feat: implement ML-KEM encapsulate/decapsulate (#941)

Author: boorad

.docs/implementation-coverage.md

@@ -125,9 +125,9 @@ These algorithms provide quantum-resistant cryptography.
   - ✅ `crypto.createSecretKey(key[, encoding])`
   - ✅ `crypto.createSign(algorithm[, options])`
   - ✅ `crypto.createVerify(algorithm[, options])`
-  - ❌ `crypto.decapsulate(key, ciphertext[, callback])`
+  - ✅ `crypto.decapsulate(key, ciphertext[, callback])`
   - ✅ `crypto.diffieHellman(options[, callback])`
-  - ❌ `crypto.encapsulate(key[, callback])`
+  - ✅ `crypto.encapsulate(key[, callback])`
   - `-` `crypto.fips` deprecated, not applicable to RN
   - ✅ `crypto.generateKey(type, options, callback)`
   - ✅ `crypto.generateKeyPair(type, options, callback)`
@@ -272,14 +272,14 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
 
 - 🚧 Class: `SubtleCrypto`
   - ✅ static `supports(operation, algorithm[, lengthOrAdditionalAlgorithm])`
-  - ❌ `subtle.decapsulateBits(decapsulationAlgorithm, decapsulationKey, ciphertext)`
-  - ❌ `subtle.decapsulateKey(decapsulationAlgorithm, decapsulationKey, ciphertext, sharedKeyAlgorithm, extractable, usages)`
+  - ✅ `subtle.decapsulateBits(decapsulationAlgorithm, decapsulationKey, ciphertext)`
+  - ✅ `subtle.decapsulateKey(decapsulationAlgorithm, decapsulationKey, ciphertext, sharedKeyAlgorithm, extractable, usages)`
   - ✅ `subtle.decrypt(algorithm, key, data)`
   - ✅ `subtle.deriveBits(algorithm, baseKey, length)`
   - ✅ `subtle.deriveKey(algorithm, baseKey, derivedKeyAlgorithm, extractable, keyUsages)`
   - 🚧 `subtle.digest(algorithm, data)`
-  - ❌ `subtle.encapsulateBits(encapsulationAlgorithm, encapsulationKey)`
-  - ❌ `subtle.encapsulateKey(encapsulationAlgorithm, encapsulationKey, sharedKeyAlgorithm, extractable, usages)`
+  - ✅ `subtle.encapsulateBits(encapsulationAlgorithm, encapsulationKey)`
+  - ✅ `subtle.encapsulateKey(encapsulationAlgorithm, encapsulationKey, sharedKeyAlgorithm, extractable, usages)`
   - 🚧 `subtle.encrypt(algorithm, key, data)`
   - 🚧 `subtle.exportKey(format, key)`
   - 🚧 `subtle.generateKey(algorithm, extractable, keyUsages)`
@@ -370,9 +370,9 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
 | `ML-DSA-44`         |   ✅   |   ✅    |  ✅   |       |              |      ✅      |     ✅     |
 | `ML-DSA-65`         |   ✅   |   ✅    |  ✅   |       |              |      ✅      |     ✅     |
 | `ML-DSA-87`         |   ✅   |   ✅    |  ✅   |       |              |      ✅      |     ✅     |
-| `ML-KEM-512`        |   ❌   |   ❌    |       |       |              |      ❌      |     ❌     |
-| `ML-KEM-768`        |   ❌   |   ❌    |       |       |              |      ❌      |     ❌     |
-| `ML-KEM-1024`       |   ❌   |   ❌    |       |       |              |      ❌      |     ❌     |
+| `ML-KEM-512`        |   ✅   |   ✅    |       |       |              |      ❌      |     ❌     |
+| `ML-KEM-768`        |   ✅   |   ✅    |       |       |              |      ❌      |     ❌     |
+| `ML-KEM-1024`       |   ✅   |   ✅    |       |       |              |      ❌      |     ❌     |
 | `RSA-OAEP`          |   ✅   |   ✅    |  ✅   |       |              |              |            |
 | `RSA-PSS`           |   ✅   |   ✅    |  ✅   |       |              |              |            |
 | `RSASSA-PKCS1-v1_5` |   ✅   |   ✅    |  ✅   |       |              |              |            |
@@ -394,9 +394,9 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
 | `ML-DSA-44`         |   ✅   |
 | `ML-DSA-65`         |   ✅   |
 | `ML-DSA-87`         |   ✅   |
-| `ML-KEM-512`        |   ❌   |
-| `ML-KEM-768`        |   ❌   |
-| `ML-KEM-1024`       |   ❌   |
+| `ML-KEM-512`        |   ✅   |
+| `ML-KEM-768`        |   ✅   |
+| `ML-KEM-1024`       |   ✅   |
 | `RSA-OAEP`          |   ✅   |
 | `RSA-PSS`           |   ✅   |
 | `RSASSA-PKCS1-v1_5` |   ✅   |
@@ -439,9 +439,9 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
 | `ML-DSA-44`         |   ✅   |   ✅    |  ✅   |       |              |      ✅      |     ✅     |
 | `ML-DSA-65`         |   ✅   |   ✅    |  ✅   |       |              |      ✅      |     ✅     |
 | `ML-DSA-87`         |   ✅   |   ✅    |  ✅   |       |              |      ✅      |     ✅     |
-| `ML-KEM-512`        |   ❌   |   ❌    |       |       |              |      ❌      |     ❌     |
-| `ML-KEM-768`        |   ❌   |   ❌    |       |       |              |      ❌      |     ❌     |
-| `ML-KEM-1024`       |   ❌   |   ❌    |       |       |              |      ❌      |     ❌     |
+| `ML-KEM-512`        |   ✅   |   ✅    |       |       |              |      ❌      |     ❌     |
+| `ML-KEM-768`        |   ✅   |   ✅    |       |       |              |      ❌      |     ❌     |
+| `ML-KEM-1024`       |   ✅   |   ✅    |       |       |              |      ❌      |     ❌     |
 | `PBKDF2`            |        |         |       |  ✅   |      ✅      |              |            |
 | `RSA-OAEP`          |   ✅   |   ✅    |  ✅   |       |              |              |            |
 | `RSA-PSS`           |   ✅   |   ✅    |  ✅   |       |              |              |            |

.github/ISSUE_TEMPLATE/FEATURE_REQUEST.yml

@@ -1,6 +1,6 @@
 name: ✨ Feature request
 description: Suggest an idea for this project
-title: "✨ "
+title: '✨ '
 labels: [✨ feature]
 body:
   - type: textarea
@@ -18,6 +18,7 @@ body:
       options:
         - iOS
         - Android
+        - Both
     validations:
       required: true
   - type: textarea

CLAUDE.md

@@ -132,6 +132,10 @@ Tests run in the React Native example app environment, not standard Node.js test
 
 Don't ask to run tests - they must be executed in the example React Native application.
 
+### Metro Logs
+
+Metro output is tee'd to `/tmp/rnqc-metro.log`. When debugging test failures, read this file to see console output including test pass/fail results. Use `grep -E "FAIL|❌|failed" /tmp/rnqc-metro.log | tail -20` to quickly find failures.
+
 ## Quality Checks
 
 Before committing:

example/src/hooks/useTestsList.ts

@@ -34,6 +34,7 @@ import '../tests/subtle/argon2_deriveBits';
 import '../tests/subtle/deriveBits';
 import '../tests/subtle/derive_key';
 import '../tests/subtle/digest';
+import '../tests/subtle/encap_decap';
 import '../tests/subtle/encrypt_decrypt';
 import '../tests/subtle/generateKey';
 import '../tests/subtle/import_export';

example/src/tests/subtle/encap_decap.ts

@@ -0,0 +1,162 @@
+import { expect } from 'chai';
+import { test } from '../util';
+import crypto from 'react-native-quick-crypto';
+import type { WebCryptoKeyPair } from 'react-native-quick-crypto';
+import {
+  MLKEM_VARIANTS,
+  MLKEM_CIPHERTEXT_SIZES,
+  SHARED_SECRET_SIZE,
+} from './mlkem_constants';
+
+const { subtle } = crypto;
+
+const SUITE = 'subtle.encapsulate/decapsulate';
+
+// --- encapsulateBits / decapsulateBits ---
+
+for (const variant of MLKEM_VARIANTS) {
+  test(SUITE, `${variant} encapsulateBits/decapsulateBits`, async () => {
+    const keyPair = await subtle.generateKey({ name: variant }, true, [
+      'encapsulateBits',
+      'decapsulateBits',
+    ]);
+
+    const { publicKey, privateKey } = keyPair as WebCryptoKeyPair;
+
+    const { sharedKey, ciphertext } = await subtle.encapsulateBits(
+      { name: variant },
+      publicKey,
+    );
+
+    expect(ciphertext.byteLength).to.equal(MLKEM_CIPHERTEXT_SIZES[variant]);
+    expect(sharedKey.byteLength).to.equal(SHARED_SECRET_SIZE);
+
+    const decapsulated = await subtle.decapsulateBits(
+      { name: variant },
+      privateKey,
+      ciphertext,
+    );
+
+    expect(decapsulated.byteLength).to.equal(SHARED_SECRET_SIZE);
+
+    const encapsulatedBytes = new Uint8Array(sharedKey);
+    const decapsulatedBytes = new Uint8Array(decapsulated);
+    expect(encapsulatedBytes).to.deep.equal(decapsulatedBytes);
+  });
+
+  // --- encapsulateKey / decapsulateKey with AES-GCM ---
+
+  test(SUITE, `${variant} encapsulateKey/decapsulateKey AES-GCM`, async () => {
+    const keyPair = await subtle.generateKey({ name: variant }, true, [
+      'encapsulateKey',
+      'decapsulateKey',
+    ]);
+
+    const { publicKey, privateKey } = keyPair as WebCryptoKeyPair;
+
+    const { key: aesKey, ciphertext } = await subtle.encapsulateKey(
+      { name: variant },
+      publicKey,
+      { name: 'AES-GCM', length: 256 },
+      true,
+      ['encrypt', 'decrypt'],
+    );
+
+    expect(ciphertext.byteLength).to.equal(MLKEM_CIPHERTEXT_SIZES[variant]);
+    expect(aesKey.algorithm.name).to.equal('AES-GCM');
+    expect(aesKey.extractable).to.equal(true);
+    expect(aesKey.usages).to.include('encrypt');
+
+    const decapsulatedKey = await subtle.decapsulateKey(
+      { name: variant },
+      privateKey,
+      ciphertext,
+      { name: 'AES-GCM', length: 256 },
+      true,
+      ['encrypt', 'decrypt'],
+    );
+
+    expect(decapsulatedKey.algorithm.name).to.equal('AES-GCM');
+
+    const rawEncapsulated = await subtle.exportKey('raw', aesKey);
+    const rawDecapsulated = await subtle.exportKey('raw', decapsulatedKey);
+    expect(new Uint8Array(rawEncapsulated as ArrayBuffer)).to.deep.equal(
+      new Uint8Array(rawDecapsulated as ArrayBuffer),
+    );
+  });
+
+  // --- Import then encapsulate/decapsulate roundtrip ---
+
+  test(SUITE, `${variant} import then encap/decap`, async () => {
+    const keyPair = await subtle.generateKey({ name: variant }, true, [
+      'encapsulateBits',
+      'decapsulateBits',
+    ]);
+
+    const { publicKey, privateKey } = keyPair as WebCryptoKeyPair;
+
+    const spki = (await subtle.exportKey('spki', publicKey)) as ArrayBuffer;
+    const pkcs8 = (await subtle.exportKey('pkcs8', privateKey)) as ArrayBuffer;
+
+    const importedPub = await subtle.importKey(
+      'spki',
+      spki,
+      { name: variant },
+      true,
+      ['encapsulateBits'],
+    );
+    const importedPriv = await subtle.importKey(
+      'pkcs8',
+      pkcs8,
+      { name: variant },
+      true,
+      ['decapsulateBits'],
+    );
+
+    const { sharedKey, ciphertext } = await subtle.encapsulateBits(
+      { name: variant },
+      importedPub,
+    );
+
+    const decapsulated = await subtle.decapsulateBits(
+      { name: variant },
+      importedPriv,
+      ciphertext,
+    );
+
+    expect(new Uint8Array(sharedKey)).to.deep.equal(
+      new Uint8Array(decapsulated),
+    );
+  });
+}
+
+// --- Top-level crypto.encapsulate/decapsulate ---
+
+for (const variant of MLKEM_VARIANTS) {
+  test(SUITE, `${variant} crypto.encapsulate/decapsulate`, async () => {
+    const keyPair = await subtle.generateKey({ name: variant }, true, [
+      'encapsulateBits',
+      'decapsulateBits',
+    ]);
+
+    const { publicKey, privateKey } = keyPair as WebCryptoKeyPair;
+
+    const result = crypto.encapsulate(publicKey);
+    expect(result).to.have.property('sharedKey');
+    expect(result).to.have.property('ciphertext');
+
+    const { sharedKey, ciphertext } = result!;
+    expect(ciphertext.byteLength).to.equal(MLKEM_CIPHERTEXT_SIZES[variant]);
+    expect(sharedKey.byteLength).to.equal(SHARED_SECRET_SIZE);
+
+    const decapsulated = crypto.decapsulate(privateKey, ciphertext);
+    expect(decapsulated).to.be.an.instanceOf(ArrayBuffer);
+    expect((decapsulated as ArrayBuffer).byteLength).to.equal(
+      SHARED_SECRET_SIZE,
+    );
+
+    expect(new Uint8Array(sharedKey)).to.deep.equal(
+      new Uint8Array(decapsulated as ArrayBuffer),
+    );
+  });
+}

example/src/tests/subtle/generateKey.ts

@@ -14,6 +14,7 @@ interface TestCryptoKeyPair {
   publicKey: CryptoKey;
   privateKey: CryptoKey;
 }
+import { MLKEM_VARIANTS } from './mlkem_constants';
 import { test, assertThrowsAsync } from '../util';
 
 const SUITE = 'subtle.generateKey';
@@ -597,6 +598,52 @@ test(SUITE, 'ML-DSA bad usages', async () => {
   );
 });
 
+// --- ML-KEM Key Generation Tests ---
+
+for (const variant of MLKEM_VARIANTS) {
+  test(SUITE, `ML-KEM keygen: ${variant}`, async () => {
+    const keyPair = await subtle.generateKey({ name: variant }, true, [
+      'encapsulateBits',
+      'decapsulateBits',
+    ]);
+
+    const { publicKey, privateKey } = keyPair as TestCryptoKeyPair;
+
+    expect(publicKey.type).to.equal('public');
+    expect(privateKey.type).to.equal('private');
+    expect(publicKey.algorithm.name).to.equal(variant);
+    expect(privateKey.algorithm.name).to.equal(variant);
+    expect(publicKey.extractable).to.equal(true);
+  });
+
+  test(SUITE, `ML-KEM keygen non-extractable: ${variant}`, async () => {
+    const keyPair = await subtle.generateKey({ name: variant }, false, [
+      'encapsulateBits',
+      'decapsulateBits',
+    ]);
+
+    const { publicKey, privateKey } = keyPair as TestCryptoKeyPair;
+
+    expect(publicKey.extractable).to.equal(true);
+    expect(privateKey.extractable).to.equal(false);
+  });
+}
+
+test(SUITE, 'ML-KEM bad usages', async () => {
+  await assertThrowsAsync(
+    async () => await subtle.generateKey({ name: 'ML-KEM-768' }, true, []),
+    'Usages cannot be empty',
+  );
+
+  await assertThrowsAsync(
+    async () =>
+      await subtle.generateKey({ name: 'ML-KEM-768' }, true, [
+        'sign',
+      ] as KeyUsage[]),
+    'Unsupported key usage',
+  );
+});
+
 /*
 // Test AES Key Generation
 type AESArgs = [AESAlgorithm, AESLength, KeyUsage[]];