react-native-quick-crypto 1.1.1 → 1.1.2

package/src/ed.ts

@@ -8,6 +8,7 @@ import {
   PrivateKeyObject as PrivateKeyObjectClass,
 } from './keys/classes';
 import type { EdKeyPair } from './specs/edKeyPair.nitro';
+import type { KeyObjectHandle as KeyObjectHandleSpec } from './specs/keyObjectHandle.nitro';
 import type {
   BinaryLike,
   CFRGKeyPairType,
@@ -31,6 +32,10 @@ import {
 } from './utils';
 import { ECDH } from './ecdh';
 
+function coerceToNumeric(value: unknown): number {
+  return typeof value === 'number' ? value : -1;
+}
+
 export class Ed {
   type: CFRGKeyPairType;
   config: KeyPairGenConfig;
@@ -86,10 +91,10 @@ export class Ed {
 
   async generateKeyPair(): Promise<void> {
     await this.native.generateKeyPair(
-      this.config.publicFormat ?? -1,
-      this.config.publicType ?? -1,
-      this.config.privateFormat ?? -1,
-      this.config.privateType ?? -1,
+      coerceToNumeric(this.config.publicFormat),
+      coerceToNumeric(this.config.publicType),
+      coerceToNumeric(this.config.privateFormat),
+      coerceToNumeric(this.config.privateType),
       this.config.cipher,
       this.config.passphrase as ArrayBuffer,
     );
@@ -97,10 +102,10 @@ export class Ed {
 
   generateKeyPairSync(): void {
     this.native.generateKeyPairSync(
-      this.config.publicFormat ?? -1,
-      this.config.publicType ?? -1,
-      this.config.privateFormat ?? -1,
-      this.config.privateType ?? -1,
+      coerceToNumeric(this.config.publicFormat),
+      coerceToNumeric(this.config.publicType),
+      coerceToNumeric(this.config.privateFormat),
+      coerceToNumeric(this.config.privateType),
       this.config.cipher,
       this.config.passphrase as ArrayBuffer,
     );
@@ -166,18 +171,86 @@ export function diffieHellman(
   options: DiffieHellmanOptions,
   callback?: DiffieHellmanCallback,
 ): Buffer | void {
-  checkDiffieHellmanOptions(options);
+  if (!options || typeof options !== 'object') {
+    throw new TypeError('options must be an object');
+  }
+  if (callback !== undefined && typeof callback !== 'function') {
+    throw new TypeError('callback must be a function');
+  }
 
-  const privateKey = options.privateKey as PrivateKeyObject;
+  const resolvedOptions: DiffieHellmanOptions = {
+    publicKey: resolveDhKeyInput(options.publicKey, 'publicKey'),
+    privateKey: resolveDhKeyInput(options.privateKey, 'privateKey'),
+  };
+  checkDiffieHellmanOptions(resolvedOptions);
+
+  const privateKey = resolvedOptions.privateKey as PrivateKeyObject;
   const keyType = privateKey.asymmetricKeyType;
 
   if (keyType === 'ec') {
-    return ecDiffieHellman(options, callback);
+    return ecDiffieHellman(resolvedOptions, callback);
+  }
+
+  if (keyType === 'dh') {
+    throw new Error(
+      'crypto.diffieHellman with DH KeyObjects is not supported yet — use the DiffieHellman class for now',
+    );
   }
 
   const type = keyType as CFRGKeyPairType;
   const ed = new Ed(type, {});
-  return ed.diffieHellman(options, callback);
+  return ed.diffieHellman(resolvedOptions, callback);
+}
+
+function isRawKeyInput(value: unknown): value is {
+  key: ArrayBuffer | ArrayBufferView | string;
+  format: 'raw-public' | 'raw-private' | 'raw-seed';
+  asymmetricKeyType: string;
+  namedCurve?: string;
+} {
+  if (!value || typeof value !== 'object') return false;
+  const obj = value as { format?: string };
+  return (
+    obj.format === 'raw-public' ||
+    obj.format === 'raw-private' ||
+    obj.format === 'raw-seed'
+  );
+}
+
+function resolveDhKeyInput(
+  input: DiffieHellmanOptions['publicKey'],
+  name: 'publicKey' | 'privateKey',
+): AsymmetricKeyObject {
+  if (isRawKeyInput(input)) {
+    const expectedKeyType = name === 'publicKey' ? 'public' : 'private';
+    if (input.format === 'raw-public' && expectedKeyType !== 'public') {
+      throw new Error(`Invalid format 'raw-public' for ${name}`);
+    }
+    if (
+      (input.format === 'raw-private' || input.format === 'raw-seed') &&
+      expectedKeyType !== 'private'
+    ) {
+      throw new Error(`Invalid format '${input.format}' for ${name}`);
+    }
+    if (input.asymmetricKeyType === 'ec' && !input.namedCurve) {
+      throw new Error(`namedCurve is required for EC raw key in ${name}`);
+    }
+
+    const handle =
+      NitroModules.createHybridObject<KeyObjectHandleSpec>('KeyObjectHandle');
+    const keyData = toAB(input.key as BinaryLike);
+    if (input.format === 'raw-public') {
+      handle.initRawPublic(input.asymmetricKeyType, keyData, input.namedCurve);
+      return new PublicKeyObject(handle);
+    }
+    if (input.format === 'raw-seed') {
+      handle.initRawSeed(input.asymmetricKeyType, keyData);
+      return new PrivateKeyObjectClass(handle);
+    }
+    handle.initRawPrivate(input.asymmetricKeyType, keyData, input.namedCurve);
+    return new PrivateKeyObjectClass(handle);
+  }
+  return input as AsymmetricKeyObject;
 }
 
 function ed_createKeyObjects(ed: Ed): {
@@ -206,17 +279,19 @@ function ed_formatKeyPairOutput(
   ed: Ed,
   encoding: KeyPairGenConfig,
 ): {
-  publicKey: PublicKeyObject | string | ArrayBuffer;
-  privateKey: PrivateKeyObjectClass | string | ArrayBuffer;
+  publicKey: PublicKeyObject | string | ArrayBuffer | Buffer;
+  privateKey: PrivateKeyObjectClass | string | ArrayBuffer | Buffer;
 } {
   const { publicFormat, privateFormat, cipher, passphrase } = encoding;
   const { pub, priv } = ed_createKeyObjects(ed);
 
-  let publicKey: PublicKeyObject | string | ArrayBuffer;
-  let privateKey: PrivateKeyObjectClass | string | ArrayBuffer;
+  let publicKey: PublicKeyObject | string | ArrayBuffer | Buffer;
+  let privateKey: PrivateKeyObjectClass | string | ArrayBuffer | Buffer;
 
   if (publicFormat == null || publicFormat === -1) {
     publicKey = pub;
+  } else if (publicFormat === 'raw-public') {
+    publicKey = Buffer.from(pub.handle.exportRawPublic());
   } else {
     const format =
       publicFormat === KFormatType.PEM ? KFormatType.PEM : KFormatType.DER;
@@ -230,6 +305,10 @@ function ed_formatKeyPairOutput(
 
   if (privateFormat == null || privateFormat === -1) {
     privateKey = priv;
+  } else if (privateFormat === 'raw-private') {
+    privateKey = Buffer.from(priv.handle.exportRawPrivate());
+  } else if (privateFormat === 'raw-seed') {
+    privateKey = Buffer.from(priv.handle.exportRawSeed());
   } else {
     const format =
       privateFormat === KFormatType.PEM ? KFormatType.PEM : KFormatType.DER;

package/src/hash.ts

@@ -3,6 +3,7 @@ import { NitroModules } from 'react-native-nitro-modules';
 import type { TransformOptions } from 'readable-stream';
 import { Buffer } from '@craftzdog/react-native-buffer';
 import type { Hash as NativeHash } from './specs/hash.nitro';
+import type { TurboShake as NativeTurboShake } from './specs/turboshake.nitro';
 import type {
   BinaryLike,
   Encoding,
@@ -267,19 +268,33 @@ export const asyncDigest = async (
   }
 
   if (name === 'cSHAKE128' || name === 'cSHAKE256') {
-    if (typeof algorithm.length !== 'number' || algorithm.length <= 0) {
+    // CShakeParams.outputLength is required (in bits) per the WICG modern-algos
+    // spec, renamed from `length` (commit ab8dc2b84c2). Mirror Node's
+    // hash.js:223-228 / webidl.js:570-595.
+    if (
+      typeof algorithm.outputLength !== 'number' ||
+      algorithm.outputLength <= 0
+    ) {
       throw lazyDOMException(
-        'cSHAKE requires a length parameter',
+        'CShakeParams.outputLength is required',
         'OperationError',
       );
     }
-    if (algorithm.length % 8) {
+    if (algorithm.outputLength % 8) {
       throw lazyDOMException(
-        'Unsupported CShakeParams length',
+        'Unsupported CShakeParams outputLength',
         'NotSupportedError',
       );
     }
-    return internalDigest(algorithm, data, algorithm.length);
+    return internalDigest(algorithm, data, algorithm.outputLength / 8);
+  }
+
+  if (name === 'TurboSHAKE128' || name === 'TurboSHAKE256') {
+    return turboShakeDigest(name, algorithm, data);
+  }
+
+  if (name === 'KT128' || name === 'KT256') {
+    return kangarooTwelveDigest(name, algorithm, data);
   }
 
   throw lazyDOMException(
@@ -288,6 +303,94 @@ export const asyncDigest = async (
   );
 };
 
+// TurboSHAKE / KangarooTwelve are not exposed by OpenSSL EVP, so we route
+// them to a dedicated Nitro module (cpp/turboshake) that ports the Node.js
+// reference implementation. Lazy-load to keep the module out of the hot path
+// for callers that only use SHA-2/SHA-3.
+let nativeTurboShake: NativeTurboShake | undefined;
+const getTurboShake = (): NativeTurboShake => {
+  if (!nativeTurboShake) {
+    nativeTurboShake =
+      NitroModules.createHybridObject<NativeTurboShake>('TurboShake');
+  }
+  return nativeTurboShake;
+};
+
+// RFC 9861 §2.2 default per the WICG Modern Algos draft for TurboSHAKE.
+const kDefaultTurboShakeDomainSeparation = 0x1f;
+
+const turboShakeDigest = async (
+  name: 'TurboSHAKE128' | 'TurboSHAKE256',
+  algorithm: SubtleAlgorithm,
+  data: BufferLike,
+): Promise<ArrayBuffer> => {
+  if (
+    typeof algorithm.outputLength !== 'number' ||
+    algorithm.outputLength <= 0
+  ) {
+    throw lazyDOMException(
+      'TurboShakeParams.outputLength is required',
+      'OperationError',
+    );
+  }
+  if (algorithm.outputLength % 8) {
+    throw lazyDOMException(
+      'Invalid TurboShakeParams outputLength',
+      'OperationError',
+    );
+  }
+  const ds = algorithm.domainSeparation ?? kDefaultTurboShakeDomainSeparation;
+  if (
+    typeof ds !== 'number' ||
+    !Number.isInteger(ds) ||
+    ds < 0x01 ||
+    ds > 0x7f
+  ) {
+    throw lazyDOMException(
+      'TurboShakeParams.domainSeparation must be in range 0x01-0x7f',
+      'OperationError',
+    );
+  }
+  return getTurboShake().turboShake(
+    name,
+    ds,
+    algorithm.outputLength / 8,
+    bufferLikeToArrayBuffer(data),
+  );
+};
+
+const kangarooTwelveDigest = async (
+  name: 'KT128' | 'KT256',
+  algorithm: SubtleAlgorithm,
+  data: BufferLike,
+): Promise<ArrayBuffer> => {
+  if (
+    typeof algorithm.outputLength !== 'number' ||
+    algorithm.outputLength <= 0
+  ) {
+    throw lazyDOMException(
+      'KangarooTwelveParams.outputLength is required',
+      'OperationError',
+    );
+  }
+  if (algorithm.outputLength % 8) {
+    throw lazyDOMException(
+      'Invalid KangarooTwelveParams outputLength',
+      'OperationError',
+    );
+  }
+  const customization =
+    algorithm.customization !== undefined
+      ? bufferLikeToArrayBuffer(algorithm.customization)
+      : undefined;
+  return getTurboShake().kangarooTwelve(
+    name,
+    algorithm.outputLength / 8,
+    bufferLikeToArrayBuffer(data),
+    customization,
+  );
+};
+
 const internalDigest = (
   algorithm: SubtleAlgorithm,
   data: BufferLike,

package/src/keys/classes.ts

@@ -1,4 +1,4 @@
-import { Buffer } from 'buffer';
+import { Buffer } from '@craftzdog/react-native-buffer';
 import { NitroModules } from 'react-native-nitro-modules';
 import type {
   AsymmetricKeyType,
@@ -9,7 +9,7 @@ import type {
   KeyUsage,
   SubtleAlgorithm,
 } from '../utils';
-import { KeyType, KFormatType, KeyEncoding } from '../utils';
+import { KeyType, KFormatType, KeyEncoding, getSortedUsages } from '../utils';
 import { parsePrivateKeyEncoding, parsePublicKeyEncoding } from './utils';
 
 export class CryptoKey {
@@ -30,7 +30,8 @@ export class CryptoKey {
   ) {
     this.keyObject = keyObject;
     this.keyAlgorithm = keyAlgorithm;
-    this.keyUsages = keyUsages;
+    // Frozen so external code can't mutate `key.usages` (per WebCrypto spec).
+    this.keyUsages = Object.freeze(getSortedUsages(keyUsages)) as KeyUsage[];
     this.keyExtractable = keyExtractable;
   }
   // eslint-disable-next-line @typescript-eslint/no-unused-vars
@@ -286,15 +287,36 @@ export class PublicKeyObject extends AsymmetricKeyObject {
   export(options: { format: 'pem' } & EncodingOptions): string;
   export(options: { format: 'der' } & EncodingOptions): Buffer;
   export(options: { format: 'jwk' } & EncodingOptions): JWK;
+  export(options: { format: 'raw-public' } & EncodingOptions): Buffer;
   export(options: EncodingOptions): string | Buffer | JWK {
     if (options?.format === 'jwk') {
       return this.handle.exportJwk({}, false);
     }
+    if (options?.format === 'raw-public') {
+      if (this.asymmetricKeyType === 'ec') {
+        const pointType = options.type ?? 'uncompressed';
+        if (pointType !== 'compressed' && pointType !== 'uncompressed') {
+          throw new Error(
+            `Invalid options.type for raw-public EC export: ${pointType}`,
+          );
+        }
+        return Buffer.from(
+          this.handle.exportECPublicRaw(pointType === 'compressed'),
+        );
+      }
+      return Buffer.from(this.handle.exportRawPublic());
+    }
     const { format, type } = parsePublicKeyEncoding(
       options,
       this.asymmetricKeyType,
     );
-    const key = this.handle.exportKey(format, type);
+    if (typeof format !== 'number') {
+      throw new Error(`Unexpected format ${format} after raw-format dispatch`);
+    }
+    const key = this.handle.exportKey(
+      format,
+      typeof type === 'string' ? undefined : type,
+    );
     const buffer = Buffer.from(key);
     if (options?.format === 'pem') {
       return buffer.toString('utf-8');
@@ -311,6 +333,8 @@ export class PrivateKeyObject extends AsymmetricKeyObject {
   export(options: { format: 'pem' } & EncodingOptions): string;
   export(options: { format: 'der' } & EncodingOptions): Buffer;
   export(options: { format: 'jwk' } & EncodingOptions): JWK;
+  export(options: { format: 'raw-private' } & EncodingOptions): Buffer;
+  export(options: { format: 'raw-seed' } & EncodingOptions): Buffer;
   export(options: EncodingOptions): string | Buffer | JWK {
     if (options?.format === 'jwk') {
       if (options.passphrase !== undefined) {
@@ -318,11 +342,28 @@ export class PrivateKeyObject extends AsymmetricKeyObject {
       }
       return this.handle.exportJwk({}, false);
     }
+    if (options?.format === 'raw-private') {
+      if (this.asymmetricKeyType === 'ec') {
+        return Buffer.from(this.handle.exportECPrivateRaw());
+      }
+      return Buffer.from(this.handle.exportRawPrivate());
+    }
+    if (options?.format === 'raw-seed') {
+      return Buffer.from(this.handle.exportRawSeed());
+    }
     const { format, type, cipher, passphrase } = parsePrivateKeyEncoding(
       options,
       this.asymmetricKeyType,
     );
-    const key = this.handle.exportKey(format, type, cipher, passphrase);
+    if (typeof format !== 'number') {
+      throw new Error(`Unexpected format ${format} after raw-format dispatch`);
+    }
+    const key = this.handle.exportKey(
+      format,
+      typeof type === 'string' ? undefined : type,
+      cipher,
+      passphrase,
+    );
     const buffer = Buffer.from(key);
     if (options?.format === 'pem') {
       return buffer.toString('utf-8');

package/src/keys/generateKeyPair.ts

@@ -1,4 +1,5 @@
 import { ed_generateKeyPair } from '../ed';
+import { Buffer } from '@craftzdog/react-native-buffer';
 import { rsa_generateKeyPairNode, rsa_generateKeyPairNodeSync } from '../rsa';
 import { ec_generateKeyPairNode, ec_generateKeyPairNodeSync } from '../ec';
 import { dsa_generateKeyPairNode, dsa_generateKeyPairNodeSync } from '../dsa';
@@ -6,6 +7,7 @@ import {
   dh_generateKeyPairNode,
   dh_generateKeyPairNodeSync,
 } from '../dhKeyPair';
+import { SlhDsa, type SlhDsaVariant } from '../slhdsa';
 import {
   kEmptyObject,
   validateFunction,
@@ -17,9 +19,129 @@ import {
   type KeyPairGenConfig,
   type KeyPairKey,
   type KeyPairType,
+  type SlhDsaKeyPairType,
+  KFormatType,
+  KeyEncoding,
 } from '../utils';
+import {
+  KeyObject,
+  type PublicKeyObject,
+  type PrivateKeyObject,
+} from './classes';
 import { parsePrivateKeyEncoding, parsePublicKeyEncoding } from './utils';
 
+const SLH_DSA_TYPE_TO_VARIANT: Readonly<
+  Record<SlhDsaKeyPairType, SlhDsaVariant>
+> = {
+  'slh-dsa-sha2-128s': 'SLH-DSA-SHA2-128s',
+  'slh-dsa-sha2-128f': 'SLH-DSA-SHA2-128f',
+  'slh-dsa-sha2-192s': 'SLH-DSA-SHA2-192s',
+  'slh-dsa-sha2-192f': 'SLH-DSA-SHA2-192f',
+  'slh-dsa-sha2-256s': 'SLH-DSA-SHA2-256s',
+  'slh-dsa-sha2-256f': 'SLH-DSA-SHA2-256f',
+  'slh-dsa-shake-128s': 'SLH-DSA-SHAKE-128s',
+  'slh-dsa-shake-128f': 'SLH-DSA-SHAKE-128f',
+  'slh-dsa-shake-192s': 'SLH-DSA-SHAKE-192s',
+  'slh-dsa-shake-192f': 'SLH-DSA-SHAKE-192f',
+  'slh-dsa-shake-256s': 'SLH-DSA-SHAKE-256s',
+  'slh-dsa-shake-256f': 'SLH-DSA-SHAKE-256f',
+};
+
+function isSlhDsaType(type: string): type is SlhDsaKeyPairType {
+  return type in SLH_DSA_TYPE_TO_VARIANT;
+}
+
+function slhDsaFormatKeyPairOutput(
+  slhdsa: SlhDsa,
+  encoding: KeyPairGenConfig,
+): {
+  publicKey: PublicKeyObject | string | ArrayBuffer | Buffer;
+  privateKey: PrivateKeyObject | string | ArrayBuffer | Buffer;
+} {
+  const { publicFormat, privateFormat, cipher, passphrase } = encoding;
+
+  const publicKey = KeyObject.createKeyObject(
+    'public',
+    slhdsa.getPublicKey(),
+    KFormatType.DER,
+    KeyEncoding.SPKI,
+  ) as PublicKeyObject;
+  const privateKey = KeyObject.createKeyObject(
+    'private',
+    slhdsa.getPrivateKey(),
+    KFormatType.DER,
+    KeyEncoding.PKCS8,
+  ) as PrivateKeyObject;
+
+  let publicKeyOutput: PublicKeyObject | string | ArrayBuffer | Buffer;
+  let privateKeyOutput: PrivateKeyObject | string | ArrayBuffer | Buffer;
+
+  if (publicFormat === -1) {
+    publicKeyOutput = publicKey;
+  } else if (publicFormat === 'raw-public') {
+    publicKeyOutput = Buffer.from(publicKey.handle.exportRawPublic());
+  } else {
+    const format =
+      publicFormat === KFormatType.PEM ? KFormatType.PEM : KFormatType.DER;
+    const exported = publicKey.handle.exportKey(format, KeyEncoding.SPKI);
+    if (format === KFormatType.PEM) {
+      publicKeyOutput = Buffer.from(new Uint8Array(exported)).toString('utf-8');
+    } else {
+      publicKeyOutput = exported;
+    }
+  }
+
+  if (privateFormat === -1) {
+    privateKeyOutput = privateKey;
+  } else if (privateFormat === 'raw-private') {
+    privateKeyOutput = Buffer.from(privateKey.handle.exportRawPrivate());
+  } else if (privateFormat === 'raw-seed') {
+    privateKeyOutput = Buffer.from(privateKey.handle.exportRawSeed());
+  } else {
+    const format =
+      privateFormat === KFormatType.PEM ? KFormatType.PEM : KFormatType.DER;
+    const exported = privateKey.handle.exportKey(
+      format,
+      KeyEncoding.PKCS8,
+      cipher,
+      passphrase,
+    );
+    if (format === KFormatType.PEM) {
+      privateKeyOutput = Buffer.from(new Uint8Array(exported)).toString(
+        'utf-8',
+      );
+    } else {
+      privateKeyOutput = exported;
+    }
+  }
+
+  return { publicKey: publicKeyOutput, privateKey: privateKeyOutput };
+}
+
+function slhDsaGenerateKeyPairNodeSync(
+  type: SlhDsaKeyPairType,
+  encoding: KeyPairGenConfig,
+): {
+  publicKey: PublicKeyObject | string | ArrayBuffer | Buffer;
+  privateKey: PrivateKeyObject | string | ArrayBuffer | Buffer;
+} {
+  const slhdsa = new SlhDsa(SLH_DSA_TYPE_TO_VARIANT[type]);
+  slhdsa.generateKeyPairSync();
+  return slhDsaFormatKeyPairOutput(slhdsa, encoding);
+}
+
+async function slhDsaGenerateKeyPairNode(
+  type: SlhDsaKeyPairType,
+  encoding: KeyPairGenConfig,
+): Promise<{
+  publicKey: PublicKeyObject | string | ArrayBuffer | Buffer;
+  privateKey: PrivateKeyObject | string | ArrayBuffer | Buffer;
+}> {
+  const slhdsa = new SlhDsa(SLH_DSA_TYPE_TO_VARIANT[type]);
+  await slhdsa.generateKeyPair();
+  return slhDsaFormatKeyPairOutput(slhdsa, encoding);
+}
+
 export const generateKeyPair = (
   type: KeyPairType,
   options: GenerateKeyPairOptions,
@@ -47,7 +169,24 @@ export const generateKeyPairPromise = (
 };
 
 // generateKeyPairSync
-export function generateKeyPairSync(type: KeyPairType): CryptoKeyPair;
+export type KeyObjectKeyPair = {
+  publicKey: PublicKeyObject;
+  privateKey: PrivateKeyObject;
+};
+
+type KeyObjectGenerateKeyPairOptions = Omit<
+  GenerateKeyPairOptions,
+  'publicKeyEncoding' | 'privateKeyEncoding'
+> & {
+  publicKeyEncoding?: undefined;
+  privateKeyEncoding?: undefined;
+};
+
+export function generateKeyPairSync(type: KeyPairType): KeyObjectKeyPair;
+export function generateKeyPairSync(
+  type: KeyPairType,
+  options: KeyObjectGenerateKeyPairOptions,
+): KeyObjectKeyPair;
 export function generateKeyPairSync(
   type: KeyPairType,
   options: GenerateKeyPairOptions,
@@ -117,10 +256,10 @@ function parseKeyPairEncoding(
   }
 
   return {
-    publicFormat,
-    publicType,
-    privateFormat,
-    privateType,
+    publicFormat: publicFormat as KeyPairGenConfig['publicFormat'],
+    publicType: publicType as KeyPairGenConfig['publicType'],
+    privateFormat: privateFormat as KeyPairGenConfig['privateFormat'],
+    privateType: privateType as KeyPairGenConfig['privateType'],
     cipher,
     passphrase,
   };
@@ -147,6 +286,9 @@ function internalGenerateKeyPair(
     case 'dh':
       break;
     default: {
+      if (isSlhDsaType(type)) {
+        break;
+      }
       const err = new Error(`
         Invalid Argument options: '${type}' scheme not supported for
         generateKeyPair(). Currently not all encryption methods are supported in
@@ -168,6 +310,8 @@ function internalGenerateKeyPair(
           result = await dsa_generateKeyPairNode(options, encoding);
         } else if (type === 'dh') {
           result = await dh_generateKeyPairNode(options, encoding);
+        } else if (isSlhDsaType(type)) {
+          result = await slhDsaGenerateKeyPairNode(type, encoding);
         } else {
           throw new Error(`Unsupported key type: ${type}`);
         }
@@ -198,6 +342,8 @@ function internalGenerateKeyPair(
       result = dsa_generateKeyPairNodeSync(options, encoding);
     } else if (type === 'dh') {
       result = dh_generateKeyPairNodeSync(options, encoding);
+    } else if (isSlhDsaType(type)) {
+      result = slhDsaGenerateKeyPairNodeSync(type, encoding);
     } else {
       throw new Error(`Unsupported key type: ${type}`);
     }