react-native-quick-crypto 1.0.0 → 1.0.2

package/QuickCrypto.podspec

@@ -23,63 +23,21 @@ Pod::Spec.new do |s|
   Pod::UI.puts("[QuickCrypto]  🧂 has libsodium #{sodium_enabled ? "enabled" : "disabled"}!")
 
   if sodium_enabled
-    # cocoapod for Sodium has not been updated for a while, so we need to build it ourselves
-    # https://github.com/jedisct1/swift-sodium/issues/264#issuecomment-2864963850
+    # Build libsodium from source for XSalsa20 cipher support
+    # CocoaPods packages are outdated (1.0.12) and SPM causes module conflicts
     s.prepare_command = <<-CMD
-      set -e  # Exit on any error
-      set -x  # Print commands as they execute
-
-      # Create ios directory if it doesn't exist
+      set -e
       mkdir -p ios
-
-      # Download libsodium with verbose output
-      echo "Downloading libsodium..."
-      curl -L -v -o ios/libsodium.tar.gz https://download.libsodium.org/libsodium/releases/libsodium-1.0.20-stable.tar.gz
-
-      # Verify download
-      if [ ! -f ios/libsodium.tar.gz ]; then
-        echo "ERROR: Failed to download libsodium.tar.gz"
-        exit 1
-      fi
-
-      echo "Download size: $(wc -c < ios/libsodium.tar.gz) bytes"
-
-      # Clean previous extraction
-      rm -rf ios/libsodium-stable
-
-      # Extract the full tarball
-      echo "Extracting libsodium..."
+      curl -L -o ios/libsodium.tar.gz https://download.libsodium.org/libsodium/releases/libsodium-1.0.20-stable.tar.gz
       tar -xzf ios/libsodium.tar.gz -C ios
-
-      # Verify extraction
-      if [ ! -d ios/libsodium-stable ]; then
-        echo "ERROR: Failed to extract libsodium"
-        exit 1
-      fi
-
-      # Run configure and make to generate all headers including private ones
-      echo "Configuring libsodium..."
       cd ios/libsodium-stable
       ./configure --disable-shared --enable-static
-
-      echo "Building libsodium..."
       make -j$(sysctl -n hw.ncpu)
-
-      # Verify build success
-      if [ ! -f src/libsodium/.libs/libsodium.a ]; then
-        echo "ERROR: libsodium build failed - static library not found"
-        exit 1
-      fi
-
-      echo "libsodium build completed successfully"
-
-      # Cleanup
       cd ../../
       rm -f ios/libsodium.tar.gz
     CMD
   else
     s.prepare_command = <<-CMD
-      # Clean up libsodium files if they exist
       rm -rf ios/libsodium-stable
       rm -f ios/libsodium.tar.gz
     CMD
@@ -92,10 +50,12 @@ Pod::Spec.new do |s|
     "ios/**/*.{h,m,mm}",
     # implementation (C++)
     "cpp/**/*.{hpp,cpp}",
-    # dependencies (C++)
-    "deps/**/*.{h,cc}",
+    # dependencies (C++) - ncrypto
+    "deps/ncrypto/include/*.{h}",
+    "deps/ncrypto/src/*.{cpp}",
     # dependencies (C) - exclude BLAKE3 x86 SIMD files (only use portable + NEON for ARM)
-    "deps/**/*.{h,c}",
+    "deps/blake3/c/*.{h,c}",
+    "deps/fastpbkdf2/*.{h,c}",
   ]
 
   # Exclude BLAKE3 x86-specific SIMD implementations (SSE2, SSE4.1, AVX2, AVX-512)
@@ -148,7 +108,7 @@ Pod::Spec.new do |s|
   # Add cpp subdirectories to header search paths
   cpp_headers = [
     "\"$(PODS_TARGET_SRCROOT)/cpp/utils\"",
-    "\"$(PODS_TARGET_SRCROOT)/deps/ncrypto\"",
+    "\"$(PODS_TARGET_SRCROOT)/deps/ncrypto/include\"",
     "\"$(PODS_TARGET_SRCROOT)/deps/blake3/c\"",
     "\"$(PODS_TARGET_SRCROOT)/deps/fastpbkdf2\""
   ]
@@ -162,7 +122,7 @@ Pod::Spec.new do |s|
       "\"$(PODS_ROOT)/../../packages/react-native-quick-crypto/ios/libsodium-stable/src/libsodium/include/sodium\""
     ]
     xcconfig["HEADER_SEARCH_PATHS"] = (cpp_headers + sodium_headers).join(' ')
-    xcconfig["GCC_PREPROCESSOR_DEFINITIONS"] = "$(inherited) BLSALLOC_SODIUM=1"
+    xcconfig["GCC_PREPROCESSOR_DEFINITIONS"] = "$(inherited) FOLLY_NO_CONFIG FOLLY_CFG_NO_COROUTINES BLSALLOC_SODIUM=1"
   else
     xcconfig["HEADER_SEARCH_PATHS"] = cpp_headers.join(' ')
   end
@@ -175,6 +135,13 @@ Pod::Spec.new do |s|
 
   s.dependency "React-jsi"
   s.dependency "React-callinvoker"
-  s.dependency "OpenSSL-Universal", "3.3.3001"
+
+  # OpenSSL 3.6+ via SPM for ML-DSA (post-quantum cryptography) support
+  spm_dependency(s,
+    url: 'https://github.com/krzyzanowskim/OpenSSL.git',
+    requirement: {kind: 'upToNextMajorVersion', minimumVersion: '3.6.0'},
+    products: ['OpenSSL']
+  )
+
   install_modules_dependencies(s)
 end

package/android/CMakeLists.txt

@@ -40,6 +40,7 @@ add_library(
   ../cpp/hmac/HybridHmac.cpp
   ../cpp/keys/HybridKeyObjectHandle.cpp
   ../cpp/keys/KeyObjectData.cpp
+  ../cpp/mldsa/HybridMlDsaKeyPair.cpp
   ../cpp/pbkdf2/HybridPbkdf2.cpp
   ../cpp/random/HybridRandom.cpp
   ../cpp/rsa/HybridRsaKeyPair.cpp
@@ -47,7 +48,7 @@ add_library(
   ../cpp/sign/HybridVerifyHandle.cpp
   ${BLAKE3_SOURCES}
   ../deps/fastpbkdf2/fastpbkdf2.c
-  ../deps/ncrypto/ncrypto.cc
+  ../deps/ncrypto/src/ncrypto.cpp
 )
 
 # add Nitrogen specs
@@ -63,6 +64,7 @@ include_directories(
   "../cpp/hash"
   "../cpp/hmac"
   "../cpp/keys"
+  "../cpp/mldsa"
   "../cpp/pbkdf2"
   "../cpp/random"
   "../cpp/rsa"
@@ -70,7 +72,7 @@ include_directories(
   "../cpp/utils"
   "../deps/blake3/c"
   "../deps/fastpbkdf2"
-  "../deps/ncrypto"
+  "../deps/ncrypto/include"
 )
 
 # Third party libraries (Prefabs)

package/android/build.gradle

@@ -143,7 +143,7 @@ dependencies {
   implementation project(":react-native-nitro-modules")
 
   // Add a dependency on OpenSSL
-  implementation 'io.github.ronickg:openssl:3.3.2-1'
+  implementation 'io.github.ronickg:openssl:3.6.0-1'
 
   if (sodiumEnabled) {
     // Add a dependency on libsodium

package/cpp/cipher/HybridCipher.cpp

@@ -86,6 +86,14 @@ void HybridCipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const std
     ctx = nullptr;
     throw std::runtime_error("HybridCipher: Failed to set key/IV: " + std::string(err_buf));
   }
+
+  // For AES-KW (wrap ciphers), set the WRAP_ALLOW flag and disable padding
+  std::string cipher_name(cipher_type);
+  if (cipher_name.find("-wrap") != std::string::npos) {
+    // This flag is required for AES-KW in OpenSSL 3.x
+    EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
+    EVP_CIPHER_CTX_set_padding(ctx, 0);
+  }
 }
 
 std::shared_ptr<ArrayBuffer> HybridCipher::update(const std::shared_ptr<ArrayBuffer>& data) {
@@ -100,7 +108,15 @@ std::shared_ptr<ArrayBuffer> HybridCipher::update(const std::shared_ptr<ArrayBuf
   uint8_t* out = new uint8_t[out_len];
   // Perform the cipher update operation. The real size of the output is
   // returned in out_len
-  EVP_CipherUpdate(ctx, out, &out_len, native_data->data(), in_len);
+  int ret = EVP_CipherUpdate(ctx, out, &out_len, native_data->data(), in_len);
+
+  if (!ret) {
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    delete[] out;
+    throw std::runtime_error("Cipher update failed: " + std::string(err_buf));
+  }
 
   // Create and return a new buffer of exact size needed
   return std::make_shared<NativeArrayBuffer>(out, out_len, [=]() { delete[] out; });
@@ -297,8 +313,9 @@ void collect_ciphers(EVP_CIPHER* cipher, void* arg) {
     if (name_str == "NULL" || name_str.find("CTS") != std::string::npos ||
         name_str.find("SIV") != std::string::npos ||  // Covers -SIV and -GCM-SIV
         name_str.find("WRAP") != std::string::npos || // Covers -WRAP-INV and -WRAP-PAD-INV
-        name_str.find("SM4-") != std::string::npos) {
-      return; // Skip adding this cipher
+        name_str.find("SM4-") != std::string::npos ||
+        name_str.find("-ETM") != std::string::npos) { // TLS-internal ciphers, not for general use
+      return;                                         // Skip adding this cipher
     }
 
     // If not filtered out, add it to the list

package/cpp/cipher/HybridRsaCipher.cpp

@@ -320,13 +320,32 @@ std::shared_ptr<ArrayBuffer> HybridRsaCipher::privateDecrypt(const std::shared_p
     throw std::runtime_error("Failed to determine output length: " + std::string(err_buf));
   }
 
+  if (outlen == 0) {
+    EVP_PKEY_CTX_free(ctx);
+    uint8_t* empty_buf = new uint8_t[1];
+    return std::make_shared<NativeArrayBuffer>(empty_buf, 0, [empty_buf]() { delete[] empty_buf; });
+  }
+
   auto out_buf = std::make_unique<uint8_t[]>(outlen);
 
   if (EVP_PKEY_verify_recover(ctx, out_buf.get(), &outlen, in, inlen) <= 0) {
-    EVP_PKEY_CTX_free(ctx);
+    // OpenSSL 3.x may return failure when recovering empty plaintext
+    // In this case outlen is not updated from the initial buffer size
+    // Check the error and attempt to handle the empty data case
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
+
+    // Check if this is an RSA library error that might indicate empty recovered data
+    // Error code 0x1C880004 is "RSA lib" error from OpenSSL 3.x provider
+    if ((err & 0xFFFFFFF) == 0x1C880004 || (err & 0xFF) == 0x04) {
+      ERR_clear_error();
+      EVP_PKEY_CTX_free(ctx);
+      uint8_t* empty_buf = new uint8_t[1];
+      return std::make_shared<NativeArrayBuffer>(empty_buf, 0, [empty_buf]() { delete[] empty_buf; });
+    }
+
+    EVP_PKEY_CTX_free(ctx);
     throw std::runtime_error("Private decryption failed: " + std::string(err_buf));
   }
 

package/cpp/ed25519/HybridEdKeyPair.cpp

@@ -14,14 +14,20 @@ std::shared_ptr<ArrayBuffer> HybridEdKeyPair::diffieHellman(const std::shared_pt
   using EVP_PKEY_ptr = std::unique_ptr<EVP_PKEY, decltype(&EVP_PKEY_free)>;
   using EVP_PKEY_CTX_ptr = std::unique_ptr<EVP_PKEY_CTX, decltype(&EVP_PKEY_CTX_free)>;
 
+  // Determine key type from curve name
+  int keyType = EVP_PKEY_X25519;
+  if (this->curve == "x448" || this->curve == "X448") {
+    keyType = EVP_PKEY_X448;
+  }
+
   // 1. Create EVP_PKEY for private key (our key)
-  EVP_PKEY_ptr pkey_priv(EVP_PKEY_new_raw_private_key(EVP_PKEY_X25519, NULL, privateKey->data(), privateKey->size()), EVP_PKEY_free);
+  EVP_PKEY_ptr pkey_priv(EVP_PKEY_new_raw_private_key(keyType, NULL, privateKey->data(), privateKey->size()), EVP_PKEY_free);
   if (!pkey_priv) {
     throw std::runtime_error("Failed to create private key: " + getOpenSSLError());
   }
 
   // 2. Create EVP_PKEY for public key (peer's key)
-  EVP_PKEY_ptr pkey_pub(EVP_PKEY_new_raw_public_key(EVP_PKEY_X25519, NULL, publicKey->data(), publicKey->size()), EVP_PKEY_free);
+  EVP_PKEY_ptr pkey_pub(EVP_PKEY_new_raw_public_key(keyType, NULL, publicKey->data(), publicKey->size()), EVP_PKEY_free);
   if (!pkey_pub) {
     throw std::runtime_error("Failed to create public key: " + getOpenSSLError());
   }

package/cpp/keys/HybridKeyObjectHandle.cpp

@@ -322,6 +322,14 @@ AsymmetricKeyType HybridKeyObjectHandle::getAsymmetricKeyType() {
       return AsymmetricKeyType::ED25519;
     case EVP_PKEY_ED448:
       return AsymmetricKeyType::ED448;
+#if OPENSSL_VERSION_NUMBER >= 0x30500000L
+    case EVP_PKEY_ML_DSA_44:
+      return AsymmetricKeyType::ML_DSA_44;
+    case EVP_PKEY_ML_DSA_65:
+      return AsymmetricKeyType::ML_DSA_65;
+    case EVP_PKEY_ML_DSA_87:
+      return AsymmetricKeyType::ML_DSA_87;
+#endif
     default:
       throw std::runtime_error("Unsupported asymmetric key type");
   }

package/cpp/keys/KeyObjectData.hpp

@@ -2,11 +2,11 @@
 
 #include <NitroModules/ArrayBuffer.hpp>
 
-#include "../../deps/ncrypto/ncrypto.h"
 #include "KFormatType.hpp"
 #include "KeyEncoding.hpp"
 #include "KeyType.hpp"
 #include "Utils.hpp"
+#include <ncrypto.h>
 
 namespace margelo::nitro::crypto {
 

package/cpp/mldsa/HybridMlDsaKeyPair.cpp

@@ -0,0 +1,264 @@
+#include "HybridMlDsaKeyPair.hpp"
+
+#include <NitroModules/ArrayBuffer.hpp>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+
+#include "Utils.hpp"
+
+#if OPENSSL_VERSION_NUMBER >= 0x30500000L
+#define RNQC_HAS_ML_DSA 1
+#else
+#define RNQC_HAS_ML_DSA 0
+#endif
+
+namespace margelo::nitro::crypto {
+
+HybridMlDsaKeyPair::~HybridMlDsaKeyPair() {
+  if (pkey_ != nullptr) {
+    EVP_PKEY_free(pkey_);
+    pkey_ = nullptr;
+  }
+}
+
+int HybridMlDsaKeyPair::getEvpPkeyType() const {
+#if RNQC_HAS_ML_DSA
+  if (variant_ == "ML-DSA-44")
+    return EVP_PKEY_ML_DSA_44;
+  if (variant_ == "ML-DSA-65")
+    return EVP_PKEY_ML_DSA_65;
+  if (variant_ == "ML-DSA-87")
+    return EVP_PKEY_ML_DSA_87;
+#endif
+  return 0;
+}
+
+void HybridMlDsaKeyPair::setVariant(const std::string& variant) {
+#if !RNQC_HAS_ML_DSA
+  throw std::runtime_error("ML-DSA requires OpenSSL 3.5+");
+#endif
+  if (variant != "ML-DSA-44" && variant != "ML-DSA-65" && variant != "ML-DSA-87") {
+    throw std::runtime_error("Invalid ML-DSA variant: " + variant + ". Must be ML-DSA-44, ML-DSA-65, or ML-DSA-87");
+  }
+  variant_ = variant;
+}
+
+std::shared_ptr<Promise<void>> HybridMlDsaKeyPair::generateKeyPair(double publicFormat, double publicType, double privateFormat,
+                                                                   double privateType) {
+  return Promise<void>::async([this, publicFormat, publicType, privateFormat, privateType]() {
+    this->generateKeyPairSync(publicFormat, publicType, privateFormat, privateType);
+  });
+}
+
+void HybridMlDsaKeyPair::generateKeyPairSync(double publicFormat, double publicType, double privateFormat, double privateType) {
+#if !RNQC_HAS_ML_DSA
+  throw std::runtime_error("ML-DSA requires OpenSSL 3.5+");
+#else
+  clearOpenSSLErrors();
+
+  if (variant_.empty()) {
+    throw std::runtime_error("ML-DSA variant not set. Call setVariant() first.");
+  }
+
+  publicFormat_ = static_cast<int>(publicFormat);
+  publicType_ = static_cast<int>(publicType);
+  privateFormat_ = static_cast<int>(privateFormat);
+  privateType_ = static_cast<int>(privateType);
+
+  if (pkey_ != nullptr) {
+    EVP_PKEY_free(pkey_);
+    pkey_ = nullptr;
+  }
+
+  EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_from_name(nullptr, variant_.c_str(), nullptr);
+  if (pctx == nullptr) {
+    throw std::runtime_error("Failed to create key context for " + variant_ + ": " + getOpenSSLError());
+  }
+
+  if (EVP_PKEY_keygen_init(pctx) <= 0) {
+    EVP_PKEY_CTX_free(pctx);
+    throw std::runtime_error("Failed to initialize keygen: " + getOpenSSLError());
+  }
+
+  if (EVP_PKEY_keygen(pctx, &pkey_) <= 0) {
+    EVP_PKEY_CTX_free(pctx);
+    throw std::runtime_error("Failed to generate ML-DSA key pair: " + getOpenSSLError());
+  }
+
+  EVP_PKEY_CTX_free(pctx);
+#endif
+}
+
+std::shared_ptr<ArrayBuffer> HybridMlDsaKeyPair::getPublicKey() {
+#if !RNQC_HAS_ML_DSA
+  throw std::runtime_error("ML-DSA requires OpenSSL 3.5+");
+#else
+  checkKeyPair();
+
+  BIO* bio = BIO_new(BIO_s_mem());
+  if (!bio) {
+    throw std::runtime_error("Failed to create BIO for public key export");
+  }
+
+  int result;
+  if (publicFormat_ == 1) {
+    result = PEM_write_bio_PUBKEY(bio, pkey_);
+  } else {
+    result = i2d_PUBKEY_bio(bio, pkey_);
+  }
+
+  if (result != 1) {
+    BIO_free(bio);
+    throw std::runtime_error("Failed to export public key: " + getOpenSSLError());
+  }
+
+  BUF_MEM* bptr;
+  BIO_get_mem_ptr(bio, &bptr);
+
+  uint8_t* data = new uint8_t[bptr->length];
+  memcpy(data, bptr->data, bptr->length);
+  size_t len = bptr->length;
+
+  BIO_free(bio);
+
+  return std::make_shared<NativeArrayBuffer>(data, len, [=]() { delete[] data; });
+#endif
+}
+
+std::shared_ptr<ArrayBuffer> HybridMlDsaKeyPair::getPrivateKey() {
+#if !RNQC_HAS_ML_DSA
+  throw std::runtime_error("ML-DSA requires OpenSSL 3.5+");
+#else
+  checkKeyPair();
+
+  BIO* bio = BIO_new(BIO_s_mem());
+  if (!bio) {
+    throw std::runtime_error("Failed to create BIO for private key export");
+  }
+
+  int result;
+  if (privateFormat_ == 1) {
+    result = PEM_write_bio_PrivateKey(bio, pkey_, nullptr, nullptr, 0, nullptr, nullptr);
+  } else {
+    // Use PKCS8 format for DER export (not raw private key format)
+    result = i2d_PKCS8PrivateKey_bio(bio, pkey_, nullptr, nullptr, 0, nullptr, nullptr);
+  }
+
+  if (result != 1) {
+    BIO_free(bio);
+    throw std::runtime_error("Failed to export private key: " + getOpenSSLError());
+  }
+
+  BUF_MEM* bptr;
+  BIO_get_mem_ptr(bio, &bptr);
+
+  uint8_t* data = new uint8_t[bptr->length];
+  memcpy(data, bptr->data, bptr->length);
+  size_t len = bptr->length;
+
+  BIO_free(bio);
+
+  return std::make_shared<NativeArrayBuffer>(data, len, [=]() { delete[] data; });
+#endif
+}
+
+std::shared_ptr<Promise<std::shared_ptr<ArrayBuffer>>> HybridMlDsaKeyPair::sign(const std::shared_ptr<ArrayBuffer>& message) {
+  auto nativeMessage = ToNativeArrayBuffer(message);
+  return Promise<std::shared_ptr<ArrayBuffer>>::async([this, nativeMessage]() { return this->signSync(nativeMessage); });
+}
+
+std::shared_ptr<ArrayBuffer> HybridMlDsaKeyPair::signSync(const std::shared_ptr<ArrayBuffer>& message) {
+#if !RNQC_HAS_ML_DSA
+  throw std::runtime_error("ML-DSA requires OpenSSL 3.5+");
+#else
+  clearOpenSSLErrors();
+  checkKeyPair();
+
+  EVP_MD_CTX* md_ctx = EVP_MD_CTX_new();
+  if (md_ctx == nullptr) {
+    throw std::runtime_error("Failed to create signing context");
+  }
+
+  EVP_PKEY_CTX* pkey_ctx = EVP_PKEY_CTX_new_from_name(nullptr, variant_.c_str(), nullptr);
+  if (pkey_ctx == nullptr) {
+    EVP_MD_CTX_free(md_ctx);
+    throw std::runtime_error("Failed to create signing context for " + variant_);
+  }
+
+  if (EVP_DigestSignInit(md_ctx, &pkey_ctx, nullptr, nullptr, pkey_) <= 0) {
+    EVP_MD_CTX_free(md_ctx);
+    EVP_PKEY_CTX_free(pkey_ctx);
+    throw std::runtime_error("Failed to initialize signing: " + getOpenSSLError());
+  }
+
+  size_t sig_len = 0;
+  if (EVP_DigestSign(md_ctx, nullptr, &sig_len, message->data(), message->size()) <= 0) {
+    EVP_MD_CTX_free(md_ctx);
+    throw std::runtime_error("Failed to calculate signature size: " + getOpenSSLError());
+  }
+
+  uint8_t* sig = new uint8_t[sig_len];
+
+  if (EVP_DigestSign(md_ctx, sig, &sig_len, message->data(), message->size()) <= 0) {
+    EVP_MD_CTX_free(md_ctx);
+    delete[] sig;
+    throw std::runtime_error("Failed to sign message: " + getOpenSSLError());
+  }
+
+  EVP_MD_CTX_free(md_ctx);
+
+  return std::make_shared<NativeArrayBuffer>(sig, sig_len, [=]() { delete[] sig; });
+#endif
+}
+
+std::shared_ptr<Promise<bool>> HybridMlDsaKeyPair::verify(const std::shared_ptr<ArrayBuffer>& signature,
+                                                          const std::shared_ptr<ArrayBuffer>& message) {
+  auto nativeSignature = ToNativeArrayBuffer(signature);
+  auto nativeMessage = ToNativeArrayBuffer(message);
+  return Promise<bool>::async([this, nativeSignature, nativeMessage]() { return this->verifySync(nativeSignature, nativeMessage); });
+}
+
+bool HybridMlDsaKeyPair::verifySync(const std::shared_ptr<ArrayBuffer>& signature, const std::shared_ptr<ArrayBuffer>& message) {
+#if !RNQC_HAS_ML_DSA
+  throw std::runtime_error("ML-DSA requires OpenSSL 3.5+");
+#else
+  clearOpenSSLErrors();
+  checkKeyPair();
+
+  EVP_MD_CTX* md_ctx = EVP_MD_CTX_new();
+  if (md_ctx == nullptr) {
+    throw std::runtime_error("Failed to create verify context");
+  }
+
+  EVP_PKEY_CTX* pkey_ctx = EVP_PKEY_CTX_new_from_name(nullptr, variant_.c_str(), nullptr);
+  if (pkey_ctx == nullptr) {
+    EVP_MD_CTX_free(md_ctx);
+    throw std::runtime_error("Failed to create verify context for " + variant_);
+  }
+
+  if (EVP_DigestVerifyInit(md_ctx, &pkey_ctx, nullptr, nullptr, pkey_) <= 0) {
+    EVP_MD_CTX_free(md_ctx);
+    EVP_PKEY_CTX_free(pkey_ctx);
+    throw std::runtime_error("Failed to initialize verification: " + getOpenSSLError());
+  }
+
+  int result = EVP_DigestVerify(md_ctx, signature->data(), signature->size(), message->data(), message->size());
+
+  EVP_MD_CTX_free(md_ctx);
+
+  if (result < 0) {
+    throw std::runtime_error("Verification error: " + getOpenSSLError());
+  }
+
+  return result == 1;
+#endif
+}
+
+void HybridMlDsaKeyPair::checkKeyPair() {
+  if (pkey_ == nullptr) {
+    throw std::runtime_error("Key pair not initialized");
+  }
+}
+
+} // namespace margelo::nitro::crypto

package/cpp/mldsa/HybridMlDsaKeyPair.hpp

@@ -0,0 +1,47 @@
+#pragma once
+
+#include <memory>
+#include <openssl/evp.h>
+#include <string>
+
+#include "HybridMlDsaKeyPairSpec.hpp"
+
+namespace margelo::nitro::crypto {
+
+class HybridMlDsaKeyPair : public HybridMlDsaKeyPairSpec {
+ public:
+  HybridMlDsaKeyPair() : HybridObject(TAG) {}
+  ~HybridMlDsaKeyPair();
+
+  std::shared_ptr<Promise<void>> generateKeyPair(double publicFormat, double publicType, double privateFormat, double privateType) override;
+
+  void generateKeyPairSync(double publicFormat, double publicType, double privateFormat, double privateType) override;
+
+  std::shared_ptr<ArrayBuffer> getPublicKey() override;
+  std::shared_ptr<ArrayBuffer> getPrivateKey() override;
+
+  std::shared_ptr<Promise<std::shared_ptr<ArrayBuffer>>> sign(const std::shared_ptr<ArrayBuffer>& message) override;
+
+  std::shared_ptr<ArrayBuffer> signSync(const std::shared_ptr<ArrayBuffer>& message) override;
+
+  std::shared_ptr<Promise<bool>> verify(const std::shared_ptr<ArrayBuffer>& signature,
+                                        const std::shared_ptr<ArrayBuffer>& message) override;
+
+  bool verifySync(const std::shared_ptr<ArrayBuffer>& signature, const std::shared_ptr<ArrayBuffer>& message) override;
+
+  void setVariant(const std::string& variant) override;
+
+ private:
+  std::string variant_;
+  EVP_PKEY* pkey_ = nullptr;
+
+  int publicFormat_ = -1;
+  int publicType_ = -1;
+  int privateFormat_ = -1;
+  int privateType_ = -1;
+
+  void checkKeyPair();
+  int getEvpPkeyType() const;
+};
+
+} // namespace margelo::nitro::crypto