Skip to content

encryption: zero-knowledge envelope crypto crate, native + wasm32#239

Merged
AdaWorldAPI merged 1 commit into
masterfrom
claude/encryption-wasm
Jul 8, 2026
Merged

encryption: zero-knowledge envelope crypto crate, native + wasm32#239
AdaWorldAPI merged 1 commit into
masterfrom
claude/encryption-wasm

Conversation

@AdaWorldAPI

@AdaWorldAPI AdaWorldAPI commented Jul 8, 2026

Copy link
Copy Markdown
Owner

New workspace member (crates/* glob; NOT a default-member, so plain cargo build is untouched). Carries the forward crypto suite as one agnostic crate compiled from the same source for native servers and stock browsers via wasm32-unknown-unknown:

  • kdf: Argon2id (password -> 256-bit key), params carried in-band; DEFAULT (64 MiB/3/1) and INTERACTIVE (19 MiB/2/1, OWASP) presets
  • aead: XChaCha20-Poly1305 with explicit 24-byte random nonces
  • envelope: the sealed blob — versioned little-endian layout parsed by hand (no serde), header (magic|version|argon params|salt|nonce) is the AEAD associated data so cost-parameter tampering fails open()
  • sign: Ed25519 (generate/from_seed/sign/verify), RFC 8032 vector test
  • hash: SHA-384 + RFC 6962-style domain-separated merkle helpers
  • wasm: optional wasm-bindgen facade (--features wasm-bindings)

No SIMD of its own: simd.rs remains the repo's single dispatch entry (simd_avx512/avx2/neon/simd_wasm); vectorized paths live inside the audited RustCrypto crates. Entropy is getrandom-only (js feature -> crypto.getRandomValues on wasm32). Keys zeroize on drop, no Debug on key types, field-free errors, #![forbid(unsafe_code)].

Verified: 23 unit tests green natively; clippy -D warnings clean (all features); cargo check green on wasm32-unknown-unknown with and without wasm-bindings; release cdylib builds a wasm module.

Claude-Session: https://claude.ai/code/session_01RbXniqYUYgwUsRrEnRRiid

Summary by CodeRabbit

  • New Features
    • Added a new encryption library with support for password-based encrypted envelopes, key derivation, authenticated encryption, signing, verification, and SHA-384 hashing.
    • Added browser-ready WebAssembly bindings for encrypting, decrypting, signing, verifying, and hashing.
    • Added support for both native and wasm builds.

New workspace member (crates/* glob; NOT a default-member, so plain
cargo build is untouched). Carries the forward crypto suite as one
agnostic crate compiled from the same source for native servers and
stock browsers via wasm32-unknown-unknown:

- kdf: Argon2id (password -> 256-bit key), params carried in-band;
  DEFAULT (64 MiB/3/1) and INTERACTIVE (19 MiB/2/1, OWASP) presets
- aead: XChaCha20-Poly1305 with explicit 24-byte random nonces
- envelope: the sealed blob — versioned little-endian layout parsed
  by hand (no serde), header (magic|version|argon params|salt|nonce)
  is the AEAD associated data so cost-parameter tampering fails open()
- sign: Ed25519 (generate/from_seed/sign/verify), RFC 8032 vector test
- hash: SHA-384 + RFC 6962-style domain-separated merkle helpers
- wasm: optional wasm-bindgen facade (--features wasm-bindings)

No SIMD of its own: simd.rs remains the repo's single dispatch entry
(simd_avx512/avx2/neon/simd_wasm); vectorized paths live inside the
audited RustCrypto crates. Entropy is getrandom-only (js feature ->
crypto.getRandomValues on wasm32). Keys zeroize on drop, no Debug on
key types, field-free errors, #![forbid(unsafe_code)].

Verified: 23 unit tests green natively; clippy -D warnings clean
(all features); cargo check green on wasm32-unknown-unknown with and
without wasm-bindings; release cdylib builds a wasm module.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01RbXniqYUYgwUsRrEnRRiid
@AdaWorldAPI AdaWorldAPI merged commit 9c41b3a into master Jul 8, 2026
12 checks passed
@cursor

cursor Bot commented Jul 8, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_b9a23403-eb6e-45a6-a88a-be73df409504)

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: a4201c34-ed31-4b33-ad1d-3be6c811784a

📥 Commits

Reviewing files that changed from the base of the PR and between 83d4895 and 28ff812.

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (8)
  • crates/encryption/Cargo.toml
  • crates/encryption/src/aead.rs
  • crates/encryption/src/envelope.rs
  • crates/encryption/src/hash.rs
  • crates/encryption/src/kdf.rs
  • crates/encryption/src/lib.rs
  • crates/encryption/src/sign.rs
  • crates/encryption/src/wasm.rs

📝 Walkthrough

Walkthrough

Adds a new encryption Rust crate implementing zero-knowledge envelope cryptography: XChaCha20-Poly1305 AEAD, Argon2id KDF, SHA-384/Merkle hashing, Ed25519 signing, a password-based envelope format combining these primitives, a crate root with re-exports, and optional wasm-bindgen bindings for browser use.

Changes

Encryption Crate

Layer / File(s) Summary
Crate manifest and root module
crates/encryption/Cargo.toml, crates/encryption/src/lib.rs
Adds the crate manifest with dual rlib/cdylib targets, crypto dependencies, and wasm32 getrandom config; the root module declares submodules, re-exports envelope API, forbids unsafe code, and adds a CSPRNG wrapper with RngError.
AEAD primitive
crates/encryption/src/aead.rs
Implements XChaCha20-Poly1305 seal_with_key/open_with_key with explicit nonces, AeadError, and tests for round-trip and tamper/failure cases.
Argon2id key derivation
crates/encryption/src/kdf.rs
Adds KdfParams (server/interactive presets), zeroizing DerivedKey, KdfError, and derive_key with determinism and validation tests.
SHA-384 and Merkle hashing
crates/encryption/src/hash.rs
Adds sha384, domain-separated merkle_leaf/merkle_node functions, constants, and tests including a known SHA-384 vector.
Ed25519 signing
crates/encryption/src/sign.rs
Adds Keypair generation/from-seed construction, signing/verification, SignError, and tests including an RFC 8032 vector.
Password-based envelope
crates/encryption/src/envelope.rs
Defines a fixed header layout, EnvelopeError, seal/open combining KDF and AEAD with header-as-AAD, header encode/decode helpers, and tamper/malformed-input tests.
WASM bindings
crates/encryption/src/wasm.rs
Exports wasm_bindgen functions for sealing/opening envelopes, signing key generation/use, signature verification, and SHA-384, converting Rust errors into JsError.

Estimated code review effort: 4 (Complex) | ~60 minutes

Sequence Diagram(s)

sequenceDiagram
  participant JS as Browser (JS)
  participant Wasm as wasm.rs
  participant Envelope as envelope.rs
  participant Kdf as kdf.rs
  participant Aead as aead.rs

  JS->>Wasm: seal_envelope(password, plaintext, interactive)
  Wasm->>Envelope: seal(password, plaintext, params)
  Envelope->>Kdf: derive_key(password, salt, params)
  Kdf-->>Envelope: DerivedKey
  Envelope->>Aead: seal_with_key(key, nonce, header, plaintext)
  Aead-->>Envelope: ciphertext
  Envelope-->>Wasm: header + ciphertext blob
  Wasm-->>JS: blob (Vec<u8>)

  JS->>Wasm: open_envelope(password, blob)
  Wasm->>Envelope: open(password, blob)
  Envelope->>Envelope: decode_header(blob)
  Envelope->>Kdf: derive_key(password, salt, params)
  Kdf-->>Envelope: DerivedKey
  Envelope->>Aead: open_with_key(key, nonce, header, ciphertext)
  Aead-->>Envelope: plaintext or AeadError
  Envelope-->>Wasm: plaintext or EnvelopeError
  Wasm-->>JS: plaintext or thrown JsError
Loading

Poem

A crate is born beneath the moon so bright,
With salts and nonces sealed up tight.
Argon grinds, Chacha spins its thread,
Ed25519 signs what must be said.
Merkle leaves stack, hashed with care —
This bunny hops off, secrets safe somewhere! 🐇🔐

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants