npm - react-native-quick-crypto - Versions diffs - 0.7.0 → 0.7.1 - Mend

react-native-quick-crypto 0.7.0 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (131) hide show

package/android/CMakeLists.txt +2 -0
package/cpp/Cipher/MGLRsa.cpp +179 -3
package/cpp/Cipher/MGLRsa.h +40 -0
package/cpp/JSIUtils/MGLJSIUtils.h +8 -0
package/cpp/MGLKeys.cpp +41 -43
package/cpp/MGLKeys.h +9 -2
package/cpp/MGLQuickCryptoHostObject.cpp +6 -6
package/cpp/Utils/MGLUtils.cpp +71 -1
package/cpp/Utils/MGLUtils.h +55 -1
package/cpp/webcrypto/MGLWebCrypto.cpp +89 -37
package/cpp/webcrypto/MGLWebCrypto.h +5 -7
package/cpp/webcrypto/crypto_aes.cpp +516 -0
package/cpp/webcrypto/crypto_aes.h +79 -0
package/cpp/webcrypto/crypto_ec.cpp +4 -20
package/cpp/webcrypto/crypto_ec.h +0 -5
package/cpp/webcrypto/crypto_keygen.cpp +86 -0
package/cpp/webcrypto/crypto_keygen.h +38 -0
package/lib/commonjs/Cipher.js +3 -1
package/lib/commonjs/Cipher.js.map +1 -1
package/lib/commonjs/Hashnames.js +20 -8
package/lib/commonjs/Hashnames.js.map +1 -1
package/lib/commonjs/NativeQuickCrypto/Cipher.js +13 -1
package/lib/commonjs/NativeQuickCrypto/Cipher.js.map +1 -1
package/lib/commonjs/NativeQuickCrypto/NativeQuickCrypto.js.map +1 -1
package/lib/commonjs/NativeQuickCrypto/aes.js +6 -0
package/lib/commonjs/NativeQuickCrypto/aes.js.map +1 -0
package/lib/commonjs/NativeQuickCrypto/keygen.js +6 -0
package/lib/commonjs/NativeQuickCrypto/keygen.js.map +1 -0
package/lib/commonjs/NativeQuickCrypto/rsa.js +6 -0
package/lib/commonjs/NativeQuickCrypto/rsa.js.map +1 -0
package/lib/commonjs/Utils.js +30 -6
package/lib/commonjs/Utils.js.map +1 -1
package/lib/commonjs/aes.js +184 -227
package/lib/commonjs/aes.js.map +1 -1
package/lib/commonjs/index.js +12 -2
package/lib/commonjs/index.js.map +1 -1
package/lib/commonjs/keygen.js +56 -0
package/lib/commonjs/keygen.js.map +1 -0
package/lib/commonjs/keys.js +74 -5
package/lib/commonjs/keys.js.map +1 -1
package/lib/commonjs/rsa.js +115 -196
package/lib/commonjs/rsa.js.map +1 -1
package/lib/commonjs/sig.js.map +1 -1
package/lib/commonjs/subtle.js +140 -78
package/lib/commonjs/subtle.js.map +1 -1
package/lib/commonjs/webcrypto.js +14 -0
package/lib/commonjs/webcrypto.js.map +1 -0
package/lib/module/Cipher.js +3 -1
package/lib/module/Cipher.js.map +1 -1
package/lib/module/Hashnames.js +20 -8
package/lib/module/Hashnames.js.map +1 -1
package/lib/module/NativeQuickCrypto/Cipher.js +12 -0
package/lib/module/NativeQuickCrypto/Cipher.js.map +1 -1
package/lib/module/NativeQuickCrypto/NativeQuickCrypto.js.map +1 -1
package/lib/module/NativeQuickCrypto/aes.js +2 -0
package/lib/module/NativeQuickCrypto/aes.js.map +1 -0
package/lib/module/NativeQuickCrypto/keygen.js +2 -0
package/lib/module/NativeQuickCrypto/keygen.js.map +1 -0
package/lib/module/NativeQuickCrypto/rsa.js +2 -0
package/lib/module/NativeQuickCrypto/rsa.js.map +1 -0
package/lib/module/Utils.js +26 -5
package/lib/module/Utils.js.map +1 -1
package/lib/module/aes.js +183 -228
package/lib/module/aes.js.map +1 -1
package/lib/module/index.js +11 -2
package/lib/module/index.js.map +1 -1
package/lib/module/keygen.js +47 -0
package/lib/module/keygen.js.map +1 -0
package/lib/module/keys.js +68 -4
package/lib/module/keys.js.map +1 -1
package/lib/module/rsa.js +115 -198
package/lib/module/rsa.js.map +1 -1
package/lib/module/sig.js.map +1 -1
package/lib/module/subtle.js +143 -82
package/lib/module/subtle.js.map +1 -1
package/lib/module/webcrypto.js +8 -0
package/lib/module/webcrypto.js.map +1 -0
package/lib/typescript/Cipher.d.ts +0 -1
package/lib/typescript/Cipher.d.ts.map +1 -1
package/lib/typescript/Hash.d.ts.map +1 -1
package/lib/typescript/Hashnames.d.ts +2 -2
package/lib/typescript/Hashnames.d.ts.map +1 -1
package/lib/typescript/NativeQuickCrypto/Cipher.d.ts +5 -0
package/lib/typescript/NativeQuickCrypto/Cipher.d.ts.map +1 -1
package/lib/typescript/NativeQuickCrypto/NativeQuickCrypto.d.ts +4 -1
package/lib/typescript/NativeQuickCrypto/NativeQuickCrypto.d.ts.map +1 -1
package/lib/typescript/NativeQuickCrypto/aes.d.ts +5 -0
package/lib/typescript/NativeQuickCrypto/aes.d.ts.map +1 -0
package/lib/typescript/NativeQuickCrypto/keygen.d.ts +4 -0
package/lib/typescript/NativeQuickCrypto/keygen.d.ts.map +1 -0
package/lib/typescript/NativeQuickCrypto/rsa.d.ts +5 -0
package/lib/typescript/NativeQuickCrypto/rsa.d.ts.map +1 -0
package/lib/typescript/NativeQuickCrypto/webcrypto.d.ts +12 -2
package/lib/typescript/NativeQuickCrypto/webcrypto.d.ts.map +1 -1
package/lib/typescript/Utils.d.ts +4 -4
package/lib/typescript/Utils.d.ts.map +1 -1
package/lib/typescript/aes.d.ts +18 -1
package/lib/typescript/aes.d.ts.map +1 -1
package/lib/typescript/ec.d.ts.map +1 -1
package/lib/typescript/index.d.ts +27 -24
package/lib/typescript/index.d.ts.map +1 -1
package/lib/typescript/keygen.d.ts +6 -0
package/lib/typescript/keygen.d.ts.map +1 -0
package/lib/typescript/keys.d.ts +55 -17
package/lib/typescript/keys.d.ts.map +1 -1
package/lib/typescript/rsa.d.ts +9 -1
package/lib/typescript/rsa.d.ts.map +1 -1
package/lib/typescript/sig.d.ts +3 -17
package/lib/typescript/sig.d.ts.map +1 -1
package/lib/typescript/subtle.d.ts +6 -5
package/lib/typescript/subtle.d.ts.map +1 -1
package/lib/typescript/webcrypto.d.ts +9 -0
package/lib/typescript/webcrypto.d.ts.map +1 -0
package/package.json +2 -2
package/src/Cipher.ts +1 -1
package/src/Hashnames.ts +23 -21
package/src/NativeQuickCrypto/Cipher.ts +32 -0
package/src/NativeQuickCrypto/NativeQuickCrypto.ts +6 -0
package/src/NativeQuickCrypto/aes.ts +14 -0
package/src/NativeQuickCrypto/keygen.ts +7 -0
package/src/NativeQuickCrypto/rsa.ts +12 -0
package/src/NativeQuickCrypto/webcrypto.ts +26 -2
package/src/Utils.ts +37 -8
package/src/aes.ts +259 -222
package/src/index.ts +10 -1
package/src/keygen.ts +80 -0
package/src/keys.ts +139 -30
package/src/rsa.ts +161 -187
package/src/sig.ts +7 -23
package/src/subtle.ts +211 -93
package/src/webcrypto.ts +8 -0

package/android/CMakeLists.txt CHANGED Viewed

@@ -43,7 +43,9 @@ add_library(
   "../cpp/Sig/MGLVerifyInstaller.cpp"
   "../cpp/Sig/MGLSignHostObjects.cpp"
   "../cpp/webcrypto/MGLWebCrypto.cpp"
+  "../cpp/webcrypto/crypto_aes.cpp"
   "../cpp/webcrypto/crypto_ec.cpp"
+  "../cpp/webcrypto/crypto_keygen.cpp"
 )
 target_include_directories(

package/cpp/Cipher/MGLRsa.cpp CHANGED Viewed

@@ -7,9 +7,15 @@
 #include "MGLRsa.h"
 #ifdef ANDROID
+#include "Cipher/MGLPublicCipher.h"
 #include "JSIUtils/MGLJSIMacros.h"
+#include "JSIUtils/MGLJSIUtils.h"
+#include "Utils/MGLUtils.h"
 #else
+#include "MGLPublicCipher.h"
 #include "MGLJSIMacros.h"
+#include "MGLJSIUtils.h"
+#include "MGLUtils.h"
 #endif
 #include <string>
@@ -186,6 +192,125 @@ std::pair<jsi::Value, jsi::Value> generateRsaKeyPair(
   return {std::move(publicBuffer), std::move(privateBuffer)};
 }
+template <MGLPublicCipher::EVP_PKEY_cipher_init_t init,
+          MGLPublicCipher::EVP_PKEY_cipher_t cipher>
+WebCryptoCipherStatus RSA_Cipher(const RSACipherConfig& params, ByteSource* out) {
+  CHECK_NE(params.key->GetKeyType(), kKeyTypeSecret);
+  ManagedEVPPKey m_pkey = params.key->GetAsymmetricKey();
+  // Mutex::ScopedLock lock(*m_pkey.mutex());
+  EVPKeyCtxPointer ctx(EVP_PKEY_CTX_new(m_pkey.get(), nullptr));
+  if (!ctx || init(ctx.get()) <= 0)
+    return WebCryptoCipherStatus::FAILED;
+  if (EVP_PKEY_CTX_set_rsa_padding(ctx.get(), params.padding) <= 0) {
+    return WebCryptoCipherStatus::FAILED;
+  }
+  if (params.digest != nullptr &&
+      (EVP_PKEY_CTX_set_rsa_oaep_md(ctx.get(), params.digest) <= 0 ||
+       EVP_PKEY_CTX_set_rsa_mgf1_md(ctx.get(), params.digest) <= 0)) {
+    return WebCryptoCipherStatus::FAILED;
+  }
+  if (!SetRsaOaepLabel(ctx, params.label)) return WebCryptoCipherStatus::FAILED;
+  size_t out_len = 0;
+  if (cipher(
+          ctx.get(),
+          nullptr,
+          &out_len,
+          params.data.data<unsigned char>(),
+          params.data.size()) <= 0) {
+    return WebCryptoCipherStatus::FAILED;
+  }
+  ByteSource::Builder buf(out_len);
+  if (cipher(ctx.get(),
+             buf.data<unsigned char>(),
+             &out_len,
+             params.data.data<unsigned char>(),
+             params.data.size()) <= 0) {
+    return WebCryptoCipherStatus::FAILED;
+  }
+  *out = std::move(buf).release(out_len);
+  return WebCryptoCipherStatus::OK;
+}
+RSACipherConfig RSACipher::GetParamsFromJS(jsi::Runtime &rt,
+                                          const jsi::Value *args) {
+  RSACipherConfig params;
+  unsigned int offset = 0;
+  // padding
+  params.padding = RSA_PKCS1_OAEP_PADDING;
+  // mode (encrypt/decrypt)
+  params.mode = static_cast<WebCryptoCipherMode>((int)args[offset].getNumber());
+  offset++;
+  // key (handle)
+  if (!args[offset].isObject()) {
+    throw std::runtime_error("arg is not a KeyObjectHandle: key");
+  }
+  std::shared_ptr<KeyObjectHandle> handle =
+    std::static_pointer_cast<KeyObjectHandle>(
+      args[offset].asObject(rt).getHostObject(rt));
+  params.key = handle->Data();
+  offset++;
+  // data
+  params.data = GetByteSourceFromJS(rt, args[offset], "data");
+  offset++;
+  // variant
+  if (CheckIsInt32(args[offset])) {
+    params.variant = static_cast<RSAKeyVariant>((int)args[offset].getNumber());
+  }
+  // offset++; // The below variant-dependent params advance offset themselves
+  std::string digest;
+  switch (params.variant) {
+    case kKeyVariantRSA_OAEP:
+      // hash (digest)
+      CHECK(args[offset + 1].isString());
+      digest = args[offset + 1].asString(rt).utf8(rt);
+      params.digest = EVP_get_digestbyname(digest.c_str());
+      if (params.digest == nullptr) {
+        throw jsi::JSError(rt, "invalid digest: " + digest);
+        return params;
+      }
+      // label
+      if (args[offset + 2].isUndefined()) {
+        params.label = ByteSource();
+      } else {
+        params.label = GetByteSourceFromJS(rt, args[offset + 2], "label");
+      }
+      break;
+    default:
+      throw jsi::JSError(rt, "Invalid RSA key variant");
+  }
+  return params;
+}
+WebCryptoCipherStatus RSACipher::DoCipher(const RSACipherConfig &params,
+                                          ByteSource *out) {
+  switch (params.mode) {
+    case kEncrypt:
+      CHECK_EQ(params.key->GetKeyType(), kKeyTypePublic);
+      return RSA_Cipher<EVP_PKEY_encrypt_init, EVP_PKEY_encrypt>(params, out);
+    case kDecrypt:
+      CHECK_EQ(params.key->GetKeyType(), kKeyTypePrivate);
+      return RSA_Cipher<EVP_PKEY_decrypt_init, EVP_PKEY_decrypt>(params, out);
+  }
+}
 jsi::Value ExportJWKRsaKey(jsi::Runtime &rt,
                            std::shared_ptr<KeyObjectData> key,
                            jsi::Object &target) {
@@ -330,12 +455,11 @@ jsi::Value GetRsaKeyDetail(jsi::Runtime &rt,
   RSA_get0_key(rsa, &n, &e, nullptr);
   size_t modulus_length = BN_num_bits(n);
-  // TODO: should this be modulusLength or n?
   target.setProperty(rt, "modulusLength", static_cast<double>(modulus_length));
   size_t exp_size = BN_num_bytes(e);
-  // TODO: should this be publicExponent or e?
-  target.setProperty(rt, "publicExponent", EncodeBignum(e, exp_size, true));
+  ByteSource public_exponent = ByteSource::FromBN(e, exp_size);
+  target.setProperty(rt, "publicExponent", toJSI(rt, std::move(public_exponent)));
   if (type == EVP_PKEY_RSA_PSS) {
     // Due to the way ASN.1 encoding works, default values are omitted when
@@ -394,4 +518,56 @@ jsi::Value GetRsaKeyDetail(jsi::Runtime &rt,
   return target;
 }
+bool RsaKeyExport::GetParamsFromJS(jsi::Runtime &rt, const jsi::Value *args) {
+  RsaKeyExportConfig params;
+  unsigned int offset = 0;
+  // format
+  params.format = static_cast<WebCryptoKeyFormat>((int)args[offset].getNumber());
+  offset++;
+  // key
+  std::shared_ptr<KeyObjectHandle> handle =
+    std::static_pointer_cast<KeyObjectHandle>(
+      args[1].asObject(rt).getHostObject(rt));
+  params.key_ = handle->Data();
+  offset++;
+  // variant
+  params.variant = static_cast<KeyVariant>((int)args[offset].getNumber());
+  offset++;
+  this->params_ = std::move(params);
+  return true;
+}
+WebCryptoKeyExportStatus RsaKeyExport::DoExport(ByteSource* out) {
+  auto key_data = this->params_.key_;
+  CHECK_NE(key_data->GetKeyType(), kKeyTypeSecret);
+  switch (this->params_.format) {
+    case kWebCryptoKeyFormatRaw:
+      throw std::runtime_error("Raw format not supported for RSA keys");
+      return WebCryptoKeyExportStatus::FAILED;
+    case kWebCryptoKeyFormatJWK:
+      throw std::runtime_error("JWK format not handled in C++ for RSA keys");
+      return WebCryptoKeyExportStatus::FAILED;
+    case kWebCryptoKeyFormatPKCS8:
+      if (key_data->GetKeyType() != kKeyTypePrivate) {
+        throw std::runtime_error("Invalid key type for PKCS8 export");
+        return WebCryptoKeyExportStatus::INVALID_KEY_TYPE;
+      }
+      return PKEY_PKCS8_Export(key_data.get(), out);
+    case kWebCryptoKeyFormatSPKI:
+      if (key_data->GetKeyType() != kKeyTypePublic) {
+        throw std::runtime_error("Invalid key type for SPKI export");
+        return WebCryptoKeyExportStatus::INVALID_KEY_TYPE;
+      }
+      return PKEY_SPKI_Export(key_data.get(), out);
+    default:
+      throw std::runtime_error("Unrecognized format for RSA key export");
+      return WebCryptoKeyExportStatus::FAILED;
+  }
+}
 }  // namespace margelo

package/cpp/Cipher/MGLRsa.h CHANGED Viewed

@@ -25,6 +25,13 @@ namespace margelo {
 namespace jsi = facebook::jsi;
+// TODO: keep in in sync with JS side (src/rsa.ts)
+enum RSAKeyVariant {
+  kKeyVariantRSA_SSA_PKCS1_v1_5,
+  kKeyVariantRSA_PSS,
+  kKeyVariantRSA_OAEP
+};
 // On node there is a complete madness of structs/classes that encapsulate and
 // initialize the data in a generic manner this is to be later be used to
 // generate the keys in a thread-safe manner (I think) I'm however too dumb and
@@ -64,6 +71,39 @@ std::shared_ptr<KeyObjectData> ImportJWKRsaKey(jsi::Runtime &rt,
 jsi::Value GetRsaKeyDetail(jsi::Runtime &rt,
                            std::shared_ptr<KeyObjectData> key);
+struct RsaKeyExportConfig final {
+  WebCryptoKeyFormat format;
+  std::shared_ptr<KeyObjectData> key_;
+  KeyVariant variant;
+};
+class RsaKeyExport {
+ public:
+  bool GetParamsFromJS(jsi::Runtime &rt, const jsi::Value *args);
+  WebCryptoKeyExportStatus DoExport(ByteSource* out);
+ private:
+  RsaKeyExportConfig params_;
+};
+struct RSACipherConfig final {
+  WebCryptoCipherMode mode;
+  std::shared_ptr<KeyObjectData> key;
+  ByteSource data;
+  RSAKeyVariant variant;
+  ByteSource label;
+  int padding = 0;
+  const EVP_MD* digest = nullptr;
+  RSACipherConfig() = default;
+};
+class RSACipher {
+ public:
+  RSACipher() {}
+  RSACipherConfig GetParamsFromJS(jsi::Runtime &rt, const jsi::Value *args);
+  WebCryptoCipherStatus DoCipher(const RSACipherConfig &params, ByteSource *out);
+};
 }  // namespace margelo
 #endif /* MGLRsa_hpp */

package/cpp/JSIUtils/MGLJSIUtils.h CHANGED Viewed

@@ -30,4 +30,12 @@ inline bool CheckIsInt32(const jsi::Value &value) {
   return (d >= std::numeric_limits<int32_t>::lowest() && d <= std::numeric_limits<int32_t>::max());
 }
+inline bool CheckIsUint32(const jsi::Value &value) {
+  if (!value.isNumber()) {
+    return false;
+  }
+  double d = value.asNumber();
+  return (d >= std::numeric_limits<uint32_t>::lowest() && d <= std::numeric_limits<uint32_t>::max());
+}
 #endif /* MGLJSIUtils_h */

package/cpp/MGLKeys.cpp CHANGED Viewed

@@ -562,7 +562,7 @@ jsi::Value ManagedEVPPKey::ToEncodedPublicKey(jsi::Runtime& rt,
     // Note that this has the downside of containing sensitive data of the
     // private key.
     auto data = KeyObjectData::CreateAsymmetric(kKeyTypePublic, std::move(key));
-    auto handle = KeyObjectHandle::Create(rt, data);
+    auto handle = KeyObjectHandle::Create(data);
     auto out = jsi::Object::createFromHostObject(rt, handle);
     return jsi::Value(std::move(out));
   } else
@@ -583,7 +583,7 @@ jsi::Value ManagedEVPPKey::ToEncodedPrivateKey(jsi::Runtime& rt,
   if (!key) return {};
   if (config.output_key_object_) {
     auto data = KeyObjectData::CreateAsymmetric(kKeyTypePrivate, std::move(key));
-    auto handle = KeyObjectHandle::Create(rt, data);
+    auto handle = KeyObjectHandle::Create(data);
     auto out = jsi::Object::createFromHostObject(rt, handle);
     return jsi::Value(std::move(out));
   } else
@@ -696,6 +696,7 @@ ManagedEVPPKey ManagedEVPPKey::GetPublicOrPrivateKeyFromJs(
     const jsi::Value* args,
     unsigned int* offset) {
   if (args[*offset].asObject(runtime).isArrayBuffer(runtime)) {
+    // data (key) as ArrayBuffer
     auto dataArrayBuffer =
         args[(*offset)++].asObject(runtime).getArrayBuffer(runtime);
@@ -703,6 +704,7 @@ ManagedEVPPKey ManagedEVPPKey::GetPublicOrPrivateKeyFromJs(
       throw jsi::JSError(runtime, "data is too big");
     }
+    // rest of args for encoding
     NonCopyableMaybe<PrivateKeyEncodingConfig> config_ =
         GetPrivateKeyEncodingFromJs(runtime, args, offset, kKeyContextInput);
     if (config_.IsEmpty()) return ManagedEVPPKey();
@@ -907,8 +909,7 @@ jsi::Value KeyObjectHandle::get(
 //   registry->Register(Equals);
 // }
-std::shared_ptr<KeyObjectHandle> KeyObjectHandle::Create(jsi::Runtime &rt,
-                                                         std::shared_ptr<KeyObjectData> data) {
+std::shared_ptr<KeyObjectHandle> KeyObjectHandle::Create(std::shared_ptr<KeyObjectData> data) {
   auto handle = std::make_shared<KeyObjectHandle>();
   handle->data_ = data;
   return handle;
@@ -932,7 +933,7 @@ const std::shared_ptr<KeyObjectData>& KeyObjectHandle::Data() {
 //
 jsi::Value KeyObjectHandle::Init(jsi::Runtime &rt) {
-  return HOSTFN("init", 2) {
+  return HOSTFN("init", 5) {
     CHECK(args[0].isNumber());
     KeyType type = static_cast<KeyType>((int32_t)args[0].asNumber());
@@ -941,15 +942,13 @@ jsi::Value KeyObjectHandle::Init(jsi::Runtime &rt) {
     switch (type) {
       case kKeyTypeSecret: {
-        // CHECK_EQ(args.Length(), 2);
+        CHECK_EQ(count, 2);
         ByteSource key = ByteSource::FromStringOrBuffer(rt, args[1]);
         this->data_ = KeyObjectData::CreateSecret(std::move(key));
         break;
       }
       case kKeyTypePublic: {
-        // CHECK_EQ(args.Length(), 5);
+        CHECK_EQ(count, 5);
         offset = 1;
         pkey = ManagedEVPPKey::GetPublicOrPrivateKeyFromJs(rt, args, &offset);
         if (!pkey)
@@ -958,8 +957,7 @@ jsi::Value KeyObjectHandle::Init(jsi::Runtime &rt) {
         break;
       }
       case kKeyTypePrivate: {
-        // CHECK_EQ(args.Length(), 5);
+        CHECK_EQ(count, 5);
         offset = 1;
         pkey = ManagedEVPPKey::GetPrivateKeyFromJs(rt, args, &offset, false);
         if (!pkey)
@@ -1167,7 +1165,7 @@ jsi::Value KeyObjectHandle::GetAsymmetricKeyType(jsi::Runtime &rt) const {
     std::string ret;
     switch (EVP_PKEY_id(key.get())) {
       case EVP_PKEY_RSA:
-        ret = "rss";
+        ret = "rsa";
         break;
       case EVP_PKEY_RSA_PSS:
         ret = "rsa_pss";
@@ -1389,37 +1387,37 @@ jsi::Value KeyObjectHandle::ExportJWK(jsi::Runtime &rt) {
 //  return std::make_unique<KeyObjectTransferData>(handle_data_);
 //}
 //
-// WebCryptoKeyExportStatus PKEY_SPKI_Export(
-//                                          KeyObjectData* key_data,
-//                                          ByteSource* out) {
-//  CHECK_EQ(key_data->GetKeyType(), kKeyTypePublic);
-//  ManagedEVPPKey m_pkey = key_data->GetAsymmetricKey();
-//  Mutex::ScopedLock lock(*m_pkey.mutex());
-//  BIOPointer bio(BIO_new(BIO_s_mem()));
-//  CHECK(bio);
-//  if (!i2d_PUBKEY_bio(bio.get(), m_pkey.get()))
-//    return WebCryptoKeyExportStatus::FAILED;
-//
-//  *out = ByteSource::FromBIO(bio);
-//  return WebCryptoKeyExportStatus::OK;
-//}
-//
-// WebCryptoKeyExportStatus PKEY_PKCS8_Export(
-//                                           KeyObjectData* key_data,
-//                                           ByteSource* out) {
-//  CHECK_EQ(key_data->GetKeyType(), kKeyTypePrivate);
-//  ManagedEVPPKey m_pkey = key_data->GetAsymmetricKey();
-//  Mutex::ScopedLock lock(*m_pkey.mutex());
-//
-//  BIOPointer bio(BIO_new(BIO_s_mem()));
-//  CHECK(bio);
-//  PKCS8Pointer p8inf(EVP_PKEY2PKCS8(m_pkey.get()));
-//  if (!i2d_PKCS8_PRIV_KEY_INFO_bio(bio.get(), p8inf.get()))
-//    return WebCryptoKeyExportStatus::FAILED;
-//
-//  *out = ByteSource::FromBIO(bio);
-//  return WebCryptoKeyExportStatus::OK;
-//}
+WebCryptoKeyExportStatus PKEY_SPKI_Export(KeyObjectData* key_data,
+                                          ByteSource* out) {
+  CHECK_EQ(key_data->GetKeyType(), kKeyTypePublic);
+  ManagedEVPPKey m_pkey = key_data->GetAsymmetricKey();
+  // Mutex::ScopedLock lock(*m_pkey.mutex());
+  BIOPointer bio(BIO_new(BIO_s_mem()));
+  CHECK(bio);
+  if (!i2d_PUBKEY_bio(bio.get(), m_pkey.get())) {
+      throw std::runtime_error("Failed to export key");
+      return WebCryptoKeyExportStatus::FAILED;
+  }
+  *out = ByteSource::FromBIO(bio);
+  return WebCryptoKeyExportStatus::OK;
+}
+WebCryptoKeyExportStatus PKEY_PKCS8_Export(
+                                          KeyObjectData* key_data,
+                                          ByteSource* out) {
+  CHECK_EQ(key_data->GetKeyType(), kKeyTypePrivate);
+  ManagedEVPPKey m_pkey = key_data->GetAsymmetricKey();
+  //  Mutex::ScopedLock lock(*m_pkey.mutex());
+  BIOPointer bio(BIO_new(BIO_s_mem()));
+  CHECK(bio);
+  PKCS8Pointer p8inf(EVP_PKEY2PKCS8(m_pkey.get()));
+  if (!i2d_PKCS8_PRIV_KEY_INFO_bio(bio.get(), p8inf.get()))
+    return WebCryptoKeyExportStatus::FAILED;
+  *out = ByteSource::FromBIO(bio);
+  return WebCryptoKeyExportStatus::OK;
+}
 //  void RegisterExternalReferences(ExternalReferenceRegistry * registry) {
 //    KeyObjectHandle::RegisterExternalReferences(registry);

package/cpp/MGLKeys.h CHANGED Viewed

@@ -168,8 +168,7 @@ class JSI_EXPORT KeyObjectHandle: public jsi::HostObject {
     jsi::Value get(jsi::Runtime &rt, const jsi::PropNameID &propNameID);
     const std::shared_ptr<KeyObjectData>& Data();
-    static std::shared_ptr<KeyObjectHandle> Create(jsi::Runtime &rt,
-                                                   std::shared_ptr<KeyObjectData> data);
+    static std::shared_ptr<KeyObjectHandle> Create(std::shared_ptr<KeyObjectData> data);
  protected:
     jsi::Value Export(jsi::Runtime &rt);
@@ -191,6 +190,14 @@ class JSI_EXPORT KeyObjectHandle: public jsi::HostObject {
     std::shared_ptr<KeyObjectData> data_;
 };
+WebCryptoKeyExportStatus PKEY_SPKI_Export(
+    KeyObjectData* key_data,
+    ByteSource* out);
+WebCryptoKeyExportStatus PKEY_PKCS8_Export(
+    KeyObjectData* key_data,
+    ByteSource* out);
 }  // namespace margelo
 #endif /* MGLCipherKeys_h */

package/cpp/MGLQuickCryptoHostObject.cpp CHANGED Viewed

@@ -113,12 +113,12 @@ MGLQuickCryptoHostObject::MGLQuickCryptoHostObject(
   // createVerify
   this->fields.push_back(getVerifyFieldDefinition(jsCallInvoker, workerQueue));
-  // subtle API created from a simple jsi::Object
-  // because this FieldDefinition is only good for returning
-  // objects and too convoluted
-    this->fields.push_back(JSI_VALUE("webcrypto", {
-      return createWebCryptoObject(runtime);
-    }));
+  // subtle API
+  this->fields.push_back(JSI_VALUE("webcrypto", {
+    auto hostObject = std::make_shared<MGLWebCryptoHostObject>(
+        jsCallInvoker, workerQueue);
+    return jsi::Object::createFromHostObject(runtime, hostObject);
+  }));
 }
 }  // namespace margelo

package/cpp/Utils/MGLUtils.cpp CHANGED Viewed

@@ -184,8 +184,29 @@ ByteSource ByteSource::Foreign(const void* data, size_t size) {
   return ByteSource(data, nullptr, size);
 }
+ByteSource ByteSource::FromBN(const BIGNUM* bn, size_t size) {
+  std::vector<uint8_t> buf(size);
+  CHECK_EQ(BN_bn2binpad(bn, buf.data(), size), size);
+  ByteSource::Builder out(size);
+  memcpy(out.data<void>(), buf.data(), size);
+  return std::move(out).release();
+}
+ByteSource GetByteSourceFromJS(jsi::Runtime &rt,
+                               const jsi::Value &value,
+                               std::string name) {
+    if (!value.isObject() || !value.asObject(rt).isArrayBuffer(rt)) {
+    throw jsi::JSError(rt, "arg is not an array buffer: " + name);
+  }
+  ByteSource data = ByteSource::FromStringOrBuffer(rt, value);
+  if (data.size() > INT_MAX) {
+    throw jsi::JSError(rt, "arg is too big (> int32): " + name);
+  }
+  return data;
+}
 std::string EncodeBignum(const BIGNUM* bn,
-                         int size,
+                         size_t size,
                          bool url) {
   if (size == 0)
     size = BN_num_bytes(bn);
@@ -222,4 +243,53 @@ std::string DecodeBase64(const std::string &in, bool remove_linebreaks) {
   return base64_decode(in, remove_linebreaks);
 }
+MUST_USE_RESULT CSPRNGResult CSPRNG(void* buffer, size_t length) {
+  unsigned char* buf = static_cast<unsigned char*>(buffer);
+  do {
+    if (1 == RAND_status()) {
+#if OPENSSL_VERSION_MAJOR >= 3
+      if (1 == RAND_bytes_ex(nullptr, buf, length, 0)) return {true};
+#else
+      while (length > INT_MAX && 1 == RAND_bytes(buf, INT_MAX)) {
+        buf += INT_MAX;
+        length -= INT_MAX;
+      }
+      if (length <= INT_MAX && 1 == RAND_bytes(buf, static_cast<int>(length)))
+        return {true};
+#endif
+    }
+#if OPENSSL_VERSION_MAJOR >= 3
+    const auto code = ERR_peek_last_error();
+    // A misconfigured OpenSSL 3 installation may report 1 from RAND_poll()
+    // and RAND_status() but fail in RAND_bytes() if it cannot look up
+    // a matching algorithm for the CSPRNG.
+    if (ERR_GET_LIB(code) == ERR_LIB_RAND) {
+      const auto reason = ERR_GET_REASON(code);
+      if (reason == RAND_R_ERROR_INSTANTIATING_DRBG ||
+          reason == RAND_R_UNABLE_TO_FETCH_DRBG ||
+          reason == RAND_R_UNABLE_TO_CREATE_DRBG) {
+        return {false};
+      }
+    }
+#endif
+  } while (1 == RAND_poll());
+  return {false};
+}
+bool SetRsaOaepLabel(const EVPKeyCtxPointer& ctx, const ByteSource& label) {
+  if (label.size() != 0) {
+    // OpenSSL takes ownership of the label, so we need to create a copy.
+    void* label_copy = OPENSSL_memdup(label.data(), label.size());
+    CHECK_NOT_NULL(label_copy);
+    int ret = EVP_PKEY_CTX_set0_rsa_oaep_label(
+        ctx.get(), static_cast<unsigned char*>(label_copy), label.size());
+    if (ret <= 0) {
+      OPENSSL_free(label_copy);
+      return false;
+    }
+  }
+  return true;
+}
 }  // namespace margelo

package/cpp/Utils/MGLUtils.h CHANGED Viewed

@@ -50,6 +50,27 @@ using EVPMDPointer = DeleteFnPtr<EVP_MD_CTX, EVP_MD_CTX_free>;
 using ECDSASigPointer = DeleteFnPtr<ECDSA_SIG, ECDSA_SIG_free>;
 using ECKeyPointer = DeleteFnPtr<EC_KEY, EC_KEY_free>;
 using ECPointPointer = DeleteFnPtr<EC_POINT, EC_POINT_free>;
+using CipherCtxPointer = DeleteFnPtr<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free>;
+#ifdef __GNUC__
+#define MUST_USE_RESULT __attribute__((warn_unused_result))
+#else
+#define MUST_USE_RESULT
+#endif
+struct CSPRNGResult {
+  const bool ok;
+  MUST_USE_RESULT bool is_ok() const { return ok; }
+  MUST_USE_RESULT bool is_err() const { return !ok; }
+};
+// Either succeeds with exactly |length| bytes of cryptographically
+// strong pseudo-random data, or fails. This function may block.
+// Don't assume anything about the contents of |buffer| on error.
+// As a special case, |length == 0| can be used to check if the CSPRNG
+// is properly seeded without consuming entropy.
+MUST_USE_RESULT CSPRNGResult CSPRNG(void* buffer, size_t length);
 template <typename T>
 class NonCopyableMaybe {
@@ -198,6 +219,8 @@ class ByteSource {
     static ByteSource FromBIO(const BIOPointer& bio);
+    static ByteSource FromBN(const BIGNUM* bn, size_t size);
     //  static ByteSource NullTerminatedCopy(Environment* env,
     //                                       v8::Local<v8::Value> value);
     //
@@ -281,13 +304,19 @@ inline jsi::Value toJSI(jsi::Runtime& rt, ByteSource value) {
     return o;
 }
+ByteSource GetByteSourceFromJS(jsi::Runtime &rt,
+                               const jsi::Value &value,
+                               std::string name);
 std::string EncodeBignum(const BIGNUM* bn,
-                         int size,
+                         size_t size,
                          bool url = false);
 std::string EncodeBase64(const std::string data, bool url = false);
 std::string DecodeBase64(const std::string &in, bool remove_linebreaks = false);
+bool SetRsaOaepLabel(const EVPKeyCtxPointer& ctx, const ByteSource& label);
 // TODO: until shared, keep in sync with JS side (src/NativeQuickCrypto/Cipher.ts)
 enum KeyVariant {
   kvRSA_SSA_PKCS1_v1_5,
@@ -299,6 +328,31 @@ enum KeyVariant {
   kvDH,
 };
+enum FnMode {
+  kAsync,
+  kSync,
+};
+enum WebCryptoKeyFormat {
+  kWebCryptoKeyFormatRaw,
+  kWebCryptoKeyFormatPKCS8,
+  kWebCryptoKeyFormatSPKI,
+  kWebCryptoKeyFormatJWK
+};
+enum WebCryptoCipherMode {
+  kEncrypt,
+  kDecrypt,
+  // kWrapKey,
+  // kUnwrapKey,
+};
+enum class WebCryptoCipherStatus {
+  OK,
+  INVALID_KEY_TYPE,
+  FAILED
+};
 }  // namespace margelo
 #endif /* MGLUtils_h */