Gap analysis of cas-lib 0.2.85's public API vs what this SDK currently exposes (as of the ChaCha20-Poly1305 addition on the Wycheproof branch, PR #89).
Whole algorithms not exposed
| cas-lib module |
Functions |
Notes |
AES-GCM-SIV (128 & 256) — symmetric/aes_gcm_siv.rs |
generate_key, generate_nonce, encrypt_plaintext, decrypt_ciphertext, key_from_x25519_shared_secret, key_from_vec |
Nonce-misuse-resistant AEAD. Wycheproof has aes_gcm_siv_test.json, so it can be validated the same way ChaCha20-Poly1305 was |
ML-KEM-1024 — pqc/ml_kem.rs |
ml_kem_1024_generate, ml_kem_1024_encapsulate, ml_kem_1024_decapsulate |
Post-quantum KEM (FIPS 203). Wycheproof mlkem_1024_test.json covers the deterministic decapsulation path |
SLH-DSA — pqc/slh_dsa.rs |
generate_signing_and_verification_key, sign_message, verify_signature |
Post-quantum signatures (FIPS 205). No Wycheproof vectors exist yet |
PBKDF2 — password_hashers/pbkdf2.rs |
derivation(password, iterations), derivation_with_salt(password, iterations, salt) |
Wycheproof has pbkdf2_hmacsha*_test.json; testable via the _with_salt variant if hash/output parameters line up |
Individual methods missing from already-exposed domains
| Domain |
Missing function |
What it does |
| Argon2 |
derive_aes_128_key, derive_aes_256_key |
Derive an AES key directly from a password — pairs with the existing AES wrappers |
| AES-GCM 128/256 |
key_from_vec |
Validates/normalizes a caller-supplied key (the SIV variants have it too) |
| Ed25519 |
ed25519_verify_with_key_pair |
Verify using the full keypair; only the public-key verify variant is exposed today |
Fully exposed already (no action)
AES-GCM, ChaCha20-Poly1305, X25519, HMAC-SHA256, HPKE, Ascon-AEAD128, SHA/BLAKE2 hashers, bcrypt/scrypt/argon2 hashing+verification, zstd.
Suggested order
- AES-GCM-SIV — complete algorithm, Wycheproof vectors ready, same recipe as the ChaCha20-Poly1305 exposure
- ML-KEM-1024 — first post-quantum primitive, decapsulation is Wycheproof-testable
- PBKDF2 + Argon2 key derivation helpers
- SLH-DSA and the small per-domain gaps
Each addition follows the standard four-step recipe in CLAUDE.md: #[napi] fn in src/<domain>/, npm run build:rust, TS wrapper class in src-ts/<domain>/, barrel exports.
🤖 Generated with Claude Code
Gap analysis of cas-lib 0.2.85's public API vs what this SDK currently exposes (as of the ChaCha20-Poly1305 addition on the
Wycheproofbranch, PR #89).Whole algorithms not exposed
symmetric/aes_gcm_siv.rsgenerate_key,generate_nonce,encrypt_plaintext,decrypt_ciphertext,key_from_x25519_shared_secret,key_from_vecaes_gcm_siv_test.json, so it can be validated the same way ChaCha20-Poly1305 waspqc/ml_kem.rsml_kem_1024_generate,ml_kem_1024_encapsulate,ml_kem_1024_decapsulatemlkem_1024_test.jsoncovers the deterministic decapsulation pathpqc/slh_dsa.rsgenerate_signing_and_verification_key,sign_message,verify_signaturepassword_hashers/pbkdf2.rsderivation(password, iterations),derivation_with_salt(password, iterations, salt)pbkdf2_hmacsha*_test.json; testable via the_with_saltvariant if hash/output parameters line upIndividual methods missing from already-exposed domains
derive_aes_128_key,derive_aes_256_keykey_from_veced25519_verify_with_key_pairFully exposed already (no action)
AES-GCM, ChaCha20-Poly1305, X25519, HMAC-SHA256, HPKE, Ascon-AEAD128, SHA/BLAKE2 hashers, bcrypt/scrypt/argon2 hashing+verification, zstd.
Suggested order
Each addition follows the standard four-step recipe in CLAUDE.md:
#[napi]fn insrc/<domain>/,npm run build:rust, TS wrapper class insrc-ts/<domain>/, barrel exports.🤖 Generated with Claude Code