react-native-quick-crypto 1.0.0-beta.21 → 1.0.0-beta.23

package/QuickCrypto.podspec

@@ -145,6 +145,14 @@ Pod::Spec.new do |s|
     "CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES" => "YES"
   }
 
+  # Add cpp subdirectories to header search paths
+  cpp_headers = [
+    "\"$(PODS_TARGET_SRCROOT)/cpp/utils\"",
+    "\"$(PODS_TARGET_SRCROOT)/deps/ncrypto\"",
+    "\"$(PODS_TARGET_SRCROOT)/deps/blake3/c\"",
+    "\"$(PODS_TARGET_SRCROOT)/deps/fastpbkdf2\""
+  ]
+
   if sodium_enabled
     sodium_headers = [
       "\"$(PODS_TARGET_SRCROOT)/ios/libsodium-stable/src/libsodium/include\"",
@@ -153,8 +161,10 @@ Pod::Spec.new do |s|
       "\"$(PODS_ROOT)/../../packages/react-native-quick-crypto/ios/libsodium-stable/src/libsodium/include\"",
       "\"$(PODS_ROOT)/../../packages/react-native-quick-crypto/ios/libsodium-stable/src/libsodium/include/sodium\""
     ]
-    xcconfig["HEADER_SEARCH_PATHS"] = sodium_headers.join(' ')
+    xcconfig["HEADER_SEARCH_PATHS"] = (cpp_headers + sodium_headers).join(' ')
     xcconfig["GCC_PREPROCESSOR_DEFINITIONS"] = "$(inherited) BLSALLOC_SODIUM=1"
+  else
+    xcconfig["HEADER_SEARCH_PATHS"] = cpp_headers.join(' ')
   end
 
   s.pod_target_xcconfig = xcconfig

package/android/CMakeLists.txt

@@ -27,7 +27,9 @@ add_library(
   src/main/cpp/cpp-adapter.cpp
   ../cpp/blake3/HybridBlake3.cpp
   ../cpp/cipher/CCMCipher.cpp
+  ../cpp/cipher/GCMCipher.cpp
   ../cpp/cipher/HybridCipher.cpp
+  ../cpp/cipher/HybridRsaCipher.cpp
   ../cpp/cipher/OCBCipher.cpp
   ../cpp/cipher/XSalsa20Cipher.cpp
   ../cpp/cipher/ChaCha20Cipher.cpp

package/cpp/cipher/GCMCipher.cpp

@@ -0,0 +1,68 @@
+#include "GCMCipher.hpp"
+#include "Utils.hpp"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <stdexcept>
+
+namespace margelo::nitro::crypto {
+
+void GCMCipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) {
+  // Clean up any existing context
+  if (ctx) {
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = nullptr;
+  }
+
+  // 1. Get cipher implementation by name
+  const EVP_CIPHER* cipher = EVP_get_cipherbyname(cipher_type.c_str());
+  if (!cipher) {
+    throw std::runtime_error("Unknown cipher " + cipher_type);
+  }
+
+  // 2. Create a new context
+  ctx = EVP_CIPHER_CTX_new();
+  if (!ctx) {
+    throw std::runtime_error("Failed to create cipher context");
+  }
+
+  // 3. Initialize with cipher type only (no key/IV yet)
+  if (EVP_CipherInit_ex(ctx, cipher, nullptr, nullptr, nullptr, is_cipher) != 1) {
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = nullptr;
+    throw std::runtime_error("GCMCipher: Failed initial CipherInit setup: " + std::string(err_buf));
+  }
+
+  // 4. Set IV length for non-standard IV sizes (GCM default is 96 bits/12 bytes)
+  auto native_iv = ToNativeArrayBuffer(iv);
+  size_t iv_len = native_iv->size();
+
+  if (iv_len != 12) { // Only set if not the default length
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, static_cast<int>(iv_len), nullptr) != 1) {
+      unsigned long err = ERR_get_error();
+      char err_buf[256];
+      ERR_error_string_n(err, err_buf, sizeof(err_buf));
+      EVP_CIPHER_CTX_free(ctx);
+      ctx = nullptr;
+      throw std::runtime_error("GCMCipher: Failed to set IV length: " + std::string(err_buf));
+    }
+  }
+
+  // 5. Now set the key and IV
+  auto native_key = ToNativeArrayBuffer(cipher_key);
+  const unsigned char* key_ptr = reinterpret_cast<const unsigned char*>(native_key->data());
+  const unsigned char* iv_ptr = reinterpret_cast<const unsigned char*>(native_iv->data());
+
+  if (EVP_CipherInit_ex(ctx, nullptr, nullptr, key_ptr, iv_ptr, is_cipher) != 1) {
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = nullptr;
+    throw std::runtime_error("GCMCipher: Failed to set key/IV: " + std::string(err_buf));
+  }
+}
+
+} // namespace margelo::nitro::crypto

package/cpp/cipher/GCMCipher.hpp

@@ -0,0 +1,14 @@
+#pragma once
+
+#include "HybridCipher.hpp"
+
+namespace margelo::nitro::crypto {
+
+class GCMCipher : public HybridCipher {
+ public:
+  GCMCipher() : HybridObject(TAG) {}
+
+  void init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) override;
+};
+
+} // namespace margelo::nitro::crypto

package/cpp/cipher/HybridCipherFactory.hpp

@@ -7,6 +7,7 @@
 #include "CCMCipher.hpp"
 #include "ChaCha20Cipher.hpp"
 #include "ChaCha20Poly1305Cipher.hpp"
+#include "GCMCipher.hpp"
 #include "HybridCipherFactorySpec.hpp"
 #include "OCBCipher.hpp"
 #include "Utils.hpp"
@@ -50,6 +51,13 @@ class HybridCipherFactory : public HybridCipherFactorySpec {
           EVP_CIPHER_free(cipher);
           return cipherInstance;
         }
+        case EVP_CIPH_GCM_MODE: {
+          cipherInstance = std::make_shared<GCMCipher>();
+          cipherInstance->setArgs(args);
+          cipherInstance->init(args.cipherKey, args.iv);
+          EVP_CIPHER_free(cipher);
+          return cipherInstance;
+        }
         case EVP_CIPH_STREAM_CIPHER: {
           // Check for ChaCha20 variants specifically
           std::string cipherName = toLower(args.cipherType);

package/cpp/cipher/HybridRsaCipher.cpp

@@ -0,0 +1,229 @@
+#include "HybridRsaCipher.hpp"
+#include "../keys/HybridKeyObjectHandle.hpp"
+#include "Utils.hpp"
+
+#include <cstring>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+namespace margelo::nitro::crypto {
+
+using margelo::nitro::NativeArrayBuffer;
+
+// Helper to get OpenSSL digest from hash algorithm name
+const EVP_MD* getDigestByName(const std::string& hashAlgorithm) {
+  if (hashAlgorithm == "SHA-1" || hashAlgorithm == "SHA1" || hashAlgorithm == "sha1" || hashAlgorithm == "sha-1") {
+    return EVP_sha1();
+  } else if (hashAlgorithm == "SHA-256" || hashAlgorithm == "SHA256" || hashAlgorithm == "sha256" || hashAlgorithm == "sha-256") {
+    return EVP_sha256();
+  } else if (hashAlgorithm == "SHA-384" || hashAlgorithm == "SHA384" || hashAlgorithm == "sha384" || hashAlgorithm == "sha-384") {
+    return EVP_sha384();
+  } else if (hashAlgorithm == "SHA-512" || hashAlgorithm == "SHA512" || hashAlgorithm == "sha512" || hashAlgorithm == "sha-512") {
+    return EVP_sha512();
+  }
+  throw std::runtime_error("Unsupported hash algorithm: " + hashAlgorithm);
+}
+
+std::shared_ptr<ArrayBuffer> HybridRsaCipher::encrypt(const std::shared_ptr<HybridKeyObjectHandleSpec>& keyHandle,
+                                                      const std::shared_ptr<ArrayBuffer>& data, const std::string& hashAlgorithm,
+                                                      const std::optional<std::shared_ptr<ArrayBuffer>>& label) {
+  // Get the EVP_PKEY from the key handle
+  auto keyHandleImpl = std::static_pointer_cast<HybridKeyObjectHandle>(keyHandle);
+  EVP_PKEY* pkey = keyHandleImpl->getKeyObjectData().GetAsymmetricKey().get();
+
+  if (!pkey) {
+    throw std::runtime_error("Invalid key for RSA encryption");
+  }
+
+  // Create context for encryption
+  EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new(pkey, nullptr);
+  if (!ctx) {
+    throw std::runtime_error("Failed to create EVP_PKEY_CTX");
+  }
+
+  // Initialize encryption
+  if (EVP_PKEY_encrypt_init(ctx) <= 0) {
+    EVP_PKEY_CTX_free(ctx);
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    throw std::runtime_error("Failed to initialize encryption: " + std::string(err_buf));
+  }
+
+  // Set padding to OAEP
+  if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) {
+    EVP_PKEY_CTX_free(ctx);
+    throw std::runtime_error("Failed to set RSA OAEP padding");
+  }
+
+  // Set OAEP hash algorithm
+  const EVP_MD* md = getDigestByName(hashAlgorithm);
+  if (EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) <= 0) {
+    EVP_PKEY_CTX_free(ctx);
+    throw std::runtime_error("Failed to set OAEP hash algorithm");
+  }
+
+  // Set MGF1 hash (same as OAEP hash per WebCrypto spec)
+  if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) <= 0) {
+    EVP_PKEY_CTX_free(ctx);
+    throw std::runtime_error("Failed to set MGF1 hash algorithm");
+  }
+
+  // Set OAEP label if provided
+  if (label.has_value() && label.value()->size() > 0) {
+    auto native_label = ToNativeArrayBuffer(label.value());
+    // OpenSSL takes ownership of the label, so we need to allocate a copy
+    unsigned char* label_copy = (unsigned char*)OPENSSL_malloc(native_label->size());
+    if (!label_copy) {
+      EVP_PKEY_CTX_free(ctx);
+      throw std::runtime_error("Failed to allocate memory for label");
+    }
+    std::memcpy(label_copy, native_label->data(), native_label->size());
+
+    if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, label_copy, native_label->size()) <= 0) {
+      OPENSSL_free(label_copy);
+      EVP_PKEY_CTX_free(ctx);
+      throw std::runtime_error("Failed to set OAEP label");
+    }
+  }
+
+  // Get input data
+  auto native_data = ToNativeArrayBuffer(data);
+  const unsigned char* in = native_data->data();
+  size_t inlen = native_data->size();
+
+  // Determine output length
+  size_t outlen;
+  if (EVP_PKEY_encrypt(ctx, nullptr, &outlen, in, inlen) <= 0) {
+    EVP_PKEY_CTX_free(ctx);
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    throw std::runtime_error("Failed to determine output length: " + std::string(err_buf));
+  }
+
+  // Allocate output buffer
+  auto out_buf = std::make_unique<uint8_t[]>(outlen);
+
+  // Perform encryption
+  if (EVP_PKEY_encrypt(ctx, out_buf.get(), &outlen, in, inlen) <= 0) {
+    EVP_PKEY_CTX_free(ctx);
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    throw std::runtime_error("Encryption failed: " + std::string(err_buf));
+  }
+
+  EVP_PKEY_CTX_free(ctx);
+
+  // Create ArrayBuffer from result
+  uint8_t* raw_ptr = out_buf.get();
+  return std::make_shared<NativeArrayBuffer>(out_buf.release(), outlen, [raw_ptr]() { delete[] raw_ptr; });
+}
+
+std::shared_ptr<ArrayBuffer> HybridRsaCipher::decrypt(const std::shared_ptr<HybridKeyObjectHandleSpec>& keyHandle,
+                                                      const std::shared_ptr<ArrayBuffer>& data, const std::string& hashAlgorithm,
+                                                      const std::optional<std::shared_ptr<ArrayBuffer>>& label) {
+  // Get the EVP_PKEY from the key handle
+  auto keyHandleImpl = std::static_pointer_cast<HybridKeyObjectHandle>(keyHandle);
+  EVP_PKEY* pkey = keyHandleImpl->getKeyObjectData().GetAsymmetricKey().get();
+
+  if (!pkey) {
+    throw std::runtime_error("Invalid key for RSA decryption");
+  }
+
+  // Create context for decryption
+  EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new(pkey, nullptr);
+  if (!ctx) {
+    throw std::runtime_error("Failed to create EVP_PKEY_CTX");
+  }
+
+  // Initialize decryption
+  if (EVP_PKEY_decrypt_init(ctx) <= 0) {
+    EVP_PKEY_CTX_free(ctx);
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    throw std::runtime_error("Failed to initialize decryption: " + std::string(err_buf));
+  }
+
+  // Set padding to OAEP
+  if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) {
+    EVP_PKEY_CTX_free(ctx);
+    throw std::runtime_error("Failed to set RSA OAEP padding");
+  }
+
+  // Set OAEP hash algorithm
+  const EVP_MD* md = getDigestByName(hashAlgorithm);
+  if (EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) <= 0) {
+    EVP_PKEY_CTX_free(ctx);
+    throw std::runtime_error("Failed to set OAEP hash algorithm");
+  }
+
+  // Set MGF1 hash (same as OAEP hash per WebCrypto spec)
+  if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) <= 0) {
+    EVP_PKEY_CTX_free(ctx);
+    throw std::runtime_error("Failed to set MGF1 hash algorithm");
+  }
+
+  // Set OAEP label if provided
+  if (label.has_value() && label.value()->size() > 0) {
+    auto native_label = ToNativeArrayBuffer(label.value());
+    // OpenSSL takes ownership of the label, so we need to allocate a copy
+    unsigned char* label_copy = (unsigned char*)OPENSSL_malloc(native_label->size());
+    if (!label_copy) {
+      EVP_PKEY_CTX_free(ctx);
+      throw std::runtime_error("Failed to allocate memory for label");
+    }
+    std::memcpy(label_copy, native_label->data(), native_label->size());
+
+    if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, label_copy, native_label->size()) <= 0) {
+      OPENSSL_free(label_copy);
+      EVP_PKEY_CTX_free(ctx);
+      throw std::runtime_error("Failed to set OAEP label");
+    }
+  }
+
+  // Get input data
+  auto native_data = ToNativeArrayBuffer(data);
+  const unsigned char* in = native_data->data();
+  size_t inlen = native_data->size();
+
+  // Determine output length
+  size_t outlen;
+  if (EVP_PKEY_decrypt(ctx, nullptr, &outlen, in, inlen) <= 0) {
+    EVP_PKEY_CTX_free(ctx);
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    throw std::runtime_error("Failed to determine output length: " + std::string(err_buf));
+  }
+
+  // Allocate output buffer
+  auto out_buf = std::make_unique<uint8_t[]>(outlen);
+
+  // Perform decryption
+  if (EVP_PKEY_decrypt(ctx, out_buf.get(), &outlen, in, inlen) <= 0) {
+    EVP_PKEY_CTX_free(ctx);
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    throw std::runtime_error("Decryption failed: " + std::string(err_buf));
+  }
+
+  EVP_PKEY_CTX_free(ctx);
+
+  // Create ArrayBuffer from result
+  uint8_t* raw_ptr = out_buf.get();
+  return std::make_shared<NativeArrayBuffer>(out_buf.release(), outlen, [raw_ptr]() { delete[] raw_ptr; });
+}
+
+void HybridRsaCipher::loadHybridMethods() {
+  registerHybrids(this, [](Prototype& prototype) {
+    prototype.registerHybridMethod("encrypt", &HybridRsaCipher::encrypt);
+    prototype.registerHybridMethod("decrypt", &HybridRsaCipher::decrypt);
+  });
+}
+
+} // namespace margelo::nitro::crypto

package/cpp/cipher/HybridRsaCipher.hpp

@@ -0,0 +1,23 @@
+#pragma once
+
+#include "HybridRsaCipherSpec.hpp"
+#include <memory>
+
+namespace margelo::nitro::crypto {
+
+class HybridRsaCipher : public HybridRsaCipherSpec {
+ public:
+  HybridRsaCipher() : HybridObject(TAG) {}
+
+  std::shared_ptr<ArrayBuffer> encrypt(const std::shared_ptr<HybridKeyObjectHandleSpec>& keyHandle,
+                                       const std::shared_ptr<ArrayBuffer>& data, const std::string& hashAlgorithm,
+                                       const std::optional<std::shared_ptr<ArrayBuffer>>& label) override;
+
+  std::shared_ptr<ArrayBuffer> decrypt(const std::shared_ptr<HybridKeyObjectHandleSpec>& keyHandle,
+                                       const std::shared_ptr<ArrayBuffer>& data, const std::string& hashAlgorithm,
+                                       const std::optional<std::shared_ptr<ArrayBuffer>>& label) override;
+
+  void loadHybridMethods() override;
+};
+
+} // namespace margelo::nitro::crypto