react-native-quick-crypto 0.7.0 → 0.7.2

package/src/subtle.ts

@@ -8,6 +8,9 @@ import {
   type AnyAlgorithm,
   type JWK,
   type CryptoKeyPair,
+  CipherOrWrapMode,
+  type EncryptDecryptParams,
+  type AesKeyGenParams,
 } from './keys';
 import {
   hasAnyNotIn,
@@ -18,32 +21,72 @@ import {
   normalizeHashName,
   HashContext,
   type Operation,
+  validateMaxBufferLength,
+  bufferLikeToArrayBuffer,
 } from './Utils';
 import { ecImportKey, ecExportKey, ecGenerateKey, ecdsaSignVerify } from './ec';
 import { pbkdf2DeriveBits } from './pbkdf2';
 import { asyncDigest } from './Hash';
-import { aesImportKey, getAlgorithmName } from './aes';
-import { rsaImportKey } from './rsa';
+import {
+  aesCipher,
+  aesGenerateKey,
+  aesImportKey,
+  getAlgorithmName,
+} from './aes';
+import { rsaCipher, rsaExportKey, rsaImportKey, rsaKeyGenerate } from './rsa';
 
 const exportKeySpki = async (key: CryptoKey): Promise<ArrayBuffer | any> => {
   switch (key.algorithm.name) {
-    // case 'RSASSA-PKCS1-v1_5':
+    case 'RSASSA-PKCS1-v1_5':
+    // Fall through
+    case 'RSA-PSS':
+    // Fall through
+    case 'RSA-OAEP':
+      if (key.type === 'public') {
+        return rsaExportKey(key, KWebCryptoKeyFormat.kWebCryptoKeyFormatSPKI);
+      }
+      break;
+    case 'ECDSA':
+    // Fall through
+    case 'ECDH':
+      if (key.type === 'public') {
+        return ecExportKey(key, KWebCryptoKeyFormat.kWebCryptoKeyFormatSPKI);
+      }
+      break;
+    // case 'Ed25519':
     // // Fall through
-    // case 'RSA-PSS':
+    // case 'Ed448':
     // // Fall through
-    // case 'RSA-OAEP':
+    // case 'X25519':
+    // // Fall through
+    // case 'X448':
     //   if (key.type === 'public') {
-    //     return require('internal/crypto/rsa').rsaExportKey(
-    //       key,
-    //       kWebCryptoKeyFormatSPKI
-    //     );
+    //     return cfrgExportKey(key, KWebCryptoKeyFormat.kWebCryptoKeyFormatSPKI);
     //   }
     //   break;
+  }
+
+  throw new Error(
+    `Unable to export a spki ${key.algorithm.name} ${key.type} key`
+  );
+};
+
+const exportKeyPkcs8 = async (key: CryptoKey): Promise<ArrayBuffer | any> => {
+  switch (key.algorithm.name) {
+    case 'RSASSA-PKCS1-v1_5':
+    // Fall through
+    case 'RSA-PSS':
+    // Fall through
+    case 'RSA-OAEP':
+      if (key.type === 'private') {
+        return rsaExportKey(key, KWebCryptoKeyFormat.kWebCryptoKeyFormatPKCS8);
+      }
+      break;
     case 'ECDSA':
     // Fall through
     case 'ECDH':
-      if (key.type === 'public') {
-        return ecExportKey(key, KWebCryptoKeyFormat.kWebCryptoKeyFormatSPKI);
+      if (key.type === 'private') {
+        return ecExportKey(key, KWebCryptoKeyFormat.kWebCryptoKeyFormatPKCS8);
       }
       break;
     // case 'Ed25519':
@@ -53,17 +96,14 @@ const exportKeySpki = async (key: CryptoKey): Promise<ArrayBuffer | any> => {
     // case 'X25519':
     // // Fall through
     // case 'X448':
-    //   if (key.type === 'public') {
-    //     return require('internal/crypto/cfrg').cfrgExportKey(
-    //       key,
-    //       kWebCryptoKeyFormatSPKI
-    //     );
+    //   if (key.type === 'private') {
+    //     return cfrgExportKey(key, KWebCryptoKeyFormat.kWebCryptoKeyFormatPKCS8);
     //   }
     //   break;
   }
 
   throw new Error(
-    `Unable to export a raw ${key.algorithm.name} ${key.type} key`
+    `Unable to export a pkcs8 ${key.algorithm.name} ${key.type} key`
   );
 };
 
@@ -285,7 +325,70 @@ const signVerify = (
   );
 };
 
-class Subtle {
+const cipherOrWrap = async (
+  mode: CipherOrWrapMode,
+  algorithm: EncryptDecryptParams, // | WrapUnwrapParams,
+  key: CryptoKey,
+  data: ArrayBuffer,
+  op: Operation
+): Promise<ArrayBuffer> => {
+  // We use a Node.js style error here instead of a DOMException because
+  // the WebCrypto spec is not specific what kind of error is to be thrown
+  // in this case. Both Firefox and Chrome throw simple TypeErrors here.
+  // The key algorithm and cipher algorithm must match, and the
+  // key must have the proper usage.
+  if (
+    key.algorithm.name !== algorithm.name ||
+    !key.usages.includes(op as KeyUsage)
+  ) {
+    throw lazyDOMException(
+      'The requested operation is not valid for the provided key',
+      'InvalidAccessError'
+    );
+  }
+
+  // While WebCrypto allows for larger input buffer sizes, we limit
+  // those to sizes that can fit within uint32_t because of limitations
+  // in the OpenSSL API.
+  validateMaxBufferLength(data, 'data');
+
+  switch (algorithm.name) {
+    case 'RSA-OAEP':
+      return rsaCipher(mode, key, data, algorithm);
+    case 'AES-CTR':
+    // Fall through
+    case 'AES-CBC':
+    // Fall through
+    case 'AES-GCM':
+      return aesCipher(mode, key, data, algorithm);
+    // case 'AES-KW':
+    //   if (op === 'wrapKey' || op === 'unwrapKey') {
+    //     return aesCipher(mode, key, data, algorithm);
+    //   }
+  }
+  // @ts-ignore
+  throw lazyDOMException(
+    `Unrecognized algorithm name '${algorithm}' for '${op}'`,
+    'NotSupportedError'
+  );
+};
+
+export class Subtle {
+  async decrypt(
+    algorithm: EncryptDecryptParams,
+    key: CryptoKey,
+    data: BufferLike
+  ): Promise<ArrayBuffer> {
+    const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'decrypt');
+    return cipherOrWrap(
+      CipherOrWrapMode.kWebCryptoCipherDecrypt,
+      normalizedAlgorithm as EncryptDecryptParams,
+      key,
+      bufferLikeToArrayBuffer(data),
+      'decrypt'
+    );
+  }
+
   async digest(
     algorithm: SubtleAlgorithm | AnyAlgorithm,
     data: BufferLike
@@ -323,6 +426,96 @@ class Subtle {
     );
   }
 
+  async encrypt(
+    algorithm: EncryptDecryptParams,
+    key: CryptoKey,
+    data: BufferLike
+  ): Promise<ArrayBuffer> {
+    const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'encrypt');
+    return cipherOrWrap(
+      CipherOrWrapMode.kWebCryptoCipherEncrypt,
+      normalizedAlgorithm as EncryptDecryptParams,
+      key,
+      bufferLikeToArrayBuffer(data),
+      'encrypt'
+    );
+  }
+
+  async exportKey(
+    format: ImportFormat,
+    key: CryptoKey
+  ): Promise<ArrayBuffer | JWK> {
+    if (!key.extractable) throw new Error('key is not extractable');
+
+    switch (format) {
+      case 'spki':
+        return await exportKeySpki(key);
+      case 'pkcs8':
+        return await exportKeyPkcs8(key);
+      case 'jwk':
+        return exportKeyJWK(key);
+      case 'raw':
+        return exportKeyRaw(key);
+    }
+  }
+
+  async generateKey(
+    algorithm: SubtleAlgorithm,
+    extractable: boolean,
+    keyUsages: KeyUsage[]
+  ): Promise<CryptoKey | CryptoKeyPair> {
+    algorithm = normalizeAlgorithm(algorithm, 'generateKey');
+    let result: CryptoKey | CryptoKeyPair;
+    switch (algorithm.name) {
+      case 'RSASSA-PKCS1-v1_5':
+      // Fall through
+      case 'RSA-PSS':
+      // Fall through
+      case 'RSA-OAEP':
+        result = await rsaKeyGenerate(algorithm, extractable, keyUsages);
+        break;
+      // case 'Ed25519':
+      // // Fall through
+      // case 'Ed448':
+      // // Fall through
+      // case 'X25519':
+      // // Fall through
+      // case 'X448':
+      //   resultType = 'CryptoKeyPair';
+      //   result = await cfrgGenerateKey(algorithm, extractable, keyUsages);
+      //   break;
+      case 'ECDSA':
+      // Fall through
+      case 'ECDH':
+        result = await ecGenerateKey(algorithm, extractable, keyUsages);
+        checkCryptoKeyPairUsages(result);
+        break;
+      // case 'HMAC':
+      //   result = await hmacGenerateKey(algorithm, extractable, keyUsages);
+      //   break;
+      case 'AES-CTR':
+      // Fall through
+      case 'AES-CBC':
+      // Fall through
+      case 'AES-GCM':
+      // Fall through
+      case 'AES-KW':
+        result = await aesGenerateKey(
+          algorithm as AesKeyGenParams,
+          extractable,
+          keyUsages
+        );
+        break;
+      default:
+        throw new Error(
+          `'subtle.generateKey()' is not implemented for ${algorithm.name}.
+            Unrecognized algorithm name`
+        );
+    }
+
+    return result;
+  }
+
   async importKey(
     format: ImportFormat,
     data: BufferLike | BinaryLike | JWK,
@@ -425,81 +618,6 @@ class Subtle {
     return result;
   }
 
-  async exportKey(
-    format: ImportFormat,
-    key: CryptoKey
-  ): Promise<ArrayBuffer | any> {
-    if (!key.extractable) throw new Error('key is not extractable');
-
-    switch (format) {
-      case 'spki':
-        return await exportKeySpki(key);
-      // case 'pkcs8':
-      //   return await exportKeyPkcs8(key);
-      case 'jwk':
-        return exportKeyJWK(key);
-      case 'raw':
-        return exportKeyRaw(key);
-    }
-    throw new Error(`'subtle.exportKey()' is not implemented for ${format}`);
-  }
-
-  async generateKey(
-    algorithm: SubtleAlgorithm,
-    extractable: boolean,
-    keyUsages: KeyUsage[]
-  ): Promise<CryptoKey | CryptoKeyPair> {
-    algorithm = normalizeAlgorithm(algorithm, 'generateKey');
-    let result: CryptoKey | CryptoKeyPair;
-    switch (algorithm.name) {
-      // case 'RSASSA-PKCS1-v1_5':
-      // // Fall through
-      // case 'RSA-PSS':
-      // // Fall through
-      // case 'RSA-OAEP':
-      //   resultType = 'CryptoKeyPair';
-      //   result = await rsaKeyGenerate(algorithm, extractable, keyUsages);
-      //   break;
-      // case 'Ed25519':
-      // // Fall through
-      // case 'Ed448':
-      // // Fall through
-      // case 'X25519':
-      // // Fall through
-      // case 'X448':
-      //   resultType = 'CryptoKeyPair';
-      //   result = await cfrgGenerateKey(algorithm, extractable, keyUsages);
-      //   break;
-      case 'ECDSA':
-      // Fall through
-      case 'ECDH':
-        result = await ecGenerateKey(algorithm, extractable, keyUsages);
-        checkCryptoKeyPairUsages(result);
-        break;
-      // case 'HMAC':
-      //   resultType = 'CryptoKey';
-      //   result = await hmacGenerateKey(algorithm, extractable, keyUsages);
-      //   break;
-      // case 'AES-CTR':
-      // // Fall through
-      // case 'AES-CBC':
-      // // Fall through
-      // case 'AES-GCM':
-      // // Fall through
-      // case 'AES-KW':
-      //   resultType = 'CryptoKey';
-      //   result = await aesGenerateKey(algorithm, extractable, keyUsages);
-      //   break;
-      default:
-        throw new Error(
-          `'subtle.generateKey()' is not implemented for ${algorithm.name}.
-            Unrecognized algorithm name`
-        );
-    }
-
-    return result;
-  }
-
   async sign(
     algorithm: SubtleAlgorithm,
     key: CryptoKey,

package/src/webcrypto.ts

@@ -0,0 +1,8 @@
+import { subtle, Subtle } from './subtle';
+import { CryptoKey } from './keys';
+
+export default {
+  subtle,
+  SubtleCrypto: Subtle,
+  CryptoKey,
+};