Adds 'cryptography_flutter' initial version. Small changes in 'crypto…

…graphy'. Bumps the version to 1.4.0.

README.md

@@ -15,9 +15,13 @@ Want to contribute? Please share feedback / issue reports in the
       * Digital signature algorithms (ED25519, P256/P384/P521, RSA-PSS, RSASSA-PKCS1-V15)
       * Key exchange algorithms (P256/P384/P521, X25519)
       * Message authentication codes (HMAC, Poly1305)
-      * Hashes (SHA1, SHA2, BLAKE2S)
+      * Hashes (SHA1, SHA2, BLAKE2B, BLAKE2S)
     * [Pub package](https://pub.dev/packages/cryptography)
     * [API reference](https://pub.dev/documentation/cryptography/latest/)
+  * [cryptography_flutter](cryptography_flutter)
+    * A version of _cryptography_ that delegates some asynchronous operations to operating system
+      APIs in Android, iOS, and Mac OS X.
+    * [Pub package](https://pub.dev/packages/cryptography_flutter)
   * [kms](kms)
     * A framework for Key Management Service (KMS) solutions.
     * [Pub package](https://pub.dev/packages/kms)

cryptography/CHANGELOG.md

@@ -1,3 +1,6 @@
+## 1.4.0
+  * Adds support for _cryptography_flutter_, which uses operating system implementations.
+
 ## 1.3.0
   * Adds PBKDF2 and Blake2b.
   * Some internal refactoring.

cryptography/README.md

@@ -19,7 +19,7 @@ See [our Github repository](https://github.com/dint-dev/cryptography).
   * [Pub package](https://pub.dev/packages/cryptography)
   * [API reference](https://pub.dev/documentation/cryptography/latest/)
 
-## Used by
+## Related packages
   * [kms](https://pub.dev/packages/kms)
     * A Dart package for hardware-based or cloud-based key management solutions.
   * [kms_flutter](https://pub.dev/packages/kms_flutter)
@@ -32,7 +32,7 @@ See [our Github repository](https://github.com/dint-dev/cryptography).
   * SHA1 and SHA2 implementations use the package [crypto](https://pub.dev/packages/crypto), which
     is maintained by Google and contains only hash functions and HMAC.
   * We wrote pure Dart implementations for X25519, ED25519, RSA-PSS, ChaCha20 / XChacha20, AES-CBC,
-    AES-CTR, AES-GCM, HKDF, HMAC, Poly1305, and BLAKE2S.
+    AES-CTR, AES-GCM, HKDF, HMAC, Poly1305, BLAKE2S, and BLAKE2B.
   * We implemented automatic use of [Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/)
     (_crypto.subtle_) when you use SHA1, SHA2, AES, ECDH, ECDSA, or RSA in browsers.
   * The APIs generally include both _asynchronous_ and _synchronous_ methods.  Only the
@@ -43,6 +43,11 @@ See [our Github repository](https://github.com/dint-dev/cryptography).
   * If Dart SDK decides to expose _BoringSSL_ functions ([SDK issue](https://github.com/dart-lang/sdk/issues/34659)),
     we will use them as much as possible.
 
+## Using operating system APIs of Android, iOS, and Mac OS X
+The package [cryptography_flutter](https://pub.dev/packages/cryptography_flutter) optimizes
+performance of some cryptographic algorithms by using native APIs of Android, iOS, and Mac OS X.
+You must use asynchronous methods to get the performance boost.
+
 ## Cryptographic material classes
   * [SecretKey](https://pub.dev/documentation/cryptography/latest/cryptography/SecretKey-class.html)
     is used by symmetric cryptography.
@@ -126,14 +131,13 @@ The following [HashAlgorithm](https://pub.dev/documentation/cryptography/latest/
   * [sha384](https://pub.dev/documentation/cryptography/latest/cryptography/sha384-constant.html) (SHA2-384)
   * [sha512](https://pub.dev/documentation/cryptography/latest/cryptography/sha512-constant.html) (SHA2-512)
 
-# Adding dependency
+# Getting started
 In _pubspec.yaml_:
 ```yaml
 dependencies:
-  cryptography: ^1.1.1
+  cryptography: ^1.4.0
 ```
 
-
 # Examples
 ## Key agreement with X25519
 In this example, we use [x25519](https://pub.dev/documentation/cryptography/latest/cryptography/x25519-constant.html).

cryptography/lib/cryptography.dart

@@ -23,6 +23,7 @@
 library cryptography;
 
 export 'src/cryptography/algorithms/aes.dart';
+export 'src/cryptography/algorithms/aes_gcm.dart';
 export 'src/cryptography/algorithms/blake2b.dart';
 export 'src/cryptography/algorithms/blake2s.dart';
 export 'src/cryptography/algorithms/chacha20.dart';

cryptography/lib/src/cryptography/algorithms/aes.dart

@@ -17,7 +17,6 @@ import 'package:cryptography/cryptography.dart';
 import '../web_crypto/web_crypto.dart';
 import 'aes_impl_cbc.dart';
 import 'aes_impl_ctr.dart';
-import 'aes_impl_gcm.dart';
 
 /// _AES_ with Cipher Block Chaining mode (AES-CBC).
 ///
@@ -105,40 +104,3 @@ const Cipher aesCbc = webAesCbc ?? dartAesCbc;
 /// }
 /// ```
 const Cipher aesCtr = webAesCtr ?? dartAesCtr;
-
-/// _AES-GCM_ (Galois/Counter Mode) cipher.
-///
-/// ## Things to know
-/// * `secretKey` can be any value with 128, 192, or 256 bits. By default,
-///   [Cipher.newSecretKey] returns 256 bit keys.
-/// * `nonce` can be 12 bytes or longer.
-/// * AES-GCM is authenticated so you don't need a separate MAC algorithm.
-/// * In browsers, the implementation takes advantage of _Web Cryptography API_.
-///
-/// ## Example
-/// ```dart
-/// import 'package:cryptography/cryptography.dart';
-///
-/// Future<void> main() async {
-///   final message = utf8.encode('Encrypted message');
-///
-///   const cipher = aesGcm;
-///   final secretKey = cipher.newSecretKeySync();
-///   final nonce = cipher.newNonce();
-///
-///   // Encrypt
-///   final encrypted = await cipher.encrypt(
-///     input,
-///     secretKey: secretKey,
-///     nonce: nonce,
-///   );
-///
-///   // Decrypt
-///   final decrypted = await cipher.encrypt(
-///     encryptedBytes,
-///     secretKey: secretKey,
-///     nonce: nonce,
-///   );
-/// }
-/// ```
-const Cipher aesGcm = webAesGcm ?? dartAesGcm;

cryptography/lib/src/cryptography/algorithms/aes_impl_gcm.dart → cryptography/lib/src/cryptography/algorithms/aes_gcm.dart

@@ -18,9 +18,45 @@ import 'package:cryptography/cryptography.dart';
 import 'package:cryptography/utils.dart';
 import 'package:meta/meta.dart';
 
+import '../web_crypto/web_crypto.dart';
 import 'aes_impl.dart';
 
-const Cipher dartAesGcm = _AesGcm();
+/// _AES-GCM_ (Galois/Counter Mode) cipher.
+///
+/// ## Things to know
+/// * `secretKey` can be any value with 128, 192, or 256 bits. By default,
+///   [Cipher.newSecretKey] returns 256 bit keys.
+/// * `nonce` can be 12 bytes or longer.
+/// * AES-GCM is authenticated so you don't need a separate MAC algorithm.
+/// * In browsers, the implementation takes advantage of _Web Cryptography API_.
+///
+/// ## Example
+/// ```dart
+/// import 'package:cryptography/cryptography.dart';
+///
+/// Future<void> main() async {
+///   final message = utf8.encode('Encrypted message');
+///
+///   const cipher = aesGcm;
+///   final secretKey = cipher.newSecretKeySync();
+///   final nonce = cipher.newNonce();
+///
+///   // Encrypt
+///   final encrypted = await cipher.encrypt(
+///     input,
+///     secretKey: secretKey,
+///     nonce: nonce,
+///   );
+///
+///   // Decrypt
+///   final decrypted = await cipher.encrypt(
+///     encryptedBytes,
+///     secretKey: secretKey,
+///     nonce: nonce,
+///   );
+/// }
+/// ```
+const Cipher aesGcm = webAesGcm ?? AesGcm();
 
 int _uint32ChangeEndian(int v) {
   // We mask with 0xFFFFFFFF to ensure the compiler recognizes the value will
@@ -31,14 +67,16 @@ int _uint32ChangeEndian(int v) {
       (0xFF & (v >> 24));
 }
 
-class _AesGcm extends AesCipher {
+/// {@nodoc}
+@visibleForTesting
+class AesGcm extends AesCipher {
   static final _r = () {
     final result = Uint32List(4);
     Uint8List.view(result.buffer)..[0] = 0xe1;
     return result;
   }();
 
-  const _AesGcm();
+  const AesGcm();
 
   @override
   bool get isAuthenticated => true;

cryptography/lib/src/cryptography/algorithms/chacha20_poly1305_aead.dart

@@ -60,7 +60,7 @@ import 'package:meta/meta.dart';
 ///   );
 /// }
 /// ```
-const CipherWithAppendedMac chacha20Poly1305Aead = _Chacha20Poly1305Aead(
+const CipherWithAppendedMac chacha20Poly1305Aead = Chacha20Poly1305Aead(
   name: 'chacha20Poly1305Aead',
   cipher: chacha20,
 );
@@ -74,19 +74,21 @@ const CipherWithAppendedMac chacha20Poly1305Aead = _Chacha20Poly1305Aead(
 ///   * This cipher is authenticated and decrypting will throw
 ///     [MacValidationException] if the cipherText contains an invalid MAC.
 ///   * `aad` (Associated Authenticated Data) is supported.
-const CipherWithAppendedMac xchacha20Poly1305Aead = _Chacha20Poly1305Aead(
+const CipherWithAppendedMac xchacha20Poly1305Aead = Chacha20Poly1305Aead(
   name: 'xchacha20Poly1305Aead',
   cipher: xchacha20,
 );
 
-class _Chacha20Poly1305Aead extends CipherWithAppendedMac {
+/// {@nodoc}
+@visibleForTesting
+class Chacha20Poly1305Aead extends CipherWithAppendedMac {
   static final _tmpByteData = ByteData(16);
   static final _tmpUint8List = Uint8List.view(_tmpByteData.buffer);
 
   @override
   final String name;
 
-  const _Chacha20Poly1305Aead({
+  const Chacha20Poly1305Aead({
     @required this.name,
     @required Cipher cipher,
     MacAlgorithm macAlgorithm = poly1305,
@@ -122,8 +124,15 @@ class _Chacha20Poly1305Aead extends CipherWithAppendedMac {
       nonce: nonce,
     );
     final sink = poly1305.newSink(secretKey: secretKeyForPoly1305);
+
     var length = 0;
 
+    final tmpByteData = _tmpByteData;
+    tmpByteData.setUint32(0, 0);
+    tmpByteData.setUint32(4, 0);
+    tmpByteData.setUint32(8, 0);
+    tmpByteData.setUint32(12, 0);
+
     // Add Additional Authenticated Data (AAD)
     final aadLength = aad == null ? 0 : aad.length;
     if (aadLength != 0) {
@@ -152,7 +161,6 @@ class _Chacha20Poly1305Aead extends CipherWithAppendedMac {
 
     // Add 16-byte footer.
     // We can't use setUint64() because it's not supported in the browsers.
-    final tmpByteData = _tmpByteData;
     tmpByteData.setUint32(
       0,
       uint32mask & aadLength,
@@ -183,6 +191,7 @@ class _Chacha20Poly1305Aead extends CipherWithAppendedMac {
 
     // Return MAC
     sink.close();
+
     return sink.mac;
   }
 

cryptography/lib/src/cryptography/web_crypto/impl/aes_gcm.dart

@@ -20,7 +20,7 @@ class _WebAesGcmCipher extends _WebAesCipher {
   const _WebAesGcmCipher();
 
   @override
-  Cipher get dartImplementation => dart.dartAesGcm;
+  Cipher get dartImplementation => const dart.AesGcm();
 
   @override
   Future<Uint8List> _decrypt(

cryptography/lib/src/cryptography/web_crypto/web_crypto_impl_browser.dart

@@ -27,7 +27,7 @@ import 'package:meta/meta.dart';
 
 import '../algorithms/aes_impl_cbc.dart' as dart;
 import '../algorithms/aes_impl_ctr.dart' as dart;
-import '../algorithms/aes_impl_gcm.dart' as dart;
+import '../algorithms/aes_gcm.dart' as dart;
 import '../algorithms/ec_dh_impl.dart' as dart;
 import '../algorithms/ec_dsa_impl.dart' as dart;
 import '../algorithms/pbkdf2_impl.dart' as dart;

cryptography/pubspec.yaml

@@ -1,5 +1,5 @@
 name: cryptography
-version: 1.3.0
+version: 1.4.0
 homepage: https://github.com/dint-dev/cryptography
 description:
   Cryptographic algorithms for encryption, digital signatures, key agreement, authentication, and

cryptography_flutter/.gitignore

@@ -0,0 +1,42 @@
+# Miscellaneous
+*.class
+*.log
+*.pyc
+*.swp
+.DS_Store
+.atom/
+.buildlog/
+.history
+.svn/
+
+# IntelliJ related
+*.iml
+*.ipr
+*.iws
+.idea/
+
+# VSCode
+.vscode/
+
+# Flutter/Dart/Pub related
+**/doc/api/
+**/ios/Flutter/.last_build_id
+.dart_tool/
+.flutter-plugins
+.flutter-plugins-dependencies
+.packages
+.pub-cache/
+.pub/
+/build/
+
+# Web related
+lib/generated_plugin_registrant.dart
+
+# Symbolication related
+app.*.symbols
+
+# Obfuscation related
+app.*.map.json
+
+# Exceptions to above rules.
+!/packages/flutter_tools/test/data/dart_dependencies_test/**/.packages

cryptography_flutter/.metadata

@@ -0,0 +1,10 @@
+# This file tracks properties of this Flutter project.
+# Used by Flutter tool to assess capabilities and perform upgrades etc.
+#
+# This file should be version controlled and should not be manually edited.
+
+version:
+  revision: 652bc59414cf04fd841e15b250c1de4fda00d38a
+  channel: master
+
+project_type: plugin

cryptography_flutter/CHANGELOG.md

@@ -0,0 +1,3 @@
+## 0.1.0
+
+* Initial version