Skip to content

feat: implement generateKeyPair DSA and DH key types#925

Merged
boorad merged 3 commits intomainfrom
feat/generatekeypair-dsa-dh
Feb 15, 2026
Merged

feat: implement generateKeyPair DSA and DH key types#925
boorad merged 3 commits intomainfrom
feat/generatekeypair-dsa-dh

Conversation

@boorad
Copy link
Collaborator

@boorad boorad commented Feb 15, 2026

Summary

Adds DSA and DH key type support to crypto.generateKeyPair() and crypto.generateKeyPairSync(), completing all key types for these APIs.

Changes

  • DSA key generation: New HybridDsaKeyPair Nitro Module with OpenSSL EVP paramgen/keygen flow, supporting modulusLength and optional divisorLength
  • DH key generation: New HybridDhKeyPair Nitro Module supporting named groups (resolved to primes on JS side via dh-groups.ts), custom primes, and primeLength-based generation
  • TypeScript wrappers: dsa.ts and dhKeyPair.ts with format helpers wired into the existing generateKeyPair dispatcher
  • Tests: 9 tests covering PEM/DER encoding, async/sync, custom params, primeLength mode, and a DSA sign/verify round-trip
  • Docs: Updated implementation coverage — generateKeyPair/generateKeyPairSync now ✅ for all key types; also marked generateKeySync as ✅

Code Quality

  • RAII throughout (EVP_PKEY managed via unique_ptr in both DSA and DH)
  • No dead code (removed unused setGroupName from DH Nitro spec since JS resolves named groups)
  • DSA modulusLength validation delegated to OpenSSL (matching Node.js behavior)

@boorad
feat: implement generateKeyPair DSA and DH key types
8c2e828 
Add DSA and DH support to crypto.generateKeyPair() and
crypto.generateKeyPairSync(), completing all 9 key types.

DSA: EVP paramgen with modulusLength + optional divisorLength,
then keygen. Keys exported as SPKI/PKCS8 DER.

DH: Three modes — custom prime (binary ArrayBuffer), random prime
(primeLength + generator), or named group (resolved in TS from
dh-groups.ts). Uses deprecated DH_* APIs matching Node.js ncrypto.

New Nitro specs, C++ implementations, TS wrappers, dispatcher
wiring, 10 tests, and coverage doc updated (generateKeyPair 🚧→✅).
@boorad
refactor: address code review issues for DSA/DH key generation
a0cc8cc 
- Convert HybridDsaKeyPair from raw EVP_PKEY* to RAII unique_ptr
- Remove dead setGroupName/groupName_ from DH Nitro spec and C++
- Replace duplicate DH test with primeLength coverage
- Simplify always-true ternaries in DSA/DH format helpers
- Delegate DSA modulusLength validation to OpenSSL
@boorad
docs: mark generateKeySync as fully implemented
e194e41
@boorad boorad self-assigned this Feb 15, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 15, 2026

🤖 End-to-End Test Results - iOS

Status: ✅ Passed
Platform: iOS
Run: 22029307947

📸 Final Test Screenshot

Maestro Test Results - ios

Screenshot automatically captured from End-to-End tests and will expire in 30 days

This comment is automatically updated on each test run.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 15, 2026

🤖 End-to-End Test Results - Android

Status: ✅ Passed
Platform: Android
Run: 22029307938

📸 Final Test Screenshot

Maestro Test Results - android

Screenshot automatically captured from End-to-End tests and will expire in 30 days

This comment is automatically updated on each test run.

@boorad boorad merged commit 133cef8 into main Feb 15, 2026
7 checks passed
@boorad boorad deleted the feat/generatekeypair-dsa-dh branch February 15, 2026 04:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@boorad boorad

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@boorad

Comments