react-native-quick-crypto 1.0.7 → 1.0.8

package/src/diffie-hellman.ts

@@ -0,0 +1,191 @@
+import { NitroModules } from 'react-native-nitro-modules';
+import type { DiffieHellman as DiffieHellmanInterface } from './specs/diffie-hellman.nitro';
+import { Buffer } from '@craftzdog/react-native-buffer';
+import { DH_GROUPS } from './dh-groups';
+
+export class DiffieHellman {
+  private _hybrid: DiffieHellmanInterface;
+
+  constructor(
+    sizeOrPrime: number | Buffer | string,
+    generator?: number | Buffer | string,
+    encoding?: BufferEncoding,
+  ) {
+    this._hybrid =
+      NitroModules.createHybridObject<DiffieHellmanInterface>('DiffieHellman');
+
+    if (typeof sizeOrPrime === 'number') {
+      const gen = typeof generator === 'number' ? generator : 2;
+      this._hybrid.initWithSize(sizeOrPrime, gen);
+    } else {
+      let primeBuf: Buffer;
+      if (Buffer.isBuffer(sizeOrPrime)) {
+        primeBuf = sizeOrPrime;
+      } else {
+        primeBuf = Buffer.from(sizeOrPrime, encoding as BufferEncoding);
+      }
+
+      let genBuf: Buffer;
+      if (generator === undefined) {
+        genBuf = Buffer.from([2]);
+      } else if (typeof generator === 'number') {
+        genBuf = Buffer.from([generator]);
+      } else if (Buffer.isBuffer(generator)) {
+        genBuf = generator;
+      } else {
+        genBuf = Buffer.from(generator, encoding as BufferEncoding);
+      }
+
+      this._hybrid.init(
+        primeBuf.buffer as ArrayBuffer,
+        genBuf.buffer as ArrayBuffer,
+      );
+    }
+  }
+
+  generateKeys(encoding?: BufferEncoding): Buffer | string {
+    const keys = Buffer.from(this._hybrid.generateKeys());
+    if (encoding) return keys.toString(encoding);
+    return keys;
+  }
+
+  computeSecret(
+    otherPublicKey: Buffer | string,
+    inputEncoding?: BufferEncoding,
+    outputEncoding?: BufferEncoding,
+  ): Buffer | string {
+    let keyBuf: Buffer;
+    if (Buffer.isBuffer(otherPublicKey)) {
+      keyBuf = otherPublicKey;
+    } else {
+      keyBuf = Buffer.from(otherPublicKey, inputEncoding);
+    }
+
+    const secret = Buffer.from(
+      this._hybrid.computeSecret(keyBuf.buffer as ArrayBuffer),
+    );
+    if (outputEncoding) return secret.toString(outputEncoding);
+    return secret;
+  }
+
+  getPrime(encoding?: BufferEncoding): Buffer | string {
+    const p = Buffer.from(this._hybrid.getPrime());
+    if (encoding) return p.toString(encoding);
+    return p;
+  }
+
+  getGenerator(encoding?: BufferEncoding): Buffer | string {
+    const g = Buffer.from(this._hybrid.getGenerator());
+    if (encoding) return g.toString(encoding);
+    return g;
+  }
+
+  getPublicKey(encoding?: BufferEncoding): Buffer | string {
+    const p = Buffer.from(this._hybrid.getPublicKey());
+    if (encoding) return p.toString(encoding);
+    return p;
+  }
+
+  getPrivateKey(encoding?: BufferEncoding): Buffer | string {
+    const p = Buffer.from(this._hybrid.getPrivateKey());
+    if (encoding) return p.toString(encoding);
+    return p;
+  }
+
+  setPublicKey(publicKey: Buffer | string, encoding?: BufferEncoding): void {
+    let keyBuf: Buffer;
+    if (Buffer.isBuffer(publicKey)) {
+      keyBuf = publicKey;
+    } else {
+      keyBuf = Buffer.from(publicKey, encoding);
+    }
+    this._hybrid.setPublicKey(keyBuf.buffer as ArrayBuffer);
+  }
+
+  setPrivateKey(privateKey: Buffer | string, encoding?: BufferEncoding): void {
+    let keyBuf: Buffer;
+    if (Buffer.isBuffer(privateKey)) {
+      keyBuf = privateKey;
+    } else {
+      keyBuf = Buffer.from(privateKey, encoding);
+    }
+    this._hybrid.setPrivateKey(keyBuf.buffer as ArrayBuffer);
+  }
+}
+
+export function createDiffieHellman(
+  primeOrSize: number | string | Buffer,
+  primeEncodingOrGenerator?: string | number | Buffer,
+  generator?: number | string | Buffer,
+  _generatorEncoding?: string,
+): DiffieHellman {
+  if (typeof primeOrSize === 'number') {
+    const gen =
+      typeof primeEncodingOrGenerator === 'number'
+        ? primeEncodingOrGenerator
+        : 2;
+    return new DiffieHellman(primeOrSize, gen);
+  }
+
+  // Standardize arguments for String/Buffer prime
+  // createDiffieHellman(prime, [encoding], [generator], [encoding])
+
+  let prime: Buffer;
+  let generatorVal: Buffer | number | undefined;
+
+  if (Buffer.isBuffer(primeOrSize)) {
+    prime = primeOrSize;
+    // 2nd arg is generator if not string (encoding)
+    if (
+      primeEncodingOrGenerator !== undefined &&
+      typeof primeEncodingOrGenerator !== 'string'
+    ) {
+      generatorVal = primeEncodingOrGenerator as Buffer | number;
+    } else if (generator !== undefined) {
+      generatorVal = generator as Buffer | number;
+    } else {
+      generatorVal = 2;
+    }
+  } else {
+    // String prime
+    const encoding =
+      typeof primeEncodingOrGenerator === 'string'
+        ? primeEncodingOrGenerator
+        : 'utf8'; // Defaulting to utf8 or hex? Node default is 'binary' usually but utf8 safer for TS. Node docs say: "If no encoding is specified, 'binary' is used."
+    // We'll trust user passed encoding if it's a string, otherwise handle it.
+    prime = Buffer.from(primeOrSize, encoding as BufferEncoding);
+
+    // Generator handling in this case
+    if (generator !== undefined) {
+      generatorVal = generator as Buffer | number;
+      if (typeof generator === 'string' && _generatorEncoding) {
+        generatorVal = Buffer.from(
+          generator,
+          _generatorEncoding as BufferEncoding,
+        );
+      } else if (typeof generator === 'string') {
+        // string with no encoding, assume same as prime? or utf8?
+        generatorVal = Buffer.from(generator, encoding as BufferEncoding);
+      }
+    } else if (
+      typeof primeEncodingOrGenerator !== 'string' &&
+      primeEncodingOrGenerator !== undefined
+    ) {
+      // 2nd arg was generator
+      generatorVal = primeEncodingOrGenerator as number;
+    } else {
+      generatorVal = 2;
+    }
+  }
+
+  return new DiffieHellman(prime, generatorVal);
+}
+
+export function getDiffieHellman(groupName: string): DiffieHellman {
+  const group = DH_GROUPS[groupName];
+  if (!group) {
+    throw new Error(`Unknown group: ${groupName}`);
+  }
+  // group.prime and group.generator are hex strings
+  return new DiffieHellman(group.prime, group.generator, 'hex');
+}

package/src/ec.ts

@@ -31,7 +31,8 @@ import {
   KeyEncoding,
   KFormatType,
 } from './utils';
-import { Buffer } from 'buffer';
+import { Buffer } from '@craftzdog/react-native-buffer';
+import { ECDH } from './ecdh';
 
 export class Ec {
   native: EcKeyPair;
@@ -58,57 +59,6 @@ export class Ec {
   }
 }
 
-// function verifyAcceptableEcKeyUse(
-//   name: AnyAlgorithm,
-//   isPublic: boolean,
-//   usages: KeyUsage[],
-// ): void {
-//   let checkSet;
-//   switch (name) {
-//     case 'ECDH':
-//       checkSet = isPublic ? [] : ['deriveKey', 'deriveBits'];
-//       break;
-//     case 'ECDSA':
-//       checkSet = isPublic ? ['verify'] : ['sign'];
-//       break;
-//     default:
-//       throw lazyDOMException(
-//         'The algorithm is not supported',
-//         'NotSupportedError',
-//       );
-//   }
-//   if (hasAnyNotIn(usages, checkSet)) {
-//     throw lazyDOMException(
-//       `Unsupported key usage for a ${name} key`,
-//       'SyntaxError',
-//     );
-//   }
-// }
-
-// function createECPublicKeyRaw(
-//   namedCurve: NamedCurve | undefined,
-//   keyDataBuffer: ArrayBuffer,
-// ): PublicKeyObject {
-//   if (!namedCurve) {
-//     throw new Error('Invalid namedCurve');
-//   }
-//   const handle = NitroModules.createHybridObject(
-//     'KeyObjectHandle',
-//   ) as KeyObjectHandle;
-
-//   if (!handle.initECRaw(kNamedCurveAliases[namedCurve], keyDataBuffer)) {
-//     console.log('keyData', ab2str(keyDataBuffer));
-//     throw new Error('Invalid keyData 1');
-//   }
-
-//   return new PublicKeyObject(handle);
-// }
-
-// // Node API
-// export function ec_exportKey(key: CryptoKey, format: KeyFormat): ArrayBuffer {
-//   return ec.native.exportKey(format, key.keyObject.handle);
-// }
-
 // Node API
 export function ecImportKey(
   format: ImportFormat,
@@ -169,7 +119,7 @@ export function ecImportKey(
         expectedAlg = 'ECDH-ES';
       }
 
-      if (expectedAlg && jwk.alg !== expectedAlg) {
+      if (expectedAlg && jwk.alg !== undefined && jwk.alg !== expectedAlg) {
         throw lazyDOMException(
           'JWK "alg" does not match the requested algorithm',
           'DataError',
@@ -245,6 +195,7 @@ export function ecImportKey(
       NitroModules.createHybridObject<KeyObjectHandle>('KeyObjectHandle');
     const curveAlias =
       kNamedCurveAliases[namedCurve as keyof typeof kNamedCurveAliases];
+    // Only throw if initialization explicitly fails
     if (!handle.initECRaw(curveAlias, keyBuffer)) {
       throw lazyDOMException('Failed to import EC raw key', 'DataError');
     }
@@ -260,131 +211,8 @@ export function ecImportKey(
   }
 
   return new CryptoKey(keyObject, algorithm, keyUsages, extractable);
-  //     //   // verifyAcceptableEcKeyUse(name, true, usagesSet);
-  //     //   try {
-  //     //     keyObject = createPublicKey({
-  //     //       key: keyData,
-  //     //       format: 'der',
-  //     //       type: 'spki',
-  //     //     });
-  //     //   } catch (err) {
-  //     //     throw new Error(`Invalid keyData 2: ${err}`);
-  //     //   }
-  //     //   break;
-  //     // }
-  //     // case 'pkcs8': {
-  //     //   // verifyAcceptableEcKeyUse(name, false, usagesSet);
-  //     //   try {
-  //     //     keyObject = createPrivateKey({
-  //     //       key: keyData,
-  //     //       format: 'der',
-  //     //       type: 'pkcs8',
-  //     //     });
-  //     //   } catch (err) {
-  //     //     throw new Error(`Invalid keyData 3 ${err}`);
-  //     //   }
-  //     //   break;
-  //     // }
 }
 
-//     case 'jwk': {
-//       const data = keyData as JWK;
-
-//       if (!data.kty) throw lazyDOMException('Invalid keyData 4', 'DataError');
-//       if (data.kty !== 'EC')
-//         throw lazyDOMException('Invalid JWK "kty" Parameter', 'DataError');
-//       if (data.crv !== namedCurve)
-//         throw lazyDOMException(
-//           'JWK "crv" does not match the requested algorithm',
-//           'DataError',
-//         );
-
-//       verifyAcceptableEcKeyUse(name, data.d === undefined, keyUsages);
-
-//       if (keyUsages.length > 0 && data.use !== undefined) {
-//         const checkUse = name === 'ECDH' ? 'enc' : 'sig';
-//         if (data.use !== checkUse)
-//           throw lazyDOMException('Invalid JWK "use" Parameter', 'DataError');
-//       }
-
-//       validateKeyOps(data.key_ops, keyUsages);
-
-//       if (
-//         data.ext !== undefined &&
-//         data.ext === false &&
-//         extractable === true
-//       ) {
-//         throw lazyDOMException(
-//           'JWK "ext" Parameter and extractable mismatch',
-//           'DataError',
-//         );
-//       }
-
-//       if (algorithm.name === 'ECDSA' && data.alg !== undefined) {
-//         let algNamedCurve;
-//         switch (data.alg) {
-//           case 'ES256':
-//             algNamedCurve = 'P-256';
-//             break;
-//           case 'ES384':
-//             algNamedCurve = 'P-384';
-//             break;
-//           case 'ES512':
-//             algNamedCurve = 'P-521';
-//             break;
-//         }
-//         if (algNamedCurve !== namedCurve)
-//           throw lazyDOMException(
-//             'JWK "alg" does not match the requested algorithm',
-//             'DataError',
-//           );
-//       }
-
-//       const handle = NativeQuickCrypto.webcrypto.createKeyObjectHandle();
-//       const type = handle.initJwk(data, namedCurve);
-//       if (type === undefined)
-//         throw lazyDOMException('Invalid JWK', 'DataError');
-//       keyObject =
-//         type === KeyType.PRIVATE
-//           ? new PrivateKeyObject(handle)
-//           : new PublicKeyObject(handle);
-//       break;
-//     }
-//     case 'raw': {
-//       const data = keyData as BufferLike | BinaryLike;
-//       verifyAcceptableEcKeyUse(name, true, keyUsages);
-//       const buffer =
-//         typeof data === 'string'
-//           ? binaryLikeToArrayBuffer(data)
-//           : bufferLikeToArrayBuffer(data);
-//       keyObject = createECPublicKeyRaw(namedCurve, buffer);
-//       break;
-//     }
-//     default: {
-//       throw new Error(`Unknown EC import format: ${format}`);
-//     }
-//   }
-
-//   switch (algorithm.name) {
-//     case 'ECDSA':
-//     // Fall through
-//     case 'ECDH':
-//       if (keyObject.asymmetricKeyType !== ('ec' as AsymmetricKeyType))
-//         throw new Error('Invalid key type');
-//       break;
-//   }
-
-//   // if (!keyObject[kHandle].checkEcKeyData()) {
-//   //   throw new Error('Invalid keyData 5');
-//   // }
-
-//   // const { namedCurve: checkNamedCurve } = keyObject[kHandle].keyDetail({});
-//   // if (kNamedCurveAliases[namedCurve] !== checkNamedCurve)
-//   //   throw new Error('Named curve mismatch');
-
-//   return new CryptoKey(keyObject, { name, namedCurve }, keyUsages, extractable);
-// }
-
 // Node API
 export const ecdsaSignVerify = (
   key: CryptoKey,
@@ -462,7 +290,6 @@ export async function ec_generateKeyPair(
     );
   }
 
-  // const usageSet = new SafeSet(keyUsages);
   switch (name) {
     case 'ECDSA':
       if (hasAnyNotIn(keyUsages, ['sign', 'verify'])) {
@@ -655,3 +482,72 @@ export function ec_generateKeyPairNodeSync(
   ec.generateKeyPairSync();
   return ec_formatKeyPairOutput(ec, encoding);
 }
+
+export function ecDeriveBits(
+  algorithm: SubtleAlgorithm,
+  baseKey: CryptoKey,
+  length: number | null,
+): ArrayBuffer {
+  const publicParams = algorithm as SubtleAlgorithm & { public?: CryptoKey };
+  const publicKey = publicParams.public;
+
+  if (!publicKey) {
+    throw new Error('Public key is required for ECDH derivation');
+  }
+
+  if (baseKey.algorithm.name !== publicKey.algorithm.name) {
+    throw new Error('Keys must be of the same algorithm');
+  }
+
+  if (baseKey.algorithm.namedCurve !== publicKey.algorithm.namedCurve) {
+    throw new Error('Keys must use the same curve');
+  }
+
+  const namedCurve = baseKey.algorithm.namedCurve;
+  if (!namedCurve) {
+    throw new Error('Curve name is missing');
+  }
+
+  // Create new ECDH instance (Node.js style wrapper)
+  const ecdh = new ECDH(namedCurve);
+
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  const jwkPrivate = baseKey.keyObject.export({ format: 'jwk' }) as any;
+  if (!jwkPrivate.d) throw new Error('Invalid private key');
+  const privateBytes = Buffer.from(jwkPrivate.d, 'base64');
+
+  ecdh.setPrivateKey(privateBytes);
+
+  // Public key
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  const jwkPublic = publicKey.keyObject.export({ format: 'jwk' }) as any;
+
+  // HybridECDH `computeSecret` takes public key.
+  // My implementation `HybridECDH.cpp` `computeSecret` expects what?
+  // `derive_secret` -> `EVP_PKEY_derive_set_peer`
+  // `computeSecret` calls `EC_POINT_oct2point`. So it expects an uncompressed/compressed point (04... or 02/03...).
+  // JWK gives `x` and `y`. We can construct the uncompressed point 04 + x + y.
+
+  if (!jwkPublic.x || !jwkPublic.y) throw new Error('Invalid public key');
+  const x = Buffer.from(jwkPublic.x, 'base64');
+  const y = Buffer.from(jwkPublic.y, 'base64');
+
+  // Uncompressed point: 0x04 || x || y
+  const publicBytes = Buffer.concat([Buffer.from([0x04]), x, y]);
+
+  const secret = ecdh.computeSecret(publicBytes);
+  const secretBuf = Buffer.from(secret);
+
+  // If length is null, return full secret
+  if (length === null) {
+    return secretBuf.buffer;
+  }
+
+  // If length is specified, truncate
+  const byteLength = Math.ceil(length / 8);
+  if (secretBuf.byteLength >= byteLength) {
+    return secretBuf.subarray(0, byteLength).buffer as ArrayBuffer;
+  }
+
+  throw new Error('Derived key is shorter than requested length');
+}

package/src/ecdh.ts

@@ -0,0 +1,76 @@
+import { NitroModules } from 'react-native-nitro-modules';
+import type { ECDH as ECDHInterface } from './specs/ecdh.nitro';
+import { Buffer } from '@craftzdog/react-native-buffer';
+
+export class ECDH {
+  private _hybrid: ECDHInterface;
+
+  constructor(curveName: string) {
+    this._hybrid = NitroModules.createHybridObject<ECDHInterface>('ECDH');
+    this._hybrid.init(curveName);
+  }
+
+  generateKeys(): Buffer {
+    const key = this._hybrid.generateKeys();
+    return Buffer.from(key);
+  }
+
+  computeSecret(
+    otherPublicKey: Buffer | string | { code: number; byteLength: number },
+    inputEncoding?: BufferEncoding,
+  ): Buffer {
+    let keyBuf: Buffer;
+    if (Buffer.isBuffer(otherPublicKey)) {
+      keyBuf = otherPublicKey;
+    } else if (typeof otherPublicKey === 'string') {
+      keyBuf = Buffer.from(otherPublicKey, inputEncoding);
+    } else {
+      // Handle array view or other types if necessary, but Node.js typically expects Buffer or string + encoding
+      throw new TypeError('Invalid otherPublicKey type');
+    }
+
+    // ECDH.computeSecret in Node.js returns Buffer
+    const secret = this._hybrid.computeSecret(keyBuf.buffer as ArrayBuffer);
+    return Buffer.from(secret);
+  }
+
+  getPrivateKey(): Buffer {
+    return Buffer.from(this._hybrid.getPrivateKey());
+  }
+
+  setPrivateKey(privateKey: Buffer | string, encoding?: BufferEncoding): void {
+    let keyBuf: Buffer;
+    if (Buffer.isBuffer(privateKey)) {
+      keyBuf = privateKey;
+    } else {
+      keyBuf = Buffer.from(privateKey, encoding);
+    }
+    this._hybrid.setPrivateKey(keyBuf.buffer as ArrayBuffer);
+  }
+
+  getPublicKey(encoding?: BufferEncoding): Buffer | string {
+    // Node.js getPublicKey([encoding[, format]])
+    // If encoding is provided, returns string. If not, Buffer.
+    // Our C++ returns ArrayBuffer (Buffer).
+    // We ignore format for now as C++ implementation defaults to uncompressed.
+    const pub = Buffer.from(this._hybrid.getPublicKey());
+    if (encoding) {
+      return pub.toString(encoding);
+    }
+    return pub;
+  }
+
+  setPublicKey(publicKey: Buffer | string, encoding?: BufferEncoding): void {
+    let keyBuf: Buffer;
+    if (Buffer.isBuffer(publicKey)) {
+      keyBuf = publicKey;
+    } else {
+      keyBuf = Buffer.from(publicKey, encoding);
+    }
+    this._hybrid.setPublicKey(keyBuf.buffer as ArrayBuffer);
+  }
+}
+
+export function createECDH(curveName: string): ECDH {
+  return new ECDH(curveName);
+}

package/src/index.ts

@@ -12,6 +12,8 @@ import * as hkdf from './hkdf';
 import * as pbkdf2 from './pbkdf2';
 import * as scrypt from './scrypt';
 import * as random from './random';
+import * as ecdh from './ecdh';
+import * as dh from './diffie-hellman';
 import { constants } from './constants';
 
 // utils import
@@ -33,6 +35,8 @@ const QuickCrypto = {
   ...pbkdf2,
   ...scrypt,
   ...random,
+  ...ecdh,
+  ...dh,
   ...utils,
   ...subtle,
   constants,
@@ -71,6 +75,8 @@ export * from './hkdf';
 export * from './pbkdf2';
 export * from './scrypt';
 export * from './random';
+export * from './ecdh';
+export * from './diffie-hellman';
 export * from './utils';
 export * from './subtle';
 export { subtle, isCryptoKeyPair } from './subtle';

package/src/keys/generateKeyPair.ts

@@ -10,6 +10,7 @@ import {
   type GenerateKeyPairPromiseReturn,
   type GenerateKeyPairReturn,
   type KeyPairGenConfig,
+  type KeyPairKey,
   type KeyPairType,
 } from '../utils';
 import { parsePrivateKeyEncoding, parsePublicKeyEncoding } from './utils';
@@ -160,7 +161,11 @@ function internalGenerateKeyPair(
         } else {
           throw new Error(`Unsupported key type: ${type}`);
         }
-        return [undefined, result.publicKey, result.privateKey];
+        return [
+          undefined,
+          result.publicKey as KeyPairKey,
+          result.privateKey as KeyPairKey,
+        ];
       } catch (error) {
         return [error as Error, undefined, undefined];
       }
@@ -182,7 +187,11 @@ function internalGenerateKeyPair(
     } else {
       throw new Error(`Unsupported key type: ${type}`);
     }
-    return [undefined, result.publicKey, result.privateKey];
+    return [
+      undefined,
+      result.publicKey as KeyPairKey,
+      result.privateKey as KeyPairKey,
+    ];
   } catch (error) {
     return [error as Error, undefined, undefined];
   }

package/src/keys/index.ts

@@ -7,7 +7,14 @@ import {
   PrivateKeyObject,
 } from './classes';
 import { generateKeyPair, generateKeyPairSync } from './generateKeyPair';
-import { createSign, createVerify, Sign, Verify } from './signVerify';
+import {
+  createSign,
+  createVerify,
+  sign,
+  verify,
+  Sign,
+  Verify,
+} from './signVerify';
 import {
   publicEncrypt,
   publicDecrypt,
@@ -236,6 +243,8 @@ export {
   KeyObject,
   createSign,
   createVerify,
+  sign,
+  verify,
   Sign,
   Verify,
   publicEncrypt,