npm - react-native-quick-crypto - Versions diffs - 1.0.8 → 1.0.10 - Mend

react-native-quick-crypto 1.0.8 → 1.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (171) hide show

package/QuickCrypto.podspec +56 -6
package/README.md +17 -11
package/android/CMakeLists.txt +4 -0
package/android/build.gradle +3 -0
package/cpp/cipher/HybridCipherFactory.hpp +15 -1
package/cpp/cipher/OCBCipher.cpp +4 -4
package/cpp/cipher/XChaCha20Poly1305Cipher.cpp +161 -0
package/cpp/cipher/XChaCha20Poly1305Cipher.hpp +43 -0
package/cpp/cipher/XSalsa20Poly1305Cipher.cpp +145 -0
package/cpp/cipher/XSalsa20Poly1305Cipher.hpp +42 -0
package/cpp/dh/HybridDiffieHellman.cpp +10 -0
package/cpp/dh/HybridDiffieHellman.hpp +1 -0
package/cpp/ec/HybridEcKeyPair.cpp +21 -0
package/cpp/ec/HybridEcKeyPair.hpp +1 -0
package/cpp/hash/HybridHash.cpp +1 -1
package/cpp/hash/HybridHash.hpp +1 -1
package/cpp/hmac/HybridHmac.cpp +1 -1
package/cpp/hmac/HybridHmac.hpp +1 -1
package/cpp/keys/HybridKeyObjectHandle.cpp +112 -1
package/cpp/keys/HybridKeyObjectHandle.hpp +5 -1
package/deps/ncrypto/.bazelrc +0 -1
package/deps/ncrypto/.bazelversion +1 -1
package/deps/ncrypto/.github/workflows/commitlint.yml +16 -0
package/deps/ncrypto/.github/workflows/linter.yml +2 -2
package/deps/ncrypto/.github/workflows/release-please.yml +16 -0
package/deps/ncrypto/.github/workflows/ubuntu.yml +82 -0
package/deps/ncrypto/.release-please-manifest.json +3 -0
package/deps/ncrypto/BUILD.bazel +9 -1
package/deps/ncrypto/CHANGELOG.md +37 -0
package/deps/ncrypto/CMakeLists.txt +35 -11
package/deps/ncrypto/MODULE.bazel +16 -1
package/deps/ncrypto/MODULE.bazel.lock +299 -118
package/deps/ncrypto/cmake/ncrypto-flags.cmake +1 -0
package/deps/ncrypto/include/ncrypto/aead.h +137 -0
package/deps/ncrypto/include/ncrypto/version.h +14 -0
package/deps/ncrypto/include/ncrypto.h +85 -230
package/deps/ncrypto/ncrypto.pc.in +10 -0
package/deps/ncrypto/release-please-config.json +11 -0
package/deps/ncrypto/src/CMakeLists.txt +31 -6
package/deps/ncrypto/src/aead.cpp +302 -0
package/deps/ncrypto/src/ncrypto.cpp +274 -556
package/deps/ncrypto/tests/BUILD.bazel +2 -0
package/deps/ncrypto/tests/basic.cpp +772 -2
package/deps/ncrypto/tools/run-clang-format.sh +5 -5
package/lib/commonjs/diffie-hellman.js +4 -1
package/lib/commonjs/diffie-hellman.js.map +1 -1
package/lib/commonjs/ec.js +20 -25
package/lib/commonjs/ec.js.map +1 -1
package/lib/commonjs/ed.js +1 -2
package/lib/commonjs/ed.js.map +1 -1
package/lib/commonjs/hash.js +7 -0
package/lib/commonjs/hash.js.map +1 -1
package/lib/commonjs/index.js +24 -2
package/lib/commonjs/index.js.map +1 -1
package/lib/commonjs/keys/classes.js +9 -5
package/lib/commonjs/keys/classes.js.map +1 -1
package/lib/commonjs/subtle.js +82 -31
package/lib/commonjs/subtle.js.map +1 -1
package/lib/commonjs/utils/types.js.map +1 -1
package/lib/module/diffie-hellman.js +4 -0
package/lib/module/diffie-hellman.js.map +1 -1
package/lib/module/ec.js +19 -25
package/lib/module/ec.js.map +1 -1
package/lib/module/ed.js +1 -2
package/lib/module/ed.js.map +1 -1
package/lib/module/hash.js +6 -0
package/lib/module/hash.js.map +1 -1
package/lib/module/index.js +10 -1
package/lib/module/index.js.map +1 -1
package/lib/module/keys/classes.js +9 -5
package/lib/module/keys/classes.js.map +1 -1
package/lib/module/subtle.js +83 -32
package/lib/module/subtle.js.map +1 -1
package/lib/module/utils/types.js.map +1 -1
package/lib/tsconfig.tsbuildinfo +1 -1
package/lib/typescript/diffie-hellman.d.ts +2 -0
package/lib/typescript/diffie-hellman.d.ts.map +1 -1
package/lib/typescript/ec.d.ts +1 -0
package/lib/typescript/ec.d.ts.map +1 -1
package/lib/typescript/ed.d.ts.map +1 -1
package/lib/typescript/hash.d.ts +2 -0
package/lib/typescript/hash.d.ts.map +1 -1
package/lib/typescript/index.d.ts +7 -0
package/lib/typescript/index.d.ts.map +1 -1
package/lib/typescript/keys/classes.d.ts +2 -0
package/lib/typescript/keys/classes.d.ts.map +1 -1
package/lib/typescript/specs/diffie-hellman.nitro.d.ts +1 -0
package/lib/typescript/specs/diffie-hellman.nitro.d.ts.map +1 -1
package/lib/typescript/specs/ecKeyPair.nitro.d.ts +1 -0
package/lib/typescript/specs/ecKeyPair.nitro.d.ts.map +1 -1
package/lib/typescript/specs/keyObjectHandle.nitro.d.ts +2 -0
package/lib/typescript/specs/keyObjectHandle.nitro.d.ts.map +1 -1
package/lib/typescript/subtle.d.ts.map +1 -1
package/lib/typescript/utils/types.d.ts +12 -5
package/lib/typescript/utils/types.d.ts.map +1 -1
package/nitrogen/generated/android/QuickCrypto+autolinking.cmake +8 -5
package/nitrogen/generated/android/QuickCrypto+autolinking.gradle +1 -1
package/nitrogen/generated/android/QuickCryptoOnLoad.cpp +54 -54
package/nitrogen/generated/android/QuickCryptoOnLoad.hpp +1 -1
package/nitrogen/generated/android/kotlin/com/margelo/nitro/crypto/QuickCryptoOnLoad.kt +1 -1
package/nitrogen/generated/ios/QuickCrypto+autolinking.rb +2 -2
package/nitrogen/generated/ios/QuickCrypto-Swift-Cxx-Bridge.cpp +1 -1
package/nitrogen/generated/ios/QuickCrypto-Swift-Cxx-Bridge.hpp +1 -1
package/nitrogen/generated/ios/QuickCrypto-Swift-Cxx-Umbrella.hpp +1 -1
package/nitrogen/generated/ios/QuickCryptoAutolinking.mm +54 -54
package/nitrogen/generated/ios/QuickCryptoAutolinking.swift +5 -1
package/nitrogen/generated/shared/c++/AsymmetricKeyType.hpp +1 -1
package/nitrogen/generated/shared/c++/CipherArgs.hpp +34 -19
package/nitrogen/generated/shared/c++/HybridBlake3Spec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridBlake3Spec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridCipherFactorySpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridCipherFactorySpec.hpp +1 -1
package/nitrogen/generated/shared/c++/HybridCipherSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridCipherSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridDiffieHellmanSpec.cpp +2 -1
package/nitrogen/generated/shared/c++/HybridDiffieHellmanSpec.hpp +3 -3
package/nitrogen/generated/shared/c++/HybridECDHSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridECDHSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridEcKeyPairSpec.cpp +2 -1
package/nitrogen/generated/shared/c++/HybridEcKeyPairSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridEdKeyPairSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridEdKeyPairSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridHashSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridHashSpec.hpp +2 -4
package/nitrogen/generated/shared/c++/HybridHkdfSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridHkdfSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridHmacSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridHmacSpec.hpp +3 -4
package/nitrogen/generated/shared/c++/HybridKeyObjectHandleSpec.cpp +3 -1
package/nitrogen/generated/shared/c++/HybridKeyObjectHandleSpec.hpp +8 -4
package/nitrogen/generated/shared/c++/HybridMlDsaKeyPairSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridMlDsaKeyPairSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridPbkdf2Spec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridPbkdf2Spec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridRandomSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridRandomSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridRsaCipherSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridRsaCipherSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridRsaKeyPairSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridRsaKeyPairSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridScryptSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridScryptSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridSignHandleSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridSignHandleSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridUtilsSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridUtilsSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridVerifyHandleSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridVerifyHandleSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/JWK.hpp +84 -68
package/nitrogen/generated/shared/c++/JWKkty.hpp +5 -1
package/nitrogen/generated/shared/c++/JWKuse.hpp +1 -1
package/nitrogen/generated/shared/c++/KFormatType.hpp +1 -1
package/nitrogen/generated/shared/c++/KeyDetail.hpp +39 -23
package/nitrogen/generated/shared/c++/KeyEncoding.hpp +1 -1
package/nitrogen/generated/shared/c++/KeyObject.hpp +21 -5
package/nitrogen/generated/shared/c++/KeyType.hpp +1 -1
package/nitrogen/generated/shared/c++/KeyUsage.hpp +1 -1
package/nitrogen/generated/shared/c++/NamedCurve.hpp +1 -1
package/package.json +10 -7
package/src/diffie-hellman.ts +6 -0
package/src/ec.ts +23 -19
package/src/ed.ts +1 -2
package/src/hash.ts +11 -0
package/src/index.ts +9 -0
package/src/keys/classes.ts +10 -3
package/src/specs/diffie-hellman.nitro.ts +1 -0
package/src/specs/ecKeyPair.nitro.ts +2 -0
package/src/specs/keyObjectHandle.nitro.ts +2 -0
package/src/subtle.ts +131 -32
package/src/utils/types.ts +18 -3
package/deps/ncrypto/WORKSPACE +0 -15

package/deps/ncrypto/include/ncrypto/aead.h ADDED Viewed

@@ -0,0 +1,137 @@
+#pragma once
+#include "ncrypto.h"
+#ifdef OPENSSL_IS_BORINGSSL
+namespace ncrypto {
+class AeadCtxPointer;
+class Aead final {
+ private:
+  // BoringSSL does not keep a list of AEADs, so we need to maintain our own.
+  struct AeadInfo {
+    std::string name;
+    int mode;
+    int nid = 0;  // Note: BoringSSL only defines NIDs for some AEADs
+  };
+ public:
+  Aead() = default;
+  Aead(const AeadInfo* info, const EVP_AEAD* aead) : aead_(aead), info_(info) {}
+  Aead(const Aead&) = default;
+  Aead& operator=(const Aead&) = default;
+  NCRYPTO_DISALLOW_MOVE(Aead)
+  inline const EVP_AEAD* get() const { return aead_; }
+  std::string_view getModeLabel() const;
+  inline operator const EVP_AEAD*() const { return aead_; }
+  inline operator bool() const { return aead_ != nullptr; }
+  int getMode() const;
+  int getNonceLength() const;
+  int getKeyLength() const;
+  int getBlockSize() const;
+  int getMaxOverhead() const;
+  int getMaxTagLength() const;
+  std::string_view getName() const;
+  static const Aead FromName(std::string_view name);
+  // TODO(npaun): BoringSSL does not define NIDs for all AEADs.
+  // This method is included only for implementing getCipherInfo and can't be
+  // used to construct an Aead instance.
+  int getNid() const;
+  // static const AEAD FromNid(int nid);
+  static const Aead FromCtx(std::string_view name, const AeadCtxPointer& ctx);
+  using AeadNameCallback = std::function<void(std::string_view name)>;
+  // Iterates the known ciphers if the underlying implementation
+  // is able to do so.
+  static void ForEach(AeadNameCallback callback);
+  // Utilities to get various AEADs by type.
+  static const Aead EMPTY;
+  static const Aead AES_128_GCM;
+  static const Aead AES_192_GCM;
+  static const Aead AES_256_GCM;
+  static const Aead CHACHA20_POLY1305;
+  static const Aead XCHACHA20_POLY1305;
+  static const Aead AES_128_CTR_HMAC_SHA256;
+  static const Aead AES_256_CTR_HMAC_SHA256;
+  static const Aead AES_128_GCM_SIV;
+  static const Aead AES_256_GCM_SIV;
+  static const Aead AES_128_GCM_RANDNONCE;
+  static const Aead AES_256_GCM_RANDNONCE;
+  static const Aead AES_128_CCM_BLUETOOTH;
+  static const Aead AES_128_CCM_BLUETOOTH_8;
+  static const Aead AES_128_CCM_MATTER;
+  static const Aead AES_128_EAX;
+  static const Aead AES_256_EAX;
+ private:
+  const EVP_AEAD* aead_ = nullptr;
+  const AeadInfo* info_ = nullptr;
+  using AeadConstructor = const EVP_AEAD* (*)();
+  static const std::unordered_map<AeadConstructor, AeadInfo> aeadIndex;
+  static const Aead FromConstructor(AeadConstructor construct);
+};
+class AeadCtxPointer final {
+ public:
+  static AeadCtxPointer New(
+      const Aead& aead,
+      bool encrypt,
+      const unsigned char* key = nullptr,
+      size_t keyLen = 0,
+      size_t tagLen = EVP_AEAD_DEFAULT_TAG_LENGTH /* = 0 */);
+  AeadCtxPointer() = default;
+  explicit AeadCtxPointer(EVP_AEAD_CTX* ctx);
+  AeadCtxPointer(AeadCtxPointer&& other) noexcept;
+  AeadCtxPointer& operator=(AeadCtxPointer&& other) noexcept;
+  NCRYPTO_DISALLOW_COPY(AeadCtxPointer)
+  ~AeadCtxPointer();
+  inline bool operator==(std::nullptr_t) const noexcept {
+    return ctx_ == nullptr;
+  }
+  inline operator bool() const { return ctx_ != nullptr; }
+  inline EVP_AEAD_CTX* get() const { return ctx_.get(); }
+  inline operator EVP_AEAD_CTX*() const { return ctx_.get(); }
+  void reset(EVP_AEAD_CTX* ctx = nullptr);
+  EVP_AEAD_CTX* release();
+  bool init(const Aead& aead,
+            bool encrypt,
+            const unsigned char* key = nullptr,
+            size_t keyLen = 0,
+            size_t tagLen = EVP_AEAD_DEFAULT_TAG_LENGTH /* = 0 */);
+  // TODO(npaun): BoringSSL does not define NIDs for all AEADs.
+  // Decide if we will even implement this method.
+  // int getNid() const;
+  bool encrypt(const Buffer<const unsigned char>& in,
+               Buffer<unsigned char>& out,
+               Buffer<unsigned char>& tag,
+               const Buffer<const unsigned char>& nonce,
+               const Buffer<const unsigned char>& aad);
+  bool decrypt(const Buffer<const unsigned char>& in,
+               Buffer<unsigned char>& out,
+               const Buffer<const unsigned char>& tag,
+               const Buffer<const unsigned char>& nonce,
+               const Buffer<const unsigned char>& aad);
+ private:
+  DeleteFnPtr<EVP_AEAD_CTX, EVP_AEAD_CTX_free> ctx_;
+};
+}  // namespace ncrypto
+#endif  // OPENSSL_IS_BORINGSSL

package/deps/ncrypto/include/ncrypto/version.h ADDED Viewed

@@ -0,0 +1,14 @@
+// ============================================================================
+// Version metadata
+#ifndef NCRYPTO_VERSION_H_
+#define NCRYPTO_VERSION_H_
+#define NCRYPTO_VERSION "1.1.3"  // x-release-please-version
+enum {
+  NCRYPTO_VERSION_MAJOR = 1,     // x-release-please-major
+  NCRYPTO_VERSION_MINOR = 1,     // x-release-please-minor
+  NCRYPTO_VERSION_REVISION = 3,  // x-release-please-patch
+};
+#endif  // NCRYPTO_VERSION_H_

package/deps/ncrypto/include/ncrypto.h CHANGED Viewed

@@ -8,6 +8,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
+#include <openssl/kdf.h>
 #include <openssl/rsa.h>
 #include <openssl/ssl.h>
 #include <openssl/x509.h>
@@ -16,17 +17,13 @@
 #include <openssl/aead.h>
 #endif
-#include <stdint.h>
 #include <cstddef>
-#include <cstdio>
 #include <functional>
 #include <list>
 #include <memory>
 #include <optional>
 #include <string>
 #include <string_view>
-#include <unordered_map>
-#include <utility>
 #if NCRYPTO_DEVELOPMENT_CHECKS
 #include <iostream>
@@ -81,11 +78,21 @@ namespace ncrypto {
 // ============================================================================
 // Utility macros
+inline bool EqualNoCase(const std::string_view a, const std::string_view b) {
+  if (a.size() != b.size()) return false;
+  return std::equal(a.begin(), a.end(), b.begin(), b.end(), [](char a, char b) {
+    return std::tolower(a) == std::tolower(b);
+  });
+}
 #if NCRYPTO_DEVELOPMENT_CHECKS
 #define NCRYPTO_STR(x) #x
 #define NCRYPTO_REQUIRE(EXPR)                                                  \
   {                                                                            \
-    if (!(EXPR) { abort(); }) }
+    if (!(EXPR)) {                                                             \
+      abort();                                                                 \
+    }                                                                          \
+  }
 #define NCRYPTO_FAIL(MESSAGE)                                                  \
   do {                                                                         \
@@ -262,8 +269,6 @@ class ECKeyPointer;
 class Dsa;
 class Rsa;
 class Ec;
-class Aead;
-class AeadCtxPointer;
 struct StackOfXASN1Deleter {
   void operator()(STACK_OF(ASN1_OBJECT) * p) const {
@@ -318,25 +323,7 @@ DataPointer xofHashDigest(const Buffer<const unsigned char>& data,
                           const EVP_MD* md,
                           size_t length);
-template <typename T>
-class ModeMixin {
- public:
-  std::string_view getModeLabel() const;
-  bool isGcmMode() const { return self().getMode() == EVP_CIPH_GCM_MODE; }
-  bool isWrapMode() const { return self().getMode() == EVP_CIPH_WRAP_MODE; }
-  bool isCtrMode() const { return self().getMode() == EVP_CIPH_CTR_MODE; }
-  bool isCcmMode() const { return self().getMode() == EVP_CIPH_CCM_MODE; }
-  bool isOcbMode() const { return self().getMode() == EVP_CIPH_OCB_MODE; }
-  bool isStreamMode() const {
-    return self().getMode() == EVP_CIPH_STREAM_CIPHER;
-  }
- private:
-  const T& self() const { return static_cast<const T&>(*this); }
-};
-class Cipher final : public ModeMixin<Cipher> {
+class Cipher final {
  public:
   static constexpr size_t MAX_KEY_LENGTH = EVP_MAX_KEY_LENGTH;
   static constexpr size_t MAX_IV_LENGTH = EVP_MAX_IV_LENGTH;
@@ -345,10 +332,12 @@ class Cipher final : public ModeMixin<Cipher> {
 #else
   static constexpr size_t MAX_AUTH_TAG_LENGTH = 16;
 #endif
-  // FIXME: These constants are not available in all OpenSSL/BoringSSL versions
-  // static_assert(EVP_GCM_TLS_TAG_LEN <= MAX_AUTH_TAG_LENGTH &&
-  //               EVP_CCM_TLS_TAG_LEN <= MAX_AUTH_TAG_LENGTH &&
-  //               EVP_CHACHAPOLY_TLS_TAG_LEN <= MAX_AUTH_TAG_LENGTH);
+  static_assert(EVP_GCM_TLS_TAG_LEN <= MAX_AUTH_TAG_LENGTH
+#ifndef OPENSSL_IS_BORINGSSL
+                && EVP_CCM_TLS_TAG_LEN <= MAX_AUTH_TAG_LENGTH &&
+                EVP_CHACHAPOLY_TLS_TAG_LEN <= MAX_AUTH_TAG_LENGTH
+#endif
+  );
   Cipher() = default;
   Cipher(const EVP_CIPHER* cipher) : cipher_(cipher) {}
@@ -369,9 +358,15 @@ class Cipher final : public ModeMixin<Cipher> {
   int getIvLength() const;
   int getKeyLength() const;
   int getBlockSize() const;
+  std::string_view getModeLabel() const;
   const char* getName() const;
+  bool isGcmMode() const;
+  bool isWrapMode() const;
+  bool isCtrMode() const;
+  bool isCcmMode() const;
+  bool isOcbMode() const;
+  bool isStreamMode() const;
   bool isChaCha20Poly1305() const;
   bool isSupportedAuthenticatedMode() const;
@@ -464,6 +459,61 @@ class Dsa final {
   OSSL3_CONST DSA* dsa_;
 };
+// ============================================================================
+// RSA
+class Rsa final {
+ public:
+  Rsa();
+  Rsa(OSSL3_CONST RSA* rsa);
+  NCRYPTO_DISALLOW_COPY_AND_MOVE(Rsa)
+  inline operator bool() const { return rsa_ != nullptr; }
+  inline operator OSSL3_CONST RSA*() const { return rsa_; }
+  struct PublicKey {
+    const BIGNUM* n;
+    const BIGNUM* e;
+    const BIGNUM* d;
+  };
+  struct PrivateKey {
+    const BIGNUM* p;
+    const BIGNUM* q;
+    const BIGNUM* dp;
+    const BIGNUM* dq;
+    const BIGNUM* qi;
+  };
+  struct PssParams {
+    std::string_view digest = "sha1";
+    std::optional<std::string_view> mgf1_digest = "sha1";
+    int64_t salt_length = 20;
+  };
+  const PublicKey getPublicKey() const;
+  const PrivateKey getPrivateKey() const;
+  const std::optional<PssParams> getPssParams() const;
+  bool setPublicKey(BignumPointer&& n, BignumPointer&& e);
+  bool setPrivateKey(BignumPointer&& d,
+                     BignumPointer&& q,
+                     BignumPointer&& p,
+                     BignumPointer&& dp,
+                     BignumPointer&& dq,
+                     BignumPointer&& qi);
+  using CipherParams = Cipher::CipherParams;
+  static DataPointer encrypt(const EVPKeyPointer& key,
+                             const CipherParams& params,
+                             const Buffer<const void> in);
+  static DataPointer decrypt(const EVPKeyPointer& key,
+                             const CipherParams& params,
+                             const Buffer<const void> in);
+ private:
+  OSSL3_CONST RSA* rsa_;
+};
 class BignumPointer final {
  public:
   BignumPointer() = default;
@@ -537,58 +587,6 @@ class BignumPointer final {
   static bool defaultPrimeCheckCallback(int, int) { return 1; }
 };
-class Rsa final {
- public:
-  Rsa();
-  Rsa(OSSL3_CONST RSA* rsa);
-  NCRYPTO_DISALLOW_COPY_AND_MOVE(Rsa)
-  inline operator bool() const { return rsa_ != nullptr; }
-  inline operator OSSL3_CONST RSA*() const { return rsa_; }
-  struct PublicKey {
-    const BIGNUM* n;
-    const BIGNUM* e;
-    const BIGNUM* d;
-  };
-  struct PrivateKey {
-    const BIGNUM* p;
-    const BIGNUM* q;
-    const BIGNUM* dp;
-    const BIGNUM* dq;
-    const BIGNUM* qi;
-  };
-  struct PssParams {
-    std::string_view digest = "sha1";
-    std::optional<std::string_view> mgf1_digest = "sha1";
-    int64_t salt_length = 20;
-  };
-  const PublicKey getPublicKey() const;
-  const PrivateKey getPrivateKey() const;
-  const std::optional<PssParams> getPssParams() const;
-  bool setPublicKey(BignumPointer&& n, BignumPointer&& e);
-  bool setPrivateKey(BignumPointer&& d,
-                     BignumPointer&& q,
-                     BignumPointer&& p,
-                     BignumPointer&& dp,
-                     BignumPointer&& dq,
-                     BignumPointer&& qi);
-  using CipherParams = Cipher::CipherParams;
-  static DataPointer encrypt(const EVPKeyPointer& key,
-                             const CipherParams& params,
-                             const Buffer<const void> in);
-  static DataPointer decrypt(const EVPKeyPointer& key,
-                             const CipherParams& params,
-                             const Buffer<const void> in);
- private:
-  OSSL3_CONST RSA* rsa_;
-};
 class Ec final {
  public:
   Ec();
@@ -1628,15 +1626,11 @@ bool SafeX509InfoAccessPrint(const BIOPointer& out, X509_EXTENSION* ext);
 // ============================================================================
 // SPKAC
-[[deprecated("Use the version that takes a Buffer")]] bool VerifySpkac(
-    const char* input, size_t length);
-[[deprecated("Use the version that takes a Buffer")]] BIOPointer
-ExportPublicKey(const char* input, size_t length);
+bool VerifySpkac(const char* input, size_t length);
+BIOPointer ExportPublicKey(const char* input, size_t length);
 // The caller takes ownership of the returned Buffer<char>
-[[deprecated("Use the version that takes a Buffer")]] Buffer<char>
-ExportChallenge(const char* input, size_t length);
+Buffer<char> ExportChallenge(const char* input, size_t length);
 bool VerifySpkac(const Buffer<const char>& buf);
 BIOPointer ExportPublicKey(const Buffer<const char>& buf);
@@ -1753,145 +1747,6 @@ class KEM final {
 #endif  // OPENSSL_VERSION_MAJOR >= 3
-// ============================================================================
-// AEAD (Authenticated Encryption with Associated Data)
-// Note that the underlying EVP_AEAD interface is specific to BoringSSL. AEAD
-// primitives are accessed through the Cipher class instead, if using OpenSSL.
-#ifdef OPENSSL_IS_BORINGSSL
-class Aead final : public ModeMixin<Aead> {
- private:
-  // BoringSSL does not keep a list of AEADs, so we need to maintain our own.
-  struct AeadInfo {
-    std::string name;
-    int mode;
-    int nid = 0;  // Note: BoringSSL only defines NIDs for some AEADs
-  };
- public:
-  Aead() = default;
-  Aead(const AeadInfo* info, const EVP_AEAD* aead) : info_(info), aead_(aead) {}
-  Aead(const Aead&) = default;
-  Aead& operator=(const Aead&) = default;
-  NCRYPTO_DISALLOW_MOVE(Aead)
-  inline const EVP_AEAD* get() const { return aead_; }
-  inline operator const EVP_AEAD*() const { return aead_; }
-  inline operator bool() const { return aead_ != nullptr; }
-  int getMode() const;
-  int getNonceLength() const;
-  int getKeyLength() const;
-  int getBlockSize() const;
-  int getMaxOverhead() const;
-  int getMaxTagLength() const;
-  std::string_view getName() const;
-  static const Aead FromName(std::string_view name);
-  // TODO(npaun): BoringSSL does not define NIDs for all AEADs.
-  // This method is included only for implementing getCipherInfo and can't be
-  // used to construct an Aead instance.
-  int getNid() const;
-  // static const AEAD FromNid(int nid);
-  static const Aead FromCtx(std::string_view name, const AeadCtxPointer& ctx);
-  using AeadNameCallback = std::function<void(std::string_view name)>;
-  // Iterates the known ciphers if the underlying implementation
-  // is able to do so.
-  static void ForEach(AeadNameCallback callback);
-  // Utilities to get various AEADs by type.
-  static const Aead EMPTY;
-  static const Aead AES_128_GCM;
-  static const Aead AES_192_GCM;
-  static const Aead AES_256_GCM;
-  static const Aead CHACHA20_POLY1305;
-  static const Aead XCHACHA20_POLY1305;
-  static const Aead AES_128_CTR_HMAC_SHA256;
-  static const Aead AES_256_CTR_HMAC_SHA256;
-  static const Aead AES_128_GCM_SIV;
-  static const Aead AES_256_GCM_SIV;
-  static const Aead AES_128_GCM_RANDNONCE;
-  static const Aead AES_256_GCM_RANDNONCE;
-  static const Aead AES_128_CCM_BLUETOOTH;
-  static const Aead AES_128_CCM_BLUETOOTH_8;
-  static const Aead AES_128_CCM_MATTER;
-  static const Aead AES_128_EAX;
-  static const Aead AES_256_EAX;
- private:
-  const EVP_AEAD* aead_ = nullptr;
-  const AeadInfo* info_ = nullptr;
-  using AeadConstructor = const EVP_AEAD* (*)();
-  static const std::unordered_map<AeadConstructor, AeadInfo> aeadIndex;
-  static const Aead FromConstructor(AeadConstructor construct);
-};
-class AeadCtxPointer final {
- public:
-  static AeadCtxPointer New(
-      const Aead& aead,
-      bool encrypt,
-      const unsigned char* key = nullptr,
-      size_t keyLen = 0,
-      size_t tagLen = EVP_AEAD_DEFAULT_TAG_LENGTH /* = 0 */);
-  AeadCtxPointer() = default;
-  explicit AeadCtxPointer(EVP_AEAD_CTX* ctx);
-  AeadCtxPointer(AeadCtxPointer&& other) noexcept;
-  AeadCtxPointer& operator=(AeadCtxPointer&& other) noexcept;
-  NCRYPTO_DISALLOW_COPY(AeadCtxPointer)
-  ~AeadCtxPointer();
-  inline bool operator==(std::nullptr_t) const noexcept {
-    return ctx_ == nullptr;
-  }
-  inline operator bool() const { return ctx_ != nullptr; }
-  inline EVP_AEAD_CTX* get() const { return ctx_.get(); }
-  inline operator EVP_AEAD_CTX*() const { return ctx_.get(); }
-  void reset(EVP_AEAD_CTX* ctx = nullptr);
-  EVP_AEAD_CTX* release();
-  bool init(const Aead& aead,
-            bool encrypt,
-            const unsigned char* key = nullptr,
-            size_t keyLen = 0,
-            size_t tagLen = EVP_AEAD_DEFAULT_TAG_LENGTH /* = 0 */);
-  // TODO(npaun): BoringSSL does not define NIDs for all AEADs.
-  // Decide if we will even implement this method.
-  // int getNid() const;
-  bool encrypt(const Buffer<const unsigned char>& in,
-               Buffer<unsigned char>& out,
-               Buffer<unsigned char>& tag,
-               const Buffer<const unsigned char>& nonce,
-               const Buffer<const unsigned char>& aad);
-  bool decrypt(const Buffer<const unsigned char>& in,
-               Buffer<unsigned char>& out,
-               const Buffer<const unsigned char>& tag,
-               const Buffer<const unsigned char>& nonce,
-               const Buffer<const unsigned char>& aad);
- private:
-  DeleteFnPtr<EVP_AEAD_CTX, EVP_AEAD_CTX_free> ctx_;
-};
-#endif
-// ============================================================================
-// Version metadata
-#define NCRYPTO_VERSION "0.0.1"
-enum {
-  NCRYPTO_VERSION_MAJOR = 0,
-  NCRYPTO_VERSION_MINOR = 0,
-  NCRYPTO_VERSION_REVISION = 1,
-};
+#include "ncrypto/version.h"
 }  // namespace ncrypto

package/deps/ncrypto/ncrypto.pc.in ADDED Viewed

@@ -0,0 +1,10 @@
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
+includedir=@CMAKE_INSTALL_FULL_INCLUDEDIR@
+Name: ncrypto
+Description: crypto functions for node:crypto
+Version: @PROJECT_VERSION@
+Libs: -L${libdir} -lncrypto
+Cflags: -I${includedir}

package/deps/ncrypto/release-please-config.json ADDED Viewed

@@ -0,0 +1,11 @@
+{
+  "packages": {
+    ".": {
+      "release-type": "simple",
+      "extra-files": [
+        "CMakeLists.txt",
+        "include/ncrypto/version.h"
+      ]
+    }
+  }
+}

package/deps/ncrypto/src/CMakeLists.txt CHANGED Viewed

@@ -1,12 +1,37 @@
-add_library(ncrypto ncrypto.cpp engine.cpp)
-target_link_libraries(ncrypto PUBLIC ssl crypto)
+add_library(ncrypto ncrypto.cpp engine.cpp aead.cpp)
-if (NCRYPTO_BSSL_LIBDECREPIT_MISSING)
-    target_compile_definitions(ncrypto PUBLIC NCRYPTO_BSSL_LIBDECREPIT_MISSING=1)
-else()
-    target_link_libraries(ncrypto PUBLIC decrepit)
+# Enable strict warning flags for ncrypto sources only
+if(CMAKE_CXX_COMPILER_ID MATCHES "GNU|Clang|AppleClang")
+    target_compile_options(ncrypto PRIVATE
+        -Werror
+        -Wextra
+        -Wno-unused-parameter
+        -Wimplicit-fallthrough
+        -Wno-deprecated-declarations  # OpenSSL 3.0 deprecates many APIs we intentionally use
+    )
+elseif(MSVC)
+    target_compile_options(ncrypto PRIVATE
+        /WX     # Treat warnings as errors
+        /W3     # Warning level 3 (production quality)
+        /wd4100 # Unreferenced formal parameter (like -Wno-unused-parameter)
+        /wd4267 # Conversion from 'size_t' to smaller type
+        /wd4244 # Conversion, possible loss of data
+        /wd4305 # Truncation from 'int' to 'bool'
+        /wd4127 # Conditional expression is constant
+    )
 endif()
+if (NCRYPTO_SHARED_LIBS)
+    target_link_libraries(ncrypto PUBLIC OpenSSL::SSL OpenSSL::Crypto)
+else()
+    target_link_libraries(ncrypto PUBLIC ssl crypto)
+    if (NCRYPTO_BSSL_LIBDECREPIT_MISSING)
+        target_compile_definitions(ncrypto PUBLIC NCRYPTO_BSSL_LIBDECREPIT_MISSING=1)
+    else()
+        target_link_libraries(ncrypto PUBLIC decrepit)
+    endif()
+endif()
 target_include_directories(ncrypto
     PUBLIC
     $<BUILD_INTERFACE:${PROJECT_SOURCE_DIR}/include>