============================================ CCC Rust Milestone 1 — Completion Record ============================================ :Status: Complete :Date: 2026-02-26 :Repository: ``ccc_rust`` :Milestone: 1 (Pure Rust crypto library) Related Documents ================= * Milestone 2 planning/session state: ``docs/ccc_rust_milestone2_session_state.rst`` Overview ======== Milestone 1 delivers a provider-based Rust cryptography workspace with: * a stable trait/type core crate, * a wolfSSL-backed provider crate, * and a conformance test binary validating NIST/RFC vectors. Milestone 1 is intentionally isolated from Flutter/Dart integration concerns. Scope and Boundaries ==================== Delivered in Milestone 1 ------------------------ * Workspace scaffold and cross-target build aliases. * ``ccc-crypto-core`` with algorithm enums, traits, registry, error/types. * ``ccc-crypto-wolfssl`` provider with AEAD/KDF/MAC/Hash/KEM support. * Conformance runner with NIST/RFC vectors and pass/fail gate output. * Architecture and phase-tracking documentation. Out of scope for Milestone 1 ---------------------------- * ``flutter_rust_bridge`` integration. * Dart bindings and Flutter plugin packaging. * LetUsMsg app integration wiring. * ML-KEM and Classic McEliece runtime implementation (declared, deferred). Crate Dependency Graph ====================== :: +------------------------+ | tests/conformance | | ccc-conformance-tests | +-----------+------------+ | v +------------------------+ +-------------------------+ | crates/ccc-crypto- | uses | vendors/wolfssl | | wolfssl +-------->+ (C library submodule) | +-----------+------------+ +-------------------------+ | v +------------------------+ | crates/ccc-crypto-core | | traits + enums + types | +------------------------+ Implementation Summary ====================== Core crate (``ccc-crypto-core``) -------------------------------- * Algorithm enums with fixed ``u32`` discriminants for cross-layer compatibility. * Provider trait surfaces: * ``AeadProvider`` * ``KdfProvider`` * ``MacProvider`` * ``HashProvider`` * ``KemProvider`` * ``CryptoProvider`` * ``ProviderRegistry`` (global, lazy-initialized registry model). * Core result/error and crypto data types, including zeroized key material handling. wolfSSL provider crate (``ccc-crypto-wolfssl``) ------------------------------------------------ * AEAD: AES-256-GCM, ChaCha20-Poly1305, XChaCha20-Poly1305. * KDF: HKDF-SHA256/384/512, Argon2id, BLAKE2b-based KDF path. * MAC: HMAC-SHA256/384/512, BLAKE2b-MAC, constant-time verification. * Hash: SHA-256/384/512, SHA3-256/512, BLAKE2b-512. * KEM: X25519 and X448 keygen/encap/decap. * Startup capability probing and benchmark hooks. Conformance suite ----------------- * NIST SP 800-38D AES-GCM vectors. * RFC 8439 ChaCha20-Poly1305 vectors. * RFC 5869 HKDF vectors. * RFC 4231 HMAC vectors. * FIPS/reference hash vectors. * RFC 7748 X25519/X448 DH vectors. * XChaCha20-Poly1305 extended-nonce roundtrip + auth-failure checks. Algorithm ID Mapping (u32) ========================== Authoritative source: ``crates/ccc-crypto-core/src/algorithms.rs``. KDF --- * ``1`` -> ``KdfAlgorithm::Sha256`` * ``2`` -> ``KdfAlgorithm::Sha384`` * ``3`` -> ``KdfAlgorithm::Sha512`` * ``4`` -> ``KdfAlgorithm::Blake2b512`` * ``5`` -> ``KdfAlgorithm::Argon2id`` * ``6`` -> ``KdfAlgorithm::Kmac256`` AEAD ---- * ``12`` -> ``AeadAlgorithm::AesGcm256`` * ``13`` -> ``AeadAlgorithm::ChaCha20Poly1305`` * ``14`` -> ``AeadAlgorithm::XChaCha20Poly1305`` * ``15`` -> ``AeadAlgorithm::Ascon128a`` MAC --- * ``30`` -> ``MacAlgorithm::HmacSha256`` * ``31`` -> ``MacAlgorithm::HmacSha384`` * ``32`` -> ``MacAlgorithm::HmacSha512`` * ``33`` -> ``MacAlgorithm::Blake2bMac`` * ``35`` -> ``MacAlgorithm::Poly1305`` Hash ---- * ``40`` -> ``HashAlgorithm::Sha256`` * ``41`` -> ``HashAlgorithm::Sha384`` * ``42`` -> ``HashAlgorithm::Sha512`` * ``43`` -> ``HashAlgorithm::Blake2b512`` * ``44`` -> ``HashAlgorithm::Sha3_256`` * ``45`` -> ``HashAlgorithm::Sha3_512`` KEM --- * ``50`` -> ``KemAlgorithm::X25519`` * ``51`` -> ``KemAlgorithm::X448`` * ``52`` -> ``KemAlgorithm::MlKem768`` (deferred) * ``53`` -> ``KemAlgorithm::MlKem1024`` (deferred) * ``54`` -> ``KemAlgorithm::ClassicMcEliece460896`` (deferred) Verification Gate (Milestone 1) ================================ All required gate items are complete: * ``[x]`` ``cargo test --workspace`` * ``[x]`` ``cargo run -p ccc-conformance-tests`` → ``ALL VECTORS PASSED`` * ``[x]`` ``cargo build --target aarch64-apple-ios`` * ``[x]`` ``cargo build --target aarch64-linux-android`` * ``[x]`` No ``flutter_rust_bridge`` / Dart / Flutter dependency in workspace * ``[x]`` ``cargo audit`` (0 vulnerabilities) Milestone 2 Handoff Contract ============================ Milestone 2 (plugin repository) must consume Milestone 1 outputs without changing Milestone 1 algorithm IDs or trait semantics. Handoff inputs -------------- * ``ccc-crypto-core`` public trait + type API. * ``ccc-crypto-wolfssl`` provider behavior validated by conformance gates. * Algorithm discriminant mapping above. Milestone 2 responsibilities ---------------------------- * Add bridge crate and ``flutter_rust_bridge`` in Milestone 2 repo only. * Implement DTO-safe bridge calls (init/capabilities/aead/kdf/mac/hash/kem/self-test). * Generate Dart bindings and package plugin targets.