feat(zlib/crypto): zlib.constants + subtle.generateKey (AES-GCM)#955
Merged
Conversation
Moves axios + jose past the next `compilePackages` compile gates after
- `zlib.constants` — adds the ~50 `Z_*` / flush / return-code /
`DEFLATE`/`INFLATE`/`GZIP`/`BROTLI_*`/`ZSTD_*` table Node ships on
`require('node:zlib').constants`. Routed through the existing
`crypto.constants` / `os.constants` sub-namespace plumbing in
`get_native_module_constant`. Required by axios stream wiring.
- `crypto.subtle.generateKey(algorithm, extractable, keyUsages)` —
initial AES-GCM coverage (128 / 256 bit; 192-bit rejected, mirroring
the existing encrypt/decrypt path keyed on `aes-gcm` 0.10's
`Aes128Gcm`/`Aes256Gcm` types). Returned CryptoKey is registered
with `(AesGcm, Sha256)` so `subtle.encrypt`/`decrypt` round-trip on
it. Required by jose's `generateSecret('A256GCM')`.
Asymmetric algorithms (RSA / ECDSA / ECDH), `wrapKey`/`unwrapKey`,
`deriveKey`, and HMAC keygen remain TODO follow-ups (jose's next
blocker is now `subtle.wrapKey`).
Regression tests:
- test-files/test_zlib_constants.ts — output byte-matches Node.
- test-files/test_crypto_subtle_generateKey.ts — round-trips
encrypt + decrypt on the freshly generated key.
proggeramlug
force-pushed
the
zlib-constants-subtle-generatekey
branch
from
f8bcba5 to
f6f5293
Compare
7 tasks
proggeramlug
added a commit
that referenced
this pull request
May 17, 2026
Moves axios + jose past the next compilePackages compile gates after #955: - `zlib.createBrotliDecompress(options?)` — axios feature-checks this at module init. Manifest entry + native shim in perry-stdlib's zlib module returns a registered Buffer-shaped handle (the typeof check is what axios needs; the real Brotli decode pipe only fires on `content-encoding: br` and is a TODO follow-up). Adds `brotli = "8.0.2"` under the compression feature. - `crypto.subtle.wrapKey` / `unwrapKey` — full HIR/codegen/runtime path with AES-KW (RFC 3394 via `aes-kw = "0.3.0"`, 128/192/256-bit) and AES-GCM (reusing existing encrypt/decrypt helpers). The unwrapped CryptoKey is registered under the supplied `unwrappedKeyAlgorithm` (currently AES-GCM) so subsequent encrypt/decrypt round-trip on it. New HIR variants WebCryptoWrapKey / WebCryptoUnwrapKey with walker + stable-hash tags 470/471. Regression tests: - test-files/test_zlib_brotli_decompress.ts — feature-check pass. - test-files/test_crypto_subtle_wrap_unwrap.ts — generate two AES-GCM keys, AES-GCM wrap the inner key with the KEK, unwrap, then decrypt a ciphertext made with the original to confirm bytes round-trip. Bumps to v0.5.976.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Moves the two
compilePackagessmoke targets from #952 past their next compile gates by adding two same-family manifest entries + runtime bindings:zlib.constants— the ~50Z_*/ flush / return-code /DEFLATE/INFLATE/GZIP/BROTLI_*/ZSTD_*table Node exposes onrequire('node:zlib').constants. Routed through the existingcrypto.constants/os.constantssub-namespace plumbing inget_native_module_constant(perry-runtime/src/object.rs). Required by axios for stream wiring.crypto.subtle.generateKey(algorithm, extractable, keyUsages)— initial AES-GCM coverage (128 / 256 bit; 192-bit explicitly rejected to mirror the existing encrypt/decrypt path keyed onaes-gcm0.10'sAes128Gcm/Aes256Gcmtype set). NewExpr::WebCryptoGenerateKeyvariant + HIR lowering + codegen + runtime extern. The returned CryptoKey is registered with(AesGcm, Sha256)so the existingsubtle.encrypt/decryptpaths round-trip on it. Required by jose'sgenerateSecret('A256GCM').Asymmetric algorithms (RSA / ECDSA / ECDH),
wrapKey/unwrapKey,deriveKey, and HMAC keygen remain TODO follow-ups tracked alongside #561.Bumps to v0.5.973.
Test plan
test-files/test_zlib_constants.tsreads 11 constants — output byte-matchesnode -e 'const z=require("node:zlib").constants; ...'.test-files/test_crypto_subtle_generateKey.tsround-trips encrypt + decrypt on a freshly generated 256-bit AES-GCM key, asserts ciphertext-length-equals-plaintext-plus-16-byte-tag.cargo test -p perry-codegen --tests manifest_consistency— all 4 drift guards pass.cargo test -p perry-stdlib --lib webcrypto— all 9 webcrypto tests pass.import axios from "axios"; perry main.ts -o out) advances past thezlib.constantsgate — next gap iszlib.createBrotliDecompress, separate follow-up.import * as jose from "jose"; perry main.ts -o out) advances past thesubtle.generateKeygate — next gap issubtle.wrapKey, separate follow-up../scripts/regen_api_docs.sh(zlib.constantsadded; manifest now 869 entries across 71 modules).