react-native-quick-crypto 1.0.11 → 1.0.13

package/nitrogen/generated/shared/c++/HybridX509CertificateHandleSpec.hpp

@@ -0,0 +1,96 @@
+///
+/// HybridX509CertificateHandleSpec.hpp
+/// This file was generated by nitrogen. DO NOT MODIFY THIS FILE.
+/// https://github.com/mrousavy/nitro
+/// Copyright © Marc Rousavy @ Margelo
+///
+
+#pragma once
+
+#if __has_include(<NitroModules/HybridObject.hpp>)
+#include <NitroModules/HybridObject.hpp>
+#else
+#error NitroModules cannot be found! Are you sure you installed NitroModules properly?
+#endif
+
+// Forward declaration of `HybridKeyObjectHandleSpec` to properly resolve imports.
+namespace margelo::nitro::crypto { class HybridKeyObjectHandleSpec; }
+// Forward declaration of `HybridX509CertificateHandleSpec` to properly resolve imports.
+namespace margelo::nitro::crypto { class HybridX509CertificateHandleSpec; }
+
+#include <NitroModules/ArrayBuffer.hpp>
+#include <string>
+#include <memory>
+#include "HybridKeyObjectHandleSpec.hpp"
+#include <vector>
+#include "HybridX509CertificateHandleSpec.hpp"
+#include <optional>
+
+namespace margelo::nitro::crypto {
+
+  using namespace margelo::nitro;
+
+  /**
+   * An abstract base class for `X509CertificateHandle`
+   * Inherit this class to create instances of `HybridX509CertificateHandleSpec` in C++.
+   * You must explicitly call `HybridObject`'s constructor yourself, because it is virtual.
+   * @example
+   * ```cpp
+   * class HybridX509CertificateHandle: public HybridX509CertificateHandleSpec {
+   * public:
+   *   HybridX509CertificateHandle(...): HybridObject(TAG) { ... }
+   *   // ...
+   * };
+   * ```
+   */
+  class HybridX509CertificateHandleSpec: public virtual HybridObject {
+    public:
+      // Constructor
+      explicit HybridX509CertificateHandleSpec(): HybridObject(TAG) { }
+
+      // Destructor
+      ~HybridX509CertificateHandleSpec() override = default;
+
+    public:
+      // Properties
+      
+
+    public:
+      // Methods
+      virtual void init(const std::shared_ptr<ArrayBuffer>& buffer) = 0;
+      virtual std::string subject() = 0;
+      virtual std::string subjectAltName() = 0;
+      virtual std::string issuer() = 0;
+      virtual std::string infoAccess() = 0;
+      virtual std::string validFrom() = 0;
+      virtual std::string validTo() = 0;
+      virtual double validFromDate() = 0;
+      virtual double validToDate() = 0;
+      virtual std::string signatureAlgorithm() = 0;
+      virtual std::string signatureAlgorithmOid() = 0;
+      virtual std::string serialNumber() = 0;
+      virtual std::string fingerprint() = 0;
+      virtual std::string fingerprint256() = 0;
+      virtual std::string fingerprint512() = 0;
+      virtual std::shared_ptr<ArrayBuffer> raw() = 0;
+      virtual std::string pem() = 0;
+      virtual std::shared_ptr<HybridKeyObjectHandleSpec> publicKey() = 0;
+      virtual std::vector<std::string> keyUsage() = 0;
+      virtual bool ca() = 0;
+      virtual bool checkIssued(const std::shared_ptr<HybridX509CertificateHandleSpec>& other) = 0;
+      virtual bool checkPrivateKey(const std::shared_ptr<HybridKeyObjectHandleSpec>& key) = 0;
+      virtual bool verify(const std::shared_ptr<HybridKeyObjectHandleSpec>& key) = 0;
+      virtual std::optional<std::string> checkHost(const std::string& name, double flags) = 0;
+      virtual std::optional<std::string> checkEmail(const std::string& email, double flags) = 0;
+      virtual std::optional<std::string> checkIP(const std::string& ip) = 0;
+
+    protected:
+      // Hybrid Setup
+      void loadHybridMethods() override;
+
+    protected:
+      // Tag for logging
+      static constexpr auto TAG = "X509CertificateHandle";
+  };
+
+} // namespace margelo::nitro::crypto

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "react-native-quick-crypto",
-  "version": "1.0.11",
+  "version": "1.0.13",
   "description": "A fast implementation of Node's `crypto` module written in C/C++ JSI",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",
@@ -19,6 +19,7 @@
     "prepare": "bun clean && bun tsc && bob build",
     "release": "release-it",
     "specs": "nitrogen",
+    "circular": "dpdm --circular --no-tree --no-warning --exit-code circular:1 --transform src/index.ts",
     "test": "jest"
   },
   "files": [
@@ -77,6 +78,7 @@
     "events": "3.3.0",
     "readable-stream": "4.5.2",
     "safe-buffer": "^5.2.1",
+    "string_decoder": "^1.3.0",
     "util": "0.12.5"
   },
   "devDependencies": {
@@ -85,6 +87,7 @@
     "@types/react": "18.3.3",
     "@types/readable-stream": "4.0.18",
     "del-cli": "7.0.0",
+    "dpdm": "^4.0.1",
     "expo": "^54.0.25",
     "expo-build-properties": "^1.0.0",
     "jest": "29.7.0",

package/src/cipher.ts

@@ -1,5 +1,6 @@
 import { NitroModules } from 'react-native-nitro-modules';
 import Stream, { type TransformOptions } from 'readable-stream';
+import { StringDecoder } from 'string_decoder';
 import { Buffer } from '@craftzdog/react-native-buffer';
 import type { BinaryLike, BinaryLikeNode, Encoding } from './utils';
 import type {
@@ -14,7 +15,7 @@ import type {
   Cipher as NativeCipher,
   CipherFactory,
 } from './specs/cipher.nitro';
-import { ab2str, binaryLikeToArrayBuffer } from './utils';
+import { binaryLikeToArrayBuffer } from './utils';
 import {
   getDefaultEncoding,
   getUIntOption,
@@ -74,6 +75,8 @@ interface CipherArgs {
 
 class CipherCommon extends Stream.Transform {
   private native: NativeCipher;
+  private _decoder: StringDecoder | null = null;
+  private _decoderEncoding: string | undefined = undefined;
 
   constructor({ isCipher, cipherType, cipherKey, iv, options }: CipherArgs) {
     // Explicitly create TransformOptions for super()
@@ -120,6 +123,17 @@ class CipherCommon extends Stream.Transform {
     });
   }
 
+  private getDecoder(encoding: string): StringDecoder {
+    const normalized = normalizeEncoding(encoding);
+    if (!this._decoder) {
+      this._decoder = new StringDecoder(encoding as BufferEncoding);
+      this._decoderEncoding = normalized;
+    } else if (this._decoderEncoding !== normalized) {
+      throw new Error('Cannot change encoding');
+    }
+    return this._decoder;
+  }
+
   update(data: Buffer): Buffer;
   update(data: BinaryLike, inputEncoding?: Encoding): Buffer;
   update(
@@ -147,7 +161,7 @@ class CipherCommon extends Stream.Transform {
     );
 
     if (outputEncoding && outputEncoding !== 'buffer') {
-      return ab2str(ret, outputEncoding);
+      return this.getDecoder(outputEncoding).write(Buffer.from(ret));
     }
 
     return Buffer.from(ret);
@@ -159,7 +173,7 @@ class CipherCommon extends Stream.Transform {
     const ret = this.native.final();
 
     if (outputEncoding && outputEncoding !== 'buffer') {
-      return ab2str(ret, outputEncoding);
+      return this.getDecoder(outputEncoding).end(Buffer.from(ret));
     }
 
     return Buffer.from(ret);

package/src/dhKeyPair.ts

@@ -1,6 +1,6 @@
 import { NitroModules } from 'react-native-nitro-modules';
 import { Buffer } from '@craftzdog/react-native-buffer';
-import { KeyObject, PublicKeyObject, PrivateKeyObject } from './keys';
+import { KeyObject, PublicKeyObject, PrivateKeyObject } from './keys/classes';
 import type { DhKeyPair } from './specs/dhKeyPair.nitro';
 import type { GenerateKeyPairOptions, KeyPairGenConfig } from './utils/types';
 import { KFormatType, KeyEncoding } from './utils';

package/src/dsa.ts

@@ -1,6 +1,6 @@
 import { NitroModules } from 'react-native-nitro-modules';
 import { Buffer } from '@craftzdog/react-native-buffer';
-import { KeyObject, PublicKeyObject, PrivateKeyObject } from './keys';
+import { KeyObject, PublicKeyObject, PrivateKeyObject } from './keys/classes';
 import type { DsaKeyPair } from './specs/dsaKeyPair.nitro';
 import type { GenerateKeyPairOptions, KeyPairGenConfig } from './utils/types';
 import { KFormatType, KeyEncoding } from './utils';

package/src/ec.ts

@@ -6,7 +6,7 @@ import {
   KeyObject,
   PublicKeyObject,
   PrivateKeyObject,
-} from './keys';
+} from './keys/classes';
 import type {
   CryptoKeyPair,
   KeyPairOptions,
@@ -76,7 +76,7 @@ export class Ec {
   }
 }
 
-// Node API
+// WebCrypto API - only P-256, P-384, P-521 allowed per spec
 export function ecImportKey(
   format: ImportFormat,
   keyData: BufferLike | BinaryLike | JWK,
@@ -289,7 +289,7 @@ export const ecdsaSignVerify = (
   }
 };
 
-// Node API
+// WebCrypto API - only P-256, P-384, P-521 allowed per spec
 
 export async function ec_generateKeyPair(
   name: string,
@@ -388,11 +388,8 @@ function ec_prepareKeyGenParams(
 
   const { namedCurve } = options as { namedCurve?: string };
 
-  if (
-    !namedCurve ||
-    !kNamedCurveAliases[namedCurve as keyof typeof kNamedCurveAliases]
-  ) {
-    throw new Error(`Invalid or unsupported named curve: ${namedCurve}`);
+  if (!namedCurve) {
+    throw new Error('namedCurve is required for EC key generation');
   }
 
   return new Ec(namedCurve);
@@ -550,7 +547,10 @@ export function ecDeriveBits(
   // If length is specified, truncate
   const byteLength = Math.ceil(length / 8);
   if (secretBuf.byteLength >= byteLength) {
-    return secretBuf.subarray(0, byteLength).buffer as ArrayBuffer;
+    return secretBuf.buffer.slice(
+      secretBuf.byteOffset,
+      secretBuf.byteOffset + byteLength,
+    ) as ArrayBuffer;
   }
 
   throw new Error('Derived key is shorter than requested length');

package/src/ed.ts

@@ -1,12 +1,12 @@
 import { NitroModules } from 'react-native-nitro-modules';
 import { Buffer } from '@craftzdog/react-native-buffer';
-import type { AsymmetricKeyObject, PrivateKeyObject } from './keys';
+import type { AsymmetricKeyObject, PrivateKeyObject } from './keys/classes';
 import {
   CryptoKey,
   KeyObject,
   PublicKeyObject,
   PrivateKeyObject as PrivateKeyObjectClass,
-} from './keys';
+} from './keys/classes';
 import type { EdKeyPair } from './specs/edKeyPair.nitro';
 import type {
   BinaryLike,

package/src/hash.ts

@@ -241,19 +241,38 @@ export const asyncDigest = async (
 ): Promise<ArrayBuffer> => {
   validateMaxBufferLength(data, 'data');
 
-  switch (algorithm.name) {
-    case 'SHA-1':
-    // Fall through
-    case 'SHA-256':
-    // Fall through
-    case 'SHA-384':
-    // Fall through
-    case 'SHA-512':
-      return internalDigest(algorithm, data);
+  const name = algorithm.name;
+
+  if (
+    name === 'SHA-1' ||
+    name === 'SHA-256' ||
+    name === 'SHA-384' ||
+    name === 'SHA-512' ||
+    name === 'SHA3-256' ||
+    name === 'SHA3-384' ||
+    name === 'SHA3-512'
+  ) {
+    return internalDigest(algorithm, data);
+  }
+
+  if (name === 'cSHAKE128' || name === 'cSHAKE256') {
+    if (typeof algorithm.length !== 'number' || algorithm.length <= 0) {
+      throw lazyDOMException(
+        'cSHAKE requires a length parameter',
+        'OperationError',
+      );
+    }
+    if (algorithm.length % 8) {
+      throw lazyDOMException(
+        'Unsupported CShakeParams length',
+        'NotSupportedError',
+      );
+    }
+    return internalDigest(algorithm, data, algorithm.length);
   }
 
   throw lazyDOMException(
-    `Unrecognized algorithm name: ${algorithm.name}`,
+    `Unrecognized algorithm name: ${name}`,
     'NotSupportedError',
   );
 };
@@ -261,9 +280,13 @@ export const asyncDigest = async (
 const internalDigest = (
   algorithm: SubtleAlgorithm,
   data: BufferLike,
+  outputLength?: number,
 ): ArrayBuffer => {
   const normalizedHashName = normalizeHashName(algorithm.name);
-  const hash = createHash(normalizedHashName);
+  const hash = createHash(
+    normalizedHashName,
+    outputLength ? { outputLength } : undefined,
+  );
   hash.update(bufferLikeToArrayBuffer(data));
   const result = hash.digest();
   const arrayBuffer = new ArrayBuffer(result.length);

package/src/hkdf.ts

@@ -3,6 +3,7 @@ import { NitroModules } from 'react-native-nitro-modules';
 import type { Hkdf as HkdfNative } from './specs/hkdf.nitro';
 import { binaryLikeToArrayBuffer, normalizeHashName } from './utils';
 import type { BinaryLike } from './utils';
+import type { CryptoKey } from './keys';
 
 type KeyMaterial = BinaryLike;
 type Salt = BinaryLike;
@@ -15,12 +16,6 @@ export interface HkdfAlgorithm {
   info: BinaryLike;
 }
 
-export interface CryptoKeyInternal {
-  keyObject: {
-    export: () => Buffer;
-  };
-}
-
 export interface HkdfCallback {
   (err: Error | null, derivedKey?: Buffer): void;
 }
@@ -122,7 +117,7 @@ export function hkdfSync(
 
 export function hkdfDeriveBits(
   algorithm: HkdfAlgorithm,
-  baseKey: CryptoKeyInternal,
+  baseKey: CryptoKey,
   length: number,
 ): ArrayBuffer {
   const hash = algorithm.hash;

package/src/index.ts

@@ -16,7 +16,9 @@ import * as scrypt from './scrypt';
 import * as random from './random';
 import * as ecdh from './ecdh';
 import * as dh from './diffie-hellman';
+import * as mlkem from './mlkem';
 import { Certificate } from './certificate';
+import { X509Certificate } from './x509certificate';
 import { getCurves } from './ec';
 import { constants } from './constants';
 
@@ -43,9 +45,11 @@ const QuickCrypto = {
   ...random,
   ...ecdh,
   ...dh,
+  ...mlkem,
   ...utils,
   ...subtle,
   Certificate,
+  X509Certificate,
   getCurves,
   constants,
   Buffer,
@@ -81,6 +85,8 @@ export default QuickCrypto;
 export * from './argon2';
 export * from './blake3';
 export { Certificate } from './certificate';
+export { X509Certificate } from './x509certificate';
+export type { CheckOptions, X509LegacyObject } from './x509certificate';
 export * from './cipher';
 export * from './ed';
 export * from './keys';
@@ -94,6 +100,7 @@ export * from './random';
 export * from './ecdh';
 export { getCurves } from './ec';
 export * from './diffie-hellman';
+export * from './mlkem';
 export * from './utils';
 export * from './subtle';
 export { subtle, isCryptoKeyPair } from './subtle';

package/src/keys/classes.ts

@@ -3,6 +3,7 @@ import { NitroModules } from 'react-native-nitro-modules';
 import type {
   AsymmetricKeyType,
   EncodingOptions,
+  JWK,
   KeyDetail,
   KeyObjectHandle,
   KeyUsage,
@@ -81,10 +82,10 @@ export class KeyObject {
 
   export(options: { format: 'pem' } & EncodingOptions): string | Buffer;
   export(options?: { format: 'der' } & EncodingOptions): Buffer;
-  export(options?: { format: 'jwk' } & EncodingOptions): never;
-  export(options?: EncodingOptions): string | Buffer;
+  export(options?: { format: 'jwk' } & EncodingOptions): JWK;
+  export(options?: EncodingOptions): string | Buffer | JWK;
   // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  export(_options?: EncodingOptions): string | Buffer {
+  export(_options?: EncodingOptions): string | Buffer | JWK {
     // This is a placeholder and should be overridden by subclasses.
     throw new Error('export() must be implemented by subclasses');
   }
@@ -284,10 +285,10 @@ export class PublicKeyObject extends AsymmetricKeyObject {
 
   export(options: { format: 'pem' } & EncodingOptions): string;
   export(options: { format: 'der' } & EncodingOptions): Buffer;
-  export(options: { format: 'jwk' } & EncodingOptions): never;
-  export(options: EncodingOptions): string | Buffer {
+  export(options: { format: 'jwk' } & EncodingOptions): JWK;
+  export(options: EncodingOptions): string | Buffer | JWK {
     if (options?.format === 'jwk') {
-      throw new Error('PublicKey export for jwk is not implemented');
+      return this.handle.exportJwk({}, false);
     }
     const { format, type } = parsePublicKeyEncoding(
       options,
@@ -309,13 +310,13 @@ export class PrivateKeyObject extends AsymmetricKeyObject {
 
   export(options: { format: 'pem' } & EncodingOptions): string;
   export(options: { format: 'der' } & EncodingOptions): Buffer;
-  export(options: { format: 'jwk' } & EncodingOptions): never;
-  export(options: EncodingOptions): string | Buffer {
+  export(options: { format: 'jwk' } & EncodingOptions): JWK;
+  export(options: EncodingOptions): string | Buffer | JWK {
     if (options?.format === 'jwk') {
       if (options.passphrase !== undefined) {
         throw new Error('jwk does not support encryption');
       }
-      throw new Error('PrivateKey export for jwk is not implemented');
+      return this.handle.exportJwk({}, false);
     }
     const { format, type, cipher, passphrase } = parsePrivateKeyEncoding(
       options,

package/src/keys/index.ts

@@ -27,17 +27,19 @@ import {
   parsePrivateKeyEncoding,
   parsePublicKeyEncoding,
 } from './utils';
-import type { BinaryLike } from '../utils';
+import { NitroModules } from 'react-native-nitro-modules';
+import type { BinaryLike, JWK, KeyObjectHandle } from '../utils';
 import {
   binaryLikeToArrayBuffer as toAB,
   isStringOrBuffer,
   KFormatType,
   KeyEncoding,
+  KeyType,
 } from '../utils';
 import { randomBytes } from '../random';
 
 interface KeyInputObject {
-  key: BinaryLike | KeyObject | CryptoKey;
+  key: BinaryLike | KeyObject | CryptoKey | JWK;
   format?: 'pem' | 'der' | 'jwk';
   type?: 'pkcs1' | 'pkcs8' | 'spki' | 'sec1';
   passphrase?: BinaryLike;
@@ -123,6 +125,29 @@ function prepareAsymmetricKey(
 }
 
 function createPublicKey(key: KeyInput): PublicKeyObject {
+  if (typeof key === 'object' && 'key' in key && key.format === 'jwk') {
+    const handle =
+      NitroModules.createHybridObject<KeyObjectHandle>('KeyObjectHandle');
+    const keyType = handle.initJwk(key.key as JWK);
+    if (keyType === undefined) {
+      throw new Error('Failed to import JWK');
+    }
+    if (keyType === KeyType.PRIVATE) {
+      // Extract public from private
+      const exported = handle.exportKey(KFormatType.DER, KeyEncoding.SPKI);
+      const pubHandle =
+        NitroModules.createHybridObject<KeyObjectHandle>('KeyObjectHandle');
+      pubHandle.init(
+        KeyType.PUBLIC,
+        exported,
+        KFormatType.DER,
+        KeyEncoding.SPKI,
+      );
+      return new PublicKeyObject(pubHandle);
+    }
+    return new PublicKeyObject(handle);
+  }
+
   const { data, format, type } = prepareAsymmetricKey(key, true);
 
   // Map format string to KFormatType enum
@@ -144,6 +169,16 @@ function createPublicKey(key: KeyInput): PublicKeyObject {
 }
 
 function createPrivateKey(key: KeyInput): PrivateKeyObject {
+  if (typeof key === 'object' && 'key' in key && key.format === 'jwk') {
+    const handle =
+      NitroModules.createHybridObject<KeyObjectHandle>('KeyObjectHandle');
+    const keyType = handle.initJwk(key.key as JWK);
+    if (keyType === undefined || keyType !== KeyType.PRIVATE) {
+      throw new Error('Failed to import private key from JWK');
+    }
+    return new PrivateKeyObject(handle);
+  }
+
   const { data, format, type } = prepareAsymmetricKey(key, false);
 
   // Map format string to KFormatType enum

package/src/keys/publicCipher.ts

@@ -110,7 +110,7 @@ export function publicEncrypt(
   const rsaCipher: RsaCipher = NitroModules.createHybridObject('RsaCipher');
   const data = toAB(buffer);
   const paddingMode = padding ?? constants.RSA_PKCS1_OAEP_PADDING;
-  const hashAlgorithm = oaepHash || 'SHA-256';
+  const hashAlgorithm = oaepHash || 'sha1';
 
   try {
     const encrypted = rsaCipher.encrypt(
@@ -232,7 +232,7 @@ export function privateDecrypt(
   const rsaCipher: RsaCipher = NitroModules.createHybridObject('RsaCipher');
   const data = toAB(buffer);
   const paddingMode = padding ?? constants.RSA_PKCS1_OAEP_PADDING;
-  const hashAlgorithm = oaepHash || 'SHA-256';
+  const hashAlgorithm = oaepHash || 'sha1';
 
   try {
     const decrypted = rsaCipher.privateDecrypt(

package/src/keys/signVerify.ts

@@ -119,12 +119,7 @@ function prepareKey(key: KeyInput, isPublic: boolean): PreparedKey {
 
     const keyType = isPublic ? 'public' : 'private';
     // Always convert to ArrayBuffer to avoid Nitro bridge string truncation bug
-    const originalLength =
-      typeof data === 'string' ? data.length : data.byteLength;
     const keyData = toAB(data);
-    console.log(
-      `[prepareKey KeyInputObject] ${keyType} key, original length: ${originalLength}, ArrayBuffer size: ${keyData.byteLength}`,
-    );
     const keyObject = KeyObject.createKeyObject(
       keyType,
       keyData,