react-native-quick-crypto 0.7.0 → 0.7.2

package/README.md

@@ -1,5 +1,5 @@
 <a href="https://margelo.io">
-  <img src="./img/banner.svg" width="100%" />
+  <img src="./docs/img/banner.svg" width="100%" />
 </a>
 
 # ⚡️ react-native-quick-crypto
@@ -42,7 +42,7 @@ Creating a Wallet took 289 ms
 ## Installation
 
 <h3>
-  React Native  <a href="#"><img src="./img/react-native.png" height="15" /></a>
+  React Native  <a href="#"><img src="./docs/img/react-native.png" height="15" /></a>
 </h3>
 
 ```sh
@@ -51,7 +51,7 @@ cd ios && pod install
 ```
 
 <h3>
-  Expo  <a href="#"><img src="./img/expo.png" height="12" /></a>
+  Expo  <a href="#"><img src="./docs/img/expo.png" height="12" /></a>
 </h3>
 
 ```sh
@@ -75,7 +75,7 @@ If you are using a library that depends on `crypto`, instead of polyfilling it w
 
 Use the [`resolveRequest`](https://facebook.github.io/metro/docs/resolution#resolverequest-customresolver) configuration option in your `metro.config.js`
 
-```
+```js
 config.resolver.resolveRequest = (context, moduleName, platform) => {
   if (moduleName === 'crypto') {
     // when importing crypto, resolve to react-native-quick-crypto
@@ -133,67 +133,13 @@ const hashed = QuickCrypto.createHash('sha256')
   .digest('hex');
 ```
 
-## Android build errors
-
-If you get an error similar to this:
-
-```
-Execution failed for task ':app:mergeDebugNativeLibs'.
-> A failure occurred while executing com.android.build.gradle.internal.tasks.MergeNativeLibsTask$MergeNativeLibsTaskWorkAction
-   > 2 files found with path 'lib/arm64-v8a/libcrypto.so' from inputs:
-      - /Users/osp/Developer/mac_test/node_modules/react-native-quick-crypto/android/build/intermediates/library_jni/debug/jni/arm64-v8a/libcrypto.so
-      - /Users/osp/.gradle/caches/transforms-3/e13f88164840fe641a466d05cd8edac7/transformed/jetified-flipper-0.182.0/jni/arm64-v8a/libcrypto.so
-```
-
-It means you have a transitive dependency where two libraries depend on OpenSSL and are generating a `libcrypto.so` file. You can get around this issue by adding the following in your `app/build.gradle`:
-
-<h4>
-  React Native  <a href="#"><img src="./img/react-native.png" height="15" /></a>
-</h4>
-
-`android/app/build.gradle` file
-
-```groovy
-packagingOptions {
-  // Should prevent clashes with other libraries that use OpenSSL
-  pickFirst '**/libcrypto.so'
-}
-```
-
-<h4>
-  Expo  <a href="#"><img src="./img/expo.png" height="12" /></a>
-</h4>
-
-`app.json` file
-
-```diff
-...
-  plugins: [
-    ...
-+   [
-+     'expo-build-properties',
-+     {
-+       android: {
-+         packagingOptions: {
-+           pickFirst: ['**/libcrypto.so'],
-+         },
-+       },
-+     },
-+   ],
-  ],
-```
-
-> This caused by flipper which also depends on OpenSSL
-
-This just tells Gradle to grab whatever OpenSSL version it finds first and link against that, but as you can imagine this is not correct if the packages depend on different OpenSSL versions (quick-crypto depends on `com.android.ndk.thirdparty:openssl:1.1.1q-beta-1`). You should make sure all the OpenSSL versions match and you have no conflicts or errors.
-
 ---
 
 ## Sponsors
 
 <!-- Onin -->
 <div align="center">
-<img height="50" src="./img/sponsors/onin.svg" align="center"><br/>
+<img height="50" src="./docs/img/sponsors/onin.svg" align="center"><br/>
 <a href="https://onin.co"><b>Onin</b></a> - This library is supported by Onin. Plan events without leaving the chat: <a href="https://onin.co">onin.co</a>
 </div>
 <br/>
@@ -201,7 +147,7 @@ This just tells Gradle to grab whatever OpenSSL version it finds first and link
 
 <!-- Steakwallet -->
 <div align="center">
-<img height="37" src="./img/sponsors/omni.png" align="center"><br/>
+<img height="37" src="./docs/img/sponsors/omni.png" align="center"><br/>
 <a href="https://steakwallet.fi"><b>Omni</b></a> - Web3 for all. Access all of Web3 in one easy to use wallet. Omni supports more blockchains so you get more tokens, more yields, more NFTs, and more fun!
 </div>
 <br/>
@@ -209,7 +155,7 @@ This just tells Gradle to grab whatever OpenSSL version it finds first and link
 
 <!-- Litentry -->
 <div align="center">
-<img height="70" src="./img/sponsors/litentry.png" align="center"><br/>
+<img height="70" src="./docs/img/sponsors/litentry.png" align="center"><br/>
 <a href="https://litentry.com"><b>Litentry</b></a> - A decentralized identity aggregator, providing the structure and tools to empower you and your identity.
 </div>
 <br/>
@@ -217,7 +163,7 @@ This just tells Gradle to grab whatever OpenSSL version it finds first and link
 
 <!-- WalletConnect -->
 <div align="center">
-<img height="35" src="./img/sponsors/walletconnect.png" align="center"><br/>
+<img height="35" src="./docs/img/sponsors/walletconnect.png" align="center"><br/>
 <a href="https://walletconnect.com"><b>WalletConnect</b></a> - The communications protocol for web3, WalletConnect brings the ecosystem together by enabling wallets and apps to securely connect and interact.
 </div>
 <br/>
@@ -227,7 +173,7 @@ This just tells Gradle to grab whatever OpenSSL version it finds first and link
 
 <!-- THORSwap -->
 <div align="center">
-<img height="40" src="./img/sponsors/thorswap.png" align="center"><br/>
+<img height="40" src="./docs/img/sponsors/thorswap.png" align="center"><br/>
 <a href="https://thorswap.finance"><b>THORSwap</b></a> - THORSwap is a cross-chain DEX aggregator that enables users to swap native assets across chains, provide liquidity to earn yield, and more. THORSwap is fully permissionless and non-custodial. No account signup, your wallet, your keys, your coins.
 </div>
 <br/>
@@ -237,6 +183,8 @@ This just tells Gradle to grab whatever OpenSSL version it finds first and link
 
 As the library uses JSI for synchronous native methods access, remote debugging (e.g. with Chrome) is no longer possible. Instead, you should use [Flipper](https://fbflipper.com).
 
+Not all cryptographic algorithms are supported yet. See the [implementation coverage](./docs/implementation-coverage.md) document for more details. If you need a specific algorithm, please open a `feature request` issue and we'll see what we can do.
+
 ## Community Discord
 
 [Join the Margelo Community Discord](https://discord.gg/6CSHz2qAvA) to chat about react-native-quick-crypto or other Margelo libraries.

package/android/CMakeLists.txt

@@ -43,7 +43,9 @@ add_library(
   "../cpp/Sig/MGLVerifyInstaller.cpp"
   "../cpp/Sig/MGLSignHostObjects.cpp"
   "../cpp/webcrypto/MGLWebCrypto.cpp"
+  "../cpp/webcrypto/crypto_aes.cpp"
   "../cpp/webcrypto/crypto_ec.cpp"
+  "../cpp/webcrypto/crypto_keygen.cpp"
 )
 
 target_include_directories(

package/cpp/Cipher/MGLRsa.cpp

@@ -7,9 +7,15 @@
 
 #include "MGLRsa.h"
 #ifdef ANDROID
+#include "Cipher/MGLPublicCipher.h"
 #include "JSIUtils/MGLJSIMacros.h"
+#include "JSIUtils/MGLJSIUtils.h"
+#include "Utils/MGLUtils.h"
 #else
+#include "MGLPublicCipher.h"
 #include "MGLJSIMacros.h"
+#include "MGLJSIUtils.h"
+#include "MGLUtils.h"
 #endif
 
 #include <string>
@@ -186,6 +192,125 @@ std::pair<jsi::Value, jsi::Value> generateRsaKeyPair(
   return {std::move(publicBuffer), std::move(privateBuffer)};
 }
 
+template <MGLPublicCipher::EVP_PKEY_cipher_init_t init,
+          MGLPublicCipher::EVP_PKEY_cipher_t cipher>
+WebCryptoCipherStatus RSA_Cipher(const RSACipherConfig& params, ByteSource* out) {
+  CHECK_NE(params.key->GetKeyType(), kKeyTypeSecret);
+  ManagedEVPPKey m_pkey = params.key->GetAsymmetricKey();
+  // Mutex::ScopedLock lock(*m_pkey.mutex());
+
+  EVPKeyCtxPointer ctx(EVP_PKEY_CTX_new(m_pkey.get(), nullptr));
+
+  if (!ctx || init(ctx.get()) <= 0)
+    return WebCryptoCipherStatus::FAILED;
+
+  if (EVP_PKEY_CTX_set_rsa_padding(ctx.get(), params.padding) <= 0) {
+    return WebCryptoCipherStatus::FAILED;
+  }
+
+  if (params.digest != nullptr &&
+      (EVP_PKEY_CTX_set_rsa_oaep_md(ctx.get(), params.digest) <= 0 ||
+       EVP_PKEY_CTX_set_rsa_mgf1_md(ctx.get(), params.digest) <= 0)) {
+    return WebCryptoCipherStatus::FAILED;
+  }
+
+  if (!SetRsaOaepLabel(ctx, params.label)) return WebCryptoCipherStatus::FAILED;
+
+  size_t out_len = 0;
+  if (cipher(
+          ctx.get(),
+          nullptr,
+          &out_len,
+          params.data.data<unsigned char>(),
+          params.data.size()) <= 0) {
+    return WebCryptoCipherStatus::FAILED;
+  }
+
+  ByteSource::Builder buf(out_len);
+
+  if (cipher(ctx.get(),
+             buf.data<unsigned char>(),
+             &out_len,
+             params.data.data<unsigned char>(),
+             params.data.size()) <= 0) {
+    return WebCryptoCipherStatus::FAILED;
+  }
+
+  *out = std::move(buf).release(out_len);
+  return WebCryptoCipherStatus::OK;
+}
+
+RSACipherConfig RSACipher::GetParamsFromJS(jsi::Runtime &rt,
+                                          const jsi::Value *args) {
+  RSACipherConfig params;
+  unsigned int offset = 0;
+
+  // padding
+  params.padding = RSA_PKCS1_OAEP_PADDING;
+
+  // mode (encrypt/decrypt)
+  params.mode = static_cast<WebCryptoCipherMode>((int)args[offset].getNumber());
+  offset++;
+
+  // key (handle)
+  if (!args[offset].isObject()) {
+    throw std::runtime_error("arg is not a KeyObjectHandle: key");
+  }
+  std::shared_ptr<KeyObjectHandle> handle =
+    std::static_pointer_cast<KeyObjectHandle>(
+      args[offset].asObject(rt).getHostObject(rt));
+  params.key = handle->Data();
+  offset++;
+
+  // data
+  params.data = GetByteSourceFromJS(rt, args[offset], "data");
+  offset++;
+
+  // variant
+  if (CheckIsInt32(args[offset])) {
+    params.variant = static_cast<RSAKeyVariant>((int)args[offset].getNumber());
+  }
+  // offset++; // The below variant-dependent params advance offset themselves
+
+  std::string digest;
+  switch (params.variant) {
+    case kKeyVariantRSA_OAEP:
+      // hash (digest)
+      CHECK(args[offset + 1].isString());
+      digest = args[offset + 1].asString(rt).utf8(rt);
+      params.digest = EVP_get_digestbyname(digest.c_str());
+      if (params.digest == nullptr) {
+        throw jsi::JSError(rt, "invalid digest: " + digest);
+        return params;
+      }
+
+      // label
+      if (args[offset + 2].isUndefined()) {
+        params.label = ByteSource();
+      } else {
+        params.label = GetByteSourceFromJS(rt, args[offset + 2], "label");
+      }
+
+      break;
+    default:
+      throw jsi::JSError(rt, "Invalid RSA key variant");
+  }
+
+  return params;
+}
+
+WebCryptoCipherStatus RSACipher::DoCipher(const RSACipherConfig &params,
+                                          ByteSource *out) {
+  switch (params.mode) {
+    case kEncrypt:
+      CHECK_EQ(params.key->GetKeyType(), kKeyTypePublic);
+      return RSA_Cipher<EVP_PKEY_encrypt_init, EVP_PKEY_encrypt>(params, out);
+    case kDecrypt:
+      CHECK_EQ(params.key->GetKeyType(), kKeyTypePrivate);
+      return RSA_Cipher<EVP_PKEY_decrypt_init, EVP_PKEY_decrypt>(params, out);
+  }
+}
+
 jsi::Value ExportJWKRsaKey(jsi::Runtime &rt,
                            std::shared_ptr<KeyObjectData> key,
                            jsi::Object &target) {
@@ -330,12 +455,11 @@ jsi::Value GetRsaKeyDetail(jsi::Runtime &rt,
   RSA_get0_key(rsa, &n, &e, nullptr);
 
   size_t modulus_length = BN_num_bits(n);
-  // TODO: should this be modulusLength or n?
   target.setProperty(rt, "modulusLength", static_cast<double>(modulus_length));
 
   size_t exp_size = BN_num_bytes(e);
-  // TODO: should this be publicExponent or e?
-  target.setProperty(rt, "publicExponent", EncodeBignum(e, exp_size, true));
+  ByteSource public_exponent = ByteSource::FromBN(e, exp_size);
+  target.setProperty(rt, "publicExponent", toJSI(rt, std::move(public_exponent)));
 
   if (type == EVP_PKEY_RSA_PSS) {
     // Due to the way ASN.1 encoding works, default values are omitted when
@@ -394,4 +518,56 @@ jsi::Value GetRsaKeyDetail(jsi::Runtime &rt,
   return target;
 }
 
+bool RsaKeyExport::GetParamsFromJS(jsi::Runtime &rt, const jsi::Value *args) {
+  RsaKeyExportConfig params;
+  unsigned int offset = 0;
+
+  // format
+  params.format = static_cast<WebCryptoKeyFormat>((int)args[offset].getNumber());
+  offset++;
+
+  // key
+  std::shared_ptr<KeyObjectHandle> handle =
+    std::static_pointer_cast<KeyObjectHandle>(
+      args[1].asObject(rt).getHostObject(rt));
+  params.key_ = handle->Data();
+  offset++;
+
+  // variant
+  params.variant = static_cast<KeyVariant>((int)args[offset].getNumber());
+  offset++;
+
+  this->params_ = std::move(params);
+  return true;
+}
+
+WebCryptoKeyExportStatus RsaKeyExport::DoExport(ByteSource* out) {
+  auto key_data = this->params_.key_;
+  CHECK_NE(key_data->GetKeyType(), kKeyTypeSecret);
+
+  switch (this->params_.format) {
+    case kWebCryptoKeyFormatRaw:
+      throw std::runtime_error("Raw format not supported for RSA keys");
+      return WebCryptoKeyExportStatus::FAILED;
+    case kWebCryptoKeyFormatJWK:
+      throw std::runtime_error("JWK format not handled in C++ for RSA keys");
+      return WebCryptoKeyExportStatus::FAILED;
+    case kWebCryptoKeyFormatPKCS8:
+      if (key_data->GetKeyType() != kKeyTypePrivate) {
+        throw std::runtime_error("Invalid key type for PKCS8 export");
+        return WebCryptoKeyExportStatus::INVALID_KEY_TYPE;
+      }
+      return PKEY_PKCS8_Export(key_data.get(), out);
+    case kWebCryptoKeyFormatSPKI:
+      if (key_data->GetKeyType() != kKeyTypePublic) {
+        throw std::runtime_error("Invalid key type for SPKI export");
+        return WebCryptoKeyExportStatus::INVALID_KEY_TYPE;
+      }
+      return PKEY_SPKI_Export(key_data.get(), out);
+    default:
+      throw std::runtime_error("Unrecognized format for RSA key export");
+      return WebCryptoKeyExportStatus::FAILED;
+  }
+}
+
 }  // namespace margelo

package/cpp/Cipher/MGLRsa.h

@@ -25,6 +25,13 @@ namespace margelo {
 
 namespace jsi = facebook::jsi;
 
+// TODO: keep in in sync with JS side (src/rsa.ts)
+enum RSAKeyVariant {
+  kKeyVariantRSA_SSA_PKCS1_v1_5,
+  kKeyVariantRSA_PSS,
+  kKeyVariantRSA_OAEP
+};
+
 // On node there is a complete madness of structs/classes that encapsulate and
 // initialize the data in a generic manner this is to be later be used to
 // generate the keys in a thread-safe manner (I think) I'm however too dumb and
@@ -64,6 +71,39 @@ std::shared_ptr<KeyObjectData> ImportJWKRsaKey(jsi::Runtime &rt,
 jsi::Value GetRsaKeyDetail(jsi::Runtime &rt,
                            std::shared_ptr<KeyObjectData> key);
 
+struct RsaKeyExportConfig final {
+  WebCryptoKeyFormat format;
+  std::shared_ptr<KeyObjectData> key_;
+  KeyVariant variant;
+};
+
+class RsaKeyExport {
+ public:
+  bool GetParamsFromJS(jsi::Runtime &rt, const jsi::Value *args);
+  WebCryptoKeyExportStatus DoExport(ByteSource* out);
+ private:
+  RsaKeyExportConfig params_;
+};
+
+struct RSACipherConfig final {
+  WebCryptoCipherMode mode;
+  std::shared_ptr<KeyObjectData> key;
+  ByteSource data;
+  RSAKeyVariant variant;
+  ByteSource label;
+  int padding = 0;
+  const EVP_MD* digest = nullptr;
+
+  RSACipherConfig() = default;
+};
+
+class RSACipher {
+ public:
+  RSACipher() {}
+  RSACipherConfig GetParamsFromJS(jsi::Runtime &rt, const jsi::Value *args);
+  WebCryptoCipherStatus DoCipher(const RSACipherConfig &params, ByteSource *out);
+};
+
 }  // namespace margelo
 
 #endif /* MGLRsa_hpp */

package/cpp/JSIUtils/MGLJSIUtils.h

@@ -30,4 +30,12 @@ inline bool CheckIsInt32(const jsi::Value &value) {
   return (d >= std::numeric_limits<int32_t>::lowest() && d <= std::numeric_limits<int32_t>::max());
 }
 
+inline bool CheckIsUint32(const jsi::Value &value) {
+  if (!value.isNumber()) {
+    return false;
+  }
+  double d = value.asNumber();
+  return (d >= std::numeric_limits<uint32_t>::lowest() && d <= std::numeric_limits<uint32_t>::max());
+}
+
 #endif /* MGLJSIUtils_h */

package/cpp/MGLKeys.cpp

@@ -562,7 +562,7 @@ jsi::Value ManagedEVPPKey::ToEncodedPublicKey(jsi::Runtime& rt,
     // Note that this has the downside of containing sensitive data of the
     // private key.
     auto data = KeyObjectData::CreateAsymmetric(kKeyTypePublic, std::move(key));
-    auto handle = KeyObjectHandle::Create(rt, data);
+    auto handle = KeyObjectHandle::Create(data);
     auto out = jsi::Object::createFromHostObject(rt, handle);
     return jsi::Value(std::move(out));
   } else
@@ -583,7 +583,7 @@ jsi::Value ManagedEVPPKey::ToEncodedPrivateKey(jsi::Runtime& rt,
   if (!key) return {};
   if (config.output_key_object_) {
     auto data = KeyObjectData::CreateAsymmetric(kKeyTypePrivate, std::move(key));
-    auto handle = KeyObjectHandle::Create(rt, data);
+    auto handle = KeyObjectHandle::Create(data);
     auto out = jsi::Object::createFromHostObject(rt, handle);
     return jsi::Value(std::move(out));
   } else
@@ -696,6 +696,7 @@ ManagedEVPPKey ManagedEVPPKey::GetPublicOrPrivateKeyFromJs(
     const jsi::Value* args,
     unsigned int* offset) {
   if (args[*offset].asObject(runtime).isArrayBuffer(runtime)) {
+    // data (key) as ArrayBuffer
     auto dataArrayBuffer =
         args[(*offset)++].asObject(runtime).getArrayBuffer(runtime);
 
@@ -703,6 +704,7 @@ ManagedEVPPKey ManagedEVPPKey::GetPublicOrPrivateKeyFromJs(
       throw jsi::JSError(runtime, "data is too big");
     }
 
+    // rest of args for encoding
     NonCopyableMaybe<PrivateKeyEncodingConfig> config_ =
         GetPrivateKeyEncodingFromJs(runtime, args, offset, kKeyContextInput);
     if (config_.IsEmpty()) return ManagedEVPPKey();
@@ -907,8 +909,7 @@ jsi::Value KeyObjectHandle::get(
 //   registry->Register(Equals);
 // }
 
-std::shared_ptr<KeyObjectHandle> KeyObjectHandle::Create(jsi::Runtime &rt,
-                                                         std::shared_ptr<KeyObjectData> data) {
+std::shared_ptr<KeyObjectHandle> KeyObjectHandle::Create(std::shared_ptr<KeyObjectData> data) {
   auto handle = std::make_shared<KeyObjectHandle>();
   handle->data_ = data;
   return handle;
@@ -932,7 +933,7 @@ const std::shared_ptr<KeyObjectData>& KeyObjectHandle::Data() {
 //
 
 jsi::Value KeyObjectHandle::Init(jsi::Runtime &rt) {
-  return HOSTFN("init", 2) {
+  return HOSTFN("init", 5) {
     CHECK(args[0].isNumber());
     KeyType type = static_cast<KeyType>((int32_t)args[0].asNumber());
 
@@ -941,15 +942,13 @@ jsi::Value KeyObjectHandle::Init(jsi::Runtime &rt) {
 
     switch (type) {
       case kKeyTypeSecret: {
-        // CHECK_EQ(args.Length(), 2);
-
+        CHECK_EQ(count, 2);
         ByteSource key = ByteSource::FromStringOrBuffer(rt, args[1]);
         this->data_ = KeyObjectData::CreateSecret(std::move(key));
         break;
       }
       case kKeyTypePublic: {
-        // CHECK_EQ(args.Length(), 5);
-
+        CHECK_EQ(count, 5);
         offset = 1;
         pkey = ManagedEVPPKey::GetPublicOrPrivateKeyFromJs(rt, args, &offset);
         if (!pkey)
@@ -958,8 +957,7 @@ jsi::Value KeyObjectHandle::Init(jsi::Runtime &rt) {
         break;
       }
       case kKeyTypePrivate: {
-        // CHECK_EQ(args.Length(), 5);
-
+        CHECK_EQ(count, 5);
         offset = 1;
         pkey = ManagedEVPPKey::GetPrivateKeyFromJs(rt, args, &offset, false);
         if (!pkey)
@@ -1167,7 +1165,7 @@ jsi::Value KeyObjectHandle::GetAsymmetricKeyType(jsi::Runtime &rt) const {
     std::string ret;
     switch (EVP_PKEY_id(key.get())) {
       case EVP_PKEY_RSA:
-        ret = "rss";
+        ret = "rsa";
         break;
       case EVP_PKEY_RSA_PSS:
         ret = "rsa_pss";
@@ -1389,37 +1387,37 @@ jsi::Value KeyObjectHandle::ExportJWK(jsi::Runtime &rt) {
 //  return std::make_unique<KeyObjectTransferData>(handle_data_);
 //}
 //
-// WebCryptoKeyExportStatus PKEY_SPKI_Export(
-//                                          KeyObjectData* key_data,
-//                                          ByteSource* out) {
-//  CHECK_EQ(key_data->GetKeyType(), kKeyTypePublic);
-//  ManagedEVPPKey m_pkey = key_data->GetAsymmetricKey();
-//  Mutex::ScopedLock lock(*m_pkey.mutex());
-//  BIOPointer bio(BIO_new(BIO_s_mem()));
-//  CHECK(bio);
-//  if (!i2d_PUBKEY_bio(bio.get(), m_pkey.get()))
-//    return WebCryptoKeyExportStatus::FAILED;
-//
-//  *out = ByteSource::FromBIO(bio);
-//  return WebCryptoKeyExportStatus::OK;
-//}
-//
-// WebCryptoKeyExportStatus PKEY_PKCS8_Export(
-//                                           KeyObjectData* key_data,
-//                                           ByteSource* out) {
-//  CHECK_EQ(key_data->GetKeyType(), kKeyTypePrivate);
-//  ManagedEVPPKey m_pkey = key_data->GetAsymmetricKey();
-//  Mutex::ScopedLock lock(*m_pkey.mutex());
-//
-//  BIOPointer bio(BIO_new(BIO_s_mem()));
-//  CHECK(bio);
-//  PKCS8Pointer p8inf(EVP_PKEY2PKCS8(m_pkey.get()));
-//  if (!i2d_PKCS8_PRIV_KEY_INFO_bio(bio.get(), p8inf.get()))
-//    return WebCryptoKeyExportStatus::FAILED;
-//
-//  *out = ByteSource::FromBIO(bio);
-//  return WebCryptoKeyExportStatus::OK;
-//}
+WebCryptoKeyExportStatus PKEY_SPKI_Export(KeyObjectData* key_data,
+                                          ByteSource* out) {
+  CHECK_EQ(key_data->GetKeyType(), kKeyTypePublic);
+  ManagedEVPPKey m_pkey = key_data->GetAsymmetricKey();
+  // Mutex::ScopedLock lock(*m_pkey.mutex());
+  BIOPointer bio(BIO_new(BIO_s_mem()));
+  CHECK(bio);
+  if (!i2d_PUBKEY_bio(bio.get(), m_pkey.get())) {
+      throw std::runtime_error("Failed to export key");
+      return WebCryptoKeyExportStatus::FAILED;
+  }
+
+  *out = ByteSource::FromBIO(bio);
+  return WebCryptoKeyExportStatus::OK;
+}
+
+WebCryptoKeyExportStatus PKEY_PKCS8_Export(
+                                          KeyObjectData* key_data,
+                                          ByteSource* out) {
+  CHECK_EQ(key_data->GetKeyType(), kKeyTypePrivate);
+  ManagedEVPPKey m_pkey = key_data->GetAsymmetricKey();
+  //  Mutex::ScopedLock lock(*m_pkey.mutex());
+  BIOPointer bio(BIO_new(BIO_s_mem()));
+  CHECK(bio);
+  PKCS8Pointer p8inf(EVP_PKEY2PKCS8(m_pkey.get()));
+  if (!i2d_PKCS8_PRIV_KEY_INFO_bio(bio.get(), p8inf.get()))
+    return WebCryptoKeyExportStatus::FAILED;
+
+  *out = ByteSource::FromBIO(bio);
+  return WebCryptoKeyExportStatus::OK;
+}
 
 //  void RegisterExternalReferences(ExternalReferenceRegistry * registry) {
 //    KeyObjectHandle::RegisterExternalReferences(registry);

package/cpp/MGLKeys.h

@@ -168,8 +168,7 @@ class JSI_EXPORT KeyObjectHandle: public jsi::HostObject {
     jsi::Value get(jsi::Runtime &rt, const jsi::PropNameID &propNameID);
     const std::shared_ptr<KeyObjectData>& Data();
 
-    static std::shared_ptr<KeyObjectHandle> Create(jsi::Runtime &rt,
-                                                   std::shared_ptr<KeyObjectData> data);
+    static std::shared_ptr<KeyObjectHandle> Create(std::shared_ptr<KeyObjectData> data);
 
  protected:
     jsi::Value Export(jsi::Runtime &rt);
@@ -191,6 +190,14 @@ class JSI_EXPORT KeyObjectHandle: public jsi::HostObject {
     std::shared_ptr<KeyObjectData> data_;
 };
 
+WebCryptoKeyExportStatus PKEY_SPKI_Export(
+    KeyObjectData* key_data,
+    ByteSource* out);
+
+WebCryptoKeyExportStatus PKEY_PKCS8_Export(
+    KeyObjectData* key_data,
+    ByteSource* out);
+
 }  // namespace margelo
 
 #endif /* MGLCipherKeys_h */

package/cpp/MGLQuickCryptoHostObject.cpp

@@ -113,12 +113,12 @@ MGLQuickCryptoHostObject::MGLQuickCryptoHostObject(
   // createVerify
   this->fields.push_back(getVerifyFieldDefinition(jsCallInvoker, workerQueue));
 
-  // subtle API created from a simple jsi::Object
-  // because this FieldDefinition is only good for returning
-  // objects and too convoluted
-    this->fields.push_back(JSI_VALUE("webcrypto", {
-      return createWebCryptoObject(runtime);
-    }));
+  // subtle API
+  this->fields.push_back(JSI_VALUE("webcrypto", {
+    auto hostObject = std::make_shared<MGLWebCryptoHostObject>(
+        jsCallInvoker, workerQueue);
+    return jsi::Object::createFromHostObject(runtime, hostObject);
+  }));
 }
 
 }  // namespace margelo