react-native-quick-crypto 1.0.10 → 1.0.12

package/src/utils/conversion.ts

@@ -1,7 +1,6 @@
 import { Buffer as CraftzdogBuffer } from '@craftzdog/react-native-buffer';
 import { Buffer as SafeBuffer } from 'safe-buffer';
 import type { ABV, BinaryLikeNode, BufferLike } from './types';
-import { KeyObject } from '../keys/classes';
 
 /**
  * Converts supplied argument to an ArrayBuffer.  Note this does not copy the
@@ -133,9 +132,16 @@ export function binaryLikeToArrayBuffer(
   //   }
   // }
 
-  // KeyObject
-  if (input instanceof KeyObject) {
-    return input.handle.exportKey();
+  // KeyObject — duck-typed via Symbol.toStringTag to avoid circular dependency
+  // with keys/classes. The type assertion must match KeyObjectHandle.exportKey().
+  if (
+    typeof input === 'object' &&
+    input != null &&
+    Object.prototype.toString.call(input) === '[object KeyObject]'
+  ) {
+    return (
+      input as { handle: { exportKey(): ArrayBuffer } }
+    ).handle.exportKey();
   }
 
   throw new Error(

package/src/utils/hashnames.ts

@@ -63,6 +63,26 @@ const kHashNames: HashNames = {
     [HashContext.Node]: 'ripemd160',
     [HashContext.WebCrypto]: 'RIPEMD-160',
   },
+  'sha3-256': {
+    [HashContext.Node]: 'sha3-256',
+    [HashContext.WebCrypto]: 'SHA3-256',
+  },
+  'sha3-384': {
+    [HashContext.Node]: 'sha3-384',
+    [HashContext.WebCrypto]: 'SHA3-384',
+  },
+  'sha3-512': {
+    [HashContext.Node]: 'sha3-512',
+    [HashContext.WebCrypto]: 'SHA3-512',
+  },
+  shake128: {
+    [HashContext.Node]: 'shake128',
+    [HashContext.WebCrypto]: 'cSHAKE128',
+  },
+  shake256: {
+    [HashContext.Node]: 'shake256',
+    [HashContext.WebCrypto]: 'cSHAKE256',
+  },
 };
 
 {
@@ -76,18 +96,29 @@ const kHashNames: HashNames = {
         kHashNames[alias] = kHashNames[keys[n]!]!;
     }
   }
+
+  // Add OpenSSL legacy RSA-* aliases (e.g. RSA-SHA256 -> sha256)
+  for (let n: number = 0; n < keys.length; n++) {
+    const key = keys[n]!;
+    if (key.startsWith('sha') || key === 'ripemd160') {
+      const rsaAlias = 'rsa-' + key;
+      if (kHashNames[rsaAlias] === undefined) {
+        kHashNames[rsaAlias] = kHashNames[key]!;
+      }
+    }
+  }
 }
 
 export function normalizeHashName(
   algo: string | HashAlgorithm | { name: string } | undefined,
   context: HashContext = HashContext.Node,
-): HashAlgorithm {
+): string {
   if (typeof algo !== 'undefined') {
     const hashName =
       typeof algo === 'string' ? algo : algo.name || algo.toString();
     const normAlgo = hashName.toLowerCase();
     try {
-      const alias = kHashNames[normAlgo]![context] as HashAlgorithm;
+      const alias = kHashNames[normAlgo]![context];
       if (alias) return alias;
       // eslint-disable-next-line @typescript-eslint/no-unused-vars
     } catch (_e) {

package/src/utils/types.ts

@@ -40,7 +40,16 @@ export type BinaryLike =
 
 export type BinaryLikeNode = CipherKey | BinaryLike | KeyObject;
 
-export type DigestAlgorithm = 'SHA-1' | 'SHA-256' | 'SHA-384' | 'SHA-512';
+export type DigestAlgorithm =
+  | 'SHA-1'
+  | 'SHA-256'
+  | 'SHA-384'
+  | 'SHA-512'
+  | 'SHA3-256'
+  | 'SHA3-384'
+  | 'SHA3-512'
+  | 'cSHAKE128'
+  | 'cSHAKE256';
 
 export type HashAlgorithm = DigestAlgorithm | 'SHA-224' | 'RIPEMD-160';
 
@@ -65,8 +74,27 @@ export type ECKeyPairAlgorithm = 'ECDSA' | 'ECDH';
 export type CFRGKeyPairAlgorithm = 'Ed25519' | 'Ed448' | 'X25519' | 'X448';
 export type CFRGKeyPairType = 'ed25519' | 'ed448' | 'x25519' | 'x448';
 
-export type PQCKeyPairAlgorithm = 'ML-DSA-44' | 'ML-DSA-65' | 'ML-DSA-87';
-export type PQCKeyPairType = 'ml-dsa-44' | 'ml-dsa-65' | 'ml-dsa-87';
+export type PQCKeyPairAlgorithm =
+  | 'ML-DSA-44'
+  | 'ML-DSA-65'
+  | 'ML-DSA-87'
+  | 'ML-KEM-512'
+  | 'ML-KEM-768'
+  | 'ML-KEM-1024';
+export type PQCKeyPairType =
+  | 'ml-dsa-44'
+  | 'ml-dsa-65'
+  | 'ml-dsa-87'
+  | 'ml-kem-512'
+  | 'ml-kem-768'
+  | 'ml-kem-1024';
+
+export type MlKemAlgorithm = 'ML-KEM-512' | 'ML-KEM-768' | 'ML-KEM-1024';
+
+export interface EncapsulateResult {
+  sharedKey: ArrayBuffer;
+  ciphertext: ArrayBuffer;
+}
 
 // Node.js style key pair types (lowercase)
 export type RSAKeyPairType = 'rsa' | 'rsa-pss';
@@ -94,18 +122,23 @@ export type SignVerifyAlgorithm =
   | 'RSA-PSS'
   | 'ECDSA'
   | 'HMAC'
+  | 'KMAC128'
+  | 'KMAC256'
   | 'Ed25519'
   | 'Ed448'
   | 'ML-DSA-44'
   | 'ML-DSA-65'
   | 'ML-DSA-87';
 
+export type Argon2Algorithm = 'Argon2d' | 'Argon2i' | 'Argon2id';
+
 export type DeriveBitsAlgorithm =
   | 'PBKDF2'
   | 'HKDF'
   | 'ECDH'
   | 'X25519'
-  | 'X448';
+  | 'X448'
+  | Argon2Algorithm;
 
 export type EncryptDecryptAlgorithm =
   | 'RSA-OAEP'
@@ -193,15 +226,27 @@ export type NamedCurve = 'P-256' | 'P-384' | 'P-521';
 
 export type SubtleAlgorithm = {
   name: AnyAlgorithm;
-  salt?: string;
+  salt?: string | BufferLike;
   iterations?: number;
-  hash?: HashAlgorithm | { name: string };
+  hash?: HashAlgorithm | string | { name: string };
   namedCurve?: NamedCurve;
   length?: number;
   modulusLength?: number;
   publicExponent?: number | Uint8Array;
   saltLength?: number;
   public?: CryptoKey;
+  info?: BufferLike;
+  // Argon2 parameters
+  nonce?: BufferLike;
+  parallelism?: number;
+  tagLength?: number;
+  memory?: number;
+  passes?: number;
+  secretValue?: BufferLike;
+  associatedData?: BufferLike;
+  version?: number;
+  // KMAC parameters
+  customization?: BufferLike;
 };
 
 export type KeyPairType =
@@ -462,7 +507,14 @@ export type DiffieHellmanCallback = (
 // from @paulmillr/noble-curves
 export type Hex = string | Uint8Array;
 
-export type ImportFormat = 'raw' | 'raw-secret' | 'pkcs8' | 'spki' | 'jwk';
+export type ImportFormat =
+  | 'raw'
+  | 'raw-public'
+  | 'raw-secret'
+  | 'raw-seed'
+  | 'pkcs8'
+  | 'spki'
+  | 'jwk';
 
 export type Operation =
   | 'encrypt'
@@ -474,7 +526,11 @@ export type Operation =
   | 'exportKey'
   | 'deriveBits'
   | 'wrapKey'
-  | 'unwrapKey';
+  | 'unwrapKey'
+  | 'encapsulateBits'
+  | 'decapsulateBits'
+  | 'encapsulateKey'
+  | 'decapsulateKey';
 
 export interface KeyPairOptions {
   namedCurve: string;

package/src/x509certificate.ts

@@ -0,0 +1,277 @@
+import { NitroModules } from 'react-native-nitro-modules';
+import { Buffer } from '@craftzdog/react-native-buffer';
+import type { X509CertificateHandle } from './specs/x509certificate.nitro';
+import { PublicKeyObject, KeyObject } from './keys';
+import type { BinaryLike } from './utils';
+import { binaryLikeToArrayBuffer } from './utils';
+
+const X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT = 0x1;
+const X509_CHECK_FLAG_NO_WILDCARDS = 0x2;
+const X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS = 0x4;
+const X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS = 0x8;
+const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS = 0x10;
+const X509_CHECK_FLAG_NEVER_CHECK_SUBJECT = 0x20;
+
+export interface X509LegacyObject {
+  subject: string;
+  issuer: string;
+  subjectaltname: string;
+  infoAccess: string;
+  ca: boolean;
+  modulus: undefined;
+  bits: undefined;
+  exponent: undefined;
+  valid_from: string;
+  valid_to: string;
+  fingerprint: string;
+  fingerprint256: string;
+  fingerprint512: string;
+  ext_key_usage: string[];
+  serialNumber: string;
+  raw: Buffer;
+}
+
+export interface CheckOptions {
+  subject?: 'default' | 'always' | 'never';
+  wildcards?: boolean;
+  partialWildcards?: boolean;
+  multiLabelWildcards?: boolean;
+  singleLabelSubdomains?: boolean;
+}
+
+function getFlags(options?: CheckOptions): number {
+  if (!options) return 0;
+
+  let flags = 0;
+
+  if (options.subject === 'always') {
+    flags |= X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT;
+  } else if (options.subject === 'never') {
+    flags |= X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
+  }
+
+  if (options.wildcards === false) {
+    flags |= X509_CHECK_FLAG_NO_WILDCARDS;
+  }
+
+  if (options.partialWildcards === false) {
+    flags |= X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;
+  }
+
+  if (options.multiLabelWildcards === true) {
+    flags |= X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS;
+  }
+
+  if (options.singleLabelSubdomains === true) {
+    flags |= X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS;
+  }
+
+  return flags;
+}
+
+export class X509Certificate {
+  private readonly handle: X509CertificateHandle;
+  private readonly cache = new Map<string, unknown>();
+
+  constructor(buffer: BinaryLike) {
+    this.handle = NitroModules.createHybridObject<X509CertificateHandle>(
+      'X509CertificateHandle',
+    );
+
+    let ab: ArrayBuffer;
+    if (typeof buffer === 'string') {
+      ab = Buffer.from(buffer).buffer as ArrayBuffer;
+    } else {
+      ab = binaryLikeToArrayBuffer(buffer);
+    }
+
+    this.handle.init(ab);
+  }
+
+  private cached<T>(key: string, compute: () => T): T {
+    if (this.cache.has(key)) {
+      return this.cache.get(key) as T;
+    }
+    const value = compute();
+    this.cache.set(key, value);
+    return value;
+  }
+
+  get subject(): string {
+    return this.cached('subject', () => this.handle.subject());
+  }
+
+  get subjectAltName(): string {
+    return this.cached('subjectAltName', () => this.handle.subjectAltName());
+  }
+
+  get issuer(): string {
+    return this.cached('issuer', () => this.handle.issuer());
+  }
+
+  get infoAccess(): string {
+    return this.cached('infoAccess', () => this.handle.infoAccess());
+  }
+
+  get validFrom(): string {
+    return this.cached('validFrom', () => this.handle.validFrom());
+  }
+
+  get validTo(): string {
+    return this.cached('validTo', () => this.handle.validTo());
+  }
+
+  get validFromDate(): Date {
+    return this.cached(
+      'validFromDate',
+      () => new Date(this.handle.validFromDate()),
+    );
+  }
+
+  get validToDate(): Date {
+    return this.cached(
+      'validToDate',
+      () => new Date(this.handle.validToDate()),
+    );
+  }
+
+  get fingerprint(): string {
+    return this.cached('fingerprint', () => this.handle.fingerprint());
+  }
+
+  get fingerprint256(): string {
+    return this.cached('fingerprint256', () => this.handle.fingerprint256());
+  }
+
+  get fingerprint512(): string {
+    return this.cached('fingerprint512', () => this.handle.fingerprint512());
+  }
+
+  get extKeyUsage(): string[] {
+    return this.cached('extKeyUsage', () => this.handle.keyUsage());
+  }
+
+  get keyUsage(): string[] {
+    return this.extKeyUsage;
+  }
+
+  get serialNumber(): string {
+    return this.cached('serialNumber', () => this.handle.serialNumber());
+  }
+
+  get signatureAlgorithm(): string {
+    return this.cached('signatureAlgorithm', () =>
+      this.handle.signatureAlgorithm(),
+    );
+  }
+
+  get signatureAlgorithmOid(): string {
+    return this.cached('signatureAlgorithmOid', () =>
+      this.handle.signatureAlgorithmOid(),
+    );
+  }
+
+  get ca(): boolean {
+    return this.cached('ca', () => this.handle.ca());
+  }
+
+  get raw(): Buffer {
+    return this.cached('raw', () => Buffer.from(this.handle.raw()));
+  }
+
+  get publicKey(): PublicKeyObject {
+    return this.cached(
+      'publicKey',
+      () => new PublicKeyObject(this.handle.publicKey()),
+    );
+  }
+
+  get issuerCertificate(): undefined {
+    return undefined;
+  }
+
+  checkHost(name: string, options?: CheckOptions): string | undefined {
+    if (typeof name !== 'string') {
+      throw new TypeError('The "name" argument must be a string');
+    }
+    return this.handle.checkHost(name, getFlags(options));
+  }
+
+  checkEmail(email: string, options?: CheckOptions): string | undefined {
+    if (typeof email !== 'string') {
+      throw new TypeError('The "email" argument must be a string');
+    }
+    return this.handle.checkEmail(email, getFlags(options));
+  }
+
+  checkIP(ip: string): string | undefined {
+    if (typeof ip !== 'string') {
+      throw new TypeError('The "ip" argument must be a string');
+    }
+    return this.handle.checkIP(ip);
+  }
+
+  checkIssued(otherCert: X509Certificate): boolean {
+    if (!(otherCert instanceof X509Certificate)) {
+      throw new TypeError(
+        'The "otherCert" argument must be an instance of X509Certificate',
+      );
+    }
+    return this.handle.checkIssued(otherCert.handle);
+  }
+
+  checkPrivateKey(pkey: KeyObject): boolean {
+    if (!(pkey instanceof KeyObject)) {
+      throw new TypeError(
+        'The "pkey" argument must be an instance of KeyObject',
+      );
+    }
+    if (pkey.type !== 'private') {
+      throw new TypeError('The "pkey" argument must be a private key');
+    }
+    return this.handle.checkPrivateKey(pkey.handle);
+  }
+
+  verify(pkey: KeyObject): boolean {
+    if (!(pkey instanceof KeyObject)) {
+      throw new TypeError(
+        'The "pkey" argument must be an instance of KeyObject',
+      );
+    }
+    if (pkey.type !== 'public') {
+      throw new TypeError(
+        `The "pkey" argument must be a public key, got '${pkey.type}'`,
+      );
+    }
+    return this.handle.verify(pkey.handle);
+  }
+
+  toString(): string {
+    return this.cached('pem', () => this.handle.pem());
+  }
+
+  toJSON(): string {
+    return this.toString();
+  }
+
+  toLegacyObject(): X509LegacyObject {
+    return {
+      subject: this.subject,
+      issuer: this.issuer,
+      subjectaltname: this.subjectAltName,
+      infoAccess: this.infoAccess,
+      ca: this.ca,
+      modulus: undefined,
+      bits: undefined,
+      exponent: undefined,
+      valid_from: this.validFrom,
+      valid_to: this.validTo,
+      fingerprint: this.fingerprint,
+      fingerprint256: this.fingerprint256,
+      fingerprint512: this.fingerprint512,
+      ext_key_usage: this.keyUsage,
+      serialNumber: this.serialNumber,
+      raw: this.raw,
+    };
+  }
+}