react-native-quick-crypto 1.0.0-beta.2 → 1.0.0-beta.21

package/cpp/cipher/HybridCipher.cpp

@@ -0,0 +1,322 @@
+#include <algorithm> // For std::sort
+#include <cstring>   // For std::memcpy
+#include <memory>
+#include <stdexcept>
+#include <string>
+#include <vector>
+
+#include "HybridCipher.hpp"
+#include "Utils.hpp"
+
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+namespace margelo::nitro::crypto {
+
+HybridCipher::~HybridCipher() {
+  if (ctx) {
+    EVP_CIPHER_CTX_free(ctx);
+    // No need to set ctx = nullptr here, object is being destroyed
+  }
+}
+
+void HybridCipher::checkCtx() const {
+  if (!ctx) {
+    throw std::runtime_error("Cipher context is not initialized or has been disposed.");
+  }
+}
+
+bool HybridCipher::maybePassAuthTagToOpenSSL() {
+  if (auth_tag_state == kAuthTagKnown) {
+    OSSL_PARAM params[] = {OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, auth_tag, auth_tag_len),
+                           OSSL_PARAM_construct_end()};
+    if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
+      unsigned long err = ERR_get_error();
+      char err_buf[256];
+      ERR_error_string_n(err, err_buf, sizeof(err_buf));
+      return false;
+    }
+    auth_tag_state = kAuthTagPassedToOpenSSL;
+  }
+  return true;
+}
+
+void HybridCipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) {
+  // Clean up any existing context
+  if (ctx) {
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = nullptr;
+  }
+
+  // 1. Get cipher implementation by name
+  const EVP_CIPHER* cipher = EVP_get_cipherbyname(cipher_type.c_str());
+  if (!cipher) {
+    throw std::runtime_error("Unknown cipher " + cipher_type);
+  }
+
+  // 2. Create a new context
+  ctx = EVP_CIPHER_CTX_new();
+  if (!ctx) {
+    throw std::runtime_error("Failed to create cipher context");
+  }
+
+  // Initialise the encryption/decryption operation with the cipher type.
+  // Key and IV will be set later by the derived class if needed.
+  if (EVP_CipherInit_ex(ctx, cipher, nullptr, nullptr, nullptr, is_cipher) != 1) {
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = nullptr;
+    throw std::runtime_error("HybridCipher: Failed initial CipherInit setup: " + std::string(err_buf));
+  }
+
+  // For base hybrid cipher, set key and IV immediately.
+  // Derived classes like CCM might override init and handle this differently.
+  auto native_key = ToNativeArrayBuffer(cipher_key);
+  auto native_iv = ToNativeArrayBuffer(iv);
+  const unsigned char* key_ptr = reinterpret_cast<const unsigned char*>(native_key->data());
+  const unsigned char* iv_ptr = reinterpret_cast<const unsigned char*>(native_iv->data());
+
+  if (EVP_CipherInit_ex(ctx, nullptr, nullptr, key_ptr, iv_ptr, is_cipher) != 1) {
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = nullptr;
+    throw std::runtime_error("HybridCipher: Failed to set key/IV: " + std::string(err_buf));
+  }
+}
+
+std::shared_ptr<ArrayBuffer> HybridCipher::update(const std::shared_ptr<ArrayBuffer>& data) {
+  auto native_data = ToNativeArrayBuffer(data);
+  checkCtx();
+  size_t in_len = native_data->size();
+  if (in_len > INT_MAX) {
+    throw std::runtime_error("Message too long");
+  }
+
+  int out_len = in_len + EVP_CIPHER_CTX_block_size(ctx);
+  uint8_t* out = new uint8_t[out_len];
+  // Perform the cipher update operation. The real size of the output is
+  // returned in out_len
+  EVP_CipherUpdate(ctx, out, &out_len, native_data->data(), in_len);
+
+  // Create and return a new buffer of exact size needed
+  return std::make_shared<NativeArrayBuffer>(out, out_len, [=]() { delete[] out; });
+}
+
+std::shared_ptr<ArrayBuffer> HybridCipher::final() {
+  checkCtx();
+  // Block size is max output size for final, unless EVP_CIPH_NO_PADDING is set
+  int block_size = EVP_CIPHER_CTX_block_size(ctx);
+  if (block_size <= 0)
+    block_size = 16; // Default if block size is weird (e.g., 0)
+  auto out_buf = std::make_unique<uint8_t[]>(block_size);
+  int out_len = 0;
+
+  int ret = EVP_CipherFinal_ex(ctx, out_buf.get(), &out_len);
+  if (!ret) {
+    unsigned long err = ERR_get_error();
+    char err_buf[256];
+    ERR_error_string_n(err, err_buf, sizeof(err_buf));
+    // Don't free context on error here either, rely on destructor
+    throw std::runtime_error("Cipher final failed: " + std::string(err_buf));
+  }
+
+  // Get raw pointer before releasing unique_ptr
+  uint8_t* raw_ptr = out_buf.get();
+  // Create the specific NativeArrayBuffer first, using full namespace
+  auto native_final_chunk = std::make_shared<margelo::nitro::NativeArrayBuffer>(out_buf.release(), static_cast<size_t>(out_len),
+                                                                                [raw_ptr]() { delete[] raw_ptr; });
+
+  // Context should NOT be freed here. It might be needed for getAuthTag() for GCM/OCB.
+  // The context will be freed by the destructor (~HybridCipher) when the object goes out of scope.
+
+  // Return the shared_ptr<NativeArrayBuffer> (implicit upcast to shared_ptr<ArrayBuffer>)
+  return native_final_chunk;
+}
+
+bool HybridCipher::setAAD(const std::shared_ptr<ArrayBuffer>& data, std::optional<double> plaintextLength) {
+  checkCtx();
+  auto native_data = ToNativeArrayBuffer(data);
+
+  // Set the AAD
+  int out_len;
+  if (!EVP_CipherUpdate(ctx, nullptr, &out_len, native_data->data(), native_data->size())) {
+    return false;
+  }
+
+  has_aad = true;
+  return true;
+}
+
+bool HybridCipher::setAutoPadding(bool autoPad) {
+  checkCtx();
+  return EVP_CIPHER_CTX_set_padding(ctx, autoPad) == 1;
+}
+
+bool HybridCipher::setAuthTag(const std::shared_ptr<ArrayBuffer>& tag) {
+  checkCtx();
+
+  if (is_cipher) {
+    throw std::runtime_error("setAuthTag can only be called during decryption.");
+  }
+
+  auto native_tag = ToNativeArrayBuffer(tag);
+  size_t tag_len = native_tag->size();
+  uint8_t* tag_ptr = native_tag->data();
+
+  int mode = EVP_CIPHER_CTX_mode(ctx);
+
+  if (mode == EVP_CIPH_GCM_MODE || mode == EVP_CIPH_OCB_MODE) {
+    // Use EVP_CTRL_AEAD_SET_TAG for GCM/OCB decryption
+    if (tag_len < 1 || tag_len > 16) { // Check tag length bounds for GCM/OCB
+      throw std::runtime_error("Invalid auth tag length for GCM/OCB. Must be between 1 and 16 bytes.");
+    }
+    // Add check for valid cipher in context before setting tag
+    // Use the correct OpenSSL 3 function: EVP_CIPHER_CTX_cipher
+    if (!EVP_CIPHER_CTX_cipher(ctx)) {
+      throw std::runtime_error("Context has no cipher set before setting GCM/OCB tag");
+    }
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag_ptr) <= 0) {
+      unsigned long err = ERR_get_error();
+      char err_buf[256];
+      ERR_error_string_n(err, err_buf, sizeof(err_buf));
+      // Include the error code in the message
+      throw std::runtime_error("Failed to set GCM/OCB auth tag: " + std::string(err_buf) + " (code: " + std::to_string(err) + ")");
+    }
+    auth_tag_state = kAuthTagPassedToOpenSSL; // Mark state
+    return true;
+
+  } else if (mode == EVP_CIPH_CCM_MODE) {
+    // Store tag internally for CCM decryption (used in CCMCipher::final)
+    if (tag_len < 4 || tag_len > 16) { // Check tag length bounds for CCM
+      throw std::runtime_error("Invalid auth tag length for CCM. Must be between 4 and 16 bytes.");
+    }
+    auth_tag_state = kAuthTagKnown; // Correct state enum value
+    auth_tag_len = tag_len;
+    // Copy directly into the member buffer (assuming uint8_t auth_tag[16])
+    std::memcpy(auth_tag, tag_ptr, tag_len);
+    return true;
+
+  } else {
+    // Not an AEAD mode that supports setAuthTag for decryption
+    throw std::runtime_error("setAuthTag is not supported for the current cipher mode.");
+  }
+}
+
+std::shared_ptr<ArrayBuffer> HybridCipher::getAuthTag() {
+  checkCtx();
+
+  int mode = EVP_CIPHER_CTX_mode(ctx);
+
+  if (!is_cipher) {
+    throw std::runtime_error("getAuthTag can only be called during encryption.");
+  }
+
+  if (mode == EVP_CIPH_GCM_MODE || mode == EVP_CIPH_OCB_MODE) {
+    // Retrieve the tag using EVP_CIPHER_CTX_ctrl for GCM/OCB
+    constexpr int max_tag_len = 16; // GCM/OCB tags are typically up to 16 bytes
+    auto tag_buf = std::make_unique<uint8_t[]>(max_tag_len);
+
+    int ret = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, max_tag_len, tag_buf.get());
+
+    if (ret <= 0) {
+      unsigned long err = ERR_get_error();
+      char err_buf[256];
+      ERR_error_string_n(err, err_buf, sizeof(err_buf));
+      throw std::runtime_error("Failed to get GCM/OCB auth tag: " + std::string(err_buf));
+    }
+
+    uint8_t* raw_ptr = tag_buf.get();
+    auto final_tag_buffer =
+        std::make_shared<margelo::nitro::NativeArrayBuffer>(tag_buf.release(), auth_tag_len, [raw_ptr]() { delete[] raw_ptr; });
+    return final_tag_buffer;
+
+  } else if (mode == EVP_CIPH_CCM_MODE) {
+    // CCM: allow getAuthTag after encryption/finalization
+    if (auth_tag_len > 0 && auth_tag_state == kAuthTagKnown) {
+      // Return the stored tag buffer
+      auto tag_buf = std::make_unique<uint8_t[]>(auth_tag_len);
+      std::memcpy(tag_buf.get(), auth_tag, auth_tag_len);
+      uint8_t* raw_ptr = tag_buf.get();
+      auto final_tag_buffer =
+          std::make_shared<margelo::nitro::NativeArrayBuffer>(tag_buf.release(), auth_tag_len, [raw_ptr]() { delete[] raw_ptr; });
+      return final_tag_buffer;
+    } else {
+      throw std::runtime_error("CCM: Auth tag not available. Ensure encryption is finalized before calling getAuthTag.");
+    }
+  } else {
+    // Not an AEAD mode that supports getAuthTag post-encryption
+    throw std::runtime_error("getAuthTag is not supported for the current cipher mode.");
+  }
+}
+
+int HybridCipher::getMode() {
+  if (!ctx) {
+    throw std::runtime_error("Cipher not initialized. Did you call setArgs()?");
+  }
+  return EVP_CIPHER_CTX_get_mode(ctx);
+}
+
+void HybridCipher::setArgs(const CipherArgs& args) {
+  this->is_cipher = args.isCipher;
+  this->cipher_type = args.cipherType;
+
+  // Reset auth tag state
+  auth_tag_state = kAuthTagUnknown;
+  std::memset(auth_tag, 0, EVP_GCM_TLS_TAG_LEN);
+
+  // Set auth tag length from args or use default
+  if (args.authTagLen.has_value()) {
+    if (!CheckIsUint32(args.authTagLen.value())) {
+      throw std::runtime_error("authTagLen must be uint32");
+    }
+    uint32_t requested_len = static_cast<uint32_t>(args.authTagLen.value());
+    if (requested_len > EVP_GCM_TLS_TAG_LEN) {
+      throw std::runtime_error("Authentication tag length too large");
+    }
+    this->auth_tag_len = requested_len;
+  } else {
+    // Default to 16 bytes for all authenticated modes
+    this->auth_tag_len = kDefaultAuthTagLength;
+  }
+}
+
+// Corrected callback signature for EVP_CIPHER_do_all_provided
+void collect_ciphers(EVP_CIPHER* cipher, void* arg) {
+  auto* names = static_cast<std::vector<std::string>*>(arg);
+  if (cipher == nullptr)
+    return;
+  // Note: EVP_CIPHER_get0_name expects const EVP_CIPHER*, but the callback provides EVP_CIPHER*.
+  // This implicit const cast should be safe here.
+  const char* name = EVP_CIPHER_get0_name(cipher);
+  if (name != nullptr) {
+    std::string name_str(name);
+    if (name_str == "NULL" || name_str.find("CTS") != std::string::npos ||
+        name_str.find("SIV") != std::string::npos ||  // Covers -SIV and -GCM-SIV
+        name_str.find("WRAP") != std::string::npos || // Covers -WRAP-INV and -WRAP-PAD-INV
+        name_str.find("SM4-") != std::string::npos) {
+      return; // Skip adding this cipher
+    }
+
+    // If not filtered out, add it to the list
+    names->push_back(name_str); // Use name_str here
+  }
+}
+
+std::vector<std::string> HybridCipher::getSupportedCiphers() {
+  std::vector<std::string> cipher_names;
+
+  // Use the simpler approach with the separate callback
+  EVP_CIPHER_do_all_provided(nullptr, // Default library context
+                             collect_ciphers, &cipher_names);
+
+  // OpenSSL 3 doesn't guarantee sorted output with _do_all_provided, sort manually
+  std::sort(cipher_names.begin(), cipher_names.end());
+
+  return cipher_names;
+}
+
+} // namespace margelo::nitro::crypto

package/cpp/cipher/HybridCipher.hpp

@@ -0,0 +1,68 @@
+#pragma once
+
+#include <openssl/core_names.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/param_build.h>
+#include <optional>
+#include <string>
+#include <vector>
+
+#include "HybridCipherSpec.hpp"
+
+namespace margelo::nitro::crypto {
+
+// Default tag length for OCB, SIV, CCM, ChaCha20-Poly1305
+constexpr unsigned kDefaultAuthTagLength = 16;
+
+class HybridCipher : public HybridCipherSpec {
+ public:
+  HybridCipher() : HybridObject(TAG) {}
+  ~HybridCipher() override;
+
+ public:
+  // Methods
+  std::shared_ptr<ArrayBuffer> update(const std::shared_ptr<ArrayBuffer>& data) override;
+
+  std::shared_ptr<ArrayBuffer> final() override;
+
+  virtual void init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv);
+
+  void setArgs(const CipherArgs& args) override;
+
+  bool setAAD(const std::shared_ptr<ArrayBuffer>& data, std::optional<double> plaintextLength) override;
+
+  bool setAutoPadding(bool autoPad) override;
+
+  bool setAuthTag(const std::shared_ptr<ArrayBuffer>& tag) override;
+
+  std::shared_ptr<ArrayBuffer> getAuthTag() override;
+
+  std::vector<std::string> getSupportedCiphers() override;
+
+ protected:
+  // Protected enums for state management
+  enum CipherKind { kCipher, kDecipher };
+  enum UpdateResult { kSuccess, kErrorMessageSize, kErrorState };
+  enum AuthTagState { kAuthTagUnknown, kAuthTagKnown, kAuthTagPassedToOpenSSL };
+
+ protected:
+  // Properties
+  bool is_cipher = true;
+  std::string cipher_type;
+  EVP_CIPHER_CTX* ctx = nullptr;
+  bool pending_auth_failed = false;
+  bool has_aad = false;
+  uint8_t auth_tag[EVP_GCM_TLS_TAG_LEN];
+  AuthTagState auth_tag_state;
+  unsigned int auth_tag_len = 0;
+  int max_message_size;
+
+ protected:
+  // Methods
+  int getMode();
+  void checkCtx() const;
+  bool maybePassAuthTagToOpenSSL();
+};
+
+} // namespace margelo::nitro::crypto

package/cpp/cipher/HybridCipherFactory.hpp

@@ -0,0 +1,97 @@
+#pragma once
+
+#include <memory>
+#include <openssl/evp.h>
+#include <string>
+
+#include "CCMCipher.hpp"
+#include "ChaCha20Cipher.hpp"
+#include "ChaCha20Poly1305Cipher.hpp"
+#include "HybridCipherFactorySpec.hpp"
+#include "OCBCipher.hpp"
+#include "Utils.hpp"
+#include "XSalsa20Cipher.hpp"
+
+namespace margelo::nitro::crypto {
+
+using namespace facebook;
+
+class HybridCipherFactory : public HybridCipherFactorySpec {
+ public:
+  HybridCipherFactory() : HybridObject(TAG) {}
+  ~HybridCipherFactory() = default;
+
+ public:
+  // Factory method exposed to JS
+  inline std::shared_ptr<HybridCipherSpec> createCipher(const CipherArgs& args) {
+    // Create the appropriate cipher instance based on mode
+    std::shared_ptr<HybridCipher> cipherInstance;
+
+    // OpenSSL
+    // temporary cipher context to determine the mode
+    EVP_CIPHER* cipher = EVP_CIPHER_fetch(nullptr, args.cipherType.c_str(), nullptr);
+    if (cipher) {
+      int mode = EVP_CIPHER_get_mode(cipher);
+
+      switch (mode) {
+        case EVP_CIPH_OCB_MODE: {
+          cipherInstance = std::make_shared<OCBCipher>();
+          cipherInstance->setArgs(args);
+          // Pass tag length (default 16 if not present)
+          size_t tag_len = args.authTagLen.has_value() ? static_cast<size_t>(args.authTagLen.value()) : 16;
+          std::static_pointer_cast<OCBCipher>(cipherInstance)->init(args.cipherKey, args.iv, tag_len);
+          EVP_CIPHER_free(cipher);
+          return cipherInstance;
+        }
+        case EVP_CIPH_CCM_MODE: {
+          cipherInstance = std::make_shared<CCMCipher>();
+          cipherInstance->setArgs(args);
+          cipherInstance->init(args.cipherKey, args.iv);
+          EVP_CIPHER_free(cipher);
+          return cipherInstance;
+        }
+        case EVP_CIPH_STREAM_CIPHER: {
+          // Check for ChaCha20 variants specifically
+          std::string cipherName = toLower(args.cipherType);
+          if (cipherName == "chacha20") {
+            cipherInstance = std::make_shared<ChaCha20Cipher>();
+            cipherInstance->setArgs(args);
+            cipherInstance->init(args.cipherKey, args.iv);
+            EVP_CIPHER_free(cipher);
+            return cipherInstance;
+          }
+          if (cipherName == "chacha20-poly1305") {
+            cipherInstance = std::make_shared<ChaCha20Poly1305Cipher>();
+            cipherInstance->setArgs(args);
+            cipherInstance->init(args.cipherKey, args.iv);
+            EVP_CIPHER_free(cipher);
+            return cipherInstance;
+          }
+        }
+        default: {
+          // Default case for other ciphers
+          cipherInstance = std::make_shared<HybridCipher>();
+          cipherInstance->setArgs(args);
+          cipherInstance->init(args.cipherKey, args.iv);
+          EVP_CIPHER_free(cipher);
+          return cipherInstance;
+        }
+      }
+    }
+    EVP_CIPHER_free(cipher);
+
+    // libsodium
+    std::string cipherName = toLower(args.cipherType);
+    if (cipherName == "xsalsa20") {
+      cipherInstance = std::make_shared<XSalsa20Cipher>();
+      cipherInstance->setArgs(args);
+      cipherInstance->init(args.cipherKey, args.iv);
+      return cipherInstance;
+    }
+
+    // Unsupported cipher type
+    throw std::runtime_error("Unsupported or unknown cipher type: " + args.cipherType);
+  }
+};
+
+} // namespace margelo::nitro::crypto

package/cpp/cipher/OCBCipher.cpp

@@ -0,0 +1,55 @@
+#include "OCBCipher.hpp"
+#include <cstring>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+#include "Utils.hpp"
+#include <cstdio>
+#include <iomanip>
+
+namespace margelo::nitro::crypto {
+
+void OCBCipher::init(const std::shared_ptr<ArrayBuffer>& key, const std::shared_ptr<ArrayBuffer>& iv, size_t tag_len) {
+  HybridCipher::init(key, iv);
+  auth_tag_len = tag_len;
+
+  // Set tag length for OCB (must be 12-16 bytes)
+  if (auth_tag_len < 12 || auth_tag_len > 16) {
+    throw std::runtime_error("OCB tag length must be between 12 and 16 bytes");
+  }
+  if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, auth_tag_len, nullptr) != 1) {
+    throw std::runtime_error("Failed to set OCB tag length");
+  }
+}
+
+std::shared_ptr<ArrayBuffer> OCBCipher::getAuthTag() {
+  checkCtx();
+  if (!is_cipher) {
+    throw std::runtime_error("getAuthTag can only be called during encryption.");
+  }
+  auto tag_buf = std::make_unique<uint8_t[]>(auth_tag_len);
+  if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, auth_tag_len, tag_buf.get()) != 1) {
+    throw std::runtime_error("Failed to get OCB auth tag");
+  }
+  uint8_t* raw_ptr = tag_buf.get();
+  return std::make_shared<NativeArrayBuffer>(tag_buf.release(), auth_tag_len, [raw_ptr]() { delete[] raw_ptr; });
+}
+
+bool OCBCipher::setAuthTag(const std::shared_ptr<ArrayBuffer>& tag) {
+  checkCtx();
+  if (is_cipher) {
+    throw std::runtime_error("setAuthTag can only be called during decryption.");
+  }
+  auto native_tag = ToNativeArrayBuffer(tag);
+  size_t tag_len = native_tag->size();
+  if (tag_len < 12 || tag_len > 16) {
+    throw std::runtime_error("Invalid OCB tag length");
+  }
+  if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, native_tag->data()) != 1) {
+    throw std::runtime_error("Failed to set OCB auth tag");
+  }
+  auth_tag_len = tag_len;
+  return true;
+}
+
+} // namespace margelo::nitro::crypto

package/cpp/cipher/OCBCipher.hpp

@@ -0,0 +1,19 @@
+#pragma once
+
+#include "HybridCipher.hpp"
+
+namespace margelo::nitro::crypto {
+
+class OCBCipher : public HybridCipher {
+ public:
+  OCBCipher() : HybridObject(TAG) {}
+  void init(const std::shared_ptr<ArrayBuffer>& key, const std::shared_ptr<ArrayBuffer>& iv, size_t tag_len = 16);
+
+  std::shared_ptr<ArrayBuffer> getAuthTag() override;
+  bool setAuthTag(const std::shared_ptr<ArrayBuffer>& tag) override;
+
+ protected:
+  size_t auth_tag_len = 16;
+};
+
+} // namespace margelo::nitro::crypto

package/cpp/cipher/XSalsa20Cipher.cpp

@@ -0,0 +1,61 @@
+#include <cstring>   // For std::memcpy
+#include <stdexcept> // For std::runtime_error
+
+#include "NitroModules/ArrayBuffer.hpp"
+#include "Utils.hpp"
+#include "XSalsa20Cipher.hpp"
+
+namespace margelo::nitro::crypto {
+
+/**
+ * Initialize the cipher with a key and a nonce (using iv argument as nonce)
+ */
+void XSalsa20Cipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) {
+  auto native_key = ToNativeArrayBuffer(cipher_key);
+  auto native_iv = ToNativeArrayBuffer(iv);
+
+  // Validate key size
+  if (native_key->size() < crypto_stream_KEYBYTES) {
+    throw std::runtime_error("XSalsa20 key too short: expected " + std::to_string(crypto_stream_KEYBYTES) + " bytes, got " +
+                             std::to_string(native_key->size()) + " bytes.");
+  }
+  // Validate nonce size
+  if (native_iv->size() < crypto_stream_NONCEBYTES) {
+    throw std::runtime_error("XSalsa20 nonce too short: expected " + std::to_string(crypto_stream_NONCEBYTES) + " bytes, got " +
+                             std::to_string(native_iv->size()) + " bytes.");
+  }
+
+  // Copy key and nonce data
+  std::memcpy(key, native_key->data(), crypto_stream_KEYBYTES);
+  std::memcpy(nonce, native_iv->data(), crypto_stream_NONCEBYTES);
+}
+
+/**
+ * xsalsa20 call to sodium implementation
+ */
+std::shared_ptr<ArrayBuffer> XSalsa20Cipher::update(const std::shared_ptr<ArrayBuffer>& data) {
+#ifndef BLSALLOC_SODIUM
+  throw std::runtime_error("XSalsa20Cipher: libsodium must be enabled to use this cipher (BLSALLOC_SODIUM is not defined).");
+#else
+  auto native_data = ToNativeArrayBuffer(data);
+  auto output = new uint8_t[native_data->size()];
+  int result = crypto_stream_xor(output, native_data->data(), native_data->size(), nonce, key);
+  if (result != 0) {
+    throw std::runtime_error("XSalsa20Cipher: Failed to update");
+  }
+  return std::make_shared<NativeArrayBuffer>(output, native_data->size(), [=]() { delete[] output; });
+#endif
+}
+
+/**
+ * xsalsa20 does not have a final step, returns empty buffer
+ */
+std::shared_ptr<ArrayBuffer> XSalsa20Cipher::final() {
+#ifndef BLSALLOC_SODIUM
+  throw std::runtime_error("XSalsa20Cipher: libsodium must be enabled to use this cipher (BLSALLOC_SODIUM is not defined).");
+#else
+  return std::make_shared<NativeArrayBuffer>(nullptr, 0, nullptr);
+#endif
+}
+
+} // namespace margelo::nitro::crypto

package/cpp/cipher/XSalsa20Cipher.hpp

@@ -0,0 +1,33 @@
+#pragma once
+
+#if BLSALLOC_SODIUM
+#include "sodium.h"
+#else
+// Define XSalsa20 constants when sodium is disabled (for compilation purposes)
+#define crypto_stream_KEYBYTES 32   // XSalsa20 key size (32 bytes)
+#define crypto_stream_NONCEBYTES 24 // XSalsa20 nonce size (24 bytes)
+#endif
+
+#include "HybridCipher.hpp"
+#include "NitroModules/ArrayBuffer.hpp"
+
+namespace margelo::nitro::crypto {
+
+class XSalsa20Cipher : public HybridCipher {
+ public:
+  XSalsa20Cipher() : HybridObject(TAG) {}
+  ~XSalsa20Cipher() {
+    // Let parent destructor free the context
+    ctx = nullptr;
+  }
+
+  void init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) override;
+  std::shared_ptr<ArrayBuffer> update(const std::shared_ptr<ArrayBuffer>& data) override;
+  std::shared_ptr<ArrayBuffer> final() override;
+
+ private:
+  uint8_t key[crypto_stream_KEYBYTES];
+  uint8_t nonce[crypto_stream_NONCEBYTES];
+};
+
+} // namespace margelo::nitro::crypto