refactor: address self-review feedback on PQC PKCS#8 validation

- Export PQC_SEEDLESS_PKCS8_LENGTHS and consume it from tests instead
  of redeclaring the table in the test file.
- Replace startsWith fallback with explicit PQC_FAMILY lookup so the
  import-rejection error message can't mislabel an unknown algorithm
  whose seedless length happens to collide.
- Move configurePqcOutputFormats() call into HybridKeyObjectHandle
  ctor (still guarded by std::call_once) so providers are configured
  on first handle construction rather than per-export.
- Add ML-DSA-65 PKCS#8 round-trip + sign/verify test mirroring the
  existing ML-KEM-768 round-trip.
- Replace absolute-path comment with repo-relative reference.

Author: boorad

example/src/tests/subtle/import_export.ts

@@ -28,6 +28,7 @@ import {
   // createPublicKey, // TODO: for 'bad usages' test
   // createPrivateKey, // TODO: for 'bad usages' test
   getRandomValues,
+  PQC_SEEDLESS_PKCS8_LENGTHS,
   subtle,
 } from 'react-native-quick-crypto';
 import { MLKEM_VARIANTS } from './mlkem_constants';
@@ -2283,17 +2284,11 @@ test(SUITE, 'ML-DSA-44 importKey rejects jwk alg mismatch', async () => {
   );
 });
 
-// --- ML-DSA seedless PKCS#8 import rejection (issue #997) ---
-
-const MLDSA_SEEDLESS_PKCS8_LENGTHS: Record<MlDsaVariant, number> = {
-  'ML-DSA-44': 2588,
-  'ML-DSA-65': 4060,
-  'ML-DSA-87': 4924,
-};
+// --- ML-DSA seedless PKCS#8 import rejection (PR #997) ---
 
 for (const variant of MLDSA_VARIANTS) {
   test(SUITE, `${variant} pkcs8 import rejects seedless key`, async () => {
-    const seedless = new Uint8Array(MLDSA_SEEDLESS_PKCS8_LENGTHS[variant]);
+    const seedless = new Uint8Array(PQC_SEEDLESS_PKCS8_LENGTHS[variant] ?? 0);
     await assertThrowsAsync(
       async () =>
         await subtle.importKey('pkcs8', seedless, { name: variant }, true, [
@@ -2320,6 +2315,37 @@ for (const variant of MLDSA_VARIANTS) {
   );
 }
 
+test(SUITE, 'ML-DSA-65 pkcs8 round-trip + sign/verify', async () => {
+  const keyPair = (await subtle.generateKey({ name: 'ML-DSA-65' }, true, [
+    'sign',
+    'verify',
+  ])) as CryptoKeyPair;
+
+  const exported = (await subtle.exportKey(
+    'pkcs8',
+    keyPair.privateKey as CryptoKey,
+  )) as ArrayBuffer;
+  expect(exported.byteLength).to.equal(54);
+
+  const imported = await subtle.importKey(
+    'pkcs8',
+    exported,
+    { name: 'ML-DSA-65' },
+    true,
+    ['sign'],
+  );
+
+  const message = new TextEncoder().encode('round-trip test');
+  const signature = await subtle.sign({ name: 'ML-DSA-65' }, imported, message);
+  const verified = await subtle.verify(
+    { name: 'ML-DSA-65' },
+    keyPair.publicKey as CryptoKey,
+    signature,
+    message,
+  );
+  expect(verified).to.equal(true);
+});
+
 // --- ML-DSA raw-public and raw-seed export/import tests ---
 // 'raw-public' is normalized to 'raw' internally (public key bytes)
 // 'raw-seed' passes through directly (64-byte private seed)
@@ -2721,20 +2747,11 @@ test(SUITE, 'ML-KEM-768 importKey raw rejects bad usages', async () => {
   );
 });
 
-// --- ML-KEM seedless PKCS#8 import rejection + export length (issue #997) ---
-
-const MLKEM_SEEDLESS_PKCS8_LENGTHS: Record<
-  (typeof MLKEM_VARIANTS)[number],
-  number
-> = {
-  'ML-KEM-512': 1660,
-  'ML-KEM-768': 2428,
-  'ML-KEM-1024': 3196,
-};
+// --- ML-KEM seedless PKCS#8 import rejection + export length (PR #997) ---
 
 for (const variant of MLKEM_VARIANTS) {
   test(SUITE, `${variant} pkcs8 import rejects seedless key`, async () => {
-    const seedless = new Uint8Array(MLKEM_SEEDLESS_PKCS8_LENGTHS[variant]);
+    const seedless = new Uint8Array(PQC_SEEDLESS_PKCS8_LENGTHS[variant] ?? 0);
     await assertThrowsAsync(
       async () =>
         await subtle.importKey('pkcs8', seedless, { name: variant }, true, [

packages/react-native-quick-crypto/cpp/keys/HybridKeyObjectHandle.cpp

@@ -20,7 +20,7 @@ namespace margelo::nitro::crypto {
 // Configure loaded providers to prefer seed-only PKCS#8 output for ML-DSA /
 // ML-KEM, falling back to priv-only when no seed is available. Without this,
 // OpenSSL defaults to "seed-priv" — a longer encoding that bundles both —
-// which breaks interop with Node and PR #997's exact-length export check.
+// which breaks interop with Node and the exact-length export check in subtle.ts.
 // Mirrors src/crypto/crypto_util.cc in Node.
 static void configurePqcOutputFormats() {
   static std::once_flag once;
@@ -37,6 +37,15 @@ static void configurePqcOutputFormats() {
 }
 #endif
 
+HybridKeyObjectHandle::HybridKeyObjectHandle() : HybridObject(TAG) {
+#if OPENSSL_VERSION_NUMBER >= 0x30600000L
+  // Configure once on first handle construction. Providers are guaranteed
+  // loaded by this point (any prior crypto op routed through ncrypto), and
+  // the call_once flag makes subsequent constructions cheap.
+  configurePqcOutputFormats();
+#endif
+}
+
 // Helper functions for base64url encoding/decoding with BIGNUMs
 static std::string bn_to_base64url(const BIGNUM* bn, size_t expected_size = 0) {
   if (!bn)
@@ -193,18 +202,6 @@ std::shared_ptr<ArrayBuffer> HybridKeyObjectHandle::exportKey(std::optional<KFor
     // This allows extracting the public key from a private key
     bool exportAsPublic = (exportType == KeyEncoding::SPKI) || (keyType == KeyType::PUBLIC);
 
-#if OPENSSL_VERSION_NUMBER >= 0x30600000L
-    if (!exportAsPublic && exportType == KeyEncoding::PKCS8) {
-      const char* typeName = EVP_PKEY_get0_type_name(pkey.get());
-      if (typeName != nullptr) {
-        std::string name(typeName);
-        if (name.starts_with("ML-KEM-") || name.starts_with("ML-DSA-")) {
-          configurePqcOutputFormats();
-        }
-      }
-    }
-#endif
-
     // Create encoding config
     if (exportAsPublic) {
       ncrypto::EVPKeyPointer::PublicKeyEncodingConfig config(false, static_cast<ncrypto::EVPKeyPointer::PKFormatType>(exportFormat),

packages/react-native-quick-crypto/cpp/keys/HybridKeyObjectHandle.hpp

@@ -15,7 +15,7 @@ namespace margelo::nitro::crypto {
 
 class HybridKeyObjectHandle : public HybridKeyObjectHandleSpec {
  public:
-  HybridKeyObjectHandle() : HybridObject(TAG) {}
+  HybridKeyObjectHandle();
 
  public:
   std::shared_ptr<ArrayBuffer> exportKey(std::optional<KFormatType> format, std::optional<KeyEncoding> type,

packages/react-native-quick-crypto/src/subtle.ts

@@ -1281,8 +1281,9 @@ function edImportKey(
 // Lengths (in bytes) of seedless ML-DSA / ML-KEM PKCS#8 encodings. A PKCS#8
 // blob of exactly this length contains only the expanded private key with no
 // seed; Node rejects these to keep cross-implementation interop intact.
-// Refs: ~/dev/node/lib/internal/crypto/ml_dsa.js:158-174, ml_kem.js:157-173.
-const PQC_SEEDLESS_PKCS8_LENGTHS: Readonly<Record<string, number>> = {
+// Refs: node lib/internal/crypto/ml_dsa.js (mlDsaImportKey, pkcs8 case)
+//       node lib/internal/crypto/ml_kem.js (mlKemImportKey, pkcs8 case)
+export const PQC_SEEDLESS_PKCS8_LENGTHS: Readonly<Record<string, number>> = {
   'ML-DSA-44': 2588,
   'ML-DSA-65': 4060,
   'ML-DSA-87': 4924,
@@ -1291,6 +1292,17 @@ const PQC_SEEDLESS_PKCS8_LENGTHS: Readonly<Record<string, number>> = {
   'ML-KEM-1024': 3196,
 };
 
+// Map from PQC algorithm name to display family. Used to render the
+// import-rejection error message in the same form Node emits.
+const PQC_FAMILY: Readonly<Record<string, 'ML-DSA' | 'ML-KEM'>> = {
+  'ML-DSA-44': 'ML-DSA',
+  'ML-DSA-65': 'ML-DSA',
+  'ML-DSA-87': 'ML-DSA',
+  'ML-KEM-512': 'ML-KEM',
+  'ML-KEM-768': 'ML-KEM',
+  'ML-KEM-1024': 'ML-KEM',
+};
+
 function pqcImportKeyObject(
   format: ImportFormat,
   data: BufferLike | JWK,
@@ -1308,8 +1320,11 @@ function pqcImportKeyObject(
     };
   } else if (format === 'pkcs8') {
     const ab = bufferLikeToArrayBuffer(data as BufferLike);
-    if (ab.byteLength === PQC_SEEDLESS_PKCS8_LENGTHS[name]) {
-      const family = name.startsWith('ML-DSA') ? 'ML-DSA' : 'ML-KEM';
+    const family = PQC_FAMILY[name];
+    if (
+      family !== undefined &&
+      ab.byteLength === PQC_SEEDLESS_PKCS8_LENGTHS[name]
+    ) {
       throw lazyDOMException(
         `Importing an ${family} PKCS#8 key without a seed is not supported`,
         'NotSupportedError',