react-native-quick-crypto 1.0.9 → 1.0.10

package/QuickCrypto.podspec

@@ -112,7 +112,7 @@ Pod::Spec.new do |s|
     # implementation (C++)
     "cpp/**/*.{hpp,cpp}",
     # dependencies (C++) - ncrypto
-    "deps/ncrypto/include/*.{h}",
+    "deps/ncrypto/include/**/*.{h}",
     "deps/ncrypto/src/*.{cpp}",
     # dependencies (C) - exclude BLAKE3 x86 SIMD files (only use portable + NEON for ARM)
     "deps/blake3/c/*.{h,c}",
@@ -143,6 +143,9 @@ Pod::Spec.new do |s|
     "deps/blake3/c/example.c",
     "deps/blake3/c/example_tbb.c",
     "deps/blake3/c/blake3_tbb.cpp",
+    # Exclude ncrypto version.h to avoid header name collision with libsodium's version.h
+    # (ncrypto.h includes it via relative path "ncrypto/version.h" which still resolves)
+    "deps/ncrypto/include/ncrypto/version.h",
     # Exclude non-C parts of BLAKE3 repo (Rust, benchmarks, tools, etc.)
     "deps/blake3/src/**/*",
     "deps/blake3/b3sum/**/*",
@@ -165,7 +168,11 @@ Pod::Spec.new do |s|
     "CLANG_CXX_LANGUAGE_STANDARD" => "c++20",
     "CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES" => "YES",
     # Exclude ARM NEON source when building x86_64 simulator (no NEON support).
-    "EXCLUDED_SOURCE_FILE_NAMES[sdk=iphonesimulator*][arch=x86_64]" => "deps/blake3/c/blake3_neon.c"
+    "EXCLUDED_SOURCE_FILE_NAMES[sdk=iphonesimulator*][arch=x86_64]" => "deps/blake3/c/blake3_neon.c",
+    # Disable x86 SIMD intrinsics on iOS simulator — the .c implementation files are already
+    # excluded above, but blake3_dispatch.c still references the symbols unless these macros
+    # are defined. Mirrors the Android CMakeLists.txt approach (line 18-22).
+    "GCC_PREPROCESSOR_DEFINITIONS[sdk=iphonesimulator*][arch=x86_64]" => "$(inherited) BLAKE3_NO_AVX512 BLAKE3_NO_AVX2 BLAKE3_NO_SSE41 BLAKE3_NO_SSE2"
   }
 
   # Add cpp subdirectories to header search paths

package/README.md

@@ -10,19 +10,15 @@
 
 A fast implementation of Node's `crypto` module.
 
-> Note: This version `1.x` completed a major refactor, porting to OpenSSL 3.6+, New Architecture, Bridgeless, and [`Nitro Modules`](https://github.com/mrousavy/react-native-nitro).  It should be at or above feature-parity compared to the `0.x` version.  Status, as always, will be represented in [implementation-coverage.md](./.docs/implementation-coverage.md).
-
-> Note: Minimum supported version of React Native is `0.75`.  If you need to use earlier versions, please use `0.x` versions of this library.
-
 ## Features
 
 Unlike any other current JS-based polyfills, react-native-quick-crypto is written in C/C++ JSI and provides much greater performance - especially on mobile devices.
-QuickCrypto can be used as a drop-in replacement for your Web3/Crypto apps to speed up common cryptography functions.
+QuickCrypto can be used as a drop-in replacement for your Web3/Crypto apps or CRDT-based local first databases to speed up common cryptography functions.
 
-- 🏎️ Up to 58x faster than all other solutions
-- ⚡️ Lightning fast implementation with pure C++ and JSI, instead of JS
+- 🏎️ Hundreds of times faster than all JS-based solutions
+- ⚡️ Lightning fast implementation with Nitro Modules (pure C++ and JSI) instead of JS
 - 🧪 Well tested in JS and C++ (OpenSSL)
-- 💰 Made for crypto apps and Wallets
+- 💰 Made for crypto apps and wallets
 - 🔢 Secure native compiled cryptography
 - 🔁 Easy drop-in replacement for [crypto-browserify](https://github.com/browserify/crypto-browserify) or [react-native-crypto](https://github.com/tradle/react-native-crypto)
 
@@ -33,6 +29,8 @@ QuickCrypto can be used as a drop-in replacement for your Web3/Crypto apps to sp
 | `1.x`     | new [->](https://github.com/reactwg/react-native-new-architecture/blob/main/docs/enable-apps.md)  | Nitro Modules [->](https://github.com/mrousavy/nitro) |
 | `0.x`     | old, new 🤞  | Bridge & JSI |
 
+> Note: Minimum supported version of React Native is `0.75`.  If you need to use earlier versions, please use `0.x` versions of this library.
+
 ## Migration
 
 Our goal in refactoring to v1.0 was to maintain API compatibility.  If you are upgrading to v1.0 from v0.x, and find any discrepancies, please open an issue in this repo.
@@ -55,7 +53,13 @@ cd ios && pod install
 ```
 
 <h3>
-  Expo  <a href="#"><img src="./.docs/img/expo.png" height="12" /></a>
+  Expo  <a href="#">
+    <picture>
+      <source media="(prefers-color-scheme: dark)" srcset="./.docs/img/expo/dark.png" />
+      <source media="(prefers-color-scheme: light)" srcset="./.docs/img/expo/light.png" />
+      <img alt="Expo" src="./.docs/img/expo/light.png" height="12" />
+      </picture>
+  </a>
 </h3>
 
 ```sh

package/android/CMakeLists.txt

@@ -32,6 +32,8 @@ add_library(
   ../cpp/cipher/HybridRsaCipher.cpp
   ../cpp/cipher/OCBCipher.cpp
   ../cpp/cipher/XSalsa20Cipher.cpp
+  ../cpp/cipher/XSalsa20Poly1305Cipher.cpp
+  ../cpp/cipher/XChaCha20Poly1305Cipher.cpp
   ../cpp/cipher/ChaCha20Cipher.cpp
   ../cpp/cipher/ChaCha20Poly1305Cipher.cpp
   ../cpp/dh/HybridDiffieHellman.cpp
@@ -53,6 +55,8 @@ add_library(
   ../cpp/utils/HybridUtils.cpp
   ${BLAKE3_SOURCES}
   ../deps/fastpbkdf2/fastpbkdf2.c
+  ../deps/ncrypto/src/aead.cpp
+  ../deps/ncrypto/src/engine.cpp
   ../deps/ncrypto/src/ncrypto.cpp
 )
 

package/cpp/cipher/HybridCipherFactory.hpp

@@ -11,7 +11,9 @@
 #include "HybridCipherFactorySpec.hpp"
 #include "OCBCipher.hpp"
 #include "QuickCryptoUtils.hpp"
+#include "XChaCha20Poly1305Cipher.hpp"
 #include "XSalsa20Cipher.hpp"
+#include "XSalsa20Poly1305Cipher.hpp"
 
 namespace margelo::nitro::crypto {
 
@@ -88,7 +90,7 @@ class HybridCipherFactory : public HybridCipherFactorySpec {
     }
     EVP_CIPHER_free(cipher);
 
-    // libsodium
+    // libsodium ciphers
     std::string cipherName = toLower(args.cipherType);
     if (cipherName == "xsalsa20") {
       cipherInstance = std::make_shared<XSalsa20Cipher>();
@@ -96,6 +98,18 @@ class HybridCipherFactory : public HybridCipherFactorySpec {
       cipherInstance->init(args.cipherKey, args.iv);
       return cipherInstance;
     }
+    if (cipherName == "xsalsa20-poly1305") {
+      cipherInstance = std::make_shared<XSalsa20Poly1305Cipher>();
+      cipherInstance->setArgs(args);
+      cipherInstance->init(args.cipherKey, args.iv);
+      return cipherInstance;
+    }
+    if (cipherName == "xchacha20-poly1305") {
+      cipherInstance = std::make_shared<XChaCha20Poly1305Cipher>();
+      cipherInstance->setArgs(args);
+      cipherInstance->init(args.cipherKey, args.iv);
+      return cipherInstance;
+    }
 
     // Unsupported cipher type
     throw std::runtime_error("Unsupported or unknown cipher type: " + args.cipherType);

package/cpp/cipher/OCBCipher.cpp

@@ -13,9 +13,9 @@ void OCBCipher::init(const std::shared_ptr<ArrayBuffer>& key, const std::shared_
   HybridCipher::init(key, iv);
   auth_tag_len = tag_len;
 
-  // Set tag length for OCB (must be 12-16 bytes)
-  if (auth_tag_len < 12 || auth_tag_len > 16) {
-    throw std::runtime_error("OCB tag length must be between 12 and 16 bytes");
+  // Set tag length for OCB (must be 8-16 bytes)
+  if (auth_tag_len < 8 || auth_tag_len > 16) {
+    throw std::runtime_error("OCB tag length must be between 8 and 16 bytes");
   }
   if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, auth_tag_len, nullptr) != 1) {
     throw std::runtime_error("Failed to set OCB tag length");
@@ -42,7 +42,7 @@ bool OCBCipher::setAuthTag(const std::shared_ptr<ArrayBuffer>& tag) {
   }
   auto native_tag = ToNativeArrayBuffer(tag);
   size_t tag_len = native_tag->size();
-  if (tag_len < 12 || tag_len > 16) {
+  if (tag_len < 8 || tag_len > 16) {
     throw std::runtime_error("Invalid OCB tag length");
   }
   if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, native_tag->data()) != 1) {

package/cpp/cipher/XChaCha20Poly1305Cipher.cpp

@@ -0,0 +1,161 @@
+#include "XChaCha20Poly1305Cipher.hpp"
+
+#include <cstring>
+#include <stdexcept>
+
+#include "NitroModules/ArrayBuffer.hpp"
+#include "QuickCryptoUtils.hpp"
+
+namespace margelo::nitro::crypto {
+
+XChaCha20Poly1305Cipher::~XChaCha20Poly1305Cipher() {
+#ifdef BLSALLOC_SODIUM
+  sodium_memzero(key_, kKeySize);
+  sodium_memzero(nonce_, kNonceSize);
+  sodium_memzero(auth_tag_, kTagSize);
+  if (!data_buffer_.empty()) {
+    sodium_memzero(data_buffer_.data(), data_buffer_.size());
+  }
+  if (!aad_.empty()) {
+    sodium_memzero(aad_.data(), aad_.size());
+  }
+#else
+  std::memset(key_, 0, kKeySize);
+  std::memset(nonce_, 0, kNonceSize);
+  std::memset(auth_tag_, 0, kTagSize);
+#endif
+  data_buffer_.clear();
+  aad_.clear();
+}
+
+void XChaCha20Poly1305Cipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) {
+  auto native_key = ToNativeArrayBuffer(cipher_key);
+  auto native_iv = ToNativeArrayBuffer(iv);
+
+  if (native_key->size() != kKeySize) {
+    throw std::runtime_error("XChaCha20-Poly1305 key must be 32 bytes, got " + std::to_string(native_key->size()) + " bytes");
+  }
+
+  if (native_iv->size() != kNonceSize) {
+    throw std::runtime_error("XChaCha20-Poly1305 nonce must be 24 bytes, got " + std::to_string(native_iv->size()) + " bytes");
+  }
+
+  std::memcpy(key_, native_key->data(), kKeySize);
+  std::memcpy(nonce_, native_iv->data(), kNonceSize);
+
+  data_buffer_.clear();
+  aad_.clear();
+  final_called_ = false;
+}
+
+std::shared_ptr<ArrayBuffer> XChaCha20Poly1305Cipher::update(const std::shared_ptr<ArrayBuffer>& data) {
+#ifndef BLSALLOC_SODIUM
+  throw std::runtime_error("XChaCha20Poly1305Cipher: libsodium must be enabled (BLSALLOC_SODIUM)");
+#else
+  auto native_data = ToNativeArrayBuffer(data);
+  size_t data_len = native_data->size();
+
+  size_t old_size = data_buffer_.size();
+  data_buffer_.resize(old_size + data_len);
+  std::memcpy(data_buffer_.data() + old_size, native_data->data(), data_len);
+
+  return std::make_shared<NativeArrayBuffer>(nullptr, 0, nullptr);
+#endif
+}
+
+std::shared_ptr<ArrayBuffer> XChaCha20Poly1305Cipher::final() {
+#ifndef BLSALLOC_SODIUM
+  throw std::runtime_error("XChaCha20Poly1305Cipher: libsodium must be enabled (BLSALLOC_SODIUM)");
+#else
+  if (is_cipher) {
+    uint8_t* ciphertext = new uint8_t[data_buffer_.size()];
+
+    int result =
+        crypto_aead_xchacha20poly1305_ietf_encrypt_detached(ciphertext, auth_tag_, nullptr, data_buffer_.data(), data_buffer_.size(),
+                                                            aad_.empty() ? nullptr : aad_.data(), aad_.size(), nullptr, nonce_, key_);
+
+    if (result != 0) {
+      sodium_memzero(ciphertext, data_buffer_.size());
+      delete[] ciphertext;
+      throw std::runtime_error("XChaCha20Poly1305Cipher: encryption failed");
+    }
+
+    final_called_ = true;
+    size_t ct_len = data_buffer_.size();
+    return std::make_shared<NativeArrayBuffer>(ciphertext, ct_len, [=]() { delete[] ciphertext; });
+  } else {
+    if (data_buffer_.empty()) {
+      final_called_ = true;
+      return std::make_shared<NativeArrayBuffer>(nullptr, 0, nullptr);
+    }
+
+    uint8_t* plaintext = new uint8_t[data_buffer_.size()];
+
+    int result =
+        crypto_aead_xchacha20poly1305_ietf_decrypt_detached(plaintext, nullptr, data_buffer_.data(), data_buffer_.size(), auth_tag_,
+                                                            aad_.empty() ? nullptr : aad_.data(), aad_.size(), nonce_, key_);
+
+    if (result != 0) {
+      sodium_memzero(plaintext, data_buffer_.size());
+      delete[] plaintext;
+      throw std::runtime_error("XChaCha20Poly1305Cipher: decryption failed - authentication tag mismatch");
+    }
+
+    final_called_ = true;
+    size_t pt_len = data_buffer_.size();
+    return std::make_shared<NativeArrayBuffer>(plaintext, pt_len, [=]() { delete[] plaintext; });
+  }
+#endif
+}
+
+bool XChaCha20Poly1305Cipher::setAAD(const std::shared_ptr<ArrayBuffer>& data, std::optional<double> plaintextLength) {
+#ifndef BLSALLOC_SODIUM
+  throw std::runtime_error("XChaCha20Poly1305Cipher: libsodium must be enabled (BLSALLOC_SODIUM)");
+#else
+  auto native_aad = ToNativeArrayBuffer(data);
+  aad_.resize(native_aad->size());
+  std::memcpy(aad_.data(), native_aad->data(), native_aad->size());
+  return true;
+#endif
+}
+
+std::shared_ptr<ArrayBuffer> XChaCha20Poly1305Cipher::getAuthTag() {
+#ifndef BLSALLOC_SODIUM
+  throw std::runtime_error("XChaCha20Poly1305Cipher: libsodium must be enabled (BLSALLOC_SODIUM)");
+#else
+  if (!is_cipher) {
+    throw std::runtime_error("getAuthTag can only be called during encryption");
+  }
+  if (!final_called_) {
+    throw std::runtime_error("getAuthTag must be called after final()");
+  }
+
+  uint8_t* tag_copy = new uint8_t[kTagSize];
+  std::memcpy(tag_copy, auth_tag_, kTagSize);
+  return std::make_shared<NativeArrayBuffer>(tag_copy, kTagSize, [=]() { delete[] tag_copy; });
+#endif
+}
+
+bool XChaCha20Poly1305Cipher::setAuthTag(const std::shared_ptr<ArrayBuffer>& tag) {
+#ifndef BLSALLOC_SODIUM
+  throw std::runtime_error("XChaCha20Poly1305Cipher: libsodium must be enabled (BLSALLOC_SODIUM)");
+#else
+  if (is_cipher) {
+    throw std::runtime_error("setAuthTag can only be called during decryption");
+  }
+
+  auto native_tag = ToNativeArrayBuffer(tag);
+  if (native_tag->size() != kTagSize) {
+    throw std::runtime_error("XChaCha20-Poly1305 tag must be 16 bytes, got " + std::to_string(native_tag->size()) + " bytes");
+  }
+
+  std::memcpy(auth_tag_, native_tag->data(), kTagSize);
+  return true;
+#endif
+}
+
+bool XChaCha20Poly1305Cipher::setAutoPadding(bool autoPad) {
+  throw std::runtime_error("setAutoPadding is not supported for xchacha20-poly1305");
+}
+
+} // namespace margelo::nitro::crypto

package/cpp/cipher/XChaCha20Poly1305Cipher.hpp

@@ -0,0 +1,43 @@
+#pragma once
+
+#ifdef BLSALLOC_SODIUM
+#include "sodium.h"
+#else
+#define crypto_aead_xchacha20poly1305_ietf_KEYBYTES 32U
+#define crypto_aead_xchacha20poly1305_ietf_NPUBBYTES 24U
+#define crypto_aead_xchacha20poly1305_ietf_ABYTES 16U
+#endif
+
+#include <vector>
+
+#include "HybridCipher.hpp"
+
+namespace margelo::nitro::crypto {
+
+class XChaCha20Poly1305Cipher : public HybridCipher {
+ public:
+  XChaCha20Poly1305Cipher() : HybridObject(TAG), final_called_(false) {}
+  ~XChaCha20Poly1305Cipher();
+
+  void init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) override;
+  std::shared_ptr<ArrayBuffer> update(const std::shared_ptr<ArrayBuffer>& data) override;
+  std::shared_ptr<ArrayBuffer> final() override;
+  bool setAAD(const std::shared_ptr<ArrayBuffer>& data, std::optional<double> plaintextLength) override;
+  std::shared_ptr<ArrayBuffer> getAuthTag() override;
+  bool setAuthTag(const std::shared_ptr<ArrayBuffer>& tag) override;
+  bool setAutoPadding(bool autoPad) override;
+
+ private:
+  static constexpr size_t kKeySize = crypto_aead_xchacha20poly1305_ietf_KEYBYTES;
+  static constexpr size_t kNonceSize = crypto_aead_xchacha20poly1305_ietf_NPUBBYTES;
+  static constexpr size_t kTagSize = crypto_aead_xchacha20poly1305_ietf_ABYTES;
+
+  uint8_t key_[kKeySize];
+  uint8_t nonce_[kNonceSize];
+  std::vector<uint8_t> aad_;
+  std::vector<uint8_t> data_buffer_;
+  uint8_t auth_tag_[kTagSize];
+  bool final_called_;
+};
+
+} // namespace margelo::nitro::crypto

package/cpp/cipher/XSalsa20Poly1305Cipher.cpp

@@ -0,0 +1,145 @@
+#include "XSalsa20Poly1305Cipher.hpp"
+
+#include <cstring>
+#include <stdexcept>
+
+#include "NitroModules/ArrayBuffer.hpp"
+#include "QuickCryptoUtils.hpp"
+
+namespace margelo::nitro::crypto {
+
+XSalsa20Poly1305Cipher::~XSalsa20Poly1305Cipher() {
+#ifdef BLSALLOC_SODIUM
+  sodium_memzero(key_, kKeySize);
+  sodium_memzero(nonce_, kNonceSize);
+  sodium_memzero(auth_tag_, kTagSize);
+  if (!data_buffer_.empty()) {
+    sodium_memzero(data_buffer_.data(), data_buffer_.size());
+  }
+#else
+  std::memset(key_, 0, kKeySize);
+  std::memset(nonce_, 0, kNonceSize);
+  std::memset(auth_tag_, 0, kTagSize);
+#endif
+  data_buffer_.clear();
+}
+
+void XSalsa20Poly1305Cipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) {
+  auto native_key = ToNativeArrayBuffer(cipher_key);
+  auto native_iv = ToNativeArrayBuffer(iv);
+
+  if (native_key->size() != kKeySize) {
+    throw std::runtime_error("XSalsa20-Poly1305 key must be 32 bytes, got " + std::to_string(native_key->size()) + " bytes");
+  }
+
+  if (native_iv->size() != kNonceSize) {
+    throw std::runtime_error("XSalsa20-Poly1305 nonce must be 24 bytes, got " + std::to_string(native_iv->size()) + " bytes");
+  }
+
+  std::memcpy(key_, native_key->data(), kKeySize);
+  std::memcpy(nonce_, native_iv->data(), kNonceSize);
+
+  data_buffer_.clear();
+  final_called_ = false;
+}
+
+std::shared_ptr<ArrayBuffer> XSalsa20Poly1305Cipher::update(const std::shared_ptr<ArrayBuffer>& data) {
+#ifndef BLSALLOC_SODIUM
+  throw std::runtime_error("XSalsa20Poly1305Cipher: libsodium must be enabled (BLSALLOC_SODIUM)");
+#else
+  auto native_data = ToNativeArrayBuffer(data);
+  size_t data_len = native_data->size();
+
+  size_t old_size = data_buffer_.size();
+  data_buffer_.resize(old_size + data_len);
+  std::memcpy(data_buffer_.data() + old_size, native_data->data(), data_len);
+
+  return std::make_shared<NativeArrayBuffer>(nullptr, 0, nullptr);
+#endif
+}
+
+std::shared_ptr<ArrayBuffer> XSalsa20Poly1305Cipher::final() {
+#ifndef BLSALLOC_SODIUM
+  throw std::runtime_error("XSalsa20Poly1305Cipher: libsodium must be enabled (BLSALLOC_SODIUM)");
+#else
+  if (is_cipher) {
+    uint8_t* ciphertext = new uint8_t[data_buffer_.size()];
+
+    int result = crypto_secretbox_detached(ciphertext, auth_tag_, data_buffer_.data(), data_buffer_.size(), nonce_, key_);
+
+    if (result != 0) {
+      sodium_memzero(ciphertext, data_buffer_.size());
+      delete[] ciphertext;
+      throw std::runtime_error("XSalsa20Poly1305Cipher: encryption failed");
+    }
+
+    final_called_ = true;
+    size_t ct_len = data_buffer_.size();
+    return std::make_shared<NativeArrayBuffer>(ciphertext, ct_len, [=]() { delete[] ciphertext; });
+  } else {
+    if (data_buffer_.empty()) {
+      final_called_ = true;
+      return std::make_shared<NativeArrayBuffer>(nullptr, 0, nullptr);
+    }
+
+    uint8_t* plaintext = new uint8_t[data_buffer_.size()];
+
+    int result = crypto_secretbox_open_detached(plaintext, data_buffer_.data(), auth_tag_, data_buffer_.size(), nonce_, key_);
+
+    if (result != 0) {
+      sodium_memzero(plaintext, data_buffer_.size());
+      delete[] plaintext;
+      throw std::runtime_error("XSalsa20Poly1305Cipher: decryption failed - authentication tag mismatch");
+    }
+
+    final_called_ = true;
+    size_t pt_len = data_buffer_.size();
+    return std::make_shared<NativeArrayBuffer>(plaintext, pt_len, [=]() { delete[] plaintext; });
+  }
+#endif
+}
+
+bool XSalsa20Poly1305Cipher::setAAD(const std::shared_ptr<ArrayBuffer>& data, std::optional<double> plaintextLength) {
+  throw std::runtime_error("AAD is not supported for xsalsa20-poly1305 (use xchacha20-poly1305 instead)");
+}
+
+std::shared_ptr<ArrayBuffer> XSalsa20Poly1305Cipher::getAuthTag() {
+#ifndef BLSALLOC_SODIUM
+  throw std::runtime_error("XSalsa20Poly1305Cipher: libsodium must be enabled (BLSALLOC_SODIUM)");
+#else
+  if (!is_cipher) {
+    throw std::runtime_error("getAuthTag can only be called during encryption");
+  }
+  if (!final_called_) {
+    throw std::runtime_error("getAuthTag must be called after final()");
+  }
+
+  uint8_t* tag_copy = new uint8_t[kTagSize];
+  std::memcpy(tag_copy, auth_tag_, kTagSize);
+  return std::make_shared<NativeArrayBuffer>(tag_copy, kTagSize, [=]() { delete[] tag_copy; });
+#endif
+}
+
+bool XSalsa20Poly1305Cipher::setAuthTag(const std::shared_ptr<ArrayBuffer>& tag) {
+#ifndef BLSALLOC_SODIUM
+  throw std::runtime_error("XSalsa20Poly1305Cipher: libsodium must be enabled (BLSALLOC_SODIUM)");
+#else
+  if (is_cipher) {
+    throw std::runtime_error("setAuthTag can only be called during decryption");
+  }
+
+  auto native_tag = ToNativeArrayBuffer(tag);
+  if (native_tag->size() != kTagSize) {
+    throw std::runtime_error("XSalsa20-Poly1305 tag must be 16 bytes, got " + std::to_string(native_tag->size()) + " bytes");
+  }
+
+  std::memcpy(auth_tag_, native_tag->data(), kTagSize);
+  return true;
+#endif
+}
+
+bool XSalsa20Poly1305Cipher::setAutoPadding(bool autoPad) {
+  throw std::runtime_error("setAutoPadding is not supported for xsalsa20-poly1305");
+}
+
+} // namespace margelo::nitro::crypto

package/cpp/cipher/XSalsa20Poly1305Cipher.hpp

@@ -0,0 +1,42 @@
+#pragma once
+
+#ifdef BLSALLOC_SODIUM
+#include "sodium.h"
+#else
+#define crypto_secretbox_xsalsa20poly1305_KEYBYTES 32U
+#define crypto_secretbox_xsalsa20poly1305_NONCEBYTES 24U
+#define crypto_secretbox_xsalsa20poly1305_MACBYTES 16U
+#endif
+
+#include <vector>
+
+#include "HybridCipher.hpp"
+
+namespace margelo::nitro::crypto {
+
+class XSalsa20Poly1305Cipher : public HybridCipher {
+ public:
+  XSalsa20Poly1305Cipher() : HybridObject(TAG), final_called_(false) {}
+  ~XSalsa20Poly1305Cipher();
+
+  void init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) override;
+  std::shared_ptr<ArrayBuffer> update(const std::shared_ptr<ArrayBuffer>& data) override;
+  std::shared_ptr<ArrayBuffer> final() override;
+  bool setAAD(const std::shared_ptr<ArrayBuffer>& data, std::optional<double> plaintextLength) override;
+  std::shared_ptr<ArrayBuffer> getAuthTag() override;
+  bool setAuthTag(const std::shared_ptr<ArrayBuffer>& tag) override;
+  bool setAutoPadding(bool autoPad) override;
+
+ private:
+  static constexpr size_t kKeySize = crypto_secretbox_xsalsa20poly1305_KEYBYTES;
+  static constexpr size_t kNonceSize = crypto_secretbox_xsalsa20poly1305_NONCEBYTES;
+  static constexpr size_t kTagSize = crypto_secretbox_xsalsa20poly1305_MACBYTES;
+
+  uint8_t key_[kKeySize];
+  uint8_t nonce_[kNonceSize];
+  std::vector<uint8_t> data_buffer_;
+  uint8_t auth_tag_[kTagSize];
+  bool final_called_;
+};
+
+} // namespace margelo::nitro::crypto

package/cpp/dh/HybridDiffieHellman.cpp

@@ -433,6 +433,16 @@ const DH* HybridDiffieHellman::getDH() const {
   return dh;
 }
 
+double HybridDiffieHellman::getVerifyError() {
+  ensureInitialized();
+  const DH* dh = getDH();
+  int codes = 0;
+  if (DH_check(const_cast<DH*>(dh), &codes) != 1) {
+    return 0;
+  }
+  return static_cast<double>(codes);
+}
+
 #pragma clang diagnostic pop
 
 } // namespace margelo::nitro::crypto

package/cpp/dh/HybridDiffieHellman.hpp

@@ -30,6 +30,7 @@ class HybridDiffieHellman : public HybridDiffieHellmanSpec {
   std::shared_ptr<ArrayBuffer> getPrivateKey() override;
   void setPublicKey(const std::shared_ptr<ArrayBuffer>& publicKey) override;
   void setPrivateKey(const std::shared_ptr<ArrayBuffer>& privateKey) override;
+  double getVerifyError() override;
 
  private:
   EVP_PKEY_ptr _pkey;

package/cpp/ec/HybridEcKeyPair.cpp

@@ -1,5 +1,6 @@
 #include <NitroModules/ArrayBuffer.hpp>
 #include <NitroModules/Promise.hpp>
+#include <algorithm>
 #include <memory>
 #include <openssl/bio.h>
 #include <openssl/buffer.h>
@@ -425,4 +426,24 @@ void HybridEcKeyPair::checkKeyPair() {
   }
 }
 
+std::vector<std::string> HybridEcKeyPair::getSupportedCurves() {
+  const size_t count = EC_get_builtin_curves(nullptr, 0);
+  std::vector<EC_builtin_curve> curves(count);
+  if (EC_get_builtin_curves(curves.data(), count) != count) {
+    throw std::runtime_error("Failed to enumerate EC curves");
+  }
+
+  std::vector<std::string> names;
+  names.reserve(count);
+  for (const auto& curve : curves) {
+    const char* sn = OBJ_nid2sn(curve.nid);
+    if (sn != nullptr) {
+      names.emplace_back(sn);
+    }
+  }
+
+  std::sort(names.begin(), names.end());
+  return names;
+}
+
 } // namespace margelo::nitro::crypto

package/cpp/ec/HybridEcKeyPair.hpp

@@ -34,6 +34,7 @@ class HybridEcKeyPair : public HybridEcKeyPairSpec {
   std::shared_ptr<ArrayBuffer> sign(const std::shared_ptr<ArrayBuffer>& data, const std::string& hashAlgorithm) override;
   bool verify(const std::shared_ptr<ArrayBuffer>& data, const std::shared_ptr<ArrayBuffer>& signature,
               const std::string& hashAlgorithm) override;
+  std::vector<std::string> getSupportedCurves() override;
 
  protected:
   void checkKeyPair();

package/cpp/hash/HybridHash.cpp

@@ -68,7 +68,7 @@ void HybridHash::createHash(const std::string& hashAlgorithmArg, const std::opti
   }
 }
 
-void HybridHash::update(const std::variant<std::string, std::shared_ptr<ArrayBuffer>>& data) {
+void HybridHash::update(const std::variant<std::shared_ptr<ArrayBuffer>, std::string>& data) {
   if (!ctx) {
     throw std::runtime_error("Hash context not initialized");
   }

package/cpp/hash/HybridHash.hpp

@@ -21,7 +21,7 @@ class HybridHash : public HybridHashSpec {
  public:
   // Methods
   void createHash(const std::string& algorithm, const std::optional<double> outputLength) override;
-  void update(const std::variant<std::string, std::shared_ptr<ArrayBuffer>>& data) override;
+  void update(const std::variant<std::shared_ptr<ArrayBuffer>, std::string>& data) override;
   std::shared_ptr<ArrayBuffer> digest(const std::optional<std::string>& encoding = std::nullopt) override;
   std::shared_ptr<margelo::nitro::crypto::HybridHashSpec> copy(const std::optional<double> outputLength) override;
   std::vector<std::string> getSupportedHashAlgorithms() override;

package/cpp/hmac/HybridHmac.cpp

@@ -60,7 +60,7 @@ void HybridHmac::createHmac(const std::string& hmacAlgorithm, const std::shared_
   }
 }
 
-void HybridHmac::update(const std::variant<std::string, std::shared_ptr<ArrayBuffer>>& data) {
+void HybridHmac::update(const std::variant<std::shared_ptr<ArrayBuffer>, std::string>& data) {
   if (!ctx) {
     throw std::runtime_error("HMAC context not initialized");
   }

package/cpp/hmac/HybridHmac.hpp

@@ -20,7 +20,7 @@ class HybridHmac : public HybridHmacSpec {
  public:
   // Methods
   void createHmac(const std::string& algorithm, const std::shared_ptr<ArrayBuffer>& key) override;
-  void update(const std::variant<std::string, std::shared_ptr<ArrayBuffer>>& data) override;
+  void update(const std::variant<std::shared_ptr<ArrayBuffer>, std::string>& data) override;
   std::shared_ptr<ArrayBuffer> digest() override;
 
  private: