Skip to content

feat: add crypto_hash family, memzero, byte additional_data for AEAD, and crypto_secretstream_xchacha20poly1305#108

Open
slowsats wants to merge 4 commits into
serenity-kit:mainfrom
pietas-society:feat/native-surface-additions
Open

feat: add crypto_hash family, memzero, byte additional_data for AEAD, and crypto_secretstream_xchacha20poly1305#108
slowsats wants to merge 4 commits into
serenity-kit:mainfrom
pietas-society:feat/native-surface-additions

Conversation

@slowsats

@slowsats slowsats commented Jul 5, 2026

Copy link
Copy Markdown

Four additions to the native surface, one commit each, all matching libsodium-wrappers-sumo@0.8.4 semantics (argument shapes, return types, and failure behavior verified against its source):

crypto_hash, crypto_hash_sha256, crypto_hash_sha512 (+ _BYTES constants; web side re-exports the sumo-only spellings).
memzero — sodium_memzero over the ArrayBuffer's actual backing memory, honoring byteOffset/byteLength (a subarray test proves sibling bytes survive). Relates to #76.
additional_data: string | Uint8Array | null on crypto_aead_xchacha20poly1305_ietf_encrypt/_decrypt — the string path is byte-for-byte unchanged (existing vector tests pass unmodified); byte AAD authenticates byte-exact; null AAD (previously rejected natively) now matches the reference, pinned against a ciphertext generated from libsodium-wrappers-sumo@0.8.4 itself.
The crypto_secretstream_xchacha20poly1305 family (keygen, init_push → {state, header}, push, init_pull, pull → MessageTag | false) with _ABYTES/_HEADERBYTES/KEYBYTES and the four TAG* constants. pull reproduces the reference exactly: false on any cryptographic failure without advancing the state, TypeError('cipher is too short') only under ABYTES. Design note for review: the repo had no prior pattern for stateful bindings, so the stream state crosses JSI as an opaque ArrayBuffer holding the raw state struct, advanced in place — no handle registry, no lifetime management, no leak (the reference leaks states in wasm memory by design); trade-off comments are on the C++ helpers and the TS family. Happy to add rekey and _MESSAGEBYTES_MAX for family completeness if wanted.

Tests: example-app cases for everything (FIPS 180-4 digests, multi-chunk secretstream round-trip with all four tags, truncation/reorder/tamper failures, byte-vs-string AAD equivalence). The example suite passes on Android — including on physical arm64 hardware (Pixel 7 Pro) — and the web e2e suite (Playwright) independently validates every new test's expectations against the real libsodium-wrappers implementation. iOS is implemented in the shared C++ (compiled by the existing podspec glob; the vendored xcframework exports every required symbol) — CI is the verification channel, as this was developed on Linux.

slowsats and others added 4 commits July 5, 2026 05:40
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…ha20poly1305_ietf functions

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant