react-native-quick-crypto 1.0.0-beta.2 → 1.0.0-beta.21

package/src/ec.ts

@@ -0,0 +1,432 @@
+import { NitroModules } from 'react-native-nitro-modules';
+import type { EcKeyPair } from './specs/ecKeyPair.nitro';
+import {
+  CryptoKey,
+  KeyObject,
+  PublicKeyObject,
+  PrivateKeyObject,
+} from './keys';
+import type {
+  CryptoKeyPair,
+  KeyPairOptions,
+  KeyUsage,
+  SubtleAlgorithm,
+  BufferLike,
+  BinaryLike,
+  JWK,
+  ImportFormat,
+} from './utils/types';
+import {
+  bufferLikeToArrayBuffer,
+  getUsagesUnion,
+  hasAnyNotIn,
+  kNamedCurveAliases,
+  lazyDOMException,
+  normalizeHashName,
+  HashContext,
+  KeyEncoding,
+  KFormatType,
+} from './utils';
+
+export class Ec {
+  native: EcKeyPair;
+
+  constructor(curve: string) {
+    this.native = NitroModules.createHybridObject<EcKeyPair>('EcKeyPair');
+    this.native.setCurve(curve);
+  }
+
+  async generateKeyPair(): Promise<CryptoKeyPair> {
+    await this.native.generateKeyPair();
+    return {
+      publicKey: this.native.getPublicKey(),
+      privateKey: this.native.getPrivateKey(),
+    };
+  }
+
+  generateKeyPairSync(): CryptoKeyPair {
+    this.native.generateKeyPairSync();
+    return {
+      publicKey: this.native.getPublicKey(),
+      privateKey: this.native.getPrivateKey(),
+    };
+  }
+}
+
+// function verifyAcceptableEcKeyUse(
+//   name: AnyAlgorithm,
+//   isPublic: boolean,
+//   usages: KeyUsage[],
+// ): void {
+//   let checkSet;
+//   switch (name) {
+//     case 'ECDH':
+//       checkSet = isPublic ? [] : ['deriveKey', 'deriveBits'];
+//       break;
+//     case 'ECDSA':
+//       checkSet = isPublic ? ['verify'] : ['sign'];
+//       break;
+//     default:
+//       throw lazyDOMException(
+//         'The algorithm is not supported',
+//         'NotSupportedError',
+//       );
+//   }
+//   if (hasAnyNotIn(usages, checkSet)) {
+//     throw lazyDOMException(
+//       `Unsupported key usage for a ${name} key`,
+//       'SyntaxError',
+//     );
+//   }
+// }
+
+// function createECPublicKeyRaw(
+//   namedCurve: NamedCurve | undefined,
+//   keyDataBuffer: ArrayBuffer,
+// ): PublicKeyObject {
+//   if (!namedCurve) {
+//     throw new Error('Invalid namedCurve');
+//   }
+//   const handle = NitroModules.createHybridObject(
+//     'KeyObjectHandle',
+//   ) as KeyObjectHandle;
+
+//   if (!handle.initECRaw(kNamedCurveAliases[namedCurve], keyDataBuffer)) {
+//     console.log('keyData', ab2str(keyDataBuffer));
+//     throw new Error('Invalid keyData 1');
+//   }
+
+//   return new PublicKeyObject(handle);
+// }
+
+// // Node API
+// export function ec_exportKey(key: CryptoKey, format: KeyFormat): ArrayBuffer {
+//   return ec.native.exportKey(format, key.keyObject.handle);
+// }
+
+// Node API
+export function ecImportKey(
+  format: ImportFormat,
+  keyData: BufferLike | BinaryLike | JWK,
+  algorithm: SubtleAlgorithm,
+  extractable: boolean,
+  keyUsages: KeyUsage[],
+): CryptoKey {
+  const { name, namedCurve } = algorithm;
+
+  if (
+    !namedCurve ||
+    !kNamedCurveAliases[namedCurve as keyof typeof kNamedCurveAliases]
+  ) {
+    throw lazyDOMException('Unrecognized namedCurve', 'NotSupportedError');
+  }
+
+  if (format !== 'spki' && format !== 'pkcs8' && format !== 'raw') {
+    throw lazyDOMException(
+      `Unsupported format: ${format}`,
+      'NotSupportedError',
+    );
+  }
+
+  // Handle JWK format separately
+  if (typeof keyData === 'object' && 'kty' in keyData) {
+    throw lazyDOMException('JWK format not yet supported', 'NotSupportedError');
+  }
+
+  // Convert keyData to ArrayBuffer
+  const keyBuffer = bufferLikeToArrayBuffer(keyData as BufferLike);
+
+  // Create EC instance with the curve
+  const ec = new Ec(namedCurve);
+
+  // Import the key using Nitro module
+  ec.native.importKey(
+    format === 'raw' ? 'der' : format, // Convert raw to der for now
+    keyBuffer,
+    name,
+    extractable,
+    keyUsages,
+  );
+
+  // Create a KeyObject wrapper for the imported key
+  // Use the EC instance's key data to create a proper KeyObject
+  const privateKeyData = ec.native.getPrivateKey();
+  const keyObject = new KeyObject('private', privateKeyData);
+
+  // Create and return CryptoKey
+  return new CryptoKey(keyObject, algorithm, keyUsages, extractable);
+  //     //   // verifyAcceptableEcKeyUse(name, true, usagesSet);
+  //     //   try {
+  //     //     keyObject = createPublicKey({
+  //     //       key: keyData,
+  //     //       format: 'der',
+  //     //       type: 'spki',
+  //     //     });
+  //     //   } catch (err) {
+  //     //     throw new Error(`Invalid keyData 2: ${err}`);
+  //     //   }
+  //     //   break;
+  //     // }
+  //     // case 'pkcs8': {
+  //     //   // verifyAcceptableEcKeyUse(name, false, usagesSet);
+  //     //   try {
+  //     //     keyObject = createPrivateKey({
+  //     //       key: keyData,
+  //     //       format: 'der',
+  //     //       type: 'pkcs8',
+  //     //     });
+  //     //   } catch (err) {
+  //     //     throw new Error(`Invalid keyData 3 ${err}`);
+  //     //   }
+  //     //   break;
+  //     // }
+}
+
+//     case 'jwk': {
+//       const data = keyData as JWK;
+
+//       if (!data.kty) throw lazyDOMException('Invalid keyData 4', 'DataError');
+//       if (data.kty !== 'EC')
+//         throw lazyDOMException('Invalid JWK "kty" Parameter', 'DataError');
+//       if (data.crv !== namedCurve)
+//         throw lazyDOMException(
+//           'JWK "crv" does not match the requested algorithm',
+//           'DataError',
+//         );
+
+//       verifyAcceptableEcKeyUse(name, data.d === undefined, keyUsages);
+
+//       if (keyUsages.length > 0 && data.use !== undefined) {
+//         const checkUse = name === 'ECDH' ? 'enc' : 'sig';
+//         if (data.use !== checkUse)
+//           throw lazyDOMException('Invalid JWK "use" Parameter', 'DataError');
+//       }
+
+//       validateKeyOps(data.key_ops, keyUsages);
+
+//       if (
+//         data.ext !== undefined &&
+//         data.ext === false &&
+//         extractable === true
+//       ) {
+//         throw lazyDOMException(
+//           'JWK "ext" Parameter and extractable mismatch',
+//           'DataError',
+//         );
+//       }
+
+//       if (algorithm.name === 'ECDSA' && data.alg !== undefined) {
+//         let algNamedCurve;
+//         switch (data.alg) {
+//           case 'ES256':
+//             algNamedCurve = 'P-256';
+//             break;
+//           case 'ES384':
+//             algNamedCurve = 'P-384';
+//             break;
+//           case 'ES512':
+//             algNamedCurve = 'P-521';
+//             break;
+//         }
+//         if (algNamedCurve !== namedCurve)
+//           throw lazyDOMException(
+//             'JWK "alg" does not match the requested algorithm',
+//             'DataError',
+//           );
+//       }
+
+//       const handle = NativeQuickCrypto.webcrypto.createKeyObjectHandle();
+//       const type = handle.initJwk(data, namedCurve);
+//       if (type === undefined)
+//         throw lazyDOMException('Invalid JWK', 'DataError');
+//       keyObject =
+//         type === KeyType.PRIVATE
+//           ? new PrivateKeyObject(handle)
+//           : new PublicKeyObject(handle);
+//       break;
+//     }
+//     case 'raw': {
+//       const data = keyData as BufferLike | BinaryLike;
+//       verifyAcceptableEcKeyUse(name, true, keyUsages);
+//       const buffer =
+//         typeof data === 'string'
+//           ? binaryLikeToArrayBuffer(data)
+//           : bufferLikeToArrayBuffer(data);
+//       keyObject = createECPublicKeyRaw(namedCurve, buffer);
+//       break;
+//     }
+//     default: {
+//       throw new Error(`Unknown EC import format: ${format}`);
+//     }
+//   }
+
+//   switch (algorithm.name) {
+//     case 'ECDSA':
+//     // Fall through
+//     case 'ECDH':
+//       if (keyObject.asymmetricKeyType !== ('ec' as AsymmetricKeyType))
+//         throw new Error('Invalid key type');
+//       break;
+//   }
+
+//   // if (!keyObject[kHandle].checkEcKeyData()) {
+//   //   throw new Error('Invalid keyData 5');
+//   // }
+
+//   // const { namedCurve: checkNamedCurve } = keyObject[kHandle].keyDetail({});
+//   // if (kNamedCurveAliases[namedCurve] !== checkNamedCurve)
+//   //   throw new Error('Named curve mismatch');
+
+//   return new CryptoKey(keyObject, { name, namedCurve }, keyUsages, extractable);
+// }
+
+// Node API
+export const ecdsaSignVerify = (
+  key: CryptoKey,
+  data: BufferLike,
+  { hash }: SubtleAlgorithm,
+  signature?: BufferLike,
+): ArrayBuffer | boolean => {
+  const isSign = signature === undefined;
+  const expectedKeyType = isSign ? 'private' : 'public';
+
+  if (key.type !== expectedKeyType) {
+    throw lazyDOMException(
+      `Key must be a ${expectedKeyType} key`,
+      'InvalidAccessError',
+    );
+  }
+
+  const hashName = typeof hash === 'string' ? hash : hash?.name;
+
+  if (!hashName) {
+    throw lazyDOMException(
+      'Hash algorithm is required for ECDSA',
+      'InvalidAccessError',
+    );
+  }
+
+  // Normalize hash algorithm name to WebCrypto format for C++ layer
+  const normalizedHashName = normalizeHashName(hashName, HashContext.WebCrypto);
+
+  // Create EC instance with the curve from the key
+  const namedCurve = key.algorithm.namedCurve!;
+  const ec = new Ec(namedCurve);
+
+  // Extract and import the actual key data from the CryptoKey
+  // Export in DER format with appropriate encoding
+  const encoding =
+    key.type === 'private' ? KeyEncoding.PKCS8 : KeyEncoding.SPKI;
+  const keyData = key.keyObject.handle.exportKey(KFormatType.DER, encoding);
+  const keyBuffer = bufferLikeToArrayBuffer(keyData);
+  ec.native.importKey(
+    'der',
+    keyBuffer,
+    key.algorithm.name!,
+    key.extractable,
+    key.usages,
+  );
+
+  const dataBuffer = bufferLikeToArrayBuffer(data);
+
+  if (isSign) {
+    // Sign operation
+    return ec.native.sign(dataBuffer, normalizedHashName);
+  } else {
+    // Verify operation
+    const signatureBuffer = bufferLikeToArrayBuffer(signature!);
+    return ec.native.verify(dataBuffer, signatureBuffer, normalizedHashName);
+  }
+};
+
+// Node API
+
+export async function ec_generateKeyPair(
+  name: string,
+  namedCurve: string,
+  extractable: boolean,
+  keyUsages: KeyUsage[],
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  _options?: KeyPairOptions, // TODO: Implement format options support
+): Promise<CryptoKeyPair> {
+  // validation checks
+  if (!Object.keys(kNamedCurveAliases).includes(namedCurve || '')) {
+    throw lazyDOMException(
+      `Unrecognized namedCurve '${namedCurve}'`,
+      'NotSupportedError',
+    );
+  }
+
+  // const usageSet = new SafeSet(keyUsages);
+  switch (name) {
+    case 'ECDSA':
+      if (hasAnyNotIn(keyUsages, ['sign', 'verify'])) {
+        throw lazyDOMException(
+          'Unsupported key usage for an ECDSA key',
+          'SyntaxError',
+        );
+      }
+      break;
+    case 'ECDH':
+      if (hasAnyNotIn(keyUsages, ['deriveKey', 'deriveBits'])) {
+        throw lazyDOMException(
+          'Unsupported key usage for an ECDH key',
+          'SyntaxError',
+        );
+      }
+    // Fall through
+  }
+
+  const ec = new Ec(namedCurve!);
+  await ec.generateKeyPair();
+
+  let publicUsages: KeyUsage[] = [];
+  let privateUsages: KeyUsage[] = [];
+  switch (name) {
+    case 'ECDSA':
+      publicUsages = getUsagesUnion(keyUsages, 'verify');
+      privateUsages = getUsagesUnion(keyUsages, 'sign');
+      break;
+    case 'ECDH':
+      publicUsages = [];
+      privateUsages = getUsagesUnion(keyUsages, 'deriveKey', 'deriveBits');
+      break;
+  }
+
+  const keyAlgorithm = { name, namedCurve: namedCurve! };
+
+  // Export keys directly from the EC key pair using the internal EVP_PKEY
+  // These methods export in DER format (SPKI for public, PKCS8 for private)
+  const publicKeyData = ec.native.getPublicKey();
+  const privateKeyData = ec.native.getPrivateKey();
+
+  const pub = KeyObject.createKeyObject(
+    'public',
+    publicKeyData,
+    'der',
+    'spki',
+  ) as PublicKeyObject;
+  const publicKey = new CryptoKey(
+    pub,
+    keyAlgorithm as SubtleAlgorithm,
+    publicUsages,
+    true,
+  );
+
+  // All keys are now exported in PKCS8 format for consistency
+  const privateEncoding = 'pkcs8';
+  const priv = KeyObject.createKeyObject(
+    'private',
+    privateKeyData,
+    'der',
+    privateEncoding as 'pkcs8' | 'spki' | 'sec1',
+  ) as PrivateKeyObject;
+  const privateKey = new CryptoKey(
+    priv,
+    keyAlgorithm as SubtleAlgorithm,
+    privateUsages,
+    extractable,
+  );
+
+  return { publicKey, privateKey };
+}

package/src/ed.ts

@@ -0,0 +1,256 @@
+import { NitroModules } from 'react-native-nitro-modules';
+import { Buffer } from '@craftzdog/react-native-buffer';
+import type { AsymmetricKeyObject, PrivateKeyObject } from './keys';
+import type { EdKeyPair } from './specs/edKeyPair.nitro';
+import type {
+  BinaryLike,
+  CFRGKeyPairType,
+  DiffieHellmanCallback,
+  DiffieHellmanOptions,
+  GenerateKeyPairCallback,
+  GenerateKeyPairReturn,
+  Hex,
+  KeyPairGenConfig,
+  KeyPairType,
+} from './utils';
+import { binaryLikeToArrayBuffer as toAB } from './utils';
+
+export class Ed {
+  type: CFRGKeyPairType;
+  config: KeyPairGenConfig;
+  native: EdKeyPair;
+
+  constructor(type: CFRGKeyPairType, config: KeyPairGenConfig) {
+    this.type = type;
+    this.config = config;
+    this.native = NitroModules.createHybridObject<EdKeyPair>('EdKeyPair');
+    this.native.setCurve(type);
+  }
+
+  /**
+   * Computes the Diffie-Hellman secret based on a privateKey and a publicKey.
+   * Both keys must have the same asymmetricKeyType, which must be one of 'dh'
+   * (for Diffie-Hellman), 'ec', 'x448', or 'x25519' (for ECDH).
+   *
+   * @api nodejs/node
+   *
+   * @param options `{ privateKey, publicKey }`, both of which are `KeyObject`s
+   * @param callback optional `(err, secret) => void`
+   * @returns `Buffer` if no callback, or `void` if callback is provided
+   */
+  diffieHellman(
+    options: DiffieHellmanOptions,
+    callback?: DiffieHellmanCallback,
+  ): Buffer | void {
+    checkDiffieHellmanOptions(options);
+
+    // key types must be of certain type
+    const keyType = (options.privateKey as AsymmetricKeyObject)
+      .asymmetricKeyType;
+    switch (keyType) {
+      case 'x25519':
+      case 'x448':
+        break;
+      default:
+        throw new Error(`Unsupported or unimplemented curve type: ${keyType}`);
+    }
+
+    // extract the private and public keys as ArrayBuffers
+    const privateKey = toAB(options.privateKey);
+    const publicKey = toAB(options.publicKey);
+
+    try {
+      const ret = this.native.diffieHellman(privateKey, publicKey);
+      if (!ret) {
+        throw new Error('No secret');
+      }
+      if (callback) {
+        callback(null, Buffer.from(ret));
+      } else {
+        return Buffer.from(ret);
+      }
+    } catch (e: unknown) {
+      const err = e as Error;
+      if (callback) {
+        callback(err, undefined);
+      } else {
+        throw err;
+      }
+    }
+  }
+
+  async generateKeyPair(): Promise<void> {
+    this.native.generateKeyPair(
+      this.config.publicFormat || (-1 as number),
+      this.config.publicType || (-1 as number),
+      this.config.privateFormat || (-1 as number),
+      this.config.privateType || (-1 as number),
+      this.config.cipher as string,
+      this.config.passphrase as ArrayBuffer,
+    );
+  }
+
+  generateKeyPairSync(): void {
+    this.native.generateKeyPairSync(
+      this.config.publicFormat || (-1 as number),
+      this.config.publicType || (-1 as number),
+      this.config.privateFormat || (-1 as number),
+      this.config.privateType || (-1 as number),
+      this.config.cipher as string,
+      this.config.passphrase as ArrayBuffer,
+    );
+  }
+
+  getPublicKey(): ArrayBuffer {
+    return this.native.getPublicKey();
+  }
+
+  getPrivateKey(): ArrayBuffer {
+    return this.native.getPrivateKey();
+  }
+
+  /**
+   * Computes the Diffie-Hellman shared secret based on a privateKey and a
+   * publicKey for key exchange
+   *
+   * @api \@paulmillr/noble-curves/ed25519
+   *
+   * @param privateKey
+   * @param publicKey
+   * @returns shared secret key
+   */
+  getSharedSecret(privateKey: Hex, publicKey: Hex): ArrayBuffer {
+    return this.native.diffieHellman(toAB(privateKey), toAB(publicKey));
+  }
+
+  async sign(message: BinaryLike, key?: BinaryLike): Promise<ArrayBuffer> {
+    return key
+      ? this.native.sign(toAB(message), toAB(key))
+      : this.native.sign(toAB(message));
+  }
+
+  signSync(message: BinaryLike, key?: BinaryLike): ArrayBuffer {
+    return key
+      ? this.native.signSync(toAB(message), toAB(key))
+      : this.native.signSync(toAB(message));
+  }
+
+  async verify(
+    signature: BinaryLike,
+    message: BinaryLike,
+    key?: BinaryLike,
+  ): Promise<boolean> {
+    return key
+      ? this.native.verify(toAB(signature), toAB(message), toAB(key))
+      : this.native.verify(toAB(signature), toAB(message));
+  }
+
+  verifySync(
+    signature: BinaryLike,
+    message: BinaryLike,
+    key?: BinaryLike,
+  ): boolean {
+    return key
+      ? this.native.verifySync(toAB(signature), toAB(message), toAB(key))
+      : this.native.verifySync(toAB(signature), toAB(message));
+  }
+}
+
+// Node API
+export function diffieHellman(
+  options: DiffieHellmanOptions,
+  callback?: DiffieHellmanCallback,
+): Buffer | void {
+  const privateKey = options.privateKey as PrivateKeyObject;
+  const type = privateKey.asymmetricKeyType as CFRGKeyPairType;
+  const ed = new Ed(type, {});
+  return ed.diffieHellman(options, callback);
+}
+
+// Node API
+export function ed_generateKeyPair(
+  isAsync: boolean,
+  type: KeyPairType,
+  encoding: KeyPairGenConfig,
+  callback: GenerateKeyPairCallback | undefined,
+): GenerateKeyPairReturn | void {
+  const ed = new Ed(type, encoding);
+
+  // Async path
+  if (isAsync) {
+    if (!callback) {
+      // This should not happen if called from public API
+      throw new Error('A callback is required for async key generation.');
+    }
+    ed.generateKeyPair()
+      .then(() => {
+        callback(undefined, ed.getPublicKey(), ed.getPrivateKey());
+      })
+      .catch(err => {
+        callback(err, undefined, undefined);
+      });
+    return;
+  }
+
+  // Sync path
+  let err: Error | undefined;
+  try {
+    ed.generateKeyPairSync();
+  } catch (e) {
+    err = e instanceof Error ? e : new Error(String(e));
+  }
+
+  if (callback) {
+    callback(err, ed.getPublicKey(), ed.getPrivateKey());
+    return;
+  }
+  return [err, ed.getPublicKey(), ed.getPrivateKey()];
+}
+
+function checkDiffieHellmanOptions(options: DiffieHellmanOptions): void {
+  const { privateKey, publicKey } = options;
+
+  // Check if keys are KeyObject instances
+  if (
+    !privateKey ||
+    typeof privateKey !== 'object' ||
+    !('type' in privateKey)
+  ) {
+    throw new Error('privateKey must be a KeyObject');
+  }
+  if (!publicKey || typeof publicKey !== 'object' || !('type' in publicKey)) {
+    throw new Error('publicKey must be a KeyObject');
+  }
+
+  // type checks
+  if (privateKey.type !== 'private') {
+    throw new Error('privateKey must be a private KeyObject');
+  }
+  if (publicKey.type !== 'public') {
+    throw new Error('publicKey must be a public KeyObject');
+  }
+
+  // For asymmetric keys, check if they have the asymmetricKeyType property
+  const privateKeyAsym = privateKey as AsymmetricKeyObject;
+  const publicKeyAsym = publicKey as AsymmetricKeyObject;
+
+  // key types must match
+  if (
+    privateKeyAsym.asymmetricKeyType &&
+    publicKeyAsym.asymmetricKeyType &&
+    privateKeyAsym.asymmetricKeyType !== publicKeyAsym.asymmetricKeyType
+  ) {
+    throw new Error('Keys must be asymmetric and their types must match');
+  }
+
+  switch (privateKeyAsym.asymmetricKeyType) {
+    // case 'dh': // TODO: uncomment when implemented
+    case 'x25519':
+    case 'x448':
+      break;
+    default:
+      throw new Error(
+        `Unknown curve type: ${privateKeyAsym.asymmetricKeyType}`,
+      );
+  }
+}

package/src/expo-plugin/@types.ts

@@ -0,0 +1,7 @@
+export type ConfigProps = {
+  /**
+   * Enable libsodium support
+   * @default false
+   */
+  sodiumEnabled?: boolean;
+};