feat(streaming): add high-level streaming encrypt/decrypt API #44
Closed
Adel-Ayoub wants to merge 4 commits into
Closed
feat(streaming): add high-level streaming encrypt/decrypt API #44Adel-Ayoub wants to merge 4 commits into
Adel-Ayoub wants to merge 4 commits into
Conversation
…6B): magic/version/algorithm/reserved - ChunkAad (9B): index(u64 LE) + is_final(u8) for truncation protection - ChunkReader: fill-in-place zero-alloc read_chunk(&mut chunk) - ChunkWriter: internal buffer for single-syscall writes - Last-chunk padding with zero-byte validation - EncryptedChunk pre-allocation + Default - StreamAlgorithm <-> Algorithm conversion bridge - Generic finish() + finish_file() for fsync - 22 unit tests covering all acceptance criteria
feat(streaming): add low-level streaming primitives …
- encrypt_file_impl / decrypt_file_impl: 64KB AEAD chunk streaming - Per-chunk AAD (index + is_final) prevents reorder/truncation/append - Last-chunk padding to uniform ENCRYPTED_CHUNK_SIZE - Atomic temp-file-then-rename: failed ops leave no partial output - Algorithm cross-check between header and CipherHandle - Progress callbacks (0.0..1.0) via closure, FRB StreamSink wrappers - CipherHandle: add pub(crate) encrypt_raw/decrypt_raw/algorithm_id - 16 tests: roundtrip, tamper detection, progress, cleanup guarantees
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
TempFileGuarddrop guard — failed decrypt never leaves plaintext on diskpub(crate)methods onCipherHandlefor internal streaming useFiles Changed
rust/src/api/streaming.rs— new encrypt/decrypt impl + FRB wrappers + 16 testsrust/src/api/encryption/mod.rs— addencrypt_raw,decrypt_raw,algorithm_idpub(crate)rust/src/api/mod.rs— addpub mod streamingrust/Cargo.toml— addtempfile = "3"dev-dependencyrust/src/frb_generated.rs— codegen updated (StreamSink support)lib/src/rust/**— untracked generated Dart bindingsSecurity
is_final=0x01→ detectedDecryptionFailedTempFileGuarddeletes temp file on dropTest plan
cargo test streaming— 16 tests pass (roundtrip, tamper, reorder, truncation, progress, cleanup)cargo clippy -- -D warnings— clean (with and withouttestingfeature)flutter_rust_bridge_codegen generate— succeeds