react-native-quick-crypto 0.7.2 → 1.0.0-beta.1

package/src/pbkdf2.ts

@@ -1,169 +0,0 @@
-import { NativeQuickCrypto } from './NativeQuickCrypto/NativeQuickCrypto';
-import { Buffer } from '@craftzdog/react-native-buffer';
-import {
-  type BinaryLike,
-  binaryLikeToArrayBuffer,
-  lazyDOMException,
-  bufferLikeToArrayBuffer,
-  normalizeHashName,
-  HashContext,
-} from './Utils';
-import type { CryptoKey, HashAlgorithm, SubtleAlgorithm } from './keys';
-import { promisify } from 'util';
-
-const WRONG_PASS =
-  'Password must be a string, a Buffer, a typed array or a DataView';
-const WRONG_SALT = `Salt must be a string, a Buffer, a typed array or a DataView`;
-
-type Password = BinaryLike;
-type Salt = BinaryLike;
-type Pbkdf2Callback = (err: Error | null, derivedKey?: Buffer) => void;
-
-function sanitizeInput(input: BinaryLike, errorMsg: string): ArrayBuffer {
-  try {
-    return binaryLikeToArrayBuffer(input);
-  } catch (e: any) {
-    throw errorMsg;
-  }
-}
-
-const nativePbkdf2 = NativeQuickCrypto.pbkdf2;
-
-export function pbkdf2(
-  password: Password,
-  salt: Salt,
-  iterations: number,
-  keylen: number,
-  digest: HashAlgorithm,
-  callback: Pbkdf2Callback
-): void;
-export function pbkdf2(
-  password: Password,
-  salt: Salt,
-  iterations: number,
-  keylen: number,
-  callback: Pbkdf2Callback
-): void;
-export function pbkdf2(
-  password: Password,
-  salt: Salt,
-  iterations: number,
-  keylen: number,
-  arg0?: unknown,
-  arg1?: unknown
-): void {
-  let digest: HashAlgorithm = 'SHA-1';
-  let callback: undefined | Pbkdf2Callback;
-  if (typeof arg0 === 'string') {
-    digest = arg0 as HashAlgorithm;
-    if (typeof arg1 === 'function') {
-      callback = arg1 as Pbkdf2Callback;
-    }
-  } else {
-    if (typeof arg0 === 'function') {
-      callback = arg0 as Pbkdf2Callback;
-    }
-  }
-  if (callback === undefined) {
-    throw new Error('No callback provided to pbkdf2');
-  }
-
-  const sanitizedPassword = sanitizeInput(password, WRONG_PASS);
-  const sanitizedSalt = sanitizeInput(salt, WRONG_SALT);
-  const normalizedDigest = normalizeHashName(digest, HashContext.Node);
-
-  nativePbkdf2
-    .pbkdf2(
-      sanitizedPassword,
-      sanitizedSalt,
-      iterations,
-      keylen,
-      normalizedDigest
-    )
-    .then(
-      (res: ArrayBuffer) => {
-        callback!(null, Buffer.from(res));
-      },
-      (e: Error) => {
-        callback!(e);
-      }
-    );
-}
-
-export function pbkdf2Sync(
-  password: Password,
-  salt: Salt,
-  iterations: number,
-  keylen: number,
-  digest?: HashAlgorithm
-): ArrayBuffer {
-  const sanitizedPassword = sanitizeInput(password, WRONG_PASS);
-  const sanitizedSalt = sanitizeInput(salt, WRONG_SALT);
-
-  const algo = digest ? normalizeHashName(digest, HashContext.Node) : 'sha1';
-  let result: ArrayBuffer = nativePbkdf2.pbkdf2Sync(
-    sanitizedPassword,
-    sanitizedSalt,
-    iterations,
-    keylen,
-    algo
-  );
-
-  return Buffer.from(result);
-}
-
-// We need this because the typescript  overload signatures in pbkdf2() above do
-// not play nice with promisify() below.
-const pbkdf2WithDigest = (
-  password: Password,
-  salt: Salt,
-  iterations: number,
-  keylen: number,
-  digest: HashAlgorithm,
-  callback: Pbkdf2Callback
-) => pbkdf2(password, salt, iterations, keylen, digest, callback);
-
-const pbkdf2Promise = promisify(pbkdf2WithDigest);
-export async function pbkdf2DeriveBits(
-  algorithm: SubtleAlgorithm,
-  baseKey: CryptoKey,
-  length: number
-): Promise<ArrayBuffer> {
-  const { iterations, hash, salt } = algorithm;
-  const normalizedHash = normalizeHashName(hash);
-  if (!normalizedHash) {
-    throw lazyDOMException('hash cannot be blank', 'OperationError');
-  }
-  if (!iterations || iterations === 0) {
-    throw lazyDOMException('iterations cannot be zero', 'OperationError');
-  }
-  if (!salt) {
-    throw lazyDOMException(WRONG_SALT, 'OperationError');
-  }
-  const raw = baseKey.keyObject.export();
-
-  if (length === 0)
-    throw lazyDOMException('length cannot be zero', 'OperationError');
-  if (length === null)
-    throw lazyDOMException('length cannot be null', 'OperationError');
-  if (length % 8) {
-    throw lazyDOMException('length must be a multiple of 8', 'OperationError');
-  }
-
-  const sanitizedPassword = sanitizeInput(raw, WRONG_PASS);
-  const sanitizedSalt = sanitizeInput(salt, WRONG_SALT);
-  let result: Buffer | undefined = await pbkdf2Promise(
-    sanitizedPassword,
-    sanitizedSalt,
-    iterations,
-    length / 8,
-    normalizedHash as HashAlgorithm
-  );
-  if (!result) {
-    throw lazyDOMException(
-      'received bad result from pbkdf2()',
-      'OperationError'
-    );
-  }
-  return bufferLikeToArrayBuffer(result);
-}

package/src/rsa.ts

@@ -1,370 +0,0 @@
-import { KeyVariantLookup } from './NativeQuickCrypto/Cipher';
-import { generateKeyPairPromise } from './Cipher';
-import { NativeQuickCrypto } from './NativeQuickCrypto/NativeQuickCrypto';
-import type { KeyObjectHandle } from './NativeQuickCrypto/webcrypto';
-import {
-  lazyDOMException,
-  type BufferLike,
-  validateKeyOps,
-  normalizeHashName,
-  HashContext,
-  hasAnyNotIn,
-  getUsagesUnion,
-  bigIntArrayToUnsignedInt,
-  validateMaxBufferLength,
-  bufferLikeToArrayBuffer,
-} from './Utils';
-import {
-  CryptoKey,
-  PrivateKeyObject,
-  type HashAlgorithm,
-  type ImportFormat,
-  type JWK,
-  type KeyUsage,
-  type SubtleAlgorithm,
-  PublicKeyObject,
-  type AnyAlgorithm,
-  KeyType,
-  createPublicKey,
-  type CryptoKeyPair,
-  KWebCryptoKeyFormat,
-  CipherOrWrapMode,
-  type RsaOaepParams,
-  type DigestAlgorithm,
-} from './keys';
-
-// TODO: keep in in sync with C++ side (cpp/Cipher/MGLRsa.h)
-export enum RSAKeyVariant {
-  RSA_SSA_PKCS1_v1_5,
-  RSA_PSS,
-  RSA_OAEP,
-}
-
-function verifyAcceptableRsaKeyUse(
-  name: AnyAlgorithm,
-  isPublic: boolean,
-  usages: KeyUsage[]
-): void {
-  let checkSet;
-  switch (name) {
-    case 'RSA-OAEP':
-      checkSet = isPublic ? ['encrypt', 'wrapKey'] : ['decrypt', 'unwrapKey'];
-      break;
-    case 'RSA-PSS':
-    // Fall through
-    case 'RSASSA-PKCS1-v1_5':
-      checkSet = isPublic ? ['verify'] : ['sign'];
-      break;
-    default:
-      throw lazyDOMException(
-        'The algorithm is not supported',
-        'NotSupportedError'
-      );
-  }
-  if (hasAnyNotIn(usages, checkSet)) {
-    throw lazyDOMException(
-      `Unsupported key usage for an ${name} key`,
-      'SyntaxError'
-    );
-  }
-}
-
-const rsaOaepCipher = (
-  mode: CipherOrWrapMode,
-  key: CryptoKey,
-  data: ArrayBuffer,
-  { label }: RsaOaepParams
-): Promise<ArrayBuffer> => {
-  const type =
-    mode === CipherOrWrapMode.kWebCryptoCipherEncrypt ? 'public' : 'private';
-  if (key.type !== type) {
-    throw lazyDOMException(
-      'The requested operation is not valid for the provided key',
-      'InvalidAccessError'
-    );
-  }
-  if (label !== undefined) {
-    validateMaxBufferLength(label, 'algorithm.label');
-  }
-
-  return NativeQuickCrypto.webcrypto.rsaCipher(
-    mode,
-    key.keyObject.handle,
-    data,
-    RSAKeyVariant.RSA_OAEP,
-    normalizeHashName(key.algorithm.hash) as DigestAlgorithm,
-    label !== undefined ? bufferLikeToArrayBuffer(label) : undefined
-  );
-};
-
-export const rsaCipher = rsaOaepCipher;
-
-export const rsaKeyGenerate = async (
-  algorithm: SubtleAlgorithm,
-  extractable: boolean,
-  keyUsages: KeyUsage[]
-): Promise<CryptoKeyPair> => {
-  const { name, modulusLength, publicExponent, hash: rawHash } = algorithm;
-  const hash: HashAlgorithm = normalizeHashName(rawHash);
-
-  // const usageSet = new SafeSet(keyUsages);
-  const publicExponentConverted = bigIntArrayToUnsignedInt(publicExponent);
-  if (publicExponentConverted === undefined) {
-    throw lazyDOMException(
-      'The publicExponent must be equivalent to an unsigned 32-bit value',
-      'OperationError'
-    );
-  }
-
-  switch (name) {
-    case 'RSA-OAEP':
-      if (
-        hasAnyNotIn(keyUsages, ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'])
-      ) {
-        throw lazyDOMException(
-          'Unsupported key usage for a RSA key',
-          'SyntaxError'
-        );
-      }
-      break;
-    default:
-      if (hasAnyNotIn(keyUsages, ['sign', 'verify'])) {
-        throw lazyDOMException(
-          'Unsupported key usage for a RSA key',
-          'SyntaxError'
-        );
-      }
-  }
-
-  const [err, keypair] = await generateKeyPairPromise('rsa', {
-    modulusLength,
-    publicExponent: publicExponentConverted,
-  });
-  if (err) {
-    throw lazyDOMException(
-      'The operation failed for an operation-specific reason',
-      { name: 'OperationError', cause: err }
-    );
-  }
-
-  const keyAlgorithm = {
-    name,
-    modulusLength,
-    publicExponent: publicExponentConverted,
-    hash,
-  };
-
-  let publicUsages: KeyUsage[] = [];
-  let privateUsages: KeyUsage[] = [];
-  switch (name) {
-    case 'RSA-OAEP': {
-      publicUsages = getUsagesUnion(keyUsages, 'encrypt', 'wrapKey');
-      privateUsages = getUsagesUnion(keyUsages, 'decrypt', 'unwrapKey');
-      break;
-    }
-    default: {
-      publicUsages = getUsagesUnion(keyUsages, 'verify');
-      privateUsages = getUsagesUnion(keyUsages, 'sign');
-      break;
-    }
-  }
-
-  const pub = new PublicKeyObject(keypair?.publicKey as KeyObjectHandle);
-  const publicKey = new CryptoKey(pub, keyAlgorithm, publicUsages, true);
-
-  const priv = new PrivateKeyObject(keypair?.privateKey as KeyObjectHandle);
-  const privateKey = new CryptoKey(
-    priv,
-    keyAlgorithm,
-    privateUsages,
-    extractable
-  );
-
-  return { publicKey, privateKey };
-};
-
-export const rsaExportKey = (
-  key: CryptoKey,
-  format: KWebCryptoKeyFormat
-): ArrayBuffer => {
-  const variant = KeyVariantLookup[key.algorithm.name];
-  if (variant === undefined) {
-    throw lazyDOMException(
-      `Unrecognized algorithm name '${key.algorithm.name}'`,
-      'NotSupportedError'
-    );
-  }
-  return NativeQuickCrypto.webcrypto.rsaExportKey(
-    format,
-    key.keyObject.handle,
-    variant
-  );
-};
-
-export const rsaImportKey = (
-  format: ImportFormat,
-  keyData: BufferLike | JWK,
-  algorithm: SubtleAlgorithm,
-  extractable: boolean,
-  keyUsages: KeyUsage[]
-): CryptoKey => {
-  // const usagesSet = new SafeSet(keyUsages);
-  let keyObject: PublicKeyObject | PrivateKeyObject;
-  switch (format) {
-    case 'spki': {
-      verifyAcceptableRsaKeyUse(algorithm.name, true, keyUsages);
-      try {
-        keyObject = createPublicKey({
-          key: keyData,
-          format: 'der',
-          type: 'spki',
-        });
-      } catch (err) {
-        throw lazyDOMException('Invalid keyData', {
-          name: 'DataError',
-          cause: err,
-        });
-      }
-      break;
-    }
-    // case 'pkcs8': {
-    //   verifyAcceptableRsaKeyUse(algorithm.name, false, keyUsages);
-    //   try {
-    //     keyObject = createPrivateKey({
-    //       key: keyData,
-    //       format: 'der',
-    //       type: 'pkcs8',
-    //     });
-    //   } catch (err) {
-    //     throw lazyDOMException('Invalid keyData', {
-    //       name: 'DataError',
-    //       cause: err,
-    //     });
-    //   }
-    //   break;
-    // }
-    case 'jwk': {
-      const data = keyData as JWK;
-      if (!data.kty) {
-        throw lazyDOMException('Invalid keyData', 'DataError');
-      }
-      if (data.kty !== 'RSA')
-        throw lazyDOMException('Invalid JWK "kty" Parameter', 'DataError');
-
-      verifyAcceptableRsaKeyUse(
-        algorithm.name,
-        data.d === undefined,
-        keyUsages
-      );
-
-      if (keyUsages.length > 0 && data.use !== undefined) {
-        const checkUse = algorithm.name === 'RSA-OAEP' ? 'enc' : 'sig';
-        if (data.use !== checkUse)
-          throw lazyDOMException('Invalid JWK "use" Parameter', 'DataError');
-      }
-
-      validateKeyOps(data.key_ops, keyUsages);
-
-      if (
-        data.ext !== undefined &&
-        data.ext === false &&
-        extractable === true
-      ) {
-        throw lazyDOMException(
-          'JWK "ext" Parameter and extractable mismatch',
-          'DataError'
-        );
-      }
-
-      if (data.alg !== undefined) {
-        const hash = normalizeHashName(
-          data.alg as HashAlgorithm,
-          HashContext.WebCrypto
-        );
-        if (hash !== algorithm.hash)
-          throw lazyDOMException(
-            'JWK "alg" does not match the requested algorithm',
-            'DataError'
-          );
-      }
-
-      const handle = NativeQuickCrypto.webcrypto.createKeyObjectHandle();
-      const type = handle.initJwk(data);
-      if (type === undefined)
-        throw lazyDOMException('Invalid JWK', 'DataError');
-
-      keyObject =
-        type === KeyType.Private
-          ? new PrivateKeyObject(handle)
-          : new PublicKeyObject(handle);
-
-      break;
-    }
-    default:
-      throw lazyDOMException(
-        `Unable to import RSA key with format ${format}`,
-        'NotSupportedError'
-      );
-  }
-
-  if (keyObject.asymmetricKeyType !== 'rsa') {
-    throw lazyDOMException('Invalid key type', 'DataError');
-  }
-
-  const { modulusLength, publicExponent } = keyObject.handle.keyDetail();
-
-  if (publicExponent === undefined) {
-    throw lazyDOMException('publicExponent is undefined', 'DataError');
-  }
-
-  return new CryptoKey(
-    keyObject,
-    {
-      name: algorithm.name,
-      modulusLength,
-      publicExponent: new Uint8Array(publicExponent),
-      hash: algorithm.hash,
-    },
-    keyUsages,
-    extractable
-  );
-};
-
-// function rsaSignVerify(key, data, { saltLength }, signature) {
-//   let padding;
-//   if (key.algorithm.name === 'RSA-PSS') {
-//     padding = RSA_PKCS1_PSS_PADDING;
-//     // TODO(@jasnell): Validate maximum size of saltLength
-//     // based on the key size:
-//     //   Math.ceil((keySizeInBits - 1)/8) - digestSizeInBytes - 2
-//     validateInt32(saltLength, 'algorithm.saltLength', -2);
-//   }
-
-//   const mode = signature === undefined ? kSignJobModeSign : kSignJobModeVerify;
-//   const type = mode === kSignJobModeSign ? 'private' : 'public';
-
-//   if (key.type !== type)
-//     throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');
-
-//   return jobPromise(() => new SignJob(
-//     kCryptoJobAsync,
-//     signature === undefined ? kSignJobModeSign : kSignJobModeVerify,
-//     key[kKeyObject][kHandle],
-//     undefined,
-//     undefined,
-//     undefined,
-//     data,
-//     normalizeHashName(key.algorithm.hash.name),
-//     saltLength,
-//     padding,
-//     undefined,
-//     signature));
-// }
-
-// module.exports = {
-//   rsaCipher: rsaOaepCipher,
-//   rsaExportKey,
-//   rsaImportKey,
-//   rsaKeyGenerate,
-//   rsaSignVerify,
-// };

package/src/sig.ts

@@ -1,164 +0,0 @@
-import { NativeQuickCrypto } from './NativeQuickCrypto/NativeQuickCrypto';
-import type { InternalSign, InternalVerify } from './NativeQuickCrypto/sig';
-import Stream from 'readable-stream';
-
-// TODO(osp) same as publicCipher on node this are defined on C++ and exposed to node
-// Do the same here
-enum DSASigEnc {
-  kSigEncDER,
-  kSigEncP1363,
-}
-
-import {
-  type BinaryLike,
-  binaryLikeToArrayBuffer,
-  getDefaultEncoding,
-} from './Utils';
-import {
-  preparePrivateKey,
-  preparePublicOrPrivateKey,
-  type EncodingOptions,
-} from './keys';
-
-const createInternalSign = NativeQuickCrypto.createSign;
-const createInternalVerify = NativeQuickCrypto.createVerify;
-
-function getPadding(options: any) {
-  return getIntOption('padding', options);
-}
-
-function getSaltLength(options: any) {
-  return getIntOption('saltLength', options);
-}
-
-function getDSASignatureEncoding(options: any) {
-  if (typeof options === 'object') {
-    const { dsaEncoding = 'der' } = options;
-    if (dsaEncoding === 'der') return DSASigEnc.kSigEncDER;
-    else if (dsaEncoding === 'ieee-p1363') return DSASigEnc.kSigEncP1363;
-    throw new Error(`options.dsaEncoding: ${dsaEncoding} not a valid encoding`);
-  }
-
-  return DSASigEnc.kSigEncDER;
-}
-
-function getIntOption(name: string, options: any) {
-  const value = options[name];
-  if (value !== undefined) {
-    // eslint-disable-next-line no-bitwise
-    if (value === value >> 0) {
-      return value;
-    }
-    throw new Error(`options.${name}: ${value} not a valid int value`);
-  }
-  return undefined;
-}
-
-class Verify extends Stream.Writable {
-  private internal: InternalVerify;
-  constructor(algorithm: string, options: Stream.WritableOptions) {
-    super(options);
-    this.internal = createInternalVerify();
-    this.internal.init(algorithm);
-  }
-
-  _write(chunk: BinaryLike, encoding: string, callback: () => void) {
-    this.update(chunk, encoding);
-    callback();
-  }
-
-  update(data: BinaryLike, encoding?: string) {
-    encoding = encoding ?? getDefaultEncoding();
-    data = binaryLikeToArrayBuffer(data, encoding);
-    this.internal.update(data);
-    return this;
-  }
-
-  verify(options: EncodingOptions, signature: BinaryLike): boolean {
-    if (!options) {
-      throw new Error('Crypto sign key required');
-    }
-
-    const { data, format, type, passphrase } =
-      preparePublicOrPrivateKey(options);
-
-    const rsaPadding = getPadding(options);
-    const pssSaltLength = getSaltLength(options);
-
-    // Options specific to (EC)DSA
-    const dsaSigEnc = getDSASignatureEncoding(options);
-
-    const ret = this.internal.verify(
-      data,
-      format,
-      type,
-      passphrase,
-      binaryLikeToArrayBuffer(signature),
-      rsaPadding,
-      pssSaltLength,
-      dsaSigEnc
-    );
-
-    return ret;
-  }
-}
-
-class Sign extends Stream.Writable {
-  private internal: InternalSign;
-  constructor(algorithm: string, options: Stream.WritableOptions) {
-    super(options);
-    this.internal = createInternalSign();
-    this.internal.init(algorithm);
-  }
-
-  _write(chunk: BinaryLike, encoding: string, callback: () => void) {
-    this.update(chunk, encoding);
-    callback();
-  }
-
-  update(data: BinaryLike, encoding?: string) {
-    encoding = encoding ?? getDefaultEncoding();
-    data = binaryLikeToArrayBuffer(data, encoding);
-    this.internal.update(data);
-    return this;
-  }
-
-  sign(options: EncodingOptions, encoding?: string) {
-    if (!options) {
-      throw new Error('Crypto sign key required');
-    }
-
-    const { data, format, type, passphrase } = preparePrivateKey(options);
-
-    const rsaPadding = getPadding(options);
-    const pssSaltLength = getSaltLength(options);
-
-    // Options specific to (EC)DSA
-    const dsaSigEnc = getDSASignatureEncoding(options);
-
-    const ret = this.internal.sign(
-      data,
-      format,
-      type,
-      passphrase,
-      rsaPadding,
-      pssSaltLength,
-      dsaSigEnc
-    );
-
-    encoding = encoding || getDefaultEncoding();
-    if (encoding && encoding !== 'buffer') {
-      return Buffer.from(ret).toString(encoding as any);
-    }
-
-    return Buffer.from(ret);
-  }
-}
-
-export function createSign(algorithm: string, options?: any) {
-  return new Sign(algorithm, options);
-}
-
-export function createVerify(algorithm: string, options?: any) {
-  return new Verify(algorithm, options);
-}