react-native-quick-crypto 0.7.0 → 0.7.2

package/src/rsa.ts

@@ -1,6 +1,7 @@
-// 'use strict';
-
+import { KeyVariantLookup } from './NativeQuickCrypto/Cipher';
+import { generateKeyPairPromise } from './Cipher';
 import { NativeQuickCrypto } from './NativeQuickCrypto/NativeQuickCrypto';
+import type { KeyObjectHandle } from './NativeQuickCrypto/webcrypto';
 import {
   lazyDOMException,
   type BufferLike,
@@ -8,6 +9,10 @@ import {
   normalizeHashName,
   HashContext,
   hasAnyNotIn,
+  getUsagesUnion,
+  bigIntArrayToUnsignedInt,
+  validateMaxBufferLength,
+  bufferLikeToArrayBuffer,
 } from './Utils';
 import {
   CryptoKey,
@@ -20,68 +25,20 @@ import {
   PublicKeyObject,
   type AnyAlgorithm,
   KeyType,
+  createPublicKey,
+  type CryptoKeyPair,
+  KWebCryptoKeyFormat,
+  CipherOrWrapMode,
+  type RsaOaepParams,
+  type DigestAlgorithm,
 } from './keys';
 
-// const {
-//   SafeSet,
-//   Uint8Array,
-// } = primordials;
-
-// const {
-//   KeyObjectHandle,
-//   RSACipherJob,
-//   RSAKeyExportJob,
-//   SignJob,
-//   kCryptoJobAsync,
-//   kSignJobModeSign,
-//   kSignJobModeVerify,
-//   kKeyVariantRSA_SSA_PKCS1_v1_5,
-//   kKeyVariantRSA_PSS,
-//   kKeyVariantRSA_OAEP,
-//   kKeyTypePrivate,
-//   kWebCryptoCipherEncrypt,
-//   RSA_PKCS1_PSS_PADDING,
-// } = internalBinding('crypto');
-
-// const {
-//   validateInt32,
-// } = require('internal/validators');
-
-// const {
-//   bigIntArrayToUnsignedInt,
-//   getUsagesUnion,
-//   hasAnyNotIn,
-//   jobPromise,
-//   normalizeHashName,
-//   validateKeyOps,
-//   validateMaxBufferLength,
-//   kHandle,
-//   kKeyObject,
-// } = require('internal/crypto/util');
-
-// const {
-//   lazyDOMException,
-//   promisify,
-// } = require('internal/util');
-
-// const {
-//   InternalCryptoKey,
-//   PrivateKeyObject,
-//   PublicKeyObject,
-//   createPublicKey,
-//   createPrivateKey,
-// } = require('internal/crypto/keys');
-
-// const {
-//   generateKeyPair: _generateKeyPair,
-// } = require('internal/crypto/keygen');
-
-// const kRsaVariants = {
-//   'RSASSA-PKCS1-v1_5': kKeyVariantRSA_SSA_PKCS1_v1_5,
-//   'RSA-PSS': kKeyVariantRSA_PSS,
-//   'RSA-OAEP': kKeyVariantRSA_OAEP,
-// };
-// const generateKeyPair = promisify(_generateKeyPair);
+// TODO: keep in in sync with C++ side (cpp/Cipher/MGLRsa.h)
+export enum RSAKeyVariant {
+  RSA_SSA_PKCS1_v1_5,
+  RSA_PSS,
+  RSA_OAEP,
+}
 
 function verifyAcceptableRsaKeyUse(
   name: AnyAlgorithm,
@@ -112,120 +69,137 @@ function verifyAcceptableRsaKeyUse(
   }
 }
 
-// function rsaOaepCipher(mode, key, data, { label }) {
-//   const type = mode === kWebCryptoCipherEncrypt ? 'public' : 'private';
-//   if (key.type !== type) {
-//     throw lazyDOMException(
-//       'The requested operation is not valid for the provided key',
-//       'InvalidAccessError');
-//   }
-//   if (label !== undefined) {
-//     validateMaxBufferLength(label, 'algorithm.label');
-//   }
+const rsaOaepCipher = (
+  mode: CipherOrWrapMode,
+  key: CryptoKey,
+  data: ArrayBuffer,
+  { label }: RsaOaepParams
+): Promise<ArrayBuffer> => {
+  const type =
+    mode === CipherOrWrapMode.kWebCryptoCipherEncrypt ? 'public' : 'private';
+  if (key.type !== type) {
+    throw lazyDOMException(
+      'The requested operation is not valid for the provided key',
+      'InvalidAccessError'
+    );
+  }
+  if (label !== undefined) {
+    validateMaxBufferLength(label, 'algorithm.label');
+  }
 
-//   return jobPromise(() => new RSACipherJob(
-//     kCryptoJobAsync,
-//     mode,
-//     key[kKeyObject][kHandle],
-//     data,
-//     kKeyVariantRSA_OAEP,
-//     normalizeHashName(key.algorithm.hash.name),
-//     label));
-// }
+  return NativeQuickCrypto.webcrypto.rsaCipher(
+    mode,
+    key.keyObject.handle,
+    data,
+    RSAKeyVariant.RSA_OAEP,
+    normalizeHashName(key.algorithm.hash) as DigestAlgorithm,
+    label !== undefined ? bufferLikeToArrayBuffer(label) : undefined
+  );
+};
 
-// async function rsaKeyGenerate(
-//   algorithm,
-//   extractable,
-//   keyUsages) {
-
-//   const {
-//     name,
-//     modulusLength,
-//     publicExponent,
-//     hash,
-//   } = algorithm;
-
-//   const usageSet = new SafeSet(keyUsages);
-
-//   const publicExponentConverted = bigIntArrayToUnsignedInt(publicExponent);
-//   if (publicExponentConverted === undefined) {
-//     throw lazyDOMException(
-//       'The publicExponent must be equivalent to an unsigned 32-bit value',
-//       'OperationError');
-//   }
+export const rsaCipher = rsaOaepCipher;
 
-//   switch (name) {
-//     case 'RSA-OAEP':
-//       if (hasAnyNotIn(usageSet,
-//                       ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'])) {
-//         throw lazyDOMException(
-//           'Unsupported key usage for a RSA key',
-//           'SyntaxError');
-//       }
-//       break;
-//     default:
-//       if (hasAnyNotIn(usageSet, ['sign', 'verify'])) {
-//         throw lazyDOMException(
-//           'Unsupported key usage for a RSA key',
-//           'SyntaxError');
-//       }
-//   }
+export const rsaKeyGenerate = async (
+  algorithm: SubtleAlgorithm,
+  extractable: boolean,
+  keyUsages: KeyUsage[]
+): Promise<CryptoKeyPair> => {
+  const { name, modulusLength, publicExponent, hash: rawHash } = algorithm;
+  const hash: HashAlgorithm = normalizeHashName(rawHash);
 
-//   const keypair = await generateKeyPair('rsa', {
-//     modulusLength,
-//     publicExponent: publicExponentConverted,
-//   }).catch((err) => {
-//     throw lazyDOMException(
-//       'The operation failed for an operation-specific reason',
-//       { name: 'OperationError', cause: err });
-//   });
-
-//   const keyAlgorithm = {
-//     name,
-//     modulusLength,
-//     publicExponent,
-//     hash: { name: hash.name },
-//   };
-
-//   let publicUsages;
-//   let privateUsages;
-//   switch (name) {
-//     case 'RSA-OAEP': {
-//       publicUsages = getUsagesUnion(usageSet, 'encrypt', 'wrapKey');
-//       privateUsages = getUsagesUnion(usageSet, 'decrypt', 'unwrapKey');
-//       break;
-//     }
-//     default: {
-//       publicUsages = getUsagesUnion(usageSet, 'verify');
-//       privateUsages = getUsagesUnion(usageSet, 'sign');
-//       break;
-//     }
-//   }
+  // const usageSet = new SafeSet(keyUsages);
+  const publicExponentConverted = bigIntArrayToUnsignedInt(publicExponent);
+  if (publicExponentConverted === undefined) {
+    throw lazyDOMException(
+      'The publicExponent must be equivalent to an unsigned 32-bit value',
+      'OperationError'
+    );
+  }
 
-//   const publicKey =
-//     new InternalCryptoKey(
-//       keypair.publicKey,
-//       keyAlgorithm,
-//       publicUsages,
-//       true);
-
-//   const privateKey =
-//     new InternalCryptoKey(
-//       keypair.privateKey,
-//       keyAlgorithm,
-//       privateUsages,
-//       extractable);
-
-//   return { __proto__: null, publicKey, privateKey };
-// }
+  switch (name) {
+    case 'RSA-OAEP':
+      if (
+        hasAnyNotIn(keyUsages, ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'])
+      ) {
+        throw lazyDOMException(
+          'Unsupported key usage for a RSA key',
+          'SyntaxError'
+        );
+      }
+      break;
+    default:
+      if (hasAnyNotIn(keyUsages, ['sign', 'verify'])) {
+        throw lazyDOMException(
+          'Unsupported key usage for a RSA key',
+          'SyntaxError'
+        );
+      }
+  }
 
-// function rsaExportKey(key, format) {
-//   return jobPromise(() => new RSAKeyExportJob(
-//     kCryptoJobAsync,
-//     format,
-//     key[kKeyObject][kHandle],
-//     kRsaVariants[key.algorithm.name]));
-// }
+  const [err, keypair] = await generateKeyPairPromise('rsa', {
+    modulusLength,
+    publicExponent: publicExponentConverted,
+  });
+  if (err) {
+    throw lazyDOMException(
+      'The operation failed for an operation-specific reason',
+      { name: 'OperationError', cause: err }
+    );
+  }
+
+  const keyAlgorithm = {
+    name,
+    modulusLength,
+    publicExponent: publicExponentConverted,
+    hash,
+  };
+
+  let publicUsages: KeyUsage[] = [];
+  let privateUsages: KeyUsage[] = [];
+  switch (name) {
+    case 'RSA-OAEP': {
+      publicUsages = getUsagesUnion(keyUsages, 'encrypt', 'wrapKey');
+      privateUsages = getUsagesUnion(keyUsages, 'decrypt', 'unwrapKey');
+      break;
+    }
+    default: {
+      publicUsages = getUsagesUnion(keyUsages, 'verify');
+      privateUsages = getUsagesUnion(keyUsages, 'sign');
+      break;
+    }
+  }
+
+  const pub = new PublicKeyObject(keypair?.publicKey as KeyObjectHandle);
+  const publicKey = new CryptoKey(pub, keyAlgorithm, publicUsages, true);
+
+  const priv = new PrivateKeyObject(keypair?.privateKey as KeyObjectHandle);
+  const privateKey = new CryptoKey(
+    priv,
+    keyAlgorithm,
+    privateUsages,
+    extractable
+  );
+
+  return { publicKey, privateKey };
+};
+
+export const rsaExportKey = (
+  key: CryptoKey,
+  format: KWebCryptoKeyFormat
+): ArrayBuffer => {
+  const variant = KeyVariantLookup[key.algorithm.name];
+  if (variant === undefined) {
+    throw lazyDOMException(
+      `Unrecognized algorithm name '${key.algorithm.name}'`,
+      'NotSupportedError'
+    );
+  }
+  return NativeQuickCrypto.webcrypto.rsaExportKey(
+    format,
+    key.keyObject.handle,
+    variant
+  );
+};
 
 export const rsaImportKey = (
   format: ImportFormat,
@@ -235,24 +209,24 @@ export const rsaImportKey = (
   keyUsages: KeyUsage[]
 ): CryptoKey => {
   // const usagesSet = new SafeSet(keyUsages);
-  let keyObject;
+  let keyObject: PublicKeyObject | PrivateKeyObject;
   switch (format) {
-    // case 'spki': {
-    //   verifyAcceptableRsaKeyUse(algorithm.name, true, keyUsages);
-    //   try {
-    //     keyObject = createPublicKey({
-    //       key: keyData,
-    //       format: 'der',
-    //       type: 'spki',
-    //     });
-    //   } catch (err) {
-    //     throw lazyDOMException('Invalid keyData', {
-    //       name: 'DataError',
-    //       cause: err,
-    //     });
-    //   }
-    //   break;
-    // }
+    case 'spki': {
+      verifyAcceptableRsaKeyUse(algorithm.name, true, keyUsages);
+      try {
+        keyObject = createPublicKey({
+          key: keyData,
+          format: 'der',
+          type: 'spki',
+        });
+      } catch (err) {
+        throw lazyDOMException('Invalid keyData', {
+          name: 'DataError',
+          cause: err,
+        });
+      }
+      break;
+    }
     // case 'pkcs8': {
     //   verifyAcceptableRsaKeyUse(algorithm.name, false, keyUsages);
     //   try {

package/src/sig.ts

@@ -14,7 +14,11 @@ import {
   binaryLikeToArrayBuffer,
   getDefaultEncoding,
 } from './Utils';
-import { preparePrivateKey, preparePublicOrPrivateKey } from './keys';
+import {
+  preparePrivateKey,
+  preparePublicOrPrivateKey,
+  type EncodingOptions,
+} from './keys';
 
 const createInternalSign = NativeQuickCrypto.createSign;
 const createInternalVerify = NativeQuickCrypto.createVerify;
@@ -70,17 +74,7 @@ class Verify extends Stream.Writable {
     return this;
   }
 
-  verify(
-    options: {
-      key: string | Buffer;
-      format?: string;
-      type?: string;
-      passphrase?: string;
-      padding?: number;
-      saltLength?: number;
-    },
-    signature: BinaryLike
-  ): boolean {
+  verify(options: EncodingOptions, signature: BinaryLike): boolean {
     if (!options) {
       throw new Error('Crypto sign key required');
     }
@@ -129,17 +123,7 @@ class Sign extends Stream.Writable {
     return this;
   }
 
-  sign(
-    options: {
-      key: string | Buffer;
-      format?: string;
-      type?: string;
-      passphrase?: string;
-      padding?: number;
-      saltLength?: number;
-    },
-    encoding?: string
-  ) {
+  sign(options: EncodingOptions, encoding?: string) {
     if (!options) {
       throw new Error('Crypto sign key required');
     }