feat: expand support with modern curves, AEAD, key wrapping, derivation & HMAC

.github/actions/post-maestro-screenshot/action.yml

@@ -14,7 +14,7 @@ inputs:
     default: 'unknown'
   imgbb-api-key:
     description: 'ImgBB API key for image hosting'
-    required: true
+    required: false
 
 runs:
   using: 'composite'
@@ -69,7 +69,7 @@ runs:
         fi
 
     - name: Upload screenshot to ImgBB
-      if: steps.check-screenshot.outputs.exists == 'true' && github.event_name == 'pull_request'
+      if: steps.check-screenshot.outputs.exists == 'true' && github.event_name == 'pull_request' && inputs.imgbb-api-key != ''
       id: upload-screenshot
       uses: McCzarny/[email protected]
       with:
@@ -82,13 +82,15 @@ runs:
       uses: peter-evans/find-comment@v3
       id: find-comment
       if: github.event_name == 'pull_request'
+      continue-on-error: true
       with:
         issue-number: ${{ github.event.pull_request.number }}
         comment-author: 'github-actions[bot]'
         body-includes: End-to-End Test Results - ${{ inputs.platform == 'ios' && 'iOS' || 'Android' }}
 
     - name: Create or update PR comment (with screenshot)
       if: github.event_name == 'pull_request' && steps.check-screenshot.outputs.exists == 'true' && steps.upload-screenshot.outputs.url
+      continue-on-error: true
       uses: peter-evans/create-or-update-comment@v4
       with:
         token: ${{ inputs.github-token }}
@@ -113,6 +115,7 @@ runs:
 
     - name: Create or update PR comment (no screenshot)
       if: github.event_name == 'pull_request' && steps.check-screenshot.outputs.exists != 'true'
+      continue-on-error: true
       uses: peter-evans/create-or-update-comment@v4
       with:
         token: ${{ inputs.github-token }}
@@ -135,6 +138,7 @@ runs:
 
     - name: Create or update PR comment (upload failed)
       if: github.event_name == 'pull_request' && steps.check-screenshot.outputs.exists == 'true' && !steps.upload-screenshot.outputs.url
+      continue-on-error: true
       uses: peter-evans/create-or-update-comment@v4
       with:
         token: ${{ inputs.github-token }}

.gitignore

@@ -187,4 +187,6 @@ tsconfig.tsbuildinfo
 # development stuffs
 *scratch*
 
+# agents
 .claude/settings.local.json
+.agent/

.husky/pre-commit

@@ -1,3 +1,6 @@
+# Add bun to PATH
+export PATH="$HOME/.bun/bin:$PATH"
+
 # Run linting and formatting on staged files
 bun lint-staged
 

bun.lock

@@ -30,7 +30,7 @@
     },
     "example": {
       "name": "react-native-quick-crypto-example",
-      "version": "1.0.0",
+      "version": "1.0.1",
       "dependencies": {
         "@craftzdog/react-native-buffer": "6.1.0",
         "@noble/ciphers": "^2.0.1",
@@ -47,7 +47,7 @@
         "react": "19.1.0",
         "react-native": "0.81.1",
         "react-native-bouncy-checkbox": "4.1.2",
-        "react-native-fast-encoder": "^0.3.1",
+        "react-native-fast-encoder": "0.3.1",
         "react-native-nitro-modules": "0.29.1",
         "react-native-quick-base64": "2.2.2",
         "react-native-quick-crypto": "workspace:*",
@@ -87,7 +87,7 @@
     },
     "packages/react-native-quick-crypto": {
       "name": "react-native-quick-crypto",
-      "version": "1.0.0",
+      "version": "1.0.1",
       "dependencies": {
         "@craftzdog/react-native-buffer": "6.1.0",
         "events": "3.3.0",
@@ -1308,7 +1308,7 @@
 
     "expo-asset": ["[email protected]", "", { "dependencies": { "@expo/image-utils": "^0.8.7", "expo-constants": "~18.0.10" }, "peerDependencies": { "expo": "*", "react": "*", "react-native": "*" } }, "sha512-pZyeJkoDsALh4gpCQDzTA/UCLaPH/1rjQNGubmLn/uDM27S4iYJb/YWw4+CNZOtd5bCUOhDPg5DtGQnydNFSXg=="],
 
-    "expo-build-properties": ["[email protected].9", "", { "dependencies": { "ajv": "^8.11.0", "semver": "^7.6.0" }, "peerDependencies": { "expo": "*" } }, "sha512-2icttCy3OPTk/GWIFt+vwA+0hup53jnmYb7JKRbvNvrrOrz+WblzpeoiaOleI2dYG/vjwpNO8to8qVyKhYJtrQ=="],
+    "expo-build-properties": ["[email protected].10", "", { "dependencies": { "ajv": "^8.11.0", "semver": "^7.6.0" }, "peerDependencies": { "expo": "*" } }, "sha512-mFCZbrbrv0AP5RB151tAoRzwRJelqM7bCJzCkxpu+owOyH+p/rFC/q7H5q8B9EpVWj8etaIuszR+gKwohpmu1Q=="],
 
     "expo-constants": ["[email protected]", "", { "dependencies": { "@expo/config": "~12.0.10", "@expo/env": "~2.0.7" }, "peerDependencies": { "expo": "*", "react-native": "*" } }, "sha512-Rhtv+X974k0Cahmvx6p7ER5+pNhBC0XbP1lRviL2J1Xl4sT2FBaIuIxF/0I0CbhOsySf0ksqc5caFweAy9Ewiw=="],
 
@@ -1340,7 +1340,7 @@
 
     "fast-levenshtein": ["[email protected]", "", {}, ""],
 
-    "fast-uri": ["fast-uri@3.1.0", "", {}, "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA=="],
+    "fast-uri": ["fast-uri@3.0.6", "", {}, "sha512-Atfo14OibSv5wAp4VWNsFYE1AchQRTv9cBGWET4pZWHzYshFSS9NQI6I57rdKn9croWVMbYFbLhJ+yJvmZIIHw=="],
 
     "fast-xml-parser": ["[email protected]", "", { "dependencies": { "strnum": "^1.0.5" }, "bin": { "fxparser": "src/cli/cli.js" } }, ""],
 

docs/implementation-coverage.md

@@ -1,6 +1,8 @@
 # Implementation Coverage - NodeJS
 This document attempts to describe the implementation status of Crypto APIs/Interfaces from Node.js in the `react-native-quick-crypto` library.
 
+> Note: This is the status for version 1.x and higher. For version `0.x` see [this document](https://github.com/margelo/react-native-quick-crypto/blob/0.x/docs/implementation-coverage.md) and the [0.x branch](https://github.com/margelo/react-native-quick-crypto/tree/0.x).
+
 * ` ` - not implemented in Node
 * ❌ - implemented in Node, not RNQC
 * ✅ - implemented in Node and RNQC
@@ -13,6 +15,7 @@ This document attempts to describe the implementation status of Crypto APIs/Inte
 
 These algorithms provide quantum-resistant cryptography.
 
+
 # `Crypto`
 
 * ❌ Class: `Certificate`
@@ -260,9 +263,9 @@ These algorithms provide quantum-resistant cryptography.
   * ❌ `subtle.getPublicKey(key, keyUsages)`
   * 🚧 `subtle.importKey(format, keyData, algorithm, extractable, keyUsages)`
   * ✅ `subtle.sign(algorithm, key, data)`
-  * ❌ `subtle.unwrapKey(format, wrappedKey, unwrappingKey, unwrapAlgo, unwrappedKeyAlgo, extractable, keyUsages)`
+  * ✅ `subtle.unwrapKey(format, wrappedKey, unwrappingKey, unwrapAlgo, unwrappedKeyAlgo, extractable, keyUsages)`
   * ✅ `subtle.verify(algorithm, key, signature, data)`
-  * ❌ `subtle.wrapKey(format, key, wrappingKey, wrapAlgo)`
+  * ✅ `subtle.wrapKey(format, key, wrappingKey, wrapAlgo)`
 
 ## `subtle.decrypt`
 | Algorithm  | Status |
@@ -271,13 +274,14 @@ These algorithms provide quantum-resistant cryptography.
 | `AES-CTR`  | ✅ |
 | `AES-CBC`  | ✅ |
 | `AES-GCM`  | ✅ |
+| `ChaCha20-Poly1305` | ✅ |
 
 ## `subtle.deriveBits`
 | Algorithm  | Status |
 | ---------  | :----: |
 | `ECDH`     | ❌ |
-| `X25519`   | ❌ |
-| `X448`     | ❌ |
+| `X25519`   | ✅ |
+| `X448`     | ✅ |
 | `HKDF`     | ❌ |
 | `PBKDF2`   | ✅ |
 
@@ -286,9 +290,9 @@ These algorithms provide quantum-resistant cryptography.
 | ---------  | :----: |
 | `ECDH`     | ❌ |
 | `HKDF`     | ❌ |
-| `PBKDF2`   | ❌ |
-| `X25519`   | ❌ |
-| `X448`     | ❌ |
+| `PBKDF2`   | ✅ |
+| `X25519`   | ✅ |
+| `X448`     | ✅ |
 
 ## `subtle.digest`
 | Algorithm   | Status |
@@ -310,7 +314,7 @@ These algorithms provide quantum-resistant cryptography.
 | `AES-CBC`           | ✅ |
 | `AES-GCM`           | ✅ |
 | `AES-OCB`           | ❌ |
-| `ChaCha20-Poly1305` | ❌ |
+| `ChaCha20-Poly1305` | ✅ |
 | `RSA-OAEP`          | ✅ |
 
 ## `subtle.exportKey`
@@ -398,8 +402,8 @@ These algorithms provide quantum-resistant cryptography.
 | `RSA-OAEP`          | ✅     | ✅      | ✅    |       |              |              |            |
 | `RSA-PSS`           | ✅     | ✅      | ✅    |       |              |              |            |
 | `RSASSA-PKCS1-v1_5` | ✅     | ✅      | ✅    |       |              |              |            |
-| `X25519`            | ❌     | ❌      | ❌    | ❌    |              | ❌           |            |
-| `X448`              | ❌     | ❌      | ❌    | ❌    |              | ❌           |            |
+| `X25519`            | ✅     | ✅      | ✅    | ✅    |              | ✅           |            |
+| `X448`              | ✅     | ✅      | ✅    | ✅    |              | ✅           |            |
 
 ## `subtle.sign`
 | Algorithm           | Status |
@@ -421,10 +425,10 @@ These algorithms provide quantum-resistant cryptography.
 | ------------------- | :----: |
 | `AES-CBC`           | ❌ |
 | `AES-CTR`           | ❌ |
-| `AES-GCM`           | ❌ |
-| `AES-KW`            | ❌ |
+| `AES-GCM`           | ✅ |
+| `AES-KW`            | ✅ |
 | `AES-OCB`           | ❌ |
-| `ChaCha20-Poly1305` | ❌ |
+| `ChaCha20-Poly1305` | ✅ |
 | `RSA-OAEP`          | ❌ |
 
 ### unwrapped key algorithms
@@ -473,8 +477,8 @@ These algorithms provide quantum-resistant cryptography.
 | ------------------- | :----: |
 | `AES-CBC`           | ❌ |
 | `AES-CTR`           | ❌ |
-| `AES-GCM`           | ❌ |
-| `AES-KW`            | ❌ |
+| `AES-GCM`           | ✅ |
+| `AES-KW`            | ✅ |
 | `AES-OCB`           | ❌ |
-| `ChaCha20-Poly1305` | ❌ |
+| `ChaCha20-Poly1305` | ✅ |
 | `RSA-OAEP`          | ❌ |

example/package.json

@@ -36,10 +36,10 @@
     "react": "19.1.0",
     "react-native": "0.81.1",
     "react-native-bouncy-checkbox": "4.1.2",
-    "react-native-fast-encoder": "^0.3.1",
+    "react-native-fast-encoder": "0.3.1",
     "react-native-nitro-modules": "0.29.1",
     "react-native-quick-base64": "2.2.2",
-    "react-native-quick-crypto": "1.0.1",
+    "react-native-quick-crypto": "workspace:*",
     "react-native-safe-area-context": "^5.2.2",
     "react-native-screens": "4.18.0",
     "react-native-vector-icons": "^10.3.0",

example/src/hooks/useTestsList.ts

@@ -19,13 +19,16 @@ import '../tests/keys/public_cipher';
 import '../tests/keys/sign_verify_streaming';
 import '../tests/pbkdf2/pbkdf2_tests';
 import '../tests/random/random_tests';
+import '../tests/subtle/x25519_x448';
 import '../tests/subtle/deriveBits';
+import '../tests/subtle/derive_key';
 import '../tests/subtle/digest';
 import '../tests/subtle/encrypt_decrypt';
 import '../tests/subtle/generateKey';
 import '../tests/subtle/import_export';
 import '../tests/subtle/jwk_rfc7517_tests';
 import '../tests/subtle/sign_verify';
+import '../tests/subtle/wrap_unwrap';
 
 export const useTestsList = (): [
   TestSuites,

example/src/tests/subtle/derive_key.ts

@@ -0,0 +1,100 @@
+import { test } from '../util';
+import { expect } from 'chai';
+import { subtle, getRandomValues } from 'react-native-quick-crypto';
+import { CryptoKey } from 'react-native-quick-crypto';
+import type { CryptoKeyPair } from 'react-native-quick-crypto';
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+const subtleAny = subtle as any;
+
+const SUITE = 'subtle.deriveKey';
+
+// Test 1: PBKDF2 deriveKey
+test(SUITE, 'PBKDF2 deriveKey to AES-GCM', async () => {
+  const password = new TextEncoder().encode('my-password');
+  const salt = getRandomValues(new Uint8Array(16));
+
+  const baseKey = await subtle.importKey(
+    'raw',
+    password,
+    { name: 'PBKDF2' },
+    false,
+    ['deriveKey'],
+  );
+
+  const derivedKey = await subtleAny.deriveKey(
+    {
+      name: 'PBKDF2',
+      salt,
+      iterations: 100000,
+      hash: 'SHA-256',
+    },
+    baseKey as CryptoKey,
+    { name: 'AES-GCM', length: 256 },
+    true,
+    ['encrypt', 'decrypt'],
+  );
+
+  // Verify key can encrypt/decrypt
+  const plaintext = new Uint8Array([1, 2, 3, 4]);
+  const iv = getRandomValues(new Uint8Array(12));
+
+  const ciphertext = await subtle.encrypt(
+    { name: 'AES-GCM', iv },
+    derivedKey as CryptoKey,
+    plaintext,
+  );
+
+  const decrypted = await subtle.decrypt(
+    { name: 'AES-GCM', iv },
+    derivedKey as CryptoKey,
+    ciphertext,
+  );
+
+  expect(Buffer.from(decrypted).toString('hex')).to.equal(
+    Buffer.from(plaintext).toString('hex'),
+  );
+});
+
+// Test 2: X25519 deriveKey
+test(SUITE, 'X25519 deriveKey to AES-GCM', async () => {
+  const aliceKeyPair = await subtle.generateKey({ name: 'X25519' }, false, [
+    'deriveKey',
+    'deriveBits',
+  ]);
+
+  const bobKeyPair = await subtle.generateKey({ name: 'X25519' }, false, [
+    'deriveKey',
+    'deriveBits',
+  ]);
+
+  const aliceDerivedKey = await subtleAny.deriveKey(
+    {
+      name: 'X25519',
+      public: (bobKeyPair as CryptoKeyPair).publicKey,
+    },
+    (aliceKeyPair as CryptoKeyPair).privateKey,
+    { name: 'AES-GCM', length: 256 },
+    true,
+    ['encrypt', 'decrypt'],
+  );
+
+  const bobDerivedKey = await subtleAny.deriveKey(
+    {
+      name: 'X25519',
+      public: (aliceKeyPair as CryptoKeyPair).publicKey,
+    },
+    (bobKeyPair as CryptoKeyPair).privateKey,
+    { name: 'AES-GCM', length: 256 },
+    true,
+    ['encrypt', 'decrypt'],
+  );
+
+  // Both should derive the same key
+  const aliceRaw = await subtle.exportKey('raw', aliceDerivedKey as CryptoKey);
+  const bobRaw = await subtle.exportKey('raw', bobDerivedKey as CryptoKey);
+
+  expect(Buffer.from(aliceRaw as ArrayBuffer).toString('hex')).to.equal(
+    Buffer.from(bobRaw as ArrayBuffer).toString('hex'),
+  );
+});