fix(ext/node): add chacha20-poly1305 cipher support (#33084)

## Summary

Implements the ChaCha20-Poly1305 AEAD cipher (RFC 8439) for
`node:crypto` `createCipheriv`/`createDecipheriv`.

The implementation uses the `chacha20` and `poly1305` crates:
1. Derive Poly1305 key from first 32 bytes of ChaCha20 keystream
(counter=0)
2. Encrypt/decrypt with ChaCha20 starting at counter=1
3. Compute auth tag per RFC 8439: `Poly1305(AAD || pad || CT || pad ||
len(AAD) || len(CT))`

Supports streaming `update()`/`final()` with `setAAD()` and
`getAuthTag()`.

Closes #28411

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: bartlomieju

Cargo.lock

@@ -384,6 +384,7 @@ aes = "=0.8.3"
 aes-gcm = "0.10"
 aes-kw = "0.2.1"
 blake2 = "0.10.6"
+chacha20 = "0.9"
 const-oid = "0.9.5"
 ctr = { version = "0.9.2", features = ["alloc"] }
 curve25519-dalek = "4.1.3"
@@ -407,6 +408,7 @@ p384 = { version = "0.13.0", features = ["ecdh", "jwk"] }
 p521 = { version = "0.13.3", features = ["ecdh", "ecdsa", "jwk", "pkcs8"] }
 pbkdf2 = "0.12.1"
 pkcs8 = "0.10.2"
+poly1305 = "0.8"
 ripemd = "0.1.3"
 rsa = { version = "0.9.9", default-features = false, features = ["std", "pem", "hazmat"] } # hazmat needed for PrehashSigner in ext/node
 scrypt = "0.11.0"

Cargo.toml

@@ -221,7 +221,7 @@ export function Cipheriv(
   this._needsBlockCache =
     !(cipher == "aes-128-gcm" || cipher == "aes-256-gcm" ||
       cipher == "aes-128-ctr" || cipher == "aes-192-ctr" ||
-      cipher == "aes-256-ctr");
+      cipher == "aes-256-ctr" || cipher == "chacha20-poly1305");
   this._authTag = undefined;
   this._autoPadding = true;
   this._finalized = false;
@@ -467,7 +467,7 @@ export function Decipheriv(
   this._needsBlockCache =
     !(cipher == "aes-128-gcm" || cipher == "aes-256-gcm" ||
       cipher == "aes-128-ctr" || cipher == "aes-192-ctr" ||
-      cipher == "aes-256-ctr");
+      cipher == "aes-256-ctr" || cipher == "chacha20-poly1305");
   this._authTag = undefined;
   this._finalized = false;
   this._decoder = undefined;

ext/node/polyfills/internal/crypto/cipher.ts

@@ -188,6 +188,14 @@ const cipherInfoTable: CipherInfoResult[] = [
     keyLength: 32,
     mode: "ctr",
   },
+  {
+    name: "chacha20-poly1305",
+    nid: 1018,
+    blockSize: 1,
+    ivLength: 12,
+    keyLength: 32,
+    mode: "",
+  },
 ];
 
 const cipherInfoByName = new Map<string, CipherInfoResult>();
@@ -218,6 +226,7 @@ const supportedCiphers = [
   "des-ede3-cbc",
   "aes128",
   "aes256",
+  "chacha20-poly1305",
 ];
 
 export function getCiphers(): string[] {

ext/node/polyfills/internal/crypto/util.ts

@@ -19,6 +19,7 @@ aws-lc-rs.workspace = true
 base64.workspace = true
 blake2.workspace = true
 cbc.workspace = true
+chacha20.workspace = true
 const-oid.workspace = true
 ctr.workspace = true
 data-encoding.workspace = true
@@ -49,6 +50,7 @@ p384.workspace = true
 p521.workspace = true
 pbkdf2.workspace = true
 pkcs8 = { workspace = true, features = ["std", "pkcs5", "encryption"] }
+poly1305.workspace = true
 rand.workspace = true
 ripemd = { workspace = true, features = ["oid"] }
 rsa.workspace = true