264 lines
9.1 KiB
ReStructuredText
264 lines
9.1 KiB
ReStructuredText
==============================================
|
|
CCC Rust Implementation — Phase Tracking
|
|
==============================================
|
|
|
|
:Last Updated: 2026-02-24
|
|
|
|
Legend
|
|
------
|
|
|
|
* ``[ ]`` Not started
|
|
* ``[~]`` In progress
|
|
* ``[x]`` Complete
|
|
* ``[!]`` Blocked
|
|
|
|
----
|
|
|
|
Three-Milestone Overview
|
|
------------------------
|
|
|
|
============= =================================== ============================
|
|
Milestone Repository Status
|
|
============= =================================== ============================
|
|
**1 (this)** ``ccc_rust`` In progress
|
|
**2** ``ccc_cryptography`` Not started
|
|
**3** ``letusmsg`` (existing app) Not started
|
|
============= =================================== ============================
|
|
|
|
Milestone 2 does not start until the Milestone 1 Verification Gate passes.
|
|
Milestone 3 does not start until the Milestone 2 gate passes.
|
|
|
|
----
|
|
|
|
============================================================
|
|
Milestone 1 — ``ccc_rust`` Pure Rust Crypto Library
|
|
============================================================
|
|
|
|
Step 1 — Cargo Workspace Scaffold
|
|
----------------------------------
|
|
|
|
* ``[x]`` Create ``Cargo.toml`` (workspace manifest, 3 members — no bridge crate)
|
|
* ``[x]`` Create ``rust-toolchain.toml`` (channel = "stable")
|
|
* ``[x]`` Create ``.cargo/config.toml`` (cross-compile target aliases)
|
|
* ``[x]`` Create ``vendors/README.md``
|
|
|
|
----
|
|
|
|
Step 2 — ``ccc-crypto-core`` Trait Crate
|
|
-----------------------------------------
|
|
|
|
* ``[x]`` Create ``crates/ccc-crypto-core/Cargo.toml``
|
|
* ``[x]`` ``algorithms.rs`` — AeadAlgorithm, KdfAlgorithm, MacAlgorithm,
|
|
HashAlgorithm, KemAlgorithm enums (values == cipher_constants.dart)
|
|
* ``[x]`` ``capabilities.rs`` — AlgorithmCapability, ProviderCapabilities
|
|
* ``[x]`` ``error.rs`` — CryptoError enum
|
|
* ``[x]`` ``types.rs`` — KemKeyPair, SelfTestReport, BenchmarkReport,
|
|
AlgoTestResult
|
|
* ``[x]`` ``provider.rs`` — AeadProvider, KdfProvider, MacProvider,
|
|
HashProvider, KemProvider traits; CryptoProvider umbrella trait
|
|
* ``[x]`` ``registry.rs`` — ProviderRegistry (OnceLock<Mutex<...>>),
|
|
register(), get(), list()
|
|
* ``[x]`` ``lib.rs`` — re-exports all public items
|
|
* ``[x]`` Unit tests for registry (5 passing)
|
|
|
|
----
|
|
|
|
Step 3 — wolfSSL Submodule + ``ccc-crypto-wolfssl``
|
|
-----------------------------------------------------
|
|
|
|
* ``[x]`` ``git submodule add`` wolfSSL → ``vendors/wolfssl``
|
|
* ``[x]`` Pin submodule to ``v5.7.2-stable``
|
|
* ``[x]`` Document pin in ``vendors/README.md``
|
|
* ``[x]`` Create ``crates/ccc-crypto-wolfssl/Cargo.toml``
|
|
* ``[x]`` ``build.rs`` — cmake build + bindgen; stub_ffi feature bypasses C build
|
|
* ``[x]`` ``aead.rs`` — AES-256-GCM implementation
|
|
|
|
* ``[x]`` encrypt_aead (AES-256-GCM)
|
|
* ``[x]`` decrypt_aead (AES-256-GCM)
|
|
* ``[x]`` encrypt_aead (ChaCha20-Poly1305)
|
|
* ``[x]`` decrypt_aead (ChaCha20-Poly1305)
|
|
* ``[x]`` encrypt_aead (XChaCha20-Poly1305 via HChaCha20)
|
|
* ``[x]`` decrypt_aead (XChaCha20-Poly1305)
|
|
|
|
* ``[x]`` ``kdf.rs`` — KDF implementations
|
|
|
|
* ``[x]`` HKDF-SHA256
|
|
* ``[x]`` HKDF-SHA384
|
|
* ``[x]`` HKDF-SHA512
|
|
* ``[x]`` Argon2id (64 MB / 3 iter / 4 threads — matches DEFAULT_CIPHER_PARAMS)
|
|
* ``[x]`` BLAKE2b-512 KDF
|
|
|
|
* ``[x]`` ``mac.rs`` — MAC implementations
|
|
|
|
* ``[x]`` HMAC-SHA256
|
|
* ``[x]`` HMAC-SHA384
|
|
* ``[x]`` HMAC-SHA512
|
|
* ``[x]`` BLAKE2b-MAC (keyed)
|
|
* ``[x]`` Constant-time verify
|
|
|
|
* ``[x]`` ``hash.rs`` — Hash implementations
|
|
|
|
* ``[x]`` SHA-256 / SHA-384 / SHA-512
|
|
* ``[x]`` SHA3-256 / SHA3-512
|
|
* ``[x]`` BLAKE2b-512
|
|
|
|
* ``[x]`` ``kem.rs`` — KEM implementations
|
|
|
|
* ``[x]`` X25519 (keygen + DH encap/decap)
|
|
* ``[x]`` X448 (keygen + DH encap/decap)
|
|
* ``[ ]`` ML-KEM-768 (deferred to Phase 5)
|
|
* ``[ ]`` ML-KEM-1024 (deferred to Phase 5)
|
|
* ``[ ]`` Classic McEliece (deferred to Phase 5)
|
|
|
|
* ``[x]`` ``capabilities.rs`` — probe-at-startup per algorithm
|
|
* ``[x]`` ``capabilities.rs`` — benchmark() throughput micro-bench
|
|
* ``[x]`` ``provider.rs`` — WolfSslProvider: CryptoProvider impl
|
|
* ``[x]`` ``provider.rs`` — self_test() with embedded NIST vectors (AES-256-GCM, ChaCha20-Poly1305)
|
|
* ``[x]`` Register WolfSslProvider in ProviderRegistry via init()
|
|
* ``[x]`` Full native build verified (cmake builds clean, all conformance tests pass)
|
|
|
|
----
|
|
|
|
Step 4 — Conformance Test Suite
|
|
---------------------------------
|
|
|
|
* ``[x]`` NIST AES-256-GCM vectors (2 vectors)
|
|
* ``[x]`` RFC 8439 ChaCha20-Poly1305 vectors
|
|
* ``[x]`` RFC 5869 HKDF-SHA256 vectors (2 vectors)
|
|
* ``[x]`` RFC 4231 HMAC-SHA256 vectors (2 vectors)
|
|
* ``[x]`` FIPS hash vectors (SHA-256/512, SHA3-256, BLAKE2b-512)
|
|
* ``[ ]`` RFC 7748 X25519 DH test vectors
|
|
* ``[ ]`` RFC 7748 X448 DH test vectors
|
|
* ``[ ]`` XChaCha20-Poly1305 extended-nonce vectors
|
|
* ``[x]`` ``cargo run -p ccc-conformance-tests`` passes (all current vectors)
|
|
|
|
----
|
|
|
|
Step 5 — Architecture Documentation
|
|
--------------------------------------
|
|
|
|
* ``[ ]`` Create ``docs/phase4_rust_architecture.rst``
|
|
* ``[ ]`` Crate dependency graph (ASCII diagram)
|
|
* ``[ ]`` "How to add a new provider" — 7-step trait checklist
|
|
* ``[ ]`` ``algo: u32`` → cipher constant mapping table
|
|
* ``[ ]`` Milestone 2 hand-off contract documented
|
|
|
|
----
|
|
|
|
Milestone 1 Verification Gate
|
|
------------------------------
|
|
|
|
*All items must be checked before the* ``v0.1.0`` *tag is cut.*
|
|
|
|
* ``[x]`` ``cargo test --workspace`` — all pass
|
|
* ``[x]`` ``cargo run -p ccc-conformance-tests`` — ALL VECTORS PASSED
|
|
* ``[ ]`` ``cargo build --target aarch64-apple-ios`` — success
|
|
* ``[ ]`` ``cargo build --target aarch64-linux-android`` — success
|
|
* ``[ ]`` No ``flutter_rust_bridge`` / Dart / Flutter dependency in workspace
|
|
* ``[ ]`` ``cargo audit`` — no known CVEs
|
|
|
|
----
|
|
|
|
============================================================
|
|
Milestone 2 — ``ccc_cryptography`` Flutter Plugin
|
|
===========================================================
|
|
|
|
*(Not started — begins after Milestone 1 gate passes)*
|
|
|
|
Step 1 — New Repository Setup
|
|
-------------------------------
|
|
|
|
* ``[ ]`` Create ``ccc_cryptography`` repository
|
|
* ``[]`` Flutter plugin scaffold (``pubspec.yaml``, ``ios/``, ``android/``, ``macos/``)
|
|
* ``[ ]`` Rust bridge crate with ``crate-type = ["cdylib", "staticlib"]``
|
|
* ``[ ]`` Add ``flutter_rust_bridge = "2"`` dependency
|
|
* ``[ ]`` Reference ``ccc_rust`` via git tag ``v0.1.0``
|
|
|
|
----
|
|
|
|
Step 2 — Bridge Crate
|
|
----------------------
|
|
|
|
* ``[ ]`` ``dto.rs`` — CapabilitiesDto, KemKeyPairDto, KemEncapDto,
|
|
SelfTestDto, AlgoTestResultDto; From<core types> impls
|
|
* ``[ ]`` ``bridge.rs`` — ccc_init()
|
|
* ``[ ]`` ``bridge.rs`` — ccc_list_providers()
|
|
* ``[ ]`` ``bridge.rs`` — ccc_capabilities() / ccc_available_algorithms()
|
|
* ``[ ]`` ``bridge.rs`` — ccc_aead_encrypt() / ccc_aead_decrypt()
|
|
* ``[ ]`` ``bridge.rs`` — ccc_kdf_derive()
|
|
* ``[ ]`` ``bridge.rs`` — ccc_mac_compute() / ccc_mac_verify()
|
|
* ``[ ]`` ``bridge.rs`` — ccc_hash()
|
|
* ``[ ]`` ``bridge.rs`` — ccc_kem_generate_keypair()
|
|
* ``[ ]`` ``bridge.rs`` — ccc_kem_encapsulate() / ccc_kem_decapsulate()
|
|
* ``[ ]`` ``bridge.rs`` — ccc_self_test()
|
|
|
|
----
|
|
|
|
Step 3 — Codegen + Plugin Build
|
|
---------------------------------
|
|
|
|
* ``[ ]`` Run ``flutter_rust_bridge_codegen generate``
|
|
* ``[ ]`` Verify generated Dart bindings compile
|
|
* ``[ ]`` ``flutter build ios`` succeeds (static lib linked)
|
|
* ``[ ]`` ``flutter build apk`` succeeds (cdylib linked)
|
|
* ``[ ]`` ``flutter build macos`` succeeds
|
|
|
|
----
|
|
|
|
Step 4 — Dart API Layer
|
|
------------------------
|
|
|
|
* ``[ ]`` ``CccCrypto`` class (wraps all bridge calls)
|
|
* ``[ ]`` ``CccSelfTest`` class (wraps ccc_self_test())
|
|
* ``[ ]`` ``CccProviderCatalog`` (runtime-populated from ccc_capabilities())
|
|
|
|
----
|
|
|
|
Step 5 — Flutter Integration Tests
|
|
------------------------------------
|
|
|
|
* ``[ ]`` Roundtrip encrypt/decrypt 1 KB (AES-256-GCM)
|
|
* ``[ ]`` Roundtrip encrypt/decrypt 1 KB (ChaCha20-Poly1305)
|
|
* ``[ ]`` ``CccSelfTest.runAll()`` — all-pass
|
|
|
|
----
|
|
|
|
Milestone 2 Verification Gate
|
|
------------------------------
|
|
|
|
* ``[ ]`` All Flutter integration tests pass on iOS simulator
|
|
* ``[ ]`` All Flutter integration tests pass on Android emulator
|
|
* ``[ ]`` Package published / tagged ``v0.1.0``
|
|
|
|
----
|
|
|
|
============================================================
|
|
Milestone 3 — LetUsMsg App Integration
|
|
============================================================
|
|
|
|
*(Not started — begins after Milestone 2 gate passes)*
|
|
|
|
* ``[ ]`` Add ``ccc_cryptography`` to ``letusmsg`` `pubspec.yaml``
|
|
* ``[ ]`` Wire ``crypto_wolfssl.dart`` encrypt/decrypt → bridge calls
|
|
* ``[ ]`` Call ``CccCrypto.cccInit()`` at app startup
|
|
* ``[ ]`` Populate ``CccProviderCatalog`` from runtime capabilities
|
|
* ``[ ]`` Expose ``CccSelfTest.runAll()`` in app debug screen
|
|
* ``[ ]`` End-to-end integration test (send + receive encrypted message)
|
|
|
|
----
|
|
|
|
Phase 8 — Stretch Goal Providers (Future)
|
|
------------------------------------------
|
|
|
|
*(Out of scope for Phase 4. Tracked here for future scheduling.)*
|
|
|
|
* ``[ ]`` libsodium (``sodiumoxide`` / ``safe_libsodium``)
|
|
* ``[ ]`` OpenSSL (``openssl`` crate)
|
|
* ``[ ]`` BoringSSL (``boring`` crate)
|
|
* ``[ ]`` RustCrypto (pure-Rust, no native dep)
|
|
* ``[ ]`` liboqs — ML-KEM, BIKE, HQC, Falcon, Dilithium, SPHINCS+
|
|
* ``[ ]`` Signal ``libsignal``
|
|
* ``[ ]`` Botan
|
|
* ``[ ]`` mbedTLS
|
|
* ``[ ]`` Nettle
|