feat: add raw key formats (raw-public, raw-private, raw-seed)#1034
Merged
Conversation
…vateKey / generateKeyPair / diffieHellman (#1010) Adds Node.js-compatible 'raw-public', 'raw-private', and 'raw-seed' key formats across the asymmetric key surface: - KeyObjectHandle native: exportRawPublic / exportRawPrivate / exportRawSeed, exportECPublicRaw(compressed), exportECPrivateRaw, plus initRawPublic / initRawPrivate / initRawSeed for raw imports keyed by asymmetricKeyType (with namedCurve for EC). - KeyObject.export now accepts {format: 'raw-public' | 'raw-private' | 'raw-seed'} for EC, OKP (Ed25519/Ed448/X25519/X448), ML-DSA, ML-KEM and SLH-DSA keys. EC raw-public additionally accepts {type: 'compressed' | 'uncompressed'}. - createPublicKey / createPrivateKey accept the matching raw input objects ({key, format, asymmetricKeyType, namedCurve?}). - generateKeyPair / generateKeyPairSync accept raw output formats in publicKeyEncoding / privateKeyEncoding for EC, OKP, ML-DSA, ML-KEM and SLH-DSA. RSA / DSA / DH explicitly reject raw formats. - Top-level diffieHellman({publicKey, privateKey}) now also accepts raw key inputs for EC and CFRG curves; DH KeyObjects throw a clear "not supported" error pending future work.
Runs `bun specs` so the generated HybridKeyObjectHandleSpec base class declares the new exportRawPublic / exportRawPrivate / exportRawSeed / exportECPublicRaw / exportECPrivateRaw / initRawPublic / initRawPrivate / initRawSeed methods as virtual. Without this the iOS/Android build fails with "only virtual member functions can be marked 'override'".
KeyObject.export({format:'raw-public'|'raw-private'|'raw-seed'}) now uses
the same Buffer class the package re-exports (@craftzdog/react-native-buffer)
instead of the 'buffer' polyfill — so consumers' `instanceof Buffer` checks
match. generateKeyPair / generateKeyPairSync raw outputs are now wrapped in
Buffer too, instead of returning bare ArrayBuffer, so callers don't need
Buffer.from() wrapping for comparison or Buffer-typed APIs.
- Narrow generateKeyPairSync return type with KeyObjectKeyPair overloads - Widen KeyPairType to include PQCKeyPairType so PQC names typecheck - Remove as unknown as casts in raw_key_formats tests - Drop misleading isEcCurveName helper; rely on EC_KEY_new_by_curve_name - Move (void)keyId into the OpenSSL <3.5 branch in supportsRawSeed - Use ToNativeArrayBuffer(ptr,size) overload for raw exports - Collapse numericFormat/numericType into coerceToNumeric - Replace as KFormatType / as KeyEncoding casts with runtime narrowing
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
🤖 End-to-End Test Results - AndroidStatus: ✅ Passed 📸 Final Test ScreenshotScreenshot automatically captured from End-to-End tests and will expire in 30 days This comment is automatically updated on each test run. |
Contributor
🤖 End-to-End Test Results - iOSStatus: ✅ Passed 📸 Final Test ScreenshotScreenshot automatically captured from End-to-End tests and will expire in 30 days This comment is automatically updated on each test run. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds Node-compatible raw key formats —
raw-public,raw-private, andraw-seed— acrossKeyObject.export,createPublicKey,createPrivateKey,generateKeyPair, andcrypto.diffieHellman. Mirrors Node'slib/internal/crypto/keys.jsflow.Changes
HybridKeyObjectHandle): 5 new export methods (exportRawPublic,exportRawPrivate,exportRawSeed,exportECPublicRaw,exportECPrivateRaw) and 3 init methods (initRawPublic,initRawPrivate,initRawSeed), with OpenSSL 3.5+ guards for PQC seed paths.KeyObject.export(),createPublicKey/createPrivateKey(raw imports requireasymmetricKeyType+namedCurvefor EC),generateKeyPair(CFRG, EC, SLH-DSA), anddiffieHellmanraw key inputs.KeyObjectKeyPairoverloads togenerateKeyPairSyncso the no-encoding case returns typedPublicKeyObject/PrivateKeyObject. WidenedKeyPairTypeto includePQCKeyPairType.@craftzdog/react-native-bufferBufferinstances (matches RNQC's widerBufferconvention).example/src/tests/keys/raw_key_formats.tscovering X25519, Ed25519, EC P-256 (compressed + uncompressed), ML-DSA-44 seed export, and round-trip import/export.Fixes #1010
Test plan
bun tscclean across both packagesbun ios— example app keys.rawFormats suite passesbun android— verify the same suite on Android