Improves support for operating system APIs in cryptography_flutter.

In "package:cryptography" 2.5.0:
* Adds enough DER encoding/decoding support for us to use Apple's CryptoKit ECDH/ECDSA functions.
* Improves BrowserHmac/etc. parameter checks.
* Improves documentation.

In "package:cryptography_flutter" 2.3.0:
* Adds support for algorithms. In this version, the following operating system API adapters pass
  tests:
  * Android:
    * FlutterAesGcm
    * FlutterChacha20.poly1305Aead()
    * FlutterHmac.sha1()
    * FlutterHmac.sha224()
    * FlutterHmac.sha256()
    * FlutterHmac.sha384()
    * FlutterHmac.sha512()
    * FlutterPbkdf2()
  * Apple operating systems:
    * FlutterAesGcm
    * FlutterChacha20.poly1305Aead()
    * FlutterEd25519()
    * FlutterEcdh.p256()
    * FlutterEcdh.p384()
    * FlutterEcdh.p521()
    * FlutterEcdsa.p256()
    * FlutterEcdsa.p384()
    * FlutterEcdsa.p521()
    * FlutterHmac.sha256()
    * FlutterHmac.sha512()
    * FlutterX25519()
* Requires "package:cryptography" 2.5.0, which has enough DER encoding/decoding support for us to
  use Apple's CryptoKit ECDH/ECDSA functions.
* Adds support for reading names of crypto providers in Android.
* Adds more tests.

Author: terrier989

.github/FUNDING.yml

@@ -0,0 +1,2 @@
+github: [terrier989]
+open_collective: [cryptography]

README.md

@@ -11,10 +11,16 @@ Maintained by [gohilla.com](https://gohilla.com). Licensed under the [Apache Lic
 ## Packages
   * [cryptography](cryptography)
     * Cryptography API for Dart / Flutter.
-    * Contains cryptography implementations written in pure Dart.
-    * Contains cryptography implementations that use Web Cryptography API in browsers.
+    * Contains cryptographic algorithm implementations written in pure Dart.
+    * Contains cryptographic algorithm implementations that use Web Cryptography API in browsers.
   * [cryptography_flutter](cryptography_flutter)
-    * Contains cryptography implementations that use Android / iOS APIs.
+    * Contains cryptographic algorithm implementations that use operating system APIs in Android
+      and Apple operating systems (iOS, Mac OS X, etc.).
+  * [cryptography_flutter_integration_test](cryptography_flutter_integration_test)
+    * Integration test project for "cryptography_flutter".
+  * [cryptography_test](cryptography_flutter)
+    * Cross-platform tests. Note that "cryptography" and "cryptography_flutter_integration_test"
+      contain more tests than just these.
   * [jwk](jwk)
     * JWK (JSON Web Key) encoding / decoding.
 

cryptography/CHANGELOG.md

@@ -1,3 +1,8 @@
+## 2.5.0
+* Adds enough DER encoding/decoding support for us to use Apple's CryptoKit ECDH/ECDSA functions.
+* Improves BrowserHmac/etc. parameter checks.
+* Improves documentation.
+
 ## 2.4.0
 * Fixes many issues found by adding more tests. Also improves documentation.
 * Improves performance of SHA256, HMAC, and PBKDF2 by cutting unnecessary state allocations and

cryptography/README.md

@@ -6,9 +6,9 @@
 Popular cryptographic algorithms for [Dart](https://dart.dev) / [Flutter](https://flutter.dev)
 developers.
 
-Maintained by Gohilla. Licensed under the [Apache License 2.0](LICENSE).
+Maintained by [gohilla.com](https://gohilla.com). Licensed under the [Apache License 2.0](LICENSE).
 
-This package is:
+This package is designed to be:
 
 * __Easy to use__. The API is easy to understand and encourages good defaults.
 * __Multi-platform__. It's easy to customize implementation of X in platform Y.
@@ -26,11 +26,15 @@ Any feedback, issue reports, or pull requests are appreciated!
 
 # Getting started
 
+If you use Flutter, it's recommended (but not necessarily) that you also import our sibling package
+[cryptography_flutter](https://pub.dev/packages/cryptography_flutter), which improves performance
+by using operating system APIs.
+
 In _pubspec.yaml_:
 ```yaml
 dependencies:
-  cryptography: ^2.4.0
-  cryptography_flutter: ^2.2.0 # Remove this if you are writing a pure Dart package without Flutter
+  cryptography: ^2.5.0
+  cryptography_flutter: ^2.3.0 # Remove if you don't use Flutter
 ```
 
 You are ready to go!
@@ -39,14 +43,16 @@ You are ready to go!
 
 Please report bugs at [github.com/dint-dev/cryptography/issues](https://github.com/dint-dev/cryptography/issues).
 
-If you want discuss cryptography in Flutter/Dart projects with other developers, feel free to join
-our community discussion at [github.com/dint-dev/cryptography/discussions](https://github.com/dint-dev/cryptography/discussions):
-* Your experiences with the documentation and API design?
-* What is the best way to achieve X?
-* Etc.
+Having questions? Feel free to use our Github Discussions at
+[github.com/dint-dev/cryptography/discussions](https://github.com/dint-dev/cryptography/discussions).
+
+
+# Some things to know
+## General guidance on cryptography
+Please read [information about Mobile App Cryptography](https://mas.owasp.org/MASTG/General/0x04g-Testing-Cryptography/)
+by OWASP. It contains a lot of useful information that helps you build more secure software.
 
-# Concepts
-## Cryptographic keys
+## Common parameters
 * [SecretKey](https://pub.dev/documentation/cryptography/latest/cryptography/SecretKey-class.html)
     * Used by ciphers, message authentication codes, and key derivation functions.
 * [KeyPair](https://pub.dev/documentation/cryptography/latest/cryptography/KeyPair-class.html)
@@ -63,9 +69,6 @@ our community discussion at [github.com/dint-dev/cryptography/discussions](https
       (P-256 / P-384 / P-512 public keys)
     * [RsaPublicKey](https://pub.dev/documentation/cryptography/latest/cryptography/RsaPublicKey-class.html)
       (RSA public keys)
-* Nonces (also known as "IV", "Initialization Vector", "salt") are non-secret byte sequences.
-* AAD (Additional Authenticated Data) is some additional byte sequence that you want a cipher to
-  authenticate when you encrypt/decrypt.
 
 Note that SecretKey and KeyPair instances are opaque and asynchronous by default. They may not be in
 the memory and may not be readable at all. If a SecretKey or KeyPair instance is in memory, it's an
@@ -92,7 +95,7 @@ three types of wands:
 
 In the future version 3.x, we plan to transition to wands as the default API for doing operations.
 
-### Ciphers
+## Ciphers
 
 The following [Cipher](https://pub.dev/documentation/cryptography/latest/cryptography/Cipher-class.html)
 implementations are available:
@@ -118,7 +121,7 @@ implementations are available:
     * [Xchacha20.poly1305Aead](https://pub.dev/documentation/cryptography/latest/cryptography/Xchacha20/Xchacha20.poly1305Aead.html) (
       AEAD_XCHACHA20_POLY1305)
 
-### Digital signature algorithms
+## Digital signature algorithms
 
 The
 following [SignatureAlgorithm](https://pub.dev/documentation/cryptography/latest/cryptography/SignatureAlgorithm-class.html)
@@ -143,7 +146,7 @@ implementations are available:
       RSASSA-PKCS1v15)
     * We don't have implementations of these in pure Dart.
 
-### Key exchange algorithms
+## Key exchange algorithms
 
 The following [KeyExchangeAlgorithm](https://pub.dev/documentation/cryptography/latest/cryptography/KeyExchangeAlgorithm-class.html)
 implementations are available:
@@ -169,15 +172,15 @@ The following implementations are available:
 * [Pbkdf2](https://pub.dev/documentation/cryptography/latest/cryptography/Pbkdf2-class.html) (
   PBKDF2)
 
-### Message authentication codes
+## Message authentication codes
 
 The following [MacAlgorithm](https://pub.dev/documentation/cryptography/latest/cryptography/MacAlgorithm-class.html)
 implementations are available:
 
 * [Hmac](https://pub.dev/documentation/cryptography/latest/cryptography/Hmac-class.html)
 * [Poly1305](https://pub.dev/documentation/cryptography/latest/cryptography/Poly1305-class.html)
 
-### Cryptographic hash functions
+## Cryptographic hash functions
 
 The following [HashAlgorithm](https://pub.dev/documentation/cryptography/latest/cryptography/HashAlgorithm-class.html)
 implementations are available:
@@ -202,7 +205,7 @@ lots of small hashes, the advantage is even bigger because this package allows y
 state. Therefore our HMAC-SHA256 is much faster too. In browsers, hashes can be over 100 times
 faster because this package automatically uses Web Crypto API.
 
-### Random number generators
+## Random number generators
 
 We continue to use the old good `Random.secure()` as the default random number in all APIs.
 

cryptography/lib/src/browser/browser_cryptography.dart

@@ -150,7 +150,7 @@ class BrowserCryptography extends DartCryptography {
 
   @override
   Ecdsa ecdsaP256(HashAlgorithm hashAlgorithm) {
-    if (isSupported && hashAlgorithm is BrowserHashAlgorithmMixin) {
+    if (isSupported && hashAlgorithm is Sha256) {
       return BrowserEcdsa.p256(
         hashAlgorithm,
         random: _random,
@@ -161,7 +161,7 @@ class BrowserCryptography extends DartCryptography {
 
   @override
   Ecdsa ecdsaP384(HashAlgorithm hashAlgorithm) {
-    if (isSupported && hashAlgorithm is BrowserHashAlgorithmMixin) {
+    if (isSupported && hashAlgorithm is Sha384) {
       return BrowserEcdsa.p384(
         hashAlgorithm,
         random: _random,
@@ -172,7 +172,7 @@ class BrowserCryptography extends DartCryptography {
 
   @override
   Ecdsa ecdsaP521(HashAlgorithm hashAlgorithm) {
-    if (isSupported && hashAlgorithm is BrowserHashAlgorithmMixin) {
+    if (isSupported && hashAlgorithm is Sha512) {
       return BrowserEcdsa.p521(
         hashAlgorithm,
         random: _random,
@@ -183,11 +183,14 @@ class BrowserCryptography extends DartCryptography {
 
   @override
   Hkdf hkdf({required Hmac hmac, required int outputLength}) {
-    if (isSupported && hmac is BrowserHmac) {
-      return BrowserHkdf(
-        hmac: hmac,
-        outputLength: outputLength,
-      );
+    if (isSupported) {
+      if (BrowserHashAlgorithmMixin.hashAlgorithmNameFor(hmac.hashAlgorithm) !=
+          null) {
+        return BrowserHkdf(
+          hmac: hmac,
+          outputLength: outputLength,
+        );
+      }
     }
     return super.hkdf(
       hmac: hmac,

cryptography/lib/src/browser/ecdsa.dart

@@ -16,14 +16,14 @@ import 'dart:math';
 import 'dart:typed_data';
 
 import 'package:cryptography/cryptography.dart';
-import 'package:cryptography/src/browser/hash.dart';
 
 import '_javascript_bindings.dart' as web_crypto;
 import 'browser_ec_key_pair.dart';
+import 'hash.dart';
 
 class BrowserEcdsa extends Ecdsa {
   @override
-  final BrowserHashAlgorithmMixin hashAlgorithm;
+  final HashAlgorithm hashAlgorithm;
 
   @override
   final KeyPairType keyPairType;
@@ -34,23 +34,23 @@ class BrowserEcdsa extends Ecdsa {
   }) : super.constructor();
 
   BrowserEcdsa.p256(
-    BrowserHashAlgorithmMixin hashAlgorithm, {
+    HashAlgorithm hashAlgorithm, {
     Random? random,
   }) : this(
           keyPairType: KeyPairType.p256,
           hashAlgorithm: hashAlgorithm,
         );
 
   BrowserEcdsa.p384(
-    BrowserHashAlgorithmMixin hashAlgorithm, {
+    HashAlgorithm hashAlgorithm, {
     Random? random,
   }) : this(
           keyPairType: KeyPairType.p384,
           hashAlgorithm: hashAlgorithm,
         );
 
   BrowserEcdsa.p521(
-    BrowserHashAlgorithmMixin hashAlgorithm, {
+    HashAlgorithm hashAlgorithm, {
     Random? random,
   }) : this(
           keyPairType: KeyPairType.p521,
@@ -96,7 +96,9 @@ class BrowserEcdsa extends Ecdsa {
     final byteBuffer = await web_crypto.sign(
       web_crypto.EcdsaParams(
         name: 'ECDSA',
-        hash: hashAlgorithm.webCryptoName,
+        hash: BrowserHashAlgorithmMixin.hashAlgorithmNameFor(
+          hashAlgorithm,
+        )!,
       ),
       jsCryptoKey,
       web_crypto.jsArrayBufferFrom(message),
@@ -120,15 +122,18 @@ class BrowserEcdsa extends Ecdsa {
         'Public key should be an instance of EcPublicKey, not: $publicKey',
       );
     }
+    final hashAlgorithmName = BrowserHashAlgorithmMixin.hashAlgorithmNameFor(
+      hashAlgorithm,
+    )!;
     final jsCryptoKey = await jsPublicKeyFrom(
       signature.publicKey,
       webCryptoCurve: keyPairType.webCryptoCurve!,
-      webCryptoHash: hashAlgorithm.webCryptoName,
+      webCryptoHash: hashAlgorithmName,
     );
     return await web_crypto.verify(
       web_crypto.EcdsaParams(
         name: 'ECDSA',
-        hash: hashAlgorithm.webCryptoName,
+        hash: hashAlgorithmName,
       ),
       jsCryptoKey,
       web_crypto.jsArrayBufferFrom(signature.bytes),

cryptography/lib/src/browser/hash.dart

@@ -32,6 +32,22 @@ mixin BrowserHashAlgorithmMixin implements HashAlgorithm {
     );
     return Hash(Uint8List.view(byteBuffer));
   }
+
+  static String? hashAlgorithmNameFor(HashAlgorithm hashAlgorithm) {
+    if (hashAlgorithm is Sha1) {
+      return 'SHA-1';
+    }
+    if (hashAlgorithm is Sha256) {
+      return 'SHA-256';
+    }
+    if (hashAlgorithm is Sha384) {
+      return 'SHA-384';
+    }
+    if (hashAlgorithm is Sha512) {
+      return 'SHA-512';
+    }
+    return null;
+  }
 }
 
 /// [Sha1] implementation that uses _Web Cryptography API_ in browsers.

cryptography/lib/src/browser/hkdf.dart

@@ -15,17 +15,17 @@
 import 'dart:typed_data';
 
 import 'package:cryptography/cryptography.dart';
+import 'package:cryptography/src/browser/hash.dart';
 
 import '_javascript_bindings.dart' show jsArrayBufferFrom;
 import '_javascript_bindings.dart' as web_crypto;
-import 'hmac.dart';
 
 /// HKDF implementation that uses _Web Cryptography API_ in browsers.
 ///
 /// See [BrowserCryptography].
 class BrowserHkdf extends Hkdf {
   @override
-  final BrowserHmac hmac;
+  final Hmac hmac;
 
   @override
   final int outputLength;
@@ -43,7 +43,9 @@ class BrowserHkdf extends Hkdf {
     final byteBuffer = await web_crypto.deriveBits(
       web_crypto.HkdfParams(
         name: 'HKDF',
-        hash: hmac.hashAlgorithmWebCryptoName,
+        hash: BrowserHashAlgorithmMixin.hashAlgorithmNameFor(
+          hmac.hashAlgorithm,
+        )!,
         salt: jsArrayBufferFrom(nonce),
         info: jsArrayBufferFrom(info),
       ),