react-native-quick-crypto 1.0.6 → 1.0.8

package/QuickCrypto.podspec

@@ -123,13 +123,18 @@ Pod::Spec.new do |s|
     "GCC_PREPROCESSOR_DEFINITIONS" => "$(inherited) FOLLY_NO_CONFIG FOLLY_CFG_NO_COROUTINES",
     # Set C++ standard to C++20
     "CLANG_CXX_LANGUAGE_STANDARD" => "c++20",
-    "CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES" => "YES"
+    "CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES" => "YES",
+    # Exclude ARM NEON source when building x86_64 simulator (no NEON support).
+    "EXCLUDED_SOURCE_FILE_NAMES[sdk=iphonesimulator*][arch=x86_64]" => "deps/blake3/c/blake3_neon.c"
   }
 
   # Add cpp subdirectories to header search paths
   cpp_headers = [
     "\"$(PODS_TARGET_SRCROOT)/cpp/utils\"",
     "\"$(PODS_TARGET_SRCROOT)/cpp/hkdf\"",
+    "\"$(PODS_TARGET_SRCROOT)/cpp/dh\"",
+    "\"$(PODS_TARGET_SRCROOT)/cpp/ecdh\"",
+    "\"$(PODS_TARGET_SRCROOT)/nitrogen/generated/shared/c++\"",
     "\"$(PODS_TARGET_SRCROOT)/deps/ncrypto/include\"",
     "\"$(PODS_TARGET_SRCROOT)/deps/blake3/c\"",
     "\"$(PODS_TARGET_SRCROOT)/deps/fastpbkdf2\""

package/README.md

@@ -1,8 +1,8 @@
 <a href="https://margelo.com">
   <picture>
-    <source media="(prefers-color-scheme: dark)" srcset="./docs/img/banner-dark.png" />
-    <source media="(prefers-color-scheme: light)" srcset="./docs/img/banner-light.png" />
-    <img alt="react-native-quick-crypto" src="./docs/img/banner-light.png" />
+    <source media="(prefers-color-scheme: dark)" srcset="./.docs/img/banner-dark.png" />
+    <source media="(prefers-color-scheme: light)" srcset="./.docs/img/banner-light.png" />
+    <img alt="react-native-quick-crypto" src="./.docs/img/banner-light.png" />
   </picture>
 </a>
 
@@ -10,7 +10,7 @@
 
 A fast implementation of Node's `crypto` module.
 
-> Note: This version `1.x` completed a major refactor, porting to OpenSSL 3.6+, New Architecture, Bridgeless, and [`Nitro Modules`](https://github.com/mrousavy/react-native-nitro).  It should be at or above feature-parity compared to the `0.x` version.  Status, as always, will be represented in [implementation-coverage.md](../main/docs/implementation-coverage.md).
+> Note: This version `1.x` completed a major refactor, porting to OpenSSL 3.6+, New Architecture, Bridgeless, and [`Nitro Modules`](https://github.com/mrousavy/react-native-nitro).  It should be at or above feature-parity compared to the `0.x` version.  Status, as always, will be represented in [implementation-coverage.md](./.docs/implementation-coverage.md).
 
 > Note: Minimum supported version of React Native is `0.75`.  If you need to use earlier versions, please use `0.x` versions of this library.
 
@@ -46,7 +46,7 @@ There is a benchmark suite in the Example app in this repo that has benchmarks o
 ## Installation
 
 <h3>
-  React Native  <a href="#"><img src="./docs/img/react-native.png" height="15" /></a>
+  React Native  <a href="#"><img src="./.docs/img/react-native.png" height="15" /></a>
 </h3>
 
 ```sh
@@ -55,7 +55,7 @@ cd ios && pod install
 ```
 
 <h3>
-  Expo  <a href="#"><img src="./docs/img/expo.png" height="12" /></a>
+  Expo  <a href="#"><img src="./.docs/img/expo.png" height="12" /></a>
 </h3>
 
 ```sh
@@ -139,7 +139,7 @@ const hashed = QuickCrypto.createHash('sha256')
 
 ## Limitations
 
-Not all cryptographic algorithms are supported yet. See the [implementation coverage](./docs/implementation-coverage.md) document for more details. If you need a specific algorithm, please open a `feature request` issue and we'll see what we can do.
+Not all cryptographic algorithms are supported yet. See the [implementation coverage](./.docs/implementation-coverage.md) document for more details. If you need a specific algorithm, please open a `feature request` issue and we'll see what we can do.
 
 ## Community Discord
 
@@ -153,6 +153,10 @@ Not all cryptographic algorithms are supported yet. See the [implementation cove
 
 See the [contributing guide](CONTRIBUTING.md) to learn how to contribute to the repository and the development workflow.
 
+For more detailed guides, check out our documentation website:
+- [Contributing Guide]([prod-docs]/docs/guides/contributing)
+- [Writing Documentation]([prod-docs]/docs/guides/writing-documentation)
+
 ## License
 
 - react-native-quick-crypto is licensed under MIT.

package/android/CMakeLists.txt

@@ -34,7 +34,9 @@ add_library(
   ../cpp/cipher/XSalsa20Cipher.cpp
   ../cpp/cipher/ChaCha20Cipher.cpp
   ../cpp/cipher/ChaCha20Poly1305Cipher.cpp
+  ../cpp/dh/HybridDiffieHellman.cpp
   ../cpp/ec/HybridEcKeyPair.cpp
+  ../cpp/ecdh/HybridECDH.cpp
   ../cpp/ed25519/HybridEdKeyPair.cpp
   ../cpp/hash/HybridHash.cpp
   ../cpp/hmac/HybridHmac.cpp
@@ -62,7 +64,9 @@ include_directories(
   "src/main/cpp"
   "../cpp/blake3"
   "../cpp/cipher"
+  "../cpp/dh"
   "../cpp/ec"
+  "../cpp/ecdh"
   "../cpp/ed25519"
   "../cpp/hash"
   "../cpp/hkdf"

package/cpp/blake3/HybridBlake3.cpp

@@ -4,7 +4,7 @@
 #include <cstring>
 #include <stdexcept>
 
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 namespace margelo::nitro::crypto {
 

package/cpp/cipher/CCMCipher.cpp

@@ -1,5 +1,5 @@
 #include "CCMCipher.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <stdexcept>

package/cpp/cipher/ChaCha20Cipher.cpp

@@ -1,5 +1,5 @@
 #include "ChaCha20Cipher.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <stdexcept>

package/cpp/cipher/ChaCha20Poly1305Cipher.cpp

@@ -1,5 +1,5 @@
 #include "ChaCha20Poly1305Cipher.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <stdexcept>

package/cpp/cipher/GCMCipher.cpp

@@ -1,5 +1,5 @@
 #include "GCMCipher.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <stdexcept>

package/cpp/cipher/HybridCipher.cpp

@@ -6,7 +6,7 @@
 #include <vector>
 
 #include "HybridCipher.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 #include <openssl/err.h>
 #include <openssl/evp.h>

package/cpp/cipher/HybridCipherFactory.hpp

@@ -10,7 +10,7 @@
 #include "GCMCipher.hpp"
 #include "HybridCipherFactorySpec.hpp"
 #include "OCBCipher.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include "XSalsa20Cipher.hpp"
 
 namespace margelo::nitro::crypto {

package/cpp/cipher/HybridRsaCipher.cpp

@@ -1,6 +1,6 @@
 #include "HybridRsaCipher.hpp"
 #include "../keys/HybridKeyObjectHandle.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 #include <cstring>
 #include <openssl/err.h>

package/cpp/cipher/OCBCipher.cpp

@@ -3,7 +3,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include <cstdio>
 #include <iomanip>
 

package/cpp/cipher/XSalsa20Cipher.cpp

@@ -2,7 +2,7 @@
 #include <stdexcept> // For std::runtime_error
 
 #include "NitroModules/ArrayBuffer.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 #include "XSalsa20Cipher.hpp"
 
 namespace margelo::nitro::crypto {

package/cpp/dh/HybridDiffieHellman.cpp

@@ -0,0 +1,438 @@
+#include "HybridDiffieHellman.hpp"
+#include "QuickCryptoUtils.hpp"
+#include <NitroModules/ArrayBuffer.hpp>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <stdexcept>
+
+namespace margelo::nitro::crypto {
+
+// Smart pointer type aliases for RAII
+using BN_ptr = std::unique_ptr<BIGNUM, decltype(&BN_free)>;
+using DH_ptr = std::unique_ptr<DH, decltype(&DH_free)>;
+using EVP_PKEY_CTX_ptr = std::unique_ptr<EVP_PKEY_CTX, decltype(&EVP_PKEY_CTX_free)>;
+
+// Minimum DH prime size for security (2048 bits = 256 bytes)
+static constexpr int kMinDHPrimeBits = 2048;
+
+// Suppress deprecation warnings for DH_* functions
+// Node.js ncrypto uses the same pattern - these APIs work but are deprecated in OpenSSL 3.x
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+
+void HybridDiffieHellman::init(const std::shared_ptr<ArrayBuffer>& prime, const std::shared_ptr<ArrayBuffer>& generator) {
+  // Create DH structure
+  DH_ptr dh(DH_new(), DH_free);
+  if (!dh) {
+    throw std::runtime_error("DiffieHellman: failed to create DH structure");
+  }
+
+  // Convert prime and generator to BIGNUMs
+  BIGNUM* p = BN_bin2bn(prime->data(), static_cast<int>(prime->size()), nullptr);
+  BIGNUM* g = BN_bin2bn(generator->data(), static_cast<int>(generator->size()), nullptr);
+
+  if (!p || !g) {
+    if (p)
+      BN_free(p);
+    if (g)
+      BN_free(g);
+    throw std::runtime_error("DiffieHellman: failed to convert parameters to BIGNUM");
+  }
+
+  // DH_set0_pqg takes ownership of p and g on success
+  if (DH_set0_pqg(dh.get(), p, nullptr, g) != 1) {
+    BN_free(p);
+    BN_free(g);
+    throw std::runtime_error("DiffieHellman: failed to set DH parameters");
+  }
+
+  // Create EVP_PKEY and assign DH to it
+  EVP_PKEY_ptr pkey(EVP_PKEY_new(), EVP_PKEY_free);
+  if (!pkey) {
+    throw std::runtime_error("DiffieHellman: failed to create EVP_PKEY");
+  }
+
+  // EVP_PKEY_assign_DH takes ownership of dh on success
+  if (EVP_PKEY_assign_DH(pkey.get(), dh.get()) != 1) {
+    throw std::runtime_error("DiffieHellman: failed to assign DH to EVP_PKEY");
+  }
+  dh.release(); // EVP_PKEY now owns the DH
+
+  _pkey = std::move(pkey);
+}
+
+void HybridDiffieHellman::initWithSize(double primeLength, double generator) {
+  int primeBits = static_cast<int>(primeLength);
+  int gen = static_cast<int>(generator);
+
+  // Validate minimum key size for security
+  if (primeBits < kMinDHPrimeBits) {
+    throw std::runtime_error("DiffieHellman: prime length must be at least 2048 bits");
+  }
+
+  // Create parameter generation context
+  EVP_PKEY_CTX_ptr pctx(EVP_PKEY_CTX_new_id(EVP_PKEY_DH, nullptr), EVP_PKEY_CTX_free);
+  if (!pctx) {
+    throw std::runtime_error("DiffieHellman: failed to create parameter context");
+  }
+
+  if (EVP_PKEY_paramgen_init(pctx.get()) <= 0) {
+    throw std::runtime_error("DiffieHellman: failed to initialize parameter generation");
+  }
+
+  if (EVP_PKEY_CTX_set_dh_paramgen_prime_len(pctx.get(), primeBits) <= 0) {
+    throw std::runtime_error("DiffieHellman: failed to set prime length");
+  }
+
+  if (EVP_PKEY_CTX_set_dh_paramgen_generator(pctx.get(), gen) <= 0) {
+    throw std::runtime_error("DiffieHellman: failed to set generator");
+  }
+
+  EVP_PKEY* params = nullptr;
+  if (EVP_PKEY_paramgen(pctx.get(), &params) <= 0) {
+    throw std::runtime_error("DiffieHellman: failed to generate parameters");
+  }
+
+  _pkey.reset(params);
+}
+
+std::shared_ptr<ArrayBuffer> HybridDiffieHellman::generateKeys() {
+  ensureInitialized();
+
+  EVP_PKEY_CTX_ptr kctx(EVP_PKEY_CTX_new(_pkey.get(), nullptr), EVP_PKEY_CTX_free);
+  if (!kctx) {
+    throw std::runtime_error("DiffieHellman: failed to create keygen context");
+  }
+
+  if (EVP_PKEY_keygen_init(kctx.get()) <= 0) {
+    throw std::runtime_error("DiffieHellman: failed to initialize key generation");
+  }
+
+  EVP_PKEY* newKey = nullptr;
+  if (EVP_PKEY_keygen(kctx.get(), &newKey) <= 0) {
+    throw std::runtime_error("DiffieHellman: failed to generate key pair");
+  }
+
+  // Replace parameters-only key with full key (which includes parameters)
+  _pkey.reset(newKey);
+
+  return getPublicKey();
+}
+
+std::shared_ptr<ArrayBuffer> HybridDiffieHellman::computeSecret(const std::shared_ptr<ArrayBuffer>& otherPublicKey) {
+  ensureInitialized();
+
+  const DH* ourDh = getDH();
+  const BIGNUM *p, *q, *g;
+  DH_get0_pqg(ourDh, &p, &q, &g);
+
+  // Create peer DH with same parameters but peer's public key
+  DH_ptr peerDh(DH_new(), DH_free);
+  if (!peerDh) {
+    throw std::runtime_error("DiffieHellman: failed to create peer DH structure");
+  }
+
+  // Duplicate parameters for peer
+  BIGNUM* peerP = BN_dup(p);
+  BIGNUM* peerG = BN_dup(g);
+  BIGNUM* peerPubKey = BN_bin2bn(otherPublicKey->data(), static_cast<int>(otherPublicKey->size()), nullptr);
+
+  if (!peerP || !peerG || !peerPubKey) {
+    if (peerP)
+      BN_free(peerP);
+    if (peerG)
+      BN_free(peerG);
+    if (peerPubKey)
+      BN_free(peerPubKey);
+    throw std::runtime_error("DiffieHellman: failed to create peer parameters");
+  }
+
+  // Set peer DH parameters (takes ownership on success)
+  if (DH_set0_pqg(peerDh.get(), peerP, nullptr, peerG) != 1) {
+    BN_free(peerP);
+    BN_free(peerG);
+    BN_free(peerPubKey);
+    throw std::runtime_error("DiffieHellman: failed to set peer DH parameters");
+  }
+
+  // Set peer public key (takes ownership on success)
+  if (DH_set0_key(peerDh.get(), peerPubKey, nullptr) != 1) {
+    BN_free(peerPubKey);
+    throw std::runtime_error("DiffieHellman: failed to set peer public key");
+  }
+
+  // Create peer EVP_PKEY
+  EVP_PKEY_ptr peerPkey(EVP_PKEY_new(), EVP_PKEY_free);
+  if (!peerPkey) {
+    throw std::runtime_error("DiffieHellman: failed to create peer EVP_PKEY");
+  }
+
+  // EVP_PKEY_assign_DH takes ownership of peerDh on success
+  if (EVP_PKEY_assign_DH(peerPkey.get(), peerDh.get()) != 1) {
+    throw std::runtime_error("DiffieHellman: failed to assign peer DH to EVP_PKEY");
+  }
+  peerDh.release(); // EVP_PKEY now owns the DH
+
+  // Derive shared secret using EVP API
+  EVP_PKEY_CTX_ptr ctx(EVP_PKEY_CTX_new(_pkey.get(), nullptr), EVP_PKEY_CTX_free);
+  if (!ctx) {
+    throw std::runtime_error("DiffieHellman: failed to create derive context");
+  }
+
+  if (EVP_PKEY_derive_init(ctx.get()) <= 0) {
+    throw std::runtime_error("DiffieHellman: failed to initialize key derivation");
+  }
+
+  if (EVP_PKEY_derive_set_peer(ctx.get(), peerPkey.get()) <= 0) {
+    throw std::runtime_error("DiffieHellman: failed to set peer key for derivation");
+  }
+
+  // Get required buffer size
+  size_t secretLen = 0;
+  if (EVP_PKEY_derive(ctx.get(), nullptr, &secretLen) <= 0) {
+    throw std::runtime_error("DiffieHellman: failed to get shared secret length");
+  }
+
+  // Derive the shared secret
+  std::vector<uint8_t> secret(secretLen);
+  if (EVP_PKEY_derive(ctx.get(), secret.data(), &secretLen) <= 0) {
+    throw std::runtime_error("DiffieHellman: failed to derive shared secret");
+  }
+
+  // Resize to actual length (may be smaller due to leading zeros)
+  secret.resize(secretLen);
+
+  return ToNativeArrayBuffer(secret);
+}
+
+std::shared_ptr<ArrayBuffer> HybridDiffieHellman::getPrime() {
+  ensureInitialized();
+  const DH* dh = getDH();
+
+  const BIGNUM *p, *q, *g;
+  DH_get0_pqg(dh, &p, &q, &g);
+  if (!p) {
+    throw std::runtime_error("DiffieHellman: no prime available");
+  }
+
+  int len = BN_num_bytes(p);
+  std::vector<uint8_t> buf(len);
+  BN_bn2bin(p, buf.data());
+
+  return ToNativeArrayBuffer(buf);
+}
+
+std::shared_ptr<ArrayBuffer> HybridDiffieHellman::getGenerator() {
+  ensureInitialized();
+  const DH* dh = getDH();
+
+  const BIGNUM *p, *q, *g;
+  DH_get0_pqg(dh, &p, &q, &g);
+  if (!g) {
+    throw std::runtime_error("DiffieHellman: no generator available");
+  }
+
+  int len = BN_num_bytes(g);
+  std::vector<uint8_t> buf(len);
+  BN_bn2bin(g, buf.data());
+
+  return ToNativeArrayBuffer(buf);
+}
+
+std::shared_ptr<ArrayBuffer> HybridDiffieHellman::getPublicKey() {
+  ensureInitialized();
+  const DH* dh = getDH();
+
+  const BIGNUM *pub, *priv;
+  DH_get0_key(dh, &pub, &priv);
+  if (!pub) {
+    throw std::runtime_error("DiffieHellman: no public key available");
+  }
+
+  int len = BN_num_bytes(pub);
+  std::vector<uint8_t> buf(len);
+  BN_bn2bin(pub, buf.data());
+
+  return ToNativeArrayBuffer(buf);
+}
+
+std::shared_ptr<ArrayBuffer> HybridDiffieHellman::getPrivateKey() {
+  ensureInitialized();
+  const DH* dh = getDH();
+
+  const BIGNUM *pub, *priv;
+  DH_get0_key(dh, &pub, &priv);
+  if (!priv) {
+    throw std::runtime_error("DiffieHellman: no private key available");
+  }
+
+  int len = BN_num_bytes(priv);
+  std::vector<uint8_t> buf(len);
+  BN_bn2bin(priv, buf.data());
+
+  return ToNativeArrayBuffer(buf);
+}
+
+void HybridDiffieHellman::setPublicKey(const std::shared_ptr<ArrayBuffer>& publicKey) {
+  ensureInitialized();
+  const DH* dh = getDH();
+
+  // Get existing keys
+  const BIGNUM *oldPub, *oldPriv;
+  DH_get0_key(dh, &oldPub, &oldPriv);
+
+  // Get parameters
+  const BIGNUM *p, *q, *g;
+  DH_get0_pqg(dh, &p, &q, &g);
+
+  // Create new DH with copied parameters
+  DH_ptr newDh(DH_new(), DH_free);
+  if (!newDh) {
+    throw std::runtime_error("DiffieHellman: failed to create new DH structure");
+  }
+
+  // Duplicate parameters
+  BIGNUM* newP = BN_dup(p);
+  BIGNUM* newQ = q ? BN_dup(q) : nullptr;
+  BIGNUM* newG = BN_dup(g);
+
+  if (!newP || !newG) {
+    if (newP)
+      BN_free(newP);
+    if (newQ)
+      BN_free(newQ);
+    if (newG)
+      BN_free(newG);
+    throw std::runtime_error("DiffieHellman: failed to duplicate parameters");
+  }
+
+  if (DH_set0_pqg(newDh.get(), newP, newQ, newG) != 1) {
+    BN_free(newP);
+    if (newQ)
+      BN_free(newQ);
+    BN_free(newG);
+    throw std::runtime_error("DiffieHellman: failed to set parameters");
+  }
+
+  // Convert new public key
+  BIGNUM* newPub = BN_bin2bn(publicKey->data(), static_cast<int>(publicKey->size()), nullptr);
+  BIGNUM* newPriv = oldPriv ? BN_dup(oldPriv) : nullptr;
+
+  if (!newPub) {
+    if (newPriv)
+      BN_free(newPriv);
+    throw std::runtime_error("DiffieHellman: failed to convert public key");
+  }
+
+  if (DH_set0_key(newDh.get(), newPub, newPriv) != 1) {
+    BN_free(newPub);
+    if (newPriv)
+      BN_free(newPriv);
+    throw std::runtime_error("DiffieHellman: failed to set keys");
+  }
+
+  // Create new EVP_PKEY
+  EVP_PKEY_ptr newPkey(EVP_PKEY_new(), EVP_PKEY_free);
+  if (!newPkey) {
+    throw std::runtime_error("DiffieHellman: failed to create new EVP_PKEY");
+  }
+
+  if (EVP_PKEY_assign_DH(newPkey.get(), newDh.get()) != 1) {
+    throw std::runtime_error("DiffieHellman: failed to assign DH to EVP_PKEY");
+  }
+  newDh.release();
+
+  _pkey = std::move(newPkey);
+}
+
+void HybridDiffieHellman::setPrivateKey(const std::shared_ptr<ArrayBuffer>& privateKey) {
+  ensureInitialized();
+  const DH* dh = getDH();
+
+  // Get existing keys
+  const BIGNUM *oldPub, *oldPriv;
+  DH_get0_key(dh, &oldPub, &oldPriv);
+
+  // Get parameters
+  const BIGNUM *p, *q, *g;
+  DH_get0_pqg(dh, &p, &q, &g);
+
+  // Create new DH with copied parameters
+  DH_ptr newDh(DH_new(), DH_free);
+  if (!newDh) {
+    throw std::runtime_error("DiffieHellman: failed to create new DH structure");
+  }
+
+  // Duplicate parameters
+  BIGNUM* newP = BN_dup(p);
+  BIGNUM* newQ = q ? BN_dup(q) : nullptr;
+  BIGNUM* newG = BN_dup(g);
+
+  if (!newP || !newG) {
+    if (newP)
+      BN_free(newP);
+    if (newQ)
+      BN_free(newQ);
+    if (newG)
+      BN_free(newG);
+    throw std::runtime_error("DiffieHellman: failed to duplicate parameters");
+  }
+
+  if (DH_set0_pqg(newDh.get(), newP, newQ, newG) != 1) {
+    BN_free(newP);
+    if (newQ)
+      BN_free(newQ);
+    BN_free(newG);
+    throw std::runtime_error("DiffieHellman: failed to set parameters");
+  }
+
+  // Convert new private key
+  BIGNUM* newPub = oldPub ? BN_dup(oldPub) : nullptr;
+  BIGNUM* newPriv = BN_bin2bn(privateKey->data(), static_cast<int>(privateKey->size()), nullptr);
+
+  if (!newPriv) {
+    if (newPub)
+      BN_free(newPub);
+    throw std::runtime_error("DiffieHellman: failed to convert private key");
+  }
+
+  if (DH_set0_key(newDh.get(), newPub, newPriv) != 1) {
+    if (newPub)
+      BN_free(newPub);
+    BN_free(newPriv);
+    throw std::runtime_error("DiffieHellman: failed to set keys");
+  }
+
+  // Create new EVP_PKEY
+  EVP_PKEY_ptr newPkey(EVP_PKEY_new(), EVP_PKEY_free);
+  if (!newPkey) {
+    throw std::runtime_error("DiffieHellman: failed to create new EVP_PKEY");
+  }
+
+  if (EVP_PKEY_assign_DH(newPkey.get(), newDh.get()) != 1) {
+    throw std::runtime_error("DiffieHellman: failed to assign DH to EVP_PKEY");
+  }
+  newDh.release();
+
+  _pkey = std::move(newPkey);
+}
+
+void HybridDiffieHellman::ensureInitialized() const {
+  if (!_pkey) {
+    throw std::runtime_error("DiffieHellman: not initialized");
+  }
+}
+
+const DH* HybridDiffieHellman::getDH() const {
+  const DH* dh = EVP_PKEY_get0_DH(_pkey.get());
+  if (!dh) {
+    throw std::runtime_error("DiffieHellman: key is not a DH key");
+  }
+  return dh;
+}
+
+#pragma clang diagnostic pop
+
+} // namespace margelo::nitro::crypto

package/cpp/dh/HybridDiffieHellman.hpp

@@ -0,0 +1,41 @@
+#pragma once
+
+#include <memory>
+#include <openssl/dh.h>
+#include <openssl/evp.h>
+#include <string>
+#include <vector>
+
+#include "HybridDiffieHellmanSpec.hpp"
+
+namespace margelo::nitro::crypto {
+
+using namespace facebook;
+using margelo::nitro::ArrayBuffer;
+
+using EVP_PKEY_ptr = std::unique_ptr<EVP_PKEY, decltype(&EVP_PKEY_free)>;
+
+class HybridDiffieHellman : public HybridDiffieHellmanSpec {
+ public:
+  HybridDiffieHellman() : HybridObject("DiffieHellman"), _pkey(nullptr, EVP_PKEY_free) {}
+  virtual ~HybridDiffieHellman() = default;
+
+  void init(const std::shared_ptr<ArrayBuffer>& prime, const std::shared_ptr<ArrayBuffer>& generator) override;
+  void initWithSize(double primeLength, double generator) override;
+  std::shared_ptr<ArrayBuffer> generateKeys() override;
+  std::shared_ptr<ArrayBuffer> computeSecret(const std::shared_ptr<ArrayBuffer>& otherPublicKey) override;
+  std::shared_ptr<ArrayBuffer> getPrime() override;
+  std::shared_ptr<ArrayBuffer> getGenerator() override;
+  std::shared_ptr<ArrayBuffer> getPublicKey() override;
+  std::shared_ptr<ArrayBuffer> getPrivateKey() override;
+  void setPublicKey(const std::shared_ptr<ArrayBuffer>& publicKey) override;
+  void setPrivateKey(const std::shared_ptr<ArrayBuffer>& privateKey) override;
+
+ private:
+  EVP_PKEY_ptr _pkey;
+
+  void ensureInitialized() const;
+  const DH* getDH() const;
+};
+
+} // namespace margelo::nitro::crypto

package/cpp/ec/HybridEcKeyPair.cpp

@@ -21,7 +21,7 @@
 #endif
 
 #include "HybridEcKeyPair.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 namespace margelo::nitro::crypto {
 

package/cpp/ec/HybridEcKeyPair.hpp

@@ -6,7 +6,7 @@
 #include <string>
 
 #include "HybridEcKeyPairSpec.hpp"
-#include "Utils.hpp"
+#include "QuickCryptoUtils.hpp"
 
 namespace margelo::nitro::crypto {