react-native-quick-crypto 1.0.11 → 1.0.13

package/lib/module/subtle.js

@@ -17,9 +17,11 @@ import { ecImportKey, ecdsaSignVerify, ec_generateKeyPair, ecDeriveBits } from '
 import { rsa_generateKeyPair } from './rsa';
 import { getRandomValues } from './random';
 import { createHmac } from './hmac';
+import { timingSafeEqual } from './utils/timingSafeEqual';
 import { createSign, createVerify } from './keys/signVerify';
 import { ed_generateKeyPairWebCrypto, x_generateKeyPairWebCrypto, xDeriveBits, Ed } from './ed';
 import { mldsa_generateKeyPairWebCrypto } from './mldsa';
+import { mlkem_generateKeyPairWebCrypto, MlKem } from './mlkem';
 import { hkdfDeriveBits } from './hkdf';
 // Temporary enums that need to be defined
 var KWebCryptoKeyFormat = /*#__PURE__*/function (KWebCryptoKeyFormat) {
@@ -483,6 +485,100 @@ async function hmacGenerateKey(algorithm, extractable, keyUsages) {
   };
   return new CryptoKey(keyObject, keyAlgorithm, keyUsages, extractable);
 }
+async function kmacGenerateKey(algorithm, extractable, keyUsages) {
+  const {
+    name
+  } = algorithm;
+  if (hasAnyNotIn(keyUsages, ['sign', 'verify'])) {
+    throw lazyDOMException(`Unsupported key usage for ${name} key`, 'SyntaxError');
+  }
+  const defaultLength = name === 'KMAC128' ? 128 : 256;
+  const length = algorithm.length ?? defaultLength;
+  if (length === 0) {
+    throw lazyDOMException('Zero-length key is not supported', 'OperationError');
+  }
+  const keyBytes = new Uint8Array(Math.ceil(length / 8));
+  getRandomValues(keyBytes);
+  const keyObject = createSecretKey(keyBytes);
+  const keyAlgorithm = {
+    name: name,
+    length
+  };
+  return new CryptoKey(keyObject, keyAlgorithm, keyUsages, extractable);
+}
+function kmacSignVerify(key, data, algorithm, signature) {
+  const {
+    name
+  } = algorithm;
+  const defaultLength = name === 'KMAC128' ? 256 : 512;
+  const outputLengthBits = algorithm.length ?? defaultLength;
+  if (outputLengthBits % 8 !== 0) {
+    throw lazyDOMException('KMAC output length must be a multiple of 8', 'OperationError');
+  }
+  const outputLengthBytes = outputLengthBits / 8;
+  const keyData = key.keyObject.export();
+  const kmac = NitroModules.createHybridObject('Kmac');
+  let customizationBuffer;
+  if (algorithm.customization !== undefined) {
+    customizationBuffer = bufferLikeToArrayBuffer(algorithm.customization);
+  }
+  kmac.createKmac(name, bufferLikeToArrayBuffer(keyData), outputLengthBytes, customizationBuffer);
+  kmac.update(bufferLikeToArrayBuffer(data));
+  const computed = kmac.digest();
+  if (signature === undefined) {
+    return computed;
+  }
+  const sigBuffer = bufferLikeToArrayBuffer(signature);
+  if (computed.byteLength !== sigBuffer.byteLength) {
+    return false;
+  }
+  return timingSafeEqual(new Uint8Array(computed), new Uint8Array(sigBuffer));
+}
+async function kmacImportKey(algorithm, format, data, extractable, keyUsages) {
+  const {
+    name
+  } = algorithm;
+  if (hasAnyNotIn(keyUsages, ['sign', 'verify'])) {
+    throw lazyDOMException(`Unsupported key usage for ${name} key`, 'SyntaxError');
+  }
+  let keyObject;
+  if (format === 'jwk') {
+    const jwk = data;
+    if (!jwk || typeof jwk !== 'object') {
+      throw lazyDOMException('Invalid keyData', 'DataError');
+    }
+    if (jwk.kty !== 'oct') {
+      throw lazyDOMException('Invalid JWK format for KMAC key', 'DataError');
+    }
+    const expectedAlg = name === 'KMAC128' ? 'K128' : 'K256';
+    if (jwk.alg !== undefined && jwk.alg !== expectedAlg) {
+      throw lazyDOMException('JWK "alg" does not match the requested algorithm', 'DataError');
+    }
+    const handle = NitroModules.createHybridObject('KeyObjectHandle');
+    const keyType = handle.initJwk(jwk, undefined);
+    if (keyType === undefined || keyType !== 0) {
+      throw lazyDOMException('Failed to import KMAC JWK', 'DataError');
+    }
+    keyObject = new SecretKeyObject(handle);
+  } else if (format === 'raw' || format === 'raw-secret') {
+    keyObject = createSecretKey(data);
+  } else {
+    throw lazyDOMException(`Unable to import ${name} key with format ${format}`, 'NotSupportedError');
+  }
+  const exported = keyObject.export();
+  const keyLength = exported.byteLength * 8;
+  if (keyLength === 0) {
+    throw lazyDOMException('Zero-length key is not supported', 'DataError');
+  }
+  if (algorithm.length !== undefined && algorithm.length !== keyLength) {
+    throw lazyDOMException('Invalid key length', 'DataError');
+  }
+  const keyAlgorithm = {
+    name: name,
+    length: keyLength
+  };
+  return new CryptoKey(keyObject, keyAlgorithm, keyUsages, extractable);
+}
 function rsaImportKey(format, data, algorithm, extractable, keyUsages) {
   const {
     name
@@ -720,28 +816,48 @@ function edImportKey(format, data, algorithm, extractable, keyUsages) {
     name
   }, keyUsages, extractable);
 }
+function pqcImportKeyObject(format, data, name) {
+  if (format === 'spki') {
+    return KeyObject.createKeyObject('public', bufferLikeToArrayBuffer(data), KFormatType.DER, KeyEncoding.SPKI);
+  } else if (format === 'pkcs8') {
+    return KeyObject.createKeyObject('private', bufferLikeToArrayBuffer(data), KFormatType.DER, KeyEncoding.PKCS8);
+  } else if (format === 'raw') {
+    const handle = NitroModules.createHybridObject('KeyObjectHandle');
+    if (!handle.initPqcRaw(name, bufferLikeToArrayBuffer(data), true)) {
+      throw lazyDOMException(`Failed to import ${name} raw public key`, 'DataError');
+    }
+    return new PublicKeyObject(handle);
+  } else if (format === 'raw-seed') {
+    const handle = NitroModules.createHybridObject('KeyObjectHandle');
+    if (!handle.initPqcRaw(name, bufferLikeToArrayBuffer(data), false)) {
+      throw lazyDOMException(`Failed to import ${name} raw seed`, 'DataError');
+    }
+    return new PrivateKeyObject(handle);
+  }
+  throw lazyDOMException(`Unsupported format for ${name} import: ${format}`, 'NotSupportedError');
+}
 function mldsaImportKey(format, data, algorithm, extractable, keyUsages) {
   const {
     name
   } = algorithm;
-
-  // Validate usages
-  if (hasAnyNotIn(keyUsages, ['sign', 'verify'])) {
+  const isPublicFormat = format === 'spki' || format === 'raw';
+  if (hasAnyNotIn(keyUsages, isPublicFormat ? ['verify'] : ['sign'])) {
     throw lazyDOMException(`Unsupported key usage for ${name} key`, 'SyntaxError');
   }
-  let keyObject;
-  if (format === 'spki') {
-    // Import public key
-    const keyData = bufferLikeToArrayBuffer(data);
-    keyObject = KeyObject.createKeyObject('public', keyData, KFormatType.DER, KeyEncoding.SPKI);
-  } else if (format === 'pkcs8') {
-    // Import private key
-    const keyData = bufferLikeToArrayBuffer(data);
-    keyObject = KeyObject.createKeyObject('private', keyData, KFormatType.DER, KeyEncoding.PKCS8);
-  } else {
-    throw lazyDOMException(`Unsupported format for ${name} import: ${format}`, 'NotSupportedError');
+  return new CryptoKey(pqcImportKeyObject(format, data, name), {
+    name
+  }, keyUsages, extractable);
+}
+function mlkemImportKey(format, data, algorithm, extractable, keyUsages) {
+  const {
+    name
+  } = algorithm;
+  const isPublicFormat = format === 'spki' || format === 'raw';
+  const allowedUsages = isPublicFormat ? ['encapsulateBits', 'encapsulateKey'] : ['decapsulateBits', 'decapsulateKey'];
+  if (hasAnyNotIn(keyUsages, allowedUsages)) {
+    throw lazyDOMException(`Unsupported key usage for ${name} key`, 'SyntaxError');
   }
-  return new CryptoKey(keyObject, {
+  return new CryptoKey(pqcImportKeyObject(format, data, name), {
     name
   }, keyUsages, extractable);
 }
@@ -785,6 +901,15 @@ const exportKeySpki = async key => {
         return bufferLikeToArrayBuffer(key.keyObject.handle.exportKey(KFormatType.DER, KeyEncoding.SPKI));
       }
       break;
+    case 'ML-KEM-512':
+    // Fall through
+    case 'ML-KEM-768':
+    // Fall through
+    case 'ML-KEM-1024':
+      if (key.type === 'public') {
+        return bufferLikeToArrayBuffer(key.keyObject.handle.exportKey(KFormatType.DER, KeyEncoding.SPKI));
+      }
+      break;
   }
   throw new Error(`Unable to export a spki ${key.algorithm.name} ${key.type} key`);
 };
@@ -828,6 +953,15 @@ const exportKeyPkcs8 = async key => {
         return bufferLikeToArrayBuffer(key.keyObject.handle.exportKey(KFormatType.DER, KeyEncoding.PKCS8));
       }
       break;
+    case 'ML-KEM-512':
+    // Fall through
+    case 'ML-KEM-768':
+    // Fall through
+    case 'ML-KEM-1024':
+      if (key.type === 'private') {
+        return bufferLikeToArrayBuffer(key.keyObject.handle.exportKey(KFormatType.DER, KeyEncoding.PKCS8));
+      }
+      break;
   }
   throw new Error(`Unable to export a pkcs8 ${key.algorithm.name} ${key.type} key`);
 };
@@ -848,7 +982,22 @@ const exportKeyRaw = key => {
     // Fall through
     case 'X448':
       if (key.type === 'public') {
-        // Export raw public key
+        const exported = key.keyObject.handle.exportKey();
+        return bufferLikeToArrayBuffer(exported);
+      }
+      break;
+    case 'ML-KEM-512':
+    // Fall through
+    case 'ML-KEM-768':
+    // Fall through
+    case 'ML-KEM-1024':
+    // Fall through
+    case 'ML-DSA-44':
+    // Fall through
+    case 'ML-DSA-65':
+    // Fall through
+    case 'ML-DSA-87':
+      if (key.type === 'public') {
         const exported = key.keyObject.handle.exportKey();
         return bufferLikeToArrayBuffer(exported);
       }
@@ -866,6 +1015,10 @@ const exportKeyRaw = key => {
     case 'ChaCha20-Poly1305':
     // Fall through
     case 'HMAC':
+    // Fall through
+    case 'KMAC128':
+    // Fall through
+    case 'KMAC256':
       {
         const exported = key.keyObject.export();
         // Convert Buffer to ArrayBuffer
@@ -892,6 +1045,12 @@ const exportKeyJWK = key => {
     case 'HMAC':
       jwk.alg = normalizeHashName(key.algorithm.hash, HashContext.JwkHmac);
       return jwk;
+    case 'KMAC128':
+      jwk.alg = 'K128';
+      return jwk;
+    case 'KMAC256':
+      jwk.alg = 'K256';
+      return jwk;
     case 'ECDSA':
     // Fall through
     case 'ECDH':
@@ -1030,20 +1189,12 @@ function hmacSignVerify(key, data, signature) {
     // Sign operation - return the HMAC as ArrayBuffer
     return computed.buffer.slice(computed.byteOffset, computed.byteOffset + computed.byteLength);
   }
-
-  // Verify operation - compare computed HMAC with provided signature
-  const sigBytes = new Uint8Array(bufferLikeToArrayBuffer(signature));
-  const computedBytes = new Uint8Array(computed.buffer, computed.byteOffset, computed.byteLength);
-  if (computedBytes.length !== sigBytes.length) {
+  const sigBuffer = bufferLikeToArrayBuffer(signature);
+  const computedBuffer = computed.buffer.slice(computed.byteOffset, computed.byteOffset + computed.byteLength);
+  if (computedBuffer.byteLength !== sigBuffer.byteLength) {
     return false;
   }
-
-  // Constant-time comparison to prevent timing attacks
-  let result = 0;
-  for (let i = 0; i < computedBytes.length; i++) {
-    result |= computedBytes[i] ^ sigBytes[i];
-  }
-  return result === 0;
+  return timingSafeEqual(new Uint8Array(computedBuffer), new Uint8Array(sigBuffer));
 }
 function rsaSignVerify(key, data, padding, signature, saltLength) {
   // Get hash algorithm from key
@@ -1146,6 +1297,9 @@ const signVerify = (algorithm, key, data, signature) => {
     case 'ML-DSA-65':
     case 'ML-DSA-87':
       return mldsaSignVerify(key, data, signature);
+    case 'KMAC128':
+    case 'KMAC256':
+      return kmacSignVerify(key, data, algorithm, signature);
   }
   throw lazyDOMException(`Unrecognized algorithm name '${algorithm.name}' for '${usage}'`, 'NotSupportedError');
 };
@@ -1174,17 +1328,21 @@ const cipherOrWrap = async (mode, algorithm, key, data, op) => {
 const SUPPORTED_ALGORITHMS = {
   encrypt: new Set(['RSA-OAEP', 'AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-OCB', 'ChaCha20-Poly1305']),
   decrypt: new Set(['RSA-OAEP', 'AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-OCB', 'ChaCha20-Poly1305']),
-  sign: new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'ECDSA', 'HMAC', 'Ed25519', 'Ed448', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87']),
-  verify: new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'ECDSA', 'HMAC', 'Ed25519', 'Ed448', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87']),
-  digest: new Set(['SHA-1', 'SHA-256', 'SHA-384', 'SHA-512']),
-  generateKey: new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'RSA-OAEP', 'ECDSA', 'ECDH', 'Ed25519', 'Ed448', 'X25519', 'X448', 'AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-KW', 'AES-OCB', 'ChaCha20-Poly1305', 'HMAC', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87']),
-  importKey: new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'RSA-OAEP', 'ECDSA', 'ECDH', 'Ed25519', 'Ed448', 'X25519', 'X448', 'AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-KW', 'AES-OCB', 'ChaCha20-Poly1305', 'HMAC', 'HKDF', 'PBKDF2', 'Argon2d', 'Argon2i', 'Argon2id', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87']),
-  exportKey: new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'RSA-OAEP', 'ECDSA', 'ECDH', 'Ed25519', 'Ed448', 'X25519', 'X448', 'AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-KW', 'AES-OCB', 'ChaCha20-Poly1305', 'HMAC', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87']),
+  sign: new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'ECDSA', 'HMAC', 'KMAC128', 'KMAC256', 'Ed25519', 'Ed448', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87']),
+  verify: new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'ECDSA', 'HMAC', 'KMAC128', 'KMAC256', 'Ed25519', 'Ed448', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87']),
+  digest: new Set(['SHA-1', 'SHA-256', 'SHA-384', 'SHA-512', 'SHA3-256', 'SHA3-384', 'SHA3-512', 'cSHAKE128', 'cSHAKE256']),
+  generateKey: new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'RSA-OAEP', 'ECDSA', 'ECDH', 'Ed25519', 'Ed448', 'X25519', 'X448', 'AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-KW', 'AES-OCB', 'ChaCha20-Poly1305', 'HMAC', 'KMAC128', 'KMAC256', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', 'ML-KEM-512', 'ML-KEM-768', 'ML-KEM-1024']),
+  importKey: new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'RSA-OAEP', 'ECDSA', 'ECDH', 'Ed25519', 'Ed448', 'X25519', 'X448', 'AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-KW', 'AES-OCB', 'ChaCha20-Poly1305', 'HMAC', 'KMAC128', 'KMAC256', 'HKDF', 'PBKDF2', 'Argon2d', 'Argon2i', 'Argon2id', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', 'ML-KEM-512', 'ML-KEM-768', 'ML-KEM-1024']),
+  exportKey: new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'RSA-OAEP', 'ECDSA', 'ECDH', 'Ed25519', 'Ed448', 'X25519', 'X448', 'AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-KW', 'AES-OCB', 'ChaCha20-Poly1305', 'HMAC', 'KMAC128', 'KMAC256', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', 'ML-KEM-512', 'ML-KEM-768', 'ML-KEM-1024']),
   deriveBits: new Set(['PBKDF2', 'HKDF', 'ECDH', 'X25519', 'X448', 'Argon2d', 'Argon2i', 'Argon2id']),
   wrapKey: new Set(['AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-KW', 'AES-OCB', 'ChaCha20-Poly1305', 'RSA-OAEP']),
-  unwrapKey: new Set(['AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-KW', 'AES-OCB', 'ChaCha20-Poly1305', 'RSA-OAEP'])
+  unwrapKey: new Set(['AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-KW', 'AES-OCB', 'ChaCha20-Poly1305', 'RSA-OAEP']),
+  encapsulateBits: new Set(['ML-KEM-512', 'ML-KEM-768', 'ML-KEM-1024']),
+  decapsulateBits: new Set(['ML-KEM-512', 'ML-KEM-768', 'ML-KEM-1024']),
+  encapsulateKey: new Set(['ML-KEM-512', 'ML-KEM-768', 'ML-KEM-1024']),
+  decapsulateKey: new Set(['ML-KEM-512', 'ML-KEM-768', 'ML-KEM-1024'])
 };
-const ASYMMETRIC_ALGORITHMS = new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'RSA-OAEP', 'ECDSA', 'ECDH', 'Ed25519', 'Ed448', 'X25519', 'X448', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87']);
+const ASYMMETRIC_ALGORITHMS = new Set(['RSASSA-PKCS1-v1_5', 'RSA-PSS', 'RSA-OAEP', 'ECDSA', 'ECDH', 'Ed25519', 'Ed448', 'X25519', 'X448', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', 'ML-KEM-512', 'ML-KEM-768', 'ML-KEM-1024']);
 export class Subtle {
   static supports(operation, algorithm, _lengthOrAdditionalAlgorithm) {
     let normalizedAlgorithm;
@@ -1291,6 +1449,18 @@ export class Subtle {
   }
   async exportKey(format, key) {
     if (!key.extractable) throw new Error('key is not extractable');
+    if (format === 'raw-seed') {
+      const pqcAlgos = ['ML-KEM-512', 'ML-KEM-768', 'ML-KEM-1024', 'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87'];
+      if (!pqcAlgos.includes(key.algorithm.name)) {
+        throw lazyDOMException('raw-seed export only supported for PQC keys', 'NotSupportedError');
+      }
+      if (key.type !== 'private') {
+        throw lazyDOMException('raw-seed export requires a private key', 'InvalidAccessError');
+      }
+      return bufferLikeToArrayBuffer(key.keyObject.handle.exportKey());
+    }
+
+    // Note: 'raw-seed' is handled above; do NOT normalize it here
     if (format === 'raw-secret' || format === 'raw-public') format = 'raw';
     switch (format) {
       case 'spki':
@@ -1416,6 +1586,11 @@ export class Subtle {
       case 'HMAC':
         result = await hmacGenerateKey(algorithm, extractable, keyUsages);
         break;
+      case 'KMAC128':
+      // Fall through
+      case 'KMAC256':
+        result = await kmacGenerateKey(algorithm, extractable, keyUsages);
+        break;
       case 'Ed25519':
       // Fall through
       case 'Ed448':
@@ -1436,6 +1611,14 @@ export class Subtle {
         result = await x_generateKeyPairWebCrypto(algorithm.name.toLowerCase(), extractable, keyUsages);
         checkCryptoKeyPairUsages(result);
         break;
+      case 'ML-KEM-512':
+      // Fall through
+      case 'ML-KEM-768':
+      // Fall through
+      case 'ML-KEM-1024':
+        result = await mlkem_generateKeyPairWebCrypto(algorithm.name, extractable, keyUsages);
+        checkCryptoKeyPairUsages(result);
+        break;
       default:
         throw new Error(`'subtle.generateKey()' is not implemented for ${algorithm.name}.
             Unrecognized algorithm name`);
@@ -1453,6 +1636,7 @@ export class Subtle {
     return publicKeyObject.toCryptoKey(key.algorithm, true, keyUsages);
   }
   async importKey(format, data, algorithm, extractable, keyUsages) {
+    // Note: 'raw-seed' is NOT normalized — PQC import functions handle it directly
     if (format === 'raw-secret' || format === 'raw-public') format = 'raw';
     const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'importKey');
     let result;
@@ -1472,6 +1656,11 @@ export class Subtle {
       case 'HMAC':
         result = await hmacImportKey(normalizedAlgorithm, format, data, extractable, keyUsages);
         break;
+      case 'KMAC128':
+      // Fall through
+      case 'KMAC256':
+        result = await kmacImportKey(normalizedAlgorithm, format, data, extractable, keyUsages);
+        break;
       case 'AES-CTR':
       // Fall through
       case 'AES-CBC':
@@ -1510,6 +1699,13 @@ export class Subtle {
       case 'ML-DSA-87':
         result = mldsaImportKey(format, data, normalizedAlgorithm, extractable, keyUsages);
         break;
+      case 'ML-KEM-512':
+      // Fall through
+      case 'ML-KEM-768':
+      // Fall through
+      case 'ML-KEM-1024':
+        result = mlkemImportKey(format, data, normalizedAlgorithm, extractable, keyUsages);
+        break;
       default:
         throw new Error(`"subtle.importKey()" is not implemented for ${normalizedAlgorithm.name}`);
     }
@@ -1519,85 +1715,65 @@ export class Subtle {
     return result;
   }
   async sign(algorithm, key, data) {
-    const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'sign');
-    if (normalizedAlgorithm.name === 'HMAC') {
-      // Validate key usage
-      if (!key.usages.includes('sign')) {
-        throw lazyDOMException('Key does not have sign usage', 'InvalidAccessError');
-      }
-
-      // Get hash algorithm from key or algorithm params
-      // Hash can be either a string or an object with name property
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      const alg = normalizedAlgorithm;
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      const keyAlg = key.algorithm;
-      let hashAlgorithm = 'SHA-256';
-      if (typeof alg.hash === 'string') {
-        hashAlgorithm = alg.hash;
-      } else if (alg.hash?.name) {
-        hashAlgorithm = alg.hash.name;
-      } else if (typeof keyAlg.hash === 'string') {
-        hashAlgorithm = keyAlg.hash;
-      } else if (keyAlg.hash?.name) {
-        hashAlgorithm = keyAlg.hash.name;
-      }
-
-      // Create HMAC and sign
-      const keyData = key.keyObject.export();
-      const hmac = createHmac(hashAlgorithm, keyData);
-      hmac.update(bufferLikeToArrayBuffer(data));
-      return bufferLikeToArrayBuffer(hmac.digest());
-    }
-    return signVerify(normalizedAlgorithm, key, data);
+    return signVerify(normalizeAlgorithm(algorithm, 'sign'), key, data);
   }
   async verify(algorithm, key, signature, data) {
-    const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'verify');
-    if (normalizedAlgorithm.name === 'HMAC') {
-      // Validate key usage
-      if (!key.usages.includes('verify')) {
-        throw lazyDOMException('Key does not have verify usage', 'InvalidAccessError');
-      }
-
-      // Get hash algorithm
-      // Hash can be either a string or an object with name property
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      const alg = normalizedAlgorithm;
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      const keyAlg = key.algorithm;
-      let hashAlgorithm = 'SHA-256';
-      if (typeof alg.hash === 'string') {
-        hashAlgorithm = alg.hash;
-      } else if (alg.hash?.name) {
-        hashAlgorithm = alg.hash.name;
-      } else if (typeof keyAlg.hash === 'string') {
-        hashAlgorithm = keyAlg.hash;
-      } else if (keyAlg.hash?.name) {
-        hashAlgorithm = keyAlg.hash.name;
-      }
-
-      // Create HMAC and compute expected signature
-      const keyData = key.keyObject.export();
-      const hmac = createHmac(hashAlgorithm, keyData);
-      const dataBuffer = bufferLikeToArrayBuffer(data);
-      hmac.update(dataBuffer);
-      const expectedDigest = hmac.digest();
-      const expected = new Uint8Array(bufferLikeToArrayBuffer(expectedDigest));
-
-      // Constant-time comparison
-      const signatureArray = new Uint8Array(bufferLikeToArrayBuffer(signature));
-      if (expected.length !== signatureArray.length) {
-        return false;
-      }
-
-      // Manual constant-time comparison
-      let result = 0;
-      for (let i = 0; i < expected.length; i++) {
-        result |= expected[i] ^ signatureArray[i];
-      }
-      return result === 0;
+    return signVerify(normalizeAlgorithm(algorithm, 'verify'), key, data, signature);
+  }
+  _encapsulateCore(algorithm, key) {
+    const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'encapsulateBits');
+    if (key.algorithm.name !== normalizedAlgorithm.name) {
+      throw lazyDOMException('Key algorithm mismatch', 'InvalidAccessError');
+    }
+    const variant = normalizedAlgorithm.name;
+    const mlkem = new MlKem(variant);
+    const keyData = key.keyObject.handle.exportKey(KFormatType.DER, KeyEncoding.SPKI);
+    mlkem.setPublicKey(bufferLikeToArrayBuffer(keyData), KFormatType.DER, KeyEncoding.SPKI);
+    return mlkem.encapsulateSync();
+  }
+  _decapsulateCore(algorithm, key, ciphertext) {
+    const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'decapsulateBits');
+    if (key.algorithm.name !== normalizedAlgorithm.name) {
+      throw lazyDOMException('Key algorithm mismatch', 'InvalidAccessError');
+    }
+    const variant = normalizedAlgorithm.name;
+    const mlkem = new MlKem(variant);
+    const keyData = key.keyObject.handle.exportKey(KFormatType.DER, KeyEncoding.PKCS8);
+    mlkem.setPrivateKey(bufferLikeToArrayBuffer(keyData), KFormatType.DER, KeyEncoding.PKCS8);
+    return mlkem.decapsulateSync(bufferLikeToArrayBuffer(ciphertext));
+  }
+  async encapsulateBits(algorithm, key) {
+    if (!key.usages.includes('encapsulateBits')) {
+      throw lazyDOMException('Key does not have encapsulateBits usage', 'InvalidAccessError');
     }
-    return signVerify(normalizedAlgorithm, key, data, signature);
+    return this._encapsulateCore(algorithm, key);
+  }
+  async encapsulateKey(algorithm, key, sharedKeyAlgorithm, extractable, usages) {
+    if (!key.usages.includes('encapsulateKey')) {
+      throw lazyDOMException('Key does not have encapsulateKey usage', 'InvalidAccessError');
+    }
+    const {
+      sharedKey,
+      ciphertext
+    } = this._encapsulateCore(algorithm, key);
+    const importedKey = await this.importKey('raw', sharedKey, sharedKeyAlgorithm, extractable, usages);
+    return {
+      key: importedKey,
+      ciphertext
+    };
+  }
+  async decapsulateBits(algorithm, key, ciphertext) {
+    if (!key.usages.includes('decapsulateBits')) {
+      throw lazyDOMException('Key does not have decapsulateBits usage', 'InvalidAccessError');
+    }
+    return this._decapsulateCore(algorithm, key, ciphertext);
+  }
+  async decapsulateKey(algorithm, key, ciphertext, sharedKeyAlgorithm, extractable, usages) {
+    if (!key.usages.includes('decapsulateKey')) {
+      throw lazyDOMException('Key does not have decapsulateKey usage', 'InvalidAccessError');
+    }
+    const sharedKey = this._decapsulateCore(algorithm, key, ciphertext);
+    return this.importKey('raw', sharedKey, sharedKeyAlgorithm, extractable, usages);
   }
 }
 export const subtle = new Subtle();
@@ -1616,6 +1792,10 @@ function getKeyLength(algorithm) {
         const hmacAlg = algorithm;
         return hmacAlg.length || 256;
       }
+    case 'KMAC128':
+      return algorithm.length || 128;
+    case 'KMAC256':
+      return algorithm.length || 256;
     default:
       throw lazyDOMException(`Cannot determine key length for ${name}`, 'NotSupportedError');
   }