refactor: address code review issues for DSA/DH key generation

- Convert HybridDsaKeyPair from raw EVP_PKEY* to RAII unique_ptr
- Remove dead setGroupName/groupName_ from DH Nitro spec and C++
- Replace duplicate DH test with primeLength coverage
- Simplify always-true ternaries in DSA/DH format helpers
- Delegate DSA modulusLength validation to OpenSSL

Author: boorad

example/src/tests/keys/generate_keypair.ts

@@ -783,15 +783,15 @@ test(SUITE, 'generateKeyPair DH with named group modp14', async () => {
   expect(publicKey).to.match(/^-----BEGIN PUBLIC KEY-----/);
 });
 
-test(SUITE, 'generateKeyPair DH with PEM encoding', async () => {
+test(SUITE, 'generateKeyPair DH with primeLength', async () => {
   const { privateKey, publicKey } = await new Promise<{
     privateKey: string;
     publicKey: string;
   }>((resolve, reject) => {
     generateKeyPair(
       'dh',
       {
-        groupName: 'modp14',
+        primeLength: 2048,
         publicKeyEncoding: { type: 'spki', format: 'pem' },
         privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
       },

packages/react-native-quick-crypto/cpp/dh/HybridDhKeyPair.cpp

@@ -36,10 +36,6 @@ void HybridDhKeyPair::setGenerator(double generator) {
   generator_ = static_cast<int>(generator);
 }
 
-void HybridDhKeyPair::setGroupName(const std::string& groupName) {
-  groupName_ = groupName;
-}
-
 std::shared_ptr<Promise<void>> HybridDhKeyPair::generateKeyPair() {
   return Promise<void>::async([this]() { this->generateKeyPairSync(); });
 }
@@ -109,7 +105,7 @@ void HybridDhKeyPair::generateKeyPairSync() {
       throw std::runtime_error("DH: failed to generate parameters");
     }
   } else {
-    throw std::runtime_error("DH: either prime, primeLength, or groupName must be set");
+    throw std::runtime_error("DH: either prime or primeLength must be set");
   }
 
   std::unique_ptr<EVP_PKEY, decltype(&EVP_PKEY_free)> params_guard(params, EVP_PKEY_free);

packages/react-native-quick-crypto/cpp/dh/HybridDhKeyPair.hpp

@@ -22,15 +22,13 @@ class HybridDhKeyPair : public HybridDhKeyPairSpec {
   void setPrimeLength(double primeLength) override;
   void setPrime(const std::shared_ptr<ArrayBuffer>& prime) override;
   void setGenerator(double generator) override;
-  void setGroupName(const std::string& groupName) override;
   std::shared_ptr<ArrayBuffer> getPublicKey() override;
   std::shared_ptr<ArrayBuffer> getPrivateKey() override;
 
  private:
   int primeLength_ = 0;
   std::vector<uint8_t> prime_;
   int generator_ = 2;
-  std::string groupName_;
 
   using EVP_PKEY_ptr = std::unique_ptr<EVP_PKEY, decltype(&EVP_PKEY_free)>;
   EVP_PKEY_ptr pkey_{nullptr, EVP_PKEY_free};

packages/react-native-quick-crypto/cpp/dsa/HybridDsaKeyPair.cpp

@@ -30,10 +30,7 @@ void HybridDsaKeyPair::generateKeyPairSync() {
     throw std::runtime_error("DSA modulusLength must be set before generating key pair");
   }
 
-  if (pkey != nullptr) {
-    EVP_PKEY_free(pkey);
-    pkey = nullptr;
-  }
+  pkey_.reset();
 
   // Step 1: Generate DSA parameters
   std::unique_ptr<EVP_PKEY_CTX, decltype(&EVP_PKEY_CTX_free)> param_ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, nullptr), EVP_PKEY_CTX_free);
@@ -79,11 +76,11 @@ void HybridDsaKeyPair::generateKeyPairSync() {
     throw std::runtime_error("DSA: failed to generate key pair");
   }
 
-  pkey = raw_pkey;
+  pkey_.reset(raw_pkey);
 }
 
 std::shared_ptr<ArrayBuffer> HybridDsaKeyPair::getPublicKey() {
-  if (pkey == nullptr) {
+  if (!pkey_) {
     throw std::runtime_error("DSA: no key pair generated");
   }
 
@@ -92,7 +89,7 @@ std::shared_ptr<ArrayBuffer> HybridDsaKeyPair::getPublicKey() {
     throw std::runtime_error("DSA: failed to create BIO for public key export");
   }
 
-  if (i2d_PUBKEY_bio(bio, pkey) != 1) {
+  if (i2d_PUBKEY_bio(bio, pkey_.get()) != 1) {
     BIO_free(bio);
     throw std::runtime_error("DSA: failed to export public key");
   }
@@ -106,7 +103,7 @@ std::shared_ptr<ArrayBuffer> HybridDsaKeyPair::getPublicKey() {
 }
 
 std::shared_ptr<ArrayBuffer> HybridDsaKeyPair::getPrivateKey() {
-  if (pkey == nullptr) {
+  if (!pkey_) {
     throw std::runtime_error("DSA: no key pair generated");
   }
 
@@ -115,7 +112,7 @@ std::shared_ptr<ArrayBuffer> HybridDsaKeyPair::getPrivateKey() {
     throw std::runtime_error("DSA: failed to create BIO for private key export");
   }
 
-  if (i2d_PKCS8PrivateKey_bio(bio, pkey, nullptr, nullptr, 0, nullptr, nullptr) != 1) {
+  if (i2d_PKCS8PrivateKey_bio(bio, pkey_.get(), nullptr, nullptr, 0, nullptr, nullptr) != 1) {
     BIO_free(bio);
     throw std::runtime_error("DSA: failed to export private key");
   }

packages/react-native-quick-crypto/cpp/dsa/HybridDsaKeyPair.hpp

@@ -11,12 +11,7 @@ namespace margelo::nitro::crypto {
 class HybridDsaKeyPair : public HybridDsaKeyPairSpec {
  public:
   HybridDsaKeyPair() : HybridObject(TAG) {}
-  ~HybridDsaKeyPair() override {
-    if (pkey != nullptr) {
-      EVP_PKEY_free(pkey);
-      pkey = nullptr;
-    }
-  }
+  ~HybridDsaKeyPair() override = default;
 
  public:
   std::shared_ptr<Promise<void>> generateKeyPair() override;
@@ -29,7 +24,9 @@ class HybridDsaKeyPair : public HybridDsaKeyPairSpec {
  private:
   int modulusLength_ = 0;
   int divisorLength_ = -1;
-  EVP_PKEY* pkey = nullptr;
+
+  using EVP_PKEY_ptr = std::unique_ptr<EVP_PKEY, decltype(&EVP_PKEY_free)>;
+  EVP_PKEY_ptr pkey_{nullptr, EVP_PKEY_free};
 };
 
 } // namespace margelo::nitro::crypto

packages/react-native-quick-crypto/nitrogen/generated/shared/c++/HybridDhKeyPairSpec.cpp

@@ -75,14 +75,7 @@ function dh_formatKeyPairOutput(
   publicKey: PublicKeyObject | Buffer | string | ArrayBuffer;
   privateKey: PrivateKeyObject | Buffer | string | ArrayBuffer;
 } {
-  const {
-    publicFormat,
-    publicType,
-    privateFormat,
-    privateType,
-    cipher,
-    passphrase,
-  } = encoding;
+  const { publicFormat, privateFormat, cipher, passphrase } = encoding;
 
   const publicKeyData = dh.native.getPublicKey();
   const privateKeyData = dh.native.getPrivateKey();
@@ -109,9 +102,7 @@ function dh_formatKeyPairOutput(
   } else {
     const format =
       publicFormat === KFormatType.PEM ? KFormatType.PEM : KFormatType.DER;
-    const keyEncoding =
-      publicType === KeyEncoding.SPKI ? KeyEncoding.SPKI : KeyEncoding.SPKI;
-    const exported = pub.handle.exportKey(format, keyEncoding);
+    const exported = pub.handle.exportKey(format, KeyEncoding.SPKI);
     if (format === KFormatType.PEM) {
       publicKey = Buffer.from(new Uint8Array(exported)).toString('utf-8');
     } else {
@@ -124,11 +115,9 @@ function dh_formatKeyPairOutput(
   } else {
     const format =
       privateFormat === KFormatType.PEM ? KFormatType.PEM : KFormatType.DER;
-    const keyEncoding =
-      privateType === KeyEncoding.PKCS8 ? KeyEncoding.PKCS8 : KeyEncoding.PKCS8;
     const exported = priv.handle.exportKey(
       format,
-      keyEncoding,
+      KeyEncoding.PKCS8,
       cipher,
       passphrase,
     );

packages/react-native-quick-crypto/nitrogen/generated/shared/c++/HybridDhKeyPairSpec.hpp

@@ -34,7 +34,7 @@ function dsa_prepareKeyGenParams(
 
   const { modulusLength, divisorLength } = options;
 
-  if (!modulusLength || modulusLength < 1024) {
+  if (!modulusLength || modulusLength <= 0) {
     throw new Error('Invalid or missing modulusLength for DSA key generation');
   }
 
@@ -48,14 +48,7 @@ function dsa_formatKeyPairOutput(
   publicKey: PublicKeyObject | Buffer | string | ArrayBuffer;
   privateKey: PrivateKeyObject | Buffer | string | ArrayBuffer;
 } {
-  const {
-    publicFormat,
-    publicType,
-    privateFormat,
-    privateType,
-    cipher,
-    passphrase,
-  } = encoding;
+  const { publicFormat, privateFormat, cipher, passphrase } = encoding;
 
   const publicKeyData = dsa.native.getPublicKey();
   const privateKeyData = dsa.native.getPrivateKey();
@@ -82,9 +75,7 @@ function dsa_formatKeyPairOutput(
   } else {
     const format =
       publicFormat === KFormatType.PEM ? KFormatType.PEM : KFormatType.DER;
-    const keyEncoding =
-      publicType === KeyEncoding.SPKI ? KeyEncoding.SPKI : KeyEncoding.SPKI;
-    const exported = pub.handle.exportKey(format, keyEncoding);
+    const exported = pub.handle.exportKey(format, KeyEncoding.SPKI);
     if (format === KFormatType.PEM) {
       publicKey = Buffer.from(new Uint8Array(exported)).toString('utf-8');
     } else {
@@ -97,11 +88,9 @@ function dsa_formatKeyPairOutput(
   } else {
     const format =
       privateFormat === KFormatType.PEM ? KFormatType.PEM : KFormatType.DER;
-    const keyEncoding =
-      privateType === KeyEncoding.PKCS8 ? KeyEncoding.PKCS8 : KeyEncoding.PKCS8;
     const exported = priv.handle.exportKey(
       format,
-      keyEncoding,
+      KeyEncoding.PKCS8,
       cipher,
       passphrase,
     );

packages/react-native-quick-crypto/src/dhKeyPair.ts

@@ -8,7 +8,6 @@ export interface DhKeyPair
   setPrimeLength(primeLength: number): void;
   setPrime(prime: ArrayBuffer): void;
   setGenerator(generator: number): void;
-  setGroupName(groupName: string): void;
 
   getPublicKey(): ArrayBuffer;
   getPrivateKey(): ArrayBuffer;