refactor: migrate from deprecated EC_KEY APIs to OpenSSL 3.x EVP parameter APIs (#935)

Author: boorad

example/src/tests/ecdh/ecdh_tests.ts

@@ -69,6 +69,69 @@ test(SUITE, 'should work with string input', () => {
   assert.isOk(secret);
 });
 
+test(SUITE, 'should set private key and compute secret for P-384', () => {
+  const alice = crypto.createECDH('secp384r1');
+  alice.generateKeys();
+  const priv = alice.getPrivateKey();
+
+  const alice2 = crypto.createECDH('secp384r1');
+  alice2.setPrivateKey(priv);
+
+  assert.strictEqual(
+    alice.getPublicKey().toString('hex'),
+    alice2.getPublicKey().toString('hex'),
+  );
+
+  const bob = crypto.createECDH('secp384r1');
+  bob.generateKeys();
+
+  const secret1 = alice.computeSecret(bob.getPublicKey());
+  const secret2 = alice2.computeSecret(bob.getPublicKey());
+  assert.strictEqual(secret1.toString('hex'), secret2.toString('hex'));
+});
+
+test(SUITE, 'should set private key and compute secret for P-521', () => {
+  const alice = crypto.createECDH('secp521r1');
+  alice.generateKeys();
+  const priv = alice.getPrivateKey();
+
+  const alice2 = crypto.createECDH('secp521r1');
+  alice2.setPrivateKey(priv);
+
+  assert.strictEqual(
+    alice.getPublicKey().toString('hex'),
+    alice2.getPublicKey().toString('hex'),
+  );
+
+  const bob = crypto.createECDH('secp521r1');
+  bob.generateKeys();
+
+  const secret1 = alice.computeSecret(bob.getPublicKey());
+  const secret2 = alice2.computeSecret(bob.getPublicKey());
+  assert.strictEqual(secret1.toString('hex'), secret2.toString('hex'));
+});
+
+test(SUITE, 'should set private key and compute secret for secp256k1', () => {
+  const alice = crypto.createECDH('secp256k1');
+  alice.generateKeys();
+  const priv = alice.getPrivateKey();
+
+  const alice2 = crypto.createECDH('secp256k1');
+  alice2.setPrivateKey(priv);
+
+  assert.strictEqual(
+    alice.getPublicKey().toString('hex'),
+    alice2.getPublicKey().toString('hex'),
+  );
+
+  const bob = crypto.createECDH('secp256k1');
+  bob.generateKeys();
+
+  const secret1 = alice.computeSecret(bob.getPublicKey());
+  const secret2 = alice2.computeSecret(bob.getPublicKey());
+  assert.strictEqual(secret1.toString('hex'), secret2.toString('hex'));
+});
+
 test(SUITE, 'getCurves - should return array of supported curves', () => {
   const curves = getCurves();
   assert.isArray(curves);

example/src/tests/keys/create_keys.ts

@@ -5,7 +5,10 @@ import {
   createPublicKey,
   generateKeyPair,
   randomBytes,
+  sign,
+  verify,
 } from 'react-native-quick-crypto';
+import type { JWK } from 'react-native-quick-crypto';
 import { expect } from 'chai';
 import { test, assertThrowsAsync, decodeHex } from '../util';
 import { rsaPrivateKeyPem, rsaPublicKeyPem } from './fixtures';
@@ -384,6 +387,103 @@ test(
   },
 );
 
+// --- JWK EC Round-Trip Tests ---
+
+const EC_CURVES = [
+  { namedCurve: 'P-256', crv: 'P-256', hash: 'SHA256' },
+  { namedCurve: 'P-384', crv: 'P-384', hash: 'SHA384' },
+  { namedCurve: 'P-521', crv: 'P-521', hash: 'SHA512' },
+] as const;
+
+for (const { namedCurve, crv, hash } of EC_CURVES) {
+  test(
+    SUITE,
+    `JWK EC ${crv} private key round-trip: generate -> export JWK -> import JWK -> sign/verify`,
+    async () => {
+      const { privateKey: privPem, publicKey: pubPem } = await new Promise<{
+        privateKey: string;
+        publicKey: string;
+      }>((resolve, reject) => {
+        generateKeyPair(
+          'ec',
+          {
+            namedCurve,
+            publicKeyEncoding: { type: 'spki', format: 'pem' },
+            privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+          },
+          (err, pubKey, privKey) => {
+            if (err) reject(err);
+            else
+              resolve({
+                privateKey: privKey as string,
+                publicKey: pubKey as string,
+              });
+          },
+        );
+      });
+
+      const privKey = createPrivateKey(privPem);
+      const jwk = privKey.export({ format: 'jwk' }) as JWK;
+
+      expect(jwk.kty).to.equal('EC');
+      expect(jwk.crv).to.equal(crv);
+      expect(jwk.x).to.match(/^[A-Za-z0-9_-]+$/);
+      expect(jwk.y).to.match(/^[A-Za-z0-9_-]+$/);
+      expect(jwk.d).to.match(/^[A-Za-z0-9_-]+$/);
+
+      const reimported = createPrivateKey({ key: jwk, format: 'jwk' });
+      expect(reimported.type).to.equal('private');
+      expect(reimported.asymmetricKeyType).to.equal('ec');
+
+      const sig = sign(hash, 'test data', reimported);
+      const pubKey = createPublicKey(pubPem);
+      const valid = verify(hash, 'test data', pubKey, sig);
+      expect(valid).to.equal(true);
+    },
+  );
+
+  test(
+    SUITE,
+    `JWK EC ${crv} public key round-trip: generate -> export JWK -> import JWK`,
+    async () => {
+      const { publicKey: pubPem } = await new Promise<{
+        privateKey: string;
+        publicKey: string;
+      }>((resolve, reject) => {
+        generateKeyPair(
+          'ec',
+          {
+            namedCurve,
+            publicKeyEncoding: { type: 'spki', format: 'pem' },
+            privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+          },
+          (err, pubKey, privKey) => {
+            if (err) reject(err);
+            else
+              resolve({
+                privateKey: privKey as string,
+                publicKey: pubKey as string,
+              });
+          },
+        );
+      });
+
+      const pubKey = createPublicKey(pubPem);
+      const jwk = pubKey.export({ format: 'jwk' }) as JWK;
+
+      expect(jwk.kty).to.equal('EC');
+      expect(jwk.crv).to.equal(crv);
+      expect(jwk.x).to.match(/^[A-Za-z0-9_-]+$/);
+      expect(jwk.y).to.match(/^[A-Za-z0-9_-]+$/);
+      expect(jwk.d).to.equal(undefined);
+
+      const reimported = createPublicKey({ key: jwk, format: 'jwk' });
+      expect(reimported.type).to.equal('public');
+      expect(reimported.asymmetricKeyType).to.equal('ec');
+    },
+  );
+}
+
 // --- Error Cases ---
 
 test(SUITE, 'createPublicKey throws with invalid PEM', async () => {

example/src/tests/keys/sign_verify_oneshot.ts

@@ -199,6 +199,92 @@ test(SUITE, 'ECDSA P-256 with IEEE-P1363 encoding', async () => {
   expect(isValid).to.equal(true);
 });
 
+test(SUITE, 'ECDSA P-384 with IEEE-P1363 encoding', async () => {
+  const { privateKey, publicKey } = await new Promise<{
+    privateKey: string;
+    publicKey: string;
+  }>((resolve, reject) => {
+    generateKeyPair(
+      'ec',
+      {
+        namedCurve: 'P-384',
+        publicKeyEncoding: { type: 'spki', format: 'pem' },
+        privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+      },
+      (err, pubKey, privKey) => {
+        if (err) reject(err);
+        else
+          resolve({
+            privateKey: privKey as string,
+            publicKey: pubKey as string,
+          });
+      },
+    );
+  });
+
+  const signature = sign('SHA384', testData, {
+    key: privateKey,
+    dsaEncoding: 'ieee-p1363',
+  });
+
+  expect(signature.length).to.equal(96);
+
+  const isValid = verify(
+    'SHA384',
+    testData,
+    {
+      key: publicKey,
+      dsaEncoding: 'ieee-p1363',
+    },
+    signature,
+  );
+
+  expect(isValid).to.equal(true);
+});
+
+test(SUITE, 'ECDSA P-521 with IEEE-P1363 encoding', async () => {
+  const { privateKey, publicKey } = await new Promise<{
+    privateKey: string;
+    publicKey: string;
+  }>((resolve, reject) => {
+    generateKeyPair(
+      'ec',
+      {
+        namedCurve: 'P-521',
+        publicKeyEncoding: { type: 'spki', format: 'pem' },
+        privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+      },
+      (err, pubKey, privKey) => {
+        if (err) reject(err);
+        else
+          resolve({
+            privateKey: privKey as string,
+            publicKey: pubKey as string,
+          });
+      },
+    );
+  });
+
+  const signature = sign('SHA512', testData, {
+    key: privateKey,
+    dsaEncoding: 'ieee-p1363',
+  });
+
+  expect(signature.length).to.equal(132);
+
+  const isValid = verify(
+    'SHA512',
+    testData,
+    {
+      key: publicKey,
+      dsaEncoding: 'ieee-p1363',
+    },
+    signature,
+  );
+
+  expect(isValid).to.equal(true);
+});
+
 // --- Ed25519 Tests ---
 
 test(SUITE, 'Ed25519 sign and verify', async () => {

packages/react-native-quick-crypto/android/CMakeLists.txt

@@ -58,6 +58,7 @@ add_library(
   ../cpp/sign/HybridSignHandle.cpp
   ../cpp/sign/HybridVerifyHandle.cpp
   ../cpp/utils/HybridUtils.cpp
+  ../cpp/utils/QuickCryptoUtils.cpp
   ${BLAKE3_SOURCES}
   ../deps/fastpbkdf2/fastpbkdf2.c
   ../deps/ncrypto/src/aead.cpp