Skip to content

fix(crypto): crypto hardening — constant-time ops, type guards, error base class#454

Merged
ThePrismSystem merged 7 commits intomainfrom
fix/m9-crypto-hardening
Apr 16, 2026
Merged

fix(crypto): crypto hardening — constant-time ops, type guards, error base class#454
ThePrismSystem merged 7 commits intomainfrom
fix/m9-crypto-hardening

Conversation

@ThePrismSystem
Copy link
Copy Markdown
Owner

@ThePrismSystem ThePrismSystem commented Apr 16, 2026

Summary

  • Use constant-time comparison (sodium.memcmp) for bucket ID in grant parsing
  • Add withMasterKeyFromReset for automatic key zeroing after password reset
  • Add asserts return types to assertBoxSecretKey/assertSignSecretKey
  • Brand keyVersion parameter as KeyVersion, add PWHASH_MEMLIMIT_SENSITIVE
  • Add CryptoError base class, re-parent all 10 error classes
  • Add rotation-worker tests for partial success and abort, log retry exhaustion

Beans

Completes crypto-r10c (Phase 2 of M9 audit remediation).

Test plan

  • crypto: 797 tests pass
  • rotation-worker: 34 tests pass
  • Typecheck, lint, format: all clean
  • E2E tests (CI)

@ThePrismSystem
feat(crypto): add CryptoError base class for all crypto errors
fc2a1a4 
Re-parent all 10 error classes under a shared CryptoError base to
enable unified catch-all handling in consumers.
@ThePrismSystem
feat(crypto): add asserts return types to key validation functions
e8b7b40 
Narrow assertBoxSecretKey, assertBoxPublicKey, and assertSignSecretKey
to branded asserts types for compile-time key safety.
@ThePrismSystem
feat(crypto): brand keyVersion in lifecycle API and add PWHASH_MEMLIM…
8bda3ee 
…IT_SENSITIVE

Use the branded KeyVersion type in getBucketKey to prevent accidental
unvalidated number arguments. Add the 1 GiB sensitive memory limit
constant for future server-side password hashing tiers.
@ThePrismSystem
fix(crypto): use constant-time comparison for key grant bucket ID
270d1ae 
Replace string !== with sodium.memcmp for the bucket ID check in
parseEnvelope to prevent timing side-channels during grant validation.
@ThePrismSystem
feat(crypto): add withMasterKeyFromReset for automatic key zeroing
72f1db9 
Add @mustZero annotation to PasswordResetResult.masterKey and a new
withMasterKeyFromReset wrapper that auto-zeroes both masterKey and
authKey in a finally block after the callback completes.
@ThePrismSystem
feat(rotation-worker): add failure reason logging and partial-success…
c7a8cd8 
… tests

Capture the last error message as failureReason on failed items for
diagnostic visibility. Add tests for partial success scenarios and
mid-loop abort signal handling.
@ThePrismSystem
fix(crypto,rotation-worker): address PR #454 review findings
069da87 
Propagate failureReason through CompletionItem, convert
ItemProcessResult to a discriminated union, brand keyVersion in
internal key-grant helpers, and strengthen test assertions.
@ThePrismSystem ThePrismSystem merged commit 08524fd into main Apr 16, 2026
11 of 13 checks passed
@ThePrismSystem ThePrismSystem deleted the fix/m9-crypto-hardening branch April 16, 2026 14:33
ThePrismSystem added a commit that referenced this pull request Apr 17, 2026
@ThePrismSystem
chore(beans): close 9 M9 audit beans shipped in PRs #453-#457
cc6db04 
Flip beans to completed whose scope was delivered but never reflected in
status:

- types-jmk7, types-11ux (PR #453)
- crypto-r10c (PR #454)
- sync-jj8q (PR #455)
- ps-jdl9 (PR #456)
- api-l6w0, api-m3up, api-nfo1, ps-kyu9 (PR #457)

Each bean gets a Summary of Changes section pointing at the delivering PR
and the verified code landmarks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ThePrismSystem