react-native-quick-crypto 1.0.19 → 1.1.1

package/QuickCrypto.podspec

@@ -42,41 +42,14 @@ Pod::Spec.new do |s|
     end
   end
 
-  # OpenSSL 3.6+ vendored xcframework (not yet on CocoaPods trunk)
-  openssl_version = "3.6.0001"
-  openssl_url = "https://github.com/krzyzanowskim/OpenSSL/releases/download/#{openssl_version}/OpenSSL.xcframework.zip"
-
-  # Ensure OpenSSL.xcframework is present during podspec evaluation.
-  # This is necessary because prepare_command is skipped for :path pods,
-  # which is how React Native native modules are installed.
-  # See: https://github.com/margelo/react-native-quick-crypto/issues/882
-  openssl_dir = File.join(__dir__, "OpenSSL.xcframework")
-  openssl_plist = File.join(openssl_dir, "Info.plist")
-  unless File.exist?(openssl_plist)
-    # Clean up any partial download
-    FileUtils.rm_rf(openssl_dir) if File.directory?(openssl_dir)
-    FileUtils.rm_f(File.join(__dir__, "OpenSSL.xcframework.zip"))
-
-    Pod::UI.puts "[QuickCrypto] ⬇️  Downloading OpenSSL.xcframework..."
-    Dir.chdir(__dir__) do
-      system("curl -sSfL --connect-timeout 30 --max-time 300 -o OpenSSL.xcframework.zip #{openssl_url}") || raise("Failed to download OpenSSL")
-      system("unzip -q -o OpenSSL.xcframework.zip") || raise("Failed to unzip OpenSSL")
-      File.delete("OpenSSL.xcframework.zip") if File.exist?("OpenSSL.xcframework.zip")
-    end
-    Pod::UI.puts "[QuickCrypto] ✅ OpenSSL.xcframework downloaded successfully"
-  end
-
   if sodium_enabled
     # Build libsodium from source for XSalsa20 cipher support
     # CocoaPods packages are outdated (1.0.12) and SPM causes module conflicts
     s.prepare_command = <<-CMD
       set -e
-      # Download OpenSSL.xcframework
-      if [ ! -d "OpenSSL.xcframework" ]; then
-        curl -L -o OpenSSL.xcframework.zip #{openssl_url}
-        unzip -o OpenSSL.xcframework.zip
-        rm -f OpenSSL.xcframework.zip
-      fi
+      # Clean up vendored OpenSSL.xcframework from pre-1.0.20 installs
+      rm -rf OpenSSL.xcframework
+      rm -f OpenSSL.xcframework.zip
       # Build libsodium
       mkdir -p ios
       curl -L -o ios/libsodium.tar.gz https://download.libsodium.org/libsodium/releases/libsodium-1.0.20-stable.tar.gz
@@ -90,20 +63,15 @@ Pod::Spec.new do |s|
   else
     s.prepare_command = <<-CMD
       set -e
-      # Download OpenSSL.xcframework
-      if [ ! -d "OpenSSL.xcframework" ]; then
-        curl -L -o OpenSSL.xcframework.zip #{openssl_url}
-        unzip -o OpenSSL.xcframework.zip
-        rm -f OpenSSL.xcframework.zip
-      fi
       # Clean up libsodium if previously built
       rm -rf ios/libsodium-stable
       rm -f ios/libsodium.tar.gz
+      # Clean up vendored OpenSSL.xcframework from pre-1.0.20 installs
+      rm -rf OpenSSL.xcframework
+      rm -f OpenSSL.xcframework.zip
     CMD
   end
 
-  s.vendored_frameworks = "OpenSSL.xcframework"
-
   base_source_files = [
     # implementation (Swift)
     "ios/**/*.{swift}",
@@ -114,6 +82,9 @@ Pod::Spec.new do |s|
     # dependencies (C++) - ncrypto
     "deps/ncrypto/include/**/*.{h}",
     "deps/ncrypto/src/*.{cpp}",
+    # dependencies (C++) - simdutf
+    "deps/simdutf/include/**/*.{h}",
+    "deps/simdutf/src/simdutf.cpp",
     # dependencies (C) - exclude BLAKE3 x86 SIMD files (only use portable + NEON for ARM)
     "deps/blake3/c/*.{h,c}",
     "deps/fastpbkdf2/*.{h,c}",
@@ -183,6 +154,8 @@ Pod::Spec.new do |s|
     "\"$(PODS_TARGET_SRCROOT)/cpp/ecdh\"",
     "\"$(PODS_TARGET_SRCROOT)/nitrogen/generated/shared/c++\"",
     "\"$(PODS_TARGET_SRCROOT)/deps/ncrypto/include\"",
+    "\"$(PODS_TARGET_SRCROOT)/deps/simdutf/include\"",
+    "\"$(PODS_TARGET_SRCROOT)/deps/simdutf/src\"",
     "\"$(PODS_TARGET_SRCROOT)/deps/blake3/c\"",
     "\"$(PODS_TARGET_SRCROOT)/deps/fastpbkdf2\""
   ]
@@ -210,6 +183,7 @@ Pod::Spec.new do |s|
   load "nitrogen/generated/ios/QuickCrypto+autolinking.rb"
   add_nitrogen_files(s)
 
+  s.dependency "OpenSSL-Universal", "~> 3.6"
   s.dependency "React-jsi"
   s.dependency "React-callinvoker"
 

package/README.md

@@ -143,6 +143,8 @@ const hashed = QuickCrypto.createHash('sha256')
   .digest('hex');
 ```
 
+More details can be found on the [documentation](https://margelo.github.io/react-native-quick-crypto/).
+
 ## Limitations
 
 Not all cryptographic algorithms are supported yet. See the [implementation coverage](./.docs/implementation-coverage.md) document for more details. If you need a specific algorithm, please open a `feature request` issue and we'll see what we can do.

package/android/CMakeLists.txt

@@ -67,6 +67,7 @@ add_library(
   ../deps/ncrypto/src/aead.cpp
   ../deps/ncrypto/src/engine.cpp
   ../deps/ncrypto/src/ncrypto.cpp
+  ../deps/simdutf/src/simdutf.cpp
 )
 
 # add Nitrogen specs
@@ -102,6 +103,8 @@ include_directories(
   "../deps/blake3/c"
   "../deps/fastpbkdf2"
   "../deps/ncrypto/include"
+  "../deps/simdutf/include"
+  "../deps/simdutf/src"
 )
 
 # Third party libraries (Prefabs)

package/android/build.gradle

@@ -7,7 +7,7 @@ buildscript {
   }
 
   dependencies {
-    classpath "com.android.tools.build:gradle:8.7.3"
+    classpath "com.android.tools.build:gradle:8.12.2"
     classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:${kotlinVersion}"
   }
 }
@@ -113,6 +113,10 @@ packagingOptions {
 
   lintOptions {
     disable "GradleCompatible"
+    // AGP version is constrained by RN 0.81 + Gradle 8.14.3 + JDK 17.
+    // AGP 9.x requires Gradle 9 and JDK 21 — not viable until RN bumps its toolchain.
+    disable "AndroidGradlePluginVersion"
+    disable "GradleDependency"
   }
 
   compileOptions {

package/cpp/argon2/HybridArgon2.cpp

@@ -30,6 +30,15 @@ static std::shared_ptr<ArrayBuffer> hashImpl(const std::string& algorithm, const
 
   auto type = parseAlgorithm(algorithm);
 
+  // Validate every numeric parameter before the cast. The previous code did
+  // `static_cast<uint32_t>(parallelism)` etc. naked, which is undefined
+  // behavior for NaN, +/-Infinity, or negative input — see audit Phase 1.1.
+  uint32_t parallelismU = validateUInt<uint32_t>(parallelism, "Argon2 parallelism");
+  size_t tagLengthU = validateUInt<size_t>(tagLength, "Argon2 tagLength");
+  uint32_t memoryU = validateUInt<uint32_t>(memory, "Argon2 memory");
+  uint32_t passesU = validateUInt<uint32_t>(passes, "Argon2 passes");
+  uint32_t versionU = validateUInt<uint32_t>(version, "Argon2 version");
+
   ncrypto::Buffer<const char> passBuf{message->size() > 0 ? reinterpret_cast<const char*>(message->data()) : "", message->size()};
 
   ncrypto::Buffer<const unsigned char> saltBuf{nonce->size() > 0 ? reinterpret_cast<const unsigned char*>(nonce->data())
@@ -46,9 +55,7 @@ static std::shared_ptr<ArrayBuffer> hashImpl(const std::string& algorithm, const
     adBuf = {reinterpret_cast<const unsigned char*>(associatedData.value()->data()), associatedData.value()->size()};
   }
 
-  auto result =
-      ncrypto::argon2(passBuf, saltBuf, static_cast<uint32_t>(parallelism), static_cast<size_t>(tagLength), static_cast<uint32_t>(memory),
-                      static_cast<uint32_t>(passes), static_cast<uint32_t>(version), secretBuf, adBuf, type);
+  auto result = ncrypto::argon2(passBuf, saltBuf, parallelismU, tagLengthU, memoryU, passesU, versionU, secretBuf, adBuf, type);
 
   if (!result) {
     unsigned long err = ERR_peek_last_error();

package/cpp/blake3/HybridBlake3.cpp

@@ -2,6 +2,7 @@
 
 #include <NitroModules/ArrayBuffer.hpp>
 #include <cstring>
+#include <memory>
 #include <stdexcept>
 
 #include "QuickCryptoUtils.hpp"
@@ -67,10 +68,11 @@ std::shared_ptr<ArrayBuffer> HybridBlake3::digest(std::optional<double> length)
     outLen = static_cast<size_t>(len);
   }
 
-  auto output = new uint8_t[outLen];
-  blake3_hasher_finalize(&hasher, output, outLen);
+  auto output = std::make_unique<uint8_t[]>(outLen);
+  blake3_hasher_finalize(&hasher, output.get(), outLen);
 
-  return std::make_shared<margelo::nitro::NativeArrayBuffer>(output, outLen, [=]() { delete[] output; });
+  uint8_t* raw_ptr = output.get();
+  return std::make_shared<margelo::nitro::NativeArrayBuffer>(output.release(), outLen, [raw_ptr]() { delete[] raw_ptr; });
 }
 
 void HybridBlake3::reset() {

package/cpp/cipher/CCMCipher.cpp

@@ -22,7 +22,7 @@ void CCMCipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::s
   size_t iv_len = native_iv->size();
 
   // Set the IV length using CCM-specific control
-  if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, iv_len, nullptr) != 1) {
+  if (EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_CCM_SET_IVLEN, iv_len, nullptr) != 1) {
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
@@ -31,7 +31,7 @@ void CCMCipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::s
 
   // Set the expected/output tag length using CCM-specific control.
   // auth_tag_len should have been defaulted or set via setArgs in the base init.
-  if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, auth_tag_len, nullptr) != 1) {
+  if (EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_CCM_SET_TAG, auth_tag_len, nullptr) != 1) {
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
@@ -44,7 +44,7 @@ void CCMCipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::s
   const unsigned char* iv_ptr = reinterpret_cast<const unsigned char*>(native_iv->data());
 
   // The last argument (is_cipher) should be consistent with the initial setup call.
-  if (EVP_CipherInit_ex(ctx, nullptr, nullptr, key_ptr, iv_ptr, is_cipher) != 1) {
+  if (EVP_CipherInit_ex(ctx.get(), nullptr, nullptr, key_ptr, iv_ptr, is_cipher) != 1) {
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
@@ -55,6 +55,7 @@ void CCMCipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::s
 std::shared_ptr<ArrayBuffer> CCMCipher::update(const std::shared_ptr<ArrayBuffer>& data) {
   checkCtx();
   checkNotFinalized();
+  has_update_called = true;
   auto native_data = ToNativeArrayBuffer(data);
   size_t in_len = native_data->size();
   if (in_len < 0 || in_len > INT_MAX) {
@@ -66,7 +67,7 @@ std::shared_ptr<ArrayBuffer> CCMCipher::update(const std::shared_ptr<ArrayBuffer
     maybePassAuthTagToOpenSSL();
   }
 
-  int block_size = EVP_CIPHER_CTX_block_size(ctx);
+  int block_size = EVP_CIPHER_CTX_block_size(ctx.get());
   if (block_size <= 0) {
     throw std::runtime_error("Invalid block size in update");
   }
@@ -79,13 +80,17 @@ std::shared_ptr<ArrayBuffer> CCMCipher::update(const std::shared_ptr<ArrayBuffer
   const uint8_t* in = reinterpret_cast<const uint8_t*>(native_data->data());
 
   int actual_out_len = 0;
-  int ret = EVP_CipherUpdate(ctx, out_buf.get(), &actual_out_len, in, in_len);
+  int ret = EVP_CipherUpdate(ctx.get(), out_buf.get(), &actual_out_len, in, in_len);
 
   if (!is_cipher) {
-    // Decryption: Check for tag verification failure
+    // Decryption: tag verification happens during update for CCM. Don't
+    // throw here — defer the failure to final() so callers see the standard
+    // "auth tag mismatch on final" semantics. This also covers the misuse
+    // case where setAuthTag() was never called: ret <= 0 here, we record
+    // it, and final() turns it into a thrown error.
     if (ret <= 0) {
-      // Tag verification failed (or other decryption error)
-      throw std::runtime_error("CCM Decryption: Tag verification failed");
+      pending_auth_failed = true;
+      actual_out_len = 0;
     }
   } else {
     // Encryption: Check for standard errors
@@ -107,22 +112,29 @@ std::shared_ptr<ArrayBuffer> CCMCipher::final() {
   checkCtx();
   checkNotFinalized();
 
-  // CCM decryption does not use final. Verification happens in the last update call.
+  // CCM decryption does not use final for the verification step itself
+  // (that happens in update()), but final() is still where misuse must
+  // surface — both "setAuthTag was never called" and "the tag we did set
+  // didn't match the ciphertext" land here.
   if (!is_cipher) {
     is_finalized = true;
-    unsigned char* empty_output = new unsigned char[0];
-    return std::make_shared<NativeArrayBuffer>(empty_output, 0, [=]() { delete[] empty_output; });
+    if (auth_tag_state == kAuthTagUnknown || pending_auth_failed) {
+      throw std::runtime_error("Unsupported state or unable to authenticate data");
+    }
+    auto empty_output = std::make_unique<unsigned char[]>(0);
+    unsigned char* raw_ptr = empty_output.get();
+    return std::make_shared<NativeArrayBuffer>(empty_output.release(), 0, [raw_ptr]() { delete[] raw_ptr; });
   }
 
   // Proceed only for encryption
-  int block_size = EVP_CIPHER_CTX_block_size(ctx);
+  int block_size = EVP_CIPHER_CTX_block_size(ctx.get());
   if (block_size <= 0) {
     throw std::runtime_error("Invalid block size");
   }
   auto out_buf = std::make_unique<unsigned char[]>(block_size);
   int out_len = 0;
 
-  if (!EVP_CipherFinal_ex(ctx, out_buf.get(), &out_len)) {
+  if (!EVP_CipherFinal_ex(ctx.get(), out_buf.get(), &out_len)) {
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
@@ -133,7 +145,7 @@ std::shared_ptr<ArrayBuffer> CCMCipher::final() {
     auth_tag_len = sizeof(auth_tag);
   }
 
-  if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, auth_tag_len, auth_tag) != 1) {
+  if (EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_CCM_GET_TAG, auth_tag_len, auth_tag) != 1) {
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
@@ -148,6 +160,7 @@ std::shared_ptr<ArrayBuffer> CCMCipher::final() {
 
 bool CCMCipher::setAAD(const std::shared_ptr<ArrayBuffer>& data, std::optional<double> plaintextLength) {
   checkCtx();
+  checkAADBeforeUpdate();
   if (!plaintextLength.has_value()) {
     throw std::runtime_error("CCM mode requires plaintextLength to be set");
   }
@@ -179,7 +192,7 @@ bool CCMCipher::setAAD(const std::shared_ptr<ArrayBuffer>& data, std::optional<d
   //    BUT the wiki says "(only needed if AAD is passed)". Let's skip if decrypting and AAD length is 0.
   bool should_set_total_length = is_cipher || aad_len > 0;
   if (should_set_total_length) {
-    if (EVP_CipherUpdate(ctx, nullptr, &out_len, nullptr, data_len) != 1) {
+    if (EVP_CipherUpdate(ctx.get(), nullptr, &out_len, nullptr, data_len) != 1) {
       unsigned long err = ERR_get_error();
       char err_buf[256];
       ERR_error_string_n(err, err_buf, sizeof(err_buf));
@@ -190,7 +203,7 @@ bool CCMCipher::setAAD(const std::shared_ptr<ArrayBuffer>& data, std::optional<d
   // 2. Process AAD Data
   // Per OpenSSL CCM decryption examples, this MUST be called even if aad_len is 0.
   // Pass nullptr as the output buffer, the AAD data pointer, and its length.
-  if (EVP_CipherUpdate(ctx, nullptr, &out_len, native_aad->data(), aad_len) != 1) {
+  if (EVP_CipherUpdate(ctx.get(), nullptr, &out_len, native_aad->data(), aad_len) != 1) {
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));

package/cpp/cipher/CCMCipher.hpp

@@ -7,10 +7,8 @@ namespace margelo::nitro::crypto {
 class CCMCipher : public HybridCipher {
  public:
   CCMCipher() : HybridObject(TAG) {}
-  ~CCMCipher() {
-    // Let parent destructor free the context
-    ctx = nullptr;
-  }
+  // Destructor defaulted: HybridCipher's unique_ptr ctx frees itself.
+  ~CCMCipher() override = default;
 
   void init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) override;
   std::shared_ptr<ArrayBuffer> update(const std::shared_ptr<ArrayBuffer>& data) override;

package/cpp/cipher/ChaCha20Cipher.cpp

@@ -7,11 +7,8 @@
 namespace margelo::nitro::crypto {
 
 void ChaCha20Cipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) {
-  // Clean up any existing context
-  if (ctx) {
-    EVP_CIPHER_CTX_free(ctx);
-    ctx = nullptr;
-  }
+  // Resetting the unique_ptr frees any previous context.
+  ctx.reset();
 
   // Get ChaCha20 cipher implementation
   const EVP_CIPHER* cipher = EVP_chacha20();
@@ -20,18 +17,17 @@ void ChaCha20Cipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const s
   }
 
   // Create a new context
-  ctx = EVP_CIPHER_CTX_new();
+  ctx.reset(EVP_CIPHER_CTX_new());
   if (!ctx) {
     throw std::runtime_error("Failed to create cipher context");
   }
 
   // Initialize the encryption/decryption operation
-  if (EVP_CipherInit_ex(ctx, cipher, nullptr, nullptr, nullptr, is_cipher) != 1) {
+  if (EVP_CipherInit_ex(ctx.get(), cipher, nullptr, nullptr, nullptr, is_cipher) != 1) {
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
-    EVP_CIPHER_CTX_free(ctx);
-    ctx = nullptr;
+    ctx.reset();
     throw std::runtime_error("ChaCha20Cipher: Failed initial CipherInit setup: " + std::string(err_buf));
   }
 
@@ -52,12 +48,11 @@ void ChaCha20Cipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const s
   const unsigned char* key_ptr = reinterpret_cast<const unsigned char*>(native_key->data());
   const unsigned char* iv_ptr = reinterpret_cast<const unsigned char*>(native_iv->data());
 
-  if (EVP_CipherInit_ex(ctx, nullptr, nullptr, key_ptr, iv_ptr, is_cipher) != 1) {
+  if (EVP_CipherInit_ex(ctx.get(), nullptr, nullptr, key_ptr, iv_ptr, is_cipher) != 1) {
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
-    EVP_CIPHER_CTX_free(ctx);
-    ctx = nullptr;
+    ctx.reset();
     throw std::runtime_error("ChaCha20Cipher: Failed to set key/IV: " + std::string(err_buf));
   }
 }
@@ -73,11 +68,10 @@ std::shared_ptr<ArrayBuffer> ChaCha20Cipher::update(const std::shared_ptr<ArrayB
 
   // For ChaCha20, output size equals input size since it's a stream cipher
   int out_len = in_len;
-  uint8_t* out = new uint8_t[out_len];
+  auto out_buf = std::make_unique<uint8_t[]>(out_len);
 
   // Perform the cipher update operation
-  if (EVP_CipherUpdate(ctx, out, &out_len, native_data->data(), in_len) != 1) {
-    delete[] out;
+  if (EVP_CipherUpdate(ctx.get(), out_buf.get(), &out_len, native_data->data(), in_len) != 1) {
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
@@ -85,15 +79,17 @@ std::shared_ptr<ArrayBuffer> ChaCha20Cipher::update(const std::shared_ptr<ArrayB
   }
 
   // Create and return a new buffer of exact size needed
-  return std::make_shared<NativeArrayBuffer>(out, out_len, [=]() { delete[] out; });
+  uint8_t* raw_ptr = out_buf.get();
+  return std::make_shared<NativeArrayBuffer>(out_buf.release(), out_len, [raw_ptr]() { delete[] raw_ptr; });
 }
 
 std::shared_ptr<ArrayBuffer> ChaCha20Cipher::final() {
   checkCtx();
   checkNotFinalized();
   is_finalized = true;
-  unsigned char* empty_output = new unsigned char[0];
-  return std::make_shared<NativeArrayBuffer>(empty_output, 0, [=]() { delete[] empty_output; });
+  auto empty_buf = std::make_unique<unsigned char[]>(0);
+  unsigned char* raw_ptr = empty_buf.get();
+  return std::make_shared<NativeArrayBuffer>(empty_buf.release(), 0, [raw_ptr]() { delete[] raw_ptr; });
 }
 
 } // namespace margelo::nitro::crypto

package/cpp/cipher/ChaCha20Cipher.hpp

@@ -7,10 +7,8 @@ namespace margelo::nitro::crypto {
 class ChaCha20Cipher : public HybridCipher {
  public:
   ChaCha20Cipher() : HybridObject(TAG) {}
-  ~ChaCha20Cipher() {
-    // Let parent destructor free the context
-    ctx = nullptr;
-  }
+  // Destructor defaulted: HybridCipher's unique_ptr ctx frees itself.
+  ~ChaCha20Cipher() override = default;
 
   void init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) override;
   std::shared_ptr<ArrayBuffer> update(const std::shared_ptr<ArrayBuffer>& data) override;

package/cpp/cipher/ChaCha20Poly1305Cipher.cpp

@@ -7,11 +7,8 @@
 namespace margelo::nitro::crypto {
 
 void ChaCha20Poly1305Cipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) {
-  // Clean up any existing context
-  if (ctx) {
-    EVP_CIPHER_CTX_free(ctx);
-    ctx = nullptr;
-  }
+  // Resetting the unique_ptr frees any previous context.
+  ctx.reset();
 
   // Get ChaCha20-Poly1305 cipher implementation
   const EVP_CIPHER* cipher = EVP_chacha20_poly1305();
@@ -20,18 +17,17 @@ void ChaCha20Poly1305Cipher::init(const std::shared_ptr<ArrayBuffer> cipher_key,
   }
 
   // Create a new context
-  ctx = EVP_CIPHER_CTX_new();
+  ctx.reset(EVP_CIPHER_CTX_new());
   if (!ctx) {
     throw std::runtime_error("Failed to create cipher context");
   }
 
   // Initialize the encryption/decryption operation
-  if (EVP_CipherInit_ex(ctx, cipher, nullptr, nullptr, nullptr, is_cipher) != 1) {
+  if (EVP_CipherInit_ex(ctx.get(), cipher, nullptr, nullptr, nullptr, is_cipher) != 1) {
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
-    EVP_CIPHER_CTX_free(ctx);
-    ctx = nullptr;
+    ctx.reset();
     throw std::runtime_error("ChaCha20Poly1305Cipher: Failed initial CipherInit setup: " + std::string(err_buf));
   }
 
@@ -52,20 +48,24 @@ void ChaCha20Poly1305Cipher::init(const std::shared_ptr<ArrayBuffer> cipher_key,
   const unsigned char* key_ptr = reinterpret_cast<const unsigned char*>(native_key->data());
   const unsigned char* iv_ptr = reinterpret_cast<const unsigned char*>(native_iv->data());
 
-  if (EVP_CipherInit_ex(ctx, nullptr, nullptr, key_ptr, iv_ptr, is_cipher) != 1) {
+  if (EVP_CipherInit_ex(ctx.get(), nullptr, nullptr, key_ptr, iv_ptr, is_cipher) != 1) {
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
-    EVP_CIPHER_CTX_free(ctx);
-    ctx = nullptr;
+    ctx.reset();
     throw std::runtime_error("ChaCha20Poly1305Cipher: Failed to set key/IV: " + std::string(err_buf));
   }
   is_finalized = false;
+  has_update_called = false;
+  has_aad = false;
+  pending_auth_failed = false;
+  auth_tag_state = kAuthTagUnknown;
 }
 
 std::shared_ptr<ArrayBuffer> ChaCha20Poly1305Cipher::update(const std::shared_ptr<ArrayBuffer>& data) {
   checkCtx();
   checkNotFinalized();
+  has_update_called = true;
   auto native_data = ToNativeArrayBuffer(data);
   size_t in_len = native_data->size();
   if (in_len > INT_MAX) {
@@ -74,11 +74,10 @@ std::shared_ptr<ArrayBuffer> ChaCha20Poly1305Cipher::update(const std::shared_pt
 
   // For ChaCha20-Poly1305, output size equals input size since it's a stream cipher
   int out_len = in_len;
-  uint8_t* out = new uint8_t[out_len];
+  auto out_buf = std::make_unique<uint8_t[]>(out_len);
 
   // Perform the cipher update operation
-  if (EVP_CipherUpdate(ctx, out, &out_len, native_data->data(), in_len) != 1) {
-    delete[] out;
+  if (EVP_CipherUpdate(ctx.get(), out_buf.get(), &out_len, native_data->data(), in_len) != 1) {
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
@@ -86,19 +85,28 @@ std::shared_ptr<ArrayBuffer> ChaCha20Poly1305Cipher::update(const std::shared_pt
   }
 
   // Create and return a new buffer of exact size needed
-  return std::make_shared<NativeArrayBuffer>(out, out_len, [=]() { delete[] out; });
+  uint8_t* raw_ptr = out_buf.get();
+  return std::make_shared<NativeArrayBuffer>(out_buf.release(), out_len, [raw_ptr]() { delete[] raw_ptr; });
 }
 
 std::shared_ptr<ArrayBuffer> ChaCha20Poly1305Cipher::final() {
   checkCtx();
   checkNotFinalized();
 
+  // For decryption, the auth tag must have been provided via setAuthTag
+  // before final(). OpenSSL's ChaCha20-Poly1305 EVP_CipherFinal_ex does
+  // not flag a missing tag as an error (it simply doesn't verify), which
+  // would silently accept unauthenticated ciphertext — defeating the whole
+  // point of an AEAD. Enforce the precondition explicitly.
+  if (!is_cipher && auth_tag_state == kAuthTagUnknown) {
+    throw std::runtime_error("Unsupported state or unable to authenticate data");
+  }
+
   // For ChaCha20-Poly1305, we need to call final to generate the tag
   int out_len = 0;
-  unsigned char* out = new unsigned char[0];
+  auto out_buf = std::make_unique<unsigned char[]>(0);
 
-  if (EVP_CipherFinal_ex(ctx, out, &out_len) != 1) {
-    delete[] out;
+  if (EVP_CipherFinal_ex(ctx.get(), out_buf.get(), &out_len) != 1) {
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
@@ -106,17 +114,19 @@ std::shared_ptr<ArrayBuffer> ChaCha20Poly1305Cipher::final() {
   }
 
   is_finalized = true;
-  return std::make_shared<NativeArrayBuffer>(out, out_len, [=]() { delete[] out; });
+  unsigned char* raw_ptr = out_buf.get();
+  return std::make_shared<NativeArrayBuffer>(out_buf.release(), out_len, [raw_ptr]() { delete[] raw_ptr; });
 }
 
 bool ChaCha20Poly1305Cipher::setAAD(const std::shared_ptr<ArrayBuffer>& data, std::optional<double> plaintextLength) {
   checkCtx();
+  checkAADBeforeUpdate();
   auto native_aad = ToNativeArrayBuffer(data);
   size_t aad_len = native_aad->size();
 
   // Set AAD data
   int out_len = 0;
-  if (EVP_CipherUpdate(ctx, nullptr, &out_len, native_aad->data(), aad_len) != 1) {
+  if (EVP_CipherUpdate(ctx.get(), nullptr, &out_len, native_aad->data(), aad_len) != 1) {
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
@@ -136,7 +146,7 @@ std::shared_ptr<ArrayBuffer> ChaCha20Poly1305Cipher::getAuthTag() {
 
   // Get the authentication tag
   auto tag_buf = std::make_unique<uint8_t[]>(kTagSize);
-  if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, kTagSize, tag_buf.get()) != 1) {
+  if (EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_AEAD_GET_TAG, kTagSize, tag_buf.get()) != 1) {
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
@@ -158,12 +168,13 @@ bool ChaCha20Poly1305Cipher::setAuthTag(const std::shared_ptr<ArrayBuffer>& tag)
     throw std::runtime_error("ChaCha20-Poly1305 tag must be 16 bytes");
   }
 
-  if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, kTagSize, native_tag->data()) != 1) {
+  if (EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_AEAD_SET_TAG, kTagSize, native_tag->data()) != 1) {
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
     throw std::runtime_error("ChaCha20Poly1305Cipher: Failed to set auth tag: " + std::string(err_buf));
   }
+  auth_tag_state = kAuthTagPassedToOpenSSL;
   return true;
 }
 

package/cpp/cipher/ChaCha20Poly1305Cipher.hpp

@@ -7,10 +7,8 @@ namespace margelo::nitro::crypto {
 class ChaCha20Poly1305Cipher : public HybridCipher {
  public:
   ChaCha20Poly1305Cipher() : HybridObject(TAG) {}
-  ~ChaCha20Poly1305Cipher() {
-    // Let parent destructor free the context
-    ctx = nullptr;
-  }
+  // Destructor defaulted: HybridCipher's unique_ptr ctx frees itself.
+  ~ChaCha20Poly1305Cipher() override = default;
 
   void init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) override;
   std::shared_ptr<ArrayBuffer> update(const std::shared_ptr<ArrayBuffer>& data) override;