GitLocker: The Coding Marketplace

Description:

webcrypto

Cross-Platform Web Cryptography Implemenation #
This package provides a cross-platform implementation of the
Web Cryptograph API.
Disclaimer: This is not an officially supported Google product.
This packages provides an implementation of the
Web Cryptograph API across multiple platforms. Outside the
browser, this package features a native implementation embedding
BoringSSL using dart:ffi. When used inside a
web browser this package wraps the window.crypto APIs and
providing the same Dart API as the native implementation.
This way, package:webcrypto provides the same crypto API on Android, iOS, Web, Windows, Linux and Mac.
Example
import 'dart:convert' show base64, utf8;
import 'package:webcrypto/webcrypto.dart';

Future<void> main() async {
final digest = await Hash.sha256.digestBytes(utf8.encode('Hello World'));
print(base.encode(digest));
}
copied to clipboard
Features:

Get random bytes
Digest (sha-1/sha-256/sha-384/sha-512)
HMAC (sign/verify)
RSASSA-PKCS1-v1_5 (sign/verify)
RSA-PSS (sign/verify)
ECDSA (sign/verify)
RSA-OAEP (encrypt/decrypt)
AES-CTR, AES-CBC, AES-GCM (encrypt/decrypt)
ECDH (deriveBits)
HKDF (deriveBits)
PBKDF2 (deriveBits)
BoringSSL, Chrome and Firefox implementations pass the same test cases.

Missing:

Exceptions and errors thrown for invalid input is not tested yet.
The native implementation executes on the main-thread, however, all expensive
APIs are asynchronous, so they can be offloaded in the future.

For a discussion of the API design of this package,
see doc/design-rationale-md.
Use with flutter test #
Unlike most plugins it is possible to run code that uses package:webcrypto
with flutter test. For this to work the native library must be built in the
application folder where flutter test is called. This can be done with:
# Only necessary when package:webcrypto is used from 'flutter test'
# This is not necessary for development with 'flutter run' and hot-reload
$ flutter pub run webcrypto:setup

# Now it's possible to run tests that uses package:webcrypto
$ flutter test test/my_test_file_using_webcrypto.dart
copied to clipboard
This requires:

cmake
a C compiler (like gcc or clang)
Linux or Mac.

The native library will be stored in .dart_tool/webcrypto/ which should
not be under source control.
It is also possible to run tests with Flutter Web using
flutter test -p chrome, this does not require any additional setup steps.
Limitations #
This package has a few limitations compared to the
Web Cryptograph API. For a discussion of parity with
Web Cryptography APIs see doc/webcrypto-parity.md.

deriveKey is not supported, however, keys can always be created from
derivedBits which is supported.
wrapKey is not supported, however, keys can be exported an encrypted.
unwrapKey is not supported, however, keys can be decrypted and imported.
AES-KW is not supported because it does not support encrypt/decrypt.

Compatibility notes #
This package has many tests cases to asses compatibility across the native
implementation using BoringSSL and various browser implementations of the
Web Cryptography APIs.
At the moment compatibility testing is limited to native implementation,
Chrome, Firefox and Safari.
Known Issues:

Chrome and BoringSSL does not support valid ECDH spki-formatted keys exported
by Firefox prior to version 72.
Firefox does not support PKCS8 import/export for ECDSA and ECDH keys.
Firefox does not handle counter wrap around for AES-CTR.
Safari does not support P-521 for ECDSA and ECDH.
The browser implementation of streaming methods for encryption,
decryption, signing and verification buffers the entire input, because
window.crypto does not expose a streaming API. However, the native
implementation using BoringSSL does support streaming.

References #

Web Cryptograpy Specification.
MDN Web Crypto API.
Chromium Web Crypto Source.
BoringSSL Source.
BoringSSL Documentation.