react-native-quick-crypto 1.0.0 → 1.0.1

package/src/subtle.ts

@@ -42,6 +42,7 @@ import { getRandomValues } from './random';
 import { createHmac } from './hmac';
 import { createSign, createVerify } from './keys/signVerify';
 import { ed_generateKeyPairWebCrypto, Ed } from './ed';
+import { mldsa_generateKeyPairWebCrypto, type MlDsaVariant } from './mldsa';
 // import { pbkdf2DeriveBits } from './pbkdf2';
 // import { aesCipher, aesGenerateKey, aesImportKey, getAlgorithmName } from './aes';
 // import { rsaCipher, rsaExportKey, rsaImportKey, rsaKeyGenerate } from './rsa';
@@ -469,10 +470,11 @@ async function hmacGenerateKey(
   // Create secret key
   const keyObject = createSecretKey(keyBytes);
 
-  // Construct algorithm object
+  // Construct algorithm object with hash normalized to { name: string } format per WebCrypto spec
+  const webCryptoHashName = normalizeHashName(hash, HashContext.WebCrypto);
   const keyAlgorithm: SubtleAlgorithm = {
     name: 'HMAC',
-    hash: hashName,
+    hash: { name: webCryptoHashName },
     length,
   };
 
@@ -570,10 +572,15 @@ function rsaImportKey(
     publicExponentBytes = new Uint8Array(bytes.length > 0 ? bytes : [0]);
   }
 
+  // Normalize hash to { name: string } format per WebCrypto spec
+  const hashName = normalizeHashName(algorithm.hash, HashContext.WebCrypto);
+  const normalizedHash = { name: hashName };
+
   const algorithmWithDetails = {
     ...algorithm,
     modulusLength: keyDetails?.modulusLength,
     publicExponent: publicExponentBytes,
+    hash: normalizedHash,
   };
 
   return new CryptoKey(keyObject, algorithmWithDetails, keyUsages, extractable);
@@ -636,12 +643,15 @@ async function hmacImportKey(
     throw new Error(`Unable to import HMAC key with format ${format}`);
   }
 
-  return new CryptoKey(
-    keyObject,
-    { ...algorithm, name: 'HMAC' },
-    keyUsages,
-    extractable,
-  );
+  // Normalize hash to { name: string } format per WebCrypto spec
+  const hashName = normalizeHashName(algorithm.hash, HashContext.WebCrypto);
+  const normalizedAlgorithm: SubtleAlgorithm = {
+    ...algorithm,
+    name: 'HMAC',
+    hash: { name: hashName },
+  };
+
+  return new CryptoKey(keyObject, normalizedAlgorithm, keyUsages, extractable);
 }
 
 async function aesImportKey(
@@ -773,6 +783,53 @@ function edImportKey(
   return new CryptoKey(keyObject, { name }, keyUsages, extractable);
 }
 
+function mldsaImportKey(
+  format: ImportFormat,
+  data: BufferLike,
+  algorithm: SubtleAlgorithm,
+  extractable: boolean,
+  keyUsages: KeyUsage[],
+): CryptoKey {
+  const { name } = algorithm;
+
+  // Validate usages
+  if (hasAnyNotIn(keyUsages, ['sign', 'verify'])) {
+    throw lazyDOMException(
+      `Unsupported key usage for ${name} key`,
+      'SyntaxError',
+    );
+  }
+
+  let keyObject: KeyObject;
+
+  if (format === 'spki') {
+    // Import public key
+    const keyData = bufferLikeToArrayBuffer(data);
+    keyObject = KeyObject.createKeyObject(
+      'public',
+      keyData,
+      KFormatType.DER,
+      KeyEncoding.SPKI,
+    );
+  } else if (format === 'pkcs8') {
+    // Import private key
+    const keyData = bufferLikeToArrayBuffer(data);
+    keyObject = KeyObject.createKeyObject(
+      'private',
+      keyData,
+      KFormatType.DER,
+      KeyEncoding.PKCS8,
+    );
+  } else {
+    throw lazyDOMException(
+      `Unsupported format for ${name} import: ${format}`,
+      'NotSupportedError',
+    );
+  }
+
+  return new CryptoKey(keyObject, { name }, keyUsages, extractable);
+}
+
 const exportKeySpki = async (
   key: CryptoKey,
 ): Promise<ArrayBuffer | unknown> => {
@@ -803,6 +860,18 @@ const exportKeySpki = async (
         );
       }
       break;
+    case 'ML-DSA-44':
+    // Fall through
+    case 'ML-DSA-65':
+    // Fall through
+    case 'ML-DSA-87':
+      if (key.type === 'public') {
+        // Export ML-DSA key in SPKI DER format
+        return bufferLikeToArrayBuffer(
+          key.keyObject.handle.exportKey(KFormatType.DER, KeyEncoding.SPKI),
+        );
+      }
+      break;
   }
 
   throw new Error(
@@ -840,6 +909,18 @@ const exportKeyPkcs8 = async (
         );
       }
       break;
+    case 'ML-DSA-44':
+    // Fall through
+    case 'ML-DSA-65':
+    // Fall through
+    case 'ML-DSA-87':
+      if (key.type === 'private') {
+        // Export ML-DSA key in PKCS8 DER format
+        return bufferLikeToArrayBuffer(
+          key.keyObject.handle.exportKey(KFormatType.DER, KeyEncoding.PKCS8),
+        );
+      }
+      break;
   }
 
   throw new Error(
@@ -1112,6 +1193,36 @@ function edSignVerify(
   }
 }
 
+function mldsaSignVerify(
+  key: CryptoKey,
+  data: BufferLike,
+  signature?: BufferLike,
+): ArrayBuffer | boolean {
+  const isSign = signature === undefined;
+  const expectedKeyType = isSign ? 'private' : 'public';
+
+  if (key.type !== expectedKeyType) {
+    throw lazyDOMException(
+      `Key must be a ${expectedKeyType} key`,
+      'InvalidAccessError',
+    );
+  }
+
+  const dataBuffer = bufferLikeToArrayBuffer(data);
+
+  if (isSign) {
+    const signer = createSign('');
+    signer.update(dataBuffer);
+    const sig = signer.sign({ key: key });
+    return sig.buffer.slice(sig.byteOffset, sig.byteOffset + sig.byteLength);
+  } else {
+    const signatureBuffer = bufferLikeToArrayBuffer(signature!);
+    const verifier = createVerify('');
+    verifier.update(dataBuffer);
+    return verifier.verify({ key: key }, signatureBuffer);
+  }
+}
+
 const signVerify = (
   algorithm: SubtleAlgorithm,
   key: CryptoKey,
@@ -1140,6 +1251,10 @@ const signVerify = (
     case 'Ed25519':
     case 'Ed448':
       return edSignVerify(key, data, signature);
+    case 'ML-DSA-44':
+    case 'ML-DSA-65':
+    case 'ML-DSA-87':
+      return mldsaSignVerify(key, data, signature);
   }
   throw lazyDOMException(
     `Unrecognized algorithm name '${algorithm.name}' for '${usage}'`,
@@ -1309,6 +1424,18 @@ export class Subtle {
         );
         checkCryptoKeyPairUsages(result as CryptoKeyPair);
         break;
+      case 'ML-DSA-44':
+      // Fall through
+      case 'ML-DSA-65':
+      // Fall through
+      case 'ML-DSA-87':
+        result = await mldsa_generateKeyPairWebCrypto(
+          algorithm.name as MlDsaVariant,
+          extractable,
+          keyUsages,
+        );
+        checkCryptoKeyPairUsages(result as CryptoKeyPair);
+        break;
       default:
         throw new Error(
           `'subtle.generateKey()' is not implemented for ${algorithm.name}.
@@ -1397,6 +1524,19 @@ export class Subtle {
           keyUsages,
         );
         break;
+      case 'ML-DSA-44':
+      // Fall through
+      case 'ML-DSA-65':
+      // Fall through
+      case 'ML-DSA-87':
+        result = mldsaImportKey(
+          format,
+          data as BufferLike,
+          normalizedAlgorithm,
+          extractable,
+          keyUsages,
+        );
+        break;
       default:
         throw new Error(
           `"subtle.importKey()" is not implemented for ${normalizedAlgorithm.name}`,

package/src/utils/types.ts

@@ -65,6 +65,9 @@ export type ECKeyPairAlgorithm = 'ECDSA' | 'ECDH';
 export type CFRGKeyPairAlgorithm = 'Ed25519' | 'Ed448' | 'X25519' | 'X448';
 export type CFRGKeyPairType = 'ed25519' | 'ed448' | 'x25519' | 'x448';
 
+export type PQCKeyPairAlgorithm = 'ML-DSA-44' | 'ML-DSA-65' | 'ML-DSA-87';
+export type PQCKeyPairType = 'ml-dsa-44' | 'ml-dsa-65' | 'ml-dsa-87';
+
 // Node.js style key pair types (lowercase)
 export type RSAKeyPairType = 'rsa' | 'rsa-pss';
 export type ECKeyPairType = 'ec';
@@ -74,7 +77,8 @@ export type DHKeyPairType = 'dh';
 export type KeyPairAlgorithm =
   | RSAKeyPairAlgorithm
   | ECKeyPairAlgorithm
-  | CFRGKeyPairAlgorithm;
+  | CFRGKeyPairAlgorithm
+  | PQCKeyPairAlgorithm;
 
 export type AESAlgorithm = 'AES-CTR' | 'AES-CBC' | 'AES-GCM' | 'AES-KW';
 
@@ -86,7 +90,10 @@ export type SignVerifyAlgorithm =
   | 'ECDSA'
   | 'HMAC'
   | 'Ed25519'
-  | 'Ed448';
+  | 'Ed448'
+  | 'ML-DSA-44'
+  | 'ML-DSA-65'
+  | 'ML-DSA-87';
 
 export type DeriveBitsAlgorithm =
   | 'PBKDF2'
@@ -243,7 +250,8 @@ export type AsymmetricKeyType =
   | 'dsa'
   | 'ec'
   | 'dh'
-  | CFRGKeyPairType;
+  | CFRGKeyPairType
+  | PQCKeyPairType;
 
 type JWKkty = 'AES' | 'RSA' | 'EC' | 'oct';
 type JWKuse = 'sig' | 'enc';