Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ migrate_working_dir/
.vscode/

# Generated by flutter-rust-bridge — regenerate with `flutter_rust_bridge_codegen generate`
lib/src/rust
# NOTE: lib/src/rust/ is NOT ignored — it must be committed for pub.dev publishing
rust/android/
rust/example/
rust/integration_test/
Expand Down
26 changes: 26 additions & 0 deletions .pubignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Override .gitignore for pub.dev publishing.
# FRB-generated Dart bindings must be included in the published package
# so consumers don't need to run codegen themselves.

# Exclude development/CI files
.github/
.vscode/
.idea/
*.iml
*.ipr
*.iws

# Exclude Rust source and build artifacts (compiled via cargokit at build time)
rust/target/

# Exclude example build artifacts
example/build/
example/.dart_tool/
example/android/.gradle/
example/ios/Pods/
example/macos/Pods/

# Exclude cargokit build artifacts
cargokit/build_tool/.dart_tool/

# Do NOT exclude lib/src/rust/ — these generated files are needed by consumers
43 changes: 41 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,42 @@
## 0.0.1
## 0.1.0

* TODO: Describe initial release.
Initial release of M-Security — a native Rust cryptographic SDK for Flutter.

### Authenticated Encryption (AEAD)

- **AES-256-GCM** — Industry-standard authenticated encryption with 32-byte keys, 12-byte auto-generated nonces, and 16-byte authentication tags.
- **ChaCha20-Poly1305** — High-performance alternative optimized for mobile processors lacking dedicated AES hardware.
- Unified `CipherHandle` interface for both ciphers (create, encrypt, decrypt, generate key).
- Output format: `nonce || ciphertext || tag`.

### Hashing

- **BLAKE3** — Ultra-fast integrity verification with one-shot and streaming APIs via `HasherHandle`.
- **SHA-3-256 (Keccak)** — NIST-standard hashing with one-shot and streaming APIs.
- **Argon2id** — PHC-winning password hashing with Mobile (64 MiB) and Desktop (256 MiB) presets, automatic salt generation, and PHC string output.

### Key Derivation (KDF)

- **HKDF-SHA256** — RFC 5869-compliant key derivation with `derive`, `extract`, and `expand` operations. Output range: 1-8160 bytes.

### Security

- All key material held in Rust behind opaque `#[frb(opaque)]` handles — raw keys never cross the FFI boundary.
- Secure memory management with `ZeroizeOnDrop` on all key-holding structs.
- `clippy::unwrap_used = "deny"` — no unwrap in FFI-visible code.
- `panic = "abort"` in release profile — no undefined behavior from panics crossing FFI.
- Nonces generated internally via `OsRng` — callers never handle nonces.

### Platform Support

- Android (ARM64, ARM32)
- iOS (ARM64, Simulator)
- macOS (ARM64, Intel)
- Linux (x86_64)
- Windows (x86_64)

### Infrastructure

- CI pipeline with Rust linting/testing, Dart analysis, and platform builds (Android, iOS, Linux).
- Integration tests for all cryptographic operations.
- Flutter Rust Bridge 2.11.1 for FFI code generation.
Loading