react-native-quick-crypto 1.0.0-beta.8 → 1.0.0

package/src/utils/cipher.ts

@@ -0,0 +1,60 @@
+import type { Encoding } from './types';
+
+// Mimics node behavior for default global encoding
+let defaultEncoding: Encoding = 'buffer';
+
+export function setDefaultEncoding(encoding: Encoding) {
+  defaultEncoding = encoding;
+}
+
+export function getDefaultEncoding(): Encoding {
+  return defaultEncoding;
+}
+
+export function normalizeEncoding(enc: string) {
+  if (!enc) return 'utf8';
+  let retried;
+  while (true) {
+    switch (enc) {
+      case 'utf8':
+      case 'utf-8':
+        return 'utf8';
+      case 'ucs2':
+      case 'ucs-2':
+      case 'utf16le':
+      case 'utf-16le':
+        return 'utf16le';
+      case 'latin1':
+      case 'binary':
+        return 'latin1';
+      case 'base64':
+      case 'ascii':
+      case 'hex':
+        return enc;
+      default:
+        if (retried) return; // undefined
+        enc = ('' + enc).toLowerCase();
+        retried = true;
+    }
+  }
+}
+
+export function validateEncoding(data: string, encoding: string) {
+  const normalizedEncoding = normalizeEncoding(encoding);
+  const length = data.length;
+
+  if (normalizedEncoding === 'hex' && length % 2 !== 0) {
+    throw new Error(`Encoding ${encoding} not valid for data length ${length}`);
+  }
+}
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export function getUIntOption(options: Record<string, any>, key: string) {
+  let value;
+  if (options && (value = options[key]) != null) {
+    // >>> Turns any type into a positive integer (also sets the sign bit to 0)
+    if (value >>> 0 !== value) throw new Error(`options.${key}: ${value}`);
+    return value;
+  }
+  return -1;
+}

package/src/utils/conversion.ts

@@ -1,6 +1,7 @@
 import { Buffer as CraftzdogBuffer } from '@craftzdog/react-native-buffer';
 import { Buffer as SafeBuffer } from 'safe-buffer';
 import type { ABV, BinaryLikeNode, BufferLike } from './types';
+import { KeyObject } from '../keys/classes';
 
 /**
  * Converts supplied argument to an ArrayBuffer.  Note this does not copy the
@@ -56,8 +57,29 @@ export function bufferLikeToArrayBuffer(buf: BufferLike): ArrayBuffer {
   if (ArrayBuffer.isView(buf)) {
     return toArrayBuffer(buf);
   }
-  // ArrayBuffer
-  return buf;
+
+  // If buf is already an ArrayBuffer, return it.
+  if (buf instanceof ArrayBuffer) {
+    return buf;
+  }
+
+  // If buf is a SharedArrayBuffer, convert it to ArrayBuffer.
+  // This typically involves a copy of the data.
+  if (
+    typeof SharedArrayBuffer !== 'undefined' &&
+    buf instanceof SharedArrayBuffer
+  ) {
+    const arrayBuffer = new ArrayBuffer(buf.byteLength);
+    new Uint8Array(arrayBuffer).set(new Uint8Array(buf));
+    return arrayBuffer;
+  }
+
+  // If we reach here, 'buf' is of a type within BufferLike that has not been handled by the above checks.
+  // This indicates either an incomplete BufferLike definition or an unexpected input type.
+  // Throw an error to signal this, ensuring the function's contract (return ArrayBuffer or throw) is met.
+  throw new TypeError(
+    'Input must be a Buffer, ArrayBufferView, ArrayBuffer, or SharedArrayBuffer.',
+  );
 }
 
 export function binaryLikeToArrayBuffer(
@@ -111,9 +133,14 @@ export function binaryLikeToArrayBuffer(
   //   }
   // }
 
-  // TODO: handle if input is KeyObject?
+  // KeyObject
+  if (input instanceof KeyObject) {
+    return input.handle.exportKey();
+  }
 
-  throw new Error('input could not be converted to ArrayBuffer');
+  throw new Error(
+    'Invalid argument type for "key". Need ArrayBuffer, TypedArray, KeyObject, CryptoKey, string',
+  );
 }
 
 export function ab2str(buf: ArrayBuffer, encoding: string = 'hex') {
@@ -121,3 +148,5 @@ export function ab2str(buf: ArrayBuffer, encoding: string = 'hex') {
 }
 
 export const kEmptyObject = Object.freeze(Object.create(null));
+
+export * from './noble';

package/src/utils/hashnames.ts

@@ -79,11 +79,13 @@ const kHashNames: HashNames = {
 }
 
 export function normalizeHashName(
-  algo: string | HashAlgorithm | undefined,
+  algo: string | HashAlgorithm | { name: string } | undefined,
   context: HashContext = HashContext.Node,
 ): HashAlgorithm {
   if (typeof algo !== 'undefined') {
-    const normAlgo = algo.toString().toLowerCase();
+    const hashName =
+      typeof algo === 'string' ? algo : algo.name || algo.toString();
+    const normAlgo = hashName.toLowerCase();
     try {
       const alias = kHashNames[normAlgo]![context] as HashAlgorithm;
       if (alias) return alias;

package/src/utils/index.ts

@@ -3,3 +3,4 @@ export * from './errors';
 export * from './hashnames';
 export * from './types';
 export * from './validation';
+export * from './cipher';

package/src/utils/noble.ts

@@ -0,0 +1,85 @@
+import type { Hex } from './types';
+
+/**
+ * Takes hex string or Uint8Array, converts to Uint8Array.
+ * Validates output length.
+ * Will throw error for other types.
+ * @param title descriptive title for an error e.g. 'private key'
+ * @param hex hex string or Uint8Array
+ * @param expectedLength optional, will compare to result array's length
+ * @returns
+ */
+export function ensureBytes(
+  title: string,
+  hex: Hex,
+  expectedLength?: number,
+): Uint8Array {
+  let res: Uint8Array;
+  if (typeof hex === 'string') {
+    try {
+      res = hexToBytes(hex);
+    } catch (e) {
+      throw new Error(title + ' must be hex string or Uint8Array, cause: ' + e);
+    }
+  } else if (isBytes(hex)) {
+    // Uint8Array.from() instead of hash.slice() because node.js Buffer
+    // is instance of Uint8Array, and its slice() creates **mutable** copy
+    res = Uint8Array.from(hex);
+  } else {
+    throw new Error(title + ' must be hex string or Uint8Array');
+  }
+  const len = res.length;
+  if (typeof expectedLength === 'number' && len !== expectedLength)
+    throw new Error(
+      title + ' of length ' + expectedLength + ' expected, got ' + len,
+    );
+  return res;
+}
+
+/** Checks if something is Uint8Array. Be careful: nodejs Buffer will return true. */
+export function isBytes(a: unknown): a is Uint8Array {
+  return (
+    a instanceof Uint8Array ||
+    (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array')
+  );
+}
+
+// We use optimized technique to convert hex string to byte array
+const asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 } as const;
+function asciiToBase16(ch: number): number | undefined {
+  if (ch >= asciis._0 && ch <= asciis._9) return ch - asciis._0; // '2' => 50-48
+  if (ch >= asciis.A && ch <= asciis.F) return ch - (asciis.A - 10); // 'B' => 66-(65-10)
+  if (ch >= asciis.a && ch <= asciis.f) return ch - (asciis.a - 10); // 'b' => 98-(97-10)
+  return;
+}
+
+/**
+ * Convert hex string to byte array. Uses built-in function, when available.
+ * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])
+ */
+export function hexToBytes(hex: string): Uint8Array {
+  if (typeof hex !== 'string')
+    throw new Error('hex string expected, got ' + typeof hex);
+  // @ts-expect-error Uint8Array.fromHex
+  if (hasHexBuiltin) return Uint8Array.fromHex(hex);
+  const hl = hex.length;
+  const al = hl / 2;
+  if (hl % 2)
+    throw new Error('hex string expected, got unpadded hex of length ' + hl);
+  const array = new Uint8Array(al);
+  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
+    const n1 = asciiToBase16(hex.charCodeAt(hi));
+    const n2 = asciiToBase16(hex.charCodeAt(hi + 1));
+    if (n1 === undefined || n2 === undefined) {
+      const char = hex.substring(hi, hi + 2);
+      throw new Error(
+        'hex string expected, got non-hex character "' +
+          char +
+          '" at index ' +
+          hi,
+      );
+    }
+    array[ai] = n1 * 16 + n2; // multiply first octet, e.g. 'a3' => 10*16+3 => 160 + 3 => 163
+  }
+  return array;
+}

package/src/utils/types.ts

@@ -1,7 +1,9 @@
 import type { Buffer as CraftzdogBuffer } from '@craftzdog/react-native-buffer';
+import type { Buffer } from 'buffer';
+import type { CipherKey } from 'node:crypto'; // @types/node
 import type { Buffer as SafeBuffer } from 'safe-buffer';
-import type { CipherKey } from 'crypto'; // @types/node
-import type { KeyObjectHandle } from '../specs/keyObjectHandle.nitro';
+import type { KeyObjectHandle as KeyObjectHandleType } from '../specs/keyObjectHandle.nitro';
+import type { KeyObject, CryptoKey } from '../keys';
 
 export type ABV = TypedArray | DataView | ArrayBufferLike | CraftzdogBuffer;
 
@@ -20,19 +22,23 @@ export type RandomCallback<T> = (err: Error | null, value: T) => void;
 
 export type BufferLike =
   | ArrayBuffer
+  | ArrayBufferLike
   | CraftzdogBuffer
   | SafeBuffer
   | ArrayBufferView;
 
 export type BinaryLike =
   | string
+  | Buffer
   | ArrayBuffer
+  | ArrayBufferLike
+  | ArrayBufferView
   | CraftzdogBuffer
   | SafeBuffer
   | TypedArray
   | DataView;
 
-export type BinaryLikeNode = CipherKey | BinaryLike;
+export type BinaryLikeNode = CipherKey | BinaryLike | KeyObject;
 
 export type DigestAlgorithm = 'SHA-1' | 'SHA-256' | 'SHA-384' | 'SHA-512';
 
@@ -40,11 +46,31 @@ export type HashAlgorithm = DigestAlgorithm | 'SHA-224' | 'RIPEMD-160';
 
 export type RSAKeyPairAlgorithm = 'RSASSA-PKCS1-v1_5' | 'RSA-PSS' | 'RSA-OAEP';
 
+export interface RsaHashedKeyGenParams {
+  name: RSAKeyPairAlgorithm;
+  modulusLength: number;
+  publicExponent: Uint8Array;
+  hash: string | { name: string };
+}
+
+export interface RsaKeyAlgorithm {
+  name: RSAKeyPairAlgorithm;
+  modulusLength: number;
+  publicExponent: Uint8Array;
+  hash: { name: string };
+}
+
 export type ECKeyPairAlgorithm = 'ECDSA' | 'ECDH';
 
 export type CFRGKeyPairAlgorithm = 'Ed25519' | 'Ed448' | 'X25519' | 'X448';
 export type CFRGKeyPairType = 'ed25519' | 'ed448' | 'x25519' | 'x448';
 
+// Node.js style key pair types (lowercase)
+export type RSAKeyPairType = 'rsa' | 'rsa-pss';
+export type ECKeyPairType = 'ec';
+export type DSAKeyPairType = 'dsa';
+export type DHKeyPairType = 'dh';
+
 export type KeyPairAlgorithm =
   | RSAKeyPairAlgorithm
   | ECKeyPairAlgorithm
@@ -75,6 +101,49 @@ export type EncryptDecryptAlgorithm =
   | 'AES-CBC'
   | 'AES-GCM';
 
+export type RsaOaepParams = {
+  name: 'RSA-OAEP';
+  label?: BufferLike;
+};
+
+export type AesCbcParams = {
+  name: 'AES-CBC';
+  iv: BufferLike;
+};
+
+export type AesCtrParams = {
+  name: 'AES-CTR';
+  counter: TypedArray;
+  length: number;
+};
+
+export type AesGcmParams = {
+  name: 'AES-GCM';
+  iv: BufferLike;
+  tagLength?: TagLength;
+  additionalData?: BufferLike;
+};
+
+export type AesKwParams = {
+  name: 'AES-KW';
+  wrappingKey?: BufferLike;
+};
+
+export type AesKeyGenParams = {
+  length: AESLength;
+  name?: AESAlgorithm;
+};
+
+export type TagLength = 32 | 64 | 96 | 104 | 112 | 120 | 128;
+
+export type AESLength = 128 | 192 | 256;
+
+export type EncryptDecryptParams =
+  | AesCbcParams
+  | AesCtrParams
+  | AesGcmParams
+  | RsaOaepParams;
+
 export type AnyAlgorithm =
   | DigestAlgorithm
   | HashAlgorithm
@@ -94,14 +163,20 @@ export type SubtleAlgorithm = {
   name: AnyAlgorithm;
   salt?: string;
   iterations?: number;
-  hash?: HashAlgorithm;
+  hash?: HashAlgorithm | { name: string };
   namedCurve?: NamedCurve;
   length?: number;
   modulusLength?: number;
   publicExponent?: number | Uint8Array;
+  saltLength?: number;
 };
 
-export type KeyPairType = CFRGKeyPairType;
+export type KeyPairType =
+  | CFRGKeyPairType
+  | RSAKeyPairType
+  | ECKeyPairType
+  | DSAKeyPairType
+  | DHKeyPairType;
 
 export type KeyUsage =
   | 'encrypt'
@@ -110,47 +185,65 @@ export type KeyUsage =
   | 'verify'
   | 'deriveKey'
   | 'deriveBits'
+  | 'encapsulateBits'
+  | 'decapsulateBits'
+  | 'encapsulateKey'
+  | 'decapsulateKey'
   | 'wrapKey'
   | 'unwrapKey';
 
-// On node this value is defined on the native side, for now I'm just creating it here in JS
-// TODO(osp) move this into native side to make sure they always match
+// TODO: These enums need to be defined on the native side
 export enum KFormatType {
-  kKeyFormatDER,
-  kKeyFormatPEM,
-  kKeyFormatJWK,
+  DER,
+  PEM,
+  JWK,
 }
 
-// Same as KFormatType, this enum needs to be defined on the native side
 export enum KeyType {
-  Secret,
-  Public,
-  Private,
+  SECRET,
+  PUBLIC,
+  PRIVATE,
 }
 
 export enum KeyEncoding {
-  kKeyEncodingPKCS1,
-  kKeyEncodingPKCS8,
-  kKeyEncodingSPKI,
-  kKeyEncodingSEC1,
+  PKCS1,
+  PKCS8,
+  SPKI,
+  SEC1,
+}
+
+export enum KeyFormat {
+  RAW,
+  PKCS8,
+  SPKI,
+  JWK,
 }
 
+export type KeyData = BufferLike | BinaryLike | JWK;
+
+export const kNamedCurveAliases = {
+  'P-256': 'prime256v1',
+  'P-384': 'secp384r1',
+  'P-521': 'secp521r1',
+} as const;
+// end TODO
+
 export type KeyPairGenConfig = {
-  publicFormat?: KFormatType;
+  publicFormat?: KFormatType | -1;
   publicType?: KeyEncoding;
-  privateFormat?: KFormatType;
+  privateFormat?: KFormatType | -1;
   privateType?: KeyEncoding;
   cipher?: string;
   passphrase?: ArrayBuffer;
 };
 
 export type AsymmetricKeyType =
-  // 'rsa' |
-  // 'rsa-pss' |
-  // 'dsa' |
-  // 'ec' |
-  // 'dh' |
-  CFRGKeyPairType;
+  | 'rsa'
+  | 'rsa-pss'
+  | 'dsa'
+  | 'ec'
+  | 'dh'
+  | CFRGKeyPairType;
 
 type JWKkty = 'AES' | 'RSA' | 'EC' | 'oct';
 type JWKuse = 'sig' | 'enc';
@@ -232,9 +325,14 @@ export type GenerateKeyPairOptions = {
   mgf1Hash?: string;
 };
 
-// Note: removed CryptoKey class from this type (from 0.x) because Nitro doesn't
-//       handle custom JS objects.  We might need to make it a JS object.
-export type KeyPairKey = ArrayBuffer | KeyObjectHandle | undefined;
+export type KeyPairKey =
+  | ArrayBuffer
+  | Buffer
+  | string
+  | KeyObject
+  | KeyObjectHandle
+  | CryptoKey
+  | undefined;
 
 export type GenerateKeyPairReturn = [
   error?: Error,
@@ -260,6 +358,11 @@ export type CryptoKeyPair = {
   privateKey: KeyPairKey;
 };
 
+export type WebCryptoKeyPair = {
+  publicKey: CryptoKey;
+  privateKey: CryptoKey;
+};
+
 export enum KeyVariant {
   RSA_SSA_PKCS1_v1_5,
   RSA_PSS,
@@ -273,3 +376,80 @@ export enum KeyVariant {
 export type SignCallback = (err: Error | null, signature?: ArrayBuffer) => void;
 
 export type VerifyCallback = (err: Error | null, valid?: boolean) => void;
+
+export type BinaryToTextEncoding = 'base64' | 'base64url' | 'hex' | 'binary';
+export type CharacterEncoding = 'utf8' | 'utf-8' | 'utf16le' | 'latin1';
+export type LegacyCharacterEncoding = 'ascii' | 'binary' | 'ucs2' | 'ucs-2';
+export type Encoding =
+  | BinaryToTextEncoding
+  | CharacterEncoding
+  | LegacyCharacterEncoding
+  | 'buffer';
+
+// These are for shortcomings in @types/node
+// Here we use "*Type" instead of "*Types" like node does.
+// export type CipherCBCType = 'aes-128-cbc' | 'aes-192-cbc' | 'aes-256-cbc';
+export type CipherCFBType =
+  | 'aes-128-cfb'
+  | 'aes-192-cfb'
+  | 'aes-256-cfb'
+  | 'aes-128-cfb1'
+  | 'aes-192-cfb1'
+  | 'aes-256-cfb1'
+  | 'aes-128-cfb8'
+  | 'aes-192-cfb8'
+  | 'aes-256-cfb8';
+export type CipherCTRType = 'aes-128-ctr' | 'aes-192-ctr' | 'aes-256-ctr';
+export type CipherDESType =
+  | 'des'
+  | 'des3'
+  | 'des-cbc'
+  | 'des-ecb'
+  | 'des-ede'
+  | 'des-ede-cbc'
+  | 'des-ede3'
+  | 'des-ede3-cbc';
+export type CipherECBType = 'aes-128-ecb' | 'aes-192-ecb' | 'aes-256-ecb';
+export type CipherGCMType = 'aes-128-gcm' | 'aes-192-gcm' | 'aes-256-gcm';
+export type CipherOFBType = 'aes-128-ofb' | 'aes-192-ofb' | 'aes-256-ofb';
+
+export type KeyObjectHandle = KeyObjectHandleType;
+
+export type DiffieHellmanOptions = {
+  privateKey: KeyObject;
+  publicKey: KeyObject;
+};
+
+export type DiffieHellmanCallback = (
+  err: Error | null,
+  secret?: CraftzdogBuffer,
+) => CraftzdogBuffer | void;
+
+// from @paulmillr/noble-curves
+export type Hex = string | Uint8Array;
+
+export type ImportFormat = 'raw' | 'pkcs8' | 'spki' | 'jwk';
+
+export type Operation =
+  | 'encrypt'
+  | 'decrypt'
+  | 'sign'
+  | 'verify'
+  | 'generateKey'
+  | 'importKey'
+  | 'exportKey'
+  | 'deriveBits';
+
+export interface KeyPairOptions {
+  namedCurve: string;
+  publicKeyEncoding?: {
+    type: 'spki';
+    format: 'pem' | 'der';
+  };
+  privateKeyEncoding?: {
+    type: 'pkcs8';
+    format: 'pem' | 'der';
+    cipher?: string;
+    passphrase?: string;
+  };
+}

package/src/utils/validation.ts

@@ -1,3 +1,10 @@
+import { Buffer as SBuffer } from 'safe-buffer';
+import type { BinaryLike, BufferLike, KeyUsage } from './types';
+import { lazyDOMException } from './errors';
+
+// The maximum buffer size that we'll support in the WebCrypto impl
+const kMaxBufferLength = 2 ** 31 - 1;
+
 export function validateFunction(f: unknown): boolean {
   return f !== null && typeof f === 'function';
 }
@@ -29,7 +36,95 @@ export function validateObject<T>(
     (typeof value !== 'object' &&
       (!allowFunction || typeof value !== 'function'))
   ) {
-    throw new Error(`${name} is not a valid object $${value}`);
+    throw new Error(`${name} is not a valid object ${value}`);
   }
   return true;
 }
+
+export const validateMaxBufferLength = (
+  data: BinaryLike | BufferLike,
+  name: string,
+): void => {
+  const length =
+    typeof data === 'string' || data instanceof SBuffer
+      ? data.length
+      : data.byteLength;
+  if (length > kMaxBufferLength) {
+    throw lazyDOMException(
+      `${name} must be less than ${kMaxBufferLength + 1} bits`,
+      'OperationError',
+    );
+  }
+};
+
+export const getUsagesUnion = (usageSet: KeyUsage[], ...usages: KeyUsage[]) => {
+  const newset: KeyUsage[] = [];
+  for (let n = 0; n < usages.length; n++) {
+    if (!usages[n] || usages[n] === undefined) continue;
+    if (usageSet.includes(usages[n] as KeyUsage))
+      newset.push(usages[n] as KeyUsage);
+  }
+  return newset;
+};
+
+const kKeyOps: {
+  [key in KeyUsage]: number;
+} = {
+  sign: 1,
+  verify: 2,
+  encrypt: 3,
+  decrypt: 4,
+  wrapKey: 5,
+  unwrapKey: 6,
+  deriveKey: 7,
+  deriveBits: 8,
+  encapsulateBits: 9,
+  decapsulateBits: 10,
+  encapsulateKey: 11,
+  decapsulateKey: 12,
+};
+
+export const validateKeyOps = (
+  keyOps: KeyUsage[] | undefined,
+  usagesSet: KeyUsage[],
+) => {
+  if (keyOps === undefined) return;
+  if (!Array.isArray(keyOps)) {
+    throw lazyDOMException('keyData.key_ops', 'InvalidArgument');
+  }
+  let flags = 0;
+  for (let n = 0; n < keyOps.length; n++) {
+    const op: KeyUsage = keyOps[n] as KeyUsage;
+    const op_flag = kKeyOps[op];
+    // Skipping unknown key ops
+    if (op_flag === undefined) continue;
+    // Have we seen it already? if so, error
+    if (flags & (1 << op_flag))
+      throw lazyDOMException('Duplicate key operation', 'DataError');
+    flags |= 1 << op_flag;
+
+    // TODO(@jasnell): RFC7517 section 4.3 strong recommends validating
+    // key usage combinations. Specifically, it says that unrelated key
+    // ops SHOULD NOT be used together. We're not yet validating that here.
+  }
+
+  if (usagesSet !== undefined) {
+    for (const use of usagesSet) {
+      if (!keyOps.includes(use)) {
+        throw lazyDOMException(
+          'Key operations and usage mismatch',
+          'DataError',
+        );
+      }
+    }
+  }
+};
+
+export function hasAnyNotIn(set: string[], checks: string[]) {
+  for (const s of set) {
+    if (!checks.includes(s)) {
+      return true;
+    }
+  }
+  return false;
+}

package/lib/module/package.json

@@ -1 +0,0 @@
-{"type":"module"}

package/nitrogen/generated/android/QuickCryptoOnLoad.kt

@@ -1 +0,0 @@
-