fix: update ncrypto submodule and expand wrap/unwrap coverage (#914)

Author: boorad

.docs/implementation-coverage.md

@@ -435,39 +435,39 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
 ### wrapping algorithms
 | Algorithm           | Status |
 | ------------------- | :----: |
-| `AES-CBC`           | ❌ |
-| `AES-CTR`           | ❌ |
+| `AES-CBC`           | ✅ |
+| `AES-CTR`           | ✅ |
 | `AES-GCM`           | ✅ |
 | `AES-KW`            | ✅ |
 | `AES-OCB`           | ❌ |
 | `ChaCha20-Poly1305` | ✅ |
-| `RSA-OAEP`          | ❌ |
+| `RSA-OAEP`          | ✅ |
 
 ### unwrapped key algorithms
 | Algorithm           | Status |
 | ---------           | :----: |
-| `AES-CBC`           | ❌ |
-| `AES-CTR`           | ❌ |
-| `AES-GCM`           | ❌ |
-| `AES-KW`            | ❌ |
+| `AES-CBC`           | ✅ |
+| `AES-CTR`           | ✅ |
+| `AES-GCM`           | ✅ |
+| `AES-KW`            | ✅ |
 | `AES-OCB`           | ❌ |
-| `ChaCha20-Poly1305` | ❌ |
-| `ECDH`              | ❌ |
-| `ECDSA`             | ❌ |
-| `Ed25519`           | ❌ |
-| `Ed448`             | ❌ |
-| `HMAC`              | ❌ |
-| `ML-DSA-44`         | ❌ |
-| `ML-DSA-65`         | ❌ |
-| `ML-DSA-87`         | ❌ |
+| `ChaCha20-Poly1305` | ✅ |
+| `ECDH`              | ✅ |
+| `ECDSA`             | ✅ |
+| `Ed25519`           | ✅ |
+| `Ed448`             | ✅ |
+| `HMAC`              | ✅ |
+| `ML-DSA-44`         | ✅ |
+| `ML-DSA-65`         | ✅ |
+| `ML-DSA-87`         | ✅ |
 | `ML-KEM-512`        | ❌ |
 | `ML-KEM-768`        | ❌ |
 | `ML-KEM-1024`       | ❌ |
-| `RSA-OAEP`          | ❌ |
-| `RSA-PSS`           | ❌ |
-| `RSASSA-PKCS1-v1_5` | ❌ |
-| `X25519`            | ❌ |
-| `X448`              | ❌ |
+| `RSA-OAEP`          | ✅ |
+| `RSA-PSS`           | ✅ |
+| `RSASSA-PKCS1-v1_5` | ✅ |
+| `X25519`            | ✅ |
+| `X448`              | ✅ |
 
 ## `subtle.verify`
 | Algorithm           | Status |
@@ -487,10 +487,10 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
 ### wrapping algorithms
 | Algorithm           | Status |
 | ------------------- | :----: |
-| `AES-CBC`           | ❌ |
-| `AES-CTR`           | ❌ |
+| `AES-CBC`           | ✅ |
+| `AES-CTR`           | ✅ |
 | `AES-GCM`           | ✅ |
 | `AES-KW`            | ✅ |
 | `AES-OCB`           | ❌ |
 | `ChaCha20-Poly1305` | ✅ |
-| `RSA-OAEP`          | ❌ |
+| `RSA-OAEP`          | ✅ |

.gitmodules

@@ -3,5 +3,4 @@
 	url = https://github.com/BLAKE3-team/BLAKE3.git
 [submodule "packages/react-native-quick-crypto/deps/ncrypto"]
 	path = packages/react-native-quick-crypto/deps/ncrypto
-	url = https://github.com/boorad/ncrypto.git
-	branch = fix/use-BN_GENCB_get_arg
+	url = https://github.com/nodejs/ncrypto.git

example/ios/Podfile.lock

@@ -2811,7 +2811,7 @@ SPEC CHECKSUMS:
   MMKVCore: f2dd4c9befea04277a55e84e7812f930537993df
   NitroMmkv: afbc5b2fbf963be567c6c545aa1efcf6a9cec68e
   NitroModules: 11bba9d065af151eae51e38a6425e04c3b223ff3
-  QuickCrypto: ac4d2eead1de738bcf06f565c4ab31db817f88c1
+  QuickCrypto: e6f07c200580a5958c7233dbfed34e6df99b3891
   RCT-Folly: 846fda9475e61ec7bcbf8a3fe81edfcaeb090669
   RCTDeprecation: c4b9e2fd0ab200e3af72b013ed6113187c607077
   RCTRequired: e97dd5dafc1db8094e63bc5031e0371f092ae92a

example/src/tests/subtle/wrap_unwrap.ts

@@ -1,10 +1,7 @@
 import { test } from '../util';
 import { expect } from 'chai';
 import { subtle, getRandomValues } from 'react-native-quick-crypto';
-import { CryptoKey } from 'react-native-quick-crypto';
-
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-const subtleAny = subtle as any;
+import type { CryptoKey, CryptoKeyPair } from 'react-native-quick-crypto';
 
 const SUITE = 'subtle.wrapKey/unwrapKey';
 
@@ -22,14 +19,14 @@ test(SUITE, 'wrap/unwrap AES-256 with AES-KW', async () => {
     ['wrapKey', 'unwrapKey'],
   );
 
-  const wrapped = await subtleAny.wrapKey(
+  const wrapped = await subtle.wrapKey(
     'raw',
     keyToWrap as CryptoKey,
     wrappingKey as CryptoKey,
     { name: 'AES-KW' },
   );
 
-  const unwrapped = await subtleAny.unwrapKey(
+  const unwrapped = await subtle.unwrapKey(
     'raw',
     wrapped,
     wrappingKey as CryptoKey,
@@ -76,14 +73,14 @@ test(SUITE, 'wrap/unwrap with AES-GCM', async () => {
 
   const iv = getRandomValues(new Uint8Array(12));
 
-  const wrapped = await subtleAny.wrapKey(
+  const wrapped = await subtle.wrapKey(
     'raw',
     keyToWrap as CryptoKey,
     wrappingKey as CryptoKey,
     { name: 'AES-GCM', iv },
   );
 
-  const unwrapped = await subtleAny.unwrapKey(
+  const unwrapped = await subtle.unwrapKey(
     'raw',
     wrapped,
     wrappingKey as CryptoKey,
@@ -125,14 +122,14 @@ test(SUITE, 'wrap/unwrap JWK format', async () => {
     ['wrapKey', 'unwrapKey'],
   );
 
-  const wrapped = await subtleAny.wrapKey(
+  const wrapped = await subtle.wrapKey(
     'jwk',
     keyToWrap as CryptoKey,
     wrappingKey as CryptoKey,
     { name: 'AES-KW' },
   );
 
-  const unwrapped = await subtleAny.unwrapKey(
+  const unwrapped = await subtle.unwrapKey(
     'jwk',
     wrapped,
     wrappingKey as CryptoKey,
@@ -149,3 +146,215 @@ test(SUITE, 'wrap/unwrap JWK format', async () => {
     Buffer.from(exported2 as ArrayBuffer).toString('hex'),
   );
 });
+
+// Test 4: Wrap/unwrap with AES-CBC
+test(SUITE, 'wrap/unwrap with AES-CBC', async () => {
+  const keyToWrap = await subtle.generateKey(
+    { name: 'AES-GCM', length: 256 },
+    true,
+    ['encrypt', 'decrypt'],
+  );
+
+  const wrappingKey = await subtle.generateKey(
+    { name: 'AES-CBC', length: 256 },
+    true,
+    ['wrapKey', 'unwrapKey'],
+  );
+
+  const iv = getRandomValues(new Uint8Array(16));
+
+  const wrapped = await subtle.wrapKey(
+    'raw',
+    keyToWrap as CryptoKey,
+    wrappingKey as CryptoKey,
+    { name: 'AES-CBC', iv },
+  );
+
+  const unwrapped = await subtle.unwrapKey(
+    'raw',
+    wrapped,
+    wrappingKey as CryptoKey,
+    { name: 'AES-CBC', iv },
+    { name: 'AES-GCM', length: 256 },
+    true,
+    ['encrypt', 'decrypt'],
+  );
+
+  const plaintext = getRandomValues(new Uint8Array(32));
+  const gcmIv = getRandomValues(new Uint8Array(12));
+
+  const ct = await subtle.encrypt(
+    { name: 'AES-GCM', iv: gcmIv },
+    keyToWrap as CryptoKey,
+    plaintext,
+  );
+
+  const pt = await subtle.decrypt(
+    { name: 'AES-GCM', iv: gcmIv },
+    unwrapped as CryptoKey,
+    ct,
+  );
+
+  expect(Buffer.from(pt).toString('hex')).to.equal(
+    Buffer.from(plaintext).toString('hex'),
+  );
+});
+
+// Test 5: Wrap/unwrap with AES-CTR
+test(SUITE, 'wrap/unwrap with AES-CTR', async () => {
+  const keyToWrap = await subtle.generateKey(
+    { name: 'HMAC', hash: 'SHA-256', length: 256 },
+    true,
+    ['sign', 'verify'],
+  );
+
+  const wrappingKey = await subtle.generateKey(
+    { name: 'AES-CTR', length: 256 },
+    true,
+    ['wrapKey', 'unwrapKey'],
+  );
+
+  const counter = getRandomValues(new Uint8Array(16));
+
+  const wrapped = await subtle.wrapKey(
+    'raw',
+    keyToWrap as CryptoKey,
+    wrappingKey as CryptoKey,
+    { name: 'AES-CTR', counter, length: 64 },
+  );
+
+  const unwrapped = await subtle.unwrapKey(
+    'raw',
+    wrapped,
+    wrappingKey as CryptoKey,
+    { name: 'AES-CTR', counter, length: 64 },
+    { name: 'HMAC', hash: 'SHA-256' },
+    true,
+    ['sign', 'verify'],
+  );
+
+  const data = new Uint8Array([1, 2, 3, 4]);
+  const sig1 = await subtle.sign(
+    { name: 'HMAC' },
+    keyToWrap as CryptoKey,
+    data,
+  );
+  const sig2 = await subtle.sign(
+    { name: 'HMAC' },
+    unwrapped as CryptoKey,
+    data,
+  );
+
+  expect(Buffer.from(sig1).toString('hex')).to.equal(
+    Buffer.from(sig2).toString('hex'),
+  );
+});
+
+// Test 6: Wrap/unwrap with RSA-OAEP
+test(SUITE, 'wrap/unwrap with RSA-OAEP', async () => {
+  const keyToWrap = await subtle.generateKey(
+    { name: 'AES-GCM', length: 128 },
+    true,
+    ['encrypt', 'decrypt'],
+  );
+
+  const rsaKeyPair = await subtle.generateKey(
+    {
+      name: 'RSA-OAEP',
+      modulusLength: 2048,
+      publicExponent: new Uint8Array([1, 0, 1]),
+      hash: 'SHA-256',
+    },
+    true,
+    ['wrapKey', 'unwrapKey'],
+  );
+
+  const wrapped = await subtle.wrapKey(
+    'raw',
+    keyToWrap as CryptoKey,
+    (rsaKeyPair as CryptoKeyPair).publicKey as CryptoKey,
+    { name: 'RSA-OAEP' },
+  );
+
+  const unwrapped = await subtle.unwrapKey(
+    'raw',
+    wrapped,
+    (rsaKeyPair as CryptoKeyPair).privateKey as CryptoKey,
+    { name: 'RSA-OAEP' },
+    { name: 'AES-GCM', length: 128 },
+    true,
+    ['encrypt', 'decrypt'],
+  );
+
+  const plaintext = getRandomValues(new Uint8Array(32));
+  const iv = getRandomValues(new Uint8Array(12));
+
+  const ct = await subtle.encrypt(
+    { name: 'AES-GCM', iv },
+    keyToWrap as CryptoKey,
+    plaintext,
+  );
+
+  const pt = await subtle.decrypt(
+    { name: 'AES-GCM', iv },
+    unwrapped as CryptoKey,
+    ct,
+  );
+
+  expect(Buffer.from(pt).toString('hex')).to.equal(
+    Buffer.from(plaintext).toString('hex'),
+  );
+});
+
+// Test 7: Wrap/unwrap with ChaCha20-Poly1305
+test(SUITE, 'wrap/unwrap with ChaCha20-Poly1305', async () => {
+  const keyToWrap = await subtle.generateKey(
+    { name: 'AES-GCM', length: 256 },
+    true,
+    ['encrypt', 'decrypt'],
+  );
+
+  const wrappingKey = await subtle.generateKey(
+    { name: 'ChaCha20-Poly1305', length: 256 },
+    true,
+    ['wrapKey', 'unwrapKey'],
+  );
+
+  const iv = getRandomValues(new Uint8Array(12));
+
+  const wrapped = await subtle.wrapKey(
+    'raw',
+    keyToWrap as CryptoKey,
+    wrappingKey as CryptoKey,
+    { name: 'ChaCha20-Poly1305', iv },
+  );
+
+  const unwrapped = await subtle.unwrapKey(
+    'raw',
+    wrapped,
+    wrappingKey as CryptoKey,
+    { name: 'ChaCha20-Poly1305', iv },
+    { name: 'AES-GCM', length: 256 },
+    true,
+    ['encrypt', 'decrypt'],
+  );
+
+  const plaintext = getRandomValues(new Uint8Array(32));
+  const gcmIv = getRandomValues(new Uint8Array(12));
+
+  const ct = await subtle.encrypt(
+    { name: 'AES-GCM', iv: gcmIv },
+    keyToWrap as CryptoKey,
+    plaintext,
+  );
+
+  const pt = await subtle.decrypt(
+    { name: 'AES-GCM', iv: gcmIv },
+    unwrapped as CryptoKey,
+    ct,
+  );
+
+  expect(Buffer.from(pt).toString('hex')).to.equal(
+    Buffer.from(plaintext).toString('hex'),
+  );
+});

packages/react-native-quick-crypto/QuickCrypto.podspec

@@ -112,7 +112,7 @@ Pod::Spec.new do |s|
     # implementation (C++)
     "cpp/**/*.{hpp,cpp}",
     # dependencies (C++) - ncrypto
-    "deps/ncrypto/include/*.{h}",
+    "deps/ncrypto/include/**/*.{h}",
     "deps/ncrypto/src/*.{cpp}",
     # dependencies (C) - exclude BLAKE3 x86 SIMD files (only use portable + NEON for ARM)
     "deps/blake3/c/*.{h,c}",

packages/react-native-quick-crypto/android/CMakeLists.txt

@@ -55,6 +55,8 @@ add_library(
   ../cpp/utils/HybridUtils.cpp
   ${BLAKE3_SOURCES}
   ../deps/fastpbkdf2/fastpbkdf2.c
+  ../deps/ncrypto/src/aead.cpp
+  ../deps/ncrypto/src/engine.cpp
   ../deps/ncrypto/src/ncrypto.cpp
 )