npm - react-native-quick-crypto - Versions diffs - 1.0.9 → 1.0.11 - Mend

react-native-quick-crypto 1.0.9 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (292) hide show

package/QuickCrypto.podspec +9 -2
package/README.md +13 -9
package/android/CMakeLists.txt +13 -0
package/cpp/argon2/HybridArgon2.cpp +103 -0
package/cpp/argon2/HybridArgon2.hpp +32 -0
package/cpp/certificate/HybridCertificate.cpp +42 -0
package/cpp/certificate/HybridCertificate.hpp +16 -0
package/cpp/cipher/HybridCipher.cpp +58 -0
package/cpp/cipher/HybridCipher.hpp +4 -0
package/cpp/cipher/HybridCipherFactory.hpp +15 -1
package/cpp/cipher/OCBCipher.cpp +4 -4
package/cpp/cipher/XChaCha20Poly1305Cipher.cpp +161 -0
package/cpp/cipher/XChaCha20Poly1305Cipher.hpp +43 -0
package/cpp/cipher/XSalsa20Poly1305Cipher.cpp +145 -0
package/cpp/cipher/XSalsa20Poly1305Cipher.hpp +42 -0
package/cpp/dh/HybridDhKeyPair.cpp +179 -0
package/cpp/dh/HybridDhKeyPair.hpp +37 -0
package/cpp/dh/HybridDiffieHellman.cpp +10 -0
package/cpp/dh/HybridDiffieHellman.hpp +1 -0
package/cpp/dsa/HybridDsaKeyPair.cpp +128 -0
package/cpp/dsa/HybridDsaKeyPair.hpp +32 -0
package/cpp/ec/HybridEcKeyPair.cpp +21 -0
package/cpp/ec/HybridEcKeyPair.hpp +1 -0
package/cpp/ecdh/HybridECDH.cpp +35 -0
package/cpp/ecdh/HybridECDH.hpp +1 -0
package/cpp/hash/HybridHash.cpp +1 -1
package/cpp/hash/HybridHash.hpp +1 -1
package/cpp/hmac/HybridHmac.cpp +1 -1
package/cpp/hmac/HybridHmac.hpp +1 -1
package/cpp/keys/HybridKeyObjectHandle.cpp +131 -1
package/cpp/keys/HybridKeyObjectHandle.hpp +5 -1
package/cpp/prime/HybridPrime.cpp +81 -0
package/cpp/prime/HybridPrime.hpp +20 -0
package/deps/ncrypto/.bazelrc +0 -1
package/deps/ncrypto/.bazelversion +1 -1
package/deps/ncrypto/.github/workflows/commitlint.yml +16 -0
package/deps/ncrypto/.github/workflows/linter.yml +2 -2
package/deps/ncrypto/.github/workflows/release-please.yml +16 -0
package/deps/ncrypto/.github/workflows/ubuntu.yml +82 -0
package/deps/ncrypto/.release-please-manifest.json +3 -0
package/deps/ncrypto/BUILD.bazel +9 -1
package/deps/ncrypto/CHANGELOG.md +37 -0
package/deps/ncrypto/CMakeLists.txt +35 -11
package/deps/ncrypto/MODULE.bazel +16 -1
package/deps/ncrypto/MODULE.bazel.lock +299 -118
package/deps/ncrypto/cmake/ncrypto-flags.cmake +1 -0
package/deps/ncrypto/include/ncrypto/aead.h +137 -0
package/deps/ncrypto/include/ncrypto/version.h +14 -0
package/deps/ncrypto/include/ncrypto.h +85 -230
package/deps/ncrypto/ncrypto.pc.in +10 -0
package/deps/ncrypto/release-please-config.json +11 -0
package/deps/ncrypto/src/CMakeLists.txt +31 -6
package/deps/ncrypto/src/aead.cpp +302 -0
package/deps/ncrypto/src/ncrypto.cpp +274 -556
package/deps/ncrypto/tests/BUILD.bazel +2 -0
package/deps/ncrypto/tests/basic.cpp +772 -2
package/deps/ncrypto/tools/run-clang-format.sh +5 -5
package/lib/commonjs/argon2.js +39 -0
package/lib/commonjs/argon2.js.map +1 -0
package/lib/commonjs/certificate.js +35 -0
package/lib/commonjs/certificate.js.map +1 -0
package/lib/commonjs/cipher.js +8 -0
package/lib/commonjs/cipher.js.map +1 -1
package/lib/commonjs/dhKeyPair.js +109 -0
package/lib/commonjs/dhKeyPair.js.map +1 -0
package/lib/commonjs/diffie-hellman.js +4 -1
package/lib/commonjs/diffie-hellman.js.map +1 -1
package/lib/commonjs/dsa.js +92 -0
package/lib/commonjs/dsa.js.map +1 -0
package/lib/commonjs/ec.js +20 -25
package/lib/commonjs/ec.js.map +1 -1
package/lib/commonjs/ecdh.js +37 -0
package/lib/commonjs/ecdh.js.map +1 -1
package/lib/commonjs/ed.js +1 -2
package/lib/commonjs/ed.js.map +1 -1
package/lib/commonjs/hash.js +7 -0
package/lib/commonjs/hash.js.map +1 -1
package/lib/commonjs/index.js +46 -1
package/lib/commonjs/index.js.map +1 -1
package/lib/commonjs/keys/classes.js +18 -12
package/lib/commonjs/keys/classes.js.map +1 -1
package/lib/commonjs/keys/generateKeyPair.js +11 -0
package/lib/commonjs/keys/generateKeyPair.js.map +1 -1
package/lib/commonjs/prime.js +84 -0
package/lib/commonjs/prime.js.map +1 -0
package/lib/commonjs/specs/argon2.nitro.js +6 -0
package/lib/commonjs/specs/argon2.nitro.js.map +1 -0
package/lib/commonjs/specs/certificate.nitro.js +6 -0
package/lib/commonjs/specs/certificate.nitro.js.map +1 -0
package/lib/commonjs/specs/dhKeyPair.nitro.js +6 -0
package/lib/commonjs/specs/dhKeyPair.nitro.js.map +1 -0
package/lib/commonjs/specs/dsaKeyPair.nitro.js +6 -0
package/lib/commonjs/specs/dsaKeyPair.nitro.js.map +1 -0
package/lib/commonjs/specs/prime.nitro.js +6 -0
package/lib/commonjs/specs/prime.nitro.js.map +1 -0
package/lib/commonjs/subtle.js +181 -39
package/lib/commonjs/subtle.js.map +1 -1
package/lib/commonjs/utils/types.js.map +1 -1
package/lib/module/argon2.js +34 -0
package/lib/module/argon2.js.map +1 -0
package/lib/module/certificate.js +30 -0
package/lib/module/certificate.js.map +1 -0
package/lib/module/cipher.js +7 -0
package/lib/module/cipher.js.map +1 -1
package/lib/module/dhKeyPair.js +102 -0
package/lib/module/dhKeyPair.js.map +1 -0
package/lib/module/diffie-hellman.js +4 -0
package/lib/module/diffie-hellman.js.map +1 -1
package/lib/module/dsa.js +85 -0
package/lib/module/dsa.js.map +1 -0
package/lib/module/ec.js +19 -25
package/lib/module/ec.js.map +1 -1
package/lib/module/ecdh.js +37 -0
package/lib/module/ecdh.js.map +1 -1
package/lib/module/ed.js +1 -2
package/lib/module/ed.js.map +1 -1
package/lib/module/hash.js +6 -0
package/lib/module/hash.js.map +1 -1
package/lib/module/index.js +12 -0
package/lib/module/index.js.map +1 -1
package/lib/module/keys/classes.js +18 -12
package/lib/module/keys/classes.js.map +1 -1
package/lib/module/keys/generateKeyPair.js +11 -0
package/lib/module/keys/generateKeyPair.js.map +1 -1
package/lib/module/prime.js +77 -0
package/lib/module/prime.js.map +1 -0
package/lib/module/specs/argon2.nitro.js +4 -0
package/lib/module/specs/argon2.nitro.js.map +1 -0
package/lib/module/specs/certificate.nitro.js +4 -0
package/lib/module/specs/certificate.nitro.js.map +1 -0
package/lib/module/specs/dhKeyPair.nitro.js +4 -0
package/lib/module/specs/dhKeyPair.nitro.js.map +1 -0
package/lib/module/specs/dsaKeyPair.nitro.js +4 -0
package/lib/module/specs/dsaKeyPair.nitro.js.map +1 -0
package/lib/module/specs/prime.nitro.js +4 -0
package/lib/module/specs/prime.nitro.js.map +1 -0
package/lib/module/subtle.js +183 -42
package/lib/module/subtle.js.map +1 -1
package/lib/module/utils/types.js.map +1 -1
package/lib/tsconfig.tsbuildinfo +1 -1
package/lib/typescript/argon2.d.ts +16 -0
package/lib/typescript/argon2.d.ts.map +1 -0
package/lib/typescript/certificate.d.ts +8 -0
package/lib/typescript/certificate.d.ts.map +1 -0
package/lib/typescript/cipher.d.ts +12 -0
package/lib/typescript/cipher.d.ts.map +1 -1
package/lib/typescript/dhKeyPair.d.ts +19 -0
package/lib/typescript/dhKeyPair.d.ts.map +1 -0
package/lib/typescript/diffie-hellman.d.ts +2 -0
package/lib/typescript/diffie-hellman.d.ts.map +1 -1
package/lib/typescript/dsa.d.ts +19 -0
package/lib/typescript/dsa.d.ts.map +1 -0
package/lib/typescript/ec.d.ts +1 -0
package/lib/typescript/ec.d.ts.map +1 -1
package/lib/typescript/ecdh.d.ts +3 -0
package/lib/typescript/ecdh.d.ts.map +1 -1
package/lib/typescript/ed.d.ts.map +1 -1
package/lib/typescript/hash.d.ts +2 -0
package/lib/typescript/hash.d.ts.map +1 -1
package/lib/typescript/index.d.ts +22 -0
package/lib/typescript/index.d.ts.map +1 -1
package/lib/typescript/keys/classes.d.ts +4 -0
package/lib/typescript/keys/classes.d.ts.map +1 -1
package/lib/typescript/keys/generateKeyPair.d.ts.map +1 -1
package/lib/typescript/prime.d.ts +19 -0
package/lib/typescript/prime.d.ts.map +1 -0
package/lib/typescript/specs/argon2.nitro.d.ts +9 -0
package/lib/typescript/specs/argon2.nitro.d.ts.map +1 -0
package/lib/typescript/specs/certificate.nitro.d.ts +10 -0
package/lib/typescript/specs/certificate.nitro.d.ts.map +1 -0
package/lib/typescript/specs/cipher.nitro.d.ts +9 -0
package/lib/typescript/specs/cipher.nitro.d.ts.map +1 -1
package/lib/typescript/specs/dhKeyPair.nitro.d.ts +14 -0
package/lib/typescript/specs/dhKeyPair.nitro.d.ts.map +1 -0
package/lib/typescript/specs/diffie-hellman.nitro.d.ts +1 -0
package/lib/typescript/specs/diffie-hellman.nitro.d.ts.map +1 -1
package/lib/typescript/specs/dsaKeyPair.nitro.d.ts +13 -0
package/lib/typescript/specs/dsaKeyPair.nitro.d.ts.map +1 -0
package/lib/typescript/specs/ecKeyPair.nitro.d.ts +1 -0
package/lib/typescript/specs/ecKeyPair.nitro.d.ts.map +1 -1
package/lib/typescript/specs/ecdh.nitro.d.ts +1 -0
package/lib/typescript/specs/ecdh.nitro.d.ts.map +1 -1
package/lib/typescript/specs/keyObjectHandle.nitro.d.ts +2 -0
package/lib/typescript/specs/keyObjectHandle.nitro.d.ts.map +1 -1
package/lib/typescript/specs/prime.nitro.d.ts +11 -0
package/lib/typescript/specs/prime.nitro.d.ts.map +1 -0
package/lib/typescript/subtle.d.ts +2 -0
package/lib/typescript/subtle.d.ts.map +1 -1
package/lib/typescript/utils/types.d.ts +24 -7
package/lib/typescript/utils/types.d.ts.map +1 -1
package/nitrogen/generated/android/QuickCrypto+autolinking.cmake +13 -5
package/nitrogen/generated/android/QuickCrypto+autolinking.gradle +1 -1
package/nitrogen/generated/android/QuickCryptoOnLoad.cpp +104 -54
package/nitrogen/generated/android/QuickCryptoOnLoad.hpp +1 -1
package/nitrogen/generated/android/kotlin/com/margelo/nitro/crypto/QuickCryptoOnLoad.kt +1 -1
package/nitrogen/generated/ios/QuickCrypto+autolinking.rb +2 -2
package/nitrogen/generated/ios/QuickCrypto-Swift-Cxx-Bridge.cpp +1 -1
package/nitrogen/generated/ios/QuickCrypto-Swift-Cxx-Bridge.hpp +1 -1
package/nitrogen/generated/ios/QuickCrypto-Swift-Cxx-Umbrella.hpp +1 -1
package/nitrogen/generated/ios/QuickCryptoAutolinking.mm +104 -54
package/nitrogen/generated/ios/QuickCryptoAutolinking.swift +5 -1
package/nitrogen/generated/shared/c++/AsymmetricKeyType.hpp +1 -1
package/nitrogen/generated/shared/c++/CipherArgs.hpp +34 -19
package/nitrogen/generated/shared/c++/CipherInfo.hpp +104 -0
package/nitrogen/generated/shared/c++/HybridArgon2Spec.cpp +22 -0
package/nitrogen/generated/shared/c++/HybridArgon2Spec.hpp +66 -0
package/nitrogen/generated/shared/c++/HybridBlake3Spec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridBlake3Spec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridCertificateSpec.cpp +23 -0
package/nitrogen/generated/shared/c++/HybridCertificateSpec.hpp +64 -0
package/nitrogen/generated/shared/c++/HybridCipherFactorySpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridCipherFactorySpec.hpp +1 -1
package/nitrogen/generated/shared/c++/HybridCipherSpec.cpp +2 -1
package/nitrogen/generated/shared/c++/HybridCipherSpec.hpp +5 -3
package/nitrogen/generated/shared/c++/HybridDhKeyPairSpec.cpp +27 -0
package/nitrogen/generated/shared/c++/HybridDhKeyPairSpec.hpp +69 -0
package/nitrogen/generated/shared/c++/HybridDiffieHellmanSpec.cpp +2 -1
package/nitrogen/generated/shared/c++/HybridDiffieHellmanSpec.hpp +3 -3
package/nitrogen/generated/shared/c++/HybridDsaKeyPairSpec.cpp +26 -0
package/nitrogen/generated/shared/c++/HybridDsaKeyPairSpec.hpp +68 -0
package/nitrogen/generated/shared/c++/HybridECDHSpec.cpp +2 -1
package/nitrogen/generated/shared/c++/HybridECDHSpec.hpp +3 -3
package/nitrogen/generated/shared/c++/HybridEcKeyPairSpec.cpp +2 -1
package/nitrogen/generated/shared/c++/HybridEcKeyPairSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridEdKeyPairSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridEdKeyPairSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridHashSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridHashSpec.hpp +2 -4
package/nitrogen/generated/shared/c++/HybridHkdfSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridHkdfSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridHmacSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridHmacSpec.hpp +3 -4
package/nitrogen/generated/shared/c++/HybridKeyObjectHandleSpec.cpp +3 -1
package/nitrogen/generated/shared/c++/HybridKeyObjectHandleSpec.hpp +8 -4
package/nitrogen/generated/shared/c++/HybridMlDsaKeyPairSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridMlDsaKeyPairSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridPbkdf2Spec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridPbkdf2Spec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridPrimeSpec.cpp +24 -0
package/nitrogen/generated/shared/c++/HybridPrimeSpec.hpp +67 -0
package/nitrogen/generated/shared/c++/HybridRandomSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridRandomSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridRsaCipherSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridRsaCipherSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridRsaKeyPairSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridRsaKeyPairSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridScryptSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridScryptSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridSignHandleSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridSignHandleSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridUtilsSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridUtilsSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridVerifyHandleSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridVerifyHandleSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/JWK.hpp +84 -68
package/nitrogen/generated/shared/c++/JWKkty.hpp +5 -1
package/nitrogen/generated/shared/c++/JWKuse.hpp +1 -1
package/nitrogen/generated/shared/c++/KFormatType.hpp +1 -1
package/nitrogen/generated/shared/c++/KeyDetail.hpp +39 -23
package/nitrogen/generated/shared/c++/KeyEncoding.hpp +1 -1
package/nitrogen/generated/shared/c++/KeyObject.hpp +21 -5
package/nitrogen/generated/shared/c++/KeyType.hpp +1 -1
package/nitrogen/generated/shared/c++/KeyUsage.hpp +1 -1
package/nitrogen/generated/shared/c++/NamedCurve.hpp +1 -1
package/package.json +1 -1
package/src/argon2.ts +83 -0
package/src/certificate.ts +41 -0
package/src/cipher.ts +24 -0
package/src/dhKeyPair.ts +156 -0
package/src/diffie-hellman.ts +6 -0
package/src/dsa.ts +129 -0
package/src/ec.ts +23 -19
package/src/ecdh.ts +59 -0
package/src/ed.ts +1 -2
package/src/hash.ts +11 -0
package/src/index.ts +12 -0
package/src/keys/classes.ts +26 -8
package/src/keys/generateKeyPair.ts +14 -0
package/src/prime.ts +134 -0
package/src/specs/argon2.nitro.ts +29 -0
package/src/specs/certificate.nitro.ts +8 -0
package/src/specs/cipher.nitro.ts +14 -0
package/src/specs/dhKeyPair.nitro.ts +14 -0
package/src/specs/diffie-hellman.nitro.ts +1 -0
package/src/specs/dsaKeyPair.nitro.ts +13 -0
package/src/specs/ecKeyPair.nitro.ts +2 -0
package/src/specs/ecdh.nitro.ts +1 -0
package/src/specs/keyObjectHandle.nitro.ts +2 -0
package/src/specs/prime.nitro.ts +18 -0
package/src/subtle.ts +400 -42
package/src/utils/types.ts +39 -5
package/deps/ncrypto/WORKSPACE +0 -15

package/QuickCrypto.podspec CHANGED Viewed

@@ -112,7 +112,7 @@ Pod::Spec.new do |s|
     # implementation (C++)
     "cpp/**/*.{hpp,cpp}",
     # dependencies (C++) - ncrypto
-    "deps/ncrypto/include/*.{h}",
+    "deps/ncrypto/include/**/*.{h}",
     "deps/ncrypto/src/*.{cpp}",
     # dependencies (C) - exclude BLAKE3 x86 SIMD files (only use portable + NEON for ARM)
     "deps/blake3/c/*.{h,c}",
@@ -143,6 +143,9 @@ Pod::Spec.new do |s|
     "deps/blake3/c/example.c",
     "deps/blake3/c/example_tbb.c",
     "deps/blake3/c/blake3_tbb.cpp",
+    # Exclude ncrypto version.h to avoid header name collision with libsodium's version.h
+    # (ncrypto.h includes it via relative path "ncrypto/version.h" which still resolves)
+    "deps/ncrypto/include/ncrypto/version.h",
     # Exclude non-C parts of BLAKE3 repo (Rust, benchmarks, tools, etc.)
     "deps/blake3/src/**/*",
     "deps/blake3/b3sum/**/*",
@@ -165,7 +168,11 @@ Pod::Spec.new do |s|
     "CLANG_CXX_LANGUAGE_STANDARD" => "c++20",
     "CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES" => "YES",
     # Exclude ARM NEON source when building x86_64 simulator (no NEON support).
-    "EXCLUDED_SOURCE_FILE_NAMES[sdk=iphonesimulator*][arch=x86_64]" => "deps/blake3/c/blake3_neon.c"
+    "EXCLUDED_SOURCE_FILE_NAMES[sdk=iphonesimulator*][arch=x86_64]" => "deps/blake3/c/blake3_neon.c",
+    # Disable x86 SIMD intrinsics on iOS simulator — the .c implementation files are already
+    # excluded above, but blake3_dispatch.c still references the symbols unless these macros
+    # are defined. Mirrors the Android CMakeLists.txt approach (line 18-22).
+    "GCC_PREPROCESSOR_DEFINITIONS[sdk=iphonesimulator*][arch=x86_64]" => "$(inherited) BLAKE3_NO_AVX512 BLAKE3_NO_AVX2 BLAKE3_NO_SSE41 BLAKE3_NO_SSE2"
   }
   # Add cpp subdirectories to header search paths

package/README.md CHANGED Viewed

@@ -10,19 +10,15 @@
 A fast implementation of Node's `crypto` module.
-> Note: This version `1.x` completed a major refactor, porting to OpenSSL 3.6+, New Architecture, Bridgeless, and [`Nitro Modules`](https://github.com/mrousavy/react-native-nitro).  It should be at or above feature-parity compared to the `0.x` version.  Status, as always, will be represented in [implementation-coverage.md](./.docs/implementation-coverage.md).
-> Note: Minimum supported version of React Native is `0.75`.  If you need to use earlier versions, please use `0.x` versions of this library.
 ## Features
 Unlike any other current JS-based polyfills, react-native-quick-crypto is written in C/C++ JSI and provides much greater performance - especially on mobile devices.
-QuickCrypto can be used as a drop-in replacement for your Web3/Crypto apps to speed up common cryptography functions.
+QuickCrypto can be used as a drop-in replacement for your Web3/Crypto apps or CRDT-based local first databases to speed up common cryptography functions.
-- 🏎️ Up to 58x faster than all other solutions
-- ⚡️ Lightning fast implementation with pure C++ and JSI, instead of JS
+- 🏎️ Hundreds of times faster than all JS-based solutions
+- ⚡️ Lightning fast implementation with Nitro Modules (pure C++ and JSI) instead of JS
 - 🧪 Well tested in JS and C++ (OpenSSL)
-- 💰 Made for crypto apps and Wallets
+- 💰 Made for crypto apps and wallets
 - 🔢 Secure native compiled cryptography
 - 🔁 Easy drop-in replacement for [crypto-browserify](https://github.com/browserify/crypto-browserify) or [react-native-crypto](https://github.com/tradle/react-native-crypto)
@@ -33,6 +29,8 @@ QuickCrypto can be used as a drop-in replacement for your Web3/Crypto apps to sp
 | `1.x`     | new [->](https://github.com/reactwg/react-native-new-architecture/blob/main/docs/enable-apps.md)  | Nitro Modules [->](https://github.com/mrousavy/nitro) |
 | `0.x`     | old, new 🤞  | Bridge & JSI |
+> Note: Minimum supported version of React Native is `0.75`.  If you need to use earlier versions, please use `0.x` versions of this library.
 ## Migration
 Our goal in refactoring to v1.0 was to maintain API compatibility.  If you are upgrading to v1.0 from v0.x, and find any discrepancies, please open an issue in this repo.
@@ -55,7 +53,13 @@ cd ios && pod install
 ```
 <h3>
-  Expo  <a href="#"><img src="./.docs/img/expo.png" height="12" /></a>
+  Expo  <a href="#">
+    <picture>
+      <source media="(prefers-color-scheme: dark)" srcset="./.docs/img/expo/dark.png" />
+      <source media="(prefers-color-scheme: light)" srcset="./.docs/img/expo/light.png" />
+      <img alt="Expo" src="./.docs/img/expo/light.png" height="12" />
+      </picture>
+  </a>
 </h3>
 ```sh

package/android/CMakeLists.txt CHANGED Viewed

@@ -25,16 +25,22 @@ endif()
 add_library(
   ${PACKAGE_NAME} SHARED
   src/main/cpp/cpp-adapter.cpp
+  ../cpp/argon2/HybridArgon2.cpp
   ../cpp/blake3/HybridBlake3.cpp
+  ../cpp/certificate/HybridCertificate.cpp
   ../cpp/cipher/CCMCipher.cpp
   ../cpp/cipher/GCMCipher.cpp
   ../cpp/cipher/HybridCipher.cpp
   ../cpp/cipher/HybridRsaCipher.cpp
   ../cpp/cipher/OCBCipher.cpp
   ../cpp/cipher/XSalsa20Cipher.cpp
+  ../cpp/cipher/XSalsa20Poly1305Cipher.cpp
+  ../cpp/cipher/XChaCha20Poly1305Cipher.cpp
   ../cpp/cipher/ChaCha20Cipher.cpp
   ../cpp/cipher/ChaCha20Poly1305Cipher.cpp
   ../cpp/dh/HybridDiffieHellman.cpp
+  ../cpp/dh/HybridDhKeyPair.cpp
+  ../cpp/dsa/HybridDsaKeyPair.cpp
   ../cpp/ec/HybridEcKeyPair.cpp
   ../cpp/ecdh/HybridECDH.cpp
   ../cpp/ed25519/HybridEdKeyPair.cpp
@@ -45,6 +51,7 @@ add_library(
   ../cpp/keys/KeyObjectData.cpp
   ../cpp/mldsa/HybridMlDsaKeyPair.cpp
   ../cpp/pbkdf2/HybridPbkdf2.cpp
+  ../cpp/prime/HybridPrime.cpp
   ../cpp/random/HybridRandom.cpp
   ../cpp/rsa/HybridRsaKeyPair.cpp
   ../cpp/scrypt/HybridScrypt.cpp
@@ -53,6 +60,8 @@ add_library(
   ../cpp/utils/HybridUtils.cpp
   ${BLAKE3_SOURCES}
   ../deps/fastpbkdf2/fastpbkdf2.c
+  ../deps/ncrypto/src/aead.cpp
+  ../deps/ncrypto/src/engine.cpp
   ../deps/ncrypto/src/ncrypto.cpp
 )
@@ -62,9 +71,12 @@ include(${CMAKE_SOURCE_DIR}/../nitrogen/generated/android/QuickCrypto+autolinkin
 # local includes
 include_directories(
   "src/main/cpp"
+  "../cpp/argon2"
   "../cpp/blake3"
+  "../cpp/certificate"
   "../cpp/cipher"
   "../cpp/dh"
+  "../cpp/dsa"
   "../cpp/ec"
   "../cpp/ecdh"
   "../cpp/ed25519"
@@ -74,6 +86,7 @@ include_directories(
   "../cpp/keys"
   "../cpp/mldsa"
   "../cpp/pbkdf2"
+  "../cpp/prime"
   "../cpp/random"
   "../cpp/rsa"
   "../cpp/sign"

package/cpp/argon2/HybridArgon2.cpp ADDED Viewed

@@ -0,0 +1,103 @@
+#include <NitroModules/ArrayBuffer.hpp>
+#include <memory>
+#include <ncrypto.h>
+#include <openssl/err.h>
+#include <openssl/opensslv.h>
+#include <string>
+#include "HybridArgon2.hpp"
+#include "QuickCryptoUtils.hpp"
+namespace margelo::nitro::crypto {
+#if OPENSSL_VERSION_NUMBER >= 0x30200000L
+#ifndef OPENSSL_NO_ARGON2
+static ncrypto::Argon2Type parseAlgorithm(const std::string& algo) {
+  if (algo == "argon2d")
+    return ncrypto::Argon2Type::ARGON2D;
+  if (algo == "argon2i")
+    return ncrypto::Argon2Type::ARGON2I;
+  if (algo == "argon2id")
+    return ncrypto::Argon2Type::ARGON2ID;
+  throw std::runtime_error("Unknown argon2 algorithm: " + algo);
+}
+static std::shared_ptr<ArrayBuffer> hashImpl(const std::string& algorithm, const std::shared_ptr<ArrayBuffer>& message,
+                                             const std::shared_ptr<ArrayBuffer>& nonce, double parallelism, double tagLength, double memory,
+                                             double passes, double version, const std::optional<std::shared_ptr<ArrayBuffer>>& secret,
+                                             const std::optional<std::shared_ptr<ArrayBuffer>>& associatedData) {
+  auto type = parseAlgorithm(algorithm);
+  ncrypto::Buffer<const char> passBuf{message->size() > 0 ? reinterpret_cast<const char*>(message->data()) : "", message->size()};
+  ncrypto::Buffer<const unsigned char> saltBuf{nonce->size() > 0 ? reinterpret_cast<const unsigned char*>(nonce->data())
+                                                                 : reinterpret_cast<const unsigned char*>(""),
+                                               nonce->size()};
+  ncrypto::Buffer<const unsigned char> secretBuf{nullptr, 0};
+  if (secret.has_value() && secret.value()->size() > 0) {
+    secretBuf = {reinterpret_cast<const unsigned char*>(secret.value()->data()), secret.value()->size()};
+  }
+  ncrypto::Buffer<const unsigned char> adBuf{nullptr, 0};
+  if (associatedData.has_value() && associatedData.value()->size() > 0) {
+    adBuf = {reinterpret_cast<const unsigned char*>(associatedData.value()->data()), associatedData.value()->size()};
+  }
+  auto result =
+      ncrypto::argon2(passBuf, saltBuf, static_cast<uint32_t>(parallelism), static_cast<size_t>(tagLength), static_cast<uint32_t>(memory),
+                      static_cast<uint32_t>(passes), static_cast<uint32_t>(version), secretBuf, adBuf, type);
+  if (!result) {
+    unsigned long err = ERR_peek_last_error();
+    const char* reason = err ? ERR_reason_error_string(err) : nullptr;
+    throw std::runtime_error(reason ? std::string("Argon2 operation failed: ") + reason : "Argon2 operation failed");
+  }
+  return ToNativeArrayBuffer(reinterpret_cast<const uint8_t*>(result.get()), result.size());
+}
+#endif // OPENSSL_NO_ARGON2
+#endif // OPENSSL_VERSION_NUMBER
+std::shared_ptr<Promise<std::shared_ptr<ArrayBuffer>>>
+HybridArgon2::hash(const std::string& algorithm, const std::shared_ptr<ArrayBuffer>& message, const std::shared_ptr<ArrayBuffer>& nonce,
+                   double parallelism, double tagLength, double memory, double passes, double version,
+                   const std::optional<std::shared_ptr<ArrayBuffer>>& secret,
+                   const std::optional<std::shared_ptr<ArrayBuffer>>& associatedData) {
+#if OPENSSL_VERSION_NUMBER >= 0x30200000L && !defined(OPENSSL_NO_ARGON2)
+  auto nativeMessage = ToNativeArrayBuffer(message);
+  auto nativeNonce = ToNativeArrayBuffer(nonce);
+  std::optional<std::shared_ptr<ArrayBuffer>> nativeSecret;
+  if (secret.has_value()) {
+    nativeSecret = ToNativeArrayBuffer(secret.value());
+  }
+  std::optional<std::shared_ptr<ArrayBuffer>> nativeAd;
+  if (associatedData.has_value()) {
+    nativeAd = ToNativeArrayBuffer(associatedData.value());
+  }
+  return Promise<std::shared_ptr<ArrayBuffer>>::async([algorithm, nativeMessage, nativeNonce, parallelism, tagLength, memory, passes,
+                                                       version, nativeSecret = std::move(nativeSecret), nativeAd = std::move(nativeAd)]() {
+    return hashImpl(algorithm, nativeMessage, nativeNonce, parallelism, tagLength, memory, passes, version, nativeSecret, nativeAd);
+  });
+#else
+  throw std::runtime_error("Argon2 is not supported (requires OpenSSL 3.2+)");
+#endif
+}
+std::shared_ptr<ArrayBuffer> HybridArgon2::hashSync(const std::string& algorithm, const std::shared_ptr<ArrayBuffer>& message,
+                                                    const std::shared_ptr<ArrayBuffer>& nonce, double parallelism, double tagLength,
+                                                    double memory, double passes, double version,
+                                                    const std::optional<std::shared_ptr<ArrayBuffer>>& secret,
+                                                    const std::optional<std::shared_ptr<ArrayBuffer>>& associatedData) {
+#if OPENSSL_VERSION_NUMBER >= 0x30200000L && !defined(OPENSSL_NO_ARGON2)
+  return hashImpl(algorithm, message, nonce, parallelism, tagLength, memory, passes, version, secret, associatedData);
+#else
+  throw std::runtime_error("Argon2 is not supported (requires OpenSSL 3.2+)");
+#endif
+}
+} // namespace margelo::nitro::crypto

package/cpp/argon2/HybridArgon2.hpp ADDED Viewed

@@ -0,0 +1,32 @@
+#pragma once
+#include <NitroModules/ArrayBuffer.hpp>
+#include <NitroModules/Promise.hpp>
+#include <memory>
+#include <optional>
+#include <string>
+#include "HybridArgon2Spec.hpp"
+namespace margelo::nitro::crypto {
+using namespace facebook;
+class HybridArgon2 : public HybridArgon2Spec {
+ public:
+  HybridArgon2() : HybridObject(TAG) {}
+ public:
+  std::shared_ptr<Promise<std::shared_ptr<ArrayBuffer>>> hash(const std::string& algorithm, const std::shared_ptr<ArrayBuffer>& message,
+                                                              const std::shared_ptr<ArrayBuffer>& nonce, double parallelism,
+                                                              double tagLength, double memory, double passes, double version,
+                                                              const std::optional<std::shared_ptr<ArrayBuffer>>& secret,
+                                                              const std::optional<std::shared_ptr<ArrayBuffer>>& associatedData) override;
+  std::shared_ptr<ArrayBuffer> hashSync(const std::string& algorithm, const std::shared_ptr<ArrayBuffer>& message,
+                                        const std::shared_ptr<ArrayBuffer>& nonce, double parallelism, double tagLength, double memory,
+                                        double passes, double version, const std::optional<std::shared_ptr<ArrayBuffer>>& secret,
+                                        const std::optional<std::shared_ptr<ArrayBuffer>>& associatedData) override;
+};
+} // namespace margelo::nitro::crypto

package/cpp/certificate/HybridCertificate.cpp ADDED Viewed

@@ -0,0 +1,42 @@
+#include "HybridCertificate.hpp"
+#include "QuickCryptoUtils.hpp"
+#include <ncrypto.h>
+#include <openssl/crypto.h>
+namespace margelo::nitro::crypto {
+bool HybridCertificate::verifySpkac(const std::shared_ptr<ArrayBuffer>& spkac) {
+  return ncrypto::VerifySpkac(reinterpret_cast<const char*>(spkac->data()), spkac->size());
+}
+std::shared_ptr<ArrayBuffer> HybridCertificate::exportPublicKey(const std::shared_ptr<ArrayBuffer>& spkac) {
+  auto bio = ncrypto::ExportPublicKey(reinterpret_cast<const char*>(spkac->data()), spkac->size());
+  if (!bio) {
+    auto empty = new uint8_t[0];
+    return std::make_shared<NativeArrayBuffer>(empty, 0, [empty]() { delete[] empty; });
+  }
+  BUF_MEM* mem = bio;
+  if (!mem || mem->length == 0) {
+    auto empty = new uint8_t[0];
+    return std::make_shared<NativeArrayBuffer>(empty, 0, [empty]() { delete[] empty; });
+  }
+  return ToNativeArrayBuffer(reinterpret_cast<const uint8_t*>(mem->data), mem->length);
+}
+std::shared_ptr<ArrayBuffer> HybridCertificate::exportChallenge(const std::shared_ptr<ArrayBuffer>& spkac) {
+  auto buf = ncrypto::ExportChallenge(reinterpret_cast<const char*>(spkac->data()), spkac->size());
+  if (buf.data == nullptr) {
+    auto empty = new uint8_t[0];
+    return std::make_shared<NativeArrayBuffer>(empty, 0, [empty]() { delete[] empty; });
+  }
+  auto result = ToNativeArrayBuffer(reinterpret_cast<const uint8_t*>(buf.data), buf.len);
+  OPENSSL_free(buf.data);
+  return result;
+}
+} // namespace margelo::nitro::crypto

package/cpp/certificate/HybridCertificate.hpp ADDED Viewed

@@ -0,0 +1,16 @@
+#pragma once
+#include "HybridCertificateSpec.hpp"
+namespace margelo::nitro::crypto {
+class HybridCertificate : public HybridCertificateSpec {
+ public:
+  HybridCertificate() : HybridObject(TAG) {}
+  bool verifySpkac(const std::shared_ptr<ArrayBuffer>& spkac) override;
+  std::shared_ptr<ArrayBuffer> exportPublicKey(const std::shared_ptr<ArrayBuffer>& spkac) override;
+  std::shared_ptr<ArrayBuffer> exportChallenge(const std::shared_ptr<ArrayBuffer>& spkac) override;
+};
+} // namespace margelo::nitro::crypto

package/cpp/cipher/HybridCipher.cpp CHANGED Viewed

@@ -8,6 +8,7 @@
 #include "HybridCipher.hpp"
 #include "QuickCryptoUtils.hpp"
+#include <ncrypto.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -336,4 +337,61 @@ std::vector<std::string> HybridCipher::getSupportedCiphers() {
   return cipher_names;
 }
+std::optional<CipherInfo> HybridCipher::getCipherInfo(const std::string& name, std::optional<double> keyLength,
+                                                      std::optional<double> ivLength) {
+  auto cipher = ncrypto::Cipher::FromName(name.c_str());
+  if (!cipher)
+    return std::nullopt;
+  size_t iv_length = cipher.getIvLength();
+  size_t key_length = cipher.getKeyLength();
+  if (keyLength.has_value() || ivLength.has_value()) {
+    auto ctx = ncrypto::CipherCtxPointer::New();
+    if (!ctx.init(cipher, true))
+      return std::nullopt;
+    if (keyLength.has_value()) {
+      size_t check_len = static_cast<size_t>(keyLength.value());
+      if (!ctx.setKeyLength(check_len))
+        return std::nullopt;
+      key_length = check_len;
+    }
+    if (ivLength.has_value()) {
+      size_t check_len = static_cast<size_t>(ivLength.value());
+      if (cipher.isCcmMode()) {
+        if (check_len < 7 || check_len > 13)
+          return std::nullopt;
+      } else if (cipher.isGcmMode()) {
+        // GCM accepts flexible IV lengths
+      } else if (cipher.isOcbMode()) {
+        if (!ctx.setIvLength(check_len))
+          return std::nullopt;
+      } else {
+        if (check_len != iv_length)
+          return std::nullopt;
+      }
+      iv_length = check_len;
+    }
+  }
+  std::string name_str(cipher.getName());
+  std::transform(name_str.begin(), name_str.end(), name_str.begin(), ::tolower);
+  std::string mode_str(cipher.getModeLabel());
+  std::optional<double> block_size = std::nullopt;
+  if (!cipher.isStreamMode()) {
+    block_size = static_cast<double>(cipher.getBlockSize());
+  }
+  std::optional<double> iv_len = std::nullopt;
+  if (iv_length != 0) {
+    iv_len = static_cast<double>(iv_length);
+  }
+  return CipherInfo{name_str, static_cast<double>(cipher.getNid()), mode_str, static_cast<double>(key_length), block_size, iv_len};
+}
 } // namespace margelo::nitro::crypto

package/cpp/cipher/HybridCipher.hpp CHANGED Viewed

@@ -8,6 +8,7 @@
 #include <string>
 #include <vector>
+#include "CipherInfo.hpp"
 #include "HybridCipherSpec.hpp"
 namespace margelo::nitro::crypto {
@@ -40,6 +41,9 @@ class HybridCipher : public HybridCipherSpec {
   std::vector<std::string> getSupportedCiphers() override;
+  std::optional<CipherInfo> getCipherInfo(const std::string& name, std::optional<double> keyLength,
+                                          std::optional<double> ivLength) override;
  protected:
   // Protected enums for state management
   enum CipherKind { kCipher, kDecipher };

package/cpp/cipher/HybridCipherFactory.hpp CHANGED Viewed

@@ -11,7 +11,9 @@
 #include "HybridCipherFactorySpec.hpp"
 #include "OCBCipher.hpp"
 #include "QuickCryptoUtils.hpp"
+#include "XChaCha20Poly1305Cipher.hpp"
 #include "XSalsa20Cipher.hpp"
+#include "XSalsa20Poly1305Cipher.hpp"
 namespace margelo::nitro::crypto {
@@ -88,7 +90,7 @@ class HybridCipherFactory : public HybridCipherFactorySpec {
     }
     EVP_CIPHER_free(cipher);
-    // libsodium
+    // libsodium ciphers
     std::string cipherName = toLower(args.cipherType);
     if (cipherName == "xsalsa20") {
       cipherInstance = std::make_shared<XSalsa20Cipher>();
@@ -96,6 +98,18 @@ class HybridCipherFactory : public HybridCipherFactorySpec {
       cipherInstance->init(args.cipherKey, args.iv);
       return cipherInstance;
     }
+    if (cipherName == "xsalsa20-poly1305") {
+      cipherInstance = std::make_shared<XSalsa20Poly1305Cipher>();
+      cipherInstance->setArgs(args);
+      cipherInstance->init(args.cipherKey, args.iv);
+      return cipherInstance;
+    }
+    if (cipherName == "xchacha20-poly1305") {
+      cipherInstance = std::make_shared<XChaCha20Poly1305Cipher>();
+      cipherInstance->setArgs(args);
+      cipherInstance->init(args.cipherKey, args.iv);
+      return cipherInstance;
+    }
     // Unsupported cipher type
     throw std::runtime_error("Unsupported or unknown cipher type: " + args.cipherType);

package/cpp/cipher/OCBCipher.cpp CHANGED Viewed

@@ -13,9 +13,9 @@ void OCBCipher::init(const std::shared_ptr<ArrayBuffer>& key, const std::shared_
   HybridCipher::init(key, iv);
   auth_tag_len = tag_len;
-  // Set tag length for OCB (must be 12-16 bytes)
-  if (auth_tag_len < 12 || auth_tag_len > 16) {
-    throw std::runtime_error("OCB tag length must be between 12 and 16 bytes");
+  // Set tag length for OCB (must be 8-16 bytes)
+  if (auth_tag_len < 8 || auth_tag_len > 16) {
+    throw std::runtime_error("OCB tag length must be between 8 and 16 bytes");
   }
   if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, auth_tag_len, nullptr) != 1) {
     throw std::runtime_error("Failed to set OCB tag length");
@@ -42,7 +42,7 @@ bool OCBCipher::setAuthTag(const std::shared_ptr<ArrayBuffer>& tag) {
   }
   auto native_tag = ToNativeArrayBuffer(tag);
   size_t tag_len = native_tag->size();
-  if (tag_len < 12 || tag_len > 16) {
+  if (tag_len < 8 || tag_len > 16) {
     throw std::runtime_error("Invalid OCB tag length");
   }
   if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, native_tag->data()) != 1) {

package/cpp/cipher/XChaCha20Poly1305Cipher.cpp ADDED Viewed

@@ -0,0 +1,161 @@
+#include "XChaCha20Poly1305Cipher.hpp"
+#include <cstring>
+#include <stdexcept>
+#include "NitroModules/ArrayBuffer.hpp"
+#include "QuickCryptoUtils.hpp"
+namespace margelo::nitro::crypto {
+XChaCha20Poly1305Cipher::~XChaCha20Poly1305Cipher() {
+#ifdef BLSALLOC_SODIUM
+  sodium_memzero(key_, kKeySize);
+  sodium_memzero(nonce_, kNonceSize);
+  sodium_memzero(auth_tag_, kTagSize);
+  if (!data_buffer_.empty()) {
+    sodium_memzero(data_buffer_.data(), data_buffer_.size());
+  }
+  if (!aad_.empty()) {
+    sodium_memzero(aad_.data(), aad_.size());
+  }
+#else
+  std::memset(key_, 0, kKeySize);
+  std::memset(nonce_, 0, kNonceSize);
+  std::memset(auth_tag_, 0, kTagSize);
+#endif
+  data_buffer_.clear();
+  aad_.clear();
+}
+void XChaCha20Poly1305Cipher::init(const std::shared_ptr<ArrayBuffer> cipher_key, const std::shared_ptr<ArrayBuffer> iv) {
+  auto native_key = ToNativeArrayBuffer(cipher_key);
+  auto native_iv = ToNativeArrayBuffer(iv);
+  if (native_key->size() != kKeySize) {
+    throw std::runtime_error("XChaCha20-Poly1305 key must be 32 bytes, got " + std::to_string(native_key->size()) + " bytes");
+  }
+  if (native_iv->size() != kNonceSize) {
+    throw std::runtime_error("XChaCha20-Poly1305 nonce must be 24 bytes, got " + std::to_string(native_iv->size()) + " bytes");
+  }
+  std::memcpy(key_, native_key->data(), kKeySize);
+  std::memcpy(nonce_, native_iv->data(), kNonceSize);
+  data_buffer_.clear();
+  aad_.clear();
+  final_called_ = false;
+}
+std::shared_ptr<ArrayBuffer> XChaCha20Poly1305Cipher::update(const std::shared_ptr<ArrayBuffer>& data) {
+#ifndef BLSALLOC_SODIUM
+  throw std::runtime_error("XChaCha20Poly1305Cipher: libsodium must be enabled (BLSALLOC_SODIUM)");
+#else
+  auto native_data = ToNativeArrayBuffer(data);
+  size_t data_len = native_data->size();
+  size_t old_size = data_buffer_.size();
+  data_buffer_.resize(old_size + data_len);
+  std::memcpy(data_buffer_.data() + old_size, native_data->data(), data_len);
+  return std::make_shared<NativeArrayBuffer>(nullptr, 0, nullptr);
+#endif
+}
+std::shared_ptr<ArrayBuffer> XChaCha20Poly1305Cipher::final() {
+#ifndef BLSALLOC_SODIUM
+  throw std::runtime_error("XChaCha20Poly1305Cipher: libsodium must be enabled (BLSALLOC_SODIUM)");
+#else
+  if (is_cipher) {
+    uint8_t* ciphertext = new uint8_t[data_buffer_.size()];
+    int result =
+        crypto_aead_xchacha20poly1305_ietf_encrypt_detached(ciphertext, auth_tag_, nullptr, data_buffer_.data(), data_buffer_.size(),
+                                                            aad_.empty() ? nullptr : aad_.data(), aad_.size(), nullptr, nonce_, key_);
+    if (result != 0) {
+      sodium_memzero(ciphertext, data_buffer_.size());
+      delete[] ciphertext;
+      throw std::runtime_error("XChaCha20Poly1305Cipher: encryption failed");
+    }
+    final_called_ = true;
+    size_t ct_len = data_buffer_.size();
+    return std::make_shared<NativeArrayBuffer>(ciphertext, ct_len, [=]() { delete[] ciphertext; });
+  } else {
+    if (data_buffer_.empty()) {
+      final_called_ = true;
+      return std::make_shared<NativeArrayBuffer>(nullptr, 0, nullptr);
+    }
+    uint8_t* plaintext = new uint8_t[data_buffer_.size()];
+    int result =
+        crypto_aead_xchacha20poly1305_ietf_decrypt_detached(plaintext, nullptr, data_buffer_.data(), data_buffer_.size(), auth_tag_,
+                                                            aad_.empty() ? nullptr : aad_.data(), aad_.size(), nonce_, key_);
+    if (result != 0) {
+      sodium_memzero(plaintext, data_buffer_.size());
+      delete[] plaintext;
+      throw std::runtime_error("XChaCha20Poly1305Cipher: decryption failed - authentication tag mismatch");
+    }
+    final_called_ = true;
+    size_t pt_len = data_buffer_.size();
+    return std::make_shared<NativeArrayBuffer>(plaintext, pt_len, [=]() { delete[] plaintext; });
+  }
+#endif
+}
+bool XChaCha20Poly1305Cipher::setAAD(const std::shared_ptr<ArrayBuffer>& data, std::optional<double> plaintextLength) {
+#ifndef BLSALLOC_SODIUM
+  throw std::runtime_error("XChaCha20Poly1305Cipher: libsodium must be enabled (BLSALLOC_SODIUM)");
+#else
+  auto native_aad = ToNativeArrayBuffer(data);
+  aad_.resize(native_aad->size());
+  std::memcpy(aad_.data(), native_aad->data(), native_aad->size());
+  return true;
+#endif
+}
+std::shared_ptr<ArrayBuffer> XChaCha20Poly1305Cipher::getAuthTag() {
+#ifndef BLSALLOC_SODIUM
+  throw std::runtime_error("XChaCha20Poly1305Cipher: libsodium must be enabled (BLSALLOC_SODIUM)");
+#else
+  if (!is_cipher) {
+    throw std::runtime_error("getAuthTag can only be called during encryption");
+  }
+  if (!final_called_) {
+    throw std::runtime_error("getAuthTag must be called after final()");
+  }
+  uint8_t* tag_copy = new uint8_t[kTagSize];
+  std::memcpy(tag_copy, auth_tag_, kTagSize);
+  return std::make_shared<NativeArrayBuffer>(tag_copy, kTagSize, [=]() { delete[] tag_copy; });
+#endif
+}
+bool XChaCha20Poly1305Cipher::setAuthTag(const std::shared_ptr<ArrayBuffer>& tag) {
+#ifndef BLSALLOC_SODIUM
+  throw std::runtime_error("XChaCha20Poly1305Cipher: libsodium must be enabled (BLSALLOC_SODIUM)");
+#else
+  if (is_cipher) {
+    throw std::runtime_error("setAuthTag can only be called during decryption");
+  }
+  auto native_tag = ToNativeArrayBuffer(tag);
+  if (native_tag->size() != kTagSize) {
+    throw std::runtime_error("XChaCha20-Poly1305 tag must be 16 bytes, got " + std::to_string(native_tag->size()) + " bytes");
+  }
+  std::memcpy(auth_tag_, native_tag->data(), kTagSize);
+  return true;
+#endif
+}
+bool XChaCha20Poly1305Cipher::setAutoPadding(bool autoPad) {
+  throw std::runtime_error("setAutoPadding is not supported for xchacha20-poly1305");
+}
+} // namespace margelo::nitro::crypto