react-native-quick-crypto 1.0.0-beta.15 → 1.0.0-beta.17

package/QuickCrypto.podspec

@@ -17,9 +17,45 @@ Pod::Spec.new do |s|
   s.macos.deployment_target = 10.13
   s.tvos.deployment_target = 13.4
 
-  s.source       = { :git => "https://github.com/margelo/react-native-quick-crypto.git", :tag => "#{s.version}" }
+  s.source = { :git => "https://github.com/margelo/react-native-quick-crypto.git", :tag => "#{s.version}" }
 
-  s.source_files = [
+  sodium_enabled = ENV['SODIUM_ENABLED'] == '1'
+  Pod::UI.puts("[QuickCrypto] Has libsodium #{sodium_enabled ? "enabled" : "disabled"}!")
+
+  if sodium_enabled
+    # cocoapod for Sodium has not been updated for a while, so we need to build it ourselves
+    # https://github.com/jedisct1/swift-sodium/issues/264#issuecomment-2864963850
+    s.prepare_command = <<-CMD
+      # Create ios directory if it doesn't exist
+      mkdir -p ios
+
+      # Download libsodium
+      curl -L -s -o ios/libsodium.tar.gz https://download.libsodium.org/libsodium/releases/libsodium-1.0.20-stable.tar.gz
+
+      # Clean previous extraction
+      rm -rf ios/libsodium-stable
+
+      # Extract the full tarball
+      tar -xzf ios/libsodium.tar.gz -C ios
+
+      # Run configure and make to generate all headers including private ones
+      cd ios/libsodium-stable && \
+      ./configure --disable-shared --enable-static && \
+      make -j$(sysctl -n hw.ncpu)
+
+      # Cleanup
+      cd ../../
+      rm -f ios/libsodium.tar.gz
+    CMD
+  else
+    s.prepare_command = <<-CMD
+      # Clean up libsodium files if they exist
+      rm -rf ios/libsodium-stable
+      rm -f ios/libsodium.tar.gz
+    CMD
+  end
+
+  base_source_files = [
     # implementation (Swift)
     "ios/**/*.{swift}",
     # ios (Objective-C++)
@@ -32,17 +68,40 @@ Pod::Spec.new do |s|
     "deps/**/*.{h,c}",
   ]
 
-  s.pod_target_xcconfig = {
+  if sodium_enabled
+    base_source_files += ["ios/libsodium-stable/src/libsodium/**/*.{h,c}"]
+  end
+
+  s.source_files = base_source_files
+
+  xcconfig = {
     # C++ compiler flags, mainly for folly.
-    "GCC_PREPROCESSOR_DEFINITIONS" => "$(inherited) FOLLY_NO_CONFIG FOLLY_CFG_NO_COROUTINES"
+    "GCC_PREPROCESSOR_DEFINITIONS" => "$(inherited) FOLLY_NO_CONFIG FOLLY_CFG_NO_COROUTINES",
+    # Set C++ standard to C++20
+    "CLANG_CXX_LANGUAGE_STANDARD" => "c++20",
+    "CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES" => "YES"
   }
 
+  if sodium_enabled
+    sodium_headers = [
+      "\"$(PODS_TARGET_SRCROOT)/ios/libsodium-stable/src/libsodium/include\"",
+      "\"$(PODS_TARGET_SRCROOT)/ios/libsodium-stable/src/libsodium/include/sodium\"",
+      "\"$(PODS_TARGET_SRCROOT)/ios/libsodium-stable\"",
+      "\"$(PODS_ROOT)/../../packages/react-native-quick-crypto/ios/libsodium-stable/src/libsodium/include\"",
+      "\"$(PODS_ROOT)/../../packages/react-native-quick-crypto/ios/libsodium-stable/src/libsodium/include/sodium\""
+    ]
+    xcconfig["HEADER_SEARCH_PATHS"] = sodium_headers.join(' ')
+    xcconfig["GCC_PREPROCESSOR_DEFINITIONS"] = "$(inherited) BLSALLOC_SODIUM=1"
+  end
+
+  s.pod_target_xcconfig = xcconfig
+
   # Add all files generated by Nitrogen
-  load 'nitrogen/generated/ios/QuickCrypto+autolinking.rb'
+  load "nitrogen/generated/ios/QuickCrypto+autolinking.rb"
   add_nitrogen_files(s)
 
-  s.dependency 'React-jsi'
-  s.dependency 'React-callinvoker'
+  s.dependency "React-jsi"
+  s.dependency "React-callinvoker"
   s.dependency "OpenSSL-Universal"
   install_modules_dependencies(s)
 end

package/README.md

@@ -1,5 +1,9 @@
-<a href="https://margelo.io">
-  <img src="./docs/img/banner.svg" width="100%" />
+<a href="https://margelo.com">
+  <picture>
+    <source media="(prefers-color-scheme: dark)" srcset="./docs/img/banner-dark.png" />
+    <source media="(prefers-color-scheme: light)" srcset="./docs/img/banner-light.png" />
+    <img alt="react-native-quick-crypto" src="./docs/img/banner-light.png" />
+  </picture>
 </a>
 
 # ⚡️ react-native-quick-crypto
@@ -27,7 +31,7 @@ QuickCrypto can be used as a drop-in replacement for your Web3/Crypto apps to sp
 | Version | RN Architecture | Modules |
 | ------- | ------ | ------- |
 | `1.x`     | new [->](https://github.com/reactwg/react-native-new-architecture/blob/main/docs/enable-apps.md)  | Nitro Modules [->](https://github.com/mrousavy/nitro) |
-| `0.x`     | old  | Bridge & JSI |
+| `0.x`     | old, new 🤞  | Bridge & JSI |
 
 ## Benchmarks
 

package/android/CMakeLists.txt

@@ -12,6 +12,9 @@ add_library(
   ../cpp/cipher/CCMCipher.cpp
   ../cpp/cipher/HybridCipher.cpp
   ../cpp/cipher/OCBCipher.cpp
+  ../cpp/cipher/XSalsa20Cipher.cpp
+  ../cpp/cipher/ChaCha20Cipher.cpp
+  ../cpp/cipher/ChaCha20Poly1305Cipher.cpp
   ../cpp/ed25519/HybridEdKeyPair.cpp
   ../cpp/hash/HybridHash.cpp
   ../cpp/hmac/HybridHmac.cpp
@@ -44,20 +47,29 @@ find_package(openssl REQUIRED CONFIG)
 # Link all libraries together
 target_link_libraries(
   ${PACKAGE_NAME}
-  ${LOG_LIB}                             # <-- Logcat logger
-  android                                # <-- Android core
-  openssl::crypto                        # <-- OpenSSL (Crypto)
+  ${LOG_LIB}                               # <-- Logcat logger
+  android                                  # <-- Android core
+  openssl::crypto                          # <-- OpenSSL   (Crypto)
+)
+
+if(SODIUM_ENABLED)
+  add_definitions(-DBLSALLOC_SODIUM)
+  find_package(sodium REQUIRED CONFIG)
+  target_link_libraries(
+    ${PACKAGE_NAME}
+    sodium::sodium
   )
+endif()
 
 if(ReactAndroid_VERSION_MINOR GREATER_EQUAL 76)
   target_link_libraries(
     ${PACKAGE_NAME}
-    ReactAndroid::reactnative             # <-- RN: Native Modules umbrella prefab
+    ReactAndroid::reactnative              # <-- RN: Native Modules umbrella prefab
   )
 else()
   target_link_libraries(
     ${PACKAGE_NAME}
-    ReactAndroid::turbomodulejsijni
-    ReactAndroid::react_nativemodule_core  # <-- RN: React Native native module core
+    ReactAndroid::react_nativemodule_core  # <-- RN: TurboModules Core
+    ReactAndroid::turbomodulejsijni        # <-- RN: TurboModules utils (e.g. CallInvokerHolder)
   )
 endif()

package/android/build.gradle

@@ -37,6 +37,9 @@ def getExtOrIntegerDefault(name) {
   return rootProject.ext.has(name) ? rootProject.ext.get(name) : (project.properties["QuickCrypto_" + name]).toInteger()
 }
 
+def sodiumEnabled = hasProperty('sodiumEnabled') ? project.property('sodiumEnabled').toBoolean() : false // Default to false
+logger.warn("[QuickCrypto] Has libsodium ${sodiumEnabled ? "enabled" : "disabled"}!")
+
 android {
   namespace "com.margelo.nitro.quickcrypto"
   ndkVersion getExtOrDefault("ndkVersion")
@@ -50,7 +53,7 @@ android {
     externalNativeBuild {
       cmake {
         cppFlags "-frtti -fexceptions -Wall -fstack-protector-all"
-        arguments "-DANDROID_STL=c++_shared"
+        arguments "-DANDROID_STL=c++_shared", "-DSODIUM_ENABLED=${sodiumEnabled}"
         abiFilters (*reactNativeArchitectures())
 
         buildTypes {
@@ -139,6 +142,11 @@ dependencies {
 
   // Add a dependency on OpenSSL
   implementation 'io.github.ronickg:openssl:3.3.2'
+
+  if (sodiumEnabled) {
+    // Add a dependency on libsodium
+    implementation 'io.github.ronickg:sodium:1.0.20'
+  }
 }
 
 if (isNewArchitectureEnabled()) {

package/cpp/cipher/ChaCha20Cipher.cpp

@@ -0,0 +1,97 @@
+#include "ChaCha20Cipher.hpp"
+#include "Utils.hpp"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <stdexcept>
+
+namespace margelo::nitro::crypto {
+
+void ChaCha20Cipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) {
+  // Clean up any existing context
+  if (ctx) {
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = nullptr;
+  }
+
+  // Get ChaCha20 cipher implementation
+  const EVP_CIPHER* cipher = EVP_chacha20();
+  if (!cipher) {
+    throw std::runtime_error("Failed to get ChaCha20 cipher implementation");
+  }
+
+  // Create a new context
+  ctx = EVP_CIPHER_CTX_new();
+  if (!ctx) {
+    throw std::runtime_error("Failed to create cipher context");
+  }
+
+  // Initialize the encryption/decryption operation
+  if (EVP_CipherInit_ex(ctx, cipher, nullptr, nullptr, nullptr, is_cipher) != 1) {
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = nullptr;
+    throw std::runtime_error("ChaCha20Cipher: Failed initial CipherInit setup: " + std::string(err_buf));
+  }
+
+  // Set key and IV
+  auto native_key = ToNativeArrayBuffer(cipher_key);
+  auto native_iv = ToNativeArrayBuffer(iv);
+
+  // Validate key size
+  if (native_key->size() != kKeySize) {
+    throw std::runtime_error("ChaCha20 key must be 32 bytes");
+  }
+
+  // Validate IV size
+  if (native_iv->size() != kIVSize) {
+    throw std::runtime_error("ChaCha20 IV must be 16 bytes");
+  }
+
+  const unsigned char* key_ptr = reinterpret_cast<const unsigned char*>(native_key->data());
+  const unsigned char* iv_ptr = reinterpret_cast<const unsigned char*>(native_iv->data());
+
+  if (EVP_CipherInit_ex(ctx, nullptr, nullptr, key_ptr, iv_ptr, is_cipher) != 1) {
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = nullptr;
+    throw std::runtime_error("ChaCha20Cipher: Failed to set key/IV: " + std::string(err_buf));
+  }
+}
+
+std::shared_ptr<ArrayBuffer> ChaCha20Cipher::update(const std::shared_ptr<ArrayBuffer>& data) {
+  checkCtx();
+  auto native_data = ToNativeArrayBuffer(data);
+  size_t in_len = native_data->size();
+  if (in_len > INT_MAX) {
+    throw std::runtime_error("Message too long");
+  }
+
+  // For ChaCha20, output size equals input size since it's a stream cipher
+  int out_len = in_len;
+  uint8_t* out = new uint8_t[out_len];
+
+  // Perform the cipher update operation
+  if (EVP_CipherUpdate(ctx, out, &out_len, native_data->data(), in_len) != 1) {
+    delete[] out;
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    throw std::runtime_error("ChaCha20Cipher: Failed to update: " + std::string(err_buf));
+  }
+
+  // Create and return a new buffer of exact size needed
+  return std::make_shared<NativeArrayBuffer>(out, out_len, [=]() { delete[] out; });
+}
+
+std::shared_ptr<ArrayBuffer> ChaCha20Cipher::final() {
+  checkCtx();
+  // For ChaCha20, final() should return an empty buffer since it's a stream cipher
+  unsigned char* empty_output = new unsigned char[0];
+  return std::make_shared<NativeArrayBuffer>(empty_output, 0, [=]() { delete[] empty_output; });
+}
+
+} // namespace margelo::nitro::crypto

package/cpp/cipher/ChaCha20Cipher.hpp

@@ -0,0 +1,25 @@
+#pragma once
+
+#include "HybridCipher.hpp"
+
+namespace margelo::nitro::crypto {
+
+class ChaCha20Cipher : public HybridCipher {
+ public:
+  ChaCha20Cipher() : HybridObject(TAG) {}
+  ~ChaCha20Cipher() {
+    // Let parent destructor free the context
+    ctx = nullptr;
+  }
+
+  void init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) override;
+  std::shared_ptr<ArrayBuffer> update(const std::shared_ptr<ArrayBuffer>& data) override;
+  std::shared_ptr<ArrayBuffer> final() override;
+
+ private:
+  // ChaCha20 uses a 256-bit key (32 bytes) and a 128-bit IV (16 bytes)
+  static constexpr int kKeySize = 32;
+  static constexpr int kIVSize = 16;
+};
+
+} // namespace margelo::nitro::crypto

package/cpp/cipher/ChaCha20Poly1305Cipher.cpp

@@ -0,0 +1,170 @@
+#include "ChaCha20Poly1305Cipher.hpp"
+#include "Utils.hpp"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <stdexcept>
+
+namespace margelo::nitro::crypto {
+
+void ChaCha20Poly1305Cipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) {
+  // Clean up any existing context
+  if (ctx) {
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = nullptr;
+  }
+
+  // Get ChaCha20-Poly1305 cipher implementation
+  const EVP_CIPHER* cipher = EVP_chacha20_poly1305();
+  if (!cipher) {
+    throw std::runtime_error("Failed to get ChaCha20-Poly1305 cipher implementation");
+  }
+
+  // Create a new context
+  ctx = EVP_CIPHER_CTX_new();
+  if (!ctx) {
+    throw std::runtime_error("Failed to create cipher context");
+  }
+
+  // Initialize the encryption/decryption operation
+  if (EVP_CipherInit_ex(ctx, cipher, nullptr, nullptr, nullptr, is_cipher) != 1) {
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = nullptr;
+    throw std::runtime_error("ChaCha20Poly1305Cipher: Failed initial CipherInit setup: " + std::string(err_buf));
+  }
+
+  // Set key and IV
+  auto native_key = ToNativeArrayBuffer(cipher_key);
+  auto native_iv = ToNativeArrayBuffer(iv);
+
+  // Validate key size
+  if (native_key->size() != kKeySize) {
+    throw std::runtime_error("ChaCha20-Poly1305 key must be 32 bytes");
+  }
+
+  // Validate nonce size
+  if (native_iv->size() != kNonceSize) {
+    throw std::runtime_error("ChaCha20-Poly1305 nonce must be 12 bytes");
+  }
+
+  const unsigned char* key_ptr = reinterpret_cast<const unsigned char*>(native_key->data());
+  const unsigned char* iv_ptr = reinterpret_cast<const unsigned char*>(native_iv->data());
+
+  if (EVP_CipherInit_ex(ctx, nullptr, nullptr, key_ptr, iv_ptr, is_cipher) != 1) {
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = nullptr;
+    throw std::runtime_error("ChaCha20Poly1305Cipher: Failed to set key/IV: " + std::string(err_buf));
+  }
+
+  // Reset final_called flag
+  final_called = false;
+}
+
+std::shared_ptr<ArrayBuffer> ChaCha20Poly1305Cipher::update(const std::shared_ptr<ArrayBuffer>& data) {
+  checkCtx();
+  auto native_data = ToNativeArrayBuffer(data);
+  size_t in_len = native_data->size();
+  if (in_len > INT_MAX) {
+    throw std::runtime_error("Message too long");
+  }
+
+  // For ChaCha20-Poly1305, output size equals input size since it's a stream cipher
+  int out_len = in_len;
+  uint8_t* out = new uint8_t[out_len];
+
+  // Perform the cipher update operation
+  if (EVP_CipherUpdate(ctx, out, &out_len, native_data->data(), in_len) != 1) {
+    delete[] out;
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    throw std::runtime_error("ChaCha20Poly1305Cipher: Failed to update: " + std::string(err_buf));
+  }
+
+  // Create and return a new buffer of exact size needed
+  return std::make_shared<NativeArrayBuffer>(out, out_len, [=]() { delete[] out; });
+}
+
+std::shared_ptr<ArrayBuffer> ChaCha20Poly1305Cipher::final() {
+  checkCtx();
+
+  // For ChaCha20-Poly1305, we need to call final to generate the tag
+  int out_len = 0;
+  unsigned char* out = new unsigned char[0];
+
+  if (EVP_CipherFinal_ex(ctx, out, &out_len) != 1) {
+    delete[] out;
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    throw std::runtime_error("ChaCha20Poly1305Cipher: Failed to finalize: " + std::string(err_buf));
+  }
+
+  final_called = true;
+  return std::make_shared<NativeArrayBuffer>(out, out_len, [=]() { delete[] out; });
+}
+
+bool ChaCha20Poly1305Cipher::setAAD(const std::shared_ptr<ArrayBuffer>& data, std::optional<double> plaintextLength) {
+  checkCtx();
+  auto native_aad = ToNativeArrayBuffer(data);
+  size_t aad_len = native_aad->size();
+
+  // Set AAD data
+  int out_len = 0;
+  if (EVP_CipherUpdate(ctx, nullptr, &out_len, native_aad->data(), aad_len) != 1) {
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    throw std::runtime_error("ChaCha20Poly1305Cipher: Failed to set AAD: " + std::string(err_buf));
+  }
+  return true;
+}
+
+std::shared_ptr<ArrayBuffer> ChaCha20Poly1305Cipher::getAuthTag() {
+  checkCtx();
+  if (!is_cipher) {
+    throw std::runtime_error("getAuthTag can only be called during encryption");
+  }
+  if (!final_called) {
+    throw std::runtime_error("getAuthTag must be called after final()");
+  }
+
+  // Get the authentication tag
+  auto tag_buf = std::make_unique<uint8_t[]>(kTagSize);
+  if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, kTagSize, tag_buf.get()) != 1) {
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    throw std::runtime_error("ChaCha20Poly1305Cipher: Failed to get auth tag: " + std::string(err_buf));
+  }
+
+  uint8_t* raw_ptr = tag_buf.get();
+  return std::make_shared<NativeArrayBuffer>(tag_buf.release(), kTagSize, [raw_ptr]() { delete[] raw_ptr; });
+}
+
+bool ChaCha20Poly1305Cipher::setAuthTag(const std::shared_ptr<ArrayBuffer>& tag) {
+  checkCtx();
+  if (is_cipher) {
+    throw std::runtime_error("setAuthTag can only be called during decryption");
+  }
+
+  auto native_tag = ToNativeArrayBuffer(tag);
+  if (native_tag->size() != kTagSize) {
+    throw std::runtime_error("ChaCha20-Poly1305 tag must be 16 bytes");
+  }
+
+  if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, kTagSize, native_tag->data()) != 1) {
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    throw std::runtime_error("ChaCha20Poly1305Cipher: Failed to set auth tag: " + std::string(err_buf));
+  }
+  return true;
+}
+
+} // namespace margelo::nitro::crypto

package/cpp/cipher/ChaCha20Poly1305Cipher.hpp

@@ -0,0 +1,30 @@
+#pragma once
+
+#include "HybridCipher.hpp"
+
+namespace margelo::nitro::crypto {
+
+class ChaCha20Poly1305Cipher : public HybridCipher {
+ public:
+  ChaCha20Poly1305Cipher() : HybridObject(TAG), final_called(false) {}
+  ~ChaCha20Poly1305Cipher() {
+    // Let parent destructor free the context
+    ctx = nullptr;
+  }
+
+  void init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) override;
+  std::shared_ptr<ArrayBuffer> update(const std::shared_ptr<ArrayBuffer>& data) override;
+  std::shared_ptr<ArrayBuffer> final() override;
+  bool setAAD(const std::shared_ptr<ArrayBuffer>& data, std::optional<double> plaintextLength) override;
+  std::shared_ptr<ArrayBuffer> getAuthTag() override;
+  bool setAuthTag(const std::shared_ptr<ArrayBuffer>& tag) override;
+
+ private:
+  // ChaCha20-Poly1305 uses a 256-bit key (32 bytes) and a 96-bit nonce (12 bytes)
+  static constexpr int kKeySize = 32;
+  static constexpr int kNonceSize = 12;
+  static constexpr int kTagSize = 16; // Poly1305 tag is always 16 bytes
+  bool final_called;
+};
+
+} // namespace margelo::nitro::crypto

package/cpp/cipher/HybridCipher.cpp

@@ -115,7 +115,6 @@ std::shared_ptr<ArrayBuffer> HybridCipher::final() {
   auto out_buf = std::make_unique<uint8_t[]>(block_size);
   int out_len = 0;
 
-  int mode = EVP_CIPHER_CTX_mode(ctx);
   int ret = EVP_CipherFinal_ex(ctx, out_buf.get(), &out_len);
   if (!ret) {
     unsigned long err = ERR_get_error();

package/cpp/cipher/HybridCipher.hpp

@@ -1,6 +1,5 @@
 #pragma once
 
-#include <memory>
 #include <openssl/core_names.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>

package/cpp/cipher/HybridCipherFactory.hpp

@@ -5,8 +5,12 @@
 #include <string>
 
 #include "CCMCipher.hpp"
+#include "ChaCha20Cipher.hpp"
+#include "ChaCha20Poly1305Cipher.hpp"
 #include "HybridCipherFactorySpec.hpp"
 #include "OCBCipher.hpp"
+#include "Utils.hpp"
+#include "XSalsa20Cipher.hpp"
 
 namespace margelo::nitro::crypto {
 
@@ -20,39 +24,68 @@ class HybridCipherFactory : public HybridCipherFactorySpec {
  public:
   // Factory method exposed to JS
   inline std::shared_ptr<HybridCipherSpec> createCipher(const CipherArgs& args) {
-    // Create a temporary cipher context to determine the mode
+    // Create the appropriate cipher instance based on mode
+    std::shared_ptr<HybridCipher> cipherInstance;
+
+    // OpenSSL
+    // temporary cipher context to determine the mode
     EVP_CIPHER* cipher = EVP_CIPHER_fetch(nullptr, args.cipherType.c_str(), nullptr);
-    if (!cipher) {
-      throw std::runtime_error("Invalid cipher type: " + args.cipherType);
-    }
+    if (cipher) {
+      int mode = EVP_CIPHER_get_mode(cipher);
 
-    int mode = EVP_CIPHER_get_mode(cipher);
+      switch (mode) {
+        case EVP_CIPH_OCB_MODE: {
+          cipherInstance = std::make_shared<OCBCipher>();
+          cipherInstance->setArgs(args);
+          // Pass tag length (default 16 if not present)
+          size_t tag_len = args.authTagLen.has_value() ? static_cast<size_t>(args.authTagLen.value()) : 16;
+          std::static_pointer_cast<OCBCipher>(cipherInstance)->init(args.cipherKey, args.iv, tag_len);
+          return cipherInstance;
+        }
+        case EVP_CIPH_CCM_MODE: {
+          cipherInstance = std::make_shared<CCMCipher>();
+          cipherInstance->setArgs(args);
+          cipherInstance->init(args.cipherKey, args.iv);
+          return cipherInstance;
+        }
+        case EVP_CIPH_STREAM_CIPHER: {
+          // Check for ChaCha20 variants specifically
+          std::string cipherName = toLower(args.cipherType);
+          if (cipherName == "chacha20") {
+            cipherInstance = std::make_shared<ChaCha20Cipher>();
+            cipherInstance->setArgs(args);
+            cipherInstance->init(args.cipherKey, args.iv);
+            return cipherInstance;
+          }
+          if (cipherName == "chacha20-poly1305") {
+            cipherInstance = std::make_shared<ChaCha20Poly1305Cipher>();
+            cipherInstance->setArgs(args);
+            cipherInstance->init(args.cipherKey, args.iv);
+            return cipherInstance;
+          }
+        }
+        default: {
+          // Default case for other ciphers
+          cipherInstance = std::make_shared<HybridCipher>();
+          cipherInstance->setArgs(args);
+          cipherInstance->init(args.cipherKey, args.iv);
+          return cipherInstance;
+        }
+      }
+    }
     EVP_CIPHER_free(cipher);
 
-    // Create the appropriate cipher instance based on mode
-    std::shared_ptr<HybridCipher> cipherInstance;
-    switch (mode) {
-      case EVP_CIPH_OCB_MODE: {
-        cipherInstance = std::make_shared<OCBCipher>();
-        cipherInstance->setArgs(args);
-        // Pass tag length (default 16 if not present)
-        size_t tag_len = args.authTagLen.has_value() ? static_cast<size_t>(args.authTagLen.value()) : 16;
-        std::static_pointer_cast<OCBCipher>(cipherInstance)->init(args.cipherKey, args.iv, tag_len);
-        return cipherInstance;
-      }
-      case EVP_CIPH_CCM_MODE: {
-        cipherInstance = std::make_shared<CCMCipher>();
-        cipherInstance->setArgs(args);
-        cipherInstance->init(args.cipherKey, args.iv);
-        return cipherInstance;
-      }
-      default: {
-        cipherInstance = std::make_shared<HybridCipher>();
-        cipherInstance->setArgs(args);
-        cipherInstance->init(args.cipherKey, args.iv);
-        return cipherInstance;
-      }
+    // libsodium
+    std::string cipherName = toLower(args.cipherType);
+    if (cipherName == "xsalsa20") {
+      cipherInstance = std::make_shared<XSalsa20Cipher>();
+      cipherInstance->setArgs(args);
+      cipherInstance->init(args.cipherKey, args.iv);
+      return cipherInstance;
     }
+
+    // Unsupported cipher type
+    throw std::runtime_error("Unsupported or unknown cipher type: " + args.cipherType);
   }
 };