react-native-quick-crypto 1.0.10 → 1.0.11

package/src/subtle.ts

@@ -28,11 +28,12 @@ import {
 } from './keys';
 import type { CryptoKeyPair } from './utils/types';
 import { bufferLikeToArrayBuffer } from './utils/conversion';
+import { argon2Sync } from './argon2';
 import { lazyDOMException } from './utils/errors';
 import { normalizeHashName, HashContext } from './utils/hashnames';
 import { validateMaxBufferLength } from './utils/validation';
 import { asyncDigest } from './hash';
-import { createSecretKey } from './keys';
+import { createSecretKey, createPublicKey } from './keys';
 import { NitroModules } from 'react-native-nitro-modules';
 import type { KeyObjectHandle } from './specs/keyObjectHandle.nitro';
 import type { RsaCipher } from './specs/rsaCipher.nitro';
@@ -56,12 +57,6 @@ import {
 } from './ed';
 import { mldsa_generateKeyPairWebCrypto, type MlDsaVariant } from './mldsa';
 import { hkdfDeriveBits, type HkdfAlgorithm } from './hkdf';
-// import { pbkdf2DeriveBits } from './pbkdf2';
-// import { aesCipher, aesGenerateKey, aesImportKey, getAlgorithmName } from './aes';
-// import { rsaCipher, rsaExportKey, rsaImportKey, rsaKeyGenerate } from './rsa';
-// import { normalizeAlgorithm, type Operation } from './algorithms';
-// import { hmacImportKey } from './mac';
-
 // Temporary enums that need to be defined
 
 enum KWebCryptoKeyFormat {
@@ -113,12 +108,12 @@ function getAlgorithmName(name: string, length: number): string {
 function ecExportKey(key: CryptoKey, format: KWebCryptoKeyFormat): ArrayBuffer {
   const keyObject = key.keyObject;
 
-  if (format === KWebCryptoKeyFormat.kWebCryptoKeyFormatSPKI) {
-    // Export public key in SPKI format
+  if (format === KWebCryptoKeyFormat.kWebCryptoKeyFormatRaw) {
+    return bufferLikeToArrayBuffer(keyObject.handle.exportKey());
+  } else if (format === KWebCryptoKeyFormat.kWebCryptoKeyFormatSPKI) {
     const exported = keyObject.export({ format: 'der', type: 'spki' });
     return bufferLikeToArrayBuffer(exported);
   } else if (format === KWebCryptoKeyFormat.kWebCryptoKeyFormatPKCS8) {
-    // Export private key in PKCS8 format
     const exported = keyObject.export({ format: 'der', type: 'pkcs8' });
     return bufferLikeToArrayBuffer(exported);
   } else {
@@ -1364,6 +1359,45 @@ const checkCryptoKeyPairUsages = (pair: CryptoKeyPair) => {
   );
 };
 
+function argon2DeriveBits(
+  algorithm: SubtleAlgorithm,
+  baseKey: CryptoKey,
+  length: number,
+): ArrayBuffer {
+  if (length === 0 || length % 8 !== 0) {
+    throw lazyDOMException(
+      'Invalid Argon2 derived key length',
+      'OperationError',
+    );
+  }
+  if (length < 32) {
+    throw lazyDOMException(
+      'Argon2 derived key length must be at least 32 bits',
+      'OperationError',
+    );
+  }
+
+  const { nonce, parallelism, memory, passes, secretValue, associatedData } =
+    algorithm;
+  const tagLength = length / 8;
+  const message = baseKey.keyObject.export();
+  const algName = algorithm.name.toLowerCase();
+
+  const result = argon2Sync(algName, {
+    message,
+    nonce: nonce ?? new Uint8Array(0),
+    parallelism: parallelism ?? 1,
+    tagLength,
+    memory: memory ?? 65536,
+    passes: passes ?? 3,
+    secret: secretValue,
+    associatedData,
+    version: algorithm.version,
+  });
+
+  return bufferLikeToArrayBuffer(result);
+}
+
 // Type guard to check if result is CryptoKeyPair
 export function isCryptoKeyPair(
   result: CryptoKey | CryptoKeyPair,
@@ -1604,7 +1638,205 @@ const cipherOrWrap = async (
   }
 };
 
+const SUPPORTED_ALGORITHMS: Record<string, Set<string>> = {
+  encrypt: new Set([
+    'RSA-OAEP',
+    'AES-CTR',
+    'AES-CBC',
+    'AES-GCM',
+    'AES-OCB',
+    'ChaCha20-Poly1305',
+  ]),
+  decrypt: new Set([
+    'RSA-OAEP',
+    'AES-CTR',
+    'AES-CBC',
+    'AES-GCM',
+    'AES-OCB',
+    'ChaCha20-Poly1305',
+  ]),
+  sign: new Set([
+    'RSASSA-PKCS1-v1_5',
+    'RSA-PSS',
+    'ECDSA',
+    'HMAC',
+    'Ed25519',
+    'Ed448',
+    'ML-DSA-44',
+    'ML-DSA-65',
+    'ML-DSA-87',
+  ]),
+  verify: new Set([
+    'RSASSA-PKCS1-v1_5',
+    'RSA-PSS',
+    'ECDSA',
+    'HMAC',
+    'Ed25519',
+    'Ed448',
+    'ML-DSA-44',
+    'ML-DSA-65',
+    'ML-DSA-87',
+  ]),
+  digest: new Set(['SHA-1', 'SHA-256', 'SHA-384', 'SHA-512']),
+  generateKey: new Set([
+    'RSASSA-PKCS1-v1_5',
+    'RSA-PSS',
+    'RSA-OAEP',
+    'ECDSA',
+    'ECDH',
+    'Ed25519',
+    'Ed448',
+    'X25519',
+    'X448',
+    'AES-CTR',
+    'AES-CBC',
+    'AES-GCM',
+    'AES-KW',
+    'AES-OCB',
+    'ChaCha20-Poly1305',
+    'HMAC',
+    'ML-DSA-44',
+    'ML-DSA-65',
+    'ML-DSA-87',
+  ]),
+  importKey: new Set([
+    'RSASSA-PKCS1-v1_5',
+    'RSA-PSS',
+    'RSA-OAEP',
+    'ECDSA',
+    'ECDH',
+    'Ed25519',
+    'Ed448',
+    'X25519',
+    'X448',
+    'AES-CTR',
+    'AES-CBC',
+    'AES-GCM',
+    'AES-KW',
+    'AES-OCB',
+    'ChaCha20-Poly1305',
+    'HMAC',
+    'HKDF',
+    'PBKDF2',
+    'Argon2d',
+    'Argon2i',
+    'Argon2id',
+    'ML-DSA-44',
+    'ML-DSA-65',
+    'ML-DSA-87',
+  ]),
+  exportKey: new Set([
+    'RSASSA-PKCS1-v1_5',
+    'RSA-PSS',
+    'RSA-OAEP',
+    'ECDSA',
+    'ECDH',
+    'Ed25519',
+    'Ed448',
+    'X25519',
+    'X448',
+    'AES-CTR',
+    'AES-CBC',
+    'AES-GCM',
+    'AES-KW',
+    'AES-OCB',
+    'ChaCha20-Poly1305',
+    'HMAC',
+    'ML-DSA-44',
+    'ML-DSA-65',
+    'ML-DSA-87',
+  ]),
+  deriveBits: new Set([
+    'PBKDF2',
+    'HKDF',
+    'ECDH',
+    'X25519',
+    'X448',
+    'Argon2d',
+    'Argon2i',
+    'Argon2id',
+  ]),
+  wrapKey: new Set([
+    'AES-CTR',
+    'AES-CBC',
+    'AES-GCM',
+    'AES-KW',
+    'AES-OCB',
+    'ChaCha20-Poly1305',
+    'RSA-OAEP',
+  ]),
+  unwrapKey: new Set([
+    'AES-CTR',
+    'AES-CBC',
+    'AES-GCM',
+    'AES-KW',
+    'AES-OCB',
+    'ChaCha20-Poly1305',
+    'RSA-OAEP',
+  ]),
+};
+
+const ASYMMETRIC_ALGORITHMS = new Set([
+  'RSASSA-PKCS1-v1_5',
+  'RSA-PSS',
+  'RSA-OAEP',
+  'ECDSA',
+  'ECDH',
+  'Ed25519',
+  'Ed448',
+  'X25519',
+  'X448',
+  'ML-DSA-44',
+  'ML-DSA-65',
+  'ML-DSA-87',
+]);
+
 export class Subtle {
+  static supports(
+    operation: string,
+    algorithm: SubtleAlgorithm | AnyAlgorithm,
+    _lengthOrAdditionalAlgorithm?: unknown,
+  ): boolean {
+    let normalizedAlgorithm: SubtleAlgorithm;
+    try {
+      normalizedAlgorithm = normalizeAlgorithm(
+        algorithm,
+        (operation === 'getPublicKey' ? 'exportKey' : operation) as Operation,
+      );
+    } catch {
+      return false;
+    }
+
+    const name = normalizedAlgorithm.name;
+
+    if (operation === 'getPublicKey') {
+      return ASYMMETRIC_ALGORITHMS.has(name);
+    }
+
+    if (operation === 'deriveKey') {
+      // deriveKey decomposes to deriveBits + importKey of additional algorithm
+      if (!SUPPORTED_ALGORITHMS.deriveBits?.has(name)) return false;
+      if (_lengthOrAdditionalAlgorithm != null) {
+        try {
+          const additionalAlg = normalizeAlgorithm(
+            _lengthOrAdditionalAlgorithm as SubtleAlgorithm | AnyAlgorithm,
+            'importKey',
+          );
+          return (
+            SUPPORTED_ALGORITHMS.importKey?.has(additionalAlg.name) ?? false
+          );
+        } catch {
+          return false;
+        }
+      }
+      return true;
+    }
+
+    const supported = SUPPORTED_ALGORITHMS[operation];
+    if (!supported) return false;
+    return supported.has(name);
+  }
+
   async decrypt(
     algorithm: EncryptDecryptParams,
     key: CryptoKey,
@@ -1660,6 +1892,10 @@ export class Subtle {
           baseKey,
           length,
         );
+      case 'Argon2d':
+      case 'Argon2i':
+      case 'Argon2id':
+        return argon2DeriveBits(algorithm, baseKey, length);
     }
     throw new Error(
       `'subtle.deriveBits()' for ${algorithm.name} is not implemented.`,
@@ -1711,6 +1947,11 @@ export class Subtle {
           length,
         );
         break;
+      case 'Argon2d':
+      case 'Argon2i':
+      case 'Argon2id':
+        derivedBits = argon2DeriveBits(algorithm, baseKey, length);
+        break;
       default:
         throw new Error(
           `'subtle.deriveKey()' for ${algorithm.name} is not implemented.`,
@@ -1748,7 +1989,7 @@ export class Subtle {
   ): Promise<ArrayBuffer | JWK> {
     if (!key.extractable) throw new Error('key is not extractable');
 
-    if (format === 'raw-secret') format = 'raw';
+    if (format === 'raw-secret' || format === 'raw-public') format = 'raw';
 
     switch (format) {
       case 'spki':
@@ -1977,6 +2218,21 @@ export class Subtle {
     return result;
   }
 
+  async getPublicKey(
+    key: CryptoKey,
+    keyUsages: KeyUsage[],
+  ): Promise<CryptoKey> {
+    if (key.type === 'secret') {
+      throw lazyDOMException('key must be a private key', 'NotSupportedError');
+    }
+    if (key.type !== 'private') {
+      throw lazyDOMException('key must be a private key', 'InvalidAccessError');
+    }
+
+    const publicKeyObject = createPublicKey(key.keyObject);
+    return publicKeyObject.toCryptoKey(key.algorithm, true, keyUsages);
+  }
+
   async importKey(
     format: ImportFormat,
     data: BufferLike | BinaryLike | JWK,
@@ -1984,7 +2240,7 @@ export class Subtle {
     extractable: boolean,
     keyUsages: KeyUsage[],
   ): Promise<CryptoKey> {
-    if (format === 'raw-secret') format = 'raw';
+    if (format === 'raw-secret' || format === 'raw-public') format = 'raw';
     const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'importKey');
     let result: CryptoKey;
     switch (normalizedAlgorithm.name) {
@@ -2041,6 +2297,9 @@ export class Subtle {
         );
         break;
       case 'PBKDF2':
+      case 'Argon2d':
+      case 'Argon2i':
+      case 'Argon2id':
         result = await importGenericSecretKey(
           normalizedAlgorithm,
           format,

package/src/utils/types.ts

@@ -100,12 +100,15 @@ export type SignVerifyAlgorithm =
   | 'ML-DSA-65'
   | 'ML-DSA-87';
 
+export type Argon2Algorithm = 'Argon2d' | 'Argon2i' | 'Argon2id';
+
 export type DeriveBitsAlgorithm =
   | 'PBKDF2'
   | 'HKDF'
   | 'ECDH'
   | 'X25519'
-  | 'X448';
+  | 'X448'
+  | Argon2Algorithm;
 
 export type EncryptDecryptAlgorithm =
   | 'RSA-OAEP'
@@ -193,7 +196,7 @@ export type NamedCurve = 'P-256' | 'P-384' | 'P-521';
 
 export type SubtleAlgorithm = {
   name: AnyAlgorithm;
-  salt?: string;
+  salt?: string | BufferLike;
   iterations?: number;
   hash?: HashAlgorithm | { name: string };
   namedCurve?: NamedCurve;
@@ -202,6 +205,16 @@ export type SubtleAlgorithm = {
   publicExponent?: number | Uint8Array;
   saltLength?: number;
   public?: CryptoKey;
+  info?: BufferLike;
+  // Argon2 parameters
+  nonce?: BufferLike;
+  parallelism?: number;
+  tagLength?: number;
+  memory?: number;
+  passes?: number;
+  secretValue?: BufferLike;
+  associatedData?: BufferLike;
+  version?: number;
 };
 
 export type KeyPairType =
@@ -462,7 +475,13 @@ export type DiffieHellmanCallback = (
 // from @paulmillr/noble-curves
 export type Hex = string | Uint8Array;
 
-export type ImportFormat = 'raw' | 'raw-secret' | 'pkcs8' | 'spki' | 'jwk';
+export type ImportFormat =
+  | 'raw'
+  | 'raw-public'
+  | 'raw-secret'
+  | 'pkcs8'
+  | 'spki'
+  | 'jwk';
 
 export type Operation =
   | 'encrypt'