react-native-quick-crypto 1.0.9 → 1.0.11

package/lib/commonjs/specs/certificate.nitro.js

@@ -0,0 +1,6 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+//# sourceMappingURL=certificate.nitro.js.map

package/lib/commonjs/specs/certificate.nitro.js.map

@@ -0,0 +1 @@
+{"version":3,"names":[],"sourceRoot":"../../../src","sources":["specs/certificate.nitro.ts"],"mappings":"","ignoreList":[]}

package/lib/commonjs/specs/dhKeyPair.nitro.js

@@ -0,0 +1,6 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+//# sourceMappingURL=dhKeyPair.nitro.js.map

package/lib/commonjs/specs/dhKeyPair.nitro.js.map

@@ -0,0 +1 @@
+{"version":3,"names":[],"sourceRoot":"../../../src","sources":["specs/dhKeyPair.nitro.ts"],"mappings":"","ignoreList":[]}

package/lib/commonjs/specs/dsaKeyPair.nitro.js

@@ -0,0 +1,6 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+//# sourceMappingURL=dsaKeyPair.nitro.js.map

package/lib/commonjs/specs/dsaKeyPair.nitro.js.map

@@ -0,0 +1 @@
+{"version":3,"names":[],"sourceRoot":"../../../src","sources":["specs/dsaKeyPair.nitro.ts"],"mappings":"","ignoreList":[]}

package/lib/commonjs/specs/prime.nitro.js

@@ -0,0 +1,6 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+//# sourceMappingURL=prime.nitro.js.map

package/lib/commonjs/specs/prime.nitro.js.map

@@ -0,0 +1 @@
+{"version":3,"names":[],"sourceRoot":"../../../src","sources":["specs/prime.nitro.ts"],"mappings":"","ignoreList":[]}

package/lib/commonjs/subtle.js

@@ -10,6 +10,7 @@ var _safeBuffer = require("safe-buffer");
 var _utils = require("./utils");
 var _keys = require("./keys");
 var _conversion = require("./utils/conversion");
+var _argon = require("./argon2");
 var _errors = require("./utils/errors");
 var _hashnames = require("./utils/hashnames");
 var _validation = require("./utils/validation");
@@ -25,11 +26,6 @@ var _ed = require("./ed");
 var _mldsa = require("./mldsa");
 var _hkdf = require("./hkdf");
 /* eslint-disable @typescript-eslint/no-unused-vars */
-// import { pbkdf2DeriveBits } from './pbkdf2';
-// import { aesCipher, aesGenerateKey, aesImportKey, getAlgorithmName } from './aes';
-// import { rsaCipher, rsaExportKey, rsaImportKey, rsaKeyGenerate } from './rsa';
-// import { normalizeAlgorithm, type Operation } from './algorithms';
-// import { hmacImportKey } from './mac';
 // Temporary enums that need to be defined
 var KWebCryptoKeyFormat = /*#__PURE__*/function (KWebCryptoKeyFormat) {
   KWebCryptoKeyFormat[KWebCryptoKeyFormat["kWebCryptoKeyFormatRaw"] = 0] = "kWebCryptoKeyFormatRaw";
@@ -54,21 +50,36 @@ function normalizeAlgorithm(algorithm, _operation) {
   return algorithm;
 }
 function getAlgorithmName(name, length) {
-  return `${name}${length}`;
+  switch (name) {
+    case 'AES-CBC':
+      return `A${length}CBC`;
+    case 'AES-CTR':
+      return `A${length}CTR`;
+    case 'AES-GCM':
+      return `A${length}GCM`;
+    case 'AES-KW':
+      return `A${length}KW`;
+    case 'AES-OCB':
+      return `A${length}OCB`;
+    case 'ChaCha20-Poly1305':
+      return 'C20P';
+    default:
+      return `${name}${length}`;
+  }
 }
 
 // Placeholder implementations for missing functions
 function ecExportKey(key, format) {
   const keyObject = key.keyObject;
-  if (format === KWebCryptoKeyFormat.kWebCryptoKeyFormatSPKI) {
-    // Export public key in SPKI format
+  if (format === KWebCryptoKeyFormat.kWebCryptoKeyFormatRaw) {
+    return (0, _conversion.bufferLikeToArrayBuffer)(keyObject.handle.exportKey());
+  } else if (format === KWebCryptoKeyFormat.kWebCryptoKeyFormatSPKI) {
     const exported = keyObject.export({
       format: 'der',
       type: 'spki'
     });
     return (0, _conversion.bufferLikeToArrayBuffer)(exported);
   } else if (format === KWebCryptoKeyFormat.kWebCryptoKeyFormatPKCS8) {
-    // Export private key in PKCS8 format
     const exported = keyObject.export({
       format: 'der',
       type: 'pkcs8'
@@ -137,6 +148,8 @@ async function aesCipher(mode, key, data, algorithm) {
       return aesCbcCipher(mode, key, data, algorithm);
     case 'AES-GCM':
       return aesGcmCipher(mode, key, data, algorithm);
+    case 'AES-OCB':
+      return aesOcbCipher(mode, key, data, algorithm);
     default:
       throw (0, _errors.lazyDOMException)(`Unsupported AES algorithm: ${name}`, 'NotSupportedError');
   }
@@ -203,61 +216,40 @@ async function aesCbcCipher(mode, key, data, algorithm) {
   result.set(new Uint8Array(final), updated.byteLength);
   return result.buffer;
 }
-async function aesGcmCipher(mode, key, data, algorithm) {
-  const {
-    tagLength = 128
-  } = algorithm;
-
-  // Validate tag length
-  const validTagLengths = [32, 64, 96, 104, 112, 120, 128];
-  if (!validTagLengths.includes(tagLength)) {
-    throw (0, _errors.lazyDOMException)(`${tagLength} is not a valid AES-GCM tag length`, 'OperationError');
+async function aesAeadCipher(mode, key, data, config, additionalData, tagLength = 128) {
+  if (!config.validTagLengths.includes(tagLength)) {
+    throw (0, _errors.lazyDOMException)(`${tagLength} is not a valid ${config.algorithmName} tag length`, 'OperationError');
   }
   const tagByteLength = tagLength / 8;
-
-  // Get cipher type based on key length
   const keyLength = key.algorithm.length;
-  const cipherType = `aes-${keyLength}-gcm`;
-
-  // Create cipher
+  const cipherType = `aes-${keyLength}-${config.cipherSuffix}`;
   const factory = _reactNativeNitroModules.NitroModules.createHybridObject('CipherFactory');
   const cipher = factory.createCipher({
     isCipher: mode === CipherOrWrapMode.kWebCryptoCipherEncrypt,
     cipherType,
     cipherKey: (0, _conversion.bufferLikeToArrayBuffer)(key.keyObject.export()),
-    iv: (0, _conversion.bufferLikeToArrayBuffer)(algorithm.iv),
+    iv: config.iv,
     authTagLen: tagByteLength
   });
   let processData;
-  let authTag;
   if (mode === CipherOrWrapMode.kWebCryptoCipherDecrypt) {
-    // For decryption, extract auth tag from end of data
     const dataView = new Uint8Array(data);
     if (dataView.byteLength < tagByteLength) {
       throw (0, _errors.lazyDOMException)('The provided data is too small.', 'OperationError');
     }
-
-    // Split data and tag
     const ciphertextLength = dataView.byteLength - tagByteLength;
     processData = dataView.slice(0, ciphertextLength).buffer;
-    authTag = dataView.slice(ciphertextLength).buffer;
-
-    // Set auth tag for verification
+    const authTag = dataView.slice(ciphertextLength).buffer;
     cipher.setAuthTag(authTag);
   } else {
     processData = data;
   }
-
-  // Set additional authenticated data if provided
-  if (algorithm.additionalData) {
-    cipher.setAAD((0, _conversion.bufferLikeToArrayBuffer)(algorithm.additionalData));
+  if (additionalData) {
+    cipher.setAAD((0, _conversion.bufferLikeToArrayBuffer)(additionalData));
   }
-
-  // Process data
   const updated = cipher.update(processData);
   const final = cipher.final();
   if (mode === CipherOrWrapMode.kWebCryptoCipherEncrypt) {
-    // For encryption, append auth tag to result
     const tag = cipher.getAuthTag();
     const result = new Uint8Array(updated.byteLength + final.byteLength + tag.byteLength);
     result.set(new Uint8Array(updated), 0);
@@ -265,13 +257,32 @@ async function aesGcmCipher(mode, key, data, algorithm) {
     result.set(new Uint8Array(tag), updated.byteLength + final.byteLength);
     return result.buffer;
   } else {
-    // For decryption, just concatenate plaintext
     const result = new Uint8Array(updated.byteLength + final.byteLength);
     result.set(new Uint8Array(updated), 0);
     result.set(new Uint8Array(final), updated.byteLength);
     return result.buffer;
   }
 }
+async function aesGcmCipher(mode, key, data, algorithm) {
+  return aesAeadCipher(mode, key, data, {
+    algorithmName: 'AES-GCM',
+    validTagLengths: [32, 64, 96, 104, 112, 120, 128],
+    cipherSuffix: 'gcm',
+    iv: (0, _conversion.bufferLikeToArrayBuffer)(algorithm.iv)
+  }, algorithm.additionalData, algorithm.tagLength);
+}
+async function aesOcbCipher(mode, key, data, algorithm) {
+  const ivBuffer = (0, _conversion.bufferLikeToArrayBuffer)(algorithm.iv);
+  if (ivBuffer.byteLength < 1 || ivBuffer.byteLength > 15) {
+    throw (0, _errors.lazyDOMException)('AES-OCB algorithm.iv must be between 1 and 15 bytes', 'OperationError');
+  }
+  return aesAeadCipher(mode, key, data, {
+    algorithmName: 'AES-OCB',
+    validTagLengths: [64, 96, 128],
+    cipherSuffix: 'ocb',
+    iv: ivBuffer
+  }, algorithm.additionalData, algorithm.tagLength);
+}
 async function aesKwCipher(mode, key, data) {
   const isWrap = mode === CipherOrWrapMode.kWebCryptoCipherEncrypt;
 
@@ -695,6 +706,18 @@ function edImportKey(format, data, algorithm, extractable, keyUsages) {
     // Raw public keys are just the key bytes
     handle.init(1, keyData); // 1 = public key type
     keyObject = new _keys.PublicKeyObject(handle);
+  } else if (format === 'jwk') {
+    const jwkData = data;
+    const handle = _reactNativeNitroModules.NitroModules.createHybridObject('KeyObjectHandle');
+    const keyType = handle.initJwk(jwkData);
+    if (keyType === undefined) {
+      throw (0, _errors.lazyDOMException)('Invalid JWK data', 'DataError');
+    }
+    if (keyType === _utils.KeyType.PRIVATE) {
+      keyObject = new _keys.PrivateKeyObject(handle);
+    } else {
+      keyObject = new _keys.PublicKeyObject(handle);
+    }
   } else {
     throw (0, _errors.lazyDOMException)(`Unsupported format for ${name} import: ${format}`, 'NotSupportedError');
   }
@@ -843,6 +866,8 @@ const exportKeyRaw = key => {
     // Fall through
     case 'AES-KW':
     // Fall through
+    case 'AES-OCB':
+    // Fall through
     case 'ChaCha20-Poly1305':
     // Fall through
     case 'HMAC':
@@ -877,6 +902,14 @@ const exportKeyJWK = key => {
     case 'ECDH':
       jwk.crv ||= key.algorithm.namedCurve;
       return jwk;
+    case 'Ed25519':
+    // Fall through
+    case 'Ed448':
+    // Fall through
+    case 'X25519':
+    // Fall through
+    case 'X448':
+      return jwk;
     case 'AES-CTR':
     // Fall through
     case 'AES-CBC':
@@ -885,6 +918,8 @@ const exportKeyJWK = key => {
     // Fall through
     case 'AES-KW':
     // Fall through
+    case 'AES-OCB':
+    // Fall through
     case 'ChaCha20-Poly1305':
       if (key.algorithm.length === undefined) {
         throw (0, _errors.lazyDOMException)(`Algorithm ${key.algorithm.name} missing required length property`, 'InvalidAccessError');
@@ -949,6 +984,37 @@ const checkCryptoKeyPairUsages = pair => {
   }
   throw (0, _errors.lazyDOMException)('Usages cannot be empty when creating a key.', 'SyntaxError');
 };
+function argon2DeriveBits(algorithm, baseKey, length) {
+  if (length === 0 || length % 8 !== 0) {
+    throw (0, _errors.lazyDOMException)('Invalid Argon2 derived key length', 'OperationError');
+  }
+  if (length < 32) {
+    throw (0, _errors.lazyDOMException)('Argon2 derived key length must be at least 32 bits', 'OperationError');
+  }
+  const {
+    nonce,
+    parallelism,
+    memory,
+    passes,
+    secretValue,
+    associatedData
+  } = algorithm;
+  const tagLength = length / 8;
+  const message = baseKey.keyObject.export();
+  const algName = algorithm.name.toLowerCase();
+  const result = (0, _argon.argon2Sync)(algName, {
+    message,
+    nonce: nonce ?? new Uint8Array(0),
+    parallelism: parallelism ?? 1,
+    tagLength,
+    memory: memory ?? 65536,
+    passes: passes ?? 3,
+    secret: secretValue,
+    associatedData,
+    version: algorithm.version
+  });
+  return (0, _conversion.bufferLikeToArrayBuffer)(result);
+}
 
 // Type guard to check if result is CryptoKeyPair
 function isCryptoKeyPair(result) {
@@ -1101,6 +1167,8 @@ const cipherOrWrap = async (mode, algorithm, key, data, op) => {
     case 'AES-CBC':
     // Fall through
     case 'AES-GCM':
+    // Fall through
+    case 'AES-OCB':
       return aesCipher(mode, key, data, algorithm);
     case 'AES-KW':
       return aesKwCipher(mode, key, data);
@@ -1108,7 +1176,49 @@ const cipherOrWrap = async (mode, algorithm, key, data, op) => {
       return chaCha20Poly1305Cipher(mode, key, data, algorithm);
   }
 };
+const SUPPORTED_ALGORITHMS = {
+  encrypt: new Set(['RSA-OAEP', 'AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-OCB', 'ChaCha20-Poly1305']),
+  decrypt: new Set(['RSA-OAEP', 'AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-OCB', 'ChaCha20-Poly1305']),
+  sign: new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'ECDSA', 'HMAC', 'Ed25519', 'Ed448', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87']),
+  verify: new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'ECDSA', 'HMAC', 'Ed25519', 'Ed448', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87']),
+  digest: new Set(['SHA-1', 'SHA-256', 'SHA-384', 'SHA-512']),
+  generateKey: new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'RSA-OAEP', 'ECDSA', 'ECDH', 'Ed25519', 'Ed448', 'X25519', 'X448', 'AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-KW', 'AES-OCB', 'ChaCha20-Poly1305', 'HMAC', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87']),
+  importKey: new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'RSA-OAEP', 'ECDSA', 'ECDH', 'Ed25519', 'Ed448', 'X25519', 'X448', 'AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-KW', 'AES-OCB', 'ChaCha20-Poly1305', 'HMAC', 'HKDF', 'PBKDF2', 'Argon2d', 'Argon2i', 'Argon2id', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87']),
+  exportKey: new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'RSA-OAEP', 'ECDSA', 'ECDH', 'Ed25519', 'Ed448', 'X25519', 'X448', 'AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-KW', 'AES-OCB', 'ChaCha20-Poly1305', 'HMAC', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87']),
+  deriveBits: new Set(['PBKDF2', 'HKDF', 'ECDH', 'X25519', 'X448', 'Argon2d', 'Argon2i', 'Argon2id']),
+  wrapKey: new Set(['AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-KW', 'AES-OCB', 'ChaCha20-Poly1305', 'RSA-OAEP']),
+  unwrapKey: new Set(['AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-KW', 'AES-OCB', 'ChaCha20-Poly1305', 'RSA-OAEP'])
+};
+const ASYMMETRIC_ALGORITHMS = new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'RSA-OAEP', 'ECDSA', 'ECDH', 'Ed25519', 'Ed448', 'X25519', 'X448', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87']);
 class Subtle {
+  static supports(operation, algorithm, _lengthOrAdditionalAlgorithm) {
+    let normalizedAlgorithm;
+    try {
+      normalizedAlgorithm = normalizeAlgorithm(algorithm, operation === 'getPublicKey' ? 'exportKey' : operation);
+    } catch {
+      return false;
+    }
+    const name = normalizedAlgorithm.name;
+    if (operation === 'getPublicKey') {
+      return ASYMMETRIC_ALGORITHMS.has(name);
+    }
+    if (operation === 'deriveKey') {
+      // deriveKey decomposes to deriveBits + importKey of additional algorithm
+      if (!SUPPORTED_ALGORITHMS.deriveBits?.has(name)) return false;
+      if (_lengthOrAdditionalAlgorithm != null) {
+        try {
+          const additionalAlg = normalizeAlgorithm(_lengthOrAdditionalAlgorithm, 'importKey');
+          return SUPPORTED_ALGORITHMS.importKey?.has(additionalAlg.name) ?? false;
+        } catch {
+          return false;
+        }
+      }
+      return true;
+    }
+    const supported = SUPPORTED_ALGORITHMS[operation];
+    if (!supported) return false;
+    return supported.has(name);
+  }
   async decrypt(algorithm, key, data) {
     const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'decrypt');
     return cipherOrWrap(CipherOrWrapMode.kWebCryptoCipherDecrypt, normalizedAlgorithm, key, (0, _conversion.bufferLikeToArrayBuffer)(data), 'decrypt');
@@ -1134,6 +1244,10 @@ class Subtle {
         return (0, _ec.ecDeriveBits)(algorithm, baseKey, length);
       case 'HKDF':
         return (0, _hkdf.hkdfDeriveBits)(algorithm, baseKey, length);
+      case 'Argon2d':
+      case 'Argon2i':
+      case 'Argon2id':
+        return argon2DeriveBits(algorithm, baseKey, length);
     }
     throw new Error(`'subtle.deriveBits()' for ${algorithm.name} is not implemented.`);
   }
@@ -1158,9 +1272,17 @@ class Subtle {
       case 'X448':
         derivedBits = await (0, _ed.xDeriveBits)(algorithm, baseKey, length);
         break;
+      case 'ECDH':
+        derivedBits = await (0, _ec.ecDeriveBits)(algorithm, baseKey, length);
+        break;
       case 'HKDF':
         derivedBits = (0, _hkdf.hkdfDeriveBits)(algorithm, baseKey, length);
         break;
+      case 'Argon2d':
+      case 'Argon2i':
+      case 'Argon2id':
+        derivedBits = argon2DeriveBits(algorithm, baseKey, length);
+        break;
       default:
         throw new Error(`'subtle.deriveKey()' for ${algorithm.name} is not implemented.`);
     }
@@ -1174,6 +1296,7 @@ class Subtle {
   }
   async exportKey(format, key) {
     if (!key.extractable) throw new Error('key is not extractable');
+    if (format === 'raw-secret' || format === 'raw-public') format = 'raw';
     switch (format) {
       case 'spki':
         return await exportKeySpki(key);
@@ -1279,6 +1402,8 @@ class Subtle {
       case 'AES-GCM':
       // Fall through
       case 'AES-KW':
+      // Fall through
+      case 'AES-OCB':
         result = await aesGenerateKey(algorithm, extractable, keyUsages);
         break;
       case 'ChaCha20-Poly1305':
@@ -1322,7 +1447,18 @@ class Subtle {
     }
     return result;
   }
+  async getPublicKey(key, keyUsages) {
+    if (key.type === 'secret') {
+      throw (0, _errors.lazyDOMException)('key must be a private key', 'NotSupportedError');
+    }
+    if (key.type !== 'private') {
+      throw (0, _errors.lazyDOMException)('key must be a private key', 'InvalidAccessError');
+    }
+    const publicKeyObject = (0, _keys.createPublicKey)(key.keyObject);
+    return publicKeyObject.toCryptoKey(key.algorithm, true, keyUsages);
+  }
   async importKey(format, data, algorithm, extractable, keyUsages) {
+    if (format === 'raw-secret' || format === 'raw-public') format = 'raw';
     const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'importKey');
     let result;
     switch (normalizedAlgorithm.name) {
@@ -1349,10 +1485,15 @@ class Subtle {
       // Fall through
       case 'AES-KW':
       // Fall through
+      case 'AES-OCB':
+      // Fall through
       case 'ChaCha20-Poly1305':
         result = await aesImportKey(normalizedAlgorithm, format, data, extractable, keyUsages);
         break;
       case 'PBKDF2':
+      case 'Argon2d':
+      case 'Argon2i':
+      case 'Argon2id':
         result = await importGenericSecretKey(normalizedAlgorithm, format, data, extractable, keyUsages);
         break;
       case 'HKDF':
@@ -1473,6 +1614,7 @@ function getKeyLength(algorithm) {
     case 'AES-CBC':
     case 'AES-GCM':
     case 'AES-KW':
+    case 'AES-OCB':
     case 'ChaCha20-Poly1305':
       return algorithm.length || 256;
     case 'HMAC':