changes

2026-01-08 09:50:51 -07:00
parent 50953c7007
commit 26766bb8d9
8 changed files with 443 additions and 170 deletions
--- a/.cargo/config.toml
+++ b/.cargo/config.toml
@@ -0,0 +1,2 @@
 [target.wasm32-unknown-unknown]
 rustflags = ['--cfg', 'getrandom_backend="wasm_js"']
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -6,9 +6,16 @@ description = "Post-quantum OPAQUE implementation using lattice-based cryptograp
 license = "MIT OR Apache-2.0"
 [dependencies]
-pqcrypto-kyber = { version = "0.8", features = ["serialization"] }
+# Native backend (C FFI - faster but not WASM compatible)
-pqcrypto-dilithium = { version = "0.5", features = ["serialization"] }
+pqcrypto-kyber = { version = "0.8", features = ["serialization"], optional = true }
-pqcrypto-traits = "0.3"
+pqcrypto-dilithium = { version = "0.5", features = ["serialization"], optional = true }
 pqcrypto-traits = { version = "0.3", optional = true }
 # WASM backend (pure Rust - WASM compatible)
 fips203 = { version = "0.4", default-features = false, features = ["ml-kem-768", "default-rng"], optional = true }
 fips204 = { version = "0.4", default-features = false, features = ["ml-dsa-65", "default-rng"], optional = true }
 getrandom_03 = { package = "getrandom", version = "0.3", features = ["wasm_js"], optional = true }
 getrandom_02 = { package = "getrandom", version = "0.2", features = ["js"], optional = true }
 sha2 = "0.10"
 sha3 = "0.10"
@@ -42,7 +49,11 @@ name = "timing_verification"
 harness = false
 [features]
-default = []
+default = ["native"]
 # Native backend using pqcrypto (C FFI) - faster, not WASM compatible
 native = ["dep:pqcrypto-kyber", "dep:pqcrypto-dilithium", "dep:pqcrypto-traits"]
 # WASM backend using fips203/fips204 (pure Rust) - WASM compatible
 wasm = ["dep:fips203", "dep:fips204", "dep:getrandom_03", "dep:getrandom_02"]
 server = ["dep:axum", "dep:tokio", "dep:tower-http"]
 debug-trace = []
--- a/pdfs/GitBookV2.pdf
+++ b/pdfs/GitBookV2.pdf
--- a/pdfs/access1_git.pdf
+++ b/pdfs/access1_git.pdf
--- a/pdfs/advanced_git.pdf
+++ b/pdfs/advanced_git.pdf
--- a/pdfs/git_it_princeton.pdf
+++ b/pdfs/git_it_princeton.pdf
--- a/src/ake/dilithium.rs
+++ b/src/ake/dilithium.rs
@@ -1,14 +1,16 @@
-use pqcrypto_dilithium::dilithium3;
+#[cfg(feature = "native")]
-use pqcrypto_traits::sign::{DetachedSignature, PublicKey, SecretKey};
+mod native {
-use zeroize::{Zeroize, ZeroizeOnDrop};
+    use pqcrypto_dilithium::dilithium3;
    use pqcrypto_traits::sign::{DetachedSignature, PublicKey, SecretKey};
    use zeroize::{Zeroize, ZeroizeOnDrop};
-use crate::error::{OpaqueError, Result};
+    use crate::error::{OpaqueError, Result};
-use crate::types::{DILITHIUM_PK_LEN, DILITHIUM_SIG_LEN, DILITHIUM_SK_LEN};
+    use crate::types::{DILITHIUM_PK_LEN, DILITHIUM_SIG_LEN, DILITHIUM_SK_LEN};
-#[derive(Clone)]
+    #[derive(Clone)]
-pub struct DilithiumPublicKey(dilithium3::PublicKey);
+    pub struct DilithiumPublicKey(pub(crate) dilithium3::PublicKey);
-impl DilithiumPublicKey {
+    impl DilithiumPublicKey {
        pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
            if bytes.len() != DILITHIUM_PK_LEN {
                return Err(OpaqueError::InvalidKeyLength {
@@ -25,15 +27,15 @@ impl DilithiumPublicKey {
        pub fn as_bytes(&self) -> Vec<u8> {
            self.0.as_bytes().to_vec()
        }
-}
+    }
-#[derive(Clone, Zeroize, ZeroizeOnDrop)]
+    #[derive(Clone, Zeroize, ZeroizeOnDrop)]
-pub struct DilithiumSecretKey {
+    pub struct DilithiumSecretKey {
        #[zeroize(skip)]
-    inner: dilithium3::SecretKey,
+        pub(crate) inner: dilithium3::SecretKey,
-}
+    }
-impl DilithiumSecretKey {
+    impl DilithiumSecretKey {
        pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
            if bytes.len() != DILITHIUM_SK_LEN {
                return Err(OpaqueError::InvalidKeyLength {
@@ -50,12 +52,12 @@ impl DilithiumSecretKey {
        pub fn as_bytes(&self) -> Vec<u8> {
            self.inner.as_bytes().to_vec()
        }
-}
+    }
-#[derive(Clone)]
+    #[derive(Clone)]
-pub struct DilithiumSignature(dilithium3::DetachedSignature);
+    pub struct DilithiumSignature(pub(crate) dilithium3::DetachedSignature);
-impl DilithiumSignature {
+    impl DilithiumSignature {
        pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
            if bytes.len() != DILITHIUM_SIG_LEN {
                return Err(OpaqueError::InvalidKeyLength {
@@ -72,26 +74,144 @@ impl DilithiumSignature {
        pub fn as_bytes(&self) -> Vec<u8> {
            self.0.as_bytes().to_vec()
        }
-}
+    }
-pub fn generate_keypair() -> (DilithiumPublicKey, DilithiumSecretKey) {
+    pub fn generate_keypair() -> (DilithiumPublicKey, DilithiumSecretKey) {
        let (pk, sk) = dilithium3::keypair();
        (DilithiumPublicKey(pk), DilithiumSecretKey { inner: sk })
-}
+    }
-pub fn sign(message: &[u8], sk: &DilithiumSecretKey) -> DilithiumSignature {
+    pub fn sign(message: &[u8], sk: &DilithiumSecretKey) -> DilithiumSignature {
        let sig = dilithium3::detached_sign(message, &sk.inner);
        DilithiumSignature(sig)
-}
+    }
-pub fn verify(message: &[u8], sig: &DilithiumSignature, pk: &DilithiumPublicKey) -> Result<()> {
+    pub fn verify(message: &[u8], sig: &DilithiumSignature, pk: &DilithiumPublicKey) -> Result<()> {
        dilithium3::verify_detached_signature(&sig.0, message, &pk.0)
            .map_err(|_| OpaqueError::SignatureVerificationFailed)
    }
 }
 #[cfg(feature = "wasm")]
 mod wasm {
    use fips204::ml_dsa_65;
    use fips204::traits::{SerDes, Signer, Verifier};
    use zeroize::{Zeroize, ZeroizeOnDrop};
    use crate::error::{OpaqueError, Result};
    use crate::types::{DILITHIUM_PK_LEN, DILITHIUM_SIG_LEN, DILITHIUM_SK_LEN};
    #[derive(Clone)]
    pub struct DilithiumPublicKey(pub(crate) ml_dsa_65::PublicKey);
    impl DilithiumPublicKey {
        pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
            if bytes.len() != DILITHIUM_PK_LEN {
                return Err(OpaqueError::InvalidKeyLength {
                    expected: DILITHIUM_PK_LEN,
                    got: bytes.len(),
                });
            }
            let arr: [u8; DILITHIUM_PK_LEN] = bytes
                .try_into()
                .map_err(|_| OpaqueError::Deserialization("Invalid Dilithium public key".into()))?;
            ml_dsa_65::PublicKey::try_from_bytes(arr)
                .map(Self)
                .map_err(|_| OpaqueError::Deserialization("Invalid Dilithium public key".into()))
        }
        #[must_use]
        pub fn as_bytes(&self) -> Vec<u8> {
            self.0.clone().into_bytes().to_vec()
        }
    }
    #[derive(Clone, Zeroize, ZeroizeOnDrop)]
    pub struct DilithiumSecretKey {
        #[zeroize(skip)]
        pub(crate) inner: ml_dsa_65::PrivateKey,
    }
    impl DilithiumSecretKey {
        pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
            if bytes.len() != DILITHIUM_SK_LEN {
                return Err(OpaqueError::InvalidKeyLength {
                    expected: DILITHIUM_SK_LEN,
                    got: bytes.len(),
                });
            }
            let arr: [u8; DILITHIUM_SK_LEN] = bytes
                .try_into()
                .map_err(|_| OpaqueError::Deserialization("Invalid Dilithium secret key".into()))?;
            ml_dsa_65::PrivateKey::try_from_bytes(arr)
                .map(|sk| Self { inner: sk })
                .map_err(|_| OpaqueError::Deserialization("Invalid Dilithium secret key".into()))
        }
        #[must_use]
        pub fn as_bytes(&self) -> Vec<u8> {
            self.inner.clone().into_bytes().to_vec()
        }
    }
    #[derive(Clone)]
    pub struct DilithiumSignature(pub(crate) [u8; DILITHIUM_SIG_LEN]);
    impl DilithiumSignature {
        pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
            if bytes.len() != DILITHIUM_SIG_LEN {
                return Err(OpaqueError::InvalidKeyLength {
                    expected: DILITHIUM_SIG_LEN,
                    got: bytes.len(),
                });
            }
            let arr: [u8; DILITHIUM_SIG_LEN] = bytes
                .try_into()
                .map_err(|_| OpaqueError::Deserialization("Invalid Dilithium signature".into()))?;
            Ok(Self(arr))
        }
        #[must_use]
        pub fn as_bytes(&self) -> Vec<u8> {
            self.0.to_vec()
        }
    }
    pub fn generate_keypair() -> (DilithiumPublicKey, DilithiumSecretKey) {
        let (pk, sk) = ml_dsa_65::try_keygen().expect("keygen should not fail with good RNG");
        (DilithiumPublicKey(pk), DilithiumSecretKey { inner: sk })
    }
    pub fn sign(message: &[u8], sk: &DilithiumSecretKey) -> DilithiumSignature {
        let sig = sk
            .inner
            .try_sign(message, &[])
            .expect("signing should not fail");
        DilithiumSignature(sig)
    }
    pub fn verify(message: &[u8], sig: &DilithiumSignature, pk: &DilithiumPublicKey) -> Result<()> {
        if pk.0.verify(message, &sig.0, &[]) {
            Ok(())
        } else {
            Err(OpaqueError::SignatureVerificationFailed)
        }
    }
 }
 #[cfg(all(feature = "native", feature = "wasm"))]
 compile_error!("Features 'native' and 'wasm' are mutually exclusive. Enable only one.");
 #[cfg(all(feature = "native", not(feature = "wasm")))]
 pub use native::*;
 #[cfg(all(feature = "wasm", not(feature = "native")))]
 pub use wasm::*;
 #[cfg(test)]
 mod tests {
    use super::*;
    use crate::types::{DILITHIUM_PK_LEN, DILITHIUM_SIG_LEN, DILITHIUM_SK_LEN};
    #[test]
    fn test_keypair_generation() {
@@ -138,7 +258,7 @@ mod tests {
        let bytes = sig.as_bytes();
        assert_eq!(bytes.len(), DILITHIUM_SIG_LEN);
-        let sig2 = DilithiumSignature::from_bytes(&bytes).unwrap();
+        let sig2 = DilithiumSignature::from_bytes(&bytes).expect("deserialization should succeed");
        assert_eq!(sig.as_bytes(), sig2.as_bytes());
    }
@@ -146,7 +266,7 @@ mod tests {
    fn test_public_key_serialization() {
        let (pk, _) = generate_keypair();
        let bytes = pk.as_bytes();
-        let pk2 = DilithiumPublicKey::from_bytes(&bytes).unwrap();
+        let pk2 = DilithiumPublicKey::from_bytes(&bytes).expect("deserialization should succeed");
        assert_eq!(pk.as_bytes(), pk2.as_bytes());
    }
--- a/src/ake/kyber.rs
+++ b/src/ake/kyber.rs
@@ -1,14 +1,16 @@
-use pqcrypto_kyber::kyber768;
+#[cfg(feature = "native")]
-use pqcrypto_traits::kem::{Ciphertext, PublicKey, SecretKey, SharedSecret};
+mod native {
-use zeroize::{Zeroize, ZeroizeOnDrop};
+    use pqcrypto_kyber::kyber768;
    use pqcrypto_traits::kem::{Ciphertext, PublicKey, SecretKey, SharedSecret};
    use zeroize::{Zeroize, ZeroizeOnDrop};
-use crate::error::{OpaqueError, Result};
+    use crate::error::{OpaqueError, Result};
-use crate::types::{KYBER_CT_LEN, KYBER_PK_LEN, KYBER_SK_LEN, KYBER_SS_LEN};
+    use crate::types::{KYBER_CT_LEN, KYBER_PK_LEN, KYBER_SK_LEN, KYBER_SS_LEN};
-#[derive(Clone)]
+    #[derive(Clone)]
-pub struct KyberPublicKey(kyber768::PublicKey);
+    pub struct KyberPublicKey(pub(crate) kyber768::PublicKey);
-impl KyberPublicKey {
+    impl KyberPublicKey {
        pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
            if bytes.len() != KYBER_PK_LEN {
                return Err(OpaqueError::InvalidKeyLength {
@@ -25,15 +27,15 @@ impl KyberPublicKey {
        pub fn as_bytes(&self) -> Vec<u8> {
            self.0.as_bytes().to_vec()
        }
-}
+    }
-#[derive(Clone, Zeroize, ZeroizeOnDrop)]
+    #[derive(Clone, Zeroize, ZeroizeOnDrop)]
-pub struct KyberSecretKey {
+    pub struct KyberSecretKey {
        #[zeroize(skip)]
-    inner: kyber768::SecretKey,
+        pub(crate) inner: kyber768::SecretKey,
-}
+    }
-impl KyberSecretKey {
+    impl KyberSecretKey {
        pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
            if bytes.len() != KYBER_SK_LEN {
                return Err(OpaqueError::InvalidKeyLength {
@@ -50,12 +52,12 @@ impl KyberSecretKey {
        pub fn as_bytes(&self) -> Vec<u8> {
            self.inner.as_bytes().to_vec()
        }
-}
+    }
-#[derive(Clone)]
+    #[derive(Clone)]
-pub struct KyberCiphertext(kyber768::Ciphertext);
+    pub struct KyberCiphertext(pub(crate) kyber768::Ciphertext);
-impl KyberCiphertext {
+    impl KyberCiphertext {
        pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
            if bytes.len() != KYBER_CT_LEN {
                return Err(OpaqueError::InvalidKeyLength {
@@ -72,15 +74,15 @@ impl KyberCiphertext {
        pub fn as_bytes(&self) -> Vec<u8> {
            self.0.as_bytes().to_vec()
        }
-}
+    }
-#[derive(Clone, Zeroize, ZeroizeOnDrop)]
+    #[derive(Clone, Zeroize, ZeroizeOnDrop)]
-pub struct KyberSharedSecret {
+    pub struct KyberSharedSecret {
        #[zeroize(skip)]
-    inner: kyber768::SharedSecret,
+        pub(crate) inner: kyber768::SharedSecret,
-}
+    }
-impl KyberSharedSecret {
+    impl KyberSharedSecret {
        #[must_use]
        pub fn as_bytes(&self) -> &[u8] {
            self.inner.as_bytes()
@@ -93,26 +95,164 @@ impl KyberSharedSecret {
            arr.copy_from_slice(bytes);
            arr
        }
-}
+    }
-pub fn generate_keypair() -> (KyberPublicKey, KyberSecretKey) {
+    pub fn generate_keypair() -> (KyberPublicKey, KyberSecretKey) {
        let (pk, sk) = kyber768::keypair();
        (KyberPublicKey(pk), KyberSecretKey { inner: sk })
-}
+    }
-pub fn encapsulate(pk: &KyberPublicKey) -> Result<(KyberSharedSecret, KyberCiphertext)> {
+    pub fn encapsulate(pk: &KyberPublicKey) -> Result<(KyberSharedSecret, KyberCiphertext)> {
        let (ss, ct) = kyber768::encapsulate(&pk.0);
        Ok((KyberSharedSecret { inner: ss }, KyberCiphertext(ct)))
-}
+    }
-pub fn decapsulate(ct: &KyberCiphertext, sk: &KyberSecretKey) -> Result<KyberSharedSecret> {
+    pub fn decapsulate(ct: &KyberCiphertext, sk: &KyberSecretKey) -> Result<KyberSharedSecret> {
        let ss = kyber768::decapsulate(&ct.0, &sk.inner);
        Ok(KyberSharedSecret { inner: ss })
    }
 }
 #[cfg(feature = "wasm")]
 mod wasm {
    use fips203::ml_kem_768;
    use fips203::traits::{Decaps, Encaps, KeyGen, SerDes};
    use zeroize::{Zeroize, ZeroizeOnDrop};
    use crate::error::{OpaqueError, Result};
    use crate::types::{KYBER_CT_LEN, KYBER_PK_LEN, KYBER_SK_LEN, KYBER_SS_LEN};
    #[derive(Clone)]
    pub struct KyberPublicKey(pub(crate) ml_kem_768::EncapsKey);
    impl KyberPublicKey {
        pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
            if bytes.len() != KYBER_PK_LEN {
                return Err(OpaqueError::InvalidKeyLength {
                    expected: KYBER_PK_LEN,
                    got: bytes.len(),
                });
            }
            let arr: [u8; KYBER_PK_LEN] = bytes
                .try_into()
                .map_err(|_| OpaqueError::Deserialization("Invalid Kyber public key".into()))?;
            ml_kem_768::EncapsKey::try_from_bytes(arr)
                .map(Self)
                .map_err(|_| OpaqueError::Deserialization("Invalid Kyber public key".into()))
        }
        #[must_use]
        pub fn as_bytes(&self) -> Vec<u8> {
            self.0.clone().into_bytes().to_vec()
        }
    }
    #[derive(Clone, Zeroize, ZeroizeOnDrop)]
    pub struct KyberSecretKey {
        #[zeroize(skip)]
        pub(crate) inner: ml_kem_768::DecapsKey,
    }
    impl KyberSecretKey {
        pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
            if bytes.len() != KYBER_SK_LEN {
                return Err(OpaqueError::InvalidKeyLength {
                    expected: KYBER_SK_LEN,
                    got: bytes.len(),
                });
            }
            let arr: [u8; KYBER_SK_LEN] = bytes
                .try_into()
                .map_err(|_| OpaqueError::Deserialization("Invalid Kyber secret key".into()))?;
            ml_kem_768::DecapsKey::try_from_bytes(arr)
                .map(|sk| Self { inner: sk })
                .map_err(|_| OpaqueError::Deserialization("Invalid Kyber secret key".into()))
        }
        #[must_use]
        pub fn as_bytes(&self) -> Vec<u8> {
            self.inner.clone().into_bytes().to_vec()
        }
    }
    #[derive(Clone)]
    pub struct KyberCiphertext(pub(crate) ml_kem_768::CipherText);
    impl KyberCiphertext {
        pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
            if bytes.len() != KYBER_CT_LEN {
                return Err(OpaqueError::InvalidKeyLength {
                    expected: KYBER_CT_LEN,
                    got: bytes.len(),
                });
            }
            let arr: [u8; KYBER_CT_LEN] = bytes
                .try_into()
                .map_err(|_| OpaqueError::Deserialization("Invalid Kyber ciphertext".into()))?;
            ml_kem_768::CipherText::try_from_bytes(arr)
                .map(Self)
                .map_err(|_| OpaqueError::Deserialization("Invalid Kyber ciphertext".into()))
        }
        #[must_use]
        pub fn as_bytes(&self) -> Vec<u8> {
            self.0.clone().into_bytes().to_vec()
        }
    }
    #[derive(Clone, Zeroize, ZeroizeOnDrop)]
    pub struct KyberSharedSecret {
        pub(crate) inner: [u8; KYBER_SS_LEN],
    }
    impl KyberSharedSecret {
        #[must_use]
        pub fn as_bytes(&self) -> &[u8] {
            &self.inner
        }
        #[must_use]
        pub fn to_array(&self) -> [u8; KYBER_SS_LEN] {
            self.inner
        }
    }
    pub fn generate_keypair() -> (KyberPublicKey, KyberSecretKey) {
        let (ek, dk) = ml_kem_768::KG::try_keygen().expect("keygen should not fail with good RNG");
        (KyberPublicKey(ek), KyberSecretKey { inner: dk })
    }
    pub fn encapsulate(pk: &KyberPublicKey) -> Result<(KyberSharedSecret, KyberCiphertext)> {
        let (ssk, ct) =
            pk.0.try_encaps()
                .map_err(|_| OpaqueError::EncapsulationFailed)?;
        let ss_bytes: [u8; KYBER_SS_LEN] = ssk.into_bytes().into();
        Ok((KyberSharedSecret { inner: ss_bytes }, KyberCiphertext(ct)))
    }
    pub fn decapsulate(ct: &KyberCiphertext, sk: &KyberSecretKey) -> Result<KyberSharedSecret> {
        let ssk = sk
            .inner
            .try_decaps(&ct.0)
            .map_err(|_| OpaqueError::DecapsulationFailed)?;
        let ss_bytes: [u8; KYBER_SS_LEN] = ssk.into_bytes().into();
        Ok(KyberSharedSecret { inner: ss_bytes })
    }
 }
 #[cfg(all(feature = "native", feature = "wasm"))]
 compile_error!("Features 'native' and 'wasm' are mutually exclusive. Enable only one.");
 #[cfg(all(feature = "native", not(feature = "wasm")))]
 pub use native::*;
 #[cfg(all(feature = "wasm", not(feature = "native")))]
 pub use wasm::*;
 #[cfg(test)]
 mod tests {
    use super::*;
    use crate::types::{KYBER_CT_LEN, KYBER_PK_LEN, KYBER_SK_LEN, KYBER_SS_LEN};
    #[test]
    fn test_keypair_generation() {
@@ -125,8 +265,8 @@ mod tests {
    fn test_encapsulate_decapsulate() {
        let (pk, sk) = generate_keypair();
-        let (ss1, ct) = encapsulate(&pk).unwrap();
+        let (ss1, ct) = encapsulate(&pk).expect("encapsulation should succeed");
-        let ss2 = decapsulate(&ct, &sk).unwrap();
+        let ss2 = decapsulate(&ct, &sk).expect("decapsulation should succeed");
        assert_eq!(ss1.as_bytes(), ss2.as_bytes());
        assert_eq!(ss1.as_bytes().len(), KYBER_SS_LEN);
@@ -136,7 +276,7 @@ mod tests {
    fn test_public_key_serialization() {
        let (pk, _) = generate_keypair();
        let bytes = pk.as_bytes();
-        let pk2 = KyberPublicKey::from_bytes(&bytes).unwrap();
+        let pk2 = KyberPublicKey::from_bytes(&bytes).expect("deserialization should succeed");
        assert_eq!(pk.as_bytes(), pk2.as_bytes());
    }
@@ -144,16 +284,16 @@ mod tests {
    fn test_secret_key_serialization() {
        let (_, sk) = generate_keypair();
        let bytes = sk.as_bytes();
-        let sk2 = KyberSecretKey::from_bytes(&bytes).unwrap();
+        let sk2 = KyberSecretKey::from_bytes(&bytes).expect("deserialization should succeed");
        assert_eq!(sk.as_bytes(), sk2.as_bytes());
    }
    #[test]
    fn test_ciphertext_serialization() {
        let (pk, _) = generate_keypair();
-        let (_, ct) = encapsulate(&pk).unwrap();
+        let (_, ct) = encapsulate(&pk).expect("encapsulation should succeed");
        let bytes = ct.as_bytes();
-        let ct2 = KyberCiphertext::from_bytes(&bytes).unwrap();
+        let ct2 = KyberCiphertext::from_bytes(&bytes).expect("deserialization should succeed");
        assert_eq!(ct.as_bytes(), ct2.as_bytes());
    }
		`@@ -0,0 +1,2 @@`
							`[target.wasm32-unknown-unknown]`
							`rustflags = ['--cfg', 'getrandom_backend="wasm_js"']`