react-native-quick-crypto 1.0.5 → 1.0.7

package/QuickCrypto.podspec

@@ -22,11 +22,22 @@ Pod::Spec.new do |s|
   sodium_enabled = ENV['SODIUM_ENABLED'] == '1'
   Pod::UI.puts("[QuickCrypto]  🧂 has libsodium #{sodium_enabled ? "enabled" : "disabled"}!")
 
+  # OpenSSL 3.6+ vendored xcframework (not yet on CocoaPods trunk)
+  openssl_version = "3.6.0000"
+  openssl_url = "https://github.com/krzyzanowskim/OpenSSL/releases/download/#{openssl_version}/OpenSSL.xcframework.zip"
+
   if sodium_enabled
     # Build libsodium from source for XSalsa20 cipher support
     # CocoaPods packages are outdated (1.0.12) and SPM causes module conflicts
     s.prepare_command = <<-CMD
       set -e
+      # Download OpenSSL.xcframework
+      if [ ! -d "OpenSSL.xcframework" ]; then
+        curl -L -o OpenSSL.xcframework.zip #{openssl_url}
+        unzip -o OpenSSL.xcframework.zip
+        rm -f OpenSSL.xcframework.zip
+      fi
+      # Build libsodium
       mkdir -p ios
       curl -L -o ios/libsodium.tar.gz https://download.libsodium.org/libsodium/releases/libsodium-1.0.20-stable.tar.gz
       tar -xzf ios/libsodium.tar.gz -C ios
@@ -38,11 +49,21 @@ Pod::Spec.new do |s|
     CMD
   else
     s.prepare_command = <<-CMD
+      set -e
+      # Download OpenSSL.xcframework
+      if [ ! -d "OpenSSL.xcframework" ]; then
+        curl -L -o OpenSSL.xcframework.zip #{openssl_url}
+        unzip -o OpenSSL.xcframework.zip
+        rm -f OpenSSL.xcframework.zip
+      fi
+      # Clean up libsodium if previously built
       rm -rf ios/libsodium-stable
       rm -f ios/libsodium.tar.gz
     CMD
   end
 
+  s.vendored_frameworks = "OpenSSL.xcframework"
+
   base_source_files = [
     # implementation (Swift)
     "ios/**/*.{swift}",
@@ -102,7 +123,9 @@ Pod::Spec.new do |s|
     "GCC_PREPROCESSOR_DEFINITIONS" => "$(inherited) FOLLY_NO_CONFIG FOLLY_CFG_NO_COROUTINES",
     # Set C++ standard to C++20
     "CLANG_CXX_LANGUAGE_STANDARD" => "c++20",
-    "CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES" => "YES"
+    "CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES" => "YES",
+    # Exclude ARM NEON source when building x86_64 simulator (no NEON support).
+    "EXCLUDED_SOURCE_FILE_NAMES[sdk=iphonesimulator*][arch=x86_64]" => "deps/blake3/c/blake3_neon.c"
   }
 
   # Add cpp subdirectories to header search paths
@@ -137,12 +160,5 @@ Pod::Spec.new do |s|
   s.dependency "React-jsi"
   s.dependency "React-callinvoker"
 
-  # OpenSSL 3.6+ via SPM for ML-DSA (post-quantum cryptography) support
-  spm_dependency(s,
-    url: 'https://github.com/krzyzanowskim/OpenSSL.git',
-    requirement: {kind: 'upToNextMajorVersion', minimumVersion: '3.6.0'},
-    products: ['OpenSSL']
-  )
-
   install_modules_dependencies(s)
 end

package/README.md

@@ -1,8 +1,8 @@
 <a href="https://margelo.com">
   <picture>
-    <source media="(prefers-color-scheme: dark)" srcset="./docs/img/banner-dark.png" />
-    <source media="(prefers-color-scheme: light)" srcset="./docs/img/banner-light.png" />
-    <img alt="react-native-quick-crypto" src="./docs/img/banner-light.png" />
+    <source media="(prefers-color-scheme: dark)" srcset="./.docs/img/banner-dark.png" />
+    <source media="(prefers-color-scheme: light)" srcset="./.docs/img/banner-light.png" />
+    <img alt="react-native-quick-crypto" src="./.docs/img/banner-light.png" />
   </picture>
 </a>
 
@@ -10,7 +10,7 @@
 
 A fast implementation of Node's `crypto` module.
 
-> Note: This version `1.x` completed a major refactor, porting to OpenSSL 3.6+, New Architecture, Bridgeless, and [`Nitro Modules`](https://github.com/mrousavy/react-native-nitro).  It should be at or above feature-parity compared to the `0.x` version.  Status, as always, will be represented in [implementation-coverage.md](../main/docs/implementation-coverage.md).
+> Note: This version `1.x` completed a major refactor, porting to OpenSSL 3.6+, New Architecture, Bridgeless, and [`Nitro Modules`](https://github.com/mrousavy/react-native-nitro).  It should be at or above feature-parity compared to the `0.x` version.  Status, as always, will be represented in [implementation-coverage.md](./.docs/implementation-coverage.md).
 
 > Note: Minimum supported version of React Native is `0.75`.  If you need to use earlier versions, please use `0.x` versions of this library.
 
@@ -46,7 +46,7 @@ There is a benchmark suite in the Example app in this repo that has benchmarks o
 ## Installation
 
 <h3>
-  React Native  <a href="#"><img src="./docs/img/react-native.png" height="15" /></a>
+  React Native  <a href="#"><img src="./.docs/img/react-native.png" height="15" /></a>
 </h3>
 
 ```sh
@@ -55,7 +55,7 @@ cd ios && pod install
 ```
 
 <h3>
-  Expo  <a href="#"><img src="./docs/img/expo.png" height="12" /></a>
+  Expo  <a href="#"><img src="./.docs/img/expo.png" height="12" /></a>
 </h3>
 
 ```sh
@@ -139,7 +139,7 @@ const hashed = QuickCrypto.createHash('sha256')
 
 ## Limitations
 
-Not all cryptographic algorithms are supported yet. See the [implementation coverage](./docs/implementation-coverage.md) document for more details. If you need a specific algorithm, please open a `feature request` issue and we'll see what we can do.
+Not all cryptographic algorithms are supported yet. See the [implementation coverage](./.docs/implementation-coverage.md) document for more details. If you need a specific algorithm, please open a `feature request` issue and we'll see what we can do.
 
 ## Community Discord
 
@@ -153,6 +153,10 @@ Not all cryptographic algorithms are supported yet. See the [implementation cove
 
 See the [contributing guide](CONTRIBUTING.md) to learn how to contribute to the repository and the development workflow.
 
+For more detailed guides, check out our documentation website:
+- [Contributing Guide]([prod-docs]/docs/guides/contributing)
+- [Writing Documentation]([prod-docs]/docs/guides/writing-documentation)
+
 ## License
 
 - react-native-quick-crypto is licensed under MIT.

package/android/CMakeLists.txt

@@ -48,6 +48,7 @@ add_library(
   ../cpp/scrypt/HybridScrypt.cpp
   ../cpp/sign/HybridSignHandle.cpp
   ../cpp/sign/HybridVerifyHandle.cpp
+  ../cpp/utils/HybridUtils.cpp
   ${BLAKE3_SOURCES}
   ../deps/fastpbkdf2/fastpbkdf2.c
   ../deps/ncrypto/src/ncrypto.cpp

package/cpp/blake3/HybridBlake3.cpp

@@ -4,7 +4,7 @@
 #include <cstring>
 #include <stdexcept>
 
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 namespace margelo::nitro::crypto {
 

package/cpp/cipher/CCMCipher.cpp

@@ -1,5 +1,5 @@
 #include "CCMCipher.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <stdexcept>

package/cpp/cipher/ChaCha20Cipher.cpp

@@ -1,5 +1,5 @@
 #include "ChaCha20Cipher.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <stdexcept>

package/cpp/cipher/ChaCha20Poly1305Cipher.cpp

@@ -1,5 +1,5 @@
 #include "ChaCha20Poly1305Cipher.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <stdexcept>

package/cpp/cipher/GCMCipher.cpp

@@ -1,5 +1,5 @@
 #include "GCMCipher.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <stdexcept>

package/cpp/cipher/HybridCipher.cpp

@@ -6,7 +6,7 @@
 #include <vector>
 
 #include "HybridCipher.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 #include <openssl/err.h>
 #include <openssl/evp.h>

package/cpp/cipher/HybridCipherFactory.hpp

@@ -10,7 +10,7 @@
 #include "GCMCipher.hpp"
 #include "HybridCipherFactorySpec.hpp"
 #include "OCBCipher.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include "XSalsa20Cipher.hpp"
 
 namespace margelo::nitro::crypto {

package/cpp/cipher/HybridRsaCipher.cpp

@@ -1,6 +1,6 @@
 #include "HybridRsaCipher.hpp"
 #include "../keys/HybridKeyObjectHandle.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 #include <cstring>
 #include <openssl/err.h>
@@ -218,6 +218,79 @@ std::shared_ptr<ArrayBuffer> HybridRsaCipher::decrypt(const std::shared_ptr<Hybr
   return std::make_shared<NativeArrayBuffer>(out_buf.release(), outlen, [raw_ptr]() { delete[] raw_ptr; });
 }
 
+std::shared_ptr<ArrayBuffer> HybridRsaCipher::publicDecrypt(const std::shared_ptr<HybridKeyObjectHandleSpec>& keyHandle,
+                                                            const std::shared_ptr<ArrayBuffer>& data, double padding) {
+  auto keyHandleImpl = std::static_pointer_cast<HybridKeyObjectHandle>(keyHandle);
+  EVP_PKEY* pkey = keyHandleImpl->getKeyObjectData().GetAsymmetricKey().get();
+
+  if (!pkey) {
+    throw std::runtime_error("Invalid key for RSA public decryption");
+  }
+
+  EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new(pkey, nullptr);
+  if (!ctx) {
+    throw std::runtime_error("Failed to create EVP_PKEY_CTX");
+  }
+
+  if (EVP_PKEY_verify_recover_init(ctx) <= 0) {
+    EVP_PKEY_CTX_free(ctx);
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    throw std::runtime_error("Failed to initialize verify recover: " + std::string(err_buf));
+  }
+
+  int paddingInt = static_cast<int>(padding);
+  int opensslPadding = toOpenSSLPadding(paddingInt);
+
+  if (EVP_PKEY_CTX_set_rsa_padding(ctx, opensslPadding) <= 0) {
+    EVP_PKEY_CTX_free(ctx);
+    throw std::runtime_error("Failed to set RSA padding");
+  }
+
+  auto native_data = ToNativeArrayBuffer(data);
+  const unsigned char* in = native_data->data();
+  size_t inlen = native_data->size();
+
+  size_t outlen;
+  if (EVP_PKEY_verify_recover(ctx, nullptr, &outlen, in, inlen) <= 0) {
+    EVP_PKEY_CTX_free(ctx);
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    throw std::runtime_error("Failed to determine output length: " + std::string(err_buf));
+  }
+
+  if (outlen == 0) {
+    EVP_PKEY_CTX_free(ctx);
+    uint8_t* empty_buf = new uint8_t[1];
+    return std::make_shared<NativeArrayBuffer>(empty_buf, 0, [empty_buf]() { delete[] empty_buf; });
+  }
+
+  auto out_buf = std::make_unique<uint8_t[]>(outlen);
+
+  if (EVP_PKEY_verify_recover(ctx, out_buf.get(), &outlen, in, inlen) <= 0) {
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+
+    if ((err & 0xFFFFFFF) == 0x1C880004 || (err & 0xFF) == 0x04) {
+      ERR_clear_error();
+      EVP_PKEY_CTX_free(ctx);
+      uint8_t* empty_buf = new uint8_t[1];
+      return std::make_shared<NativeArrayBuffer>(empty_buf, 0, [empty_buf]() { delete[] empty_buf; });
+    }
+
+    EVP_PKEY_CTX_free(ctx);
+    throw std::runtime_error("Public decryption failed: " + std::string(err_buf));
+  }
+
+  EVP_PKEY_CTX_free(ctx);
+
+  uint8_t* raw_ptr = out_buf.get();
+  return std::make_shared<NativeArrayBuffer>(out_buf.release(), outlen, [raw_ptr]() { delete[] raw_ptr; });
+}
+
 std::shared_ptr<ArrayBuffer> HybridRsaCipher::privateEncrypt(const std::shared_ptr<HybridKeyObjectHandleSpec>& keyHandle,
                                                              const std::shared_ptr<ArrayBuffer>& data, double padding) {
   auto keyHandleImpl = std::static_pointer_cast<HybridKeyObjectHandle>(keyHandle);
@@ -278,7 +351,9 @@ std::shared_ptr<ArrayBuffer> HybridRsaCipher::privateEncrypt(const std::shared_p
 }
 
 std::shared_ptr<ArrayBuffer> HybridRsaCipher::privateDecrypt(const std::shared_ptr<HybridKeyObjectHandleSpec>& keyHandle,
-                                                             const std::shared_ptr<ArrayBuffer>& data, double padding) {
+                                                             const std::shared_ptr<ArrayBuffer>& data, double padding,
+                                                             const std::string& hashAlgorithm,
+                                                             const std::optional<std::shared_ptr<ArrayBuffer>>& label) {
   auto keyHandleImpl = std::static_pointer_cast<HybridKeyObjectHandle>(keyHandle);
   EVP_PKEY* pkey = keyHandleImpl->getKeyObjectData().GetAsymmetricKey().get();
 
@@ -291,12 +366,12 @@ std::shared_ptr<ArrayBuffer> HybridRsaCipher::privateDecrypt(const std::shared_p
     throw std::runtime_error("Failed to create EVP_PKEY_CTX");
   }
 
-  if (EVP_PKEY_verify_recover_init(ctx) <= 0) {
+  if (EVP_PKEY_decrypt_init(ctx) <= 0) {
     EVP_PKEY_CTX_free(ctx);
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
-    throw std::runtime_error("Failed to initialize verify recover: " + std::string(err_buf));
+    throw std::runtime_error("Failed to initialize decryption: " + std::string(err_buf));
   }
 
   int paddingInt = static_cast<int>(padding);
@@ -307,12 +382,41 @@ std::shared_ptr<ArrayBuffer> HybridRsaCipher::privateDecrypt(const std::shared_p
     throw std::runtime_error("Failed to set RSA padding");
   }
 
+  if (paddingInt == kRsaOaepPadding) {
+    const EVP_MD* md = getDigestByName(hashAlgorithm);
+    if (EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) <= 0) {
+      EVP_PKEY_CTX_free(ctx);
+      throw std::runtime_error("Failed to set OAEP hash algorithm");
+    }
+
+    if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) <= 0) {
+      EVP_PKEY_CTX_free(ctx);
+      throw std::runtime_error("Failed to set MGF1 hash algorithm");
+    }
+
+    if (label.has_value() && label.value()->size() > 0) {
+      auto native_label = ToNativeArrayBuffer(label.value());
+      unsigned char* label_copy = (unsigned char*)OPENSSL_malloc(native_label->size());
+      if (!label_copy) {
+        EVP_PKEY_CTX_free(ctx);
+        throw std::runtime_error("Failed to allocate memory for label");
+      }
+      std::memcpy(label_copy, native_label->data(), native_label->size());
+
+      if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, label_copy, native_label->size()) <= 0) {
+        OPENSSL_free(label_copy);
+        EVP_PKEY_CTX_free(ctx);
+        throw std::runtime_error("Failed to set OAEP label");
+      }
+    }
+  }
+
   auto native_data = ToNativeArrayBuffer(data);
   const unsigned char* in = native_data->data();
   size_t inlen = native_data->size();
 
   size_t outlen;
-  if (EVP_PKEY_verify_recover(ctx, nullptr, &outlen, in, inlen) <= 0) {
+  if (EVP_PKEY_decrypt(ctx, nullptr, &outlen, in, inlen) <= 0) {
     EVP_PKEY_CTX_free(ctx);
     unsigned long err = ERR_get_error();
     char err_buf[256];
@@ -320,32 +424,13 @@ std::shared_ptr<ArrayBuffer> HybridRsaCipher::privateDecrypt(const std::shared_p
     throw std::runtime_error("Failed to determine output length: " + std::string(err_buf));
   }
 
-  if (outlen == 0) {
-    EVP_PKEY_CTX_free(ctx);
-    uint8_t* empty_buf = new uint8_t[1];
-    return std::make_shared<NativeArrayBuffer>(empty_buf, 0, [empty_buf]() { delete[] empty_buf; });
-  }
-
   auto out_buf = std::make_unique<uint8_t[]>(outlen);
 
-  if (EVP_PKEY_verify_recover(ctx, out_buf.get(), &outlen, in, inlen) <= 0) {
-    // OpenSSL 3.x may return failure when recovering empty plaintext
-    // In this case outlen is not updated from the initial buffer size
-    // Check the error and attempt to handle the empty data case
+  if (EVP_PKEY_decrypt(ctx, out_buf.get(), &outlen, in, inlen) <= 0) {
+    EVP_PKEY_CTX_free(ctx);
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
-
-    // Check if this is an RSA library error that might indicate empty recovered data
-    // Error code 0x1C880004 is "RSA lib" error from OpenSSL 3.x provider
-    if ((err & 0xFFFFFFF) == 0x1C880004 || (err & 0xFF) == 0x04) {
-      ERR_clear_error();
-      EVP_PKEY_CTX_free(ctx);
-      uint8_t* empty_buf = new uint8_t[1];
-      return std::make_shared<NativeArrayBuffer>(empty_buf, 0, [empty_buf]() { delete[] empty_buf; });
-    }
-
-    EVP_PKEY_CTX_free(ctx);
     throw std::runtime_error("Private decryption failed: " + std::string(err_buf));
   }
 
@@ -359,6 +444,7 @@ void HybridRsaCipher::loadHybridMethods() {
   registerHybrids(this, [](Prototype& prototype) {
     prototype.registerHybridMethod("encrypt", &HybridRsaCipher::encrypt);
     prototype.registerHybridMethod("decrypt", &HybridRsaCipher::decrypt);
+    prototype.registerHybridMethod("publicDecrypt", &HybridRsaCipher::publicDecrypt);
     prototype.registerHybridMethod("privateEncrypt", &HybridRsaCipher::privateEncrypt);
     prototype.registerHybridMethod("privateDecrypt", &HybridRsaCipher::privateDecrypt);
   });

package/cpp/cipher/HybridRsaCipher.hpp

@@ -17,11 +17,15 @@ class HybridRsaCipher : public HybridRsaCipherSpec {
                                        const std::shared_ptr<ArrayBuffer>& data, double padding, const std::string& hashAlgorithm,
                                        const std::optional<std::shared_ptr<ArrayBuffer>>& label) override;
 
+  std::shared_ptr<ArrayBuffer> publicDecrypt(const std::shared_ptr<HybridKeyObjectHandleSpec>& keyHandle,
+                                             const std::shared_ptr<ArrayBuffer>& data, double padding) override;
+
   std::shared_ptr<ArrayBuffer> privateEncrypt(const std::shared_ptr<HybridKeyObjectHandleSpec>& keyHandle,
                                               const std::shared_ptr<ArrayBuffer>& data, double padding) override;
 
   std::shared_ptr<ArrayBuffer> privateDecrypt(const std::shared_ptr<HybridKeyObjectHandleSpec>& keyHandle,
-                                              const std::shared_ptr<ArrayBuffer>& data, double padding) override;
+                                              const std::shared_ptr<ArrayBuffer>& data, double padding, const std::string& hashAlgorithm,
+                                              const std::optional<std::shared_ptr<ArrayBuffer>>& label) override;
 
   void loadHybridMethods() override;
 };

package/cpp/cipher/OCBCipher.cpp

@@ -3,7 +3,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include <cstdio>
 #include <iomanip>
 

package/cpp/cipher/XSalsa20Cipher.cpp

@@ -2,7 +2,7 @@
 #include <stdexcept> // For std::runtime_error
 
 #include "NitroModules/ArrayBuffer.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include "XSalsa20Cipher.hpp"
 
 namespace margelo::nitro::crypto {

package/cpp/ec/HybridEcKeyPair.cpp

@@ -21,7 +21,7 @@
 #endif
 
 #include "HybridEcKeyPair.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 namespace margelo::nitro::crypto {
 

package/cpp/ec/HybridEcKeyPair.hpp

@@ -6,7 +6,7 @@
 #include <string>
 
 #include "HybridEcKeyPairSpec.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 namespace margelo::nitro::crypto {
 

package/cpp/ed25519/HybridEdKeyPair.hpp

@@ -4,7 +4,7 @@
 #include <string>
 
 #include "HybridEdKeyPairSpec.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 namespace margelo::nitro::crypto {
 

package/cpp/hash/HybridHash.cpp

@@ -7,7 +7,7 @@
 #include <vector>
 
 #include "HybridHash.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 namespace margelo::nitro::crypto {
 
@@ -68,14 +68,21 @@ void HybridHash::createHash(const std::string& hashAlgorithmArg, const std::opti
   }
 }
 
-void HybridHash::update(const std::shared_ptr<ArrayBuffer>& data) {
+void HybridHash::update(const std::variant<std::string, std::shared_ptr<ArrayBuffer>>& data) {
   if (!ctx) {
     throw std::runtime_error("Hash context not initialized");
   }
 
-  // Update the digest with the data
-  if (EVP_DigestUpdate(ctx, reinterpret_cast<const uint8_t*>(data->data()), data->size()) != 1) {
-    throw std::runtime_error("Failed to update hash digest: " + std::to_string(ERR_get_error()));
+  if (std::holds_alternative<std::string>(data)) {
+    const std::string& str = std::get<std::string>(data);
+    if (EVP_DigestUpdate(ctx, reinterpret_cast<const uint8_t*>(str.data()), str.length()) != 1) {
+      throw std::runtime_error("Failed to update hash digest: " + std::to_string(ERR_get_error()));
+    }
+  } else {
+    const std::shared_ptr<ArrayBuffer>& buffer = std::get<std::shared_ptr<ArrayBuffer>>(data);
+    if (EVP_DigestUpdate(ctx, reinterpret_cast<const uint8_t*>(buffer->data()), buffer->size()) != 1) {
+      throw std::runtime_error("Failed to update hash digest: " + std::to_string(ERR_get_error()));
+    }
   }
 }
 

package/cpp/hash/HybridHash.hpp

@@ -21,7 +21,7 @@ class HybridHash : public HybridHashSpec {
  public:
   // Methods
   void createHash(const std::string& algorithm, const std::optional<double> outputLength) override;
-  void update(const std::shared_ptr<ArrayBuffer>& data) override;
+  void update(const std::variant<std::string, std::shared_ptr<ArrayBuffer>>& data) override;
   std::shared_ptr<ArrayBuffer> digest(const std::optional<std::string>& encoding = std::nullopt) override;
   std::shared_ptr<margelo::nitro::crypto::HybridHashSpec> copy(const std::optional<double> outputLength) override;
   std::vector<std::string> getSupportedHashAlgorithms() override;

package/cpp/hkdf/HybridHkdf.cpp

@@ -8,7 +8,7 @@
 #include <vector>
 
 #include "HybridHkdf.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 namespace margelo::nitro::crypto {
 

package/cpp/hmac/HybridHmac.cpp

@@ -60,14 +60,23 @@ void HybridHmac::createHmac(const std::string& hmacAlgorithm, const std::shared_
   }
 }
 
-void HybridHmac::update(const std::shared_ptr<ArrayBuffer>& data) {
+void HybridHmac::update(const std::variant<std::string, std::shared_ptr<ArrayBuffer>>& data) {
   if (!ctx) {
     throw std::runtime_error("HMAC context not initialized");
   }
 
-  // Update HMAC with new data
-  if (EVP_MAC_update(ctx, reinterpret_cast<const uint8_t*>(data->data()), data->size()) != 1) {
-    throw std::runtime_error("Failed to update HMAC: " + std::to_string(ERR_get_error()));
+  if (std::holds_alternative<std::string>(data)) {
+    // Handle string: pass UTF-8 bytes directly to OpenSSL
+    const std::string& str = std::get<std::string>(data);
+    if (EVP_MAC_update(ctx, reinterpret_cast<const uint8_t*>(str.data()), str.length()) != 1) {
+      throw std::runtime_error("Failed to update HMAC: " + std::to_string(ERR_get_error()));
+    }
+  } else {
+    // Handle ArrayBuffer
+    const std::shared_ptr<ArrayBuffer>& buffer = std::get<std::shared_ptr<ArrayBuffer>>(data);
+    if (EVP_MAC_update(ctx, reinterpret_cast<const uint8_t*>(buffer->data()), buffer->size()) != 1) {
+      throw std::runtime_error("Failed to update HMAC: " + std::to_string(ERR_get_error()));
+    }
   }
 }
 

package/cpp/hmac/HybridHmac.hpp

@@ -3,6 +3,7 @@
 #include <openssl/evp.h>
 #include <optional>
 #include <string>
+#include <variant>
 #include <vector>
 
 #include "HybridHmacSpec.hpp"
@@ -19,7 +20,7 @@ class HybridHmac : public HybridHmacSpec {
  public:
   // Methods
   void createHmac(const std::string& algorithm, const std::shared_ptr<ArrayBuffer>& key) override;
-  void update(const std::shared_ptr<ArrayBuffer>& data) override;
+  void update(const std::variant<std::string, std::shared_ptr<ArrayBuffer>>& data) override;
   std::shared_ptr<ArrayBuffer> digest() override;
 
  private:

package/cpp/keys/HybridKeyObjectHandle.cpp

@@ -3,7 +3,7 @@
 
 #include "../utils/base64.h"
 #include "HybridKeyObjectHandle.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include <openssl/bn.h>
 #include <openssl/ec.h>
 #include <openssl/evp.h>

package/cpp/keys/KeyObjectData.cpp

@@ -1,5 +1,5 @@
 #include "KeyObjectData.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include <cstdio>
 #include <optional>
 

package/cpp/keys/KeyObjectData.hpp

@@ -5,7 +5,7 @@
 #include "KFormatType.hpp"
 #include "KeyEncoding.hpp"
 #include "KeyType.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include <ncrypto.h>
 
 namespace margelo::nitro::crypto {

package/cpp/mldsa/HybridMlDsaKeyPair.cpp

@@ -5,7 +5,7 @@
 #include <openssl/err.h>
 #include <openssl/pem.h>
 
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 #if OPENSSL_VERSION_NUMBER >= 0x30500000L
 #define RNQC_HAS_ML_DSA 1

package/cpp/pbkdf2/HybridPbkdf2.cpp

@@ -1,5 +1,5 @@
 #include "HybridPbkdf2.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 namespace margelo::nitro::crypto {
 

package/cpp/random/HybridRandom.cpp

@@ -2,7 +2,7 @@
 #include <openssl/rand.h>
 
 #include "HybridRandom.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 namespace margelo::nitro::crypto {
 

package/cpp/rsa/HybridRsaKeyPair.cpp

@@ -11,7 +11,7 @@
 #include <string>
 
 #include "HybridRsaKeyPair.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 namespace margelo::nitro::crypto {
 

package/cpp/scrypt/HybridScrypt.cpp

@@ -6,7 +6,7 @@
 #include <vector>
 
 #include "HybridScrypt.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 namespace margelo::nitro::crypto {
 

package/cpp/sign/HybridSignHandle.cpp

@@ -1,8 +1,8 @@
 #include "HybridSignHandle.hpp"
 
 #include "../keys/HybridKeyObjectHandle.hpp"
+#include "QuickCryptoUtils.hpp"
 #include "SignUtils.hpp"
-#include "Utils.hpp"
 
 #include <cstring>
 #include <openssl/err.h>