Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
94998c2
feat(evfs): add vault error variants to CryptoError
Adel-Ayoub Mar 5, 2026
453fdf3
feat(evfs): add evfs module scaffolding
Adel-Ayoub Mar 5, 2026
7dd312e
feat(evfs): add vault format structures and segment index
Adel-Ayoub Mar 5, 2026
1321abc
feat(evfs): update vault format structures and segment index
Adel-Ayoub Mar 5, 2026
008d968
Merge pull request #62 from MicroClub-USTHB/adelayoub/evfs-format
Adel-Ayoub Mar 5, 2026
4dc5161
build(evfs): add subtle crate for constant-time comparison
Adel-Ayoub Mar 5, 2026
3714cba
feat(evfs): add per-segment encryption, checksums, and secure deletion
Adel-Ayoub Mar 5, 2026
ab2d378
feat(evfs): add per-segment encryption, checksums, and secure deletion
Adel-Ayoub Mar 5, 2026
a1a9e30
Merge pull request #64 from MicroClub-USTHB/adelayoub/evfs-segment-en…
Adel-Ayoub Mar 5, 2026
4a9b8bf
fix(evfs): resolve clippy warnings in format tests
Adel-Ayoub Mar 5, 2026
4ce6f44
build(evfs): add crc32fast and fs4 crates for WAL and file locking
Adel-Ayoub Mar 5, 2026
8a17f52
feat(evfs): add WAL crash recovery and advisory file locking
Adel-Ayoub Mar 5, 2026
609f90c
Merge pull request #65 from MicroClub-USTHB/adelayoub/evfs-wal-crash-…
Adel-Ayoub Mar 5, 2026
f3d0ae1
feat(evfs): add encrypted index size constant and AEAD helpers
Adel-Ayoub Mar 5, 2026
6f74e0f
feat(evfs): implement vault API with VaultHandle for FRB
Adel-Ayoub Mar 5, 2026
22a630c
Merge pull request #67 from MicroClub-USTHB/adelayoub/evfs-vault-api
Adel-Ayoub Mar 5, 2026
a9bb901
build(evfs): hide internal types from FRB codegen
Adel-Ayoub Mar 5, 2026
587bf85
build(frb): regenerate bindings with EVFS vault API
Adel-Ayoub Mar 5, 2026
86e33ac
feat(dart): add VaultService wrapper and EVFS integration tests
aasmaa01 Mar 6, 2026
30de971
refactor(evfs): move format, segment, wal modules to core/evfs
Adel-Ayoub Mar 6, 2026
f7ea7c1
refactor(evfs): update api/evfs imports to use core/evfs
Adel-Ayoub Mar 6, 2026
52dc767
build(frb): regenerate bindings without EVFS internal types
Adel-Ayoub Mar 6, 2026
5fcde54
fix(evfs): clean up VaultService
Adel-Ayoub Mar 6, 2026
2a80240
fix(evfs): correct capacity test assertion from freeListBytes to unal…
Adel-Ayoub Mar 6, 2026
f86f887
Merge pull request #68 from MicroClub-USTHB/asma/evfs-dart
Adel-Ayoub Mar 6, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
611 changes: 611 additions & 0 deletions example/integration_test/evfs_test.dart

Large diffs are not rendered by default.

607 changes: 607 additions & 0 deletions integration_test/evfs_test.dart

Large diffs are not rendered by default.

3 changes: 2 additions & 1 deletion lib/m_security.dart
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,5 @@ export 'src/hashing/argon2.dart';
export 'src/kdf/hkdf.dart';
export 'src/rust/frb_generated.dart' show RustLib;
export 'src/streaming/streaming_service.dart';
export 'src/compression/compression_service.dart';
export 'src/compression/compression_service.dart';
export 'src/evfs/vault_service.dart';
92 changes: 92 additions & 0 deletions lib/src/evfs/vault_service.dart
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
import 'package:m_security/src/rust/api/evfs.dart' as rust_evfs;
import 'package:m_security/src/rust/api/compression.dart';
import 'dart:typed_data';

/// Encrypted Virtual File System — named segment storage in a .vault container.
///
/// Compression is optional on write (pass [CompressionConfig]) and
/// automatic on read (algorithm stored per-segment in the vault index).
class VaultService {
VaultService._();

/// Create a new vault file.
///
/// [algorithm] must be "aes-256-gcm" or "chacha20-poly1305".
static Future<rust_evfs.VaultHandle> create({
required String path,
required Uint8List key,
required String algorithm,
required int capacityBytes,
}) {
return rust_evfs.vaultCreate(
path: path,
key: key,
algorithm: algorithm,
capacityBytes: BigInt.from(capacityBytes),
);
}

/// Open an existing vault (runs WAL recovery if needed).
static Future<rust_evfs.VaultHandle> open({
required String path,
required Uint8List key,
}) {
return rust_evfs.vaultOpen(path: path, key: key);
}

/// Write (or overwrite) a named segment.
///
/// [compression] is optional — defaults to no compression.
/// MIME-aware skip: if [name] has an already-compressed extension
/// (e.g., ".jpg"), compression is bypassed automatically.
static Future<void> write({
required rust_evfs.VaultHandle handle,
required String name,
required Uint8List data,
CompressionConfig? compression,
}) {
return rust_evfs.vaultWrite(
handle: handle,
name: name,
data: data,
compression: compression,
);
}

/// Read a named segment. Decompression is automatic.
static Future<Uint8List> read({
required rust_evfs.VaultHandle handle,
required String name,
}) {
return rust_evfs.vaultRead(handle: handle, name: name);
}

/// Delete a named segment (securely erased from disk).
static Future<void> delete({
required rust_evfs.VaultHandle handle,
required String name,
}) {
return rust_evfs.vaultDelete(handle: handle, name: name);
}

/// List all segment names.
static Future<List<String>> list({
required rust_evfs.VaultHandle handle,
}) {
return rust_evfs.vaultList(handle: handle);
}

/// Get vault capacity info.
static Future<rust_evfs.VaultCapacityInfo> capacity({
required rust_evfs.VaultHandle handle,
}) {
return rust_evfs.vaultCapacity(handle: handle);
}

/// Close the vault (release lock, zeroize keys).
static Future<void> close({
required rust_evfs.VaultHandle handle,
}) {
return rust_evfs.vaultClose(handle: handle);
}
}
22 changes: 22 additions & 0 deletions rust/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 9 additions & 0 deletions rust/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,15 @@ argon2 = "0.5"
hkdf = "0.12"
sha2 = "0.10"

# Constant-time comparison
subtle = "2.6"

# CRC32 for WAL integrity
crc32fast = "1.4"

# Advisory file locking
fs4 = "0.12"

# Compression
zstd = { version = "0.13", optional = true }
brotli = { version = "7.0", optional = true }
Expand Down
Loading