react-native-quick-crypto 0.7.2 → 0.7.4

package/src/keys.ts

@@ -20,25 +20,22 @@ export type NamedCurve = 'P-256' | 'P-384' | 'P-521';
 export type ImportFormat = 'raw' | 'pkcs8' | 'spki' | 'jwk';
 
 export type AnyAlgorithm =
+  | DigestAlgorithm
   | HashAlgorithm
   | KeyPairAlgorithm
   | SecretKeyAlgorithm
   | SignVerifyAlgorithm
   | DeriveBitsAlgorithm
   | EncryptDecryptAlgorithm
+  | AESAlgorithm
   | 'PBKDF2'
-  | 'HKDF';
-
-export type HashAlgorithm =
-  | 'SHA-1'
-  | 'SHA-224'
-  | 'SHA-256'
-  | 'SHA-384'
-  | 'SHA-512'
-  | 'RIPEMD-160';
+  | 'HKDF'
+  | 'unknown';
 
 export type DigestAlgorithm = 'SHA-1' | 'SHA-256' | 'SHA-384' | 'SHA-512';
 
+export type HashAlgorithm = DigestAlgorithm | 'SHA-224' | 'RIPEMD-160';
+
 export type KeyPairType = 'rsa' | 'rsa-pss' | 'ec';
 
 export type RSAKeyPairAlgorithm = 'RSASSA-PKCS1-v1_5' | 'RSA-PSS' | 'RSA-OAEP';
@@ -126,7 +123,7 @@ export type SubtleAlgorithm = {
   namedCurve?: NamedCurve;
   length?: number;
   modulusLength?: number;
-  publicExponent?: any;
+  publicExponent?: number | Uint8Array;
 };
 
 export type KeyUsage =
@@ -191,6 +188,7 @@ export enum KeyEncoding {
 export type DSAEncoding = 'der' | 'ieee-p1363';
 
 export type EncodingOptions = {
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
   key?: any;
   type?: KType;
   encoding?: string;
@@ -200,33 +198,35 @@ export type EncodingOptions = {
   cipher?: string;
   passphrase?: string | ArrayBuffer;
   saltLength?: number;
+  oaepHash?: ArrayBuffer;
+  oaepLabel?: ArrayBuffer;
 };
 
 export type AsymmetricKeyType = 'rsa' | 'rsa-pss' | 'dsa' | 'ec' | undefined;
 
 export type JWK = {
-  'kty'?: 'AES' | 'RSA' | 'EC' | 'oct';
-  'use'?: 'sig' | 'enc';
-  'key_ops'?: KeyUsage[];
-  'alg'?: string; // TODO: enumerate these (RFC-7517)
-  'crv'?: string;
-  'kid'?: string;
-  'x5u'?: string;
-  'x5c'?: string[];
-  'x5t'?: string;
+  kty?: 'AES' | 'RSA' | 'EC' | 'oct';
+  use?: 'sig' | 'enc';
+  key_ops?: KeyUsage[];
+  alg?: string; // TODO: enumerate these (RFC-7517)
+  crv?: string;
+  kid?: string;
+  x5u?: string;
+  x5c?: string[];
+  x5t?: string;
   'x5t#256'?: string;
-  'n'?: string;
-  'e'?: string;
-  'd'?: string;
-  'p'?: string;
-  'q'?: string;
-  'x'?: string;
-  'y'?: string;
-  'k'?: string;
-  'dp'?: string;
-  'dq'?: string;
-  'qi'?: string;
-  'ext'?: boolean;
+  n?: string;
+  e?: string;
+  d?: string;
+  p?: string;
+  q?: string;
+  x?: string;
+  y?: string;
+  k?: string;
+  dp?: string;
+  dq?: string;
+  qi?: string;
+  ext?: boolean;
 };
 
 const encodingNames = {
@@ -257,7 +257,7 @@ function option(name: string, objName: string | undefined) {
 function parseKeyFormat(
   formatStr: string | undefined,
   defaultFormat: KFormatType | undefined,
-  optionName?: string
+  optionName?: string,
 ) {
   if (formatStr === undefined && defaultFormat !== undefined)
     return defaultFormat;
@@ -273,14 +273,14 @@ function parseKeyType(
   required: boolean,
   keyType: string | undefined,
   isPublic: boolean | undefined,
-  optionName: string
+  optionName: string,
 ): KeyEncoding | undefined {
   if (typeStr === undefined && !required) {
     return undefined;
   } else if (typeStr === 'pkcs1') {
     if (keyType !== undefined && keyType !== 'rsa') {
       throw new Error(
-        `Crypto incompatible key options: ${typeStr} can only be used for RSA keys`
+        `Crypto incompatible key options: ${typeStr} can only be used for RSA keys`,
       );
     }
     return KeyEncoding.kKeyEncodingPKCS1;
@@ -291,7 +291,7 @@ function parseKeyType(
   } else if (typeStr === 'sec1' && isPublic !== true) {
     if (keyType !== undefined && keyType !== 'ec') {
       throw new Error(
-        `Incompatible key options ${typeStr} can only be used for EC keys`
+        `Incompatible key options ${typeStr} can only be used for EC keys`,
       );
     }
     return KeyEncoding.kKeyEncodingSEC1;
@@ -304,7 +304,7 @@ function parseKeyFormatAndType(
   enc: EncodingOptions,
   keyType?: string,
   isPublic?: boolean,
-  objName?: string
+  objName?: string,
 ) {
   const { format: formatStr, type: typeStr } = enc;
 
@@ -312,7 +312,7 @@ function parseKeyFormatAndType(
   const format = parseKeyFormat(
     formatStr,
     isInput ? KFormatType.kKeyFormatPEM : undefined,
-    option('format', objName)
+    option('format', objName),
   );
 
   const isRequired =
@@ -324,7 +324,7 @@ function parseKeyFormatAndType(
     isRequired,
     keyType,
     isPublic,
-    option('type', objName)
+    option('type', objName),
   );
   return { format, type };
 }
@@ -333,7 +333,7 @@ function parseKeyEncoding(
   enc: EncodingOptions,
   keyType?: string,
   isPublic?: boolean,
-  objName?: string
+  objName?: string,
 ) {
   // validateObject(enc, 'options');
 
@@ -343,7 +343,7 @@ function parseKeyEncoding(
     enc,
     keyType,
     isPublic,
-    objName
+    objName,
   );
 
   let cipher, passphrase, encoding;
@@ -354,7 +354,7 @@ function parseKeyEncoding(
       if (cipher != null) {
         if (typeof cipher !== 'string')
           throw new Error(
-            `Invalid argument ${option('cipher', objName)}: ${cipher}`
+            `Invalid argument ${option('cipher', objName)}: ${cipher}`,
           );
         if (
           format === KFormatType.kKeyFormatDER &&
@@ -362,12 +362,12 @@ function parseKeyEncoding(
             type === KeyEncoding.kKeyEncodingSEC1)
         ) {
           throw new Error(
-            `Incompatible key options ${encodingNames[type]} does not support encryption`
+            `Incompatible key options ${encodingNames[type]} does not support encryption`,
           );
         }
       } else if (passphrase !== undefined) {
         throw new Error(
-          `invalid argument ${option('cipher', objName)}: ${cipher}`
+          `invalid argument ${option('cipher', objName)}: ${cipher}`,
         );
       }
     }
@@ -377,7 +377,7 @@ function parseKeyEncoding(
       (!isInput && cipher != null && !isStringOrBuffer(passphrase))
     ) {
       throw new Error(
-        `Invalid argument value ${option('passphrase', objName)}: ${passphrase}`
+        `Invalid argument value ${option('passphrase', objName)}: ${passphrase}`,
       );
     }
   }
@@ -390,7 +390,7 @@ function parseKeyEncoding(
 
 function prepareAsymmetricKey(
   key: BinaryLike | EncodingOptions,
-  ctx: KeyInputContext
+  ctx: KeyInputContext,
 ): {
   format: KFormatType;
   data: ArrayBuffer;
@@ -412,7 +412,7 @@ function prepareAsymmetricKey(
       data: binaryLikeToArrayBuffer(key),
     };
   } else if (typeof key === 'object') {
-    const { key: data, encoding } = key;
+    const { key: data, encoding } = key as EncodingOptions;
     // // The 'key' property can be a KeyObject as well to allow specifying
     // // additional options such as padding along with the key.
     // if (isKeyObject(data)) {
@@ -425,7 +425,7 @@ function prepareAsymmetricKey(
     // Either PEM or DER using PKCS#1 or SPKI.
     if (!isStringOrBuffer(data)) {
       throw new Error(
-        'prepareAsymmetricKey: key is not a string or ArrayBuffer'
+        'prepareAsymmetricKey: key is not a string or ArrayBuffer',
       );
     }
 
@@ -437,7 +437,7 @@ function prepareAsymmetricKey(
 
     return {
       data: binaryLikeToArrayBuffer(data, encoding),
-      ...parseKeyEncoding(key, undefined, isPublic),
+      ...parseKeyEncoding(key as EncodingOptions, undefined, isPublic),
     };
   }
 
@@ -460,7 +460,7 @@ export function preparePublicOrPrivateKey(key: BinaryLike | EncodingOptions) {
 export function parsePublicKeyEncoding(
   enc: EncodingOptions,
   keyType: string | undefined,
-  objName?: string
+  objName?: string,
 ) {
   return parseKeyEncoding(enc, keyType, keyType ? true : undefined, objName);
 }
@@ -471,7 +471,7 @@ export function parsePublicKeyEncoding(
 export function parsePrivateKeyEncoding(
   enc: EncodingOptions,
   keyType: string | undefined,
-  objName?: string
+  objName?: string,
 ) {
   return parseKeyEncoding(enc, keyType, false, objName);
 }
@@ -502,25 +502,25 @@ export function parsePrivateKeyEncoding(
 function prepareSecretKey(
   key: BinaryLike,
   encoding?: string,
-  bufferOnly = false
-): any {
+  bufferOnly = false,
+): ArrayBuffer {
   try {
     if (!bufferOnly) {
       // TODO: maybe use `key.constructor.name === 'KeyObject'` ?
       if (key instanceof KeyObject) {
         if (key.type !== 'secret')
           throw new Error(
-            `invalid KeyObject type: ${key.type}, expected 'secret'`
+            `invalid KeyObject type: ${key.type}, expected 'secret'`,
           );
-        return key.handle;
+        return key.handle.export();
       }
       // TODO: maybe use `key.constructor.name === 'CryptoKey'` ?
       else if (key instanceof CryptoKey) {
         if (key.type !== 'secret')
           throw new Error(
-            `invalid CryptoKey type: ${key.type}, expected 'secret'`
+            `invalid CryptoKey type: ${key.type}, expected 'secret'`,
           );
-        return key.keyObject.handle;
+        return key.keyObject.handle.export();
       }
     }
 
@@ -532,12 +532,15 @@ function prepareSecretKey(
   } catch (error) {
     throw new Error(
       'Invalid argument type for "key". Need ArrayBuffer, TypedArray, KeyObject, CryptoKey, string',
-      { cause: error }
+      { cause: error },
     );
   }
 }
 
-export function createSecretKey(key: any, encoding?: string) {
+export function createSecretKey(
+  key: BinaryLike,
+  encoding?: string,
+): SecretKeyObject {
   const k = prepareSecretKey(key, encoding, true);
   const handle = NativeQuickCrypto.webcrypto.createKeyObjectHandle();
   handle.init(KeyType.Secret, k);
@@ -545,11 +548,11 @@ export function createSecretKey(key: any, encoding?: string) {
 }
 
 export function createPublicKey(
-  key: BinaryLike | EncodingOptions
+  key: BinaryLike | EncodingOptions,
 ): PublicKeyObject {
   const { format, type, data, passphrase } = prepareAsymmetricKey(
     key,
-    KeyInputContext.kCreatePublic
+    KeyInputContext.kCreatePublic,
   );
   const handle = NativeQuickCrypto.webcrypto.createKeyObjectHandle();
   if (format === KFormatType.kKeyFormatJWK) {
@@ -561,11 +564,11 @@ export function createPublicKey(
 }
 
 export const createPrivateKey = (
-  key: BinaryLike | EncodingOptions
+  key: BinaryLike | EncodingOptions,
 ): PrivateKeyObject => {
   const { format, type, data, passphrase } = prepareAsymmetricKey(
     key,
-    KeyInputContext.kCreatePrivate
+    KeyInputContext.kCreatePrivate,
   );
   const handle = NativeQuickCrypto.webcrypto.createKeyObjectHandle();
   if (format === KFormatType.kKeyFormatJWK) {
@@ -590,7 +593,7 @@ export class CryptoKey {
     keyObject: KeyObject,
     keyAlgorithm: SubtleAlgorithm,
     keyUsages: KeyUsage[],
-    keyExtractable: boolean
+    keyExtractable: boolean,
   ) {
     this.keyObject = keyObject;
     this.keyAlgorithm = keyAlgorithm;
@@ -598,6 +601,7 @@ export class CryptoKey {
     this.keyExtractable = keyExtractable;
   }
 
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars, @typescript-eslint/no-explicit-any
   inspect(_depth: number, _options: any): any {
     throw new Error('CryptoKey.inspect is not implemented');
     // if (depth < 0) return this;
@@ -639,6 +643,7 @@ export class CryptoKey {
 class KeyObject {
   handle: KeyObjectHandle;
   type: 'public' | 'secret' | 'private' | 'unknown' = 'unknown';
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
   export(_options?: EncodingOptions): ArrayBuffer {
     return new ArrayBuffer(0);
   }
@@ -755,7 +760,7 @@ export class PublicKeyObject extends AsymmetricKeyObject {
     }
     const { format, type } = parsePublicKeyEncoding(
       options,
-      this.asymmetricKeyType
+      this.asymmetricKeyType,
     );
     return this.handle.export(format, type);
   }
@@ -776,12 +781,13 @@ export class PrivateKeyObject extends AsymmetricKeyObject {
     }
     const { format, type, cipher, passphrase } = parsePrivateKeyEncoding(
       options,
-      this.asymmetricKeyType
+      this.asymmetricKeyType,
     );
     return this.handle.export(format, type, cipher, passphrase);
   }
 }
 
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
 export const isCryptoKey = (obj: any): boolean => {
   return obj !== null && obj?.keyObject !== undefined;
 };

package/src/pbkdf2.ts

@@ -13,7 +13,8 @@ import { promisify } from 'util';
 
 const WRONG_PASS =
   'Password must be a string, a Buffer, a typed array or a DataView';
-const WRONG_SALT = `Salt must be a string, a Buffer, a typed array or a DataView`;
+const WRONG_SALT =
+  'Salt must be a string, a Buffer, a typed array or a DataView';
 
 type Password = BinaryLike;
 type Salt = BinaryLike;
@@ -21,64 +22,38 @@ type Pbkdf2Callback = (err: Error | null, derivedKey?: Buffer) => void;
 
 function sanitizeInput(input: BinaryLike, errorMsg: string): ArrayBuffer {
   try {
-    return binaryLikeToArrayBuffer(input);
-  } catch (e: any) {
-    throw errorMsg;
+    const ab = binaryLikeToArrayBuffer(input);
+    console.log('sanitized input', ab);
+    return ab;
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  } catch (_e: unknown) {
+    throw new Error(errorMsg);
   }
 }
 
-const nativePbkdf2 = NativeQuickCrypto.pbkdf2;
-
 export function pbkdf2(
   password: Password,
   salt: Salt,
   iterations: number,
   keylen: number,
-  digest: HashAlgorithm,
-  callback: Pbkdf2Callback
-): void;
-export function pbkdf2(
-  password: Password,
-  salt: Salt,
-  iterations: number,
-  keylen: number,
-  callback: Pbkdf2Callback
-): void;
-export function pbkdf2(
-  password: Password,
-  salt: Salt,
-  iterations: number,
-  keylen: number,
-  arg0?: unknown,
-  arg1?: unknown
+  digest: string,
+  callback: Pbkdf2Callback,
 ): void {
-  let digest: HashAlgorithm = 'SHA-1';
-  let callback: undefined | Pbkdf2Callback;
-  if (typeof arg0 === 'string') {
-    digest = arg0 as HashAlgorithm;
-    if (typeof arg1 === 'function') {
-      callback = arg1 as Pbkdf2Callback;
-    }
-  } else {
-    if (typeof arg0 === 'function') {
-      callback = arg0 as Pbkdf2Callback;
-    }
-  }
-  if (callback === undefined) {
+  if (callback === undefined || typeof callback !== 'function') {
     throw new Error('No callback provided to pbkdf2');
   }
-
   const sanitizedPassword = sanitizeInput(password, WRONG_PASS);
   const sanitizedSalt = sanitizeInput(salt, WRONG_SALT);
   const normalizedDigest = normalizeHashName(digest, HashContext.Node);
 
+  const nativePbkdf2 = NativeQuickCrypto.pbkdf2;
   nativePbkdf2
     .pbkdf2(
       sanitizedPassword,
       sanitizedSalt,
       iterations,
       keylen,
-      normalizedDigest
+      normalizedDigest,
     )
     .then(
       (res: ArrayBuffer) => {
@@ -86,7 +61,7 @@ export function pbkdf2(
       },
       (e: Error) => {
         callback!(e);
-      }
+      },
     );
 }
 
@@ -95,18 +70,19 @@ export function pbkdf2Sync(
   salt: Salt,
   iterations: number,
   keylen: number,
-  digest?: HashAlgorithm
+  digest?: string,
 ): ArrayBuffer {
   const sanitizedPassword = sanitizeInput(password, WRONG_PASS);
   const sanitizedSalt = sanitizeInput(salt, WRONG_SALT);
-
   const algo = digest ? normalizeHashName(digest, HashContext.Node) : 'sha1';
-  let result: ArrayBuffer = nativePbkdf2.pbkdf2Sync(
+
+  const nativePbkdf2 = NativeQuickCrypto.pbkdf2;
+  const result: ArrayBuffer = nativePbkdf2.pbkdf2Sync(
     sanitizedPassword,
     sanitizedSalt,
     iterations,
     keylen,
-    algo
+    algo,
   );
 
   return Buffer.from(result);
@@ -120,14 +96,14 @@ const pbkdf2WithDigest = (
   iterations: number,
   keylen: number,
   digest: HashAlgorithm,
-  callback: Pbkdf2Callback
+  callback: Pbkdf2Callback,
 ) => pbkdf2(password, salt, iterations, keylen, digest, callback);
 
 const pbkdf2Promise = promisify(pbkdf2WithDigest);
 export async function pbkdf2DeriveBits(
   algorithm: SubtleAlgorithm,
   baseKey: CryptoKey,
-  length: number
+  length: number,
 ): Promise<ArrayBuffer> {
   const { iterations, hash, salt } = algorithm;
   const normalizedHash = normalizeHashName(hash);
@@ -152,17 +128,17 @@ export async function pbkdf2DeriveBits(
 
   const sanitizedPassword = sanitizeInput(raw, WRONG_PASS);
   const sanitizedSalt = sanitizeInput(salt, WRONG_SALT);
-  let result: Buffer | undefined = await pbkdf2Promise(
+  const result: Buffer | undefined = await pbkdf2Promise(
     sanitizedPassword,
     sanitizedSalt,
     iterations,
     length / 8,
-    normalizedHash as HashAlgorithm
+    normalizedHash as HashAlgorithm,
   );
   if (!result) {
     throw lazyDOMException(
       'received bad result from pbkdf2()',
-      'OperationError'
+      'OperationError',
     );
   }
   return bufferLikeToArrayBuffer(result);