react-native-quick-crypto 1.1.0 → 1.1.2

package/cpp/sign/HybridSignHandle.cpp

@@ -58,15 +58,13 @@ void HybridSignHandle::update(const std::shared_ptr<ArrayBuffer>& data) {
     throw std::runtime_error("Sign not initialized");
   }
 
-  auto native_data = ToNativeArrayBuffer(data);
-
   // Accumulate raw data for potential one-shot signing (Ed25519/Ed448/ML-DSA)
-  const uint8_t* ptr = reinterpret_cast<const uint8_t*>(native_data->data());
-  data_buffer.insert(data_buffer.end(), ptr, ptr + native_data->size());
+  const uint8_t* ptr = reinterpret_cast<const uint8_t*>(data->data());
+  data_buffer.insert(data_buffer.end(), ptr, ptr + data->size());
 
   // Only update digest if we have one (not needed for pure signature schemes)
   if (md != nullptr) {
-    if (EVP_DigestUpdate(md_ctx, native_data->data(), native_data->size()) <= 0) {
+    if (EVP_DigestUpdate(md_ctx, data->data(), data->size()) <= 0) {
       unsigned long err = ERR_get_error();
       char err_buf[256];
       ERR_error_string_n(err, err_buf, sizeof(err_buf));
@@ -75,47 +73,45 @@ void HybridSignHandle::update(const std::shared_ptr<ArrayBuffer>& data) {
   }
 }
 
-// Check if key type requires one-shot signing (Ed25519, Ed448, ML-DSA)
+// Check if key type requires one-shot signing (Ed25519, Ed448, ML-DSA, SLH-DSA)
 static bool isOneShotVariant(EVP_PKEY* pkey) {
   int type = EVP_PKEY_id(pkey);
-#if RNQC_HAS_ML_DSA
-  return type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448 || type == EVP_PKEY_ML_DSA_44 || type == EVP_PKEY_ML_DSA_65 ||
-         type == EVP_PKEY_ML_DSA_87;
-#else
-  return type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448;
-#endif
-}
-
-// Get the algorithm name for creating PKEY_CTX (for ML-DSA variants)
-static const char* getAlgorithmName(EVP_PKEY* pkey) {
-  int type = EVP_PKEY_id(pkey);
 #if RNQC_HAS_ML_DSA
   switch (type) {
+    case EVP_PKEY_ED25519:
+    case EVP_PKEY_ED448:
     case EVP_PKEY_ML_DSA_44:
-      return "ML-DSA-44";
     case EVP_PKEY_ML_DSA_65:
-      return "ML-DSA-65";
     case EVP_PKEY_ML_DSA_87:
-      return "ML-DSA-87";
-    case EVP_PKEY_ED25519:
-      return "ED25519";
-    case EVP_PKEY_ED448:
-      return "ED448";
+    case EVP_PKEY_SLH_DSA_SHA2_128S:
+    case EVP_PKEY_SLH_DSA_SHA2_128F:
+    case EVP_PKEY_SLH_DSA_SHA2_192S:
+    case EVP_PKEY_SLH_DSA_SHA2_192F:
+    case EVP_PKEY_SLH_DSA_SHA2_256S:
+    case EVP_PKEY_SLH_DSA_SHA2_256F:
+    case EVP_PKEY_SLH_DSA_SHAKE_128S:
+    case EVP_PKEY_SLH_DSA_SHAKE_128F:
+    case EVP_PKEY_SLH_DSA_SHAKE_192S:
+    case EVP_PKEY_SLH_DSA_SHAKE_192F:
+    case EVP_PKEY_SLH_DSA_SHAKE_256S:
+    case EVP_PKEY_SLH_DSA_SHAKE_256F:
+      return true;
     default:
-      return nullptr;
+      return false;
   }
 #else
-  switch (type) {
-    case EVP_PKEY_ED25519:
-      return "ED25519";
-    case EVP_PKEY_ED448:
-      return "ED448";
-    default:
-      return nullptr;
-  }
+  return type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448;
 #endif
 }
 
+// RAII owners for short-lived OpenSSL handles used in this method. EVP_MD_CTX
+// transitively owns its EVP_PKEY_CTX after a successful EVP_DigestSignInit, so
+// we deliberately rely on EVP_MD_CTX_free to clean both up; the standalone
+// EvpPkeyCtxPtr alias is kept only for the RSA/ECDSA branch, where we
+// allocate the PKEY_CTX directly via EVP_PKEY_CTX_new.
+using EvpMdCtxPtr = std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_free)>;
+using EvpPkeyCtxPtr = std::unique_ptr<EVP_PKEY_CTX, decltype(&EVP_PKEY_CTX_free)>;
+
 std::shared_ptr<ArrayBuffer> HybridSignHandle::sign(const std::shared_ptr<HybridKeyObjectHandleSpec>& keyHandle,
                                                     std::optional<double> padding, std::optional<double> saltLength,
                                                     std::optional<double> dsaEncoding) {
@@ -139,28 +135,19 @@ std::shared_ptr<ArrayBuffer> HybridSignHandle::sign(const std::shared_ptr<Hybrid
   // Ed25519/Ed448/ML-DSA require one-shot signing with EVP_DigestSign
   // Also use one-shot path if no digest was specified (md == nullptr)
   if (is_one_shot || md == nullptr) {
-    // Create a new context for one-shot signing
-    EVP_MD_CTX* sign_ctx = EVP_MD_CTX_new();
+    EvpMdCtxPtr sign_ctx{EVP_MD_CTX_new(), EVP_MD_CTX_free};
     if (!sign_ctx) {
       throw std::runtime_error("Failed to create signing context");
     }
 
-    // Get algorithm name and create PKEY_CTX for ML-DSA
-    const char* alg_name = getAlgorithmName(pkey);
-    EVP_PKEY_CTX* pkey_ctx = nullptr;
-    if (alg_name != nullptr) {
-      pkey_ctx = EVP_PKEY_CTX_new_from_name(nullptr, alg_name, nullptr);
-      if (!pkey_ctx) {
-        EVP_MD_CTX_free(sign_ctx);
-        throw std::runtime_error(std::string("Failed to create signing context for ") + alg_name);
-      }
-    }
-
-    // Initialize for one-shot signing (pass nullptr for md - these algorithms have built-in hash)
-    if (EVP_DigestSignInit(sign_ctx, pkey_ctx ? &pkey_ctx : nullptr, nullptr, nullptr, pkey) <= 0) {
-      EVP_MD_CTX_free(sign_ctx);
-      if (pkey_ctx)
-        EVP_PKEY_CTX_free(pkey_ctx);
+    // Let OpenSSL allocate the PKEY_CTX from the key's keymgmt. On success the
+    // EVP_MD_CTX assumes ownership and EVP_MD_CTX_free will dispose it; on
+    // failure pkey_ctx_raw stays nullptr, so there is nothing to leak. This
+    // mirrors ncrypto's EVPMDCtxPointer::signInit (Node.js deps/ncrypto/ncrypto.cc
+    // and ~/dev/ncrypto/src/ncrypto.cpp), which works for RSA, ECDSA, Ed25519,
+    // Ed448 and ML-DSA without any algorithm-name pre-creation.
+    EVP_PKEY_CTX* pkey_ctx_raw = nullptr;
+    if (EVP_DigestSignInit(sign_ctx.get(), &pkey_ctx_raw, nullptr, nullptr, pkey) <= 0) {
       throw std::runtime_error("Failed to initialize one-shot signing");
     }
 
@@ -171,21 +158,17 @@ std::shared_ptr<ArrayBuffer> HybridSignHandle::sign(const std::shared_ptr<Hybrid
     // We need to use EVP_DigestSign with the accumulated data
 
     // For one-shot variants, determine signature length first
-    if (EVP_DigestSign(sign_ctx, nullptr, &sig_len, data_buffer.data(), data_buffer.size()) <= 0) {
-      EVP_MD_CTX_free(sign_ctx);
+    if (EVP_DigestSign(sign_ctx.get(), nullptr, &sig_len, data_buffer.data(), data_buffer.size()) <= 0) {
       throw std::runtime_error("Failed to determine Ed signature length");
     }
 
     sig_buf = std::make_unique<uint8_t[]>(sig_len);
-    if (EVP_DigestSign(sign_ctx, sig_buf.get(), &sig_len, data_buffer.data(), data_buffer.size()) <= 0) {
-      EVP_MD_CTX_free(sign_ctx);
+    if (EVP_DigestSign(sign_ctx.get(), sig_buf.get(), &sig_len, data_buffer.data(), data_buffer.size()) <= 0) {
       unsigned long err = ERR_get_error();
       char err_buf[256];
       ERR_error_string_n(err, err_buf, sizeof(err_buf));
       throw std::runtime_error("Failed to sign with Ed key: " + std::string(err_buf));
     }
-
-    EVP_MD_CTX_free(sign_ctx);
   } else {
     // Standard signing flow for RSA/ECDSA
     unsigned char digest[EVP_MAX_MD_SIZE];
@@ -195,13 +178,12 @@ std::shared_ptr<ArrayBuffer> HybridSignHandle::sign(const std::shared_ptr<Hybrid
       throw std::runtime_error("Failed to finalize digest");
     }
 
-    EVP_PKEY_CTX* pkey_ctx = EVP_PKEY_CTX_new(pkey, nullptr);
+    EvpPkeyCtxPtr pkey_ctx{EVP_PKEY_CTX_new(pkey, nullptr), EVP_PKEY_CTX_free};
     if (!pkey_ctx) {
       throw std::runtime_error("Failed to create signing context");
     }
 
-    if (EVP_PKEY_sign_init(pkey_ctx) <= 0) {
-      EVP_PKEY_CTX_free(pkey_ctx);
+    if (EVP_PKEY_sign_init(pkey_ctx.get()) <= 0) {
       char err_buf[512];
       snprintf(err_buf, sizeof(err_buf), "Failed to initialize signing for key type %d (expected one-shot: %s, RNQC_HAS_ML_DSA=%d)",
                pkey_type, is_one_shot ? "true" : "false", RNQC_HAS_ML_DSA);
@@ -210,40 +192,33 @@ std::shared_ptr<ArrayBuffer> HybridSignHandle::sign(const std::shared_ptr<Hybrid
 
     if (padding.has_value()) {
       int pad = static_cast<int>(padding.value());
-      if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, pad) <= 0) {
-        EVP_PKEY_CTX_free(pkey_ctx);
+      if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx.get(), pad) <= 0) {
         throw std::runtime_error("Failed to set RSA padding");
       }
     }
 
     if (saltLength.has_value() && padding.has_value() && static_cast<int>(padding.value()) == RSA_PKCS1_PSS_PADDING) {
       int salt_len = static_cast<int>(saltLength.value());
-      if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len) <= 0) {
-        EVP_PKEY_CTX_free(pkey_ctx);
+      if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx.get(), salt_len) <= 0) {
         throw std::runtime_error("Failed to set PSS salt length");
       }
     }
 
-    if (EVP_PKEY_CTX_set_signature_md(pkey_ctx, md) <= 0) {
-      EVP_PKEY_CTX_free(pkey_ctx);
+    if (EVP_PKEY_CTX_set_signature_md(pkey_ctx.get(), md) <= 0) {
       throw std::runtime_error("Failed to set signature digest");
     }
 
-    if (EVP_PKEY_sign(pkey_ctx, nullptr, &sig_len, digest, digest_len) <= 0) {
-      EVP_PKEY_CTX_free(pkey_ctx);
+    if (EVP_PKEY_sign(pkey_ctx.get(), nullptr, &sig_len, digest, digest_len) <= 0) {
       throw std::runtime_error("Failed to determine signature length");
     }
 
     sig_buf = std::make_unique<uint8_t[]>(sig_len);
-    if (EVP_PKEY_sign(pkey_ctx, sig_buf.get(), &sig_len, digest, digest_len) <= 0) {
-      EVP_PKEY_CTX_free(pkey_ctx);
+    if (EVP_PKEY_sign(pkey_ctx.get(), sig_buf.get(), &sig_len, digest, digest_len) <= 0) {
       unsigned long err = ERR_get_error();
       char err_buf[256];
       ERR_error_string_n(err, err_buf, sizeof(err_buf));
       throw std::runtime_error("Failed to sign: " + std::string(err_buf));
     }
-
-    EVP_PKEY_CTX_free(pkey_ctx);
   }
 
   int dsa_enc = dsaEncoding.has_value() ? static_cast<int>(dsaEncoding.value()) : kSigEncDER;

package/cpp/sign/HybridVerifyHandle.cpp

@@ -58,15 +58,13 @@ void HybridVerifyHandle::update(const std::shared_ptr<ArrayBuffer>& data) {
     throw std::runtime_error("Verify not initialized");
   }
 
-  auto native_data = ToNativeArrayBuffer(data);
-
   // Accumulate raw data for potential one-shot verification (Ed25519/Ed448/ML-DSA)
-  const uint8_t* ptr = reinterpret_cast<const uint8_t*>(native_data->data());
-  data_buffer.insert(data_buffer.end(), ptr, ptr + native_data->size());
+  const uint8_t* ptr = reinterpret_cast<const uint8_t*>(data->data());
+  data_buffer.insert(data_buffer.end(), ptr, ptr + data->size());
 
   // Only update digest if we have one (not needed for pure signature schemes)
   if (md != nullptr) {
-    if (EVP_DigestUpdate(md_ctx, native_data->data(), native_data->size()) <= 0) {
+    if (EVP_DigestUpdate(md_ctx, data->data(), data->size()) <= 0) {
       unsigned long err = ERR_get_error();
       char err_buf[256];
       ERR_error_string_n(err, err_buf, sizeof(err_buf));
@@ -75,47 +73,45 @@ void HybridVerifyHandle::update(const std::shared_ptr<ArrayBuffer>& data) {
   }
 }
 
-// Check if key type requires one-shot verification (Ed25519, Ed448, ML-DSA)
+// Check if key type requires one-shot verification (Ed25519, Ed448, ML-DSA, SLH-DSA)
 static bool isOneShotVariant(EVP_PKEY* pkey) {
   int type = EVP_PKEY_id(pkey);
-#if RNQC_HAS_ML_DSA
-  return type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448 || type == EVP_PKEY_ML_DSA_44 || type == EVP_PKEY_ML_DSA_65 ||
-         type == EVP_PKEY_ML_DSA_87;
-#else
-  return type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448;
-#endif
-}
-
-// Get the algorithm name for creating PKEY_CTX (for ML-DSA variants)
-static const char* getAlgorithmName(EVP_PKEY* pkey) {
-  int type = EVP_PKEY_id(pkey);
 #if RNQC_HAS_ML_DSA
   switch (type) {
+    case EVP_PKEY_ED25519:
+    case EVP_PKEY_ED448:
     case EVP_PKEY_ML_DSA_44:
-      return "ML-DSA-44";
     case EVP_PKEY_ML_DSA_65:
-      return "ML-DSA-65";
     case EVP_PKEY_ML_DSA_87:
-      return "ML-DSA-87";
-    case EVP_PKEY_ED25519:
-      return "ED25519";
-    case EVP_PKEY_ED448:
-      return "ED448";
+    case EVP_PKEY_SLH_DSA_SHA2_128S:
+    case EVP_PKEY_SLH_DSA_SHA2_128F:
+    case EVP_PKEY_SLH_DSA_SHA2_192S:
+    case EVP_PKEY_SLH_DSA_SHA2_192F:
+    case EVP_PKEY_SLH_DSA_SHA2_256S:
+    case EVP_PKEY_SLH_DSA_SHA2_256F:
+    case EVP_PKEY_SLH_DSA_SHAKE_128S:
+    case EVP_PKEY_SLH_DSA_SHAKE_128F:
+    case EVP_PKEY_SLH_DSA_SHAKE_192S:
+    case EVP_PKEY_SLH_DSA_SHAKE_192F:
+    case EVP_PKEY_SLH_DSA_SHAKE_256S:
+    case EVP_PKEY_SLH_DSA_SHAKE_256F:
+      return true;
     default:
-      return nullptr;
+      return false;
   }
 #else
-  switch (type) {
-    case EVP_PKEY_ED25519:
-      return "ED25519";
-    case EVP_PKEY_ED448:
-      return "ED448";
-    default:
-      return nullptr;
-  }
+  return type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448;
 #endif
 }
 
+// RAII owners for short-lived OpenSSL handles used in this method. EVP_MD_CTX
+// transitively owns its EVP_PKEY_CTX after a successful EVP_DigestVerifyInit,
+// so we deliberately rely on EVP_MD_CTX_free to clean both up; the standalone
+// EvpPkeyCtxPtr alias is kept only for the RSA/ECDSA branch, where we
+// allocate the PKEY_CTX directly via EVP_PKEY_CTX_new.
+using EvpMdCtxPtr = std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_free)>;
+using EvpPkeyCtxPtr = std::unique_ptr<EVP_PKEY_CTX, decltype(&EVP_PKEY_CTX_free)>;
+
 bool HybridVerifyHandle::verify(const std::shared_ptr<HybridKeyObjectHandleSpec>& keyHandle, const std::shared_ptr<ArrayBuffer>& signature,
                                 std::optional<double> padding, std::optional<double> saltLength, std::optional<double> dsaEncoding) {
   if (!md_ctx) {
@@ -129,39 +125,29 @@ bool HybridVerifyHandle::verify(const std::shared_ptr<HybridKeyObjectHandleSpec>
     throw std::runtime_error("Invalid public key for verification");
   }
 
-  auto native_sig = ToNativeArrayBuffer(signature);
-  const unsigned char* sig_data = native_sig->data();
-  size_t sig_len = native_sig->size();
+  const unsigned char* sig_data = signature->data();
+  size_t sig_len = signature->size();
 
   // Ed25519/Ed448/ML-DSA require one-shot verification with EVP_DigestVerify
   // Also use one-shot path if no digest was specified (md == nullptr)
   if (isOneShotVariant(pkey) || md == nullptr) {
-    EVP_MD_CTX* verify_ctx = EVP_MD_CTX_new();
+    EvpMdCtxPtr verify_ctx{EVP_MD_CTX_new(), EVP_MD_CTX_free};
     if (!verify_ctx) {
       throw std::runtime_error("Failed to create verification context");
     }
 
-    // Get algorithm name and create PKEY_CTX for ML-DSA
-    const char* alg_name = getAlgorithmName(pkey);
-    EVP_PKEY_CTX* pkey_ctx = nullptr;
-    if (alg_name != nullptr) {
-      pkey_ctx = EVP_PKEY_CTX_new_from_name(nullptr, alg_name, nullptr);
-      if (!pkey_ctx) {
-        EVP_MD_CTX_free(verify_ctx);
-        throw std::runtime_error(std::string("Failed to create verification context for ") + alg_name);
-      }
-    }
-
-    // Initialize for one-shot verification (pass nullptr for md - these algorithms have built-in hash)
-    if (EVP_DigestVerifyInit(verify_ctx, pkey_ctx ? &pkey_ctx : nullptr, nullptr, nullptr, pkey) <= 0) {
-      EVP_MD_CTX_free(verify_ctx);
-      if (pkey_ctx)
-        EVP_PKEY_CTX_free(pkey_ctx);
+    // Let OpenSSL allocate the PKEY_CTX from the key's keymgmt. On success the
+    // EVP_MD_CTX assumes ownership and EVP_MD_CTX_free will dispose it; on
+    // failure pkey_ctx_raw stays nullptr, so there is nothing to leak. This
+    // mirrors ncrypto's EVPMDCtxPointer::verifyInit (Node.js deps/ncrypto/ncrypto.cc
+    // and ~/dev/ncrypto/src/ncrypto.cpp), which works for RSA, ECDSA, Ed25519,
+    // Ed448 and ML-DSA without any algorithm-name pre-creation.
+    EVP_PKEY_CTX* pkey_ctx_raw = nullptr;
+    if (EVP_DigestVerifyInit(verify_ctx.get(), &pkey_ctx_raw, nullptr, nullptr, pkey) <= 0) {
       throw std::runtime_error("Failed to initialize one-shot verification");
     }
 
-    int result = EVP_DigestVerify(verify_ctx, sig_data, sig_len, data_buffer.data(), data_buffer.size());
-    EVP_MD_CTX_free(verify_ctx);
+    int result = EVP_DigestVerify(verify_ctx.get(), sig_data, sig_len, data_buffer.data(), data_buffer.size());
     return result == 1;
   }
 
@@ -187,40 +173,34 @@ bool HybridVerifyHandle::verify(const std::shared_ptr<HybridKeyObjectHandleSpec>
     }
   }
 
-  EVP_PKEY_CTX* pkey_ctx = EVP_PKEY_CTX_new(pkey, nullptr);
+  EvpPkeyCtxPtr pkey_ctx{EVP_PKEY_CTX_new(pkey, nullptr), EVP_PKEY_CTX_free};
   if (!pkey_ctx) {
     throw std::runtime_error("Failed to create verification context");
   }
 
-  if (EVP_PKEY_verify_init(pkey_ctx) <= 0) {
-    EVP_PKEY_CTX_free(pkey_ctx);
+  if (EVP_PKEY_verify_init(pkey_ctx.get()) <= 0) {
     throw std::runtime_error("Failed to initialize verification");
   }
 
   if (padding.has_value()) {
     int pad = static_cast<int>(padding.value());
-    if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, pad) <= 0) {
-      EVP_PKEY_CTX_free(pkey_ctx);
+    if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx.get(), pad) <= 0) {
       throw std::runtime_error("Failed to set RSA padding");
     }
   }
 
   if (saltLength.has_value() && padding.has_value() && static_cast<int>(padding.value()) == RSA_PKCS1_PSS_PADDING) {
     int salt_len = static_cast<int>(saltLength.value());
-    if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len) <= 0) {
-      EVP_PKEY_CTX_free(pkey_ctx);
+    if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx.get(), salt_len) <= 0) {
       throw std::runtime_error("Failed to set PSS salt length");
     }
   }
 
-  if (EVP_PKEY_CTX_set_signature_md(pkey_ctx, md) <= 0) {
-    EVP_PKEY_CTX_free(pkey_ctx);
+  if (EVP_PKEY_CTX_set_signature_md(pkey_ctx.get(), md) <= 0) {
     throw std::runtime_error("Failed to set signature digest");
   }
 
-  int result = EVP_PKEY_verify(pkey_ctx, sig_data, sig_len, digest, digest_len);
-  EVP_PKEY_CTX_free(pkey_ctx);
-
+  int result = EVP_PKEY_verify(pkey_ctx.get(), sig_data, sig_len, digest, digest_len);
   return result == 1;
 }
 

package/cpp/slhdsa/HybridSlhDsaKeyPair.cpp

@@ -0,0 +1,245 @@
+#include "HybridSlhDsaKeyPair.hpp"
+
+#include <NitroModules/ArrayBuffer.hpp>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+
+#include <array>
+
+#include "QuickCryptoUtils.hpp"
+
+#if OPENSSL_VERSION_NUMBER >= 0x30500000L
+#define RNQC_HAS_SLH_DSA 1
+#else
+#define RNQC_HAS_SLH_DSA 0
+#endif
+
+namespace margelo::nitro::crypto {
+
+using EVP_MD_CTX_ptr = std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_free)>;
+using EVP_PKEY_CTX_ptr = std::unique_ptr<EVP_PKEY_CTX, decltype(&EVP_PKEY_CTX_free)>;
+
+#if RNQC_HAS_SLH_DSA
+static constexpr std::array<const char*, 12> kSlhDsaVariants{
+    "SLH-DSA-SHA2-128s",  "SLH-DSA-SHA2-128f",  "SLH-DSA-SHA2-192s",  "SLH-DSA-SHA2-192f",  "SLH-DSA-SHA2-256s",  "SLH-DSA-SHA2-256f",
+    "SLH-DSA-SHAKE-128s", "SLH-DSA-SHAKE-128f", "SLH-DSA-SHAKE-192s", "SLH-DSA-SHAKE-192f", "SLH-DSA-SHAKE-256s", "SLH-DSA-SHAKE-256f",
+};
+
+static bool isValidSlhDsaVariant(const std::string& variant) {
+  for (const char* v : kSlhDsaVariants) {
+    if (variant == v) {
+      return true;
+    }
+  }
+  return false;
+}
+#endif
+
+void HybridSlhDsaKeyPair::setVariant(const std::string& variant) {
+#if !RNQC_HAS_SLH_DSA
+  throw std::runtime_error("SLH-DSA requires OpenSSL 3.5+");
+#else
+  if (!isValidSlhDsaVariant(variant)) {
+    throw std::runtime_error("Invalid SLH-DSA variant: " + variant);
+  }
+  variant_ = variant;
+#endif
+}
+
+std::shared_ptr<Promise<void>> HybridSlhDsaKeyPair::generateKeyPair(double publicFormat, double publicType, double privateFormat,
+                                                                    double privateType) {
+  auto self = this->shared_cast<HybridSlhDsaKeyPair>();
+  return Promise<void>::async([self, publicFormat, publicType, privateFormat, privateType]() {
+    self->generateKeyPairSync(publicFormat, publicType, privateFormat, privateType);
+  });
+}
+
+void HybridSlhDsaKeyPair::generateKeyPairSync(double publicFormat, double publicType, double privateFormat, double privateType) {
+#if !RNQC_HAS_SLH_DSA
+  throw std::runtime_error("SLH-DSA requires OpenSSL 3.5+");
+#else
+  clearOpenSSLErrors();
+
+  if (variant_.empty()) {
+    throw std::runtime_error("SLH-DSA variant not set. Call setVariant() first.");
+  }
+
+  publicFormat_ = static_cast<int>(publicFormat);
+  publicType_ = static_cast<int>(publicType);
+  privateFormat_ = static_cast<int>(privateFormat);
+  privateType_ = static_cast<int>(privateType);
+
+  pkey_.reset();
+
+  EVP_PKEY_CTX_ptr pctx(EVP_PKEY_CTX_new_from_name(nullptr, variant_.c_str(), nullptr), EVP_PKEY_CTX_free);
+  if (pctx == nullptr) {
+    throw std::runtime_error("Failed to create key context for " + variant_ + ": " + getOpenSSLError());
+  }
+
+  if (EVP_PKEY_keygen_init(pctx.get()) <= 0) {
+    throw std::runtime_error("Failed to initialize keygen: " + getOpenSSLError());
+  }
+
+  EVP_PKEY* raw = nullptr;
+  if (EVP_PKEY_keygen(pctx.get(), &raw) <= 0) {
+    throw std::runtime_error("Failed to generate SLH-DSA key pair: " + getOpenSSLError());
+  }
+  pkey_.reset(raw);
+#endif
+}
+
+std::shared_ptr<ArrayBuffer> HybridSlhDsaKeyPair::getPublicKey() {
+#if !RNQC_HAS_SLH_DSA
+  throw std::runtime_error("SLH-DSA requires OpenSSL 3.5+");
+#else
+  checkKeyPair();
+
+  BIO* bio = BIO_new(BIO_s_mem());
+  if (!bio) {
+    throw std::runtime_error("Failed to create BIO for public key export");
+  }
+
+  int result;
+  if (publicFormat_ == 1) {
+    result = PEM_write_bio_PUBKEY(bio, pkey_.get());
+  } else {
+    result = i2d_PUBKEY_bio(bio, pkey_.get());
+  }
+
+  if (result != 1) {
+    BIO_free(bio);
+    throw std::runtime_error("Failed to export public key: " + getOpenSSLError());
+  }
+
+  BUF_MEM* bptr;
+  BIO_get_mem_ptr(bio, &bptr);
+
+  size_t len = bptr->length;
+  auto buf = std::make_unique<uint8_t[]>(len);
+  memcpy(buf.get(), bptr->data, len);
+
+  BIO_free(bio);
+
+  uint8_t* raw_ptr = buf.get();
+  return std::make_shared<NativeArrayBuffer>(buf.release(), len, [raw_ptr]() { delete[] raw_ptr; });
+#endif
+}
+
+std::shared_ptr<ArrayBuffer> HybridSlhDsaKeyPair::getPrivateKey() {
+#if !RNQC_HAS_SLH_DSA
+  throw std::runtime_error("SLH-DSA requires OpenSSL 3.5+");
+#else
+  checkKeyPair();
+
+  BIO* bio = BIO_new(BIO_s_mem());
+  if (!bio) {
+    throw std::runtime_error("Failed to create BIO for private key export");
+  }
+
+  int result;
+  if (privateFormat_ == 1) {
+    result = PEM_write_bio_PrivateKey(bio, pkey_.get(), nullptr, nullptr, 0, nullptr, nullptr);
+  } else {
+    result = i2d_PKCS8PrivateKey_bio(bio, pkey_.get(), nullptr, nullptr, 0, nullptr, nullptr);
+  }
+
+  if (result != 1) {
+    BIO_free(bio);
+    throw std::runtime_error("Failed to export private key: " + getOpenSSLError());
+  }
+
+  BUF_MEM* bptr;
+  BIO_get_mem_ptr(bio, &bptr);
+
+  size_t len = bptr->length;
+  auto buf = std::make_unique<uint8_t[]>(len);
+  memcpy(buf.get(), bptr->data, len);
+
+  secureZero(bptr->data, bptr->length);
+  BIO_free(bio);
+
+  uint8_t* raw_ptr = buf.get();
+  return std::make_shared<NativeArrayBuffer>(buf.release(), len, [raw_ptr]() { delete[] raw_ptr; });
+#endif
+}
+
+std::shared_ptr<Promise<std::shared_ptr<ArrayBuffer>>> HybridSlhDsaKeyPair::sign(const std::shared_ptr<ArrayBuffer>& message) {
+  auto nativeMessage = ToNativeArrayBuffer(message);
+  auto self = this->shared_cast<HybridSlhDsaKeyPair>();
+  return Promise<std::shared_ptr<ArrayBuffer>>::async([self, nativeMessage]() { return self->signSync(nativeMessage); });
+}
+
+std::shared_ptr<ArrayBuffer> HybridSlhDsaKeyPair::signSync(const std::shared_ptr<ArrayBuffer>& message) {
+#if !RNQC_HAS_SLH_DSA
+  throw std::runtime_error("SLH-DSA requires OpenSSL 3.5+");
+#else
+  clearOpenSSLErrors();
+  checkKeyPair();
+
+  EVP_MD_CTX_ptr md_ctx(EVP_MD_CTX_new(), EVP_MD_CTX_free);
+  if (md_ctx == nullptr) {
+    throw std::runtime_error("Failed to create signing context");
+  }
+
+  if (EVP_DigestSignInit(md_ctx.get(), nullptr, nullptr, nullptr, pkey_.get()) <= 0) {
+    throw std::runtime_error("Failed to initialize signing: " + getOpenSSLError());
+  }
+
+  size_t sig_len = 0;
+  if (EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, message->data(), message->size()) <= 0) {
+    throw std::runtime_error("Failed to calculate signature size: " + getOpenSSLError());
+  }
+
+  auto sig = std::make_unique<uint8_t[]>(sig_len);
+
+  if (EVP_DigestSign(md_ctx.get(), sig.get(), &sig_len, message->data(), message->size()) <= 0) {
+    throw std::runtime_error("Failed to sign message: " + getOpenSSLError());
+  }
+
+  uint8_t* raw_ptr = sig.get();
+  return std::make_shared<NativeArrayBuffer>(sig.release(), sig_len, [raw_ptr]() { delete[] raw_ptr; });
+#endif
+}
+
+std::shared_ptr<Promise<bool>> HybridSlhDsaKeyPair::verify(const std::shared_ptr<ArrayBuffer>& signature,
+                                                           const std::shared_ptr<ArrayBuffer>& message) {
+  auto nativeSignature = ToNativeArrayBuffer(signature);
+  auto nativeMessage = ToNativeArrayBuffer(message);
+  auto self = this->shared_cast<HybridSlhDsaKeyPair>();
+  return Promise<bool>::async([self, nativeSignature, nativeMessage]() { return self->verifySync(nativeSignature, nativeMessage); });
+}
+
+bool HybridSlhDsaKeyPair::verifySync(const std::shared_ptr<ArrayBuffer>& signature, const std::shared_ptr<ArrayBuffer>& message) {
+#if !RNQC_HAS_SLH_DSA
+  throw std::runtime_error("SLH-DSA requires OpenSSL 3.5+");
+#else
+  clearOpenSSLErrors();
+  checkKeyPair();
+
+  EVP_MD_CTX_ptr md_ctx(EVP_MD_CTX_new(), EVP_MD_CTX_free);
+  if (md_ctx == nullptr) {
+    throw std::runtime_error("Failed to create verify context");
+  }
+
+  if (EVP_DigestVerifyInit(md_ctx.get(), nullptr, nullptr, nullptr, pkey_.get()) <= 0) {
+    throw std::runtime_error("Failed to initialize verification: " + getOpenSSLError());
+  }
+
+  int result = EVP_DigestVerify(md_ctx.get(), signature->data(), signature->size(), message->data(), message->size());
+
+  if (result < 0) {
+    throw std::runtime_error("Verification error: " + getOpenSSLError());
+  }
+
+  return result == 1;
+#endif
+}
+
+void HybridSlhDsaKeyPair::checkKeyPair() {
+  if (!pkey_) {
+    throw std::runtime_error("Key pair not initialized");
+  }
+}
+
+} // namespace margelo::nitro::crypto