react-native-quick-crypto 1.0.0-beta.8 → 1.0.0

package/lib/commonjs/subtle.js

@@ -0,0 +1,987 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.Subtle = void 0;
+exports.isCryptoKeyPair = isCryptoKeyPair;
+exports.subtle = void 0;
+var _safeBuffer = require("safe-buffer");
+var _utils = require("./utils");
+var _keys = require("./keys");
+var _conversion = require("./utils/conversion");
+var _errors = require("./utils/errors");
+var _hashnames = require("./utils/hashnames");
+var _validation = require("./utils/validation");
+var _hash = require("./hash");
+var _reactNativeNitroModules = require("react-native-nitro-modules");
+var _pbkdf = require("./pbkdf2");
+var _ec = require("./ec");
+var _rsa = require("./rsa");
+var _random = require("./random");
+var _hmac = require("./hmac");
+var _signVerify = require("./keys/signVerify");
+var _ed = require("./ed");
+/* eslint-disable @typescript-eslint/no-unused-vars */
+// import { pbkdf2DeriveBits } from './pbkdf2';
+// import { aesCipher, aesGenerateKey, aesImportKey, getAlgorithmName } from './aes';
+// import { rsaCipher, rsaExportKey, rsaImportKey, rsaKeyGenerate } from './rsa';
+// import { normalizeAlgorithm, type Operation } from './algorithms';
+// import { hmacImportKey } from './mac';
+// Temporary enums that need to be defined
+var KWebCryptoKeyFormat = /*#__PURE__*/function (KWebCryptoKeyFormat) {
+  KWebCryptoKeyFormat[KWebCryptoKeyFormat["kWebCryptoKeyFormatRaw"] = 0] = "kWebCryptoKeyFormatRaw";
+  KWebCryptoKeyFormat[KWebCryptoKeyFormat["kWebCryptoKeyFormatSPKI"] = 1] = "kWebCryptoKeyFormatSPKI";
+  KWebCryptoKeyFormat[KWebCryptoKeyFormat["kWebCryptoKeyFormatPKCS8"] = 2] = "kWebCryptoKeyFormatPKCS8";
+  return KWebCryptoKeyFormat;
+}(KWebCryptoKeyFormat || {});
+var CipherOrWrapMode = /*#__PURE__*/function (CipherOrWrapMode) {
+  CipherOrWrapMode[CipherOrWrapMode["kWebCryptoCipherEncrypt"] = 0] = "kWebCryptoCipherEncrypt";
+  CipherOrWrapMode[CipherOrWrapMode["kWebCryptoCipherDecrypt"] = 1] = "kWebCryptoCipherDecrypt";
+  return CipherOrWrapMode;
+}(CipherOrWrapMode || {}); // Placeholder functions that need to be implemented
+function hasAnyNotIn(usages, allowed) {
+  return usages.some(usage => !allowed.includes(usage));
+}
+function normalizeAlgorithm(algorithm, _operation) {
+  if (typeof algorithm === 'string') {
+    return {
+      name: algorithm
+    };
+  }
+  return algorithm;
+}
+function getAlgorithmName(name, length) {
+  return `${name}${length}`;
+}
+
+// Placeholder implementations for missing functions
+function ecExportKey(key, format) {
+  const keyObject = key.keyObject;
+  if (format === KWebCryptoKeyFormat.kWebCryptoKeyFormatSPKI) {
+    // Export public key in SPKI format
+    const exported = keyObject.export({
+      format: 'der',
+      type: 'spki'
+    });
+    return (0, _conversion.bufferLikeToArrayBuffer)(exported);
+  } else if (format === KWebCryptoKeyFormat.kWebCryptoKeyFormatPKCS8) {
+    // Export private key in PKCS8 format
+    const exported = keyObject.export({
+      format: 'der',
+      type: 'pkcs8'
+    });
+    return (0, _conversion.bufferLikeToArrayBuffer)(exported);
+  } else {
+    throw new Error(`Unsupported EC export format: ${format}`);
+  }
+}
+function rsaExportKey(key, format) {
+  const keyObject = key.keyObject;
+  if (format === KWebCryptoKeyFormat.kWebCryptoKeyFormatSPKI) {
+    // Export public key in SPKI format
+    const exported = keyObject.export({
+      format: 'der',
+      type: 'spki'
+    });
+    return (0, _conversion.bufferLikeToArrayBuffer)(exported);
+  } else if (format === KWebCryptoKeyFormat.kWebCryptoKeyFormatPKCS8) {
+    // Export private key in PKCS8 format
+    const exported = keyObject.export({
+      format: 'der',
+      type: 'pkcs8'
+    });
+    return (0, _conversion.bufferLikeToArrayBuffer)(exported);
+  } else {
+    throw new Error(`Unsupported RSA export format: ${format}`);
+  }
+}
+async function rsaCipher(mode, key, data, algorithm) {
+  const rsaParams = algorithm;
+
+  // Validate key type matches operation
+  const expectedType = mode === CipherOrWrapMode.kWebCryptoCipherEncrypt ? 'public' : 'private';
+  if (key.type !== expectedType) {
+    throw (0, _errors.lazyDOMException)('The requested operation is not valid for the provided key', 'InvalidAccessError');
+  }
+
+  // Get hash algorithm from key
+  const hashAlgorithm = (0, _hashnames.normalizeHashName)(key.algorithm.hash);
+
+  // Prepare label (optional)
+  const label = rsaParams.label ? (0, _conversion.bufferLikeToArrayBuffer)(rsaParams.label) : undefined;
+
+  // Create RSA cipher instance
+  const rsaCipherModule = _reactNativeNitroModules.NitroModules.createHybridObject('RsaCipher');
+
+  // RSA-OAEP padding constant = 4
+  const RSA_PKCS1_OAEP_PADDING = 4;
+  if (mode === CipherOrWrapMode.kWebCryptoCipherEncrypt) {
+    // Encrypt with public key
+    return rsaCipherModule.encrypt(key.keyObject.handle, data, RSA_PKCS1_OAEP_PADDING, hashAlgorithm, label);
+  } else {
+    // Decrypt with private key
+    return rsaCipherModule.decrypt(key.keyObject.handle, data, RSA_PKCS1_OAEP_PADDING, hashAlgorithm, label);
+  }
+}
+async function aesCipher(mode, key, data, algorithm) {
+  const {
+    name
+  } = algorithm;
+  switch (name) {
+    case 'AES-CTR':
+      return aesCtrCipher(mode, key, data, algorithm);
+    case 'AES-CBC':
+      return aesCbcCipher(mode, key, data, algorithm);
+    case 'AES-GCM':
+      return aesGcmCipher(mode, key, data, algorithm);
+    default:
+      throw (0, _errors.lazyDOMException)(`Unsupported AES algorithm: ${name}`, 'NotSupportedError');
+  }
+}
+async function aesCtrCipher(mode, key, data, algorithm) {
+  // Validate counter and length
+  if (!algorithm.counter || algorithm.counter.byteLength !== 16) {
+    throw (0, _errors.lazyDOMException)('AES-CTR algorithm.counter must be 16 bytes', 'OperationError');
+  }
+  if (algorithm.length < 1 || algorithm.length > 128) {
+    throw (0, _errors.lazyDOMException)('AES-CTR algorithm.length must be between 1 and 128', 'OperationError');
+  }
+
+  // Get cipher type based on key length
+  const keyLength = key.algorithm.length;
+  const cipherType = `aes-${keyLength}-ctr`;
+
+  // Create cipher
+  const factory = _reactNativeNitroModules.NitroModules.createHybridObject('CipherFactory');
+  const cipher = factory.createCipher({
+    isCipher: mode === CipherOrWrapMode.kWebCryptoCipherEncrypt,
+    cipherType,
+    cipherKey: (0, _conversion.bufferLikeToArrayBuffer)(key.keyObject.export()),
+    iv: (0, _conversion.bufferLikeToArrayBuffer)(algorithm.counter)
+  });
+
+  // Process data
+  const updated = cipher.update(data);
+  const final = cipher.final();
+
+  // Concatenate results
+  const result = new Uint8Array(updated.byteLength + final.byteLength);
+  result.set(new Uint8Array(updated), 0);
+  result.set(new Uint8Array(final), updated.byteLength);
+  return result.buffer;
+}
+async function aesCbcCipher(mode, key, data, algorithm) {
+  // Validate IV
+  const iv = (0, _conversion.bufferLikeToArrayBuffer)(algorithm.iv);
+  if (iv.byteLength !== 16) {
+    throw (0, _errors.lazyDOMException)('algorithm.iv must contain exactly 16 bytes', 'OperationError');
+  }
+
+  // Get cipher type based on key length
+  const keyLength = key.algorithm.length;
+  const cipherType = `aes-${keyLength}-cbc`;
+
+  // Create cipher
+  const factory = _reactNativeNitroModules.NitroModules.createHybridObject('CipherFactory');
+  const cipher = factory.createCipher({
+    isCipher: mode === CipherOrWrapMode.kWebCryptoCipherEncrypt,
+    cipherType,
+    cipherKey: (0, _conversion.bufferLikeToArrayBuffer)(key.keyObject.export()),
+    iv
+  });
+
+  // Process data
+  const updated = cipher.update(data);
+  const final = cipher.final();
+
+  // Concatenate results
+  const result = new Uint8Array(updated.byteLength + final.byteLength);
+  result.set(new Uint8Array(updated), 0);
+  result.set(new Uint8Array(final), updated.byteLength);
+  return result.buffer;
+}
+async function aesGcmCipher(mode, key, data, algorithm) {
+  const {
+    tagLength = 128
+  } = algorithm;
+
+  // Validate tag length
+  const validTagLengths = [32, 64, 96, 104, 112, 120, 128];
+  if (!validTagLengths.includes(tagLength)) {
+    throw (0, _errors.lazyDOMException)(`${tagLength} is not a valid AES-GCM tag length`, 'OperationError');
+  }
+  const tagByteLength = tagLength / 8;
+
+  // Get cipher type based on key length
+  const keyLength = key.algorithm.length;
+  const cipherType = `aes-${keyLength}-gcm`;
+
+  // Create cipher
+  const factory = _reactNativeNitroModules.NitroModules.createHybridObject('CipherFactory');
+  const cipher = factory.createCipher({
+    isCipher: mode === CipherOrWrapMode.kWebCryptoCipherEncrypt,
+    cipherType,
+    cipherKey: (0, _conversion.bufferLikeToArrayBuffer)(key.keyObject.export()),
+    iv: (0, _conversion.bufferLikeToArrayBuffer)(algorithm.iv),
+    authTagLen: tagByteLength
+  });
+  let processData;
+  let authTag;
+  if (mode === CipherOrWrapMode.kWebCryptoCipherDecrypt) {
+    // For decryption, extract auth tag from end of data
+    const dataView = new Uint8Array(data);
+    if (dataView.byteLength < tagByteLength) {
+      throw (0, _errors.lazyDOMException)('The provided data is too small.', 'OperationError');
+    }
+
+    // Split data and tag
+    const ciphertextLength = dataView.byteLength - tagByteLength;
+    processData = dataView.slice(0, ciphertextLength).buffer;
+    authTag = dataView.slice(ciphertextLength).buffer;
+
+    // Set auth tag for verification
+    cipher.setAuthTag(authTag);
+  } else {
+    processData = data;
+  }
+
+  // Set additional authenticated data if provided
+  if (algorithm.additionalData) {
+    cipher.setAAD((0, _conversion.bufferLikeToArrayBuffer)(algorithm.additionalData));
+  }
+
+  // Process data
+  const updated = cipher.update(processData);
+  const final = cipher.final();
+  if (mode === CipherOrWrapMode.kWebCryptoCipherEncrypt) {
+    // For encryption, append auth tag to result
+    const tag = cipher.getAuthTag();
+    const result = new Uint8Array(updated.byteLength + final.byteLength + tag.byteLength);
+    result.set(new Uint8Array(updated), 0);
+    result.set(new Uint8Array(final), updated.byteLength);
+    result.set(new Uint8Array(tag), updated.byteLength + final.byteLength);
+    return result.buffer;
+  } else {
+    // For decryption, just concatenate plaintext
+    const result = new Uint8Array(updated.byteLength + final.byteLength);
+    result.set(new Uint8Array(updated), 0);
+    result.set(new Uint8Array(final), updated.byteLength);
+    return result.buffer;
+  }
+}
+async function aesGenerateKey(algorithm, extractable, keyUsages) {
+  const {
+    length
+  } = algorithm;
+  const name = algorithm.name;
+  if (!name) {
+    throw (0, _errors.lazyDOMException)('Algorithm name is required', 'OperationError');
+  }
+
+  // Validate key length
+  if (![128, 192, 256].includes(length)) {
+    throw (0, _errors.lazyDOMException)(`Invalid AES key length: ${length}. Must be 128, 192, or 256.`, 'OperationError');
+  }
+
+  // Validate usages
+  const validUsages = ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'];
+  if (hasAnyNotIn(keyUsages, validUsages)) {
+    throw (0, _errors.lazyDOMException)(`Unsupported key usage for ${name}`, 'SyntaxError');
+  }
+
+  // Generate random key bytes
+  const keyBytes = new Uint8Array(length / 8);
+  (0, _random.getRandomValues)(keyBytes);
+
+  // Create secret key
+  const keyObject = (0, _keys.createSecretKey)(keyBytes);
+
+  // Construct algorithm object with guaranteed name
+  const keyAlgorithm = {
+    name,
+    length
+  };
+  return new _keys.CryptoKey(keyObject, keyAlgorithm, keyUsages, extractable);
+}
+async function hmacGenerateKey(algorithm, extractable, keyUsages) {
+  // Validate usages
+  if (hasAnyNotIn(keyUsages, ['sign', 'verify'])) {
+    throw (0, _errors.lazyDOMException)('Unsupported key usage for HMAC key', 'SyntaxError');
+  }
+
+  // Get hash algorithm
+  const hash = algorithm.hash;
+  if (!hash) {
+    throw (0, _errors.lazyDOMException)('HMAC algorithm requires a hash parameter', 'TypeError');
+  }
+  const hashName = (0, _hashnames.normalizeHashName)(hash);
+
+  // Determine key length
+  let length = algorithm.length;
+  if (length === undefined) {
+    // Use hash output length as default key length
+    switch (hashName) {
+      case 'SHA-1':
+        length = 160;
+        break;
+      case 'SHA-256':
+        length = 256;
+        break;
+      case 'SHA-384':
+        length = 384;
+        break;
+      case 'SHA-512':
+        length = 512;
+        break;
+      default:
+        length = 256;
+      // Default to 256 bits
+    }
+  }
+  if (length === 0) {
+    throw (0, _errors.lazyDOMException)('Zero-length key is not supported', 'OperationError');
+  }
+
+  // Generate random key bytes
+  const keyBytes = new Uint8Array(Math.ceil(length / 8));
+  (0, _random.getRandomValues)(keyBytes);
+
+  // Create secret key
+  const keyObject = (0, _keys.createSecretKey)(keyBytes);
+
+  // Construct algorithm object
+  const keyAlgorithm = {
+    name: 'HMAC',
+    hash: hashName,
+    length
+  };
+  return new _keys.CryptoKey(keyObject, keyAlgorithm, keyUsages, extractable);
+}
+function rsaImportKey(format, data, algorithm, extractable, keyUsages) {
+  const {
+    name
+  } = algorithm;
+
+  // Validate usages
+  let checkSet;
+  switch (name) {
+    case 'RSASSA-PKCS1-v1_5':
+    case 'RSA-PSS':
+      checkSet = ['sign', 'verify'];
+      break;
+    case 'RSA-OAEP':
+      checkSet = ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'];
+      break;
+    default:
+      throw new Error(`Unsupported RSA algorithm: ${name}`);
+  }
+  if (hasAnyNotIn(keyUsages, checkSet)) {
+    throw new Error(`Unsupported key usage for ${name}`);
+  }
+  let keyObject;
+  if (format === 'jwk') {
+    const jwk = data;
+
+    // Validate JWK
+    if (jwk.kty !== 'RSA') {
+      throw new Error('Invalid JWK format for RSA key');
+    }
+    const handle = _reactNativeNitroModules.NitroModules.createHybridObject('KeyObjectHandle');
+    const keyType = handle.initJwk(jwk, undefined);
+    if (keyType === undefined) {
+      throw new Error('Failed to import RSA JWK');
+    }
+
+    // Create the appropriate KeyObject based on type
+    if (keyType === 1) {
+      keyObject = new _keys.PublicKeyObject(handle);
+    } else if (keyType === 2) {
+      keyObject = new _keys.PrivateKeyObject(handle);
+    } else {
+      throw new Error('Unexpected key type from RSA JWK import');
+    }
+  } else if (format === 'spki') {
+    const keyData = (0, _conversion.bufferLikeToArrayBuffer)(data);
+    keyObject = _keys.KeyObject.createKeyObject('public', keyData, _utils.KFormatType.DER, _utils.KeyEncoding.SPKI);
+  } else if (format === 'pkcs8') {
+    const keyData = (0, _conversion.bufferLikeToArrayBuffer)(data);
+    keyObject = _keys.KeyObject.createKeyObject('private', keyData, _utils.KFormatType.DER, _utils.KeyEncoding.PKCS8);
+  } else {
+    throw new Error(`Unsupported format for RSA import: ${format}`);
+  }
+
+  // Get the modulus length from the key and add it to the algorithm
+  const keyDetails = keyObject.asymmetricKeyDetails;
+
+  // Convert publicExponent number to big-endian byte array
+  let publicExponentBytes;
+  if (keyDetails?.publicExponent) {
+    const exp = keyDetails.publicExponent;
+    // Convert number to big-endian bytes
+    const bytes = [];
+    let value = exp;
+    while (value > 0) {
+      bytes.unshift(value & 0xff);
+      value = Math.floor(value / 256);
+    }
+    publicExponentBytes = new Uint8Array(bytes.length > 0 ? bytes : [0]);
+  }
+  const algorithmWithDetails = {
+    ...algorithm,
+    modulusLength: keyDetails?.modulusLength,
+    publicExponent: publicExponentBytes
+  };
+  return new _keys.CryptoKey(keyObject, algorithmWithDetails, keyUsages, extractable);
+}
+async function hmacImportKey(algorithm, format, data, extractable, keyUsages) {
+  // Validate usages
+  if (hasAnyNotIn(keyUsages, ['sign', 'verify'])) {
+    throw new Error('Unsupported key usage for an HMAC key');
+  }
+  let keyObject;
+  if (format === 'jwk') {
+    const jwk = data;
+
+    // Validate JWK
+    if (!jwk || typeof jwk !== 'object') {
+      throw new Error('Invalid keyData');
+    }
+    if (jwk.kty !== 'oct') {
+      throw new Error('Invalid JWK format for HMAC key');
+    }
+
+    // Validate key length if specified
+    if (algorithm.length !== undefined) {
+      if (!jwk.k) {
+        throw new Error('JWK missing key data');
+      }
+      // Decode to check length
+      const decoded = _safeBuffer.Buffer.from(jwk.k, 'base64');
+      const keyBitLength = decoded.length * 8;
+      if (algorithm.length === 0) {
+        throw new Error('Zero-length key is not supported');
+      }
+      if (algorithm.length !== keyBitLength) {
+        throw new Error('Invalid key length');
+      }
+    }
+    const handle = _reactNativeNitroModules.NitroModules.createHybridObject('KeyObjectHandle');
+    const keyType = handle.initJwk(jwk, undefined);
+    if (keyType === undefined || keyType !== 0) {
+      throw new Error('Failed to import HMAC JWK');
+    }
+    keyObject = new _keys.SecretKeyObject(handle);
+  } else if (format === 'raw') {
+    keyObject = (0, _keys.createSecretKey)(data);
+  } else {
+    throw new Error(`Unable to import HMAC key with format ${format}`);
+  }
+  return new _keys.CryptoKey(keyObject, {
+    ...algorithm,
+    name: 'HMAC'
+  }, keyUsages, extractable);
+}
+async function aesImportKey(algorithm, format, data, extractable, keyUsages) {
+  const {
+    name,
+    length
+  } = algorithm;
+
+  // Validate usages
+  const validUsages = ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'];
+  if (hasAnyNotIn(keyUsages, validUsages)) {
+    throw new Error(`Unsupported key usage for ${name}`);
+  }
+  let keyObject;
+  let actualLength;
+  if (format === 'jwk') {
+    const jwk = data;
+
+    // Validate JWK
+    if (jwk.kty !== 'oct') {
+      throw new Error('Invalid JWK format for AES key');
+    }
+    const handle = _reactNativeNitroModules.NitroModules.createHybridObject('KeyObjectHandle');
+    const keyType = handle.initJwk(jwk, undefined);
+    if (keyType === undefined || keyType !== 0) {
+      throw new Error('Failed to import AES JWK');
+    }
+    keyObject = new _keys.SecretKeyObject(handle);
+
+    // Get actual key length from imported key
+    const exported = keyObject.export();
+    actualLength = exported.byteLength * 8;
+  } else if (format === 'raw') {
+    const keyData = (0, _conversion.bufferLikeToArrayBuffer)(data);
+    actualLength = keyData.byteLength * 8;
+
+    // Validate key length
+    if (![128, 192, 256].includes(actualLength)) {
+      throw new Error('Invalid AES key length');
+    }
+    keyObject = (0, _keys.createSecretKey)(keyData);
+  } else {
+    throw new Error(`Unsupported format for AES import: ${format}`);
+  }
+
+  // Validate length if specified
+  if (length !== undefined && length !== actualLength) {
+    throw new Error(`Key length mismatch: expected ${length}, got ${actualLength}`);
+  }
+  return new _keys.CryptoKey(keyObject, {
+    name,
+    length: actualLength
+  }, keyUsages, extractable);
+}
+function edImportKey(format, data, algorithm, extractable, keyUsages) {
+  const {
+    name
+  } = algorithm;
+
+  // Validate usages
+  if (hasAnyNotIn(keyUsages, ['sign', 'verify'])) {
+    throw (0, _errors.lazyDOMException)(`Unsupported key usage for ${name} key`, 'SyntaxError');
+  }
+  let keyObject;
+  if (format === 'spki') {
+    // Import public key
+    const keyData = (0, _conversion.bufferLikeToArrayBuffer)(data);
+    keyObject = _keys.KeyObject.createKeyObject('public', keyData, _utils.KFormatType.DER, _utils.KeyEncoding.SPKI);
+  } else if (format === 'pkcs8') {
+    // Import private key
+    const keyData = (0, _conversion.bufferLikeToArrayBuffer)(data);
+    keyObject = _keys.KeyObject.createKeyObject('private', keyData, _utils.KFormatType.DER, _utils.KeyEncoding.PKCS8);
+  } else if (format === 'raw') {
+    // Raw format - public key only for Ed keys
+    const keyData = (0, _conversion.bufferLikeToArrayBuffer)(data);
+    const handle = _reactNativeNitroModules.NitroModules.createHybridObject('KeyObjectHandle');
+    // For raw Ed keys, we need to create them differently
+    // Raw public keys are just the key bytes
+    handle.init(1, keyData); // 1 = public key type
+    keyObject = new _keys.PublicKeyObject(handle);
+  } else {
+    throw (0, _errors.lazyDOMException)(`Unsupported format for ${name} import: ${format}`, 'NotSupportedError');
+  }
+  return new _keys.CryptoKey(keyObject, {
+    name
+  }, keyUsages, extractable);
+}
+const exportKeySpki = async key => {
+  switch (key.algorithm.name) {
+    case 'RSASSA-PKCS1-v1_5':
+    // Fall through
+    case 'RSA-PSS':
+    // Fall through
+    case 'RSA-OAEP':
+      if (key.type === 'public') {
+        return rsaExportKey(key, KWebCryptoKeyFormat.kWebCryptoKeyFormatSPKI);
+      }
+      break;
+    case 'ECDSA':
+    // Fall through
+    case 'ECDH':
+      if (key.type === 'public') {
+        return ecExportKey(key, KWebCryptoKeyFormat.kWebCryptoKeyFormatSPKI);
+      }
+      break;
+    case 'Ed25519':
+    // Fall through
+    case 'Ed448':
+      if (key.type === 'public') {
+        // Export Ed key in SPKI DER format
+        return (0, _conversion.bufferLikeToArrayBuffer)(key.keyObject.handle.exportKey(_utils.KFormatType.DER, _utils.KeyEncoding.SPKI));
+      }
+      break;
+  }
+  throw new Error(`Unable to export a spki ${key.algorithm.name} ${key.type} key`);
+};
+const exportKeyPkcs8 = async key => {
+  switch (key.algorithm.name) {
+    case 'RSASSA-PKCS1-v1_5':
+    // Fall through
+    case 'RSA-PSS':
+    // Fall through
+    case 'RSA-OAEP':
+      if (key.type === 'private') {
+        return rsaExportKey(key, KWebCryptoKeyFormat.kWebCryptoKeyFormatPKCS8);
+      }
+      break;
+    case 'ECDSA':
+    // Fall through
+    case 'ECDH':
+      if (key.type === 'private') {
+        return ecExportKey(key, KWebCryptoKeyFormat.kWebCryptoKeyFormatPKCS8);
+      }
+      break;
+    case 'Ed25519':
+    // Fall through
+    case 'Ed448':
+      if (key.type === 'private') {
+        // Export Ed key in PKCS8 DER format
+        return (0, _conversion.bufferLikeToArrayBuffer)(key.keyObject.handle.exportKey(_utils.KFormatType.DER, _utils.KeyEncoding.PKCS8));
+      }
+      break;
+  }
+  throw new Error(`Unable to export a pkcs8 ${key.algorithm.name} ${key.type} key`);
+};
+const exportKeyRaw = key => {
+  switch (key.algorithm.name) {
+    case 'ECDSA':
+    // Fall through
+    case 'ECDH':
+      if (key.type === 'public') {
+        return ecExportKey(key, KWebCryptoKeyFormat.kWebCryptoKeyFormatRaw);
+      }
+      break;
+    case 'AES-CTR':
+    // Fall through
+    case 'AES-CBC':
+    // Fall through
+    case 'AES-GCM':
+    // Fall through
+    case 'AES-KW':
+    // Fall through
+    case 'HMAC':
+      {
+        const exported = key.keyObject.export();
+        // Convert Buffer to ArrayBuffer
+        return exported.buffer.slice(exported.byteOffset, exported.byteOffset + exported.byteLength);
+      }
+  }
+  throw (0, _errors.lazyDOMException)(`Unable to export a raw ${key.algorithm.name} ${key.type} key`, 'InvalidAccessError');
+};
+const exportKeyJWK = key => {
+  const jwk = key.keyObject.handle.exportJwk({
+    key_ops: key.usages,
+    ext: key.extractable
+  }, true);
+  switch (key.algorithm.name) {
+    case 'RSASSA-PKCS1-v1_5':
+      jwk.alg = (0, _hashnames.normalizeHashName)(key.algorithm.hash, _hashnames.HashContext.JwkRsa);
+      return jwk;
+    case 'RSA-PSS':
+      jwk.alg = (0, _hashnames.normalizeHashName)(key.algorithm.hash, _hashnames.HashContext.JwkRsaPss);
+      return jwk;
+    case 'RSA-OAEP':
+      jwk.alg = (0, _hashnames.normalizeHashName)(key.algorithm.hash, _hashnames.HashContext.JwkRsaOaep);
+      return jwk;
+    case 'HMAC':
+      jwk.alg = (0, _hashnames.normalizeHashName)(key.algorithm.hash, _hashnames.HashContext.JwkHmac);
+      return jwk;
+    case 'ECDSA':
+    // Fall through
+    case 'ECDH':
+      jwk.crv ||= key.algorithm.namedCurve;
+      return jwk;
+    case 'AES-CTR':
+    // Fall through
+    case 'AES-CBC':
+    // Fall through
+    case 'AES-GCM':
+    // Fall through
+    case 'AES-KW':
+      if (key.algorithm.length === undefined) {
+        throw (0, _errors.lazyDOMException)(`Algorithm ${key.algorithm.name} missing required length property`, 'InvalidAccessError');
+      }
+      jwk.alg = getAlgorithmName(key.algorithm.name, key.algorithm.length);
+      return jwk;
+    default:
+    // Fall through
+  }
+  throw (0, _errors.lazyDOMException)(`JWK export not yet supported: ${key.algorithm.name}`, 'NotSupportedError');
+};
+const importGenericSecretKey = async ({
+  name,
+  length
+}, format, keyData, extractable, keyUsages) => {
+  if (extractable) {
+    throw new Error(`${name} keys are not extractable`);
+  }
+  if (hasAnyNotIn(keyUsages, ['deriveKey', 'deriveBits'])) {
+    throw new Error(`Unsupported key usage for a ${name} key`);
+  }
+  switch (format) {
+    case 'raw':
+      {
+        if (hasAnyNotIn(keyUsages, ['deriveKey', 'deriveBits'])) {
+          throw new Error(`Unsupported key usage for a ${name} key`);
+        }
+        const checkLength = typeof keyData === 'string' || _safeBuffer.Buffer.isBuffer(keyData) ? keyData.length * 8 : keyData.byteLength * 8;
+        if (length !== undefined && length !== checkLength) {
+          throw new Error('Invalid key length');
+        }
+        const keyObject = (0, _keys.createSecretKey)(keyData);
+        return new _keys.CryptoKey(keyObject, {
+          name
+        }, keyUsages, false);
+      }
+  }
+  throw new Error(`Unable to import ${name} key with format ${format}`);
+};
+const checkCryptoKeyPairUsages = pair => {
+  if (pair.privateKey && pair.privateKey instanceof _keys.CryptoKey && pair.privateKey.keyUsages && pair.privateKey.keyUsages.length > 0) {
+    return;
+  }
+  throw (0, _errors.lazyDOMException)('Usages cannot be empty when creating a key.', 'SyntaxError');
+};
+
+// Type guard to check if result is CryptoKeyPair
+function isCryptoKeyPair(result) {
+  return 'publicKey' in result && 'privateKey' in result;
+}
+function hmacSignVerify(key, data, signature) {
+  // Get hash algorithm from key
+  const hashName = (0, _hashnames.normalizeHashName)(key.algorithm.hash);
+
+  // Export the secret key material
+  const keyData = key.keyObject.export();
+
+  // Create HMAC and compute digest
+  const hmac = (0, _hmac.createHmac)(hashName, keyData);
+  hmac.update((0, _conversion.bufferLikeToArrayBuffer)(data));
+  const computed = hmac.digest();
+  if (signature === undefined) {
+    // Sign operation - return the HMAC as ArrayBuffer
+    return computed.buffer.slice(computed.byteOffset, computed.byteOffset + computed.byteLength);
+  }
+
+  // Verify operation - compare computed HMAC with provided signature
+  const sigBytes = new Uint8Array((0, _conversion.bufferLikeToArrayBuffer)(signature));
+  const computedBytes = new Uint8Array(computed.buffer, computed.byteOffset, computed.byteLength);
+  if (computedBytes.length !== sigBytes.length) {
+    return false;
+  }
+
+  // Constant-time comparison to prevent timing attacks
+  let result = 0;
+  for (let i = 0; i < computedBytes.length; i++) {
+    result |= computedBytes[i] ^ sigBytes[i];
+  }
+  return result === 0;
+}
+function rsaSignVerify(key, data, padding, signature, saltLength) {
+  // Get hash algorithm from key
+  const hashName = (0, _hashnames.normalizeHashName)(key.algorithm.hash);
+
+  // Determine RSA padding constant
+  const RSA_PKCS1_PADDING = 1;
+  const RSA_PKCS1_PSS_PADDING = 6;
+  const paddingValue = padding === 'pss' ? RSA_PKCS1_PSS_PADDING : RSA_PKCS1_PADDING;
+  if (signature === undefined) {
+    // Sign operation
+    const signer = (0, _signVerify.createSign)(hashName);
+    signer.update(data);
+    const sig = signer.sign({
+      key: key,
+      padding: paddingValue,
+      saltLength
+    });
+    return sig.buffer.slice(sig.byteOffset, sig.byteOffset + sig.byteLength);
+  }
+
+  // Verify operation
+  const verifier = (0, _signVerify.createVerify)(hashName);
+  verifier.update(data);
+  return verifier.verify({
+    key: key,
+    padding: paddingValue,
+    saltLength
+  }, signature);
+}
+function edSignVerify(key, data, signature) {
+  const isSign = signature === undefined;
+  const expectedKeyType = isSign ? 'private' : 'public';
+  if (key.type !== expectedKeyType) {
+    throw (0, _errors.lazyDOMException)(`Key must be a ${expectedKeyType} key`, 'InvalidAccessError');
+  }
+
+  // Get curve type from algorithm name (Ed25519 or Ed448)
+  const algorithmName = key.algorithm.name;
+  const curveType = algorithmName.toLowerCase();
+
+  // Create Ed instance with the curve
+  const ed = new _ed.Ed(curveType, {});
+
+  // Export raw key bytes (exportKey with no format returns raw for Ed keys)
+  const rawKey = key.keyObject.handle.exportKey();
+  const dataBuffer = (0, _conversion.bufferLikeToArrayBuffer)(data);
+  if (isSign) {
+    // Sign operation - use raw private key
+    const sig = ed.signSync(dataBuffer, rawKey);
+    return sig;
+  } else {
+    // Verify operation - use raw public key
+    const signatureBuffer = (0, _conversion.bufferLikeToArrayBuffer)(signature);
+    return ed.verifySync(signatureBuffer, dataBuffer, rawKey);
+  }
+}
+const signVerify = (algorithm, key, data, signature) => {
+  const usage = signature === undefined ? 'sign' : 'verify';
+  algorithm = normalizeAlgorithm(algorithm, usage);
+  if (!key.usages.includes(usage) || algorithm.name !== key.algorithm.name) {
+    throw (0, _errors.lazyDOMException)(`Unable to use this key to ${usage}`, 'InvalidAccessError');
+  }
+  switch (algorithm.name) {
+    case 'ECDSA':
+      return (0, _ec.ecdsaSignVerify)(key, data, algorithm, signature);
+    case 'HMAC':
+      return hmacSignVerify(key, data, signature);
+    case 'RSASSA-PKCS1-v1_5':
+      return rsaSignVerify(key, data, 'pkcs1', signature);
+    case 'RSA-PSS':
+      return rsaSignVerify(key, data, 'pss', signature, algorithm.saltLength);
+    case 'Ed25519':
+    case 'Ed448':
+      return edSignVerify(key, data, signature);
+  }
+  throw (0, _errors.lazyDOMException)(`Unrecognized algorithm name '${algorithm.name}' for '${usage}'`, 'NotSupportedError');
+};
+const cipherOrWrap = async (mode, algorithm, key, data, op) => {
+  if (key.algorithm.name !== algorithm.name || !key.usages.includes(op)) {
+    throw (0, _errors.lazyDOMException)('The requested operation is not valid for the provided key', 'InvalidAccessError');
+  }
+  (0, _validation.validateMaxBufferLength)(data, 'data');
+  switch (algorithm.name) {
+    case 'RSA-OAEP':
+      return rsaCipher(mode, key, data, algorithm);
+    case 'AES-CTR':
+    // Fall through
+    case 'AES-CBC':
+    // Fall through
+    case 'AES-GCM':
+      return aesCipher(mode, key, data, algorithm);
+  }
+};
+class Subtle {
+  async decrypt(algorithm, key, data) {
+    const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'decrypt');
+    return cipherOrWrap(CipherOrWrapMode.kWebCryptoCipherDecrypt, normalizedAlgorithm, key, (0, _conversion.bufferLikeToArrayBuffer)(data), 'decrypt');
+  }
+  async digest(algorithm, data) {
+    const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'digest');
+    return (0, _hash.asyncDigest)(normalizedAlgorithm, data);
+  }
+  async deriveBits(algorithm, baseKey, length) {
+    if (!baseKey.keyUsages.includes('deriveBits')) {
+      throw new Error('baseKey does not have deriveBits usage');
+    }
+    if (baseKey.algorithm.name !== algorithm.name) throw new Error('Key algorithm mismatch');
+    switch (algorithm.name) {
+      case 'PBKDF2':
+        return (0, _pbkdf.pbkdf2DeriveBits)(algorithm, baseKey, length);
+    }
+    throw new Error(`'subtle.deriveBits()' for ${algorithm.name} is not implemented.`);
+  }
+  async encrypt(algorithm, key, data) {
+    const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'encrypt');
+    return cipherOrWrap(CipherOrWrapMode.kWebCryptoCipherEncrypt, normalizedAlgorithm, key, (0, _conversion.bufferLikeToArrayBuffer)(data), 'encrypt');
+  }
+  async exportKey(format, key) {
+    if (!key.extractable) throw new Error('key is not extractable');
+    switch (format) {
+      case 'spki':
+        return await exportKeySpki(key);
+      case 'pkcs8':
+        return await exportKeyPkcs8(key);
+      case 'jwk':
+        return exportKeyJWK(key);
+      case 'raw':
+        return exportKeyRaw(key);
+    }
+  }
+  async generateKey(algorithm, extractable, keyUsages) {
+    algorithm = normalizeAlgorithm(algorithm, 'generateKey');
+    let result;
+    switch (algorithm.name) {
+      case 'RSASSA-PKCS1-v1_5':
+      // Fall through
+      case 'RSA-PSS':
+      // Fall through
+      case 'RSA-OAEP':
+        result = await (0, _rsa.rsa_generateKeyPair)(algorithm, extractable, keyUsages);
+        break;
+      case 'ECDSA':
+      // Fall through
+      case 'ECDH':
+        result = await (0, _ec.ec_generateKeyPair)(algorithm.name, algorithm.namedCurve, extractable, keyUsages);
+        checkCryptoKeyPairUsages(result);
+        break;
+      case 'AES-CTR':
+      // Fall through
+      case 'AES-CBC':
+      // Fall through
+      case 'AES-GCM':
+      // Fall through
+      case 'AES-KW':
+        result = await aesGenerateKey(algorithm, extractable, keyUsages);
+        break;
+      case 'HMAC':
+        result = await hmacGenerateKey(algorithm, extractable, keyUsages);
+        break;
+      case 'Ed25519':
+      // Fall through
+      case 'Ed448':
+        result = await (0, _ed.ed_generateKeyPairWebCrypto)(algorithm.name.toLowerCase(), extractable, keyUsages);
+        checkCryptoKeyPairUsages(result);
+        break;
+      default:
+        throw new Error(`'subtle.generateKey()' is not implemented for ${algorithm.name}.
+            Unrecognized algorithm name`);
+    }
+    return result;
+  }
+  async importKey(format, data, algorithm, extractable, keyUsages) {
+    const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'importKey');
+    let result;
+    switch (normalizedAlgorithm.name) {
+      case 'RSASSA-PKCS1-v1_5':
+      // Fall through
+      case 'RSA-PSS':
+      // Fall through
+      case 'RSA-OAEP':
+        result = rsaImportKey(format, data, normalizedAlgorithm, extractable, keyUsages);
+        break;
+      case 'ECDSA':
+      // Fall through
+      case 'ECDH':
+        result = (0, _ec.ecImportKey)(format, data, normalizedAlgorithm, extractable, keyUsages);
+        break;
+      case 'HMAC':
+        result = await hmacImportKey(normalizedAlgorithm, format, data, extractable, keyUsages);
+        break;
+      case 'AES-CTR':
+      // Fall through
+      case 'AES-CBC':
+      // Fall through
+      case 'AES-GCM':
+      // Fall through
+      case 'AES-KW':
+        result = await aesImportKey(normalizedAlgorithm, format, data, extractable, keyUsages);
+        break;
+      case 'PBKDF2':
+        result = await importGenericSecretKey(normalizedAlgorithm, format, data, extractable, keyUsages);
+        break;
+      case 'Ed25519':
+      // Fall through
+      case 'Ed448':
+        result = edImportKey(format, data, normalizedAlgorithm, extractable, keyUsages);
+        break;
+      default:
+        throw new Error(`"subtle.importKey()" is not implemented for ${normalizedAlgorithm.name}`);
+    }
+    if ((result.type === 'secret' || result.type === 'private') && result.usages.length === 0) {
+      throw new Error(`Usages cannot be empty when importing a ${result.type} key.`);
+    }
+    return result;
+  }
+  async sign(algorithm, key, data) {
+    return signVerify(algorithm, key, data);
+  }
+  async verify(algorithm, key, signature, data) {
+    return signVerify(algorithm, key, data, signature);
+  }
+}
+exports.Subtle = Subtle;
+const subtle = exports.subtle = new Subtle();
+//# sourceMappingURL=subtle.js.map