npm - react-native-quick-crypto - Versions diffs - 1.0.9 → 1.0.11 - Mend

react-native-quick-crypto 1.0.9 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (292) hide show

package/QuickCrypto.podspec +9 -2
package/README.md +13 -9
package/android/CMakeLists.txt +13 -0
package/cpp/argon2/HybridArgon2.cpp +103 -0
package/cpp/argon2/HybridArgon2.hpp +32 -0
package/cpp/certificate/HybridCertificate.cpp +42 -0
package/cpp/certificate/HybridCertificate.hpp +16 -0
package/cpp/cipher/HybridCipher.cpp +58 -0
package/cpp/cipher/HybridCipher.hpp +4 -0
package/cpp/cipher/HybridCipherFactory.hpp +15 -1
package/cpp/cipher/OCBCipher.cpp +4 -4
package/cpp/cipher/XChaCha20Poly1305Cipher.cpp +161 -0
package/cpp/cipher/XChaCha20Poly1305Cipher.hpp +43 -0
package/cpp/cipher/XSalsa20Poly1305Cipher.cpp +145 -0
package/cpp/cipher/XSalsa20Poly1305Cipher.hpp +42 -0
package/cpp/dh/HybridDhKeyPair.cpp +179 -0
package/cpp/dh/HybridDhKeyPair.hpp +37 -0
package/cpp/dh/HybridDiffieHellman.cpp +10 -0
package/cpp/dh/HybridDiffieHellman.hpp +1 -0
package/cpp/dsa/HybridDsaKeyPair.cpp +128 -0
package/cpp/dsa/HybridDsaKeyPair.hpp +32 -0
package/cpp/ec/HybridEcKeyPair.cpp +21 -0
package/cpp/ec/HybridEcKeyPair.hpp +1 -0
package/cpp/ecdh/HybridECDH.cpp +35 -0
package/cpp/ecdh/HybridECDH.hpp +1 -0
package/cpp/hash/HybridHash.cpp +1 -1
package/cpp/hash/HybridHash.hpp +1 -1
package/cpp/hmac/HybridHmac.cpp +1 -1
package/cpp/hmac/HybridHmac.hpp +1 -1
package/cpp/keys/HybridKeyObjectHandle.cpp +131 -1
package/cpp/keys/HybridKeyObjectHandle.hpp +5 -1
package/cpp/prime/HybridPrime.cpp +81 -0
package/cpp/prime/HybridPrime.hpp +20 -0
package/deps/ncrypto/.bazelrc +0 -1
package/deps/ncrypto/.bazelversion +1 -1
package/deps/ncrypto/.github/workflows/commitlint.yml +16 -0
package/deps/ncrypto/.github/workflows/linter.yml +2 -2
package/deps/ncrypto/.github/workflows/release-please.yml +16 -0
package/deps/ncrypto/.github/workflows/ubuntu.yml +82 -0
package/deps/ncrypto/.release-please-manifest.json +3 -0
package/deps/ncrypto/BUILD.bazel +9 -1
package/deps/ncrypto/CHANGELOG.md +37 -0
package/deps/ncrypto/CMakeLists.txt +35 -11
package/deps/ncrypto/MODULE.bazel +16 -1
package/deps/ncrypto/MODULE.bazel.lock +299 -118
package/deps/ncrypto/cmake/ncrypto-flags.cmake +1 -0
package/deps/ncrypto/include/ncrypto/aead.h +137 -0
package/deps/ncrypto/include/ncrypto/version.h +14 -0
package/deps/ncrypto/include/ncrypto.h +85 -230
package/deps/ncrypto/ncrypto.pc.in +10 -0
package/deps/ncrypto/release-please-config.json +11 -0
package/deps/ncrypto/src/CMakeLists.txt +31 -6
package/deps/ncrypto/src/aead.cpp +302 -0
package/deps/ncrypto/src/ncrypto.cpp +274 -556
package/deps/ncrypto/tests/BUILD.bazel +2 -0
package/deps/ncrypto/tests/basic.cpp +772 -2
package/deps/ncrypto/tools/run-clang-format.sh +5 -5
package/lib/commonjs/argon2.js +39 -0
package/lib/commonjs/argon2.js.map +1 -0
package/lib/commonjs/certificate.js +35 -0
package/lib/commonjs/certificate.js.map +1 -0
package/lib/commonjs/cipher.js +8 -0
package/lib/commonjs/cipher.js.map +1 -1
package/lib/commonjs/dhKeyPair.js +109 -0
package/lib/commonjs/dhKeyPair.js.map +1 -0
package/lib/commonjs/diffie-hellman.js +4 -1
package/lib/commonjs/diffie-hellman.js.map +1 -1
package/lib/commonjs/dsa.js +92 -0
package/lib/commonjs/dsa.js.map +1 -0
package/lib/commonjs/ec.js +20 -25
package/lib/commonjs/ec.js.map +1 -1
package/lib/commonjs/ecdh.js +37 -0
package/lib/commonjs/ecdh.js.map +1 -1
package/lib/commonjs/ed.js +1 -2
package/lib/commonjs/ed.js.map +1 -1
package/lib/commonjs/hash.js +7 -0
package/lib/commonjs/hash.js.map +1 -1
package/lib/commonjs/index.js +46 -1
package/lib/commonjs/index.js.map +1 -1
package/lib/commonjs/keys/classes.js +18 -12
package/lib/commonjs/keys/classes.js.map +1 -1
package/lib/commonjs/keys/generateKeyPair.js +11 -0
package/lib/commonjs/keys/generateKeyPair.js.map +1 -1
package/lib/commonjs/prime.js +84 -0
package/lib/commonjs/prime.js.map +1 -0
package/lib/commonjs/specs/argon2.nitro.js +6 -0
package/lib/commonjs/specs/argon2.nitro.js.map +1 -0
package/lib/commonjs/specs/certificate.nitro.js +6 -0
package/lib/commonjs/specs/certificate.nitro.js.map +1 -0
package/lib/commonjs/specs/dhKeyPair.nitro.js +6 -0
package/lib/commonjs/specs/dhKeyPair.nitro.js.map +1 -0
package/lib/commonjs/specs/dsaKeyPair.nitro.js +6 -0
package/lib/commonjs/specs/dsaKeyPair.nitro.js.map +1 -0
package/lib/commonjs/specs/prime.nitro.js +6 -0
package/lib/commonjs/specs/prime.nitro.js.map +1 -0
package/lib/commonjs/subtle.js +181 -39
package/lib/commonjs/subtle.js.map +1 -1
package/lib/commonjs/utils/types.js.map +1 -1
package/lib/module/argon2.js +34 -0
package/lib/module/argon2.js.map +1 -0
package/lib/module/certificate.js +30 -0
package/lib/module/certificate.js.map +1 -0
package/lib/module/cipher.js +7 -0
package/lib/module/cipher.js.map +1 -1
package/lib/module/dhKeyPair.js +102 -0
package/lib/module/dhKeyPair.js.map +1 -0
package/lib/module/diffie-hellman.js +4 -0
package/lib/module/diffie-hellman.js.map +1 -1
package/lib/module/dsa.js +85 -0
package/lib/module/dsa.js.map +1 -0
package/lib/module/ec.js +19 -25
package/lib/module/ec.js.map +1 -1
package/lib/module/ecdh.js +37 -0
package/lib/module/ecdh.js.map +1 -1
package/lib/module/ed.js +1 -2
package/lib/module/ed.js.map +1 -1
package/lib/module/hash.js +6 -0
package/lib/module/hash.js.map +1 -1
package/lib/module/index.js +12 -0
package/lib/module/index.js.map +1 -1
package/lib/module/keys/classes.js +18 -12
package/lib/module/keys/classes.js.map +1 -1
package/lib/module/keys/generateKeyPair.js +11 -0
package/lib/module/keys/generateKeyPair.js.map +1 -1
package/lib/module/prime.js +77 -0
package/lib/module/prime.js.map +1 -0
package/lib/module/specs/argon2.nitro.js +4 -0
package/lib/module/specs/argon2.nitro.js.map +1 -0
package/lib/module/specs/certificate.nitro.js +4 -0
package/lib/module/specs/certificate.nitro.js.map +1 -0
package/lib/module/specs/dhKeyPair.nitro.js +4 -0
package/lib/module/specs/dhKeyPair.nitro.js.map +1 -0
package/lib/module/specs/dsaKeyPair.nitro.js +4 -0
package/lib/module/specs/dsaKeyPair.nitro.js.map +1 -0
package/lib/module/specs/prime.nitro.js +4 -0
package/lib/module/specs/prime.nitro.js.map +1 -0
package/lib/module/subtle.js +183 -42
package/lib/module/subtle.js.map +1 -1
package/lib/module/utils/types.js.map +1 -1
package/lib/tsconfig.tsbuildinfo +1 -1
package/lib/typescript/argon2.d.ts +16 -0
package/lib/typescript/argon2.d.ts.map +1 -0
package/lib/typescript/certificate.d.ts +8 -0
package/lib/typescript/certificate.d.ts.map +1 -0
package/lib/typescript/cipher.d.ts +12 -0
package/lib/typescript/cipher.d.ts.map +1 -1
package/lib/typescript/dhKeyPair.d.ts +19 -0
package/lib/typescript/dhKeyPair.d.ts.map +1 -0
package/lib/typescript/diffie-hellman.d.ts +2 -0
package/lib/typescript/diffie-hellman.d.ts.map +1 -1
package/lib/typescript/dsa.d.ts +19 -0
package/lib/typescript/dsa.d.ts.map +1 -0
package/lib/typescript/ec.d.ts +1 -0
package/lib/typescript/ec.d.ts.map +1 -1
package/lib/typescript/ecdh.d.ts +3 -0
package/lib/typescript/ecdh.d.ts.map +1 -1
package/lib/typescript/ed.d.ts.map +1 -1
package/lib/typescript/hash.d.ts +2 -0
package/lib/typescript/hash.d.ts.map +1 -1
package/lib/typescript/index.d.ts +22 -0
package/lib/typescript/index.d.ts.map +1 -1
package/lib/typescript/keys/classes.d.ts +4 -0
package/lib/typescript/keys/classes.d.ts.map +1 -1
package/lib/typescript/keys/generateKeyPair.d.ts.map +1 -1
package/lib/typescript/prime.d.ts +19 -0
package/lib/typescript/prime.d.ts.map +1 -0
package/lib/typescript/specs/argon2.nitro.d.ts +9 -0
package/lib/typescript/specs/argon2.nitro.d.ts.map +1 -0
package/lib/typescript/specs/certificate.nitro.d.ts +10 -0
package/lib/typescript/specs/certificate.nitro.d.ts.map +1 -0
package/lib/typescript/specs/cipher.nitro.d.ts +9 -0
package/lib/typescript/specs/cipher.nitro.d.ts.map +1 -1
package/lib/typescript/specs/dhKeyPair.nitro.d.ts +14 -0
package/lib/typescript/specs/dhKeyPair.nitro.d.ts.map +1 -0
package/lib/typescript/specs/diffie-hellman.nitro.d.ts +1 -0
package/lib/typescript/specs/diffie-hellman.nitro.d.ts.map +1 -1
package/lib/typescript/specs/dsaKeyPair.nitro.d.ts +13 -0
package/lib/typescript/specs/dsaKeyPair.nitro.d.ts.map +1 -0
package/lib/typescript/specs/ecKeyPair.nitro.d.ts +1 -0
package/lib/typescript/specs/ecKeyPair.nitro.d.ts.map +1 -1
package/lib/typescript/specs/ecdh.nitro.d.ts +1 -0
package/lib/typescript/specs/ecdh.nitro.d.ts.map +1 -1
package/lib/typescript/specs/keyObjectHandle.nitro.d.ts +2 -0
package/lib/typescript/specs/keyObjectHandle.nitro.d.ts.map +1 -1
package/lib/typescript/specs/prime.nitro.d.ts +11 -0
package/lib/typescript/specs/prime.nitro.d.ts.map +1 -0
package/lib/typescript/subtle.d.ts +2 -0
package/lib/typescript/subtle.d.ts.map +1 -1
package/lib/typescript/utils/types.d.ts +24 -7
package/lib/typescript/utils/types.d.ts.map +1 -1
package/nitrogen/generated/android/QuickCrypto+autolinking.cmake +13 -5
package/nitrogen/generated/android/QuickCrypto+autolinking.gradle +1 -1
package/nitrogen/generated/android/QuickCryptoOnLoad.cpp +104 -54
package/nitrogen/generated/android/QuickCryptoOnLoad.hpp +1 -1
package/nitrogen/generated/android/kotlin/com/margelo/nitro/crypto/QuickCryptoOnLoad.kt +1 -1
package/nitrogen/generated/ios/QuickCrypto+autolinking.rb +2 -2
package/nitrogen/generated/ios/QuickCrypto-Swift-Cxx-Bridge.cpp +1 -1
package/nitrogen/generated/ios/QuickCrypto-Swift-Cxx-Bridge.hpp +1 -1
package/nitrogen/generated/ios/QuickCrypto-Swift-Cxx-Umbrella.hpp +1 -1
package/nitrogen/generated/ios/QuickCryptoAutolinking.mm +104 -54
package/nitrogen/generated/ios/QuickCryptoAutolinking.swift +5 -1
package/nitrogen/generated/shared/c++/AsymmetricKeyType.hpp +1 -1
package/nitrogen/generated/shared/c++/CipherArgs.hpp +34 -19
package/nitrogen/generated/shared/c++/CipherInfo.hpp +104 -0
package/nitrogen/generated/shared/c++/HybridArgon2Spec.cpp +22 -0
package/nitrogen/generated/shared/c++/HybridArgon2Spec.hpp +66 -0
package/nitrogen/generated/shared/c++/HybridBlake3Spec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridBlake3Spec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridCertificateSpec.cpp +23 -0
package/nitrogen/generated/shared/c++/HybridCertificateSpec.hpp +64 -0
package/nitrogen/generated/shared/c++/HybridCipherFactorySpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridCipherFactorySpec.hpp +1 -1
package/nitrogen/generated/shared/c++/HybridCipherSpec.cpp +2 -1
package/nitrogen/generated/shared/c++/HybridCipherSpec.hpp +5 -3
package/nitrogen/generated/shared/c++/HybridDhKeyPairSpec.cpp +27 -0
package/nitrogen/generated/shared/c++/HybridDhKeyPairSpec.hpp +69 -0
package/nitrogen/generated/shared/c++/HybridDiffieHellmanSpec.cpp +2 -1
package/nitrogen/generated/shared/c++/HybridDiffieHellmanSpec.hpp +3 -3
package/nitrogen/generated/shared/c++/HybridDsaKeyPairSpec.cpp +26 -0
package/nitrogen/generated/shared/c++/HybridDsaKeyPairSpec.hpp +68 -0
package/nitrogen/generated/shared/c++/HybridECDHSpec.cpp +2 -1
package/nitrogen/generated/shared/c++/HybridECDHSpec.hpp +3 -3
package/nitrogen/generated/shared/c++/HybridEcKeyPairSpec.cpp +2 -1
package/nitrogen/generated/shared/c++/HybridEcKeyPairSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridEdKeyPairSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridEdKeyPairSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridHashSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridHashSpec.hpp +2 -4
package/nitrogen/generated/shared/c++/HybridHkdfSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridHkdfSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridHmacSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridHmacSpec.hpp +3 -4
package/nitrogen/generated/shared/c++/HybridKeyObjectHandleSpec.cpp +3 -1
package/nitrogen/generated/shared/c++/HybridKeyObjectHandleSpec.hpp +8 -4
package/nitrogen/generated/shared/c++/HybridMlDsaKeyPairSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridMlDsaKeyPairSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridPbkdf2Spec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridPbkdf2Spec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridPrimeSpec.cpp +24 -0
package/nitrogen/generated/shared/c++/HybridPrimeSpec.hpp +67 -0
package/nitrogen/generated/shared/c++/HybridRandomSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridRandomSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridRsaCipherSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridRsaCipherSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridRsaKeyPairSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridRsaKeyPairSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridScryptSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridScryptSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridSignHandleSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridSignHandleSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridUtilsSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridUtilsSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridVerifyHandleSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridVerifyHandleSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/JWK.hpp +84 -68
package/nitrogen/generated/shared/c++/JWKkty.hpp +5 -1
package/nitrogen/generated/shared/c++/JWKuse.hpp +1 -1
package/nitrogen/generated/shared/c++/KFormatType.hpp +1 -1
package/nitrogen/generated/shared/c++/KeyDetail.hpp +39 -23
package/nitrogen/generated/shared/c++/KeyEncoding.hpp +1 -1
package/nitrogen/generated/shared/c++/KeyObject.hpp +21 -5
package/nitrogen/generated/shared/c++/KeyType.hpp +1 -1
package/nitrogen/generated/shared/c++/KeyUsage.hpp +1 -1
package/nitrogen/generated/shared/c++/NamedCurve.hpp +1 -1
package/package.json +1 -1
package/src/argon2.ts +83 -0
package/src/certificate.ts +41 -0
package/src/cipher.ts +24 -0
package/src/dhKeyPair.ts +156 -0
package/src/diffie-hellman.ts +6 -0
package/src/dsa.ts +129 -0
package/src/ec.ts +23 -19
package/src/ecdh.ts +59 -0
package/src/ed.ts +1 -2
package/src/hash.ts +11 -0
package/src/index.ts +12 -0
package/src/keys/classes.ts +26 -8
package/src/keys/generateKeyPair.ts +14 -0
package/src/prime.ts +134 -0
package/src/specs/argon2.nitro.ts +29 -0
package/src/specs/certificate.nitro.ts +8 -0
package/src/specs/cipher.nitro.ts +14 -0
package/src/specs/dhKeyPair.nitro.ts +14 -0
package/src/specs/diffie-hellman.nitro.ts +1 -0
package/src/specs/dsaKeyPair.nitro.ts +13 -0
package/src/specs/ecKeyPair.nitro.ts +2 -0
package/src/specs/ecdh.nitro.ts +1 -0
package/src/specs/keyObjectHandle.nitro.ts +2 -0
package/src/specs/prime.nitro.ts +18 -0
package/src/subtle.ts +400 -42
package/src/utils/types.ts +39 -5
package/deps/ncrypto/WORKSPACE +0 -15

package/src/subtle.ts CHANGED Viewed

@@ -14,10 +14,11 @@ import type {
   AesCtrParams,
   AesCbcParams,
   AesGcmParams,
+  AesOcbParams,
   RsaOaepParams,
   ChaCha20Poly1305Params,
 } from './utils';
-import { KFormatType, KeyEncoding } from './utils';
+import { KFormatType, KeyEncoding, KeyType } from './utils';
 import {
   CryptoKey,
   KeyObject,
@@ -27,11 +28,12 @@ import {
 } from './keys';
 import type { CryptoKeyPair } from './utils/types';
 import { bufferLikeToArrayBuffer } from './utils/conversion';
+import { argon2Sync } from './argon2';
 import { lazyDOMException } from './utils/errors';
 import { normalizeHashName, HashContext } from './utils/hashnames';
 import { validateMaxBufferLength } from './utils/validation';
 import { asyncDigest } from './hash';
-import { createSecretKey } from './keys';
+import { createSecretKey, createPublicKey } from './keys';
 import { NitroModules } from 'react-native-nitro-modules';
 import type { KeyObjectHandle } from './specs/keyObjectHandle.nitro';
 import type { RsaCipher } from './specs/rsaCipher.nitro';
@@ -55,12 +57,6 @@ import {
 } from './ed';
 import { mldsa_generateKeyPairWebCrypto, type MlDsaVariant } from './mldsa';
 import { hkdfDeriveBits, type HkdfAlgorithm } from './hkdf';
-// import { pbkdf2DeriveBits } from './pbkdf2';
-// import { aesCipher, aesGenerateKey, aesImportKey, getAlgorithmName } from './aes';
-// import { rsaCipher, rsaExportKey, rsaImportKey, rsaKeyGenerate } from './rsa';
-// import { normalizeAlgorithm, type Operation } from './algorithms';
-// import { hmacImportKey } from './mac';
 // Temporary enums that need to be defined
 enum KWebCryptoKeyFormat {
@@ -90,19 +86,34 @@ function normalizeAlgorithm(
 }
 function getAlgorithmName(name: string, length: number): string {
-  return `${name}${length}`;
+  switch (name) {
+    case 'AES-CBC':
+      return `A${length}CBC`;
+    case 'AES-CTR':
+      return `A${length}CTR`;
+    case 'AES-GCM':
+      return `A${length}GCM`;
+    case 'AES-KW':
+      return `A${length}KW`;
+    case 'AES-OCB':
+      return `A${length}OCB`;
+    case 'ChaCha20-Poly1305':
+      return 'C20P';
+    default:
+      return `${name}${length}`;
+  }
 }
 // Placeholder implementations for missing functions
 function ecExportKey(key: CryptoKey, format: KWebCryptoKeyFormat): ArrayBuffer {
   const keyObject = key.keyObject;
-  if (format === KWebCryptoKeyFormat.kWebCryptoKeyFormatSPKI) {
-    // Export public key in SPKI format
+  if (format === KWebCryptoKeyFormat.kWebCryptoKeyFormatRaw) {
+    return bufferLikeToArrayBuffer(keyObject.handle.exportKey());
+  } else if (format === KWebCryptoKeyFormat.kWebCryptoKeyFormatSPKI) {
     const exported = keyObject.export({ format: 'der', type: 'spki' });
     return bufferLikeToArrayBuffer(exported);
   } else if (format === KWebCryptoKeyFormat.kWebCryptoKeyFormatPKCS8) {
-    // Export private key in PKCS8 format
     const exported = keyObject.export({ format: 'der', type: 'pkcs8' });
     return bufferLikeToArrayBuffer(exported);
   } else {
@@ -198,6 +209,8 @@ async function aesCipher(
       return aesCbcCipher(mode, key, data, algorithm as AesCbcParams);
     case 'AES-GCM':
       return aesGcmCipher(mode, key, data, algorithm as AesGcmParams);
+    case 'AES-OCB':
+      return aesOcbCipher(mode, key, data, algorithm as AesOcbParams);
     default:
       throw lazyDOMException(
         `Unsupported AES algorithm: ${name}`,
@@ -294,45 +307,45 @@ async function aesCbcCipher(
   return result.buffer;
 }
-async function aesGcmCipher(
+interface AeadCipherConfig {
+  algorithmName: string;
+  validTagLengths: number[];
+  cipherSuffix: string;
+  iv: ArrayBuffer;
+}
+async function aesAeadCipher(
   mode: CipherOrWrapMode,
   key: CryptoKey,
   data: ArrayBuffer,
-  algorithm: AesGcmParams,
+  config: AeadCipherConfig,
+  additionalData?: BufferLike,
+  tagLength: number = 128,
 ): Promise<ArrayBuffer> {
-  const { tagLength = 128 } = algorithm;
-  // Validate tag length
-  const validTagLengths = [32, 64, 96, 104, 112, 120, 128];
-  if (!validTagLengths.includes(tagLength)) {
+  if (!config.validTagLengths.includes(tagLength)) {
     throw lazyDOMException(
-      `${tagLength} is not a valid AES-GCM tag length`,
+      `${tagLength} is not a valid ${config.algorithmName} tag length`,
       'OperationError',
     );
   }
   const tagByteLength = tagLength / 8;
-  // Get cipher type based on key length
   const keyLength = (key.algorithm as { length: number }).length;
-  const cipherType = `aes-${keyLength}-gcm`;
+  const cipherType = `aes-${keyLength}-${config.cipherSuffix}`;
-  // Create cipher
   const factory =
     NitroModules.createHybridObject<CipherFactory>('CipherFactory');
   const cipher = factory.createCipher({
     isCipher: mode === CipherOrWrapMode.kWebCryptoCipherEncrypt,
     cipherType,
     cipherKey: bufferLikeToArrayBuffer(key.keyObject.export()),
-    iv: bufferLikeToArrayBuffer(algorithm.iv),
+    iv: config.iv,
     authTagLen: tagByteLength,
   });
   let processData: ArrayBuffer;
-  let authTag: ArrayBuffer | undefined;
   if (mode === CipherOrWrapMode.kWebCryptoCipherDecrypt) {
-    // For decryption, extract auth tag from end of data
     const dataView = new Uint8Array(data);
     if (dataView.byteLength < tagByteLength) {
@@ -342,28 +355,22 @@ async function aesGcmCipher(
       );
     }
-    // Split data and tag
     const ciphertextLength = dataView.byteLength - tagByteLength;
     processData = dataView.slice(0, ciphertextLength).buffer;
-    authTag = dataView.slice(ciphertextLength).buffer;
-    // Set auth tag for verification
+    const authTag = dataView.slice(ciphertextLength).buffer;
     cipher.setAuthTag(authTag);
   } else {
     processData = data;
   }
-  // Set additional authenticated data if provided
-  if (algorithm.additionalData) {
-    cipher.setAAD(bufferLikeToArrayBuffer(algorithm.additionalData));
+  if (additionalData) {
+    cipher.setAAD(bufferLikeToArrayBuffer(additionalData));
   }
-  // Process data
   const updated = cipher.update(processData);
   const final = cipher.final();
   if (mode === CipherOrWrapMode.kWebCryptoCipherEncrypt) {
-    // For encryption, append auth tag to result
     const tag = cipher.getAuthTag();
     const result = new Uint8Array(
       updated.byteLength + final.byteLength + tag.byteLength,
@@ -373,7 +380,6 @@ async function aesGcmCipher(
     result.set(new Uint8Array(tag), updated.byteLength + final.byteLength);
     return result.buffer;
   } else {
-    // For decryption, just concatenate plaintext
     const result = new Uint8Array(updated.byteLength + final.byteLength);
     result.set(new Uint8Array(updated), 0);
     result.set(new Uint8Array(final), updated.byteLength);
@@ -381,6 +387,56 @@ async function aesGcmCipher(
   }
 }
+async function aesGcmCipher(
+  mode: CipherOrWrapMode,
+  key: CryptoKey,
+  data: ArrayBuffer,
+  algorithm: AesGcmParams,
+): Promise<ArrayBuffer> {
+  return aesAeadCipher(
+    mode,
+    key,
+    data,
+    {
+      algorithmName: 'AES-GCM',
+      validTagLengths: [32, 64, 96, 104, 112, 120, 128],
+      cipherSuffix: 'gcm',
+      iv: bufferLikeToArrayBuffer(algorithm.iv),
+    },
+    algorithm.additionalData,
+    algorithm.tagLength,
+  );
+}
+async function aesOcbCipher(
+  mode: CipherOrWrapMode,
+  key: CryptoKey,
+  data: ArrayBuffer,
+  algorithm: AesOcbParams,
+): Promise<ArrayBuffer> {
+  const ivBuffer = bufferLikeToArrayBuffer(algorithm.iv);
+  if (ivBuffer.byteLength < 1 || ivBuffer.byteLength > 15) {
+    throw lazyDOMException(
+      'AES-OCB algorithm.iv must be between 1 and 15 bytes',
+      'OperationError',
+    );
+  }
+  return aesAeadCipher(
+    mode,
+    key,
+    data,
+    {
+      algorithmName: 'AES-OCB',
+      validTagLengths: [64, 96, 128],
+      cipherSuffix: 'ocb',
+      iv: ivBuffer,
+    },
+    algorithm.additionalData,
+    algorithm.tagLength,
+  );
+}
 async function aesKwCipher(
   mode: CipherOrWrapMode,
   key: CryptoKey,
@@ -891,7 +947,7 @@ async function aesImportKey(
 function edImportKey(
   format: ImportFormat,
-  data: BufferLike,
+  data: BufferLike | JWK,
   algorithm: SubtleAlgorithm,
   extractable: boolean,
   keyUsages: KeyUsage[],
@@ -915,7 +971,7 @@ function edImportKey(
   if (format === 'spki') {
     // Import public key
-    const keyData = bufferLikeToArrayBuffer(data);
+    const keyData = bufferLikeToArrayBuffer(data as BufferLike);
     keyObject = KeyObject.createKeyObject(
       'public',
       keyData,
@@ -924,7 +980,7 @@ function edImportKey(
     );
   } else if (format === 'pkcs8') {
     // Import private key
-    const keyData = bufferLikeToArrayBuffer(data);
+    const keyData = bufferLikeToArrayBuffer(data as BufferLike);
     keyObject = KeyObject.createKeyObject(
       'private',
       keyData,
@@ -933,13 +989,26 @@ function edImportKey(
     );
   } else if (format === 'raw') {
     // Raw format - public key only for Ed keys
-    const keyData = bufferLikeToArrayBuffer(data);
+    const keyData = bufferLikeToArrayBuffer(data as BufferLike);
     const handle =
       NitroModules.createHybridObject<KeyObjectHandle>('KeyObjectHandle');
     // For raw Ed keys, we need to create them differently
     // Raw public keys are just the key bytes
     handle.init(1, keyData); // 1 = public key type
     keyObject = new PublicKeyObject(handle);
+  } else if (format === 'jwk') {
+    const jwkData = data as JWK;
+    const handle =
+      NitroModules.createHybridObject<KeyObjectHandle>('KeyObjectHandle');
+    const keyType = handle.initJwk(jwkData);
+    if (keyType === undefined) {
+      throw lazyDOMException('Invalid JWK data', 'DataError');
+    }
+    if (keyType === KeyType.PRIVATE) {
+      keyObject = new PrivateKeyObject(handle);
+    } else {
+      keyObject = new PublicKeyObject(handle);
+    }
   } else {
     throw lazyDOMException(
       `Unsupported format for ${name} import: ${format}`,
@@ -1133,6 +1202,8 @@ const exportKeyRaw = (key: CryptoKey): ArrayBuffer | unknown => {
     // Fall through
     case 'AES-KW':
     // Fall through
+    case 'AES-OCB':
+    // Fall through
     case 'ChaCha20-Poly1305':
     // Fall through
     case 'HMAC': {
@@ -1177,6 +1248,14 @@ const exportKeyJWK = (key: CryptoKey): ArrayBuffer | unknown => {
     case 'ECDH':
       jwk.crv ||= key.algorithm.namedCurve;
       return jwk;
+    case 'Ed25519':
+    // Fall through
+    case 'Ed448':
+    // Fall through
+    case 'X25519':
+    // Fall through
+    case 'X448':
+      return jwk;
     case 'AES-CTR':
     // Fall through
     case 'AES-CBC':
@@ -1185,6 +1264,8 @@ const exportKeyJWK = (key: CryptoKey): ArrayBuffer | unknown => {
     // Fall through
     case 'AES-KW':
     // Fall through
+    case 'AES-OCB':
+    // Fall through
     case 'ChaCha20-Poly1305':
       if (key.algorithm.length === undefined) {
         throw lazyDOMException(
@@ -1278,6 +1359,45 @@ const checkCryptoKeyPairUsages = (pair: CryptoKeyPair) => {
   );
 };
+function argon2DeriveBits(
+  algorithm: SubtleAlgorithm,
+  baseKey: CryptoKey,
+  length: number,
+): ArrayBuffer {
+  if (length === 0 || length % 8 !== 0) {
+    throw lazyDOMException(
+      'Invalid Argon2 derived key length',
+      'OperationError',
+    );
+  }
+  if (length < 32) {
+    throw lazyDOMException(
+      'Argon2 derived key length must be at least 32 bits',
+      'OperationError',
+    );
+  }
+  const { nonce, parallelism, memory, passes, secretValue, associatedData } =
+    algorithm;
+  const tagLength = length / 8;
+  const message = baseKey.keyObject.export();
+  const algName = algorithm.name.toLowerCase();
+  const result = argon2Sync(algName, {
+    message,
+    nonce: nonce ?? new Uint8Array(0),
+    parallelism: parallelism ?? 1,
+    tagLength,
+    memory: memory ?? 65536,
+    passes: passes ?? 3,
+    secret: secretValue,
+    associatedData,
+    version: algorithm.version,
+  });
+  return bufferLikeToArrayBuffer(result);
+}
 // Type guard to check if result is CryptoKeyPair
 export function isCryptoKeyPair(
   result: CryptoKey | CryptoKeyPair,
@@ -1503,6 +1623,8 @@ const cipherOrWrap = async (
     case 'AES-CBC':
     // Fall through
     case 'AES-GCM':
+    // Fall through
+    case 'AES-OCB':
       return aesCipher(mode, key, data, algorithm);
     case 'AES-KW':
       return aesKwCipher(mode, key, data);
@@ -1516,7 +1638,205 @@ const cipherOrWrap = async (
   }
 };
+const SUPPORTED_ALGORITHMS: Record<string, Set<string>> = {
+  encrypt: new Set([
+    'RSA-OAEP',
+    'AES-CTR',
+    'AES-CBC',
+    'AES-GCM',
+    'AES-OCB',
+    'ChaCha20-Poly1305',
+  ]),
+  decrypt: new Set([
+    'RSA-OAEP',
+    'AES-CTR',
+    'AES-CBC',
+    'AES-GCM',
+    'AES-OCB',
+    'ChaCha20-Poly1305',
+  ]),
+  sign: new Set([
+    'RSASSA-PKCS1-v1_5',
+    'RSA-PSS',
+    'ECDSA',
+    'HMAC',
+    'Ed25519',
+    'Ed448',
+    'ML-DSA-44',
+    'ML-DSA-65',
+    'ML-DSA-87',
+  ]),
+  verify: new Set([
+    'RSASSA-PKCS1-v1_5',
+    'RSA-PSS',
+    'ECDSA',
+    'HMAC',
+    'Ed25519',
+    'Ed448',
+    'ML-DSA-44',
+    'ML-DSA-65',
+    'ML-DSA-87',
+  ]),
+  digest: new Set(['SHA-1', 'SHA-256', 'SHA-384', 'SHA-512']),
+  generateKey: new Set([
+    'RSASSA-PKCS1-v1_5',
+    'RSA-PSS',
+    'RSA-OAEP',
+    'ECDSA',
+    'ECDH',
+    'Ed25519',
+    'Ed448',
+    'X25519',
+    'X448',
+    'AES-CTR',
+    'AES-CBC',
+    'AES-GCM',
+    'AES-KW',
+    'AES-OCB',
+    'ChaCha20-Poly1305',
+    'HMAC',
+    'ML-DSA-44',
+    'ML-DSA-65',
+    'ML-DSA-87',
+  ]),
+  importKey: new Set([
+    'RSASSA-PKCS1-v1_5',
+    'RSA-PSS',
+    'RSA-OAEP',
+    'ECDSA',
+    'ECDH',
+    'Ed25519',
+    'Ed448',
+    'X25519',
+    'X448',
+    'AES-CTR',
+    'AES-CBC',
+    'AES-GCM',
+    'AES-KW',
+    'AES-OCB',
+    'ChaCha20-Poly1305',
+    'HMAC',
+    'HKDF',
+    'PBKDF2',
+    'Argon2d',
+    'Argon2i',
+    'Argon2id',
+    'ML-DSA-44',
+    'ML-DSA-65',
+    'ML-DSA-87',
+  ]),
+  exportKey: new Set([
+    'RSASSA-PKCS1-v1_5',
+    'RSA-PSS',
+    'RSA-OAEP',
+    'ECDSA',
+    'ECDH',
+    'Ed25519',
+    'Ed448',
+    'X25519',
+    'X448',
+    'AES-CTR',
+    'AES-CBC',
+    'AES-GCM',
+    'AES-KW',
+    'AES-OCB',
+    'ChaCha20-Poly1305',
+    'HMAC',
+    'ML-DSA-44',
+    'ML-DSA-65',
+    'ML-DSA-87',
+  ]),
+  deriveBits: new Set([
+    'PBKDF2',
+    'HKDF',
+    'ECDH',
+    'X25519',
+    'X448',
+    'Argon2d',
+    'Argon2i',
+    'Argon2id',
+  ]),
+  wrapKey: new Set([
+    'AES-CTR',
+    'AES-CBC',
+    'AES-GCM',
+    'AES-KW',
+    'AES-OCB',
+    'ChaCha20-Poly1305',
+    'RSA-OAEP',
+  ]),
+  unwrapKey: new Set([
+    'AES-CTR',
+    'AES-CBC',
+    'AES-GCM',
+    'AES-KW',
+    'AES-OCB',
+    'ChaCha20-Poly1305',
+    'RSA-OAEP',
+  ]),
+};
+const ASYMMETRIC_ALGORITHMS = new Set([
+  'RSASSA-PKCS1-v1_5',
+  'RSA-PSS',
+  'RSA-OAEP',
+  'ECDSA',
+  'ECDH',
+  'Ed25519',
+  'Ed448',
+  'X25519',
+  'X448',
+  'ML-DSA-44',
+  'ML-DSA-65',
+  'ML-DSA-87',
+]);
 export class Subtle {
+  static supports(
+    operation: string,
+    algorithm: SubtleAlgorithm | AnyAlgorithm,
+    _lengthOrAdditionalAlgorithm?: unknown,
+  ): boolean {
+    let normalizedAlgorithm: SubtleAlgorithm;
+    try {
+      normalizedAlgorithm = normalizeAlgorithm(
+        algorithm,
+        (operation === 'getPublicKey' ? 'exportKey' : operation) as Operation,
+      );
+    } catch {
+      return false;
+    }
+    const name = normalizedAlgorithm.name;
+    if (operation === 'getPublicKey') {
+      return ASYMMETRIC_ALGORITHMS.has(name);
+    }
+    if (operation === 'deriveKey') {
+      // deriveKey decomposes to deriveBits + importKey of additional algorithm
+      if (!SUPPORTED_ALGORITHMS.deriveBits?.has(name)) return false;
+      if (_lengthOrAdditionalAlgorithm != null) {
+        try {
+          const additionalAlg = normalizeAlgorithm(
+            _lengthOrAdditionalAlgorithm as SubtleAlgorithm | AnyAlgorithm,
+            'importKey',
+          );
+          return (
+            SUPPORTED_ALGORITHMS.importKey?.has(additionalAlg.name) ?? false
+          );
+        } catch {
+          return false;
+        }
+      }
+      return true;
+    }
+    const supported = SUPPORTED_ALGORITHMS[operation];
+    if (!supported) return false;
+    return supported.has(name);
+  }
   async decrypt(
     algorithm: EncryptDecryptParams,
     key: CryptoKey,
@@ -1572,6 +1892,10 @@ export class Subtle {
           baseKey,
           length,
         );
+      case 'Argon2d':
+      case 'Argon2i':
+      case 'Argon2id':
+        return argon2DeriveBits(algorithm, baseKey, length);
     }
     throw new Error(
       `'subtle.deriveBits()' for ${algorithm.name} is not implemented.`,
@@ -1613,6 +1937,9 @@ export class Subtle {
       case 'X448':
         derivedBits = await xDeriveBits(algorithm, baseKey, length);
         break;
+      case 'ECDH':
+        derivedBits = await ecDeriveBits(algorithm, baseKey, length);
+        break;
       case 'HKDF':
         derivedBits = hkdfDeriveBits(
           algorithm as unknown as HkdfAlgorithm,
@@ -1620,6 +1947,11 @@ export class Subtle {
           length,
         );
         break;
+      case 'Argon2d':
+      case 'Argon2i':
+      case 'Argon2id':
+        derivedBits = argon2DeriveBits(algorithm, baseKey, length);
+        break;
       default:
         throw new Error(
           `'subtle.deriveKey()' for ${algorithm.name} is not implemented.`,
@@ -1657,6 +1989,8 @@ export class Subtle {
   ): Promise<ArrayBuffer | JWK> {
     if (!key.extractable) throw new Error('key is not extractable');
+    if (format === 'raw-secret' || format === 'raw-public') format = 'raw';
     switch (format) {
       case 'spki':
         return (await exportKeySpki(key)) as ArrayBuffer;
@@ -1811,6 +2145,8 @@ export class Subtle {
       case 'AES-GCM':
       // Fall through
       case 'AES-KW':
+      // Fall through
+      case 'AES-OCB':
         result = await aesGenerateKey(
           algorithm as AesKeyGenParams,
           extractable,
@@ -1882,6 +2218,21 @@ export class Subtle {
     return result;
   }
+  async getPublicKey(
+    key: CryptoKey,
+    keyUsages: KeyUsage[],
+  ): Promise<CryptoKey> {
+    if (key.type === 'secret') {
+      throw lazyDOMException('key must be a private key', 'NotSupportedError');
+    }
+    if (key.type !== 'private') {
+      throw lazyDOMException('key must be a private key', 'InvalidAccessError');
+    }
+    const publicKeyObject = createPublicKey(key.keyObject);
+    return publicKeyObject.toCryptoKey(key.algorithm, true, keyUsages);
+  }
   async importKey(
     format: ImportFormat,
     data: BufferLike | BinaryLike | JWK,
@@ -1889,6 +2240,7 @@ export class Subtle {
     extractable: boolean,
     keyUsages: KeyUsage[],
   ): Promise<CryptoKey> {
+    if (format === 'raw-secret' || format === 'raw-public') format = 'raw';
     const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'importKey');
     let result: CryptoKey;
     switch (normalizedAlgorithm.name) {
@@ -1933,6 +2285,8 @@ export class Subtle {
       // Fall through
       case 'AES-KW':
       // Fall through
+      case 'AES-OCB':
+      // Fall through
       case 'ChaCha20-Poly1305':
         result = await aesImportKey(
           normalizedAlgorithm,
@@ -1943,6 +2297,9 @@ export class Subtle {
         );
         break;
       case 'PBKDF2':
+      case 'Argon2d':
+      case 'Argon2i':
+      case 'Argon2id':
         result = await importGenericSecretKey(
           normalizedAlgorithm,
           format,
@@ -1969,7 +2326,7 @@ export class Subtle {
       case 'Ed448':
         result = edImportKey(
           format,
-          data as BufferLike,
+          data as BufferLike | JWK,
           normalizedAlgorithm,
           extractable,
           keyUsages,
@@ -2121,6 +2478,7 @@ function getKeyLength(algorithm: SubtleAlgorithm): number {
     case 'AES-CBC':
     case 'AES-GCM':
     case 'AES-KW':
+    case 'AES-OCB':
     case 'ChaCha20-Poly1305':
       return (algorithm as AesKeyGenParams).length || 256;