react-native-quick-crypto 1.0.9 → 1.0.11

package/nitrogen/generated/shared/c++/JWKkty.hpp

@@ -2,7 +2,7 @@
 /// JWKkty.hpp
 /// This file was generated by nitrogen. DO NOT MODIFY THIS FILE.
 /// https://github.com/mrousavy/nitro
-/// Copyright © 2025 Marc Rousavy @ Margelo
+/// Copyright © Marc Rousavy @ Margelo
 ///
 
 #pragma once
@@ -33,6 +33,7 @@ namespace margelo::nitro::crypto {
     RSA      SWIFT_NAME(rsa) = 1,
     EC      SWIFT_NAME(ec) = 2,
     OCT      SWIFT_NAME(oct) = 3,
+    OKP      SWIFT_NAME(okp) = 4,
   } CLOSED_ENUM;
 
 } // namespace margelo::nitro::crypto
@@ -49,6 +50,7 @@ namespace margelo::nitro {
         case hashString("RSA"): return margelo::nitro::crypto::JWKkty::RSA;
         case hashString("EC"): return margelo::nitro::crypto::JWKkty::EC;
         case hashString("oct"): return margelo::nitro::crypto::JWKkty::OCT;
+        case hashString("OKP"): return margelo::nitro::crypto::JWKkty::OKP;
         default: [[unlikely]]
           throw std::invalid_argument("Cannot convert \"" + unionValue + "\" to enum JWKkty - invalid value!");
       }
@@ -59,6 +61,7 @@ namespace margelo::nitro {
         case margelo::nitro::crypto::JWKkty::RSA: return JSIConverter<std::string>::toJSI(runtime, "RSA");
         case margelo::nitro::crypto::JWKkty::EC: return JSIConverter<std::string>::toJSI(runtime, "EC");
         case margelo::nitro::crypto::JWKkty::OCT: return JSIConverter<std::string>::toJSI(runtime, "oct");
+        case margelo::nitro::crypto::JWKkty::OKP: return JSIConverter<std::string>::toJSI(runtime, "OKP");
         default: [[unlikely]]
           throw std::invalid_argument("Cannot convert JWKkty to JS - invalid value: "
                                     + std::to_string(static_cast<int>(arg)) + "!");
@@ -74,6 +77,7 @@ namespace margelo::nitro {
         case hashString("RSA"):
         case hashString("EC"):
         case hashString("oct"):
+        case hashString("OKP"):
           return true;
         default:
           return false;

package/nitrogen/generated/shared/c++/JWKuse.hpp

@@ -2,7 +2,7 @@
 /// JWKuse.hpp
 /// This file was generated by nitrogen. DO NOT MODIFY THIS FILE.
 /// https://github.com/mrousavy/nitro
-/// Copyright © 2025 Marc Rousavy @ Margelo
+/// Copyright © Marc Rousavy @ Margelo
 ///
 
 #pragma once

package/nitrogen/generated/shared/c++/KFormatType.hpp

@@ -2,7 +2,7 @@
 /// KFormatType.hpp
 /// This file was generated by nitrogen. DO NOT MODIFY THIS FILE.
 /// https://github.com/mrousavy/nitro
-/// Copyright © 2025 Marc Rousavy @ Margelo
+/// Copyright © Marc Rousavy @ Margelo
 ///
 
 #pragma once

package/nitrogen/generated/shared/c++/KeyDetail.hpp

@@ -2,7 +2,7 @@
 /// KeyDetail.hpp
 /// This file was generated by nitrogen. DO NOT MODIFY THIS FILE.
 /// https://github.com/mrousavy/nitro
-/// Copyright © 2025 Marc Rousavy @ Margelo
+/// Copyright © Marc Rousavy @ Margelo
 ///
 
 #pragma once
@@ -17,6 +17,16 @@
 #else
 #error NitroModules cannot be found! Are you sure you installed NitroModules properly?
 #endif
+#if __has_include(<NitroModules/JSIHelpers.hpp>)
+#include <NitroModules/JSIHelpers.hpp>
+#else
+#error NitroModules cannot be found! Are you sure you installed NitroModules properly?
+#endif
+#if __has_include(<NitroModules/PropNameIDCache.hpp>)
+#include <NitroModules/PropNameIDCache.hpp>
+#else
+#error NitroModules cannot be found! Are you sure you installed NitroModules properly?
+#endif
 
 
 
@@ -28,7 +38,7 @@ namespace margelo::nitro::crypto {
   /**
    * A struct which can be represented as a JavaScript object (KeyDetail).
    */
-  struct KeyDetail {
+  struct KeyDetail final {
   public:
     std::optional<double> length     SWIFT_PRIVATE;
     std::optional<double> publicExponent     SWIFT_PRIVATE;
@@ -41,6 +51,9 @@ namespace margelo::nitro::crypto {
   public:
     KeyDetail() = default;
     explicit KeyDetail(std::optional<double> length, std::optional<double> publicExponent, std::optional<double> modulusLength, std::optional<std::string> hashAlgorithm, std::optional<std::string> mgf1HashAlgorithm, std::optional<double> saltLength, std::optional<std::string> namedCurve): length(length), publicExponent(publicExponent), modulusLength(modulusLength), hashAlgorithm(hashAlgorithm), mgf1HashAlgorithm(mgf1HashAlgorithm), saltLength(saltLength), namedCurve(namedCurve) {}
+
+  public:
+    friend bool operator==(const KeyDetail& lhs, const KeyDetail& rhs) = default;
   };
 
 } // namespace margelo::nitro::crypto
@@ -53,24 +66,24 @@ namespace margelo::nitro {
     static inline margelo::nitro::crypto::KeyDetail fromJSI(jsi::Runtime& runtime, const jsi::Value& arg) {
       jsi::Object obj = arg.asObject(runtime);
       return margelo::nitro::crypto::KeyDetail(
-        JSIConverter<std::optional<double>>::fromJSI(runtime, obj.getProperty(runtime, "length")),
-        JSIConverter<std::optional<double>>::fromJSI(runtime, obj.getProperty(runtime, "publicExponent")),
-        JSIConverter<std::optional<double>>::fromJSI(runtime, obj.getProperty(runtime, "modulusLength")),
-        JSIConverter<std::optional<std::string>>::fromJSI(runtime, obj.getProperty(runtime, "hashAlgorithm")),
-        JSIConverter<std::optional<std::string>>::fromJSI(runtime, obj.getProperty(runtime, "mgf1HashAlgorithm")),
-        JSIConverter<std::optional<double>>::fromJSI(runtime, obj.getProperty(runtime, "saltLength")),
-        JSIConverter<std::optional<std::string>>::fromJSI(runtime, obj.getProperty(runtime, "namedCurve"))
+        JSIConverter<std::optional<double>>::fromJSI(runtime, obj.getProperty(runtime, PropNameIDCache::get(runtime, "length"))),
+        JSIConverter<std::optional<double>>::fromJSI(runtime, obj.getProperty(runtime, PropNameIDCache::get(runtime, "publicExponent"))),
+        JSIConverter<std::optional<double>>::fromJSI(runtime, obj.getProperty(runtime, PropNameIDCache::get(runtime, "modulusLength"))),
+        JSIConverter<std::optional<std::string>>::fromJSI(runtime, obj.getProperty(runtime, PropNameIDCache::get(runtime, "hashAlgorithm"))),
+        JSIConverter<std::optional<std::string>>::fromJSI(runtime, obj.getProperty(runtime, PropNameIDCache::get(runtime, "mgf1HashAlgorithm"))),
+        JSIConverter<std::optional<double>>::fromJSI(runtime, obj.getProperty(runtime, PropNameIDCache::get(runtime, "saltLength"))),
+        JSIConverter<std::optional<std::string>>::fromJSI(runtime, obj.getProperty(runtime, PropNameIDCache::get(runtime, "namedCurve")))
       );
     }
     static inline jsi::Value toJSI(jsi::Runtime& runtime, const margelo::nitro::crypto::KeyDetail& arg) {
       jsi::Object obj(runtime);
-      obj.setProperty(runtime, "length", JSIConverter<std::optional<double>>::toJSI(runtime, arg.length));
-      obj.setProperty(runtime, "publicExponent", JSIConverter<std::optional<double>>::toJSI(runtime, arg.publicExponent));
-      obj.setProperty(runtime, "modulusLength", JSIConverter<std::optional<double>>::toJSI(runtime, arg.modulusLength));
-      obj.setProperty(runtime, "hashAlgorithm", JSIConverter<std::optional<std::string>>::toJSI(runtime, arg.hashAlgorithm));
-      obj.setProperty(runtime, "mgf1HashAlgorithm", JSIConverter<std::optional<std::string>>::toJSI(runtime, arg.mgf1HashAlgorithm));
-      obj.setProperty(runtime, "saltLength", JSIConverter<std::optional<double>>::toJSI(runtime, arg.saltLength));
-      obj.setProperty(runtime, "namedCurve", JSIConverter<std::optional<std::string>>::toJSI(runtime, arg.namedCurve));
+      obj.setProperty(runtime, PropNameIDCache::get(runtime, "length"), JSIConverter<std::optional<double>>::toJSI(runtime, arg.length));
+      obj.setProperty(runtime, PropNameIDCache::get(runtime, "publicExponent"), JSIConverter<std::optional<double>>::toJSI(runtime, arg.publicExponent));
+      obj.setProperty(runtime, PropNameIDCache::get(runtime, "modulusLength"), JSIConverter<std::optional<double>>::toJSI(runtime, arg.modulusLength));
+      obj.setProperty(runtime, PropNameIDCache::get(runtime, "hashAlgorithm"), JSIConverter<std::optional<std::string>>::toJSI(runtime, arg.hashAlgorithm));
+      obj.setProperty(runtime, PropNameIDCache::get(runtime, "mgf1HashAlgorithm"), JSIConverter<std::optional<std::string>>::toJSI(runtime, arg.mgf1HashAlgorithm));
+      obj.setProperty(runtime, PropNameIDCache::get(runtime, "saltLength"), JSIConverter<std::optional<double>>::toJSI(runtime, arg.saltLength));
+      obj.setProperty(runtime, PropNameIDCache::get(runtime, "namedCurve"), JSIConverter<std::optional<std::string>>::toJSI(runtime, arg.namedCurve));
       return obj;
     }
     static inline bool canConvert(jsi::Runtime& runtime, const jsi::Value& value) {
@@ -78,13 +91,16 @@ namespace margelo::nitro {
         return false;
       }
       jsi::Object obj = value.getObject(runtime);
-      if (!JSIConverter<std::optional<double>>::canConvert(runtime, obj.getProperty(runtime, "length"))) return false;
-      if (!JSIConverter<std::optional<double>>::canConvert(runtime, obj.getProperty(runtime, "publicExponent"))) return false;
-      if (!JSIConverter<std::optional<double>>::canConvert(runtime, obj.getProperty(runtime, "modulusLength"))) return false;
-      if (!JSIConverter<std::optional<std::string>>::canConvert(runtime, obj.getProperty(runtime, "hashAlgorithm"))) return false;
-      if (!JSIConverter<std::optional<std::string>>::canConvert(runtime, obj.getProperty(runtime, "mgf1HashAlgorithm"))) return false;
-      if (!JSIConverter<std::optional<double>>::canConvert(runtime, obj.getProperty(runtime, "saltLength"))) return false;
-      if (!JSIConverter<std::optional<std::string>>::canConvert(runtime, obj.getProperty(runtime, "namedCurve"))) return false;
+      if (!nitro::isPlainObject(runtime, obj)) {
+        return false;
+      }
+      if (!JSIConverter<std::optional<double>>::canConvert(runtime, obj.getProperty(runtime, PropNameIDCache::get(runtime, "length")))) return false;
+      if (!JSIConverter<std::optional<double>>::canConvert(runtime, obj.getProperty(runtime, PropNameIDCache::get(runtime, "publicExponent")))) return false;
+      if (!JSIConverter<std::optional<double>>::canConvert(runtime, obj.getProperty(runtime, PropNameIDCache::get(runtime, "modulusLength")))) return false;
+      if (!JSIConverter<std::optional<std::string>>::canConvert(runtime, obj.getProperty(runtime, PropNameIDCache::get(runtime, "hashAlgorithm")))) return false;
+      if (!JSIConverter<std::optional<std::string>>::canConvert(runtime, obj.getProperty(runtime, PropNameIDCache::get(runtime, "mgf1HashAlgorithm")))) return false;
+      if (!JSIConverter<std::optional<double>>::canConvert(runtime, obj.getProperty(runtime, PropNameIDCache::get(runtime, "saltLength")))) return false;
+      if (!JSIConverter<std::optional<std::string>>::canConvert(runtime, obj.getProperty(runtime, PropNameIDCache::get(runtime, "namedCurve")))) return false;
       return true;
     }
   };

package/nitrogen/generated/shared/c++/KeyEncoding.hpp

@@ -2,7 +2,7 @@
 /// KeyEncoding.hpp
 /// This file was generated by nitrogen. DO NOT MODIFY THIS FILE.
 /// https://github.com/mrousavy/nitro
-/// Copyright © 2025 Marc Rousavy @ Margelo
+/// Copyright © Marc Rousavy @ Margelo
 ///
 
 #pragma once

package/nitrogen/generated/shared/c++/KeyObject.hpp

@@ -2,7 +2,7 @@
 /// KeyObject.hpp
 /// This file was generated by nitrogen. DO NOT MODIFY THIS FILE.
 /// https://github.com/mrousavy/nitro
-/// Copyright © 2025 Marc Rousavy @ Margelo
+/// Copyright © Marc Rousavy @ Margelo
 ///
 
 #pragma once
@@ -17,6 +17,16 @@
 #else
 #error NitroModules cannot be found! Are you sure you installed NitroModules properly?
 #endif
+#if __has_include(<NitroModules/JSIHelpers.hpp>)
+#include <NitroModules/JSIHelpers.hpp>
+#else
+#error NitroModules cannot be found! Are you sure you installed NitroModules properly?
+#endif
+#if __has_include(<NitroModules/PropNameIDCache.hpp>)
+#include <NitroModules/PropNameIDCache.hpp>
+#else
+#error NitroModules cannot be found! Are you sure you installed NitroModules properly?
+#endif
 
 
 
@@ -27,13 +37,16 @@ namespace margelo::nitro::crypto {
   /**
    * A struct which can be represented as a JavaScript object (KeyObject).
    */
-  struct KeyObject {
+  struct KeyObject final {
   public:
     bool extractable     SWIFT_PRIVATE;
 
   public:
     KeyObject() = default;
     explicit KeyObject(bool extractable): extractable(extractable) {}
+
+  public:
+    friend bool operator==(const KeyObject& lhs, const KeyObject& rhs) = default;
   };
 
 } // namespace margelo::nitro::crypto
@@ -46,12 +59,12 @@ namespace margelo::nitro {
     static inline margelo::nitro::crypto::KeyObject fromJSI(jsi::Runtime& runtime, const jsi::Value& arg) {
       jsi::Object obj = arg.asObject(runtime);
       return margelo::nitro::crypto::KeyObject(
-        JSIConverter<bool>::fromJSI(runtime, obj.getProperty(runtime, "extractable"))
+        JSIConverter<bool>::fromJSI(runtime, obj.getProperty(runtime, PropNameIDCache::get(runtime, "extractable")))
       );
     }
     static inline jsi::Value toJSI(jsi::Runtime& runtime, const margelo::nitro::crypto::KeyObject& arg) {
       jsi::Object obj(runtime);
-      obj.setProperty(runtime, "extractable", JSIConverter<bool>::toJSI(runtime, arg.extractable));
+      obj.setProperty(runtime, PropNameIDCache::get(runtime, "extractable"), JSIConverter<bool>::toJSI(runtime, arg.extractable));
       return obj;
     }
     static inline bool canConvert(jsi::Runtime& runtime, const jsi::Value& value) {
@@ -59,7 +72,10 @@ namespace margelo::nitro {
         return false;
       }
       jsi::Object obj = value.getObject(runtime);
-      if (!JSIConverter<bool>::canConvert(runtime, obj.getProperty(runtime, "extractable"))) return false;
+      if (!nitro::isPlainObject(runtime, obj)) {
+        return false;
+      }
+      if (!JSIConverter<bool>::canConvert(runtime, obj.getProperty(runtime, PropNameIDCache::get(runtime, "extractable")))) return false;
       return true;
     }
   };

package/nitrogen/generated/shared/c++/KeyType.hpp

@@ -2,7 +2,7 @@
 /// KeyType.hpp
 /// This file was generated by nitrogen. DO NOT MODIFY THIS FILE.
 /// https://github.com/mrousavy/nitro
-/// Copyright © 2025 Marc Rousavy @ Margelo
+/// Copyright © Marc Rousavy @ Margelo
 ///
 
 #pragma once

package/nitrogen/generated/shared/c++/KeyUsage.hpp

@@ -2,7 +2,7 @@
 /// KeyUsage.hpp
 /// This file was generated by nitrogen. DO NOT MODIFY THIS FILE.
 /// https://github.com/mrousavy/nitro
-/// Copyright © 2025 Marc Rousavy @ Margelo
+/// Copyright © Marc Rousavy @ Margelo
 ///
 
 #pragma once

package/nitrogen/generated/shared/c++/NamedCurve.hpp

@@ -2,7 +2,7 @@
 /// NamedCurve.hpp
 /// This file was generated by nitrogen. DO NOT MODIFY THIS FILE.
 /// https://github.com/mrousavy/nitro
-/// Copyright © 2025 Marc Rousavy @ Margelo
+/// Copyright © Marc Rousavy @ Margelo
 ///
 
 #pragma once

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "react-native-quick-crypto",
-  "version": "1.0.9",
+  "version": "1.0.11",
   "description": "A fast implementation of Node's `crypto` module written in C/C++ JSI",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",

package/src/argon2.ts

@@ -0,0 +1,83 @@
+import { Buffer } from '@craftzdog/react-native-buffer';
+import { NitroModules } from 'react-native-nitro-modules';
+import type { Argon2 as NativeArgon2 } from './specs/argon2.nitro';
+import { binaryLikeToArrayBuffer } from './utils';
+import type { BinaryLike } from './utils';
+
+let native: NativeArgon2;
+function getNative(): NativeArgon2 {
+  if (native == null) {
+    native = NitroModules.createHybridObject<NativeArgon2>('Argon2');
+  }
+  return native;
+}
+
+export interface Argon2Params {
+  message: BinaryLike;
+  nonce: BinaryLike;
+  parallelism: number;
+  tagLength: number;
+  memory: number;
+  passes: number;
+  secret?: BinaryLike;
+  associatedData?: BinaryLike;
+  version?: number;
+}
+
+const ARGON2_VERSION = 0x13; // v1.3
+
+function validateAlgorithm(algorithm: string): void {
+  if (
+    algorithm !== 'argon2d' &&
+    algorithm !== 'argon2i' &&
+    algorithm !== 'argon2id'
+  ) {
+    throw new TypeError(`Unknown argon2 algorithm: ${algorithm}`);
+  }
+}
+
+function toAB(value: BinaryLike): ArrayBuffer {
+  return binaryLikeToArrayBuffer(value);
+}
+
+export function argon2Sync(algorithm: string, params: Argon2Params): Buffer {
+  validateAlgorithm(algorithm);
+  const version = params.version ?? ARGON2_VERSION;
+  const result = getNative().hashSync(
+    algorithm,
+    toAB(params.message),
+    toAB(params.nonce),
+    params.parallelism,
+    params.tagLength,
+    params.memory,
+    params.passes,
+    version,
+    params.secret ? toAB(params.secret) : undefined,
+    params.associatedData ? toAB(params.associatedData) : undefined,
+  );
+  return Buffer.from(result);
+}
+
+export function argon2(
+  algorithm: string,
+  params: Argon2Params,
+  callback: (err: Error | null, result: Buffer) => void,
+): void {
+  validateAlgorithm(algorithm);
+  const version = params.version ?? ARGON2_VERSION;
+  getNative()
+    .hash(
+      algorithm,
+      toAB(params.message),
+      toAB(params.nonce),
+      params.parallelism,
+      params.tagLength,
+      params.memory,
+      params.passes,
+      version,
+      params.secret ? toAB(params.secret) : undefined,
+      params.associatedData ? toAB(params.associatedData) : undefined,
+    )
+    .then(ab => callback(null, Buffer.from(ab)))
+    .catch((err: Error) => callback(err, Buffer.alloc(0)));
+}

package/src/certificate.ts

@@ -0,0 +1,41 @@
+import { NitroModules } from 'react-native-nitro-modules';
+import { Buffer } from '@craftzdog/react-native-buffer';
+import type { Certificate as NativeCertificate } from './specs/certificate.nitro';
+import type { BinaryLike } from './utils';
+import { binaryLikeToArrayBuffer } from './utils';
+
+let native: NativeCertificate;
+function getNative(): NativeCertificate {
+  if (native == null) {
+    native = NitroModules.createHybridObject<NativeCertificate>('Certificate');
+  }
+  return native;
+}
+
+function toArrayBuffer(
+  spkac: BinaryLike,
+  encoding?: BufferEncoding,
+): ArrayBuffer {
+  if (typeof spkac === 'string') {
+    return binaryLikeToArrayBuffer(spkac, encoding || 'utf8');
+  }
+  return binaryLikeToArrayBuffer(spkac);
+}
+
+export class Certificate {
+  static exportChallenge(spkac: BinaryLike, encoding?: BufferEncoding): Buffer {
+    return Buffer.from(
+      getNative().exportChallenge(toArrayBuffer(spkac, encoding)),
+    );
+  }
+
+  static exportPublicKey(spkac: BinaryLike, encoding?: BufferEncoding): Buffer {
+    return Buffer.from(
+      getNative().exportPublicKey(toArrayBuffer(spkac, encoding)),
+    );
+  }
+
+  static verifySpkac(spkac: BinaryLike, encoding?: BufferEncoding): boolean {
+    return getNative().verifySpkac(toArrayBuffer(spkac, encoding));
+  }
+}

package/src/cipher.ts

@@ -28,18 +28,42 @@ export type CipherOptions =
   | CipherGCMOptions
   | TransformOptions;
 
+export interface CipherInfoResult {
+  name: string;
+  nid: number;
+  mode: string;
+  keyLength: number;
+  blockSize?: number;
+  ivLength?: number;
+}
+
 class CipherUtils {
   private static native =
     NitroModules.createHybridObject<NativeCipher>('Cipher');
   public static getSupportedCiphers(): string[] {
     return this.native.getSupportedCiphers();
   }
+  public static getCipherInfo(
+    name: string,
+    keyLength?: number,
+    ivLength?: number,
+  ): CipherInfoResult | undefined {
+    return this.native.getCipherInfo(name, keyLength, ivLength);
+  }
 }
 
 export function getCiphers(): string[] {
   return CipherUtils.getSupportedCiphers();
 }
 
+export function getCipherInfo(
+  name: string,
+  options?: { keyLength?: number; ivLength?: number },
+): CipherInfoResult | undefined {
+  if (typeof name !== 'string' || name.length === 0) return undefined;
+  return CipherUtils.getCipherInfo(name, options?.keyLength, options?.ivLength);
+}
+
 interface CipherArgs {
   isCipher: boolean;
   cipherType: string;

package/src/dhKeyPair.ts

@@ -0,0 +1,156 @@
+import { NitroModules } from 'react-native-nitro-modules';
+import { Buffer } from '@craftzdog/react-native-buffer';
+import { KeyObject, PublicKeyObject, PrivateKeyObject } from './keys';
+import type { DhKeyPair } from './specs/dhKeyPair.nitro';
+import type { GenerateKeyPairOptions, KeyPairGenConfig } from './utils/types';
+import { KFormatType, KeyEncoding } from './utils';
+import { DH_GROUPS } from './dh-groups';
+
+export class DhKeyPairGen {
+  native: DhKeyPair;
+
+  constructor(options: GenerateKeyPairOptions) {
+    this.native = NitroModules.createHybridObject<DhKeyPair>('DhKeyPair');
+
+    const { groupName, prime, primeLength, generator } = options;
+
+    if (groupName) {
+      // Resolve named group to prime + generator
+      const group = DH_GROUPS[groupName];
+      if (!group) {
+        throw new Error(`Unknown DH group: ${groupName}`);
+      }
+      const primeBuf = Buffer.from(group.prime, 'hex');
+      this.native.setPrime(
+        primeBuf.buffer.slice(
+          primeBuf.byteOffset,
+          primeBuf.byteOffset + primeBuf.byteLength,
+        ) as ArrayBuffer,
+      );
+      const gen = parseInt(group.generator, 16);
+      this.native.setGenerator(gen);
+    } else if (prime) {
+      // Custom prime as Buffer
+      const primeBuf = Buffer.from(prime);
+      this.native.setPrime(
+        primeBuf.buffer.slice(
+          primeBuf.byteOffset,
+          primeBuf.byteOffset + primeBuf.byteLength,
+        ) as ArrayBuffer,
+      );
+      this.native.setGenerator(generator ?? 2);
+    } else if (primeLength) {
+      this.native.setPrimeLength(primeLength);
+      this.native.setGenerator(generator ?? 2);
+    } else {
+      throw new Error(
+        'DH key generation requires one of: groupName, prime, or primeLength',
+      );
+    }
+  }
+
+  async generateKeyPair(): Promise<void> {
+    await this.native.generateKeyPair();
+  }
+
+  generateKeyPairSync(): void {
+    this.native.generateKeyPairSync();
+  }
+}
+
+function dh_prepareKeyGenParams(
+  options: GenerateKeyPairOptions | undefined,
+): DhKeyPairGen {
+  if (!options) {
+    throw new Error('Options are required for DH key generation');
+  }
+
+  return new DhKeyPairGen(options);
+}
+
+function dh_formatKeyPairOutput(
+  dh: DhKeyPairGen,
+  encoding: KeyPairGenConfig,
+): {
+  publicKey: PublicKeyObject | Buffer | string | ArrayBuffer;
+  privateKey: PrivateKeyObject | Buffer | string | ArrayBuffer;
+} {
+  const { publicFormat, privateFormat, cipher, passphrase } = encoding;
+
+  const publicKeyData = dh.native.getPublicKey();
+  const privateKeyData = dh.native.getPrivateKey();
+
+  const pub = KeyObject.createKeyObject(
+    'public',
+    publicKeyData,
+    KFormatType.DER,
+    KeyEncoding.SPKI,
+  ) as PublicKeyObject;
+
+  const priv = KeyObject.createKeyObject(
+    'private',
+    privateKeyData,
+    KFormatType.DER,
+    KeyEncoding.PKCS8,
+  ) as PrivateKeyObject;
+
+  let publicKey: PublicKeyObject | Buffer | string | ArrayBuffer;
+  let privateKey: PrivateKeyObject | Buffer | string | ArrayBuffer;
+
+  if (publicFormat === -1) {
+    publicKey = pub;
+  } else {
+    const format =
+      publicFormat === KFormatType.PEM ? KFormatType.PEM : KFormatType.DER;
+    const exported = pub.handle.exportKey(format, KeyEncoding.SPKI);
+    if (format === KFormatType.PEM) {
+      publicKey = Buffer.from(new Uint8Array(exported)).toString('utf-8');
+    } else {
+      publicKey = exported;
+    }
+  }
+
+  if (privateFormat === -1) {
+    privateKey = priv;
+  } else {
+    const format =
+      privateFormat === KFormatType.PEM ? KFormatType.PEM : KFormatType.DER;
+    const exported = priv.handle.exportKey(
+      format,
+      KeyEncoding.PKCS8,
+      cipher,
+      passphrase,
+    );
+    if (format === KFormatType.PEM) {
+      privateKey = Buffer.from(new Uint8Array(exported)).toString('utf-8');
+    } else {
+      privateKey = exported;
+    }
+  }
+
+  return { publicKey, privateKey };
+}
+
+export async function dh_generateKeyPairNode(
+  options: GenerateKeyPairOptions | undefined,
+  encoding: KeyPairGenConfig,
+): Promise<{
+  publicKey: PublicKeyObject | Buffer | string | ArrayBuffer;
+  privateKey: PrivateKeyObject | Buffer | string | ArrayBuffer;
+}> {
+  const dh = dh_prepareKeyGenParams(options);
+  await dh.generateKeyPair();
+  return dh_formatKeyPairOutput(dh, encoding);
+}
+
+export function dh_generateKeyPairNodeSync(
+  options: GenerateKeyPairOptions | undefined,
+  encoding: KeyPairGenConfig,
+): {
+  publicKey: PublicKeyObject | Buffer | string | ArrayBuffer;
+  privateKey: PrivateKeyObject | Buffer | string | ArrayBuffer;
+} {
+  const dh = dh_prepareKeyGenParams(options);
+  dh.generateKeyPairSync();
+  return dh_formatKeyPairOutput(dh, encoding);
+}

package/src/diffie-hellman.ts

@@ -111,6 +111,10 @@ export class DiffieHellman {
     }
     this._hybrid.setPrivateKey(keyBuf.buffer as ArrayBuffer);
   }
+
+  get verifyError(): number {
+    return this._hybrid.getVerifyError();
+  }
 }
 
 export function createDiffieHellman(
@@ -189,3 +193,5 @@ export function getDiffieHellman(groupName: string): DiffieHellman {
   // group.prime and group.generator are hex strings
   return new DiffieHellman(group.prime, group.generator, 'hex');
 }
+
+export { getDiffieHellman as createDiffieHellmanGroup };