Stdlib: Crypto hashing builtins (SHA-256, HMAC-SHA256) #244

New issue

Closed

opened 2026-01-12 02:36:23 +00:00 by navicore · 1 comment

navicore commented 2026-01-12 02:36:23 +00:00 (Migrated from github.com)

Copy link

Summary

Add cryptographic hashing builtins to enable JWT verification, webhook handling, secure tokens, and API authentication.

Proposed API

# SHA-256 hashing
"hello world" crypto.sha256          # ( String -- String ) hex-encoded
"hello world" crypto.sha256-bytes    # ( String -- Bytes ) raw bytes

# HMAC for API authentication / webhook verification
"webhook-payload" "secret-key" crypto.hmac-sha256
# ( message key -- signature )

# Timing-safe comparison (prevent timing attacks)
received-sig computed-sig crypto.constant-time-eq
# ( String String -- Bool )

Implementation

FFI wrappers around Rust's RustCrypto ecosystem:

• sha2 crate for SHA-256/SHA-512
• hmac crate for HMAC
• subtle crate for constant-time comparison

Estimated effort: 1-2 days

Deliverables Checklist

• Runtime builtins in crates/runtime/src/crypto.rs
• Unit tests for each function
• Integration tests in tests/integration/src/test-crypto.seq
• LSP support: signatures in BUILTIN_SIGNATURES, docs in BUILTIN_DOCS
• Example: examples/crypto/hash-demo.seq
• Example: examples/crypto/webhook-verify.seq
• Update docs/BATTERIES_INCLUDED.md status

Use Cases Unlocked

• JWT signature verification
• Webhook signature validation (GitHub, Stripe, etc.)
• Content addressing / checksums
• Password hashing preparation (input to bcrypt/argon2)

References

• See docs/BATTERIES_INCLUDED.md Priority 4: Cryptography
• RustCrypto: https://github.com/RustCrypto

## Summary Add cryptographic hashing builtins to enable JWT verification, webhook handling, secure tokens, and API authentication. ## Proposed API ```seq # SHA-256 hashing "hello world" crypto.sha256 # ( String -- String ) hex-encoded "hello world" crypto.sha256-bytes # ( String -- Bytes ) raw bytes # HMAC for API authentication / webhook verification "webhook-payload" "secret-key" crypto.hmac-sha256 # ( message key -- signature ) # Timing-safe comparison (prevent timing attacks) received-sig computed-sig crypto.constant-time-eq # ( String String -- Bool ) ``` ## Implementation FFI wrappers around Rust's RustCrypto ecosystem: - `sha2` crate for SHA-256/SHA-512 - `hmac` crate for HMAC - `subtle` crate for constant-time comparison Estimated effort: 1-2 days ## Deliverables Checklist - [ ] Runtime builtins in `crates/runtime/src/crypto.rs` - [ ] Unit tests for each function - [ ] Integration tests in `tests/integration/src/test-crypto.seq` - [ ] LSP support: signatures in `BUILTIN_SIGNATURES`, docs in `BUILTIN_DOCS` - [ ] Example: `examples/crypto/hash-demo.seq` - [ ] Example: `examples/crypto/webhook-verify.seq` - [ ] Update `docs/BATTERIES_INCLUDED.md` status ## Use Cases Unlocked - JWT signature verification - Webhook signature validation (GitHub, Stripe, etc.) - Content addressing / checksums - Password hashing preparation (input to bcrypt/argon2) ## References - See `docs/BATTERIES_INCLUDED.md` Priority 4: Cryptography - RustCrypto: https://github.com/RustCrypto

navicore commented 2026-01-12 03:46:07 +00:00 (Migrated from github.com)

Copy link

https://github.com/navicore/patch-seq/pull/254

https://github.com/navicore/patch-seq/pull/254

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

test3

test2

test-runner-pr

v6.5.2

v6.5.1

v6.5.0

v6.4.2

v6.4.1

v6.4.0

v6.3.0

v6.2.2

v6.2.1

v6.2.0

v6.1.2

v6.1.1

v6.1.0

v6.0.0

v5.7.1

v5.7.0

v5.6.5

v5.6.4

v5.6.3

v5.6.2

v5.6.1

v5.6.0

v5.5.1

v5.5.0

v5.4.1

v5.4.0

v5.3.0

v5.2.1

v5.2.0

v5.1.1

v5.1.0

v5.0.0

v4.2.1

v4.2.0

v4.1.0

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.1.0

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.0

v2.1.0

v2.0.1

v2.0.0

v1.1.1

v1.1.0

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v0.21.0

v0.20.1

v0.20.0

v0.19.12

v0.19.11

v0.19.10

v0.19.9

v0.19.8

v0.19.7

v0.19.6

v0.19.5

v0.19.4

v0.19.3

v0.19.2

v0.19.1

v0.19.0

v0.18.8

v0.18.7

v0.18.6

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.0

v0.10.7

v0.10.6

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.1

v0.9.0

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.4

v0.3.3

v0.3.2

v0.3.1

Labels

Clear labels   

bug

Something isn't working

  

dependencies

Pull requests that update a dependency file

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

refactor

Code refactoring and cleanup

  

rust

Pull requests that update rust code

  

technical-debt

Technical debt to address

  

wontfix

This will not be worked on

No labels

bug

dependencies

documentation

duplicate

enhancement

good first issue

help wanted

invalid

question

refactor

rust

technical-debt

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

navicore/patch-seq#244

No description provided.