Skip to content

fix(crypto): crypto hardening — constant-time ops, type guards, error base class#454

Merged
ThePrismSystem merged 7 commits intomainfrom
fix/m9-crypto-hardening
Apr 16, 2026
Merged

fix(crypto): crypto hardening — constant-time ops, type guards, error base class#454
ThePrismSystem merged 7 commits intomainfrom
fix/m9-crypto-hardening

Conversation

@ThePrismSystem
Copy link
Copy Markdown
Owner

Summary

  • Use constant-time comparison (sodium.memcmp) for bucket ID in grant parsing
  • Add withMasterKeyFromReset for automatic key zeroing after password reset
  • Add asserts return types to assertBoxSecretKey/assertSignSecretKey
  • Brand keyVersion parameter as KeyVersion, add PWHASH_MEMLIMIT_SENSITIVE
  • Add CryptoError base class, re-parent all 10 error classes
  • Add rotation-worker tests for partial success and abort, log retry exhaustion

Beans

Completes crypto-r10c (Phase 2 of M9 audit remediation).

Test plan

  • crypto: 797 tests pass
  • rotation-worker: 34 tests pass
  • Typecheck, lint, format: all clean
  • E2E tests (CI)

Re-parent all 10 error classes under a shared CryptoError base to
enable unified catch-all handling in consumers.
Narrow assertBoxSecretKey, assertBoxPublicKey, and assertSignSecretKey
to branded asserts types for compile-time key safety.
…IT_SENSITIVE

Use the branded KeyVersion type in getBucketKey to prevent accidental
unvalidated number arguments. Add the 1 GiB sensitive memory limit
constant for future server-side password hashing tiers.
Replace string !== with sodium.memcmp for the bucket ID check in
parseEnvelope to prevent timing side-channels during grant validation.
Add @mustZero annotation to PasswordResetResult.masterKey and a new
withMasterKeyFromReset wrapper that auto-zeroes both masterKey and
authKey in a finally block after the callback completes.
… tests

Capture the last error message as failureReason on failed items for
diagnostic visibility. Add tests for partial success scenarios and
mid-loop abort signal handling.
Propagate failureReason through CompletionItem, convert
ItemProcessResult to a discriminated union, brand keyVersion in
internal key-grant helpers, and strengthen test assertions.
@ThePrismSystem ThePrismSystem merged commit 08524fd into main Apr 16, 2026
11 of 13 checks passed
@ThePrismSystem ThePrismSystem deleted the fix/m9-crypto-hardening branch April 16, 2026 14:33
ThePrismSystem added a commit that referenced this pull request Apr 17, 2026
Flip beans to completed whose scope was delivered but never reflected in
status:

- types-jmk7, types-11ux (PR #453)
- crypto-r10c (PR #454)
- sync-jj8q (PR #455)
- ps-jdl9 (PR #456)
- api-l6w0, api-m3up, api-nfo1, ps-kyu9 (PR #457)

Each bean gets a Summary of Changes section pointing at the delivering PR
and the verified code landmarks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant