react-native-quick-crypto 0.7.0-rc.9 → 0.7.0

package/src/Cipher.ts

@@ -14,7 +14,7 @@ import {
   validateInt32,
   type BinaryLikeNode,
 } from './Utils';
-import { type InternalCipher, RSAKeyVariant } from './NativeQuickCrypto/Cipher';
+import { type InternalCipher, KeyVariant } from './NativeQuickCrypto/Cipher';
 import type {
   CipherCCMOptions,
   CipherCCMTypes,
@@ -34,11 +34,21 @@ import { Buffer } from '@craftzdog/react-native-buffer';
 import { Buffer as SBuffer } from 'safe-buffer';
 import { constants } from './constants';
 import {
+  CryptoKey,
   parsePrivateKeyEncoding,
   parsePublicKeyEncoding,
   preparePrivateKey,
   preparePublicOrPrivateKey,
+  type CryptoKeyPair,
+  type KeyPairType,
+  type NamedCurve,
 } from './keys';
+import type { KeyObjectHandle } from './NativeQuickCrypto/webcrypto';
+
+export enum ECCurve {
+  OPENSSL_EC_EXPLICIT_CURVE,
+  OPENSSL_EC_NAMED_CURVE,
+}
 
 // make sure that nextTick is there
 global.process.nextTick = setImmediate;
@@ -428,8 +438,8 @@ export const privateDecrypt = rsaFunctionFor(
 //   \__, |\___|_| |_|\___|_|  \__,_|\__\___|_|\_\___|\__, |_|   \__,_|_|_|
 //    __/ |                                            __/ |
 //   |___/                                            |___/
-type GenerateKeyPairOptions = {
-  modulusLength: number; // Key size in bits (RSA, DSA).
+export type GenerateKeyPairOptions = {
+  modulusLength?: number; // Key size in bits (RSA, DSA).
   publicExponent?: number; // Public exponent (RSA). Default: 0x10001.
   hashAlgorithm?: string; // Name of the message digest (RSA-PSS).
   mgf1HashAlgorithm?: string; // string Name of the message digest used by MGF1 (RSA-PSS).
@@ -446,11 +456,27 @@ type GenerateKeyPairOptions = {
   hash?: any;
   mgf1Hash?: any;
 };
-type GenerateKeyPairCallback = (
-  error: unknown | null,
-  publicKey?: Buffer,
-  privateKey?: Buffer
-) => void;
+
+export type KeyPairKey = Buffer | KeyObjectHandle | CryptoKey | undefined;
+
+export type GenerateKeyPairReturn = [
+  error?: Error,
+  privateKey?: KeyPairKey,
+  publicKey?: KeyPairKey,
+];
+
+export type GenerateKeyPairCallback = (
+  error?: Error,
+  publicKey?: KeyPairKey,
+  privateKey?: KeyPairKey
+) => GenerateKeyPairReturn | void;
+
+export type KeyPair = {
+  publicKey?: KeyPairKey;
+  privateKey?: KeyPairKey;
+};
+
+export type GenerateKeyPairPromiseReturn = [error?: Error, keypair?: KeyPair];
 
 function parseKeyEncoding(
   keyType: string,
@@ -505,14 +531,15 @@ function parseKeyEncoding(
   ];
 }
 
+/** On node a very complex "job" chain is created, we are going for a far simpler approach and calling
+ *  an internal function that basically executes the same byte shuffling on the native side
+ */
 function internalGenerateKeyPair(
   isAsync: boolean,
-  type: string,
+  type: KeyPairType,
   options: GenerateKeyPairOptions | undefined,
-  callback: GenerateKeyPairCallback | undefined
-) {
-  // On node a very complex "job" chain is created, we are going for a far simpler approach and calling
-  // an internal function that basically executes the same byte shuffling on the native side
+  callback?: GenerateKeyPairCallback
+): GenerateKeyPairReturn | void {
   const encoding = parseKeyEncoding(type, options);
 
   // if (options !== undefined)
@@ -520,11 +547,11 @@ function internalGenerateKeyPair(
 
   switch (type) {
     case 'rsa-pss':
-    case 'rsa': {
+    // fallthrough
+    case 'rsa':
       validateObject<GenerateKeyPairOptions>(options, 'options');
       const { modulusLength } = options!;
-      validateUint32(modulusLength, 'options.modulusLength');
-
+      validateUint32(modulusLength as number, 'options.modulusLength');
       let { publicExponent } = options!;
       if (publicExponent == null) {
         publicExponent = 0x10001;
@@ -535,37 +562,36 @@ function internalGenerateKeyPair(
       if (type === 'rsa') {
         if (isAsync) {
           NativeQuickCrypto.generateKeyPair(
-            RSAKeyVariant.kKeyVariantRSA_SSA_PKCS1_v1_5,
-            modulusLength,
+            KeyVariant.RSA_SSA_PKCS1_v1_5,
+            modulusLength as number,
             publicExponent,
             ...encoding
           )
             .then(([err, publicKey, privateKey]) => {
-              if (typeof publicKey === 'object') {
+              if (publicKey instanceof Buffer) {
                 publicKey = Buffer.from(publicKey);
               }
-              if (typeof privateKey === 'object') {
+              if (privateKey instanceof Buffer) {
                 privateKey = Buffer.from(privateKey);
               }
-              callback?.(err, publicKey, privateKey);
+              callback!(err, publicKey, privateKey);
             })
             .catch((err) => {
-              callback?.(err, undefined, undefined);
+              callback!(err, undefined, undefined);
             });
-          return;
         } else {
           let [err, publicKey, privateKey] =
             NativeQuickCrypto.generateKeyPairSync(
-              RSAKeyVariant.kKeyVariantRSA_SSA_PKCS1_v1_5,
-              modulusLength,
+              KeyVariant.RSA_SSA_PKCS1_v1_5,
+              modulusLength as number,
               publicExponent,
               ...encoding
             );
 
-          if (typeof publicKey === 'object') {
+          if (publicKey instanceof Buffer) {
             publicKey = Buffer.from(publicKey);
           }
-          if (typeof privateKey === 'object') {
+          if (privateKey instanceof Buffer) {
             privateKey = Buffer.from(privateKey);
           }
 
@@ -609,15 +635,15 @@ function internalGenerateKeyPair(
       }
 
       return NativeQuickCrypto.generateKeyPairSync(
-        RSAKeyVariant.kKeyVariantRSA_PSS,
-        modulusLength,
+        KeyVariant.RSA_PSS,
+        modulusLength as number,
         publicExponent,
         hashAlgorithm || hash,
         mgf1HashAlgorithm || mgf1Hash,
         saltLength,
         ...encoding
       );
-    }
+
     // case 'dsa': {
     //   validateObject(options, 'options');
     //   const { modulusLength } = options!;
@@ -634,21 +660,57 @@ function internalGenerateKeyPair(
     //   //   divisorLength,
     //   //   ...encoding);
     // }
-    // case 'ec': {
-    //   validateObject(options, 'options');
-    //   const { namedCurve } = options!;
-    //   validateString(namedCurve, 'options.namedCurve');
-    //   let { paramEncoding } = options!;
-    //   if (paramEncoding == null || paramEncoding === 'named')
-    //     paramEncoding = OPENSSL_EC_NAMED_CURVE;
-    //   else if (paramEncoding === 'explicit')
-    //     paramEncoding = OPENSSL_EC_EXPLICIT_CURVE;
-    //   else
-    //   throw new Error(`Invalid Argument options.paramEncoding ${paramEncoding}`);
-    //     // throw new ERR_INVALID_ARG_VALUE('options.paramEncoding', paramEncoding);
-
-    //   // return new EcKeyPairGenJob(mode, namedCurve, paramEncoding, ...encoding);
-    // }
+
+    case 'ec':
+      validateObject<GenerateKeyPairOptions>(options, 'options');
+      const { namedCurve } = options!;
+      validateString(namedCurve, 'options.namedCurve');
+      let paramEncodingFlag = ECCurve.OPENSSL_EC_NAMED_CURVE;
+      const { paramEncoding } = options!;
+      if (paramEncoding == null || paramEncoding === 'named')
+        paramEncodingFlag = ECCurve.OPENSSL_EC_NAMED_CURVE;
+      else if (paramEncoding === 'explicit')
+        paramEncodingFlag = ECCurve.OPENSSL_EC_EXPLICIT_CURVE;
+      else
+        throw new Error(
+          `Invalid Argument options.paramEncoding ${paramEncoding}`
+        );
+
+      if (isAsync) {
+        NativeQuickCrypto.generateKeyPair(
+          KeyVariant.EC,
+          namedCurve as NamedCurve,
+          paramEncodingFlag,
+          ...encoding
+        )
+          .then(([err, publicKey, privateKey]) => {
+            if (publicKey instanceof Buffer) {
+              publicKey = Buffer.from(publicKey);
+            }
+            if (privateKey instanceof Buffer) {
+              privateKey = Buffer.from(privateKey);
+            }
+            callback?.(err, publicKey, privateKey);
+          })
+          .catch((err) => {
+            callback?.(err, undefined, undefined);
+          });
+      }
+
+      let [err, publicKey, privateKey] = NativeQuickCrypto.generateKeyPairSync(
+        KeyVariant.EC,
+        namedCurve as NamedCurve,
+        paramEncodingFlag,
+        ...encoding
+      );
+      if (publicKey instanceof Buffer) {
+        publicKey = Buffer.from(publicKey);
+      }
+      if (privateKey instanceof Buffer) {
+        privateKey = Buffer.from(privateKey);
+      }
+      return [err, publicKey, privateKey];
+
     // case 'ed25519':
     // case 'ed448':
     // case 'x25519':
@@ -712,48 +774,50 @@ function internalGenerateKeyPair(
     default:
     // Fall through
   }
-  throw new Error(
-    `Invalid Argument options: ${type} scheme not supported. Currently not all encryption methods are supported in quick-crypto!`
-  );
+  const err = new Error(`
+      Invalid Argument options: '${type}' scheme not supported for generateKey().
+      Currently not all encryption methods are supported in quick-crypto.  Check
+      implementation_coverage.md for status.
+    `);
+  return [err, undefined, undefined];
 }
 
-// TODO(osp) put correct types (e.g. type -> 'rsa', etc..)
-export function generateKeyPair(
-  type: string,
-  callback: GenerateKeyPairCallback
-): void;
-export function generateKeyPair(
-  type: string,
+export const generateKeyPair = (
+  type: KeyPairType,
   options: GenerateKeyPairOptions,
   callback: GenerateKeyPairCallback
-): void;
-export function generateKeyPair(
-  type: string,
-  options?: GenerateKeyPairCallback | GenerateKeyPairOptions,
-  callback?: GenerateKeyPairCallback
-) {
-  if (typeof options === 'function') {
-    callback = options;
-    options = undefined;
-  }
-
+): void => {
   validateFunction(callback);
-
   internalGenerateKeyPair(true, type, options, callback);
-}
+};
 
-export function generateKeyPairSync(type: string): {
-  publicKey: any;
-  privateKey: any;
+// Promisify generateKeyPair
+// (attempted to use util.promisify, to no avail)
+export const generateKeyPairPromise = (
+  type: KeyPairType,
+  options: GenerateKeyPairOptions
+): Promise<GenerateKeyPairPromiseReturn> => {
+  return new Promise((resolve, reject) => {
+    generateKeyPair(type, options, (err, publicKey, privateKey) => {
+      if (err) {
+        reject([err, undefined]);
+      } else {
+        resolve([undefined, { publicKey, privateKey }]);
+      }
+    });
+  });
 };
+
+// generateKeyPairSync
+export function generateKeyPairSync(type: KeyPairType): CryptoKeyPair;
 export function generateKeyPairSync(
-  type: string,
+  type: KeyPairType,
   options: GenerateKeyPairOptions
-): { publicKey: any; privateKey: any };
+): CryptoKeyPair;
 export function generateKeyPairSync(
-  type: string,
+  type: KeyPairType,
   options?: GenerateKeyPairOptions
-): { publicKey: any; privateKey: any } {
+): CryptoKeyPair {
   const [_, publicKey, privateKey] = internalGenerateKeyPair(
     false,
     type,

package/src/NativeQuickCrypto/Cipher.ts

@@ -1,12 +1,16 @@
+import type { GenerateKeyPairReturn } from '../Cipher';
 import type { BinaryLike } from '../Utils';
 import type { Buffer } from '@craftzdog/react-native-buffer';
 
-// TODO(osp) on node this is defined on the native side
-// Need to do the same so that values are always in sync
-export enum RSAKeyVariant {
-  kKeyVariantRSA_SSA_PKCS1_v1_5,
-  kKeyVariantRSA_PSS,
-  kKeyVariantRSA_OAEP,
+// TODO: until shared, keep in sync with C++ side (cpp/Utils/MGLUtils.h)
+export enum KeyVariant {
+  RSA_SSA_PKCS1_v1_5,
+  RSA_PSS,
+  RSA_OAEP,
+  DSA,
+  EC,
+  NID,
+  DH,
 }
 
 export type InternalCipher = {
@@ -56,15 +60,11 @@ export type PrivateDecryptMethod = (
 ) => Buffer;
 
 export type GenerateKeyPairMethod = (
-  keyVariant: RSAKeyVariant,
-  modulusLength: number,
-  publicExponent: number,
+  keyVariant: KeyVariant,
   ...rest: any[]
-) => Promise<[error: unknown, publicBuffer: any, privateBuffer: any]>;
+) => Promise<GenerateKeyPairReturn>;
 
 export type GenerateKeyPairSyncMethod = (
-  keyVariant: RSAKeyVariant,
-  modulusLength: number,
-  publicExponent: number,
+  keyVariant: KeyVariant,
   ...rest: any[]
-) => [error: unknown, publicBuffer: any, privateBuffer: any];
+) => GenerateKeyPairReturn;

package/src/NativeQuickCrypto/sig.ts

@@ -1,4 +1,7 @@
 // TODO Add real types to sign/verify, the problem is that because of encryption schemes
+
+import type { KeyObjectHandle } from './webcrypto';
+
 // they will have variable amount of parameters
 export type InternalSign = {
   init: (algorithm: string) => void;
@@ -15,3 +18,27 @@ export type InternalVerify = {
 export type CreateSignMethod = () => InternalSign;
 
 export type CreateVerifyMethod = () => InternalVerify;
+
+export enum DSASigEnc {
+  kSigEncDER,
+  kSigEncP1363,
+}
+
+export enum SignMode {
+  kSignJobModeSign,
+  kSignJobModeVerify,
+}
+
+export type SignVerify = (
+  mode: SignMode,
+  handle: KeyObjectHandle,
+  unused1: undefined,
+  unused2: undefined,
+  unused3: undefined,
+  data: ArrayBuffer,
+  digest: string | undefined,
+  salt_length: number | undefined,
+  padding: number | undefined,
+  dsa_encoding: DSASigEnc | undefined,
+  signature: ArrayBuffer | undefined
+) => ArrayBuffer | boolean;

package/src/NativeQuickCrypto/webcrypto.ts

@@ -7,6 +7,7 @@ import type {
   KWebCryptoKeyFormat,
   NamedCurve,
 } from '../keys';
+import type { SignVerify } from './sig';
 
 type KeyDetail = {
   length?: number;
@@ -43,4 +44,5 @@ type CreateKeyObjectHandle = () => KeyObjectHandle;
 export type webcrypto = {
   ecExportKey: ECExportKey;
   createKeyObjectHandle: CreateKeyObjectHandle;
+  signVerify: SignVerify;
 };

package/src/Utils.ts

@@ -508,6 +508,8 @@ export const normalizeAlgorithm = (
 
   // 4.
   let algName = algorithm.name;
+  // @ts-expect-error
+  if (algName === undefined) return { name: undefined };
 
   // 5.
   let desiredType: string | null | undefined;
@@ -600,6 +602,16 @@ export const validateByteLength = (
   }
 };
 
+export const getUsagesUnion = (usageSet: KeyUsage[], ...usages: KeyUsage[]) => {
+  const newset: KeyUsage[] = [];
+  for (let n = 0; n < usages.length; n++) {
+    if (!usages[n] || usages[n] === undefined) continue;
+    if (usageSet.includes(usages[n] as KeyUsage))
+      newset.push(usages[n] as KeyUsage);
+  }
+  return newset;
+};
+
 const kKeyOps: {
   [key in KeyUsage]: number;
 } = {

package/src/ec.ts

@@ -1,4 +1,6 @@
+import { generateKeyPairPromise, type GenerateKeyPairOptions } from './Cipher';
 import { NativeQuickCrypto } from './NativeQuickCrypto/NativeQuickCrypto';
+import { DSASigEnc, SignMode } from './NativeQuickCrypto/sig';
 import {
   bufferLikeToArrayBuffer,
   type BufferLike,
@@ -8,6 +10,8 @@ import {
   validateKeyOps,
   hasAnyNotIn,
   ab2str,
+  getUsagesUnion,
+  normalizeHashName,
 } from './Utils';
 import {
   type ImportFormat,
@@ -22,7 +26,9 @@ import {
   type AnyAlgorithm,
   PrivateKeyObject,
   KeyType,
+  type CryptoKeyPair,
 } from './keys';
+import type { KeyObjectHandle } from './NativeQuickCrypto/webcrypto';
 
 // const {
 //   ArrayPrototypeIncludes,
@@ -114,71 +120,6 @@ function createECPublicKeyRaw(
   return new PublicKeyObject(handle);
 }
 
-// async function ecGenerateKey(algorithm, extractable, keyUsages) {
-//   const { name, namedCurve } = algorithm;
-
-//   if (!ArrayPrototypeIncludes(ObjectKeys(kNamedCurveAliases), namedCurve)) {
-//     throw lazyDOMException(
-//       'Unrecognized namedCurve',
-//       'NotSupportedError');
-//   }
-
-//   const usageSet = new SafeSet(keyUsages);
-//   switch (name) {
-//     case 'ECDSA':
-//       if (hasAnyNotIn(usageSet, ['sign', 'verify'])) {
-//         throw lazyDOMException(
-//           'Unsupported key usage for an ECDSA key',
-//           'SyntaxError');
-//       }
-//       break;
-//     case 'ECDH':
-//       if (hasAnyNotIn(usageSet, ['deriveKey', 'deriveBits'])) {
-//         throw lazyDOMException(
-//           'Unsupported key usage for an ECDH key',
-//           'SyntaxError');
-//       }
-//       // Fall through
-//   }
-
-//   const keypair = await generateKeyPair('ec', { namedCurve }).catch((err) => {
-//     throw lazyDOMException(
-//       'The operation failed for an operation-specific reason',
-//       { name: 'OperationError', cause: err });
-//   });
-
-//   let publicUsages;
-//   let privateUsages;
-//   switch (name) {
-//     case 'ECDSA':
-//       publicUsages = getUsagesUnion(usageSet, 'verify');
-//       privateUsages = getUsagesUnion(usageSet, 'sign');
-//       break;
-//     case 'ECDH':
-//       publicUsages = [];
-//       privateUsages = getUsagesUnion(usageSet, 'deriveKey', 'deriveBits');
-//       break;
-//   }
-
-//   const keyAlgorithm = { name, namedCurve };
-
-//   const publicKey =
-//     new InternalCryptoKey(
-//       keypair.publicKey,
-//       keyAlgorithm,
-//       publicUsages,
-//       true);
-
-//   const privateKey =
-//     new InternalCryptoKey(
-//       keypair.privateKey,
-//       keyAlgorithm,
-//       privateUsages,
-//       extractable);
-
-//   return { __proto__: null, publicKey, privateKey };
-// }
-
 export function ecExportKey(
   key: CryptoKey,
   format: KWebCryptoKeyFormat
@@ -310,8 +251,8 @@ export function ecImportKey(
     case 'ECDSA':
     // Fall through
     case 'ECDH':
-      // if (keyObject.asymmetricKeyType !== 'ec')
-      //   throw new Error('Invalid key type');
+      if (keyObject.asymmetricKeyType !== 'ec')
+        throw new Error('Invalid key type');
       break;
   }
 
@@ -326,26 +267,109 @@ export function ecImportKey(
   return new CryptoKey(keyObject, { name, namedCurve }, keyUsages, extractable);
 }
 
-// function ecdsaSignVerify(key, data, { name, hash }, signature) {
-//   const mode = signature === undefined ? kSignJobModeSign : kSignJobModeVerify;
-//   const type = mode === kSignJobModeSign ? 'private' : 'public';
-
-//   if (key.type !== type)
-//     throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');
-
-//   const hashname = normalizeHashName(hash.name);
-
-//   return jobPromise(() => new SignJob(
-//     kCryptoJobAsync,
-//     mode,
-//     key[kKeyObject][kHandle],
-//     undefined,
-//     undefined,
-//     undefined,
-//     data,
-//     hashname,
-//     undefined,  // Salt length, not used with ECDSA
-//     undefined,  // PSS Padding, not used with ECDSA
-//     kSigEncP1363,
-//     signature));
-// }
+export const ecdsaSignVerify = (
+  key: CryptoKey,
+  data: BufferLike,
+  { hash }: SubtleAlgorithm,
+  signature?: BufferLike
+) => {
+  const mode: SignMode =
+    signature === undefined
+      ? SignMode.kSignJobModeSign
+      : SignMode.kSignJobModeVerify;
+  const type = mode === SignMode.kSignJobModeSign ? 'private' : 'public';
+
+  if (key.type !== type)
+    throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');
+
+  const hashname = normalizeHashName(hash);
+
+  return NativeQuickCrypto.webcrypto.signVerify(
+    mode,
+    key.keyObject.handle,
+    // three undefined args because C++ uses `GetPublicOrPrivateKeyFromJs` & friends
+    undefined,
+    undefined,
+    undefined,
+    bufferLikeToArrayBuffer(data),
+    hashname,
+    undefined, // salt length, not used with ECDSA
+    undefined, // pss padding, not used with ECDSA
+    DSASigEnc.kSigEncP1363,
+    bufferLikeToArrayBuffer(signature || new ArrayBuffer(0))
+  );
+};
+
+export const ecGenerateKey = async (
+  algorithm: SubtleAlgorithm,
+  extractable: boolean,
+  keyUsages: KeyUsage[]
+): Promise<CryptoKeyPair> => {
+  const { name, namedCurve } = algorithm;
+
+  if (!Object.keys(kNamedCurveAliases).includes(namedCurve || '')) {
+    throw lazyDOMException(
+      `Unrecognized namedCurve '${namedCurve}'`,
+      'NotSupportedError'
+    );
+  }
+
+  // const usageSet = new SafeSet(keyUsages);
+  switch (name) {
+    case 'ECDSA':
+      const checkUsages = ['sign', 'verify'];
+      if (hasAnyNotIn(keyUsages, checkUsages)) {
+        throw lazyDOMException(
+          'Unsupported key usage for an ECDSA key',
+          'SyntaxError'
+        );
+      }
+      break;
+    case 'ECDH':
+      if (hasAnyNotIn(keyUsages, ['deriveKey', 'deriveBits'])) {
+        throw lazyDOMException(
+          'Unsupported key usage for an ECDH key',
+          'SyntaxError'
+        );
+      }
+    // Fall through
+  }
+
+  const options: GenerateKeyPairOptions = { namedCurve };
+  const [err, keypair] = await generateKeyPairPromise('ec', options);
+
+  if (err) {
+    throw lazyDOMException('ecGenerateKey (generateKeyPairPromise) failed', {
+      name: 'OperationError',
+      cause: err,
+    });
+  }
+
+  let publicUsages: KeyUsage[] = [];
+  let privateUsages: KeyUsage[] = [];
+  switch (name) {
+    case 'ECDSA':
+      publicUsages = getUsagesUnion(keyUsages, 'verify');
+      privateUsages = getUsagesUnion(keyUsages, 'sign');
+      break;
+    case 'ECDH':
+      publicUsages = [];
+      privateUsages = getUsagesUnion(keyUsages, 'deriveKey', 'deriveBits');
+      break;
+  }
+
+  const keyAlgorithm = { name, namedCurve };
+
+  const pub = new PublicKeyObject(keypair?.publicKey as KeyObjectHandle);
+  const publicKey = new CryptoKey(pub, keyAlgorithm, publicUsages, true);
+
+  const priv = new PrivateKeyObject(keypair?.privateKey as KeyObjectHandle);
+  const privateKey = new CryptoKey(
+    priv,
+    keyAlgorithm,
+    privateUsages,
+    extractable
+  );
+
+  return { publicKey, privateKey };
+};