react-native-quick-crypto 1.1.1 → 1.1.3

package/src/utils/conversion.ts

@@ -6,7 +6,12 @@ import type { ABV, BinaryLikeNode, BufferLike } from './types';
 import { Platform } from 'react-native';
 
 type UtilsWithStringConverter = Utils & {
-  bufferToString(buffer: ArrayBuffer, encoding: string): string;
+  bufferToString(
+    buffer: ArrayBuffer,
+    encoding: string,
+    start?: number,
+    end?: number,
+  ): string;
   stringToBuffer(str: string, encoding: string): ArrayBuffer;
 };
 
@@ -52,6 +57,34 @@ if (isHermes) {
   }
 }
 
+// WebCrypto / Web IDL §BufferSource: SharedArrayBuffer-backed inputs must
+// be rejected. Concurrent writes from another worker during async crypto
+// can corrupt computations or leak intermediate state, so even copying
+// the source isn't safe (the copy itself races). Reject at conversion.
+// See Node's `lib/internal/webidl.js` BufferSource converter (commit
+// bee10872588) — it throws TypeError, matching the WebIDL spec.
+//
+// We apply this guard to *every* conversion helper, not just the ones
+// reached from `subtle.*`. That's deliberately stricter than Node, whose
+// classic APIs (`createHash().update`, `createHmac().update`,
+// `createCipheriv().update`, etc.) accept SAB-backed views. The TOCTOU
+// concern is the same on either side of the WebCrypto / classic line, so
+// we prefer the safer default everywhere.
+export function rejectSharedArrayBuffer(buf: unknown): void {
+  if (typeof SharedArrayBuffer === 'undefined') return;
+  if (buf instanceof SharedArrayBuffer) {
+    throw new TypeError('SharedArrayBuffer is not a supported BufferSource');
+  }
+  if (
+    ArrayBuffer.isView(buf) &&
+    (buf as ArrayBufferView).buffer instanceof SharedArrayBuffer
+  ) {
+    throw new TypeError(
+      'View on a SharedArrayBuffer is not a supported BufferSource',
+    );
+  }
+}
+
 /**
  * Returns the underlying ArrayBuffer of a Buffer / TypedArray view **without
  * copying**, ignoring `byteOffset`/`byteLength`. The full backing storage is
@@ -60,10 +93,11 @@ if (isHermes) {
  * Only use this when the caller separately tracks `byteOffset`/`byteLength`
  * and the native receiver needs to write back into the original memory
  * (e.g. `randomFill`). For data that will be read by native crypto, use
- * `binaryLikeToArrayBuffer`/`toArrayBuffer` instead — those slice to the
+ * `binaryLikeToArrayBuffer`/`toArrayBuffer` instead — those return only the
  * view's region and won't leak unrelated bytes from the backing buffer.
  */
 export const abvToArrayBuffer = (buf: ABV) => {
+  rejectSharedArrayBuffer(buf);
   if (CraftzdogBuffer.isBuffer(buf)) {
     return buf.buffer as ArrayBuffer;
   }
@@ -74,8 +108,10 @@ export const abvToArrayBuffer = (buf: ABV) => {
 };
 
 /**
- * Converts supplied argument to an ArrayBuffer.  Note this copies data if the
- * supplied buffer has the .slice() method, so can be a bit slow.
+ * Converts supplied argument to an ArrayBuffer. Note this copies data
+ * only when the supplied view represents a subrange of the underlying
+ * ArrayBuffer; otherwise the backing buffer is returned directly
+ * (aliased — do not mutate after passing).
  * @param buf
  * @returns ArrayBuffer
  */
@@ -83,13 +119,13 @@ export function toArrayBuffer(
   buf: CraftzdogBuffer | SafeBuffer | ArrayBufferView,
 ): ArrayBuffer {
   if (CraftzdogBuffer.isBuffer(buf) || ArrayBuffer.isView(buf)) {
-    if (buf?.buffer?.slice) {
+    if (buf.byteOffset === 0 && buf.byteLength === buf.buffer.byteLength) {
+      return buf.buffer as ArrayBuffer;
+    } else {
       return buf.buffer.slice(
         buf.byteOffset,
         buf.byteOffset + buf.byteLength,
       ) as ArrayBuffer;
-    } else {
-      return buf.buffer as ArrayBuffer;
     }
   }
   const ab = new ArrayBuffer(buf.length);
@@ -101,6 +137,8 @@ export function toArrayBuffer(
 }
 
 export function bufferLikeToArrayBuffer(buf: BufferLike): ArrayBuffer {
+  rejectSharedArrayBuffer(buf);
+
   // Buffer
   if (CraftzdogBuffer.isBuffer(buf) || SafeBuffer.isBuffer(buf)) {
     return toArrayBuffer(buf);
@@ -115,22 +153,8 @@ export function bufferLikeToArrayBuffer(buf: BufferLike): ArrayBuffer {
     return buf;
   }
 
-  // If buf is a SharedArrayBuffer, convert it to ArrayBuffer.
-  // This typically involves a copy of the data.
-  if (
-    typeof SharedArrayBuffer !== 'undefined' &&
-    buf instanceof SharedArrayBuffer
-  ) {
-    const arrayBuffer = new ArrayBuffer(buf.byteLength);
-    new Uint8Array(arrayBuffer).set(new Uint8Array(buf));
-    return arrayBuffer;
-  }
-
-  // If we reach here, 'buf' is of a type within BufferLike that has not been handled by the above checks.
-  // This indicates either an incomplete BufferLike definition or an unexpected input type.
-  // Throw an error to signal this, ensuring the function's contract (return ArrayBuffer or throw) is met.
   throw new TypeError(
-    'Input must be a Buffer, ArrayBufferView, ArrayBuffer, or SharedArrayBuffer.',
+    'Input must be a Buffer, ArrayBufferView, or ArrayBuffer.',
   );
 }
 
@@ -138,6 +162,8 @@ export function binaryLikeToArrayBuffer(
   input: BinaryLikeNode, // CipherKey adds compat with node types
   encoding: string = 'utf-8',
 ): ArrayBuffer {
+  rejectSharedArrayBuffer(input);
+
   // string
   if (typeof input === 'string') {
     if (encoding === 'buffer') {
@@ -204,19 +230,46 @@ export function binaryLikeToArrayBuffer(
   );
 }
 
-export function ab2str(buf: ArrayBuffer, encoding: string = 'hex'): string {
+export function ab2str(
+  buf: ArrayBuffer,
+  encoding: string = 'hex',
+  start?: number,
+  end?: number,
+): string {
   if (nativeBufferToStringEncodings.has(encoding)) {
-    return utils.bufferToString(buf, encoding);
+    return bufferToString(buf, encoding, start, end);
   }
-  return CraftzdogBuffer.from(buf).toString(encoding);
+
+  return CraftzdogBuffer.from(buf).toString(encoding, start, end);
 }
 
-/** Native C++ buffer-to-string — exposed for benchmarking */
+/** Native C++ buffer-to-string with arguments normalization*/
 export function bufferToString(
   buf: ArrayBuffer,
   encoding: string = 'hex',
+  start?: number,
+  end?: number,
 ): string {
-  return utils.bufferToString(buf, encoding);
+  // https://github.com/nodejs/node/blob/v24.15.0/lib/buffer.js#L915-L928
+  if (start === undefined || start < 0) {
+    start = 0;
+  } else if (start >= buf.byteLength) {
+    return '';
+  } else {
+    start = Math.trunc(start) || 0;
+  }
+
+  if (end === undefined || end > buf.byteLength) {
+    end = buf.byteLength;
+  } else {
+    end = Math.trunc(end) || 0;
+  }
+
+  if (end <= start) {
+    return '';
+  }
+
+  return utils.bufferToString(buf, encoding, start, end);
 }
 
 /** Native C++ string-to-buffer — exposed for benchmarking */

package/src/utils/errors.ts

@@ -5,11 +5,79 @@ type DOMName =
       cause: unknown;
     };
 
+// Hermes (React Native) does not implement DOMException natively. Use it when
+// the host provides one; otherwise fall back to an Error subclass that exposes
+// the WebCrypto-relevant surface (.name, .message, .code) so consumers that
+// branch on `err.name === 'InvalidAccessError'` see the spec-correct value.
+const DOM_EXCEPTION_CODES: Record<string, number> = {
+  IndexSizeError: 1,
+  HierarchyRequestError: 3,
+  WrongDocumentError: 4,
+  InvalidCharacterError: 5,
+  NoModificationAllowedError: 7,
+  NotFoundError: 8,
+  NotSupportedError: 9,
+  InUseAttributeError: 10,
+  InvalidStateError: 11,
+  SyntaxError: 12,
+  InvalidModificationError: 13,
+  NamespaceError: 14,
+  InvalidAccessError: 15,
+  TypeMismatchError: 17,
+  SecurityError: 18,
+  NetworkError: 19,
+  AbortError: 20,
+  URLMismatchError: 21,
+  QuotaExceededError: 22,
+  TimeoutError: 23,
+  InvalidNodeTypeError: 24,
+  DataCloneError: 25,
+};
+
+const HostDOMException: typeof globalThis.DOMException | undefined = (
+  globalThis as { DOMException?: typeof globalThis.DOMException }
+).DOMException;
+
+class FallbackDOMException extends Error {
+  readonly code: number;
+  constructor(message: string, name: string) {
+    super(message);
+    this.name = name;
+    this.code = DOM_EXCEPTION_CODES[name] ?? 0;
+  }
+}
+
 export function lazyDOMException(message: string, domName: DOMName): Error {
-  let cause = '';
-  if (typeof domName !== 'string') {
-    cause = `\nCaused by: ${domName.cause}`;
+  const name = typeof domName === 'string' ? domName : domName.name;
+  const cause = typeof domName === 'string' ? undefined : domName.cause;
+
+  let err: Error;
+  if (HostDOMException) {
+    err =
+      cause !== undefined
+        ? new HostDOMException(message, { name, cause } as never)
+        : new HostDOMException(message, name);
+  } else {
+    err = new FallbackDOMException(message, name);
+    if (cause !== undefined) {
+      (err as Error & { cause?: unknown }).cause = cause;
+    }
   }
+  return err;
+}
 
-  return new Error(`[${domName}]: ${message}${cause}`);
+// QuotaExceededError carries `quota` and `requested` numeric fields per the
+// WebIDL spec (https://webidl.spec.whatwg.org/#quotaexceedederror). DOMException
+// in legacy hosts does not expose these, so always use our subclass.
+export class QuotaExceededError extends FallbackDOMException {
+  readonly quota: number | null;
+  readonly requested: number | null;
+  constructor(
+    message: string,
+    options: { quota?: number; requested?: number } = {},
+  ) {
+    super(message, 'QuotaExceededError');
+    this.quota = options.quota ?? null;
+    this.requested = options.requested ?? null;
+  }
 }

package/src/utils/types.ts

@@ -49,7 +49,11 @@ export type DigestAlgorithm =
   | 'SHA3-384'
   | 'SHA3-512'
   | 'cSHAKE128'
-  | 'cSHAKE256';
+  | 'cSHAKE256'
+  | 'TurboSHAKE128'
+  | 'TurboSHAKE256'
+  | 'KT128'
+  | 'KT256';
 
 export type HashAlgorithm = DigestAlgorithm | 'SHA-224' | 'RIPEMD-160';
 
@@ -74,20 +78,50 @@ export type ECKeyPairAlgorithm = 'ECDSA' | 'ECDH';
 export type CFRGKeyPairAlgorithm = 'Ed25519' | 'Ed448' | 'X25519' | 'X448';
 export type CFRGKeyPairType = 'ed25519' | 'ed448' | 'x25519' | 'x448';
 
+export type SlhDsaAlgorithm =
+  | 'SLH-DSA-SHA2-128s'
+  | 'SLH-DSA-SHA2-128f'
+  | 'SLH-DSA-SHA2-192s'
+  | 'SLH-DSA-SHA2-192f'
+  | 'SLH-DSA-SHA2-256s'
+  | 'SLH-DSA-SHA2-256f'
+  | 'SLH-DSA-SHAKE-128s'
+  | 'SLH-DSA-SHAKE-128f'
+  | 'SLH-DSA-SHAKE-192s'
+  | 'SLH-DSA-SHAKE-192f'
+  | 'SLH-DSA-SHAKE-256s'
+  | 'SLH-DSA-SHAKE-256f';
+
+export type SlhDsaKeyPairType =
+  | 'slh-dsa-sha2-128s'
+  | 'slh-dsa-sha2-128f'
+  | 'slh-dsa-sha2-192s'
+  | 'slh-dsa-sha2-192f'
+  | 'slh-dsa-sha2-256s'
+  | 'slh-dsa-sha2-256f'
+  | 'slh-dsa-shake-128s'
+  | 'slh-dsa-shake-128f'
+  | 'slh-dsa-shake-192s'
+  | 'slh-dsa-shake-192f'
+  | 'slh-dsa-shake-256s'
+  | 'slh-dsa-shake-256f';
+
 export type PQCKeyPairAlgorithm =
   | 'ML-DSA-44'
   | 'ML-DSA-65'
   | 'ML-DSA-87'
   | 'ML-KEM-512'
   | 'ML-KEM-768'
-  | 'ML-KEM-1024';
+  | 'ML-KEM-1024'
+  | SlhDsaAlgorithm;
 export type PQCKeyPairType =
   | 'ml-dsa-44'
   | 'ml-dsa-65'
   | 'ml-dsa-87'
   | 'ml-kem-512'
   | 'ml-kem-768'
-  | 'ml-kem-1024';
+  | 'ml-kem-1024'
+  | SlhDsaKeyPairType;
 
 export type MlKemAlgorithm = 'ML-KEM-512' | 'ML-KEM-768' | 'ML-KEM-1024';
 
@@ -128,7 +162,8 @@ export type SignVerifyAlgorithm =
   | 'Ed448'
   | 'ML-DSA-44'
   | 'ML-DSA-65'
-  | 'ML-DSA-87';
+  | 'ML-DSA-87'
+  | SlhDsaAlgorithm;
 
 export type Argon2Algorithm = 'Argon2d' | 'Argon2i' | 'Argon2id';
 
@@ -245,8 +280,13 @@ export type SubtleAlgorithm = {
   secretValue?: BufferLike;
   associatedData?: BufferLike;
   version?: number;
-  // KMAC parameters
+  // KMAC / cSHAKE / KangarooTwelve parameters
   customization?: BufferLike;
+  outputLength?: number;
+  // TurboSHAKE parameter (RFC 9861 §2.2): single-byte domain separator in
+  // [0x01, 0x7F]. Defaults to 0x1F per the WICG WebCrypto Modern Algorithms
+  // draft when omitted.
+  domainSeparation?: number;
 };
 
 export type KeyPairType =
@@ -254,7 +294,8 @@ export type KeyPairType =
   | RSAKeyPairType
   | ECKeyPairType
   | DSAKeyPairType
-  | DHKeyPairType;
+  | DHKeyPairType
+  | PQCKeyPairType;
 
 export type KeyUsage =
   | 'encrypt'
@@ -306,10 +347,13 @@ export const kNamedCurveAliases = {
 } as const;
 // end TODO
 
+export type RawPublicFormat = 'raw-public';
+export type RawPrivateFormat = 'raw-private' | 'raw-seed';
+
 export type KeyPairGenConfig = {
-  publicFormat?: KFormatType | -1;
-  publicType?: KeyEncoding;
-  privateFormat?: KFormatType | -1;
+  publicFormat?: KFormatType | RawPublicFormat | -1;
+  publicType?: KeyEncoding | RawECPointType;
+  privateFormat?: KFormatType | RawPrivateFormat | -1;
   privateType?: KeyEncoding;
   cipher?: string;
   passphrase?: ArrayBuffer;
@@ -324,7 +368,7 @@ export type AsymmetricKeyType =
   | CFRGKeyPairType
   | PQCKeyPairType;
 
-type JWKkty = 'AES' | 'RSA' | 'EC' | 'oct' | 'OKP';
+type JWKkty = 'AES' | 'RSA' | 'EC' | 'oct' | 'OKP' | 'AKP';
 type JWKuse = 'sig' | 'enc';
 
 export interface JWK {
@@ -349,6 +393,8 @@ export interface JWK {
   dp?: string;
   dq?: string;
   qi?: string;
+  pub?: string;
+  priv?: string;
   ext?: boolean;
 }
 
@@ -356,14 +402,22 @@ export type KTypePrivate = 'pkcs1' | 'pkcs8' | 'sec1';
 export type KTypePublic = 'pkcs1' | 'spki';
 export type KType = KTypePrivate | KTypePublic;
 
-export type KFormat = 'der' | 'pem' | 'jwk';
+export type KFormat =
+  | 'der'
+  | 'pem'
+  | 'jwk'
+  | 'raw-public'
+  | 'raw-private'
+  | 'raw-seed';
 
 export type DSAEncoding = 'der' | 'ieee-p1363';
 
+export type RawECPointType = 'compressed' | 'uncompressed';
+
 export type EncodingOptions = {
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
   key?: any;
-  type?: KType;
+  type?: KType | RawECPointType;
   encoding?: string;
   dsaEncoding?: DSAEncoding;
   format?: KFormat;
@@ -373,6 +427,8 @@ export type EncodingOptions = {
   saltLength?: number;
   oaepHash?: string;
   oaepLabel?: BinaryLike;
+  asymmetricKeyType?: string;
+  namedCurve?: string;
 };
 
 export interface KeyDetail {
@@ -407,6 +463,7 @@ export type GenerateKeyPairOptions = {
 export type KeyPairKey =
   | ArrayBuffer
   | Buffer
+  | CraftzdogBuffer
   | string
   | KeyObject
   | KeyObjectHandle
@@ -494,9 +551,16 @@ export type CipherOFBType = 'aes-128-ofb' | 'aes-192-ofb' | 'aes-256-ofb';
 
 export type KeyObjectHandle = KeyObjectHandleType;
 
+export type RawDiffieHellmanKeyInput = {
+  key: ArrayBuffer | ArrayBufferView | string;
+  format: 'raw-public' | 'raw-private' | 'raw-seed';
+  asymmetricKeyType: string;
+  namedCurve?: string;
+};
+
 export type DiffieHellmanOptions = {
-  privateKey: KeyObject;
-  publicKey: KeyObject;
+  privateKey: KeyObject | RawDiffieHellmanKeyInput;
+  publicKey: KeyObject | RawDiffieHellmanKeyInput;
 };
 
 export type DiffieHellmanCallback = (
@@ -530,7 +594,8 @@ export type Operation =
   | 'encapsulateBits'
   | 'decapsulateBits'
   | 'encapsulateKey'
-  | 'decapsulateKey';
+  | 'decapsulateKey'
+  | 'get key length';
 
 export interface KeyPairOptions {
   namedCurve: string;

package/src/utils/validation.ts

@@ -1,5 +1,5 @@
 import { Buffer as SBuffer } from 'safe-buffer';
-import type { BinaryLike, BufferLike, KeyUsage } from './types';
+import type { BinaryLike, BufferLike, JWK, KeyUsage } from './types';
 import { lazyDOMException } from './errors';
 
 // The maximum buffer size that we'll support in the WebCrypto impl
@@ -57,6 +57,9 @@ export const validateMaxBufferLength = (
   }
 };
 
+// Returns the intersection of `usageSet` and the spread `usages`, preserving
+// the spread order. Dedup and canonical ordering are not performed here —
+// the `CryptoKey` constructor runs `getSortedUsages` on every input.
 export const getUsagesUnion = (usageSet: KeyUsage[], ...usages: KeyUsage[]) => {
   const newset: KeyUsage[] = [];
   for (let n = 0; n < usages.length; n++) {
@@ -67,6 +70,26 @@ export const getUsagesUnion = (usageSet: KeyUsage[], ...usages: KeyUsage[]) => {
   return newset;
 };
 
+const kCanonicalUsageOrder: readonly KeyUsage[] = [
+  'encrypt',
+  'decrypt',
+  'sign',
+  'verify',
+  'deriveKey',
+  'deriveBits',
+  'wrapKey',
+  'unwrapKey',
+  'encapsulateKey',
+  'encapsulateBits',
+  'decapsulateKey',
+  'decapsulateBits',
+];
+
+export function getSortedUsages(usages: KeyUsage[]): KeyUsage[] {
+  const set = new Set<KeyUsage>(usages);
+  return kCanonicalUsageOrder.filter(usage => set.has(usage));
+}
+
 const kKeyOps: {
   [key in KeyUsage]: number;
 } = {
@@ -120,6 +143,52 @@ export const validateKeyOps = (
   }
 };
 
+// WebCrypto JWK import structural validation, mirroring Node's
+// `internal/crypto/webcrypto_util.validateJwk` + `validateKeyOps`:
+//   - `ext`: if present and false, `extractable` must also be false
+//   - `use`: if `keyUsages` is non-empty and `use` is present, must equal
+//     the algorithm's expected use ('sig' or 'enc')
+//   - `key_ops`: must be an array, must not contain duplicates, and every
+//     requested usage must appear in it
+export function validateJwkStructure(
+  jwk: JWK,
+  extractable: boolean,
+  keyUsages: KeyUsage[],
+  expectedUse: 'sig' | 'enc',
+): void {
+  if (jwk.ext === false && extractable) {
+    throw lazyDOMException(
+      'JWK "ext" is false but extractable was requested',
+      'DataError',
+    );
+  }
+  if (keyUsages.length > 0 && jwk.use !== undefined) {
+    if (jwk.use !== expectedUse) {
+      throw lazyDOMException('Invalid JWK "use" Parameter', 'DataError');
+    }
+  }
+  if (jwk.key_ops !== undefined) {
+    if (!Array.isArray(jwk.key_ops)) {
+      throw lazyDOMException('JWK "key_ops" must be an array', 'DataError');
+    }
+    const seen = new Set<string>();
+    for (const op of jwk.key_ops) {
+      if (seen.has(op)) {
+        throw lazyDOMException('Duplicate key operation', 'DataError');
+      }
+      seen.add(op);
+    }
+    for (const usage of keyUsages) {
+      if (!jwk.key_ops.includes(usage)) {
+        throw lazyDOMException(
+          `JWK "key_ops" does not include requested usage "${usage}"`,
+          'DataError',
+        );
+      }
+    }
+  }
+}
+
 export function hasAnyNotIn(set: string[], checks: string[]) {
   for (const s of set) {
     if (!checks.includes(s)) {