react-native-quick-crypto 0.7.0 → 0.7.2

package/cpp/Sig/MGLSignHostObjects.cpp

@@ -55,11 +55,15 @@ bool ApplyRSAOptions(const ManagedEVPPKey& pkey, EVP_PKEY_CTX* pkctx,
   return true;
 }
 
-std::optional<jsi::Value> Node_SignFinal(jsi::Runtime& runtime,
-                                         EVPMDPointer&& mdctx,
-                                         const ManagedEVPPKey& pkey,
-                                         int padding,
-                                         std::optional<int> pss_salt_len) {
+std::optional<MGLTypedArray<MGLTypedArrayKind::Uint8Array>> Node_SignFinal(
+    jsi::Runtime& runtime,
+    EVPMDPointer&& mdctx,
+    const ManagedEVPPKey& pkey,
+    int padding,
+    std::optional<int> pss_salt_len
+) {
+  std::optional<MGLTypedArray<MGLTypedArrayKind::Uint8Array>> ret;
+
   unsigned char m[EVP_MAX_MD_SIZE];
   unsigned int m_len;
 
@@ -81,13 +85,14 @@ std::optional<jsi::Value> Node_SignFinal(jsi::Runtime& runtime,
           &sig_len, m, m_len)) {
     CHECK_LE(sig_len, sig.size(runtime));
 
-    // do this bits need to be trimmed? I think so
+    // (osp) do these bits need to be trimmed? I think so
     //    if (sig_len == 0)
     //      sig = ArrayBuffer::NewBackingStore(env->isolate(), 0);
     //    else
     //      sig = BackingStore::Reallocate(env->isolate(), std::move(sig),
     //      sig_len);
-    return sig;
+    ret.emplace(std::move(sig));
+    return ret;
   }
 
   return {};
@@ -281,16 +286,18 @@ SignBase::SignResult SignBase::SignFinal(jsi::Runtime& runtime,
   EVPMDPointer mdctx = std::move(mdctx_);
 
   if (!ValidateDSAParameters(pkey.get())) return SignResult(kSignPrivateKey);
-
-  std::optional<jsi::Value> buffer =
+  ByteSource bs;
+  std::optional<MGLTypedArray<MGLTypedArrayKind::Uint8Array>> buffer =
       Node_SignFinal(runtime, std::move(mdctx), pkey, padding, salt_len);
   Error error = buffer.has_value() ? kSignOk : kSignPrivateKey;
-  // TODO(osp) enable this
-  //  if (error == kSignOk && dsa_sig_enc == kSigEncP1363) {
-  //    buffer = ConvertSignatureToP1363(env(), pkey, std::move(buffer));
-  //    CHECK_NOT_NULL(buffer->Data());
-  //  }
-  return SignResult(error, std::move(buffer.value()));
+  if (error == kSignOk) {
+    bs = ByteSource::FromBuffer(runtime, buffer.value().getBuffer(runtime));
+    if (dsa_sig_enc == kSigEncP1363) {
+      bs = ConvertSignatureToP1363(pkey, std::move(bs));
+    }
+    CHECK_NOT_NULL(bs.data<unsigned char>());
+  }
+  return SignResult(error, toJSI(runtime, std::move(bs)));
 }
 
 SignBase::Error SignBase::VerifyFinal(const ManagedEVPPKey& pkey,

package/cpp/Utils/MGLUtils.cpp

@@ -184,8 +184,29 @@ ByteSource ByteSource::Foreign(const void* data, size_t size) {
   return ByteSource(data, nullptr, size);
 }
 
+ByteSource ByteSource::FromBN(const BIGNUM* bn, size_t size) {
+  std::vector<uint8_t> buf(size);
+  CHECK_EQ(BN_bn2binpad(bn, buf.data(), size), size);
+  ByteSource::Builder out(size);
+  memcpy(out.data<void>(), buf.data(), size);
+  return std::move(out).release();
+}
+
+ByteSource GetByteSourceFromJS(jsi::Runtime &rt,
+                               const jsi::Value &value,
+                               std::string name) {
+    if (!value.isObject() || !value.asObject(rt).isArrayBuffer(rt)) {
+    throw jsi::JSError(rt, "arg is not an array buffer: " + name);
+  }
+  ByteSource data = ByteSource::FromStringOrBuffer(rt, value);
+  if (data.size() > INT_MAX) {
+    throw jsi::JSError(rt, "arg is too big (> int32): " + name);
+  }
+  return data;
+}
+
 std::string EncodeBignum(const BIGNUM* bn,
-                         int size,
+                         size_t size,
                          bool url) {
   if (size == 0)
     size = BN_num_bytes(bn);
@@ -222,4 +243,53 @@ std::string DecodeBase64(const std::string &in, bool remove_linebreaks) {
   return base64_decode(in, remove_linebreaks);
 }
 
+MUST_USE_RESULT CSPRNGResult CSPRNG(void* buffer, size_t length) {
+  unsigned char* buf = static_cast<unsigned char*>(buffer);
+  do {
+    if (1 == RAND_status()) {
+#if OPENSSL_VERSION_MAJOR >= 3
+      if (1 == RAND_bytes_ex(nullptr, buf, length, 0)) return {true};
+#else
+      while (length > INT_MAX && 1 == RAND_bytes(buf, INT_MAX)) {
+        buf += INT_MAX;
+        length -= INT_MAX;
+      }
+      if (length <= INT_MAX && 1 == RAND_bytes(buf, static_cast<int>(length)))
+        return {true};
+#endif
+    }
+#if OPENSSL_VERSION_MAJOR >= 3
+    const auto code = ERR_peek_last_error();
+    // A misconfigured OpenSSL 3 installation may report 1 from RAND_poll()
+    // and RAND_status() but fail in RAND_bytes() if it cannot look up
+    // a matching algorithm for the CSPRNG.
+    if (ERR_GET_LIB(code) == ERR_LIB_RAND) {
+      const auto reason = ERR_GET_REASON(code);
+      if (reason == RAND_R_ERROR_INSTANTIATING_DRBG ||
+          reason == RAND_R_UNABLE_TO_FETCH_DRBG ||
+          reason == RAND_R_UNABLE_TO_CREATE_DRBG) {
+        return {false};
+      }
+    }
+#endif
+  } while (1 == RAND_poll());
+
+  return {false};
+}
+
+bool SetRsaOaepLabel(const EVPKeyCtxPointer& ctx, const ByteSource& label) {
+  if (label.size() != 0) {
+    // OpenSSL takes ownership of the label, so we need to create a copy.
+    void* label_copy = OPENSSL_memdup(label.data(), label.size());
+    CHECK_NOT_NULL(label_copy);
+    int ret = EVP_PKEY_CTX_set0_rsa_oaep_label(
+        ctx.get(), static_cast<unsigned char*>(label_copy), label.size());
+    if (ret <= 0) {
+      OPENSSL_free(label_copy);
+      return false;
+    }
+  }
+  return true;
+}
+
 }  // namespace margelo

package/cpp/Utils/MGLUtils.h

@@ -50,6 +50,27 @@ using EVPMDPointer = DeleteFnPtr<EVP_MD_CTX, EVP_MD_CTX_free>;
 using ECDSASigPointer = DeleteFnPtr<ECDSA_SIG, ECDSA_SIG_free>;
 using ECKeyPointer = DeleteFnPtr<EC_KEY, EC_KEY_free>;
 using ECPointPointer = DeleteFnPtr<EC_POINT, EC_POINT_free>;
+using CipherCtxPointer = DeleteFnPtr<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free>;
+
+
+#ifdef __GNUC__
+#define MUST_USE_RESULT __attribute__((warn_unused_result))
+#else
+#define MUST_USE_RESULT
+#endif
+
+struct CSPRNGResult {
+  const bool ok;
+  MUST_USE_RESULT bool is_ok() const { return ok; }
+  MUST_USE_RESULT bool is_err() const { return !ok; }
+};
+
+// Either succeeds with exactly |length| bytes of cryptographically
+// strong pseudo-random data, or fails. This function may block.
+// Don't assume anything about the contents of |buffer| on error.
+// As a special case, |length == 0| can be used to check if the CSPRNG
+// is properly seeded without consuming entropy.
+MUST_USE_RESULT CSPRNGResult CSPRNG(void* buffer, size_t length);
 
 template <typename T>
 class NonCopyableMaybe {
@@ -198,6 +219,8 @@ class ByteSource {
 
     static ByteSource FromBIO(const BIOPointer& bio);
 
+    static ByteSource FromBN(const BIGNUM* bn, size_t size);
+
     //  static ByteSource NullTerminatedCopy(Environment* env,
     //                                       v8::Local<v8::Value> value);
     //
@@ -281,13 +304,19 @@ inline jsi::Value toJSI(jsi::Runtime& rt, ByteSource value) {
     return o;
 }
 
+ByteSource GetByteSourceFromJS(jsi::Runtime &rt,
+                               const jsi::Value &value,
+                               std::string name);
+
 std::string EncodeBignum(const BIGNUM* bn,
-                         int size,
+                         size_t size,
                          bool url = false);
 
 std::string EncodeBase64(const std::string data, bool url = false);
 std::string DecodeBase64(const std::string &in, bool remove_linebreaks = false);
 
+bool SetRsaOaepLabel(const EVPKeyCtxPointer& ctx, const ByteSource& label);
+
 // TODO: until shared, keep in sync with JS side (src/NativeQuickCrypto/Cipher.ts)
 enum KeyVariant {
   kvRSA_SSA_PKCS1_v1_5,
@@ -299,6 +328,31 @@ enum KeyVariant {
   kvDH,
 };
 
+enum FnMode {
+  kAsync,
+  kSync,
+};
+
+enum WebCryptoKeyFormat {
+  kWebCryptoKeyFormatRaw,
+  kWebCryptoKeyFormatPKCS8,
+  kWebCryptoKeyFormatSPKI,
+  kWebCryptoKeyFormatJWK
+};
+
+enum WebCryptoCipherMode {
+  kEncrypt,
+  kDecrypt,
+  // kWrapKey,
+  // kUnwrapKey,
+};
+
+enum class WebCryptoCipherStatus {
+  OK,
+  INVALID_KEY_TYPE,
+  FAILED
+};
+
 }  // namespace margelo
 
 #endif /* MGLUtils_h */

package/cpp/webcrypto/MGLWebCrypto.cpp

@@ -14,60 +14,112 @@
 #ifdef ANDROID
 #include "JSIUtils/MGLJSIMacros.h"
 #include "Sig/MGLSignHostObjects.h"
+#include "Cipher/MGLRsa.h"
 #include "Utils/MGLUtils.h"
+#include "webcrypto/crypto_aes.h"
 #include "webcrypto/crypto_ec.h"
+#include "webcrypto/crypto_keygen.h"
 #else
 #include "MGLJSIMacros.h"
 #include "MGLSignHostObjects.h"
+#include "MGLRsa.h"
 #include "MGLUtils.h"
+#include "crypto_aes.h"
 #include "crypto_ec.h"
+#include "crypto_keygen.h"
 #endif
 
 namespace margelo {
+
 namespace jsi = facebook::jsi;
 namespace react = facebook::react;
 
-jsi::Value createWebCryptoObject(jsi::Runtime &rt) {
-    auto obj = jsi::Object(rt);
+MGLWebCryptoHostObject::MGLWebCryptoHostObject(
+  std::shared_ptr<react::CallInvoker> jsCallInvoker,
+  std::shared_ptr<DispatchQueue::dispatch_queue> workerQueue)
+  : MGLSmartHostObject(jsCallInvoker, workerQueue) {
+
+  auto aesCipher = JSIF([=]) {
+    auto aes = AESCipher();
+    auto params = aes.GetParamsFromJS(runtime, arguments);
+    ByteSource out;
+    WebCryptoCipherStatus status = aes.DoCipher(params, &out);
+    if (status != WebCryptoCipherStatus::OK) {
+      throw jsi::JSError(runtime, "error in DoCipher, status: " +
+        std::to_string(static_cast<int>(status)));
+    }
+    return toJSI(runtime, std::move(out));
+  };
+
+  auto createKeyObjectHandle = JSIF([=]) {
+    auto keyObjectHandleHostObject = std::make_shared<KeyObjectHandle>();
+    return jsi::Object::createFromHostObject(runtime, keyObjectHandleHostObject);
+  };
 
-    auto createKeyObjectHandle = HOSTFN("createKeyObjectHandle", 0) {
-        auto keyObjectHandleHostObject =
-                std::make_shared<KeyObjectHandle>();
-        return jsi::Object::createFromHostObject(rt, keyObjectHandleHostObject);
-    });
+  auto ecExportKey = JSIF([=]) {
+    ByteSource out;
+    std::shared_ptr<KeyObjectHandle> handle =
+      std::static_pointer_cast<KeyObjectHandle>(
+        arguments[1].asObject(runtime).getHostObject(runtime));
+    std::shared_ptr<KeyObjectData> key_data = handle->Data();
+    WebCryptoKeyExportStatus status = ECDH::doExport(runtime,
+                                                     key_data,
+                                                     static_cast<WebCryptoKeyFormat>(arguments[0].asNumber()),
+                                                     {}, // blank params
+                                                     &out);
+    if (status != WebCryptoKeyExportStatus::OK) {
+      throw jsi::JSError(runtime, "error exporting key, status: " + std::to_string(static_cast<int>(status)));
+    }
+    return toJSI(runtime, std::move(out));
+  };
 
-    auto ecExportKey = HOSTFN("ecExportKey", 2) {
-        ByteSource out;
-        std::shared_ptr<KeyObjectHandle> handle =
-            std::static_pointer_cast<KeyObjectHandle>(
-                args[1].asObject(rt).getHostObject(rt));
-        std::shared_ptr<KeyObjectData> key_data = handle->Data();
-        WebCryptoKeyExportStatus status = ECDH::doExport(rt,
-                                                         key_data,
-                                                         static_cast<WebCryptoKeyFormat>(args[0].asNumber()),
-                                                         {}, // blank params
-                                                         &out);
-        if (status != WebCryptoKeyExportStatus::OK) {
-            throw jsi::JSError(rt, "error exporting key, status: " + std::to_string(static_cast<int>(status)));
-        }
-        return toJSI(rt, std::move(out));
-    });
+  auto generateSecretKeySync = JSIF([=]) {
+    auto skg = new SecretKeyGen();
+    CHECK(skg->GetParamsFromJS(runtime, arguments));
+    CHECK(skg->DoKeyGen());
+    auto out = jsi::Object::createFromHostObject(runtime, skg->GetHandle());
+    return jsi::Value(std::move(out));
+  };
 
-    auto signVerify = HOSTFN("signVerify", 4) {
-      auto ssv = SubtleSignVerify();
-      auto params = ssv.GetParamsFromJS(rt, args);
-      ByteSource out;
-      ssv.DoSignVerify(rt, params, out);
-      return ssv.EncodeOutput(rt, params, out);
-    });
+  auto rsaCipher = JSIF([=]) {
+    auto rsa = RSACipher();
+    auto params = rsa.GetParamsFromJS(runtime, arguments);
+    ByteSource out;
+    WebCryptoCipherStatus status = rsa.DoCipher(params, &out);
+    if (status != WebCryptoCipherStatus::OK) {
+      throw jsi::JSError(runtime, "error in DoCipher, status: " +
+        std::to_string(static_cast<int>(status)));
+    }
+    return toJSI(runtime, std::move(out));
+  };
 
-    obj.setProperty(rt,
-                    "createKeyObjectHandle",
-                    std::move(createKeyObjectHandle));
-    obj.setProperty(rt, "ecExportKey", std::move(ecExportKey));
-    obj.setProperty(rt, "signVerify", std::move(signVerify));
-    return obj;
+  auto rsaExportKey = JSIF([=]) {
+    ByteSource out;
+    auto rsa = new RsaKeyExport();
+    CHECK(rsa->GetParamsFromJS(runtime, arguments));
+    WebCryptoKeyExportStatus status = rsa->DoExport(&out);
+    if (status != WebCryptoKeyExportStatus::OK) {
+      throw jsi::JSError(runtime, "Error exporting key");
+    }
+    return toJSI(runtime, std::move(out));
+  };
+
+  auto signVerify = JSIF([=]) {
+    auto ssv = SubtleSignVerify();
+    auto params = ssv.GetParamsFromJS(runtime, arguments);
+    ByteSource out;
+    ssv.DoSignVerify(runtime, params, out);
+    return ssv.EncodeOutput(runtime, params, out);
+  };
+
+  this->fields.push_back(buildPair("aesCipher", aesCipher));
+  this->fields.push_back(buildPair("createKeyObjectHandle", createKeyObjectHandle));
+  this->fields.push_back(buildPair("ecExportKey", ecExportKey));
+  this->fields.push_back(GenerateSecretKeyFieldDefinition(jsCallInvoker, workerQueue));
+  this->fields.push_back(buildPair("generateSecretKeySync", generateSecretKeySync));
+  this->fields.push_back(buildPair("rsaCipher", rsaCipher));
+  this->fields.push_back(buildPair("rsaExportKey", rsaExportKey));
+  this->fields.push_back(buildPair("signVerify", signVerify));
 };
 
 }  // namespace margelo
-

package/cpp/webcrypto/MGLWebCrypto.h

@@ -20,15 +20,13 @@
 namespace margelo {
 namespace jsi = facebook::jsi;
 
-enum WebCryptoKeyFormat {
-  kWebCryptoKeyFormatRaw,
-  kWebCryptoKeyFormatPKCS8,
-  kWebCryptoKeyFormatSPKI,
-  kWebCryptoKeyFormatJWK
+class MGLWebCryptoHostObject : public MGLSmartHostObject {
+ public:
+  MGLWebCryptoHostObject(
+      std::shared_ptr<react::CallInvoker> jsCallInvoker,
+      std::shared_ptr<DispatchQueue::dispatch_queue> workerQueue);
 };
 
-jsi::Value createWebCryptoObject(jsi::Runtime &rt);
-
 }  // namespace margelo
 
 #endif /* MGLWebCrypto_hpp */