react-native-quick-crypto 1.0.0-beta.5 → 1.0.0-beta.7

package/src/keys/index.ts

@@ -1,99 +1,42 @@
-import type { KeyObjectHandle } from '../specs/keyObjectHandle.nitro';
-import type { EncodingOptions, KeyUsage, SubtleAlgorithm } from '../utils';
-
-export class CryptoKey {
-  keyObject: KeyObject;
-  keyAlgorithm: SubtleAlgorithm;
-  keyUsages: KeyUsage[];
-  keyExtractable: boolean;
-
-  constructor(
-    keyObject: KeyObject,
-    keyAlgorithm: SubtleAlgorithm,
-    keyUsages: KeyUsage[],
-    keyExtractable: boolean,
-  ) {
-    this.keyObject = keyObject;
-    this.keyAlgorithm = keyAlgorithm;
-    this.keyUsages = keyUsages;
-    this.keyExtractable = keyExtractable;
-  }
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  inspect(_depth: number, _options: unknown): unknown {
-    throw new Error('CryptoKey.inspect is not implemented');
-    // if (depth < 0) return this;
-
-    // const opts = {
-    //   ...options,
-    //   depth: options.depth == null ? null : options.depth - 1,
-    // };
-
-    // return `CryptoKey ${inspect(
-    //   {
-    //     type: this.type,
-    //     extractable: this.extractable,
-    //     algorithm: this.algorithm,
-    //     usages: this.usages,
-    //   },
-    //   opts
-    // )}`;
-  }
-
-  get type() {
-    // if (!(this instanceof CryptoKey)) throw new Error('Invalid CryptoKey');
-    return this.keyObject.type;
-  }
-
-  get extractable() {
-    return this.keyExtractable;
-  }
-
-  get algorithm() {
-    return this.keyAlgorithm;
-  }
-
-  get usages() {
-    return this.keyUsages;
-  }
-}
-
-class KeyObject {
-  handle: KeyObjectHandle;
-  type: 'public' | 'secret' | 'private' | 'unknown' = 'unknown';
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  export(_options?: EncodingOptions): ArrayBuffer {
-    return new ArrayBuffer(0);
-  }
-
-  constructor(type: string, handle: KeyObjectHandle) {
-    if (type !== 'secret' && type !== 'public' && type !== 'private')
-      throw new Error(`invalid KeyObject type: ${type}`);
-    this.handle = handle;
-    this.type = type;
-  }
-
-  // get type(): string {
-  //   return this.type;
-  // }
-
-  // static from(key) {
-  //   if (!isCryptoKey(key))
-  //     throw new ERR_INVALID_ARG_TYPE('key', 'CryptoKey', key);
-  //   return key[kKeyObject];
-  // }
-
-  // equals(otherKeyObject) {
-  //   if (!isKeyObject(otherKeyObject)) {
-  //     throw new ERR_INVALID_ARG_TYPE(
-  //       'otherKeyObject',
-  //       'KeyObject',
-  //       otherKeyObject
-  //     );
-  //   }
-
-  //   return (
-  //     otherKeyObject.type === this.type &&
-  //     this[kHandle].equals(otherKeyObject[kHandle])
-  //   );
-  // }
-}
+import {
+  CryptoKey,
+  KeyObject,
+  SecretKeyObject,
+  PublicKeyObject,
+  PrivateKeyObject,
+} from './classes';
+// import { generateKeyPair } from './generateKeyPair';
+// import { sign, verify } from './signVerify';
+import {
+  isCryptoKey,
+  parseKeyEncoding,
+  parsePrivateKeyEncoding,
+  parsePublicKeyEncoding,
+} from './utils';
+
+export {
+  // Node Public API
+  // createSecretKey,
+  // createPublicKey,
+  // createPrivateKey,
+  CryptoKey,
+  // generateKeyPair,
+  KeyObject,
+  // InternalCryptoKey,
+  // sign,
+  // verify,
+
+  // Node Internal API
+  parsePublicKeyEncoding,
+  parsePrivateKeyEncoding,
+  parseKeyEncoding,
+  // preparePrivateKey,
+  // preparePublicOrPrivateKey,
+  // prepareSecretKey,
+  SecretKeyObject,
+  PublicKeyObject,
+  PrivateKeyObject,
+  // isKeyObject,
+  isCryptoKey,
+  // importGenericSecretKey,
+};

package/src/keys/signVerify.ts

@@ -0,0 +1,39 @@
+// import { KeyObject, PublicKeyObject, PrivateKeyObject } from '.';
+// import { ed25519 } from '../ed25519';
+// import type {
+//   BinaryLike,
+//   BinaryLikeNode,
+//   SignCallback,
+//   VerifyCallback,
+// } from '../utils';
+
+// export function sign(
+//   algorithm: string | null | undefined,
+//   data: BinaryLike,
+//   key: BinaryLikeNode | KeyObject,
+//   callback: SignCallback,
+// ): ArrayBuffer {
+//   console.log('sign  ', algorithm, data, key, callback);
+//   return new ArrayBuffer(32);
+// }
+
+// export function verify(
+//   algorithm: string | null | undefined,
+//   data: BinaryLike,
+//   key: BinaryLikeNode | KeyObject,
+//   signature: ArrayBuffer,
+//   callback: VerifyCallback,
+// ): boolean {
+//   if (!algorithm) {
+//     if (key instanceof PublicKeyObject) {
+//       switch (key.asymmetricKeyType) {
+//         case 'ed25519':
+//         case 'ed448':
+//         case 'x25519':
+//         case 'x448': {
+//           return ed25519.verify(signature, data, key);
+//         }
+//     }
+//   }
+//   throw new Error('Verify not implemented', algorithm, data, key, signature, callback);
+// }

package/src/keys/utils.ts

@@ -0,0 +1,184 @@
+import {
+  binaryLikeToArrayBuffer,
+  isStringOrBuffer,
+  KeyEncoding,
+  KFormatType,
+} from '../utils';
+import type { EncodingOptions } from '../utils';
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const isCryptoKey = (obj: any): boolean => {
+  return obj !== null && obj?.keyObject !== undefined;
+};
+
+/**
+ * Parses the public key encoding based on an object. keyType must be undefined
+ * when this is used to parse an input encoding and must be a valid key type if
+ * used to parse an output encoding.
+ */
+export function parsePublicKeyEncoding(
+  enc: EncodingOptions,
+  keyType: string | undefined,
+  objName?: string,
+) {
+  return parseKeyEncoding(enc, keyType, keyType ? true : undefined, objName);
+}
+
+/**
+ * Parses the private key encoding based on an object. keyType must be undefined
+ * when this is used to parse an input encoding and must be a valid key type if
+ * used to parse an output encoding.
+ */
+export function parsePrivateKeyEncoding(
+  enc: EncodingOptions,
+  keyType: string | undefined,
+  objName?: string,
+) {
+  return parseKeyEncoding(enc, keyType, false, objName);
+}
+
+export function parseKeyEncoding(
+  enc: EncodingOptions,
+  keyType?: string,
+  isPublic?: boolean,
+  objName?: string,
+) {
+  // validateObject(enc, 'options');
+
+  const isInput = keyType === undefined;
+
+  const { format, type } = parseKeyFormatAndType(
+    enc,
+    keyType,
+    isPublic,
+    objName,
+  );
+
+  let cipher, passphrase, encoding;
+  if (isPublic !== true) {
+    ({ cipher, passphrase, encoding } = enc);
+
+    if (!isInput) {
+      if (cipher != null) {
+        if (typeof cipher !== 'string')
+          throw new Error(
+            `Invalid argument ${option('cipher', objName)}: ${cipher}`,
+          );
+        if (
+          format === KFormatType.kKeyFormatDER &&
+          (type === KeyEncoding.kKeyEncodingPKCS1 ||
+            type === KeyEncoding.kKeyEncodingSEC1)
+        ) {
+          throw new Error(
+            `Incompatible key options ${encodingNames[type]} does not support encryption`,
+          );
+        }
+      } else if (passphrase !== undefined) {
+        throw new Error(
+          `invalid argument ${option('cipher', objName)}: ${cipher}`,
+        );
+      }
+    }
+
+    if (
+      (isInput && passphrase !== undefined && !isStringOrBuffer(passphrase)) ||
+      (!isInput && cipher != null && !isStringOrBuffer(passphrase))
+    ) {
+      throw new Error(
+        `Invalid argument value ${option('passphrase', objName)}: ${passphrase}`,
+      );
+    }
+  }
+
+  if (passphrase !== undefined)
+    passphrase = binaryLikeToArrayBuffer(passphrase, encoding);
+
+  return { format, type, cipher, passphrase };
+}
+
+const encodingNames = {
+  [KeyEncoding.kKeyEncodingPKCS1]: 'pkcs1',
+  [KeyEncoding.kKeyEncodingPKCS8]: 'pkcs8',
+  [KeyEncoding.kKeyEncodingSPKI]: 'spki',
+  [KeyEncoding.kKeyEncodingSEC1]: 'sec1',
+};
+
+function option(name: string, objName?: string) {
+  return objName === undefined
+    ? `options.${name}`
+    : `options.${objName}.${name}`;
+}
+
+function parseKeyFormat(
+  formatStr?: string,
+  defaultFormat?: KFormatType,
+  optionName?: string,
+) {
+  if (formatStr === undefined && defaultFormat !== undefined)
+    return defaultFormat;
+  else if (formatStr === 'pem') return KFormatType.kKeyFormatPEM;
+  else if (formatStr === 'der') return KFormatType.kKeyFormatDER;
+  else if (formatStr === 'jwk') return KFormatType.kKeyFormatJWK;
+  throw new Error(`Invalid key format str: ${optionName}`);
+}
+
+function parseKeyType(
+  typeStr: string | undefined,
+  required: boolean,
+  keyType: string | undefined,
+  isPublic: boolean | undefined,
+  optionName: string,
+): KeyEncoding | undefined {
+  if (typeStr === undefined && !required) {
+    return undefined;
+  } else if (typeStr === 'pkcs1') {
+    if (keyType !== undefined && keyType !== 'rsa') {
+      throw new Error(
+        `Crypto incompatible key options: ${typeStr} can only be used for RSA keys`,
+      );
+    }
+    return KeyEncoding.kKeyEncodingPKCS1;
+  } else if (typeStr === 'spki' && isPublic !== false) {
+    return KeyEncoding.kKeyEncodingSPKI;
+  } else if (typeStr === 'pkcs8' && isPublic !== true) {
+    return KeyEncoding.kKeyEncodingPKCS8;
+  } else if (typeStr === 'sec1' && isPublic !== true) {
+    if (keyType !== undefined && keyType !== 'ec') {
+      throw new Error(
+        `Incompatible key options ${typeStr} can only be used for EC keys`,
+      );
+    }
+    return KeyEncoding.kKeyEncodingSEC1;
+  }
+
+  throw new Error(`Invalid option ${optionName} - ${typeStr}`);
+}
+
+function parseKeyFormatAndType(
+  enc: EncodingOptions,
+  keyType?: string,
+  isPublic?: boolean,
+  objName?: string,
+) {
+  const { format: formatStr, type: typeStr } = enc;
+
+  const isInput = keyType === undefined;
+  const format = parseKeyFormat(
+    formatStr,
+    isInput ? KFormatType.kKeyFormatPEM : undefined,
+    option('format', objName),
+  );
+
+  const isRequired =
+    (!isInput || format === KFormatType.kKeyFormatDER) &&
+    format !== KFormatType.kKeyFormatJWK;
+
+  const type = parseKeyType(
+    typeStr,
+    isRequired,
+    keyType,
+    isPublic,
+    option('type', objName),
+  );
+  return { format, type };
+}

package/src/specs/edKeyPair.nitro.ts

@@ -0,0 +1,41 @@
+import type { HybridObject } from 'react-native-nitro-modules';
+
+export interface EdKeyPair
+  extends HybridObject<{ ios: 'c++'; android: 'c++' }> {
+  generateKeyPair(
+    publicFormat: number,
+    publicType: number,
+    privateFormat: number,
+    privateType: number,
+    cipher?: string,
+    passphrase?: ArrayBuffer,
+  ): Promise<void>;
+
+  generateKeyPairSync(
+    publicFormat: number,
+    publicType: number,
+    privateFormat: number,
+    privateType: number,
+    cipher?: string,
+    passphrase?: ArrayBuffer,
+  ): void;
+
+  getPublicKey(): ArrayBuffer;
+  getPrivateKey(): ArrayBuffer;
+
+  sign(message: ArrayBuffer, key?: ArrayBuffer): Promise<ArrayBuffer>;
+  signSync(message: ArrayBuffer, key?: ArrayBuffer): ArrayBuffer;
+
+  verify(
+    message: ArrayBuffer,
+    signature: ArrayBuffer,
+    key?: ArrayBuffer,
+  ): Promise<boolean>;
+  verifySync(
+    message: ArrayBuffer,
+    signature: ArrayBuffer,
+    key?: ArrayBuffer,
+  ): boolean;
+
+  setCurve(curve: string): void;
+}

package/src/utils/conversion.ts

@@ -96,3 +96,5 @@ export function binaryLikeToArrayBuffer(
 export function ab2str(buf: ArrayBuffer, encoding: string = 'hex') {
   return Buffer.from(buf).toString(encoding);
 }
+
+export const kEmptyObject = Object.freeze(Object.create(null));

package/src/utils/index.ts

@@ -2,3 +2,4 @@ export * from './conversion';
 export * from './errors';
 export * from './hashnames';
 export * from './types';
+export * from './validation';

package/src/utils/types.ts

@@ -1,6 +1,7 @@
-import { type Buffer } from '@craftzdog/react-native-buffer';
-import { type Buffer as SBuffer } from 'safe-buffer';
-import { type CipherKey } from 'crypto'; // @types/node
+import type { Buffer } from '@craftzdog/react-native-buffer';
+import type { Buffer as SBuffer } from 'safe-buffer';
+import type { CipherKey } from 'crypto'; // @types/node
+import type { KeyObjectHandle } from '../specs/keyObjectHandle.nitro';
 
 export type ArrayBufferView = TypedArray | DataView | ArrayBufferLike | Buffer;
 
@@ -38,6 +39,7 @@ export type RSAKeyPairAlgorithm = 'RSASSA-PKCS1-v1_5' | 'RSA-PSS' | 'RSA-OAEP';
 export type ECKeyPairAlgorithm = 'ECDSA' | 'ECDH';
 
 export type CFRGKeyPairAlgorithm = 'Ed25519' | 'Ed448' | 'X25519' | 'X448';
+export type CFRGKeyPairType = 'ed25519' | 'ed448' | 'x25519' | 'x448';
 
 export type KeyPairAlgorithm =
   | RSAKeyPairAlgorithm
@@ -95,6 +97,8 @@ export type SubtleAlgorithm = {
   publicExponent?: number | Uint8Array;
 };
 
+export type KeyPairType = CFRGKeyPairType;
+
 export type KeyUsage =
   | 'encrypt'
   | 'decrypt'
@@ -127,7 +131,22 @@ export enum KeyEncoding {
   kKeyEncodingSEC1,
 }
 
-export type AsymmetricKeyType = 'rsa' | 'rsa-pss' | 'dsa' | 'ec';
+export type KeyPairGenConfig = {
+  publicFormat?: KFormatType;
+  publicType?: KeyEncoding;
+  privateFormat?: KFormatType;
+  privateType?: KeyEncoding;
+  cipher?: string;
+  passphrase?: ArrayBuffer;
+};
+
+export type AsymmetricKeyType =
+  // 'rsa' |
+  // 'rsa-pss' |
+  // 'dsa' |
+  // 'ec' |
+  // 'dh' |
+  CFRGKeyPairType;
 
 type JWKkty = 'AES' | 'RSA' | 'EC' | 'oct';
 type JWKuse = 'sig' | 'enc';
@@ -189,3 +208,64 @@ export interface KeyDetail {
   saltLength?: number;
   namedCurve?: string;
 }
+
+export type GenerateKeyPairOptions = {
+  modulusLength?: number; // Key size in bits (RSA, DSA).
+  publicExponent?: number; // Public exponent (RSA). Default: 0x10001.
+  hashAlgorithm?: string; // Name of the message digest (RSA-PSS).
+  mgf1HashAlgorithm?: string; // string Name of the message digest used by MGF1 (RSA-PSS).
+  saltLength?: number; // Minimal salt length in bytes (RSA-PSS).
+  divisorLength?: number; // Size of q in bits (DSA).
+  namedCurve?: string; // Name of the curve to use (EC).
+  prime?: Buffer; // The prime parameter (DH).
+  primeLength?: number; // Prime length in bits (DH).
+  generator?: number; // Custom generator (DH). Default: 2.
+  groupName?: string; // Diffie-Hellman group name (DH). See crypto.getDiffieHellman().
+  publicKeyEncoding?: EncodingOptions; // See keyObject.export().
+  privateKeyEncoding?: EncodingOptions; // See keyObject.export().
+  paramEncoding?: string;
+  hash?: string;
+  mgf1Hash?: string;
+};
+
+// Note: removed CryptoKey class from this type (from 0.x) because Nitro doesn't
+//       handle custom JS objects.  We might need to make it a JS object.
+export type KeyPairKey = ArrayBuffer | KeyObjectHandle | undefined;
+
+export type GenerateKeyPairReturn = [
+  error?: Error,
+  privateKey?: KeyPairKey,
+  publicKey?: KeyPairKey,
+];
+
+export type GenerateKeyPairCallback = (
+  error?: Error,
+  publicKey?: KeyPairKey,
+  privateKey?: KeyPairKey,
+) => GenerateKeyPairReturn | void;
+
+export type KeyPair = {
+  publicKey?: KeyPairKey;
+  privateKey?: KeyPairKey;
+};
+
+export type GenerateKeyPairPromiseReturn = [error?: Error, keypair?: KeyPair];
+
+export type CryptoKeyPair = {
+  publicKey: KeyPairKey;
+  privateKey: KeyPairKey;
+};
+
+export enum KeyVariant {
+  RSA_SSA_PKCS1_v1_5,
+  RSA_PSS,
+  RSA_OAEP,
+  DSA,
+  EC,
+  NID,
+  DH,
+}
+
+export type SignCallback = (err: Error | null, signature?: ArrayBuffer) => void;
+
+export type VerifyCallback = (err: Error | null, valid?: boolean) => void;

package/src/utils/validation.ts

@@ -0,0 +1,35 @@
+export function validateFunction(f: unknown): boolean {
+  return f !== null && typeof f === 'function';
+}
+
+export function isStringOrBuffer(val: unknown): val is string | ArrayBuffer {
+  return (
+    typeof val === 'string' ||
+    ArrayBuffer.isView(val) ||
+    val instanceof ArrayBuffer
+  );
+}
+
+export function validateObject<T>(
+  value: unknown,
+  name: string,
+  options?: {
+    allowArray: boolean;
+    allowFunction: boolean;
+    nullable: boolean;
+  } | null,
+): value is T {
+  const useDefaultOptions = options == null;
+  const allowArray = useDefaultOptions ? false : options.allowArray;
+  const allowFunction = useDefaultOptions ? false : options.allowFunction;
+  const nullable = useDefaultOptions ? false : options.nullable;
+  if (
+    (!nullable && value === null) ||
+    (!allowArray && Array.isArray(value)) ||
+    (typeof value !== 'object' &&
+      (!allowFunction || typeof value !== 'function'))
+  ) {
+    throw new Error(`${name} is not a valid object $${value}`);
+  }
+  return true;
+}