feat(derivation): Expose key derivation to FFI and language wrappers#387
Conversation
This change exposes the `key_derivation` module introduced in the previous commit to all language wrappers: the C FFI layer, C# managed wrappers, UniFFI (Kotlin/Swift/Python), and WASM/TypeScript. Four new FFI functions are added to `ffi/src/lib.rs`: `DeriveSecretKeyPbkdf2` and `DeriveSecretKeyArgon2` with accompanying `DeriveSecretKeyPbkdf2Size` and `DeriveSecretKeyArgon2ParametersSize` size-query functions. The C# managed layer receives matching P/Invoke declarations in `Native.Core.cs` and public `DeriveSecretKeyPbkdf2` / `DeriveSecretKeyArgon2` methods in `Managed.cs`. A new `key_derivation` UniFFI module is added under `uniffi/devolutions-crypto-uniffi/src/`, exposing a `KeyDerivationResult` record and the two derive functions for Kotlin, Swift, and Python consumers. The WASM demo application gains a new Key Derivation page with an algorithm selector (defaulting to Argon2, with PBKDF2 as an option), The Inspect (Debug) page is also extended to decode `KeyDerivation` blobs.
There was a problem hiding this comment.
Pull request overview
This PR exposes the Rust key_derivation functionality across the project’s wrapper surface area (FFI/C#, UniFFI, and WASM/TypeScript) and adds WASM demo UI + tests to exercise the new APIs.
Changes:
- Added FFI exports (PBKDF2 + Argon2) for deriving a structured
SecretKeyplus serializedDerivationParameters, and wired them into the C# managed wrapper. - Added a UniFFI
key_derivationmodule exposing derive functions and aKeyDerivationResultrecord for Kotlin/Swift/Python consumers. - Added WASM/TypeScript bindings, tests, and a demo “Key Derivation” page; extended Inspect (Debug) to decode
KeyDerivationblobs.
Reviewed changes
Copilot reviewed 19 out of 19 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| wrappers/wasm/tests/tests/key-derivation.ts | New WASM/TS tests for PBKDF2/Argon2 structured derivation + parameter round-trips. |
| wrappers/wasm/tests/tests/conformity.ts | Adds conformity coverage for serialized derivation parameters + known Argon2 derivation output. |
| wrappers/wasm/tests/package.json | Includes the new key-derivation test file in the test script. |
| wrappers/wasm/demo/src/app/service/encryption.inner.service.ts | Re-exports KeyDerivationResult/DerivationParameters and forwards derive calls to the WASM package. |
| wrappers/wasm/demo/src/app/key-derivation/key-derivation.component.ts | New Angular component implementing Argon2/PBKDF2 derivation UI. |
| wrappers/wasm/demo/src/app/key-derivation/key-derivation.component.html | New template for the Key Derivation page. |
| wrappers/wasm/demo/src/app/inspect/inspect.component.ts | Adds DataType 8 (KeyDerivation) and parsing/field display for derivation parameter payloads. |
| wrappers/wasm/demo/src/app/app.routes.ts | Adds /key-derivation route. |
| wrappers/wasm/demo/src/app/app.component.html | Adds navigation link to Key Derivation page and reorders nav items. |
| wrappers/csharp/tests/unit-tests/TestManaged.cs | Adds managed wrapper unit tests for derivation behavior + parameter round-trip. |
| wrappers/csharp/src/Native.Core.cs | Adds P/Invoke declarations for new FFI derivation functions and size helpers. |
| wrappers/csharp/src/Managed.cs | Adds DeriveSecretKeyPbkdf2 / DeriveSecretKeyArgon2 managed APIs. |
| wrappers/csharp/src/KeyDerivationResult.cs | New managed DTO for (SecretKey, DerivationParameters) return value. |
| wrappers/csharp/src/DerivationParameters.cs | New managed wrapper type for serialized derivation parameters. |
| uniffi/devolutions-crypto-uniffi/src/lib.rs | Registers/re-exports UniFFI key derivation module + adds KeyDerivationVersion remote enum. |
| uniffi/devolutions-crypto-uniffi/src/key_derivation.rs | New UniFFI exports for PBKDF2/Argon2 derivation returning raw bytes. |
| src/wasm.rs | Adds WASM-bindgen KeyDerivationResult, DerivationParameters helpers, and derive functions. |
| src/key_derivation/mod.rs | Marks DerivationParameters as wasm-bindgen inspectable when wbindgen feature is enabled. |
| ffi/src/lib.rs | Adds FFI entry points for structured derivation + buffer sizing helpers; includes new FFI tests. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Sébastien Duquette (sduquette-devolutions)
marked this pull request as ready for review
Sébastien Duquette (sduquette-devolutions)
requested a review
from mmorrissette-devolutions
|
Codex (@codex) review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2f02cbfba6
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "Codex (@codex) review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "Codex (@codex) address that feedback".
|
Codex (@codex) review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6589237b5e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "Codex (@codex) review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "Codex (@codex) address that feedback".
| /// # Safety | ||
| /// This method is made to be called by C, so it is therefore unsafe. The caller should make sure it passes the right pointers and sizes. | ||
| #[no_mangle] | ||
| pub unsafe extern "C" fn DeriveSecretKeyPbkdf2( |
There was a problem hiding this comment.
This adds an exported C ABI symbol, but the checked-in public header ffi/devolutions-crypto.h still has no DeriveSecretKey* declarations (I checked it with rg "DeriveSecretKey" ffi/devolutions-crypto.h). C consumers that include that header cannot compile against the new key-derivation FFI API without hand-written prototypes, so the feature is not actually exposed through the C FFI package; please regenerate/update the header for this function and the matching Argon2/PBKDF2-with-salt and size functions.
Useful? React with 👍 / 👎.
Sébastien Duquette (sduquette-devolutions)
merged commit 314f91d
into
master
This change exposes the
key_derivationmodule introduced in the previous commit to all language wrappers: the C FFI layer, C# managed wrappers, UniFFI (Kotlin/Swift/Python), and WASM/TypeScript.Four new FFI functions are added to
ffi/src/lib.rs:DeriveSecretKeyPbkdf2andDeriveSecretKeyArgon2with accompanyingDeriveSecretKeyPbkdf2SizeandDeriveSecretKeyArgon2ParametersSizesize-query functions. The C# managed layer receives matching P/Invoke declarations inNative.Core.csand publicDeriveSecretKeyPbkdf2/DeriveSecretKeyArgon2methods inManaged.cs.A new
key_derivationUniFFI module is added underuniffi/devolutions-crypto-uniffi/src/, exposing aKeyDerivationResultrecord and the two derive functions for Kotlin, Swift, and Python consumers.The WASM demo application gains a new Key Derivation page with an algorithm selector (defaulting to Argon2, with PBKDF2 as an option), The Inspect (Debug) page is also extended to decode
KeyDerivationblobs.