feat: add XChaCha20-Poly1305 and XSalsa20-Poly1305 cipher support #908
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add XChaCha20Poly1305Cipher C++ implementation using OpenSSL EVP API - Add XSalsa20Poly1305Cipher C++ implementation using OpenSSL EVP API - Register new ciphers in HybridCipherFactory - Update Android CMakeLists.txt with new source files - Add comprehensive test suites for both ciphers - Update documentation with usage examples - Update implementation coverage documentation
- Add sodium_memzero on error paths before delete[] (4 locations) - Zero data_buffer_ in destructors before clearing - Override setAutoPadding to throw 'not supported' - Standardize preprocessor guards to #ifdef/#ifndef - Fix test vector type to avoid non-null assertion - Revert unrelated diffieHellman marking change
Contributor
🤖 End-to-End Test Results - AndroidStatus: ✅ Passed 📸 Final Test ScreenshotScreenshot automatically captured from End-to-End tests and will expire in 30 days This comment is automatically updated on each test run. |
Contributor
🤖 End-to-End Test Results - iOSStatus: ✅ Passed 📸 Final Test ScreenshotScreenshot automatically captured from End-to-End tests and will expire in 30 days This comment is automatically updated on each test run. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adds XChaCha20-Poly1305 and XSalsa20-Poly1305 AEAD cipher support via libsodium. These are extended-nonce variants (24 bytes vs 12 bytes) that enable safe random nonce generation for high-volume encryption scenarios.
Changes
New Ciphers
xchacha20-poly1305- AEAD with 24-byte nonce and AAD supportxsalsa20-poly1305- Authenticated encryption (NaCl secretbox style, no AAD)C++ Implementation
XChaCha20Poly1305Cipher.cpp/.hpp- Full AEAD implementation using libsodiumXSalsa20Poly1305Cipher.cpp/.hpp- Secretbox-style authenticated encryptionsodium_memzero()for keys, nonces, tags, and buffersTests
Documentation
cipher.mdxwith algorithm tables and usage examplesimplementation-coverage.mdwith new cipher supportRequirements
These ciphers require
SODIUM_ENABLED=1on both iOS and Android.Testing
Tests are included in the example app test suite:
xchacha20_poly1305_tests.tsxsalsa20_poly1305_tests.tsCloses #885