npm - react-native-quick-crypto - Versions diffs - 1.0.0 → 1.0.1 - Mend

react-native-quick-crypto 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (81) hide show

package/QuickCrypto.podspec +14 -5
package/android/CMakeLists.txt +4 -2
package/android/build.gradle +1 -1
package/cpp/cipher/HybridCipher.cpp +3 -2
package/cpp/cipher/HybridRsaCipher.cpp +20 -1
package/cpp/keys/HybridKeyObjectHandle.cpp +8 -0
package/cpp/keys/KeyObjectData.hpp +1 -1
package/cpp/mldsa/HybridMlDsaKeyPair.cpp +264 -0
package/cpp/mldsa/HybridMlDsaKeyPair.hpp +47 -0
package/cpp/sign/HybridSignHandle.cpp +97 -22
package/cpp/sign/HybridVerifyHandle.cpp +90 -21
package/deps/ncrypto/.bazelignore +4 -0
package/deps/ncrypto/.bazelrc +2 -0
package/deps/ncrypto/.bazelversion +1 -0
package/deps/ncrypto/.clang-format +111 -0
package/deps/ncrypto/.github/workflows/bazel.yml +58 -0
package/deps/ncrypto/.github/workflows/linter.yml +38 -0
package/deps/ncrypto/.github/workflows/macos.yml +43 -0
package/deps/ncrypto/.github/workflows/ubuntu.yml +46 -0
package/deps/ncrypto/.github/workflows/visual-studio.yml +49 -0
package/deps/ncrypto/.python-version +1 -0
package/deps/ncrypto/BUILD.bazel +36 -0
package/deps/ncrypto/CMakeLists.txt +55 -0
package/deps/ncrypto/LICENSE +21 -0
package/deps/ncrypto/MODULE.bazel +1 -0
package/deps/ncrypto/MODULE.bazel.lock +280 -0
package/deps/ncrypto/README.md +18 -0
package/deps/ncrypto/WORKSPACE +15 -0
package/deps/ncrypto/cmake/CPM.cmake +1225 -0
package/deps/ncrypto/cmake/ncrypto-flags.cmake +16 -0
package/deps/ncrypto/include/dh-primes.h +67 -0
package/deps/ncrypto/{ncrypto.h → include/ncrypto.h} +361 -89
package/deps/ncrypto/patches/0001-Expose-libdecrepit-so-NodeJS-can-use-it-for-ncrypto.patch +28 -0
package/deps/ncrypto/pyproject.toml +38 -0
package/deps/ncrypto/src/CMakeLists.txt +15 -0
package/deps/ncrypto/src/engine.cpp +93 -0
package/deps/ncrypto/{ncrypto.cc → src/ncrypto.cpp} +1168 -234
package/deps/ncrypto/tests/BUILD.bazel +9 -0
package/deps/ncrypto/tests/CMakeLists.txt +7 -0
package/deps/ncrypto/tests/basic.cpp +86 -0
package/deps/ncrypto/tools/run-clang-format.sh +42 -0
package/lib/commonjs/keys/classes.js +6 -0
package/lib/commonjs/keys/classes.js.map +1 -1
package/lib/commonjs/mldsa.js +69 -0
package/lib/commonjs/mldsa.js.map +1 -0
package/lib/commonjs/specs/mlDsaKeyPair.nitro.js +6 -0
package/lib/commonjs/specs/mlDsaKeyPair.nitro.js.map +1 -0
package/lib/commonjs/subtle.js +111 -6
package/lib/commonjs/subtle.js.map +1 -1
package/lib/commonjs/utils/types.js.map +1 -1
package/lib/module/keys/classes.js +6 -0
package/lib/module/keys/classes.js.map +1 -1
package/lib/module/mldsa.js +63 -0
package/lib/module/mldsa.js.map +1 -0
package/lib/module/specs/mlDsaKeyPair.nitro.js +4 -0
package/lib/module/specs/mlDsaKeyPair.nitro.js.map +1 -0
package/lib/module/subtle.js +111 -6
package/lib/module/subtle.js.map +1 -1
package/lib/module/utils/types.js.map +1 -1
package/lib/tsconfig.tsbuildinfo +1 -1
package/lib/typescript/keys/classes.d.ts +2 -0
package/lib/typescript/keys/classes.d.ts.map +1 -1
package/lib/typescript/mldsa.d.ts +18 -0
package/lib/typescript/mldsa.d.ts.map +1 -0
package/lib/typescript/specs/mlDsaKeyPair.nitro.d.ts +16 -0
package/lib/typescript/specs/mlDsaKeyPair.nitro.d.ts.map +1 -0
package/lib/typescript/subtle.d.ts.map +1 -1
package/lib/typescript/utils/types.d.ts +5 -3
package/lib/typescript/utils/types.d.ts.map +1 -1
package/nitrogen/generated/android/QuickCrypto+autolinking.cmake +1 -0
package/nitrogen/generated/android/QuickCryptoOnLoad.cpp +10 -0
package/nitrogen/generated/ios/QuickCryptoAutolinking.mm +10 -0
package/nitrogen/generated/shared/c++/AsymmetricKeyType.hpp +12 -0
package/nitrogen/generated/shared/c++/HybridMlDsaKeyPairSpec.cpp +29 -0
package/nitrogen/generated/shared/c++/HybridMlDsaKeyPairSpec.hpp +73 -0
package/package.json +7 -3
package/src/keys/classes.ts +9 -0
package/src/mldsa.ts +125 -0
package/src/specs/mlDsaKeyPair.nitro.ts +29 -0
package/src/subtle.ts +148 -8
package/src/utils/types.ts +11 -3

package/deps/ncrypto/cmake/ncrypto-flags.cmake ADDED Viewed

@@ -0,0 +1,16 @@
+option(NCRYPTO_DEVELOPMENT_CHECKS "development checks (useful for debugging)" OFF)
+option(NCRYPTO_TESTING "Build tests" ON)
+option(NCRYPTO_BSSL_LIBDECREPIT_MISSING "enable if boringssl is built without libdecrepit" OFF)
+set(CMAKE_POSITION_INDEPENDENT_CODE ON)
+set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
+set(CMAKE_CXX_STANDARD 20)
+set(CMAKE_CXX_STANDARD_REQUIRED ON)
+set(CMAKE_CXX_EXTENSIONS OFF)
+find_program(CCACHE_FOUND ccache)
+if(CCACHE_FOUND)
+  message(STATUS "Ccache found using it as compiler launcher.")
+  set(CMAKE_C_COMPILER_LAUNCHER ccache)
+  set(CMAKE_CXX_COMPILER_LAUNCHER ccache)
+endif(CCACHE_FOUND)

package/deps/ncrypto/include/dh-primes.h ADDED Viewed

@@ -0,0 +1,67 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com). */
+#ifndef DEPS_NCRYPTO_DH_PRIMES_H_
+#define DEPS_NCRYPTO_DH_PRIMES_H_
+#include <openssl/bn.h>
+// Backporting primes that may not be supported in earlier boringssl versions.
+// Intentionally keeping the existing C-style formatting.
+BIGNUM* BN_get_rfc3526_prime_2048(BIGNUM* ret);
+BIGNUM* BN_get_rfc3526_prime_3072(BIGNUM* ret);
+BIGNUM* BN_get_rfc3526_prime_4096(BIGNUM* ret);
+BIGNUM* BN_get_rfc3526_prime_6144(BIGNUM* ret);
+BIGNUM* BN_get_rfc3526_prime_8192(BIGNUM* ret);
+#endif  // DEPS_NCRYPTO_DH_PRIMES_H_

package/deps/ncrypto/{ncrypto.h → include/ncrypto.h} RENAMED Viewed

@@ -8,17 +8,30 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
-#include <openssl/kdf.h>
 #include <openssl/rsa.h>
 #include <openssl/ssl.h>
 #include <openssl/x509.h>
+#ifdef OPENSSL_IS_BORINGSSL
+#include <openssl/aead.h>
+#endif
+#include <stdint.h>
 #include <cstddef>
+#include <cstdio>
 #include <functional>
 #include <list>
 #include <memory>
 #include <optional>
 #include <string>
 #include <string_view>
+#include <unordered_map>
+#include <utility>
+#if NCRYPTO_DEVELOPMENT_CHECKS
+#include <iostream>
+#endif
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif  // !OPENSSL_NO_ENGINE
@@ -57,6 +70,12 @@ using OPENSSL_SIZE_T = size_t;
 using OPENSSL_SIZE_T = int;
 #endif
+#ifdef OPENSSL_IS_BORINGSSL
+#ifdef NCRYPTO_BSSL_NEEDS_DH_PRIMES
+#include "dh-primes.h"
+#endif  // NCRYPTO_BSSL_NEEDS_DH_PRIMES
+#endif  // OPENSSL_IS_BORINGSSL
 namespace ncrypto {
 // ============================================================================
@@ -229,6 +248,8 @@ class DataPointer;
 class DHPointer;
 class ECKeyPointer;
 class EVPKeyPointer;
+class EVPMacCtxPointer;
+class EVPMacPointer;
 class EVPMDCtxPointer;
 class SSLCtxPointer;
 class SSLPointer;
@@ -241,6 +262,8 @@ class ECKeyPointer;
 class Dsa;
 class Rsa;
 class Ec;
+class Aead;
+class AeadCtxPointer;
 struct StackOfXASN1Deleter {
   void operator()(STACK_OF(ASN1_OBJECT) * p) const {
@@ -295,7 +318,25 @@ DataPointer xofHashDigest(const Buffer<const unsigned char>& data,
                           const EVP_MD* md,
                           size_t length);
-class Cipher final {
+template <typename T>
+class ModeMixin {
+ public:
+  std::string_view getModeLabel() const;
+  bool isGcmMode() const { return self().getMode() == EVP_CIPH_GCM_MODE; }
+  bool isWrapMode() const { return self().getMode() == EVP_CIPH_WRAP_MODE; }
+  bool isCtrMode() const { return self().getMode() == EVP_CIPH_CTR_MODE; }
+  bool isCcmMode() const { return self().getMode() == EVP_CIPH_CCM_MODE; }
+  bool isOcbMode() const { return self().getMode() == EVP_CIPH_OCB_MODE; }
+  bool isStreamMode() const {
+    return self().getMode() == EVP_CIPH_STREAM_CIPHER;
+  }
+ private:
+  const T& self() const { return static_cast<const T&>(*this); }
+};
+class Cipher final : public ModeMixin<Cipher> {
  public:
   static constexpr size_t MAX_KEY_LENGTH = EVP_MAX_KEY_LENGTH;
   static constexpr size_t MAX_IV_LENGTH = EVP_MAX_IV_LENGTH;
@@ -304,9 +345,10 @@ class Cipher final {
 #else
   static constexpr size_t MAX_AUTH_TAG_LENGTH = 16;
 #endif
-  static_assert(EVP_GCM_TLS_TAG_LEN <= MAX_AUTH_TAG_LENGTH &&
-                EVP_CCM_TLS_TAG_LEN <= MAX_AUTH_TAG_LENGTH &&
-                EVP_CHACHAPOLY_TLS_TAG_LEN <= MAX_AUTH_TAG_LENGTH);
+  // FIXME: These constants are not available in all OpenSSL/BoringSSL versions
+  // static_assert(EVP_GCM_TLS_TAG_LEN <= MAX_AUTH_TAG_LENGTH &&
+  //               EVP_CCM_TLS_TAG_LEN <= MAX_AUTH_TAG_LENGTH &&
+  //               EVP_CHACHAPOLY_TLS_TAG_LEN <= MAX_AUTH_TAG_LENGTH);
   Cipher() = default;
   Cipher(const EVP_CIPHER* cipher) : cipher_(cipher) {}
@@ -327,15 +369,9 @@ class Cipher final {
   int getIvLength() const;
   int getKeyLength() const;
   int getBlockSize() const;
-  std::string_view getModeLabel() const;
   const char* getName() const;
-  bool isGcmMode() const;
-  bool isWrapMode() const;
-  bool isCtrMode() const;
-  bool isCcmMode() const;
-  bool isOcbMode() const;
-  bool isStreamMode() const;
   bool isChaCha20Poly1305() const;
   bool isSupportedAuthenticatedMode() const;
@@ -428,8 +464,78 @@ class Dsa final {
   OSSL3_CONST DSA* dsa_;
 };
-// ============================================================================
-// RSA
+class BignumPointer final {
+ public:
+  BignumPointer() = default;
+  explicit BignumPointer(BIGNUM* bignum);
+  explicit BignumPointer(const unsigned char* data, size_t len);
+  BignumPointer(BignumPointer&& other) noexcept;
+  BignumPointer& operator=(BignumPointer&& other) noexcept;
+  NCRYPTO_DISALLOW_COPY(BignumPointer)
+  ~BignumPointer();
+  int operator<=>(const BignumPointer& other) const noexcept;
+  int operator<=>(const BIGNUM* other) const noexcept;
+  inline operator bool() const { return bn_ != nullptr; }
+  inline BIGNUM* get() const noexcept { return bn_.get(); }
+  void reset(BIGNUM* bn = nullptr);
+  void reset(const unsigned char* data, size_t len);
+  BIGNUM* release();
+  bool isZero() const;
+  bool isOne() const;
+  bool setWord(unsigned long w);  // NOLINT(runtime/int)
+  unsigned long getWord() const;  // NOLINT(runtime/int)
+  size_t byteLength() const;
+  size_t bitLength() const;
+  DataPointer toHex() const;
+  DataPointer encode() const;
+  DataPointer encodePadded(size_t size) const;
+  size_t encodeInto(unsigned char* out) const;
+  size_t encodePaddedInto(unsigned char* out, size_t size) const;
+  using PrimeCheckCallback = std::function<bool(int, int)>;
+  int isPrime(int checks,
+              PrimeCheckCallback cb = defaultPrimeCheckCallback) const;
+  struct PrimeConfig {
+    int bits;
+    bool safe = false;
+    const BignumPointer& add;
+    const BignumPointer& rem;
+  };
+  static BignumPointer NewPrime(
+      const PrimeConfig& params,
+      PrimeCheckCallback cb = defaultPrimeCheckCallback);
+  bool generate(const PrimeConfig& params,
+                PrimeCheckCallback cb = defaultPrimeCheckCallback) const;
+  static BignumPointer New();
+  static BignumPointer NewSecure();
+  static BignumPointer NewSub(const BignumPointer& a, const BignumPointer& b);
+  static BignumPointer NewLShift(size_t length);
+  static DataPointer Encode(const BIGNUM* bn);
+  static DataPointer EncodePadded(const BIGNUM* bn, size_t size);
+  static size_t EncodePaddedInto(const BIGNUM* bn,
+                                 unsigned char* out,
+                                 size_t size);
+  static int GetBitCount(const BIGNUM* bn);
+  static int GetByteCount(const BIGNUM* bn);
+  static unsigned long GetWord(const BIGNUM* bn);  // NOLINT(runtime/int)
+  static const BIGNUM* One();
+  BignumPointer clone();
+ private:
+  DeleteFnPtr<BIGNUM, BN_clear_free> bn_;
+  static bool defaultPrimeCheckCallback(int, int) { return 1; }
+};
 class Rsa final {
  public:
@@ -491,6 +597,10 @@ class Ec final {
   const EC_GROUP* getGroup() const;
   int getCurve() const;
+  uint32_t getDegree() const;
+  std::string getCurveName() const;
+  const EC_POINT* getPublicKey() const;
+  const BIGNUM* getPrivateKey() const;
   inline operator bool() const { return ec_ != nullptr; }
   inline operator OSSL3_CONST EC_KEY*() const { return ec_; }
@@ -500,8 +610,16 @@ class Ec final {
   using GetCurveCallback = std::function<bool(const char*)>;
   static bool GetCurves(GetCurveCallback callback);
+  inline const BignumPointer& getX() const { return x_; }
+  inline const BignumPointer& getY() const { return y_; }
+  inline const BignumPointer& getD() const { return d_; }
  private:
   OSSL3_CONST EC_KEY* ec_ = nullptr;
+  // Affine coordinates for the EC_KEY.
+  BignumPointer x_;
+  BignumPointer y_;
+  BignumPointer d_;
 };
 // A managed pointer to a buffer of data. When destroyed the underlying
@@ -632,78 +750,6 @@ class BIOPointer final {
   mutable DeleteFnPtr<BIO, BIO_free_all> bio_;
 };
-class BignumPointer final {
- public:
-  BignumPointer() = default;
-  explicit BignumPointer(BIGNUM* bignum);
-  explicit BignumPointer(const unsigned char* data, size_t len);
-  BignumPointer(BignumPointer&& other) noexcept;
-  BignumPointer& operator=(BignumPointer&& other) noexcept;
-  NCRYPTO_DISALLOW_COPY(BignumPointer)
-  ~BignumPointer();
-  int operator<=>(const BignumPointer& other) const noexcept;
-  int operator<=>(const BIGNUM* other) const noexcept;
-  inline operator bool() const { return bn_ != nullptr; }
-  inline BIGNUM* get() const noexcept { return bn_.get(); }
-  void reset(BIGNUM* bn = nullptr);
-  void reset(const unsigned char* data, size_t len);
-  BIGNUM* release();
-  bool isZero() const;
-  bool isOne() const;
-  bool setWord(unsigned long w);  // NOLINT(runtime/int)
-  unsigned long getWord() const;  // NOLINT(runtime/int)
-  size_t byteLength() const;
-  DataPointer toHex() const;
-  DataPointer encode() const;
-  DataPointer encodePadded(size_t size) const;
-  size_t encodeInto(unsigned char* out) const;
-  size_t encodePaddedInto(unsigned char* out, size_t size) const;
-  using PrimeCheckCallback = std::function<bool(int, int)>;
-  int isPrime(int checks,
-              PrimeCheckCallback cb = defaultPrimeCheckCallback) const;
-  struct PrimeConfig {
-    int bits;
-    bool safe = false;
-    const BignumPointer& add;
-    const BignumPointer& rem;
-  };
-  static BignumPointer NewPrime(
-      const PrimeConfig& params,
-      PrimeCheckCallback cb = defaultPrimeCheckCallback);
-  bool generate(const PrimeConfig& params,
-                PrimeCheckCallback cb = defaultPrimeCheckCallback) const;
-  static BignumPointer New();
-  static BignumPointer NewSecure();
-  static BignumPointer NewSub(const BignumPointer& a, const BignumPointer& b);
-  static BignumPointer NewLShift(size_t length);
-  static DataPointer Encode(const BIGNUM* bn);
-  static DataPointer EncodePadded(const BIGNUM* bn, size_t size);
-  static size_t EncodePaddedInto(const BIGNUM* bn,
-                                 unsigned char* out,
-                                 size_t size);
-  static int GetBitCount(const BIGNUM* bn);
-  static int GetByteCount(const BIGNUM* bn);
-  static unsigned long GetWord(const BIGNUM* bn);  // NOLINT(runtime/int)
-  static const BIGNUM* One();
-  BignumPointer clone();
- private:
-  DeleteFnPtr<BIGNUM, BN_clear_free> bn_;
-  static bool defaultPrimeCheckCallback(int, int) { return 1; }
-};
 class CipherCtxPointer final {
  public:
   static CipherCtxPointer New();
@@ -945,12 +991,15 @@ class EVPKeyPointer final {
   int getDefaultSignPadding() const;
   operator Rsa() const;
   operator Dsa() const;
+  operator Ec() const;
   bool isRsaVariant() const;
   bool isOneShotVariant() const;
   bool isSigVariant() const;
   bool validateDsaParameters() const;
+  EVPKeyPointer clone() const;
  private:
   DeleteFnPtr<EVP_PKEY, EVP_PKEY_free> pkey_;
 };
@@ -1189,6 +1238,8 @@ class X509View final {
   BIOPointer getInfoAccess() const;
   BIOPointer getValidFrom() const;
   BIOPointer getValidTo() const;
+  std::optional<std::string_view> getSignatureAlgorithm() const;
+  std::optional<std::string> getSignatureAlgorithmOID() const;
   int64_t getValidFromTime() const;
   int64_t getValidToTime() const;
   DataPointer getSerialNumber() const;
@@ -1407,6 +1458,15 @@ class EVPMDCtxPointer final {
   std::optional<EVP_PKEY_CTX*> verifyInit(const EVPKeyPointer& key,
                                           const Digest& digest);
+  std::optional<EVP_PKEY_CTX*> signInitWithContext(
+      const EVPKeyPointer& key,
+      const Digest& digest,
+      const Buffer<const unsigned char>& context_string);
+  std::optional<EVP_PKEY_CTX*> verifyInitWithContext(
+      const EVPKeyPointer& key,
+      const Digest& digest,
+      const Buffer<const unsigned char>& context_string);
   DataPointer signOneShot(const Buffer<const unsigned char>& buf) const;
   DataPointer sign(const Buffer<const unsigned char>& buf) const;
   bool verify(const Buffer<const unsigned char>& buf,
@@ -1451,6 +1511,56 @@ class HMACCtxPointer final {
   DeleteFnPtr<HMAC_CTX, HMAC_CTX_free> ctx_;
 };
+#if OPENSSL_VERSION_MAJOR >= 3
+class EVPMacPointer final {
+ public:
+  EVPMacPointer() = default;
+  explicit EVPMacPointer(EVP_MAC* mac);
+  EVPMacPointer(EVPMacPointer&& other) noexcept;
+  EVPMacPointer& operator=(EVPMacPointer&& other) noexcept;
+  NCRYPTO_DISALLOW_COPY(EVPMacPointer)
+  ~EVPMacPointer();
+  inline bool operator==(std::nullptr_t) noexcept { return mac_ == nullptr; }
+  inline operator bool() const { return mac_ != nullptr; }
+  inline EVP_MAC* get() const { return mac_.get(); }
+  inline operator EVP_MAC*() const { return mac_.get(); }
+  void reset(EVP_MAC* mac = nullptr);
+  EVP_MAC* release();
+  static EVPMacPointer Fetch(const char* algorithm);
+ private:
+  DeleteFnPtr<EVP_MAC, EVP_MAC_free> mac_;
+};
+class EVPMacCtxPointer final {
+ public:
+  EVPMacCtxPointer() = default;
+  explicit EVPMacCtxPointer(EVP_MAC_CTX* ctx);
+  EVPMacCtxPointer(EVPMacCtxPointer&& other) noexcept;
+  EVPMacCtxPointer& operator=(EVPMacCtxPointer&& other) noexcept;
+  NCRYPTO_DISALLOW_COPY(EVPMacCtxPointer)
+  ~EVPMacCtxPointer();
+  inline bool operator==(std::nullptr_t) noexcept { return ctx_ == nullptr; }
+  inline operator bool() const { return ctx_ != nullptr; }
+  inline EVP_MAC_CTX* get() const { return ctx_.get(); }
+  inline operator EVP_MAC_CTX*() const { return ctx_.get(); }
+  void reset(EVP_MAC_CTX* ctx = nullptr);
+  EVP_MAC_CTX* release();
+  bool init(const Buffer<const void>& key, const OSSL_PARAM* params = nullptr);
+  bool update(const Buffer<const void>& data);
+  DataPointer final(size_t length);
+  static EVPMacCtxPointer New(EVP_MAC* mac);
+ private:
+  DeleteFnPtr<EVP_MAC_CTX, EVP_MAC_CTX_free> ctx_;
+};
+#endif  // OPENSSL_VERSION_MAJOR >= 3
 #ifndef OPENSSL_NO_ENGINE
 class EnginePointer final {
  public:
@@ -1518,11 +1628,19 @@ bool SafeX509InfoAccessPrint(const BIOPointer& out, X509_EXTENSION* ext);
 // ============================================================================
 // SPKAC
-bool VerifySpkac(const char* input, size_t length);
-BIOPointer ExportPublicKey(const char* input, size_t length);
+[[deprecated("Use the version that takes a Buffer")]] bool VerifySpkac(
+    const char* input, size_t length);
+[[deprecated("Use the version that takes a Buffer")]] BIOPointer
+ExportPublicKey(const char* input, size_t length);
 // The caller takes ownership of the returned Buffer<char>
-Buffer<char> ExportChallenge(const char* input, size_t length);
+[[deprecated("Use the version that takes a Buffer")]] Buffer<char>
+ExportChallenge(const char* input, size_t length);
+bool VerifySpkac(const Buffer<const char>& buf);
+BIOPointer ExportPublicKey(const Buffer<const char>& buf);
+DataPointer ExportChallenge(const Buffer<const char>& buf);
 // ============================================================================
 // KDF
@@ -1539,6 +1657,13 @@ bool extractP1363(const Buffer<const unsigned char>& buf,
                   unsigned char* dest,
                   size_t n);
+bool hkdfInfo(const Digest& md,
+              const Buffer<const unsigned char>& key,
+              const Buffer<const unsigned char>& info,
+              const Buffer<const unsigned char>& salt,
+              size_t length,
+              Buffer<unsigned char>* out);
 DataPointer hkdf(const Digest& md,
                  const Buffer<const unsigned char>& key,
                  const Buffer<const unsigned char>& info,
@@ -1547,6 +1672,15 @@ DataPointer hkdf(const Digest& md,
 bool checkScryptParams(uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem);
+bool scryptInto(const Buffer<const char>& pass,
+                const Buffer<const unsigned char>& salt,
+                uint64_t N,
+                uint64_t r,
+                uint64_t p,
+                uint64_t maxmem,
+                size_t length,
+                Buffer<unsigned char>* out);
 DataPointer scrypt(const Buffer<const char>& pass,
                    const Buffer<const unsigned char>& salt,
                    uint64_t N,
@@ -1555,6 +1689,13 @@ DataPointer scrypt(const Buffer<const char>& pass,
                    uint64_t maxmem,
                    size_t length);
+bool pbkdf2Into(const Digest& md,
+                const Buffer<const char>& pass,
+                const Buffer<const unsigned char>& salt,
+                uint32_t iterations,
+                size_t length,
+                Buffer<unsigned char>* out);
 DataPointer pbkdf2(const Digest& md,
                    const Buffer<const char>& pass,
                    const Buffer<const unsigned char>& salt,
@@ -1612,6 +1753,137 @@ class KEM final {
 #endif  // OPENSSL_VERSION_MAJOR >= 3
+// ============================================================================
+// AEAD (Authenticated Encryption with Associated Data)
+// Note that the underlying EVP_AEAD interface is specific to BoringSSL. AEAD
+// primitives are accessed through the Cipher class instead, if using OpenSSL.
+#ifdef OPENSSL_IS_BORINGSSL
+class Aead final : public ModeMixin<Aead> {
+ private:
+  // BoringSSL does not keep a list of AEADs, so we need to maintain our own.
+  struct AeadInfo {
+    std::string name;
+    int mode;
+    int nid = 0;  // Note: BoringSSL only defines NIDs for some AEADs
+  };
+ public:
+  Aead() = default;
+  Aead(const AeadInfo* info, const EVP_AEAD* aead) : info_(info), aead_(aead) {}
+  Aead(const Aead&) = default;
+  Aead& operator=(const Aead&) = default;
+  NCRYPTO_DISALLOW_MOVE(Aead)
+  inline const EVP_AEAD* get() const { return aead_; }
+  inline operator const EVP_AEAD*() const { return aead_; }
+  inline operator bool() const { return aead_ != nullptr; }
+  int getMode() const;
+  int getNonceLength() const;
+  int getKeyLength() const;
+  int getBlockSize() const;
+  int getMaxOverhead() const;
+  int getMaxTagLength() const;
+  std::string_view getName() const;
+  static const Aead FromName(std::string_view name);
+  // TODO(npaun): BoringSSL does not define NIDs for all AEADs.
+  // This method is included only for implementing getCipherInfo and can't be
+  // used to construct an Aead instance.
+  int getNid() const;
+  // static const AEAD FromNid(int nid);
+  static const Aead FromCtx(std::string_view name, const AeadCtxPointer& ctx);
+  using AeadNameCallback = std::function<void(std::string_view name)>;
+  // Iterates the known ciphers if the underlying implementation
+  // is able to do so.
+  static void ForEach(AeadNameCallback callback);
+  // Utilities to get various AEADs by type.
+  static const Aead EMPTY;
+  static const Aead AES_128_GCM;
+  static const Aead AES_192_GCM;
+  static const Aead AES_256_GCM;
+  static const Aead CHACHA20_POLY1305;
+  static const Aead XCHACHA20_POLY1305;
+  static const Aead AES_128_CTR_HMAC_SHA256;
+  static const Aead AES_256_CTR_HMAC_SHA256;
+  static const Aead AES_128_GCM_SIV;
+  static const Aead AES_256_GCM_SIV;
+  static const Aead AES_128_GCM_RANDNONCE;
+  static const Aead AES_256_GCM_RANDNONCE;
+  static const Aead AES_128_CCM_BLUETOOTH;
+  static const Aead AES_128_CCM_BLUETOOTH_8;
+  static const Aead AES_128_CCM_MATTER;
+  static const Aead AES_128_EAX;
+  static const Aead AES_256_EAX;
+ private:
+  const EVP_AEAD* aead_ = nullptr;
+  const AeadInfo* info_ = nullptr;
+  using AeadConstructor = const EVP_AEAD* (*)();
+  static const std::unordered_map<AeadConstructor, AeadInfo> aeadIndex;
+  static const Aead FromConstructor(AeadConstructor construct);
+};
+class AeadCtxPointer final {
+ public:
+  static AeadCtxPointer New(
+      const Aead& aead,
+      bool encrypt,
+      const unsigned char* key = nullptr,
+      size_t keyLen = 0,
+      size_t tagLen = EVP_AEAD_DEFAULT_TAG_LENGTH /* = 0 */);
+  AeadCtxPointer() = default;
+  explicit AeadCtxPointer(EVP_AEAD_CTX* ctx);
+  AeadCtxPointer(AeadCtxPointer&& other) noexcept;
+  AeadCtxPointer& operator=(AeadCtxPointer&& other) noexcept;
+  NCRYPTO_DISALLOW_COPY(AeadCtxPointer)
+  ~AeadCtxPointer();
+  inline bool operator==(std::nullptr_t) const noexcept {
+    return ctx_ == nullptr;
+  }
+  inline operator bool() const { return ctx_ != nullptr; }
+  inline EVP_AEAD_CTX* get() const { return ctx_.get(); }
+  inline operator EVP_AEAD_CTX*() const { return ctx_.get(); }
+  void reset(EVP_AEAD_CTX* ctx = nullptr);
+  EVP_AEAD_CTX* release();
+  bool init(const Aead& aead,
+            bool encrypt,
+            const unsigned char* key = nullptr,
+            size_t keyLen = 0,
+            size_t tagLen = EVP_AEAD_DEFAULT_TAG_LENGTH /* = 0 */);
+  // TODO(npaun): BoringSSL does not define NIDs for all AEADs.
+  // Decide if we will even implement this method.
+  // int getNid() const;
+  bool encrypt(const Buffer<const unsigned char>& in,
+               Buffer<unsigned char>& out,
+               Buffer<unsigned char>& tag,
+               const Buffer<const unsigned char>& nonce,
+               const Buffer<const unsigned char>& aad);
+  bool decrypt(const Buffer<const unsigned char>& in,
+               Buffer<unsigned char>& out,
+               const Buffer<const unsigned char>& tag,
+               const Buffer<const unsigned char>& nonce,
+               const Buffer<const unsigned char>& aad);
+ private:
+  DeleteFnPtr<EVP_AEAD_CTX, EVP_AEAD_CTX_free> ctx_;
+};
+#endif
 // ============================================================================
 // Version metadata
 #define NCRYPTO_VERSION "0.0.1"