chore: audit implementation coverage and fix ECDH deriveBits (#910)

Author: boorad

.claude/commands/commit.md

@@ -0,0 +1,40 @@
+# Commit Changes
+
+Stage and commit the current changes with a well-crafted message.
+
+## Instructions
+
+When activated, commit the current working tree changes:
+
+1. **Sync with remote**:
+   - Run `git fetch origin main` to get latest upstream
+   - Run `git log HEAD..origin/main --oneline` to check if main has moved ahead
+   - If it has, warn the user but don't rebase automatically
+
+2. **Ensure we're not on main**:
+   - Run `git branch --show-current`
+   - If on `main`, create a new feature branch:
+     - Look at the staged/unstaged changes to infer a branch name
+     - Run `git checkout -b feat/<descriptive-name>`
+     - Inform the user of the new branch name
+
+3. **Review changes**:
+   - Run `git diff --stat` and `git diff --staged --stat` to see what's changed
+   - If nothing is staged, run `git add -A` to stage everything
+   - Run `git diff --staged --stat` to confirm what will be committed
+
+4. **Generate commit message**:
+   - Use conventional commit format: `type: short description`
+   - Types: `feat`, `fix`, `refactor`, `chore`, `docs`, `test`
+   - If the change is substantial, add a body paragraph separated by a blank line
+   - Body should explain **what** changed and **why**, not how (the diff shows how)
+   - Keep the subject line under 72 characters
+
+5. **Commit**:
+   ```bash
+   git commit -m "<message>"
+   ```
+
+6. **Report** the commit hash and summary to the user
+
+If the user provides arguments (e.g., `/commit "fix: resolve race condition"`), use that as the commit message instead of generating one.

.claude/plans/quick-wins.md

@@ -0,0 +1,43 @@
+# Quick Implementation Wins
+
+Items identified during the implementation-coverage audit (#907) that should be
+straightforward to implement.
+
+## crypto.hash() oneshot function
+- Node.js v21.7.0+ `crypto.hash(algorithm, data[, outputEncoding])`
+- Simply wraps createHash/update/digest in one call
+- Trivial to implement — just a convenience function
+- Reference: `crypto.createHash(algorithm).update(data).digest(outputEncoding)`
+
+## subtle.deriveKey with ECDH
+- `subtle.deriveBits` already supports ECDH via `ecDeriveBits()`
+- `subtle.deriveKey` is missing the ECDH case in its switch statement
+- Fix: add `case 'ECDH':` to the deriveKey switch that calls deriveBits (same pattern as X25519/X448)
+
+## crypto.getCurves()
+- Similar to existing `getCiphers()` and `getHashes()`
+- Returns list of supported EC curve names
+- OpenSSL has APIs to enumerate curves
+
+## Ed25519/Ed448 JWK export/import
+- spki/pkcs8/raw formats already work
+- JWK is the remaining gap
+- Node.js and WebCrypto both support JWK for Ed25519/Ed448
+- Closes #653 (subtle.importKey with Ed25519)
+
+## KeyObject.equals()
+- Compare two KeyObjects for equality
+- Should be straightforward with exported key comparison
+
+## KeyObject.symmetricKeySize
+- Return the size of a symmetric key in bytes
+- Simple property accessor
+
+## createDiffieHellmanGroup alias
+- Node.js exports `createDiffieHellmanGroup` as an alias for `getDiffieHellman`
+- `getDiffieHellman` already exists and works
+- Just add a re-export: `export { getDiffieHellman as createDiffieHellmanGroup }`
+
+## diffieHellman.verifyError
+- DiffieHellman class is fully implemented except this property
+- Returns verification errors from DH parameter checking

.docs/implementation-coverage.md

@@ -121,7 +121,7 @@ These algorithms provide quantum-resistant cryptography.
   * ✅ `crypto.createSign(algorithm[, options])`
   * ✅ `crypto.createVerify(algorithm[, options])`
   * ❌ `crypto.decapsulate(key, ciphertext[, callback])`
-  * ❌ `crypto.diffieHellman(options[, callback])`
+  * ✅ `crypto.diffieHellman(options[, callback])`
   * ❌ `crypto.encapsulate(key[, callback])`
   * ❌ `crypto.fips` deprecated
   * ✅ `crypto.generateKey(type, options, callback)`
@@ -290,7 +290,7 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
 ## `subtle.deriveBits`
 | Algorithm  | Status |
 | ---------  | :----: |
-| `ECDH`     | ❌ |
+| `ECDH`     | ✅ |
 | `X25519`   | ✅ |
 | `X448`     | ✅ |
 | `HKDF`     | ✅ |
@@ -336,11 +336,11 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
 | `AES-GCM`           |        |         | ✅    | ✅    | ✅           |              |            |
 | `AES-KW`            |        |         | ✅    | ✅    | ✅           |              |            |
 | `AES-OCB`           |        |         | ❌    |       | ❌           |              |            |
-| `ChaCha20-Poly1305` |        |         | ❌    |       | ❌           |              |            |
+| `ChaCha20-Poly1305` |        |         | ✅    |       | ✅           |              |            |
 | `ECDH`              | ✅     | ✅      | ✅    | ✅    |              | ✅           |            |
 | `ECDSA`             | ✅     | ✅      | ✅    | ✅    |              | ✅           |            |
-| `Ed25519`           | ✅     | ✅      | ❌    | ❌    |              | ❌           |            |
-| `Ed448`             | ✅     | ✅      | ❌    | ❌    |              | ❌           |            |
+| `Ed25519`           | ✅     | ✅      | ❌    | ✅    |              | ❌           |            |
+| `Ed448`             | ✅     | ✅      | ❌    | ✅    |              | ❌           |            |
 | `HMAC`              |        |         | ✅    | ✅    | ✅           |              |            |
 | `ML-DSA-44`         | ✅     | ✅      | ✅    |       |              | ✅           | ✅         |
 | `ML-DSA-65`         | ✅     | ✅      | ✅    |       |              | ✅           | ✅         |
@@ -374,18 +374,18 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
 | `RSA-OAEP`          | ✅ |
 | `RSA-PSS`           | ✅ |
 | `RSASSA-PKCS1-v1_5` | ✅ |
-| `X25519`            | ❌ |
-| `X448`              | ❌ |
+| `X25519`            | ✅ |
+| `X448`              | ✅ |
 
 ### `CryptoKey` algorithms
 | Algorithm           | Status |
 | ---------           | :----: |
 | `AES-CTR`           | ✅ |
 | `AES-CBC`           | ✅ |
 | `AES-GCM`           | ✅ |
-| `AES-KW`            | ❌ |
+| `AES-KW`            | ✅ |
 | `AES-OCB`           | ❌ |
-| `ChaCha20-Poly1305` | ❌ |
+| `ChaCha20-Poly1305` | ✅ |
 | `HMAC`              | ✅ |
 
 ## `subtle.importKey`
@@ -396,7 +396,7 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
 | `AES-GCM`           |        |         | ✅    | ✅    | ✅           |              |            |
 | `AES-KW`            |        |         | ✅    | ✅    | ✅           |              |            |
 | `AES-OCB`           |        |         | ❌    |       | ❌           |              |            |
-| `ChaCha20-Poly1305` |        |         | ❌    |       | ❌           |              |            |
+| `ChaCha20-Poly1305` |        |         | ✅    |       | ✅           |              |            |
 | `ECDH`              | ✅     | ✅      | ✅    | ✅    |              | ✅           |            |
 | `ECDSA`             | ✅     | ✅      | ✅    | ✅    |              | ✅           |            |
 | `Ed25519`           | ✅     | ✅      | ❌    | ❌    |              | ❌           |            |

docs/data/coverage.ts

@@ -135,9 +135,9 @@ export const COVERAGE_DATA: CoverageCategory[] = [
       { name: 'constants', status: 'implemented' },
       { name: 'createCipheriv', status: 'implemented' },
       { name: 'createDecipheriv', status: 'implemented' },
-      { name: 'createDiffieHellman', status: 'missing' },
+      { name: 'createDiffieHellman', status: 'implemented' },
       { name: 'createDiffieHellmanGroup', status: 'missing' },
-      { name: 'createECDH', status: 'missing' },
+      { name: 'createECDH', status: 'implemented' },
       { name: 'createHash', status: 'implemented' },
       { name: 'createHmac', status: 'implemented' },
       { name: 'createPrivateKey', status: 'implemented' },
@@ -205,7 +205,7 @@ export const COVERAGE_DATA: CoverageCategory[] = [
       { name: 'getCipherInfo', status: 'missing' },
       { name: 'getCiphers', status: 'implemented' },
       { name: 'getCurves', status: 'missing' },
-      { name: 'getDiffieHellman', status: 'missing' },
+      { name: 'getDiffieHellman', status: 'implemented' },
       { name: 'getFips', status: 'missing' },
       { name: 'getHashes', status: 'implemented' },
       { name: 'getRandomValues', status: 'implemented' },
@@ -274,7 +274,7 @@ export const COVERAGE_DATA: CoverageCategory[] = [
       {
         name: 'crypto.subtle.deriveBits',
         subItems: [
-          { name: 'ECDH', status: 'missing' },
+          { name: 'ECDH', status: 'implemented' },
           { name: 'X25519', status: 'implemented' },
           { name: 'X448', status: 'implemented' },
           { name: 'HKDF', status: 'implemented' },
@@ -326,8 +326,8 @@ export const COVERAGE_DATA: CoverageCategory[] = [
           { name: 'AES-OCB', status: 'missing', note: 'Not implemented' },
           {
             name: 'ChaCha20-Poly1305',
-            status: 'missing',
-            note: 'Not implemented',
+            status: 'partial',
+            note: 'jwk, raw',
           },
           {
             name: 'ECDH',
@@ -339,8 +339,8 @@ export const COVERAGE_DATA: CoverageCategory[] = [
             status: 'partial',
             note: 'spki, pkcs8, jwk, raw, raw-public',
           },
-          { name: 'Ed25519', status: 'partial', note: 'spki, pkcs8' },
-          { name: 'Ed448', status: 'partial', note: 'spki, pkcs8' },
+          { name: 'Ed25519', status: 'partial', note: 'spki, pkcs8, raw' },
+          { name: 'Ed448', status: 'partial', note: 'spki, pkcs8, raw' },
           { name: 'HMAC', status: 'partial', note: 'jwk, raw, raw-secret' },
           {
             name: 'ML-DSA-44',
@@ -385,14 +385,14 @@ export const COVERAGE_DATA: CoverageCategory[] = [
           { name: 'RSA-OAEP', status: 'implemented' },
           { name: 'RSA-PSS', status: 'implemented' },
           { name: 'RSASSA-PKCS1-v1_5', status: 'implemented' },
-          { name: 'X25519', status: 'missing' },
-          { name: 'X448', status: 'missing' },
+          { name: 'X25519', status: 'implemented' },
+          { name: 'X448', status: 'implemented' },
           { name: 'AES-CTR', status: 'implemented' },
           { name: 'AES-CBC', status: 'implemented' },
           { name: 'AES-GCM', status: 'implemented' },
-          { name: 'AES-KW', status: 'missing' },
+          { name: 'AES-KW', status: 'implemented' },
           { name: 'AES-OCB', status: 'missing' },
-          { name: 'ChaCha20-Poly1305', status: 'missing' },
+          { name: 'ChaCha20-Poly1305', status: 'implemented' },
           { name: 'HMAC', status: 'implemented' },
         ],
       },
@@ -404,7 +404,7 @@ export const COVERAGE_DATA: CoverageCategory[] = [
           { name: 'AES-GCM', status: 'partial', note: 'jwk, raw, raw-secret' },
           { name: 'AES-KW', status: 'partial', note: 'jwk, raw, raw-secret' },
           { name: 'AES-OCB', status: 'missing' },
-          { name: 'ChaCha20-Poly1305', status: 'missing' },
+          { name: 'ChaCha20-Poly1305', status: 'partial', note: 'jwk, raw' },
           {
             name: 'ECDH',
             status: 'partial',

example/ios/Podfile.lock

@@ -2811,7 +2811,7 @@ SPEC CHECKSUMS:
   MMKVCore: f2dd4c9befea04277a55e84e7812f930537993df
   NitroMmkv: afbc5b2fbf963be567c6c545aa1efcf6a9cec68e
   NitroModules: 11bba9d065af151eae51e38a6425e04c3b223ff3
-  QuickCrypto: 9e46baaa4fea5a22fdf23c3aae184b983c948b23
+  QuickCrypto: ac4d2eead1de738bcf06f565c4ab31db817f88c1
   RCT-Folly: 846fda9475e61ec7bcbf8a3fe81edfcaeb090669
   RCTDeprecation: c4b9e2fd0ab200e3af72b013ed6113187c607077
   RCTRequired: e97dd5dafc1db8094e63bc5031e0371f092ae92a