react-native-quick-crypto 1.0.0-beta.2 → 1.0.0-beta.21

package/src/keys/utils.ts

@@ -0,0 +1,190 @@
+import {
+  binaryLikeToArrayBuffer,
+  isStringOrBuffer,
+  KeyEncoding,
+  KFormatType,
+} from '../utils';
+import type { CryptoKeyPair, EncodingOptions } from '../utils';
+import type { CryptoKey } from './classes';
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const isCryptoKey = (obj: any): boolean => {
+  return obj !== null && obj?.keyObject !== undefined;
+};
+
+export function getCryptoKeyPair(
+  key: CryptoKey | CryptoKeyPair,
+): CryptoKeyPair {
+  if ('publicKey' in key && 'privateKey' in key) return key;
+  throw new Error('Invalid CryptoKeyPair');
+}
+
+/**
+ * Parses the public key encoding based on an object. keyType must be undefined
+ * when this is used to parse an input encoding and must be a valid key type if
+ * used to parse an output encoding.
+ */
+export function parsePublicKeyEncoding(
+  enc: EncodingOptions,
+  keyType: string | undefined,
+  objName?: string,
+) {
+  return parseKeyEncoding(enc, keyType, keyType ? true : undefined, objName);
+}
+
+/**
+ * Parses the private key encoding based on an object. keyType must be undefined
+ * when this is used to parse an input encoding and must be a valid key type if
+ * used to parse an output encoding.
+ */
+export function parsePrivateKeyEncoding(
+  enc: EncodingOptions,
+  keyType: string | undefined,
+  objName?: string,
+) {
+  return parseKeyEncoding(enc, keyType, false, objName);
+}
+
+export function parseKeyEncoding(
+  enc: EncodingOptions,
+  keyType?: string,
+  isPublic?: boolean,
+  objName?: string,
+) {
+  // validateObject(enc, 'options');
+
+  const isInput = keyType === undefined;
+
+  const { format, type } = parseKeyFormatAndType(
+    enc,
+    keyType,
+    isPublic,
+    objName,
+  );
+
+  let cipher, passphrase, encoding;
+  if (isPublic !== true) {
+    ({ cipher, passphrase, encoding } = enc);
+
+    if (!isInput) {
+      if (cipher != null) {
+        if (typeof cipher !== 'string')
+          throw new Error(
+            `Invalid argument ${option('cipher', objName)}: ${cipher}`,
+          );
+        if (
+          format === KFormatType.DER &&
+          (type === KeyEncoding.PKCS1 || type === KeyEncoding.SEC1)
+        ) {
+          throw new Error(
+            `Incompatible key options ${encodingNames[type]} does not support encryption`,
+          );
+        }
+      } else if (passphrase !== undefined) {
+        throw new Error(
+          `invalid argument ${option('cipher', objName)}: ${cipher}`,
+        );
+      }
+    }
+
+    if (
+      (isInput && passphrase !== undefined && !isStringOrBuffer(passphrase)) ||
+      (!isInput && cipher != null && !isStringOrBuffer(passphrase))
+    ) {
+      throw new Error(
+        `Invalid argument value ${option('passphrase', objName)}: ${passphrase}`,
+      );
+    }
+  }
+
+  if (passphrase !== undefined)
+    passphrase = binaryLikeToArrayBuffer(passphrase, encoding);
+
+  return { format, type, cipher, passphrase };
+}
+
+const encodingNames = {
+  [KeyEncoding.PKCS1]: 'pkcs1',
+  [KeyEncoding.PKCS8]: 'pkcs8',
+  [KeyEncoding.SPKI]: 'spki',
+  [KeyEncoding.SEC1]: 'sec1',
+};
+
+function option(name: string, objName?: string) {
+  return objName === undefined
+    ? `options.${name}`
+    : `options.${objName}.${name}`;
+}
+
+function parseKeyFormat(
+  formatStr?: string,
+  defaultFormat?: KFormatType,
+  optionName?: string,
+) {
+  if (formatStr === undefined && defaultFormat !== undefined)
+    return defaultFormat;
+  else if (formatStr === 'pem') return KFormatType.PEM;
+  else if (formatStr === 'der') return KFormatType.DER;
+  else if (formatStr === 'jwk') return KFormatType.JWK;
+  throw new Error(`Invalid key format str: ${optionName}`);
+}
+
+function parseKeyType(
+  typeStr: string | undefined,
+  required: boolean,
+  keyType: string | undefined,
+  isPublic: boolean | undefined,
+  optionName: string,
+): KeyEncoding | undefined {
+  if (typeStr === undefined && !required) {
+    return undefined;
+  } else if (typeStr === 'pkcs1') {
+    if (keyType !== undefined && keyType !== 'rsa') {
+      throw new Error(
+        `Crypto incompatible key options: ${typeStr} can only be used for RSA keys`,
+      );
+    }
+    return KeyEncoding.PKCS1;
+  } else if (typeStr === 'spki' && isPublic !== false) {
+    return KeyEncoding.SPKI;
+  } else if (typeStr === 'pkcs8' && isPublic !== true) {
+    return KeyEncoding.PKCS8;
+  } else if (typeStr === 'sec1' && isPublic !== true) {
+    if (keyType !== undefined && keyType !== 'ec') {
+      throw new Error(
+        `Incompatible key options ${typeStr} can only be used for EC keys`,
+      );
+    }
+    return KeyEncoding.SEC1;
+  }
+
+  throw new Error(`Invalid option ${optionName} - ${typeStr}`);
+}
+
+function parseKeyFormatAndType(
+  enc: EncodingOptions,
+  keyType?: string,
+  isPublic?: boolean,
+  objName?: string,
+) {
+  const { format: formatStr, type: typeStr } = enc;
+
+  const isInput = keyType === undefined;
+  const format = parseKeyFormat(
+    formatStr,
+    isInput ? KFormatType.PEM : undefined,
+    option('format', objName),
+  );
+
+  const isRequired =
+    (!isInput || format === KFormatType.DER) && format !== KFormatType.JWK;
+
+  const type = parseKeyType(
+    typeStr,
+    isRequired,
+    keyType,
+    isPublic,
+    option('type', objName),
+  );
+  return { format, type };
+}

package/src/pbkdf2.ts

@@ -0,0 +1,154 @@
+import { Buffer } from '@craftzdog/react-native-buffer';
+import { NitroModules } from 'react-native-nitro-modules';
+import type { BinaryLike } from './utils';
+import {
+  HashContext,
+  binaryLikeToArrayBuffer,
+  bufferLikeToArrayBuffer,
+  lazyDOMException,
+  normalizeHashName,
+} from './utils';
+import type { HashAlgorithm, SubtleAlgorithm } from './utils';
+import type { Pbkdf2 } from './specs/pbkdf2.nitro';
+import { promisify } from 'util';
+import type { CryptoKey } from './keys';
+
+const WRONG_PASS =
+  'Password must be a string, a Buffer, a typed array or a DataView';
+const WRONG_SALT = `Salt must be a string, a Buffer, a typed array or a DataView`;
+
+type Password = BinaryLike;
+type Salt = BinaryLike;
+type Pbkdf2Callback = (err: Error | null, derivedKey?: Buffer) => void;
+
+// to use native bits in sub-functions, use getNative(). don't call it at top-level!
+let native: Pbkdf2;
+function getNative(): Pbkdf2 {
+  if (native == null) {
+    // lazy-load the Nitro HybridObject
+    native = NitroModules.createHybridObject<Pbkdf2>('Pbkdf2');
+  }
+  return native;
+}
+
+function sanitizeInput(input: BinaryLike, errorMsg: string): ArrayBuffer {
+  try {
+    return binaryLikeToArrayBuffer(input);
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  } catch (_e: unknown) {
+    throw new Error(errorMsg);
+  }
+}
+
+export function pbkdf2(
+  password: Password,
+  salt: Salt,
+  iterations: number,
+  keylen: number,
+  digest: string,
+  callback: Pbkdf2Callback,
+): void {
+  if (callback === undefined || typeof callback !== 'function') {
+    throw new Error('No callback provided to pbkdf2');
+  }
+  const sanitizedPassword = sanitizeInput(password, WRONG_PASS);
+  const sanitizedSalt = sanitizeInput(salt, WRONG_SALT);
+  const normalizedDigest = normalizeHashName(digest, HashContext.Node);
+
+  getNative();
+  native
+    .pbkdf2(
+      sanitizedPassword,
+      sanitizedSalt,
+      iterations,
+      keylen,
+      normalizedDigest,
+    )
+    .then(
+      (res: ArrayBuffer) => {
+        callback!(null, Buffer.from(res));
+      },
+      (e: Error) => {
+        callback!(e);
+      },
+    );
+}
+
+export function pbkdf2Sync(
+  password: Password,
+  salt: Salt,
+  iterations: number,
+  keylen: number,
+  digest?: HashAlgorithm,
+): Buffer {
+  const sanitizedPassword = sanitizeInput(password, WRONG_PASS);
+  const sanitizedSalt = sanitizeInput(salt, WRONG_SALT);
+
+  const algo = digest ? normalizeHashName(digest, HashContext.Node) : 'sha1';
+  getNative();
+  const result: ArrayBuffer = native.pbkdf2Sync(
+    sanitizedPassword,
+    sanitizedSalt,
+    iterations,
+    keylen,
+    algo,
+  );
+
+  return Buffer.from(result);
+}
+
+// We need this because the typescript  overload signatures in pbkdf2() above do
+// not play nice with promisify() below.
+const pbkdf2WithDigest = (
+  password: Password,
+  salt: Salt,
+  iterations: number,
+  keylen: number,
+  digest: HashAlgorithm,
+  callback: Pbkdf2Callback,
+) => pbkdf2(password, salt, iterations, keylen, digest, callback);
+
+const pbkdf2Promise = promisify(pbkdf2WithDigest);
+export async function pbkdf2DeriveBits(
+  algorithm: SubtleAlgorithm,
+  baseKey: CryptoKey,
+  length: number,
+): Promise<ArrayBuffer> {
+  const { iterations, hash, salt } = algorithm;
+  const normalizedHash = normalizeHashName(hash);
+  if (!normalizedHash) {
+    throw lazyDOMException('hash cannot be blank', 'OperationError');
+  }
+  if (!iterations || iterations === 0) {
+    throw lazyDOMException('iterations cannot be zero', 'OperationError');
+  }
+  if (!salt) {
+    throw lazyDOMException(WRONG_SALT, 'OperationError');
+  }
+  const raw = baseKey.keyObject.export();
+
+  if (length === 0)
+    throw lazyDOMException('length cannot be zero', 'OperationError');
+  if (length === null)
+    throw lazyDOMException('length cannot be null', 'OperationError');
+  if (length % 8) {
+    throw lazyDOMException('length must be a multiple of 8', 'OperationError');
+  }
+
+  const sanitizedPassword = sanitizeInput(raw, WRONG_PASS);
+  const sanitizedSalt = sanitizeInput(salt, WRONG_SALT);
+  const result: Buffer | undefined = await pbkdf2Promise(
+    sanitizedPassword,
+    sanitizedSalt,
+    iterations,
+    length / 8,
+    normalizedHash as HashAlgorithm,
+  );
+  if (!result) {
+    throw lazyDOMException(
+      'received bad result from pbkdf2()',
+      'OperationError',
+    );
+  }
+  return bufferLikeToArrayBuffer(result);
+}

package/src/random.ts

@@ -1,6 +1,6 @@
 import { Buffer } from '@craftzdog/react-native-buffer';
-import type { ArrayBufferView, RandomCallback } from './utils/types';
-import { abvToArrayBuffer } from './utils/conversion';
+import type { ABV, RandomCallback } from './utils';
+import { abvToArrayBuffer } from './utils';
 import { NitroModules } from 'react-native-nitro-modules';
 import type { Random } from './specs/random.nitro';
 
@@ -14,32 +14,32 @@ function getNative(): Random {
   return random;
 }
 
-export function randomFill<T extends ArrayBufferView>(
+export function randomFill<T extends ABV>(
   buffer: T,
-  callback: RandomCallback<T>
+  callback: RandomCallback<T>,
 ): void;
 
-export function randomFill<T extends ArrayBufferView>(
+export function randomFill<T extends ABV>(
   buffer: T,
   offset: number,
-  callback: RandomCallback<T>
+  callback: RandomCallback<T>,
 ): void;
 
-export function randomFill<T extends ArrayBufferView>(
+export function randomFill<T extends ABV>(
   buffer: T,
   offset: number,
   size: number,
-  callback: RandomCallback<T>
+  callback: RandomCallback<T>,
 ): void;
 
-export function randomFill(buffer: ArrayBufferView, ...rest: unknown[]): void {
+export function randomFill(buffer: ABV, ...rest: unknown[]): void {
   if (typeof rest[rest.length - 1] !== 'function') {
     throw new Error('No callback provided to randomFill');
   }
 
   const callback = rest[rest.length - 1] as unknown as (
     err: Error | null,
-    buf?: ArrayBuffer
+    buf?: ArrayBuffer,
   ) => void;
 
   let offset: number = 0;
@@ -61,21 +61,17 @@ export function randomFill(buffer: ArrayBufferView, ...rest: unknown[]): void {
     },
     (e: Error) => {
       callback(e);
-    }
+    },
   );
 }
 
-export function randomFillSync<T extends ArrayBufferView>(
+export function randomFillSync<T extends ABV>(
   buffer: T,
   offset?: number,
-  size?: number
+  size?: number,
 ): T;
 
-export function randomFillSync(
-  buffer: ArrayBufferView,
-  offset: number = 0,
-  size?: number
-) {
+export function randomFillSync(buffer: ABV, offset: number = 0, size?: number) {
   getNative();
   buffer = abvToArrayBuffer(buffer);
   const res = random.randomFillSync(buffer, offset, size ?? buffer.byteLength);
@@ -87,12 +83,12 @@ export function randomBytes(size: number): Buffer;
 
 export function randomBytes(
   size: number,
-  callback: (err: Error | null, buf?: Buffer) => void
+  callback: (err: Error | null, buf?: Buffer) => void,
 ): void;
 
 export function randomBytes(
   size: number,
-  callback?: (err: Error | null, buf?: Buffer) => void
+  callback?: (err: Error | null, buf?: Buffer) => void,
 ): void | Buffer {
   const buf = new Buffer(size);
 
@@ -141,13 +137,13 @@ export function randomInt(max: number): number;
 export function randomInt(
   min: number,
   max: number,
-  callback: RandomIntCallback
+  callback: RandomIntCallback,
 ): void;
 export function randomInt(min: number, max: number): number;
 export function randomInt(
   arg1: number,
   arg2?: number | RandomIntCallback,
-  callback?: RandomIntCallback
+  callback?: RandomIntCallback,
 ): void | number {
   // Detect optional min syntax
   // randomInt(max)
@@ -253,7 +249,7 @@ function asyncRefillRandomIntCache() {
     // callback (errorReceiver) about it. This way, every async call to
     // randomInt has a chance of being successful, and it avoids complex
     // exception handling here.
-    tasks.splice(0).forEach((task) => {
+    tasks.splice(0).forEach(task => {
       randomInt(task.min, task.max, task.callback);
     });
 
@@ -273,6 +269,13 @@ export type RandomTypedArrays =
   | Uint8Array
   | Uint16Array
   | Uint32Array;
+
+/**
+ * Fills the provided typed array with cryptographically strong random values.
+ *
+ * @param data The data to fill with random values
+ * @returns The filled data
+ */
 export function getRandomValues(data: RandomTypedArrays) {
   if (data.byteLength > 65536) {
     throw new Error('The requested length exceeds 65,536 bytes');

package/src/rsa.ts

@@ -0,0 +1,176 @@
+import { NitroModules } from 'react-native-nitro-modules';
+import {
+  CryptoKey,
+  KeyObject,
+  PrivateKeyObject,
+  PublicKeyObject,
+} from './keys';
+import {
+  getUsagesUnion,
+  hasAnyNotIn,
+  lazyDOMException,
+  normalizeHashName,
+} from './utils';
+import type {
+  CryptoKeyPair,
+  KeyUsage,
+  RsaHashedKeyGenParams,
+  SubtleAlgorithm,
+} from './utils';
+import type { RsaKeyPair } from './specs/rsaKeyPair.nitro';
+
+export class Rsa {
+  native: RsaKeyPair;
+
+  constructor(
+    modulusLength: number,
+    publicExponent: Uint8Array,
+    hashAlgorithm: string,
+  ) {
+    this.native = NitroModules.createHybridObject<RsaKeyPair>('RsaKeyPair');
+    this.native.setModulusLength(modulusLength);
+    this.native.setPublicExponent(
+      publicExponent.buffer.slice(
+        publicExponent.byteOffset,
+        publicExponent.byteOffset + publicExponent.byteLength,
+      ) as ArrayBuffer,
+    );
+    this.native.setHashAlgorithm(hashAlgorithm);
+  }
+
+  async generateKeyPair(): Promise<CryptoKeyPair> {
+    await this.native.generateKeyPair();
+    return {
+      publicKey: this.native.getPublicKey(),
+      privateKey: this.native.getPrivateKey(),
+    };
+  }
+
+  generateKeyPairSync(): CryptoKeyPair {
+    this.native.generateKeyPairSync();
+    return {
+      publicKey: this.native.getPublicKey(),
+      privateKey: this.native.getPrivateKey(),
+    };
+  }
+}
+
+// Node API
+export async function rsa_generateKeyPair(
+  algorithm: SubtleAlgorithm,
+  extractable: boolean,
+  keyUsages: KeyUsage[],
+): Promise<CryptoKeyPair> {
+  const { name, modulusLength, publicExponent, hash } =
+    algorithm as RsaHashedKeyGenParams;
+
+  // Validate parameters first
+  if (!modulusLength || modulusLength < 256) {
+    throw lazyDOMException('Invalid key length', 'OperationError');
+  }
+
+  if (!publicExponent || publicExponent.length === 0) {
+    throw lazyDOMException('Invalid public exponent', 'OperationError');
+  }
+
+  // Validate hash algorithm using existing validation function
+  let hashName: string;
+  try {
+    const normalizedHash = normalizeHashName(hash);
+    hashName = typeof hash === 'string' ? hash : hash?.name || normalizedHash;
+  } catch {
+    throw lazyDOMException('Invalid Hash Algorithm', 'NotSupportedError');
+  }
+
+  // Validate usages are not empty
+  if (keyUsages.length === 0) {
+    throw lazyDOMException('Usages cannot be empty', 'SyntaxError');
+  }
+
+  // Usage validation based on algorithm type
+  switch (name) {
+    case 'RSASSA-PKCS1-v1_5':
+      if (hasAnyNotIn(keyUsages, ['sign', 'verify'])) {
+        throw lazyDOMException(
+          `Unsupported key usage for a ${name} key`,
+          'SyntaxError',
+        );
+      }
+      break;
+    case 'RSA-PSS':
+      if (hasAnyNotIn(keyUsages, ['sign', 'verify'])) {
+        throw lazyDOMException(
+          `Unsupported key usage for a ${name} key`,
+          'SyntaxError',
+        );
+      }
+      break;
+    case 'RSA-OAEP':
+      if (
+        hasAnyNotIn(keyUsages, ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'])
+      ) {
+        throw lazyDOMException(
+          `Unsupported key usage for a ${name} key`,
+          'SyntaxError',
+        );
+      }
+      break;
+    default:
+      throw lazyDOMException(
+        'The algorithm is not supported',
+        'NotSupportedError',
+      );
+  }
+
+  // Split usages between public and private keys
+  let publicUsages: KeyUsage[] = [];
+  let privateUsages: KeyUsage[] = [];
+  switch (name) {
+    case 'RSASSA-PKCS1-v1_5':
+    case 'RSA-PSS':
+      publicUsages = getUsagesUnion(keyUsages, 'verify');
+      privateUsages = getUsagesUnion(keyUsages, 'sign');
+      break;
+    case 'RSA-OAEP':
+      publicUsages = getUsagesUnion(keyUsages, 'encrypt', 'wrapKey');
+      privateUsages = getUsagesUnion(keyUsages, 'decrypt', 'unwrapKey');
+      break;
+  }
+
+  // Validate that private key has usages for CryptoKeyPair
+  if (privateUsages.length === 0) {
+    throw lazyDOMException('Usages cannot be empty', 'SyntaxError');
+  }
+
+  const rsa = new Rsa(modulusLength, publicExponent, hashName);
+  await rsa.generateKeyPair();
+
+  const keyAlgorithm = {
+    name,
+    modulusLength,
+    publicExponent,
+    hash: { name: hashName },
+  };
+
+  // Create KeyObject instances using the standard createKeyObject method
+  const publicKeyData = rsa.native.getPublicKey();
+  const pub = KeyObject.createKeyObject(
+    'public',
+    publicKeyData,
+  ) as PublicKeyObject;
+  const publicKey = new CryptoKey(pub, keyAlgorithm, publicUsages, true);
+
+  const privateKeyData = rsa.native.getPrivateKey();
+  const priv = KeyObject.createKeyObject(
+    'private',
+    privateKeyData,
+  ) as PrivateKeyObject;
+  const privateKey = new CryptoKey(
+    priv,
+    keyAlgorithm,
+    privateUsages,
+    extractable,
+  );
+
+  return { publicKey, privateKey };
+}

package/src/specs/blake3.nitro.ts

@@ -0,0 +1,12 @@
+import type { HybridObject } from 'react-native-nitro-modules';
+
+export interface Blake3 extends HybridObject<{ ios: 'c++'; android: 'c++' }> {
+  initHash(): void;
+  initKeyed(key: ArrayBuffer): void;
+  initDeriveKey(context: string): void;
+  update(data: ArrayBuffer): void;
+  digest(length?: number): ArrayBuffer;
+  reset(): void;
+  copy(): Blake3;
+  getVersion(): string;
+}

package/src/specs/cipher.nitro.ts

@@ -0,0 +1,25 @@
+import type { HybridObject } from 'react-native-nitro-modules';
+
+type CipherArgs = {
+  isCipher: boolean;
+  cipherType: string;
+  cipherKey: ArrayBuffer;
+  iv: ArrayBuffer;
+  authTagLen?: number;
+};
+
+export interface Cipher extends HybridObject<{ ios: 'c++'; android: 'c++' }> {
+  update(data: ArrayBuffer): ArrayBuffer;
+  final(): ArrayBuffer;
+  setArgs(args: CipherArgs): void;
+  setAAD(data: ArrayBuffer, plaintextLength?: number): boolean;
+  setAutoPadding(autoPad: boolean): boolean;
+  setAuthTag(tag: ArrayBuffer): boolean;
+  getAuthTag(): ArrayBuffer;
+  getSupportedCiphers(): string[];
+}
+
+export interface CipherFactory
+  extends HybridObject<{ ios: 'c++'; android: 'c++' }> {
+  createCipher(args: CipherArgs): Cipher;
+}