react-native-quick-crypto 0.7.0-rc.9 → 0.7.1

package/src/Cipher.ts

@@ -14,7 +14,7 @@ import {
   validateInt32,
   type BinaryLikeNode,
 } from './Utils';
-import { type InternalCipher, RSAKeyVariant } from './NativeQuickCrypto/Cipher';
+import { type InternalCipher, KeyVariant } from './NativeQuickCrypto/Cipher';
 import type {
   CipherCCMOptions,
   CipherCCMTypes,
@@ -34,11 +34,21 @@ import { Buffer } from '@craftzdog/react-native-buffer';
 import { Buffer as SBuffer } from 'safe-buffer';
 import { constants } from './constants';
 import {
+  CryptoKey,
   parsePrivateKeyEncoding,
   parsePublicKeyEncoding,
   preparePrivateKey,
   preparePublicOrPrivateKey,
+  type CryptoKeyPair,
+  type KeyPairType,
+  type NamedCurve,
 } from './keys';
+import type { KeyObjectHandle } from './NativeQuickCrypto/webcrypto';
+
+export enum ECCurve {
+  OPENSSL_EC_EXPLICIT_CURVE,
+  OPENSSL_EC_NAMED_CURVE,
+}
 
 // make sure that nextTick is there
 global.process.nextTick = setImmediate;
@@ -428,8 +438,8 @@ export const privateDecrypt = rsaFunctionFor(
 //   \__, |\___|_| |_|\___|_|  \__,_|\__\___|_|\_\___|\__, |_|   \__,_|_|_|
 //    __/ |                                            __/ |
 //   |___/                                            |___/
-type GenerateKeyPairOptions = {
-  modulusLength: number; // Key size in bits (RSA, DSA).
+export type GenerateKeyPairOptions = {
+  modulusLength?: number; // Key size in bits (RSA, DSA).
   publicExponent?: number; // Public exponent (RSA). Default: 0x10001.
   hashAlgorithm?: string; // Name of the message digest (RSA-PSS).
   mgf1HashAlgorithm?: string; // string Name of the message digest used by MGF1 (RSA-PSS).
@@ -446,11 +456,27 @@ type GenerateKeyPairOptions = {
   hash?: any;
   mgf1Hash?: any;
 };
-type GenerateKeyPairCallback = (
-  error: unknown | null,
-  publicKey?: Buffer,
-  privateKey?: Buffer
-) => void;
+
+export type KeyPairKey = Buffer | KeyObjectHandle | CryptoKey | undefined;
+
+export type GenerateKeyPairReturn = [
+  error?: Error,
+  privateKey?: KeyPairKey,
+  publicKey?: KeyPairKey,
+];
+
+export type GenerateKeyPairCallback = (
+  error?: Error,
+  publicKey?: KeyPairKey,
+  privateKey?: KeyPairKey
+) => GenerateKeyPairReturn | void;
+
+export type KeyPair = {
+  publicKey?: KeyPairKey;
+  privateKey?: KeyPairKey;
+};
+
+export type GenerateKeyPairPromiseReturn = [error?: Error, keypair?: KeyPair];
 
 function parseKeyEncoding(
   keyType: string,
@@ -505,14 +531,15 @@ function parseKeyEncoding(
   ];
 }
 
+/** On node a very complex "job" chain is created, we are going for a far simpler approach and calling
+ *  an internal function that basically executes the same byte shuffling on the native side
+ */
 function internalGenerateKeyPair(
   isAsync: boolean,
-  type: string,
+  type: KeyPairType,
   options: GenerateKeyPairOptions | undefined,
-  callback: GenerateKeyPairCallback | undefined
-) {
-  // On node a very complex "job" chain is created, we are going for a far simpler approach and calling
-  // an internal function that basically executes the same byte shuffling on the native side
+  callback?: GenerateKeyPairCallback
+): GenerateKeyPairReturn | void {
   const encoding = parseKeyEncoding(type, options);
 
   // if (options !== undefined)
@@ -520,11 +547,11 @@ function internalGenerateKeyPair(
 
   switch (type) {
     case 'rsa-pss':
-    case 'rsa': {
+    // fallthrough
+    case 'rsa':
       validateObject<GenerateKeyPairOptions>(options, 'options');
       const { modulusLength } = options!;
-      validateUint32(modulusLength, 'options.modulusLength');
-
+      validateUint32(modulusLength as number, 'options.modulusLength');
       let { publicExponent } = options!;
       if (publicExponent == null) {
         publicExponent = 0x10001;
@@ -535,37 +562,36 @@ function internalGenerateKeyPair(
       if (type === 'rsa') {
         if (isAsync) {
           NativeQuickCrypto.generateKeyPair(
-            RSAKeyVariant.kKeyVariantRSA_SSA_PKCS1_v1_5,
-            modulusLength,
+            KeyVariant.RSA_SSA_PKCS1_v1_5, // Used also for RSA-OAEP
+            modulusLength as number,
             publicExponent,
             ...encoding
           )
             .then(([err, publicKey, privateKey]) => {
-              if (typeof publicKey === 'object') {
+              if (publicKey instanceof Buffer) {
                 publicKey = Buffer.from(publicKey);
               }
-              if (typeof privateKey === 'object') {
+              if (privateKey instanceof Buffer) {
                 privateKey = Buffer.from(privateKey);
               }
-              callback?.(err, publicKey, privateKey);
+              callback!(err, publicKey, privateKey);
             })
             .catch((err) => {
-              callback?.(err, undefined, undefined);
+              callback!(err, undefined, undefined);
             });
-          return;
         } else {
           let [err, publicKey, privateKey] =
             NativeQuickCrypto.generateKeyPairSync(
-              RSAKeyVariant.kKeyVariantRSA_SSA_PKCS1_v1_5,
-              modulusLength,
+              KeyVariant.RSA_SSA_PKCS1_v1_5,
+              modulusLength as number,
               publicExponent,
               ...encoding
             );
 
-          if (typeof publicKey === 'object') {
+          if (publicKey instanceof Buffer) {
             publicKey = Buffer.from(publicKey);
           }
-          if (typeof privateKey === 'object') {
+          if (privateKey instanceof Buffer) {
             privateKey = Buffer.from(privateKey);
           }
 
@@ -609,15 +635,15 @@ function internalGenerateKeyPair(
       }
 
       return NativeQuickCrypto.generateKeyPairSync(
-        RSAKeyVariant.kKeyVariantRSA_PSS,
-        modulusLength,
+        KeyVariant.RSA_PSS,
+        modulusLength as number,
         publicExponent,
         hashAlgorithm || hash,
         mgf1HashAlgorithm || mgf1Hash,
         saltLength,
         ...encoding
       );
-    }
+
     // case 'dsa': {
     //   validateObject(options, 'options');
     //   const { modulusLength } = options!;
@@ -634,21 +660,57 @@ function internalGenerateKeyPair(
     //   //   divisorLength,
     //   //   ...encoding);
     // }
-    // case 'ec': {
-    //   validateObject(options, 'options');
-    //   const { namedCurve } = options!;
-    //   validateString(namedCurve, 'options.namedCurve');
-    //   let { paramEncoding } = options!;
-    //   if (paramEncoding == null || paramEncoding === 'named')
-    //     paramEncoding = OPENSSL_EC_NAMED_CURVE;
-    //   else if (paramEncoding === 'explicit')
-    //     paramEncoding = OPENSSL_EC_EXPLICIT_CURVE;
-    //   else
-    //   throw new Error(`Invalid Argument options.paramEncoding ${paramEncoding}`);
-    //     // throw new ERR_INVALID_ARG_VALUE('options.paramEncoding', paramEncoding);
-
-    //   // return new EcKeyPairGenJob(mode, namedCurve, paramEncoding, ...encoding);
-    // }
+
+    case 'ec':
+      validateObject<GenerateKeyPairOptions>(options, 'options');
+      const { namedCurve } = options!;
+      validateString(namedCurve, 'options.namedCurve');
+      let paramEncodingFlag = ECCurve.OPENSSL_EC_NAMED_CURVE;
+      const { paramEncoding } = options!;
+      if (paramEncoding == null || paramEncoding === 'named')
+        paramEncodingFlag = ECCurve.OPENSSL_EC_NAMED_CURVE;
+      else if (paramEncoding === 'explicit')
+        paramEncodingFlag = ECCurve.OPENSSL_EC_EXPLICIT_CURVE;
+      else
+        throw new Error(
+          `Invalid Argument options.paramEncoding ${paramEncoding}`
+        );
+
+      if (isAsync) {
+        NativeQuickCrypto.generateKeyPair(
+          KeyVariant.EC,
+          namedCurve as NamedCurve,
+          paramEncodingFlag,
+          ...encoding
+        )
+          .then(([err, publicKey, privateKey]) => {
+            if (publicKey instanceof Buffer) {
+              publicKey = Buffer.from(publicKey);
+            }
+            if (privateKey instanceof Buffer) {
+              privateKey = Buffer.from(privateKey);
+            }
+            callback?.(err, publicKey, privateKey);
+          })
+          .catch((err) => {
+            callback?.(err, undefined, undefined);
+          });
+      }
+
+      let [err, publicKey, privateKey] = NativeQuickCrypto.generateKeyPairSync(
+        KeyVariant.EC,
+        namedCurve as NamedCurve,
+        paramEncodingFlag,
+        ...encoding
+      );
+      if (publicKey instanceof Buffer) {
+        publicKey = Buffer.from(publicKey);
+      }
+      if (privateKey instanceof Buffer) {
+        privateKey = Buffer.from(privateKey);
+      }
+      return [err, publicKey, privateKey];
+
     // case 'ed25519':
     // case 'ed448':
     // case 'x25519':
@@ -712,48 +774,50 @@ function internalGenerateKeyPair(
     default:
     // Fall through
   }
-  throw new Error(
-    `Invalid Argument options: ${type} scheme not supported. Currently not all encryption methods are supported in quick-crypto!`
-  );
+  const err = new Error(`
+      Invalid Argument options: '${type}' scheme not supported for generateKey().
+      Currently not all encryption methods are supported in quick-crypto.  Check
+      implementation_coverage.md for status.
+    `);
+  return [err, undefined, undefined];
 }
 
-// TODO(osp) put correct types (e.g. type -> 'rsa', etc..)
-export function generateKeyPair(
-  type: string,
-  callback: GenerateKeyPairCallback
-): void;
-export function generateKeyPair(
-  type: string,
+export const generateKeyPair = (
+  type: KeyPairType,
   options: GenerateKeyPairOptions,
   callback: GenerateKeyPairCallback
-): void;
-export function generateKeyPair(
-  type: string,
-  options?: GenerateKeyPairCallback | GenerateKeyPairOptions,
-  callback?: GenerateKeyPairCallback
-) {
-  if (typeof options === 'function') {
-    callback = options;
-    options = undefined;
-  }
-
+): void => {
   validateFunction(callback);
-
   internalGenerateKeyPair(true, type, options, callback);
-}
+};
 
-export function generateKeyPairSync(type: string): {
-  publicKey: any;
-  privateKey: any;
+// Promisify generateKeyPair
+// (attempted to use util.promisify, to no avail)
+export const generateKeyPairPromise = (
+  type: KeyPairType,
+  options: GenerateKeyPairOptions
+): Promise<GenerateKeyPairPromiseReturn> => {
+  return new Promise((resolve, reject) => {
+    generateKeyPair(type, options, (err, publicKey, privateKey) => {
+      if (err) {
+        reject([err, undefined]);
+      } else {
+        resolve([undefined, { publicKey, privateKey }]);
+      }
+    });
+  });
 };
+
+// generateKeyPairSync
+export function generateKeyPairSync(type: KeyPairType): CryptoKeyPair;
 export function generateKeyPairSync(
-  type: string,
+  type: KeyPairType,
   options: GenerateKeyPairOptions
-): { publicKey: any; privateKey: any };
+): CryptoKeyPair;
 export function generateKeyPairSync(
-  type: string,
+  type: KeyPairType,
   options?: GenerateKeyPairOptions
-): { publicKey: any; privateKey: any } {
+): CryptoKeyPair {
   const [_, publicKey, privateKey] = internalGenerateKeyPair(
     false,
     type,

package/src/Hashnames.ts

@@ -1,9 +1,4 @@
-import type {
-  HashAlgorithm,
-  KeyPairAlgorithm,
-  SecretKeyAlgorithm,
-  SubtleAlgorithm,
-} from './keys';
+import type { HashAlgorithm } from './keys';
 
 export enum HashContext {
   Node,
@@ -32,6 +27,14 @@ const kHashNames: HashNames = {
     [HashContext.JwkRsaOaep]: 'RSA-OAEP',
     [HashContext.JwkHmac]: 'HS1',
   },
+  sha224: {
+    [HashContext.Node]: 'sha224',
+    [HashContext.WebCrypto]: 'SHA-224',
+    [HashContext.JwkRsa]: 'RS224',
+    [HashContext.JwkRsaPss]: 'PS224',
+    [HashContext.JwkRsaOaep]: 'RSA-OAEP-224',
+    [HashContext.JwkHmac]: 'HS224',
+  },
   sha256: {
     [HashContext.Node]: 'sha256',
     [HashContext.WebCrypto]: 'SHA-256',
@@ -56,6 +59,10 @@ const kHashNames: HashNames = {
     [HashContext.JwkRsaOaep]: 'RSA-OAEP-512',
     [HashContext.JwkHmac]: 'HS512',
   },
+  ripemd160: {
+    [HashContext.Node]: 'ripemd160',
+    [HashContext.WebCrypto]: 'RIPEMD-160',
+  },
 };
 
 {
@@ -72,20 +79,15 @@ const kHashNames: HashNames = {
 }
 
 export function normalizeHashName(
-  algo:
-    | SubtleAlgorithm
-    | HashAlgorithm
-    | KeyPairAlgorithm
-    | SecretKeyAlgorithm
-    | undefined,
+  algo: string | HashAlgorithm | undefined,
   context: HashContext = HashContext.Node
-): string {
-  if (typeof algo === 'undefined') return 'unknown';
-  if (typeof algo !== 'string') return algo.name;
-  const normAlgo = algo.toString().toLowerCase();
-  try {
-    const alias = kHashNames[normAlgo]![context];
-    return alias || algo;
-  } catch (_e) {}
-  return algo;
+): HashAlgorithm {
+  if (typeof algo !== 'undefined') {
+    const normAlgo = algo.toString().toLowerCase();
+    try {
+      const alias = kHashNames[normAlgo]![context] as HashAlgorithm;
+      if (alias) return alias;
+    } catch (_e) {}
+  }
+  throw new Error(`Invalid Hash Algorithm: ${algo}`);
 }

package/src/NativeQuickCrypto/Cipher.ts

@@ -1,14 +1,37 @@
+import type { GenerateKeyPairReturn } from '../Cipher';
 import type { BinaryLike } from '../Utils';
 import type { Buffer } from '@craftzdog/react-native-buffer';
+import type {
+  EncodingOptions,
+  PrivateKeyObject,
+  PublicKeyObject,
+  SecretKeyObject,
+} from '../keys';
 
-// TODO(osp) on node this is defined on the native side
-// Need to do the same so that values are always in sync
-export enum RSAKeyVariant {
-  kKeyVariantRSA_SSA_PKCS1_v1_5,
-  kKeyVariantRSA_PSS,
-  kKeyVariantRSA_OAEP,
+// TODO: until shared, keep in sync with C++ side (cpp/Utils/MGLUtils.h)
+export enum KeyVariant {
+  RSA_SSA_PKCS1_v1_5,
+  RSA_PSS,
+  RSA_OAEP,
+  DSA,
+  EC,
+  NID,
+  DH,
 }
 
+export const KeyVariantLookup: Record<string, KeyVariant> = {
+  'RSASSA-PKCS1-v1_5': KeyVariant.RSA_SSA_PKCS1_v1_5,
+  'RSA-PSS': KeyVariant.RSA_PSS,
+  'RSA-OAEP': KeyVariant.RSA_OAEP,
+  'ECDSA': KeyVariant.DSA,
+  'ECDH': KeyVariant.EC,
+  'Ed25519': KeyVariant.NID,
+  'Ed448': KeyVariant.NID,
+  'X25519': KeyVariant.NID,
+  'X448': KeyVariant.NID,
+  'DH': KeyVariant.DH,
+};
+
 export type InternalCipher = {
   update: (data: BinaryLike | ArrayBufferView) => ArrayBuffer;
   final: () => ArrayBuffer;
@@ -56,15 +79,24 @@ export type PrivateDecryptMethod = (
 ) => Buffer;
 
 export type GenerateKeyPairMethod = (
-  keyVariant: RSAKeyVariant,
-  modulusLength: number,
-  publicExponent: number,
+  keyVariant: KeyVariant,
   ...rest: any[]
-) => Promise<[error: unknown, publicBuffer: any, privateBuffer: any]>;
+) => Promise<GenerateKeyPairReturn>;
 
 export type GenerateKeyPairSyncMethod = (
-  keyVariant: RSAKeyVariant,
-  modulusLength: number,
-  publicExponent: number,
+  keyVariant: KeyVariant,
   ...rest: any[]
-) => [error: unknown, publicBuffer: any, privateBuffer: any];
+) => GenerateKeyPairReturn;
+
+export type CreatePublicKeyMethod = (
+  key: BinaryLike | EncodingOptions
+) => PublicKeyObject;
+
+export type CreatePrivateKeyMethod = (
+  key: BinaryLike | EncodingOptions
+) => PrivateKeyObject;
+
+export type CreateSecretKeyMethod = (
+  key: BinaryLike | EncodingOptions,
+  encoding?: string
+) => SecretKeyObject;

package/src/NativeQuickCrypto/NativeQuickCrypto.ts

@@ -10,6 +10,9 @@ import type {
   PrivateDecryptMethod,
   GenerateKeyPairMethod,
   GenerateKeyPairSyncMethod,
+  CreatePublicKeyMethod,
+  CreatePrivateKeyMethod,
+  CreateSecretKeyMethod,
 } from './Cipher';
 import type { CreateSignMethod, CreateVerifyMethod } from './sig';
 import type { webcrypto } from './webcrypto';
@@ -21,6 +24,9 @@ interface NativeQuickCryptoSpec {
   createHash: CreateHashMethod;
   createCipher: CreateCipherMethod;
   createDecipher: CreateDecipherMethod;
+  createPublicKey: CreatePublicKeyMethod;
+  createPrivateKey: CreatePrivateKeyMethod;
+  createSecretKey: CreateSecretKeyMethod;
   publicEncrypt: PublicEncryptMethod;
   publicDecrypt: PublicEncryptMethod;
   privateDecrypt: PrivateDecryptMethod;

package/src/NativeQuickCrypto/aes.ts

@@ -0,0 +1,14 @@
+import type { AESKeyVariant } from '../aes';
+import type { CipherOrWrapMode } from '../keys';
+import type { KeyObjectHandle } from './webcrypto';
+
+export type AESCipher = (
+  mode: CipherOrWrapMode,
+  handle: KeyObjectHandle,
+  data: ArrayBuffer,
+  variant: AESKeyVariant,
+  iv_or_counter?: ArrayBuffer,
+  length?: number,
+  authTag?: ArrayBuffer,
+  additionalData?: ArrayBuffer
+) => Promise<ArrayBuffer>;

package/src/NativeQuickCrypto/keygen.ts

@@ -0,0 +1,7 @@
+import type { KeyObjectHandle } from './webcrypto';
+
+export type GenerateSecretKeyMethod = (
+  length: number
+) => Promise<KeyObjectHandle>;
+
+export type GenerateSecretKeySyncMethod = (length: number) => KeyObjectHandle;

package/src/NativeQuickCrypto/rsa.ts

@@ -0,0 +1,12 @@
+import type { CipherOrWrapMode, DigestAlgorithm } from '../keys';
+import type { RSAKeyVariant } from '../rsa';
+import type { KeyObjectHandle } from './webcrypto';
+
+export type RSACipher = (
+  mode: CipherOrWrapMode,
+  handle: KeyObjectHandle,
+  data: ArrayBuffer,
+  variant: RSAKeyVariant,
+  hash: DigestAlgorithm,
+  label?: ArrayBuffer
+) => Promise<ArrayBuffer>;

package/src/NativeQuickCrypto/sig.ts

@@ -1,4 +1,7 @@
 // TODO Add real types to sign/verify, the problem is that because of encryption schemes
+
+import type { KeyObjectHandle } from './webcrypto';
+
 // they will have variable amount of parameters
 export type InternalSign = {
   init: (algorithm: string) => void;
@@ -15,3 +18,27 @@ export type InternalVerify = {
 export type CreateSignMethod = () => InternalSign;
 
 export type CreateVerifyMethod = () => InternalVerify;
+
+export enum DSASigEnc {
+  kSigEncDER,
+  kSigEncP1363,
+}
+
+export enum SignMode {
+  kSignJobModeSign,
+  kSignJobModeVerify,
+}
+
+export type SignVerify = (
+  mode: SignMode,
+  handle: KeyObjectHandle,
+  unused1: undefined,
+  unused2: undefined,
+  unused3: undefined,
+  data: ArrayBuffer,
+  digest: string | undefined,
+  salt_length: number | undefined,
+  padding: number | undefined,
+  dsa_encoding: DSASigEnc | undefined,
+  signature: ArrayBuffer | undefined
+) => ArrayBuffer | boolean;

package/src/NativeQuickCrypto/webcrypto.ts

@@ -1,3 +1,4 @@
+import type { AESCipher } from './aes';
 import type {
   AsymmetricKeyType,
   JWK,
@@ -7,6 +8,13 @@ import type {
   KWebCryptoKeyFormat,
   NamedCurve,
 } from '../keys';
+import type { SignVerify } from './sig';
+import type {
+  GenerateSecretKeyMethod,
+  GenerateSecretKeySyncMethod,
+} from './keygen';
+import type { KeyVariant } from './Cipher';
+import type { RSACipher } from './rsa';
 
 type KeyDetail = {
   length?: number;
@@ -23,6 +31,12 @@ type ECExportKey = (
   handle: KeyObjectHandle
 ) => ArrayBuffer;
 
+type RSAExportKey = (
+  format: KWebCryptoKeyFormat,
+  handle: KeyObjectHandle,
+  variant: KeyVariant
+) => ArrayBuffer;
+
 export type KeyObjectHandle = {
   export(
     format?: KFormatType,
@@ -32,7 +46,13 @@ export type KeyObjectHandle = {
   ): ArrayBuffer;
   exportJwk(key: JWK, handleRsaPss: boolean): JWK;
   getAsymmetricKeyType(): AsymmetricKeyType;
-  init(keyType: KeyType, key: any): boolean;
+  init(
+    keyType: KeyType,
+    key: any,
+    format?: KFormatType,
+    type?: KeyEncoding,
+    passphrase?: string | ArrayBuffer
+  ): boolean;
   initECRaw(curveName: string, keyData: ArrayBuffer): boolean;
   initJwk(keyData: JWK, namedCurve?: NamedCurve): KeyType | undefined;
   keyDetail(): KeyDetail;
@@ -41,6 +61,12 @@ export type KeyObjectHandle = {
 type CreateKeyObjectHandle = () => KeyObjectHandle;
 
 export type webcrypto = {
-  ecExportKey: ECExportKey;
+  aesCipher: AESCipher;
   createKeyObjectHandle: CreateKeyObjectHandle;
+  ecExportKey: ECExportKey;
+  generateSecretKey: GenerateSecretKeyMethod;
+  generateSecretKeySync: GenerateSecretKeySyncMethod;
+  rsaCipher: RSACipher;
+  rsaExportKey: RSAExportKey;
+  signVerify: SignVerify;
 };