fix: support legacy RSA-* hash name aliases (#929)

Author: boorad

example/src/tests/keys/generate_keypair.ts

@@ -791,7 +791,7 @@ test(SUITE, 'generateKeyPair DH with primeLength', async () => {
     generateKeyPair(
       'dh',
       {
-        primeLength: 2048,
+        primeLength: 512,
         publicKeyEncoding: { type: 'spki', format: 'pem' },
         privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
       },

packages/react-native-quick-crypto/cpp/cipher/HybridRsaCipher.cpp

@@ -14,19 +14,6 @@ using margelo::nitro::NativeArrayBuffer;
 constexpr int kRsaPkcs1Padding = 1;
 constexpr int kRsaOaepPadding = 4;
 
-const EVP_MD* getDigestByName(const std::string& hashAlgorithm) {
-  if (hashAlgorithm == "SHA-1" || hashAlgorithm == "SHA1" || hashAlgorithm == "sha1" || hashAlgorithm == "sha-1") {
-    return EVP_sha1();
-  } else if (hashAlgorithm == "SHA-256" || hashAlgorithm == "SHA256" || hashAlgorithm == "sha256" || hashAlgorithm == "sha-256") {
-    return EVP_sha256();
-  } else if (hashAlgorithm == "SHA-384" || hashAlgorithm == "SHA384" || hashAlgorithm == "sha384" || hashAlgorithm == "sha-384") {
-    return EVP_sha384();
-  } else if (hashAlgorithm == "SHA-512" || hashAlgorithm == "SHA512" || hashAlgorithm == "sha512" || hashAlgorithm == "sha-512") {
-    return EVP_sha512();
-  }
-  throw std::runtime_error("Unsupported hash algorithm: " + hashAlgorithm);
-}
-
 int toOpenSSLPadding(int padding) {
   switch (padding) {
     case kRsaPkcs1Padding:

packages/react-native-quick-crypto/cpp/sign/SignUtils.hpp

@@ -8,36 +8,15 @@
 #include <openssl/evp.h>
 #include <string>
 
+#include "../utils/QuickCryptoUtils.hpp"
+
 namespace margelo::nitro::crypto {
 
 enum DSASigEnc {
   kSigEncDER = 0,
   kSigEncP1363 = 1,
 };
 
-inline const EVP_MD* getDigestByName(const std::string& algorithm) {
-  if (algorithm == "SHA1" || algorithm == "sha1" || algorithm == "SHA-1" || algorithm == "sha-1") {
-    return EVP_sha1();
-  } else if (algorithm == "SHA224" || algorithm == "sha224" || algorithm == "SHA-224" || algorithm == "sha-224") {
-    return EVP_sha224();
-  } else if (algorithm == "SHA256" || algorithm == "sha256" || algorithm == "SHA-256" || algorithm == "sha-256") {
-    return EVP_sha256();
-  } else if (algorithm == "SHA384" || algorithm == "sha384" || algorithm == "SHA-384" || algorithm == "sha-384") {
-    return EVP_sha384();
-  } else if (algorithm == "SHA512" || algorithm == "sha512" || algorithm == "SHA-512" || algorithm == "sha-512") {
-    return EVP_sha512();
-  } else if (algorithm == "SHA3-224" || algorithm == "sha3-224") {
-    return EVP_sha3_224();
-  } else if (algorithm == "SHA3-256" || algorithm == "sha3-256") {
-    return EVP_sha3_256();
-  } else if (algorithm == "SHA3-384" || algorithm == "sha3-384") {
-    return EVP_sha3_384();
-  } else if (algorithm == "SHA3-512" || algorithm == "sha3-512") {
-    return EVP_sha3_512();
-  }
-  throw std::runtime_error("Unsupported hash algorithm: " + algorithm);
-}
-
 inline unsigned int getBytesOfRS(EVP_PKEY* pkey) {
   int bits;
   int base_id = EVP_PKEY_base_id(pkey);

packages/react-native-quick-crypto/cpp/utils/QuickCryptoUtils.hpp

@@ -4,6 +4,7 @@
 #include <cctype>
 #include <limits>
 #include <openssl/err.h>
+#include <openssl/evp.h>
 #include <string>
 #include <vector>
 
@@ -72,4 +73,36 @@ inline std::string toLower(std::string s) {
   return s;
 }
 
+inline const EVP_MD* getDigestByName(const std::string& algorithm) {
+  std::string algo = toLower(algorithm);
+
+  // Strip legacy RSA- prefix (e.g. rsa-sha256 -> sha256) for Node.js compat
+  if (algo.size() > 4 && algo.compare(0, 4, "rsa-") == 0) {
+    algo = algo.substr(4);
+  }
+
+  if (algo == "sha1" || algo == "sha-1") {
+    return EVP_sha1();
+  } else if (algo == "sha224" || algo == "sha-224") {
+    return EVP_sha224();
+  } else if (algo == "sha256" || algo == "sha-256") {
+    return EVP_sha256();
+  } else if (algo == "sha384" || algo == "sha-384") {
+    return EVP_sha384();
+  } else if (algo == "sha512" || algo == "sha-512") {
+    return EVP_sha512();
+  } else if (algo == "sha3-224") {
+    return EVP_sha3_224();
+  } else if (algo == "sha3-256") {
+    return EVP_sha3_256();
+  } else if (algo == "sha3-384") {
+    return EVP_sha3_384();
+  } else if (algo == "sha3-512") {
+    return EVP_sha3_512();
+  } else if (algo == "ripemd160" || algo == "ripemd-160") {
+    return EVP_ripemd160();
+  }
+  throw std::runtime_error("Unsupported hash algorithm: " + algorithm);
+}
+
 } // namespace margelo::nitro::crypto

packages/react-native-quick-crypto/src/utils/hashnames.ts

@@ -76,6 +76,17 @@ const kHashNames: HashNames = {
         kHashNames[alias] = kHashNames[keys[n]!]!;
     }
   }
+
+  // Add OpenSSL legacy RSA-* aliases (e.g. RSA-SHA256 -> sha256)
+  for (let n: number = 0; n < keys.length; n++) {
+    const key = keys[n]!;
+    if (key.startsWith('sha') || key === 'ripemd160') {
+      const rsaAlias = 'rsa-' + key;
+      if (kHashNames[rsaAlias] === undefined) {
+        kHashNames[rsaAlias] = kHashNames[key]!;
+      }
+    }
+  }
 }
 
 export function normalizeHashName(

packages/react-native-quick-crypto/test/hashnames.test.ts

@@ -9,6 +9,15 @@ test('normalizeHashName happy', () => {
   expect(normalizeHashName('SHA-512')).toBe('sha512');
 });
 
+test('normalizeHashName RSA-* legacy aliases', () => {
+  expect(normalizeHashName('rsa-sha1')).toBe('sha1');
+  expect(normalizeHashName('rsa-sha256')).toBe('sha256');
+  expect(normalizeHashName('rsa-sha384')).toBe('sha384');
+  expect(normalizeHashName('rsa-sha512')).toBe('sha512');
+  expect(normalizeHashName('rsa-ripemd160')).toBe('ripemd160');
+  expect(normalizeHashName('RSA-SHA256')).toBe('sha256');
+});
+
 test('normalizeHashName sad', () => {
   expect(normalizeHashName('SHA-2')).toBe('sha-2');
   expect(normalizeHashName('NOT-a-hash', HashContext.JwkRsaPss)).toBe(