) failed', {
+      name: 'OperationError',
+      cause: err,
+    });
+  }
+
+  let publicUsages: KeyUsage[] = [];
+  let privateUsages: KeyUsage[] = [];
+  switch (name) {
+    case 'ECDSA':
+      publicUsages = getUsagesUnion(keyUsages, 'verify');
+      privateUsages = getUsagesUnion(keyUsages, 'sign');
+      break;
+    case 'ECDH':
+      publicUsages = [];
+      privateUsages = getUsagesUnion(keyUsages, 'deriveKey', 'deriveBits');
+      break;
+  }
+
+  const keyAlgorithm = { name, namedCurve };
+
+  const pub = new PublicKeyObject(keypair?.publicKey as KeyObjectHandle);
+  const publicKey = new CryptoKey(pub, keyAlgorithm, publicUsages, true);
+
+  const priv = new PrivateKeyObject(keypair?.privateKey as KeyObjectHandle);
+  const privateKey = new CryptoKey(
+    priv,
+    keyAlgorithm,
+    privateUsages,
+    extractable
+  );
+
+  return { publicKey, privateKey };
+};

package/src/keys.ts

@@ -5,6 +5,7 @@ import {
 } from './Utils';
 import type { KeyObjectHandle } from './NativeQuickCrypto/webcrypto';
 import { NativeQuickCrypto } from './NativeQuickCrypto/NativeQuickCrypto';
+import type { KeyPairKey } from './Cipher';
 
 export const kNamedCurveAliases = {
   'P-256': 'prime256v1',
@@ -28,16 +29,16 @@ export type AnyAlgorithm =
 
 export type HashAlgorithm = 'SHA-1' | 'SHA-256' | 'SHA-384' | 'SHA-512';
 
+export type KeyPairType = 'rsa' | 'rsa-pss' | 'ec';
+
+export type RSAKeyPairAlgorithm = 'RSASSA-PKCS1-v1_5' | 'RSA-PSS' | 'RSA-OAEP';
+export type ECKeyPairAlgorithm = 'ECDSA' | 'ECDH';
+export type CFRGKeyPairAlgorithm = 'Ed25519' | 'Ed448' | 'X25519' | 'X448';
+
 export type KeyPairAlgorithm =
-  | 'ECDSA'
-  | 'ECDH'
-  | 'Ed25519'
-  | 'Ed448'
-  | 'RSASSA-PKCS1-v1_5'
-  | 'RSA-PSS'
-  | 'RSA-OAEP'
-  | 'X25519'
-  | 'X448';
+  | RSAKeyPairAlgorithm
+  | ECKeyPairAlgorithm
+  | CFRGKeyPairAlgorithm;
 
 export type SecretKeyAlgorithm =
   | 'HMAC'
@@ -175,6 +176,11 @@ const encodingNames = {
   [KeyEncoding.kKeyEncodingSEC1]: 'sec1',
 };
 
+export type CryptoKeyPair = {
+  publicKey: KeyPairKey;
+  privateKey: KeyPairKey;
+};
+
 function option(name: string, objName: string | undefined) {
   return objName === undefined
     ? `options.${name}`
@@ -417,40 +423,41 @@ export function parsePrivateKeyEncoding(
 }
 
 function prepareSecretKey(
-  key: ArrayBuffer | KeyObject | CryptoKey | string,
+  key: BinaryLike,
   encoding?: string,
   bufferOnly = false
 ): any {
-  if (!bufferOnly) {
-    // TODO: maybe use `key.constructor.name === 'KeyObject'` ?
-    if (key instanceof KeyObject) {
-      if (key.type !== 'secret')
-        throw new Error(
-          `invalid KeyObject type: ${key.type}, expected 'secret'`
-        );
-      return key.handle;
-    }
-    // TODO: maybe use `key.constructor.name === 'CryptoKey'` ?
-    else if (key instanceof CryptoKey) {
-      if (key.type !== 'secret')
-        throw new Error(
-          `invalid CryptoKey type: ${key.type}, expected 'secret'`
-        );
-      return key.keyObject.handle;
+  try {
+    if (!bufferOnly) {
+      // TODO: maybe use `key.constructor.name === 'KeyObject'` ?
+      if (key instanceof KeyObject) {
+        if (key.type !== 'secret')
+          throw new Error(
+            `invalid KeyObject type: ${key.type}, expected 'secret'`
+          );
+        return key.handle;
+      }
+      // TODO: maybe use `key.constructor.name === 'CryptoKey'` ?
+      else if (key instanceof CryptoKey) {
+        if (key.type !== 'secret')
+          throw new Error(
+            `invalid CryptoKey type: ${key.type}, expected 'secret'`
+          );
+        return key.keyObject.handle;
+      }
     }
-  }
 
-  if (key instanceof ArrayBuffer) {
-    return key;
-  }
+    if (key instanceof ArrayBuffer) {
+      return key;
+    }
 
-  if (typeof key === 'string') {
     return binaryLikeToArrayBuffer(key, encoding);
+  } catch (error) {
+    throw new Error(
+      'Invalid argument type for "key". Need ArrayBuffer, TypedArray, KeyObject, CryptoKey, string',
+      { cause: error }
+    );
   }
-
-  throw new Error(
-    'Invalid argument type for "key". Need ArrayBuffer, KeyObject, CryptoKey, string'
-  );
 }
 
 export function createSecretKey(key: any, encoding?: string) {
@@ -516,18 +523,6 @@ export class CryptoKey {
   }
 }
 
-// ObjectDefineProperties(CryptoKey.prototype, {
-//   type: kEnumerableProperty,
-//   extractable: kEnumerableProperty,
-//   algorithm: kEnumerableProperty,
-//   usages: kEnumerableProperty,
-//   [SymbolToStringTag]: {
-//     __proto__: null,
-//     configurable: true,
-//     value: 'CryptoKey',
-//   },
-// });
-
 class KeyObject {
   handle: KeyObjectHandle;
   type: 'public' | 'secret' | 'private' | 'unknown' = 'unknown';
@@ -568,14 +563,6 @@ class KeyObject {
   // }
 }
 
-// ObjectDefineProperties(KeyObject.prototype, {
-//   [SymbolToStringTag]: {
-//     __proto__: null,
-//     configurable: true,
-//     value: 'KeyObject',
-//   },
-// });
-
 export class SecretKeyObject extends KeyObject {
   constructor(handle: KeyObjectHandle) {
     super('secret', handle);
@@ -616,12 +603,17 @@ class AsymmetricKeyObject extends KeyObject {
     super(type, handle);
   }
 
+  private _asymmetricKeyType?: AsymmetricKeyType;
+
   get asymmetricKeyType(): AsymmetricKeyType {
-    return this.asymmetricKeyType || this.handle.getAsymmetricKeyType();
+    if (!this._asymmetricKeyType) {
+      this._asymmetricKeyType = this.handle.getAsymmetricKeyType();
+    }
+    return this._asymmetricKeyType;
   }
 
   // get asymmetricKeyDetails() {
-  //   switch (this.asymmetricKeyType) {
+  //   switch (this._asymmetricKeyType) {
   //     case 'rsa':
   //     case 'rsa-pss':
   //     case 'dsa':
@@ -676,3 +668,7 @@ export class PrivateKeyObject extends AsymmetricKeyObject {
     return this.handle.export(format, type, cipher, passphrase);
   }
 }
+
+export const isCryptoKey = (obj: any): boolean => {
+  return obj !== null && obj?.keyObject !== undefined;
+};

package/src/random.ts

@@ -1,18 +1,9 @@
 import { NativeQuickCrypto } from './NativeQuickCrypto/NativeQuickCrypto';
 import { Buffer } from '@craftzdog/react-native-buffer';
+import type { TypedArray } from './Utils';
 
 const random = NativeQuickCrypto.random;
 
-type TypedArray =
-  | Uint8Array
-  | Uint8ClampedArray
-  | Uint16Array
-  | Uint32Array
-  | Int8Array
-  | Int16Array
-  | Int32Array
-  | Float32Array
-  | Float64Array;
 type ArrayBufferView = TypedArray | DataView | ArrayBufferLike | Buffer;
 
 export function randomFill<T extends ArrayBufferView>(
@@ -266,7 +257,6 @@ function asyncRefillRandomIntCache() {
   });
 }
 
-// Really just the Web Crypto API alternative
 // to require('crypto').randomFillSync() with an
 // additional limitation that the input buffer is
 // not allowed to exceed 65536 bytes, and can only

package/src/subtle.ts

@@ -7,6 +7,7 @@ import {
   createSecretKey,
   type AnyAlgorithm,
   type JWK,
+  type CryptoKeyPair,
 } from './keys';
 import {
   hasAnyNotIn,
@@ -16,8 +17,9 @@ import {
   lazyDOMException,
   normalizeHashName,
   HashContext,
+  type Operation,
 } from './Utils';
-import { ecImportKey, ecExportKey } from './ec';
+import { ecImportKey, ecExportKey, ecGenerateKey, ecdsaSignVerify } from './ec';
 import { pbkdf2DeriveBits } from './pbkdf2';
 import { asyncDigest } from './Hash';
 import { aesImportKey, getAlgorithmName } from './aes';
@@ -202,6 +204,87 @@ const importGenericSecretKey = async (
   throw new Error(`Unable to import ${name} key with format ${format}`);
 };
 
+// const checkCryptoKeyUsages = (key: CryptoKey) => {
+//   if (
+//     (key.type === 'secret' || key.type === 'private') &&
+//     key.usages.length === 0
+//   ) {
+//     throw lazyDOMException(
+//       'Usages cannot be empty when creating a key.',
+//       'SyntaxError'
+//     );
+//   }
+// };
+
+const checkCryptoKeyPairUsages = (pair: CryptoKeyPair) => {
+  if (
+    !(pair.privateKey instanceof Buffer) &&
+    pair.privateKey &&
+    pair.privateKey.hasOwnProperty('keyUsages')
+  ) {
+    const priv = pair.privateKey as CryptoKey;
+    if (priv.usages.length > 0) {
+      return;
+    }
+  }
+  console.log(pair.privateKey);
+  throw lazyDOMException(
+    'Usages cannot be empty when creating a key.',
+    'SyntaxError'
+  );
+};
+
+const signVerify = (
+  algorithm: SubtleAlgorithm,
+  key: CryptoKey,
+  data: BufferLike,
+  signature?: BufferLike
+): ArrayBuffer | boolean => {
+  const usage: Operation = signature === undefined ? 'sign' : 'verify';
+  algorithm = normalizeAlgorithm(algorithm, usage);
+
+  if (!key.usages.includes(usage) || algorithm.name !== key.algorithm.name) {
+    throw lazyDOMException(
+      `Unable to use this key to ${usage}`,
+      'InvalidAccessError'
+    );
+  }
+
+  switch (algorithm.name) {
+    // case 'RSA-PSS':
+    // // Fall through
+    // case 'RSASSA-PKCS1-v1_5':
+    //   return require('internal/crypto/rsa').rsaSignVerify(
+    //     key,
+    //     data,
+    //     algorithm,
+    //     signature
+    //   );
+    case 'ECDSA':
+      return ecdsaSignVerify(key, data, algorithm, signature);
+    // case 'Ed25519':
+    // // Fall through
+    // case 'Ed448':
+    //   return require('internal/crypto/cfrg').eddsaSignVerify(
+    //     key,
+    //     data,
+    //     algorithm,
+    //     signature
+    //   );
+    // case 'HMAC':
+    //   return require('internal/crypto/mac').hmacSignVerify(
+    //     key,
+    //     data,
+    //     algorithm,
+    //     signature
+    //   );
+  }
+  throw lazyDOMException(
+    `Unrecognized algorithm name '${algorithm}' for '${usage}'`,
+    'NotSupportedError'
+  );
+};
+
 class Subtle {
   async digest(
     algorithm: SubtleAlgorithm | AnyAlgorithm,
@@ -360,6 +443,79 @@ class Subtle {
     }
     throw new Error(`'subtle.exportKey()' is not implemented for ${format}`);
   }
+
+  async generateKey(
+    algorithm: SubtleAlgorithm,
+    extractable: boolean,
+    keyUsages: KeyUsage[]
+  ): Promise<CryptoKey | CryptoKeyPair> {
+    algorithm = normalizeAlgorithm(algorithm, 'generateKey');
+    let result: CryptoKey | CryptoKeyPair;
+    switch (algorithm.name) {
+      // case 'RSASSA-PKCS1-v1_5':
+      // // Fall through
+      // case 'RSA-PSS':
+      // // Fall through
+      // case 'RSA-OAEP':
+      //   resultType = 'CryptoKeyPair';
+      //   result = await rsaKeyGenerate(algorithm, extractable, keyUsages);
+      //   break;
+      // case 'Ed25519':
+      // // Fall through
+      // case 'Ed448':
+      // // Fall through
+      // case 'X25519':
+      // // Fall through
+      // case 'X448':
+      //   resultType = 'CryptoKeyPair';
+      //   result = await cfrgGenerateKey(algorithm, extractable, keyUsages);
+      //   break;
+      case 'ECDSA':
+      // Fall through
+      case 'ECDH':
+        result = await ecGenerateKey(algorithm, extractable, keyUsages);
+        checkCryptoKeyPairUsages(result);
+        break;
+      // case 'HMAC':
+      //   resultType = 'CryptoKey';
+      //   result = await hmacGenerateKey(algorithm, extractable, keyUsages);
+      //   break;
+      // case 'AES-CTR':
+      // // Fall through
+      // case 'AES-CBC':
+      // // Fall through
+      // case 'AES-GCM':
+      // // Fall through
+      // case 'AES-KW':
+      //   resultType = 'CryptoKey';
+      //   result = await aesGenerateKey(algorithm, extractable, keyUsages);
+      //   break;
+      default:
+        throw new Error(
+          `'subtle.generateKey()' is not implemented for ${algorithm.name}.
+            Unrecognized algorithm name`
+        );
+    }
+
+    return result;
+  }
+
+  async sign(
+    algorithm: SubtleAlgorithm,
+    key: CryptoKey,
+    data: BufferLike
+  ): Promise<ArrayBuffer> {
+    return signVerify(algorithm, key, data) as ArrayBuffer;
+  }
+
+  async verify(
+    algorithm: SubtleAlgorithm,
+    key: CryptoKey,
+    signature: BufferLike,
+    data: BufferLike
+  ): Promise<ArrayBuffer> {
+    return signVerify(algorithm, key, data, signature) as ArrayBuffer;
+  }
 }
 
 export const subtle = new Subtle();