react-native-quick-crypto 1.0.10 → 1.0.12

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "react-native-quick-crypto",
-  "version": "1.0.10",
+  "version": "1.0.12",
   "description": "A fast implementation of Node's `crypto` module written in C/C++ JSI",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",
@@ -19,6 +19,7 @@
     "prepare": "bun clean && bun tsc && bob build",
     "release": "release-it",
     "specs": "nitrogen",
+    "circular": "dpdm --circular --no-tree --no-warning --exit-code circular:1 --transform src/index.ts",
     "test": "jest"
   },
   "files": [
@@ -77,6 +78,7 @@
     "events": "3.3.0",
     "readable-stream": "4.5.2",
     "safe-buffer": "^5.2.1",
+    "string_decoder": "^1.3.0",
     "util": "0.12.5"
   },
   "devDependencies": {
@@ -85,6 +87,7 @@
     "@types/react": "18.3.3",
     "@types/readable-stream": "4.0.18",
     "del-cli": "7.0.0",
+    "dpdm": "^4.0.1",
     "expo": "^54.0.25",
     "expo-build-properties": "^1.0.0",
     "jest": "29.7.0",

package/src/argon2.ts

@@ -0,0 +1,83 @@
+import { Buffer } from '@craftzdog/react-native-buffer';
+import { NitroModules } from 'react-native-nitro-modules';
+import type { Argon2 as NativeArgon2 } from './specs/argon2.nitro';
+import { binaryLikeToArrayBuffer } from './utils';
+import type { BinaryLike } from './utils';
+
+let native: NativeArgon2;
+function getNative(): NativeArgon2 {
+  if (native == null) {
+    native = NitroModules.createHybridObject<NativeArgon2>('Argon2');
+  }
+  return native;
+}
+
+export interface Argon2Params {
+  message: BinaryLike;
+  nonce: BinaryLike;
+  parallelism: number;
+  tagLength: number;
+  memory: number;
+  passes: number;
+  secret?: BinaryLike;
+  associatedData?: BinaryLike;
+  version?: number;
+}
+
+const ARGON2_VERSION = 0x13; // v1.3
+
+function validateAlgorithm(algorithm: string): void {
+  if (
+    algorithm !== 'argon2d' &&
+    algorithm !== 'argon2i' &&
+    algorithm !== 'argon2id'
+  ) {
+    throw new TypeError(`Unknown argon2 algorithm: ${algorithm}`);
+  }
+}
+
+function toAB(value: BinaryLike): ArrayBuffer {
+  return binaryLikeToArrayBuffer(value);
+}
+
+export function argon2Sync(algorithm: string, params: Argon2Params): Buffer {
+  validateAlgorithm(algorithm);
+  const version = params.version ?? ARGON2_VERSION;
+  const result = getNative().hashSync(
+    algorithm,
+    toAB(params.message),
+    toAB(params.nonce),
+    params.parallelism,
+    params.tagLength,
+    params.memory,
+    params.passes,
+    version,
+    params.secret ? toAB(params.secret) : undefined,
+    params.associatedData ? toAB(params.associatedData) : undefined,
+  );
+  return Buffer.from(result);
+}
+
+export function argon2(
+  algorithm: string,
+  params: Argon2Params,
+  callback: (err: Error | null, result: Buffer) => void,
+): void {
+  validateAlgorithm(algorithm);
+  const version = params.version ?? ARGON2_VERSION;
+  getNative()
+    .hash(
+      algorithm,
+      toAB(params.message),
+      toAB(params.nonce),
+      params.parallelism,
+      params.tagLength,
+      params.memory,
+      params.passes,
+      version,
+      params.secret ? toAB(params.secret) : undefined,
+      params.associatedData ? toAB(params.associatedData) : undefined,
+    )
+    .then(ab => callback(null, Buffer.from(ab)))
+    .catch((err: Error) => callback(err, Buffer.alloc(0)));
+}

package/src/certificate.ts

@@ -0,0 +1,41 @@
+import { NitroModules } from 'react-native-nitro-modules';
+import { Buffer } from '@craftzdog/react-native-buffer';
+import type { Certificate as NativeCertificate } from './specs/certificate.nitro';
+import type { BinaryLike } from './utils';
+import { binaryLikeToArrayBuffer } from './utils';
+
+let native: NativeCertificate;
+function getNative(): NativeCertificate {
+  if (native == null) {
+    native = NitroModules.createHybridObject<NativeCertificate>('Certificate');
+  }
+  return native;
+}
+
+function toArrayBuffer(
+  spkac: BinaryLike,
+  encoding?: BufferEncoding,
+): ArrayBuffer {
+  if (typeof spkac === 'string') {
+    return binaryLikeToArrayBuffer(spkac, encoding || 'utf8');
+  }
+  return binaryLikeToArrayBuffer(spkac);
+}
+
+export class Certificate {
+  static exportChallenge(spkac: BinaryLike, encoding?: BufferEncoding): Buffer {
+    return Buffer.from(
+      getNative().exportChallenge(toArrayBuffer(spkac, encoding)),
+    );
+  }
+
+  static exportPublicKey(spkac: BinaryLike, encoding?: BufferEncoding): Buffer {
+    return Buffer.from(
+      getNative().exportPublicKey(toArrayBuffer(spkac, encoding)),
+    );
+  }
+
+  static verifySpkac(spkac: BinaryLike, encoding?: BufferEncoding): boolean {
+    return getNative().verifySpkac(toArrayBuffer(spkac, encoding));
+  }
+}

package/src/cipher.ts

@@ -1,5 +1,6 @@
 import { NitroModules } from 'react-native-nitro-modules';
 import Stream, { type TransformOptions } from 'readable-stream';
+import { StringDecoder } from 'string_decoder';
 import { Buffer } from '@craftzdog/react-native-buffer';
 import type { BinaryLike, BinaryLikeNode, Encoding } from './utils';
 import type {
@@ -14,7 +15,7 @@ import type {
   Cipher as NativeCipher,
   CipherFactory,
 } from './specs/cipher.nitro';
-import { ab2str, binaryLikeToArrayBuffer } from './utils';
+import { binaryLikeToArrayBuffer } from './utils';
 import {
   getDefaultEncoding,
   getUIntOption,
@@ -28,18 +29,42 @@ export type CipherOptions =
   | CipherGCMOptions
   | TransformOptions;
 
+export interface CipherInfoResult {
+  name: string;
+  nid: number;
+  mode: string;
+  keyLength: number;
+  blockSize?: number;
+  ivLength?: number;
+}
+
 class CipherUtils {
   private static native =
     NitroModules.createHybridObject<NativeCipher>('Cipher');
   public static getSupportedCiphers(): string[] {
     return this.native.getSupportedCiphers();
   }
+  public static getCipherInfo(
+    name: string,
+    keyLength?: number,
+    ivLength?: number,
+  ): CipherInfoResult | undefined {
+    return this.native.getCipherInfo(name, keyLength, ivLength);
+  }
 }
 
 export function getCiphers(): string[] {
   return CipherUtils.getSupportedCiphers();
 }
 
+export function getCipherInfo(
+  name: string,
+  options?: { keyLength?: number; ivLength?: number },
+): CipherInfoResult | undefined {
+  if (typeof name !== 'string' || name.length === 0) return undefined;
+  return CipherUtils.getCipherInfo(name, options?.keyLength, options?.ivLength);
+}
+
 interface CipherArgs {
   isCipher: boolean;
   cipherType: string;
@@ -50,6 +75,8 @@ interface CipherArgs {
 
 class CipherCommon extends Stream.Transform {
   private native: NativeCipher;
+  private _decoder: StringDecoder | null = null;
+  private _decoderEncoding: string | undefined = undefined;
 
   constructor({ isCipher, cipherType, cipherKey, iv, options }: CipherArgs) {
     // Explicitly create TransformOptions for super()
@@ -96,6 +123,17 @@ class CipherCommon extends Stream.Transform {
     });
   }
 
+  private getDecoder(encoding: string): StringDecoder {
+    const normalized = normalizeEncoding(encoding);
+    if (!this._decoder) {
+      this._decoder = new StringDecoder(encoding as BufferEncoding);
+      this._decoderEncoding = normalized;
+    } else if (this._decoderEncoding !== normalized) {
+      throw new Error('Cannot change encoding');
+    }
+    return this._decoder;
+  }
+
   update(data: Buffer): Buffer;
   update(data: BinaryLike, inputEncoding?: Encoding): Buffer;
   update(
@@ -123,7 +161,7 @@ class CipherCommon extends Stream.Transform {
     );
 
     if (outputEncoding && outputEncoding !== 'buffer') {
-      return ab2str(ret, outputEncoding);
+      return this.getDecoder(outputEncoding).write(Buffer.from(ret));
     }
 
     return Buffer.from(ret);
@@ -135,7 +173,7 @@ class CipherCommon extends Stream.Transform {
     const ret = this.native.final();
 
     if (outputEncoding && outputEncoding !== 'buffer') {
-      return ab2str(ret, outputEncoding);
+      return this.getDecoder(outputEncoding).end(Buffer.from(ret));
     }
 
     return Buffer.from(ret);

package/src/dhKeyPair.ts

@@ -0,0 +1,156 @@
+import { NitroModules } from 'react-native-nitro-modules';
+import { Buffer } from '@craftzdog/react-native-buffer';
+import { KeyObject, PublicKeyObject, PrivateKeyObject } from './keys/classes';
+import type { DhKeyPair } from './specs/dhKeyPair.nitro';
+import type { GenerateKeyPairOptions, KeyPairGenConfig } from './utils/types';
+import { KFormatType, KeyEncoding } from './utils';
+import { DH_GROUPS } from './dh-groups';
+
+export class DhKeyPairGen {
+  native: DhKeyPair;
+
+  constructor(options: GenerateKeyPairOptions) {
+    this.native = NitroModules.createHybridObject<DhKeyPair>('DhKeyPair');
+
+    const { groupName, prime, primeLength, generator } = options;
+
+    if (groupName) {
+      // Resolve named group to prime + generator
+      const group = DH_GROUPS[groupName];
+      if (!group) {
+        throw new Error(`Unknown DH group: ${groupName}`);
+      }
+      const primeBuf = Buffer.from(group.prime, 'hex');
+      this.native.setPrime(
+        primeBuf.buffer.slice(
+          primeBuf.byteOffset,
+          primeBuf.byteOffset + primeBuf.byteLength,
+        ) as ArrayBuffer,
+      );
+      const gen = parseInt(group.generator, 16);
+      this.native.setGenerator(gen);
+    } else if (prime) {
+      // Custom prime as Buffer
+      const primeBuf = Buffer.from(prime);
+      this.native.setPrime(
+        primeBuf.buffer.slice(
+          primeBuf.byteOffset,
+          primeBuf.byteOffset + primeBuf.byteLength,
+        ) as ArrayBuffer,
+      );
+      this.native.setGenerator(generator ?? 2);
+    } else if (primeLength) {
+      this.native.setPrimeLength(primeLength);
+      this.native.setGenerator(generator ?? 2);
+    } else {
+      throw new Error(
+        'DH key generation requires one of: groupName, prime, or primeLength',
+      );
+    }
+  }
+
+  async generateKeyPair(): Promise<void> {
+    await this.native.generateKeyPair();
+  }
+
+  generateKeyPairSync(): void {
+    this.native.generateKeyPairSync();
+  }
+}
+
+function dh_prepareKeyGenParams(
+  options: GenerateKeyPairOptions | undefined,
+): DhKeyPairGen {
+  if (!options) {
+    throw new Error('Options are required for DH key generation');
+  }
+
+  return new DhKeyPairGen(options);
+}
+
+function dh_formatKeyPairOutput(
+  dh: DhKeyPairGen,
+  encoding: KeyPairGenConfig,
+): {
+  publicKey: PublicKeyObject | Buffer | string | ArrayBuffer;
+  privateKey: PrivateKeyObject | Buffer | string | ArrayBuffer;
+} {
+  const { publicFormat, privateFormat, cipher, passphrase } = encoding;
+
+  const publicKeyData = dh.native.getPublicKey();
+  const privateKeyData = dh.native.getPrivateKey();
+
+  const pub = KeyObject.createKeyObject(
+    'public',
+    publicKeyData,
+    KFormatType.DER,
+    KeyEncoding.SPKI,
+  ) as PublicKeyObject;
+
+  const priv = KeyObject.createKeyObject(
+    'private',
+    privateKeyData,
+    KFormatType.DER,
+    KeyEncoding.PKCS8,
+  ) as PrivateKeyObject;
+
+  let publicKey: PublicKeyObject | Buffer | string | ArrayBuffer;
+  let privateKey: PrivateKeyObject | Buffer | string | ArrayBuffer;
+
+  if (publicFormat === -1) {
+    publicKey = pub;
+  } else {
+    const format =
+      publicFormat === KFormatType.PEM ? KFormatType.PEM : KFormatType.DER;
+    const exported = pub.handle.exportKey(format, KeyEncoding.SPKI);
+    if (format === KFormatType.PEM) {
+      publicKey = Buffer.from(new Uint8Array(exported)).toString('utf-8');
+    } else {
+      publicKey = exported;
+    }
+  }
+
+  if (privateFormat === -1) {
+    privateKey = priv;
+  } else {
+    const format =
+      privateFormat === KFormatType.PEM ? KFormatType.PEM : KFormatType.DER;
+    const exported = priv.handle.exportKey(
+      format,
+      KeyEncoding.PKCS8,
+      cipher,
+      passphrase,
+    );
+    if (format === KFormatType.PEM) {
+      privateKey = Buffer.from(new Uint8Array(exported)).toString('utf-8');
+    } else {
+      privateKey = exported;
+    }
+  }
+
+  return { publicKey, privateKey };
+}
+
+export async function dh_generateKeyPairNode(
+  options: GenerateKeyPairOptions | undefined,
+  encoding: KeyPairGenConfig,
+): Promise<{
+  publicKey: PublicKeyObject | Buffer | string | ArrayBuffer;
+  privateKey: PrivateKeyObject | Buffer | string | ArrayBuffer;
+}> {
+  const dh = dh_prepareKeyGenParams(options);
+  await dh.generateKeyPair();
+  return dh_formatKeyPairOutput(dh, encoding);
+}
+
+export function dh_generateKeyPairNodeSync(
+  options: GenerateKeyPairOptions | undefined,
+  encoding: KeyPairGenConfig,
+): {
+  publicKey: PublicKeyObject | Buffer | string | ArrayBuffer;
+  privateKey: PrivateKeyObject | Buffer | string | ArrayBuffer;
+} {
+  const dh = dh_prepareKeyGenParams(options);
+  dh.generateKeyPairSync();
+  return dh_formatKeyPairOutput(dh, encoding);
+}

package/src/dsa.ts

@@ -0,0 +1,129 @@
+import { NitroModules } from 'react-native-nitro-modules';
+import { Buffer } from '@craftzdog/react-native-buffer';
+import { KeyObject, PublicKeyObject, PrivateKeyObject } from './keys/classes';
+import type { DsaKeyPair } from './specs/dsaKeyPair.nitro';
+import type { GenerateKeyPairOptions, KeyPairGenConfig } from './utils/types';
+import { KFormatType, KeyEncoding } from './utils';
+
+export class Dsa {
+  native: DsaKeyPair;
+
+  constructor(modulusLength: number, divisorLength?: number) {
+    this.native = NitroModules.createHybridObject<DsaKeyPair>('DsaKeyPair');
+    this.native.setModulusLength(modulusLength);
+    if (divisorLength !== undefined && divisorLength >= 0) {
+      this.native.setDivisorLength(divisorLength);
+    }
+  }
+
+  async generateKeyPair(): Promise<void> {
+    await this.native.generateKeyPair();
+  }
+
+  generateKeyPairSync(): void {
+    this.native.generateKeyPairSync();
+  }
+}
+
+function dsa_prepareKeyGenParams(
+  options: GenerateKeyPairOptions | undefined,
+): Dsa {
+  if (!options) {
+    throw new Error('Options are required for DSA key generation');
+  }
+
+  const { modulusLength, divisorLength } = options;
+
+  if (!modulusLength || modulusLength <= 0) {
+    throw new Error('Invalid or missing modulusLength for DSA key generation');
+  }
+
+  return new Dsa(modulusLength, divisorLength);
+}
+
+function dsa_formatKeyPairOutput(
+  dsa: Dsa,
+  encoding: KeyPairGenConfig,
+): {
+  publicKey: PublicKeyObject | Buffer | string | ArrayBuffer;
+  privateKey: PrivateKeyObject | Buffer | string | ArrayBuffer;
+} {
+  const { publicFormat, privateFormat, cipher, passphrase } = encoding;
+
+  const publicKeyData = dsa.native.getPublicKey();
+  const privateKeyData = dsa.native.getPrivateKey();
+
+  const pub = KeyObject.createKeyObject(
+    'public',
+    publicKeyData,
+    KFormatType.DER,
+    KeyEncoding.SPKI,
+  ) as PublicKeyObject;
+
+  const priv = KeyObject.createKeyObject(
+    'private',
+    privateKeyData,
+    KFormatType.DER,
+    KeyEncoding.PKCS8,
+  ) as PrivateKeyObject;
+
+  let publicKey: PublicKeyObject | Buffer | string | ArrayBuffer;
+  let privateKey: PrivateKeyObject | Buffer | string | ArrayBuffer;
+
+  if (publicFormat === -1) {
+    publicKey = pub;
+  } else {
+    const format =
+      publicFormat === KFormatType.PEM ? KFormatType.PEM : KFormatType.DER;
+    const exported = pub.handle.exportKey(format, KeyEncoding.SPKI);
+    if (format === KFormatType.PEM) {
+      publicKey = Buffer.from(new Uint8Array(exported)).toString('utf-8');
+    } else {
+      publicKey = exported;
+    }
+  }
+
+  if (privateFormat === -1) {
+    privateKey = priv;
+  } else {
+    const format =
+      privateFormat === KFormatType.PEM ? KFormatType.PEM : KFormatType.DER;
+    const exported = priv.handle.exportKey(
+      format,
+      KeyEncoding.PKCS8,
+      cipher,
+      passphrase,
+    );
+    if (format === KFormatType.PEM) {
+      privateKey = Buffer.from(new Uint8Array(exported)).toString('utf-8');
+    } else {
+      privateKey = exported;
+    }
+  }
+
+  return { publicKey, privateKey };
+}
+
+export async function dsa_generateKeyPairNode(
+  options: GenerateKeyPairOptions | undefined,
+  encoding: KeyPairGenConfig,
+): Promise<{
+  publicKey: PublicKeyObject | Buffer | string | ArrayBuffer;
+  privateKey: PrivateKeyObject | Buffer | string | ArrayBuffer;
+}> {
+  const dsa = dsa_prepareKeyGenParams(options);
+  await dsa.generateKeyPair();
+  return dsa_formatKeyPairOutput(dsa, encoding);
+}
+
+export function dsa_generateKeyPairNodeSync(
+  options: GenerateKeyPairOptions | undefined,
+  encoding: KeyPairGenConfig,
+): {
+  publicKey: PublicKeyObject | Buffer | string | ArrayBuffer;
+  privateKey: PrivateKeyObject | Buffer | string | ArrayBuffer;
+} {
+  const dsa = dsa_prepareKeyGenParams(options);
+  dsa.generateKeyPairSync();
+  return dsa_formatKeyPairOutput(dsa, encoding);
+}

package/src/ec.ts

@@ -6,7 +6,7 @@ import {
   KeyObject,
   PublicKeyObject,
   PrivateKeyObject,
-} from './keys';
+} from './keys/classes';
 import type {
   CryptoKeyPair,
   KeyPairOptions,
@@ -76,7 +76,7 @@ export class Ec {
   }
 }
 
-// Node API
+// WebCrypto API - only P-256, P-384, P-521 allowed per spec
 export function ecImportKey(
   format: ImportFormat,
   keyData: BufferLike | BinaryLike | JWK,
@@ -289,7 +289,7 @@ export const ecdsaSignVerify = (
   }
 };
 
-// Node API
+// WebCrypto API - only P-256, P-384, P-521 allowed per spec
 
 export async function ec_generateKeyPair(
   name: string,
@@ -388,11 +388,8 @@ function ec_prepareKeyGenParams(
 
   const { namedCurve } = options as { namedCurve?: string };
 
-  if (
-    !namedCurve ||
-    !kNamedCurveAliases[namedCurve as keyof typeof kNamedCurveAliases]
-  ) {
-    throw new Error(`Invalid or unsupported named curve: ${namedCurve}`);
+  if (!namedCurve) {
+    throw new Error('namedCurve is required for EC key generation');
   }
 
   return new Ec(namedCurve);
@@ -550,7 +547,10 @@ export function ecDeriveBits(
   // If length is specified, truncate
   const byteLength = Math.ceil(length / 8);
   if (secretBuf.byteLength >= byteLength) {
-    return secretBuf.subarray(0, byteLength).buffer as ArrayBuffer;
+    return secretBuf.buffer.slice(
+      secretBuf.byteOffset,
+      secretBuf.byteOffset + byteLength,
+    ) as ArrayBuffer;
   }
 
   throw new Error('Derived key is shorter than requested length');

package/src/ecdh.ts

@@ -2,7 +2,20 @@ import { NitroModules } from 'react-native-nitro-modules';
 import type { ECDH as ECDHInterface } from './specs/ecdh.nitro';
 import { Buffer } from '@craftzdog/react-native-buffer';
 
+const POINT_CONVERSION_COMPRESSED = 2;
+const POINT_CONVERSION_UNCOMPRESSED = 4;
+const POINT_CONVERSION_HYBRID = 6;
+
 export class ECDH {
+  private static _convertKeyHybrid: ECDHInterface | undefined;
+  private static get convertKeyHybrid(): ECDHInterface {
+    if (!this._convertKeyHybrid) {
+      this._convertKeyHybrid =
+        NitroModules.createHybridObject<ECDHInterface>('ECDH');
+    }
+    return this._convertKeyHybrid;
+  }
+
   private _hybrid: ECDHInterface;
 
   constructor(curveName: string) {
@@ -69,6 +82,52 @@ export class ECDH {
     }
     this._hybrid.setPublicKey(keyBuf.buffer as ArrayBuffer);
   }
+
+  static convertKey(
+    key: Buffer | string,
+    curve: string,
+    inputEncoding?: BufferEncoding,
+    outputEncoding?: BufferEncoding,
+    format?: 'uncompressed' | 'compressed' | 'hybrid',
+  ): Buffer | string {
+    let keyBuf: Buffer;
+    if (Buffer.isBuffer(key)) {
+      keyBuf = key;
+    } else {
+      keyBuf = Buffer.from(key, inputEncoding);
+    }
+
+    let formatNum: number;
+    switch (format) {
+      case 'compressed':
+        formatNum = POINT_CONVERSION_COMPRESSED;
+        break;
+      case 'hybrid':
+        formatNum = POINT_CONVERSION_HYBRID;
+        break;
+      case 'uncompressed':
+      case undefined:
+        formatNum = POINT_CONVERSION_UNCOMPRESSED;
+        break;
+      default:
+        throw new TypeError(
+          `Invalid point conversion format: ${format as string}`,
+        );
+    }
+
+    const result = Buffer.from(
+      ECDH.convertKeyHybrid.convertKey(
+        keyBuf.buffer as ArrayBuffer,
+        curve,
+        formatNum,
+      ),
+    );
+
+    if (outputEncoding) {
+      return result.toString(outputEncoding);
+    }
+    return result;
+  }
 }
 
 export function createECDH(curveName: string): ECDH {

package/src/ed.ts

@@ -1,12 +1,12 @@
 import { NitroModules } from 'react-native-nitro-modules';
 import { Buffer } from '@craftzdog/react-native-buffer';
-import type { AsymmetricKeyObject, PrivateKeyObject } from './keys';
+import type { AsymmetricKeyObject, PrivateKeyObject } from './keys/classes';
 import {
   CryptoKey,
   KeyObject,
   PublicKeyObject,
   PrivateKeyObject as PrivateKeyObjectClass,
-} from './keys';
+} from './keys/classes';
 import type { EdKeyPair } from './specs/edKeyPair.nitro';
 import type {
   BinaryLike,