[codex] add WebCrypto Argon2 KDF support by andrewtdiz · Pull Request #4310 · PerryTS/perry

andrewtdiz · 2026-06-03T23:06:51Z

Summary

add WebCrypto raw-secret import support for Argon2d, Argon2i, and Argon2id keys
implement Argon2 deriveBits/deriveKey handling with nonce, memory, passes, parallelism, version, associatedData, and secretValue params
update CryptoKey runtime metadata IDs and usages so the added KDF algorithms do not collide with existing EC, Ed25519, X25519, and RSA keys
add a Node parity fixture covering support probes, deterministic Argon2 vectors, derived AES keys, and validation errors

PERRY_NO_AUTO_OPTIMIZE=1 CARGO_TARGET_DIR=/root/perry-worktrees/.build-targets/perry-webcrypto-argon2-baseline npm exec --yes --package=node@26 -- bash -lc './run_parity_tests.sh --suite node-suite --module crypto --filter argon2-kdf'
PERRY_NO_AUTO_OPTIMIZE=1 CARGO_TARGET_DIR=/root/perry-worktrees/.build-targets/perry-webcrypto-argon2-baseline npm exec --yes --package=node@26 -- bash -lc './run_parity_tests.sh --suite node-suite --module crypto --filter jwk-ecdh-p256'
PERRY_NO_AUTO_OPTIMIZE=1 CARGO_TARGET_DIR=/root/perry-worktrees/.build-targets/perry-webcrypto-argon2-baseline npm exec --yes --package=node@26 -- bash -lc './run_parity_tests.sh --suite node-suite --module crypto --filter webcrypto' (54 pass / 2 known adjacent parity fails: cryptokey-usages-extractable, jwk-wrap-unwrap; covered by [codex] align WebCrypto non-extractable key errors #4302)
CARGO_TARGET_DIR=/root/perry-worktrees/.build-targets/perry-webcrypto-argon2-check cargo check -p perry-stdlib --no-default-features --features crypto
cargo fmt --all -- --check
git diff --check
./scripts/check_file_size.sh

fix(crypto): add webcrypto argon2 kdf

a6e439b

andrewtdiz mentioned this pull request Jun 3, 2026

node:crypto: expand WebCrypto modern algorithm coverage #2518

Open