V5.1.0

- Added support for HKDF (HMAC-based Key Derivation Function)
- Added support for X25519 operations, including ScalarMultBase and ScalarMult

Author: mrtnetwork

CHANGELOG.md

@@ -1,3 +1,8 @@
+## 5.1.0
+
+- Added support for HKDF (HMAC-based Key Derivation Function)
+- Added support for X25519 operations, including ScalarMultBase and ScalarMult
+
 ## 5.0.0
 
 - Ported the Bitcoin secp256k1 cryptographic library to Dart.

example/pubspec.lock

@@ -44,7 +44,7 @@ packages:
       path: ".."
       relative: true
     source: path
-    version: "4.3.0"
+    version: "5.1.0"
   boolean_selector:
     dependency: transitive
     description:
@@ -93,6 +93,14 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "3.0.5"
+  cryptography:
+    dependency: transitive
+    description:
+      name: cryptography
+      sha256: d146b76d33d94548cf035233fbc2f4338c1242fa119013bead807d033fc4ae05
+      url: "https://pub.dev"
+    source: hosted
+    version: "2.7.0"
   cupertino_icons:
     dependency: "direct main"
     description:
@@ -101,6 +109,14 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "1.0.8"
+  ffi:
+    dependency: transitive
+    description:
+      name: ffi
+      sha256: "289279317b4b16eb2bb7e271abccd4bf84ec9bdcbe999e278a94b804f5630418"
+      url: "https://pub.dev"
+    source: hosted
+    version: "2.1.4"
   file:
     dependency: transitive
     description:
@@ -166,10 +182,10 @@ packages:
     dependency: transitive
     description:
       name: js
-      sha256: c1b2e9b5ea78c45e1a0788d29606ba27dc5f71f019f32ca5140f61ef071838cf
+      sha256: f2c445dce49627136094980615a031419f7f3eb393237e4ecd97ac15dea343f3
       url: "https://pub.dev"
     source: hosted
-    version: "0.7.1"
+    version: "0.6.7"
   lints:
     dependency: transitive
     description:
@@ -456,4 +472,4 @@ packages:
     source: hosted
     version: "3.1.2"
 sdks:
-  dart: ">=3.7.0-0 <4.0.0"
+  dart: ">=3.7.0 <4.0.0"

lib/base64/base64.dart

@@ -0,0 +1,3 @@
+export 'converter/decoding.dart';
+export 'converter/encoding.dart';
+export 'exception/exception.dart';

lib/base64/converter/decoding.dart

@@ -0,0 +1,124 @@
+import 'package:blockchain_utils/base64/exception/exception.dart';
+import 'package:blockchain_utils/blockchain_utils.dart';
+
+class _Base64StreamDecoder {
+  static const _base64Table =
+      'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+  static final _base64DecodeTable = () {
+    final table = List<int>.filled(256, -1);
+    for (int i = 0; i < _base64Table.length; i++) {
+      table[_base64Table.codeUnitAt(i)] = i;
+    }
+    return table.immutable;
+  }();
+
+  static List<int> _decode(String encoded) {
+    final cleaned = encoded.replaceAll('=', '');
+    final output = <int>[];
+    int i = 0;
+
+    while (i + 4 <= cleaned.length) {
+      int chunk = (_base64DecodeTable[cleaned.codeUnitAt(i)] << 18) |
+          (_base64DecodeTable[cleaned.codeUnitAt(i + 1)] << 12) |
+          (_base64DecodeTable[cleaned.codeUnitAt(i + 2)] << 6) |
+          (_base64DecodeTable[cleaned.codeUnitAt(i + 3)]);
+      output.add((chunk >> 16) & 0xFF);
+      output.add((chunk >> 8) & 0xFF);
+      output.add(chunk & 0xFF);
+      i += 4;
+    }
+
+    int rem = cleaned.length - i;
+    if (rem == 2) {
+      int chunk = (_base64DecodeTable[cleaned.codeUnitAt(i)] << 18) |
+          (_base64DecodeTable[cleaned.codeUnitAt(i + 1)] << 12);
+      output.add((chunk >> 16) & 0xFF);
+    } else if (rem == 3) {
+      int chunk = (_base64DecodeTable[cleaned.codeUnitAt(i)] << 18) |
+          (_base64DecodeTable[cleaned.codeUnitAt(i + 1)] << 12) |
+          (_base64DecodeTable[cleaned.codeUnitAt(i + 2)] << 6);
+      output.add((chunk >> 16) & 0xFF);
+      output.add((chunk >> 8) & 0xFF);
+    }
+
+    return output;
+  }
+
+  final List<int> _output = [];
+  String _carry = '';
+
+  /// Adds Base64 string data to the decoder, buffering as needed.
+  /// Strips out newline and carriage return characters.
+  void add(String input) {
+    _carry += input.replaceAll('\n', '').replaceAll('\r', '');
+    while (_carry.length >= 4) {
+      final chunk = _carry.substring(0, 4);
+      _output.addAll(_decode(chunk));
+      _carry = _carry.substring(4);
+    }
+  }
+
+  /// Finalizes decoding by processing any remaining buffered data.
+  /// Returns the full decoded byte list.
+  List<int> finalize() {
+    if (_carry.isNotEmpty) {
+      _output.addAll(_decode(_carry.padRight(4, '=')));
+    }
+    return _output;
+  }
+
+  void clean() {
+    _output.clear();
+    _carry = '';
+  }
+}
+
+/// A utility class for decoding Base64-encoded strings with options
+/// for URL-safe variant handling and padding validation.
+class B64Decoder {
+  /// Decodes a Base64 [data] string into bytes.
+  ///
+  /// [validatePadding]: If true (default), requires input length to be a multiple of 4.
+  /// If false, padding '=' is added automatically to fix length.
+  ///
+  /// [urlSafe]: If true (default), treats input as URL-safe Base64, converting
+  /// '-' to '+' and '_' to '/' before decoding. If false, throws if URL-safe
+  /// characters are present.
+  ///
+  /// Throws [B64ConverterException] on invalid input or length.
+  static List<int> decode(String data,
+      {bool validatePadding = true, bool urlSafe = true}) {
+    if (validatePadding && data.length % 4 != 0) {
+      throw B64ConverterException("Invalid length, must be multiple of four");
+    } else if (!validatePadding) {
+      while (data.length % 4 != 0) {
+        data += '=';
+      }
+    }
+    if (urlSafe) {
+      data = data.replaceAll('-', '+').replaceAll('_', '/');
+    } else if (data.contains('-') || data.contains('_')) {
+      throw B64ConverterException(
+          'Invalid character in standard Base64 string: found URL-safe characters "-" or "_" but urlSafe is false.');
+    }
+    final encoder = _Base64StreamDecoder();
+    try {
+      encoder.add(data);
+      return encoder.finalize().clone();
+    } finally {
+      encoder.clean();
+    }
+  }
+
+  /// Tries to decode a Base64 string, returning null if decoding fails.
+  ///
+  /// Same parameters as [decode], but catches exceptions and returns null on error.
+  static List<int>? tryDecode(String data,
+      {bool validatePadding = true, bool urlSafe = true}) {
+    try {
+      return decode(data, urlSafe: urlSafe, validatePadding: validatePadding);
+    } catch (_) {
+      return null;
+    }
+  }
+}

lib/base64/converter/encoding.dart

@@ -0,0 +1,99 @@
+import 'package:blockchain_utils/blockchain_utils.dart';
+
+/// A Base64 encoder that supports streaming data in chunks.
+/// It accumulates bytes and encodes them in groups of 3,
+/// handling padding for incomplete final blocks.
+class _Base64StreamEncoder {
+  static const _base64Table =
+      'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+
+  static String _encode(List<int> bytes) {
+    final output = StringBuffer();
+    int i = 0;
+
+    while (i + 3 <= bytes.length) {
+      int chunk = (bytes[i] << 16) | (bytes[i + 1] << 8) | (bytes[i + 2]);
+      output.write(_base64Table[(chunk >> 18) & 0x3F]);
+      output.write(_base64Table[(chunk >> 12) & 0x3F]);
+      output.write(_base64Table[(chunk >> 6) & 0x3F]);
+      output.write(_base64Table[chunk & 0x3F]);
+      i += 3;
+    }
+
+    int remaining = bytes.length - i;
+    if (remaining == 1) {
+      int chunk = bytes[i] << 16;
+      output.write(_base64Table[(chunk >> 18) & 0x3F]);
+      output.write(_base64Table[(chunk >> 12) & 0x3F]);
+      output.write('=');
+      output.write('=');
+    } else if (remaining == 2) {
+      int chunk = (bytes[i] << 16) | (bytes[i + 1] << 8);
+      output.write(_base64Table[(chunk >> 18) & 0x3F]);
+      output.write(_base64Table[(chunk >> 12) & 0x3F]);
+      output.write(_base64Table[(chunk >> 6) & 0x3F]);
+      output.write('=');
+    }
+
+    return output.toString();
+  }
+
+  final StringBuffer _buffer = StringBuffer();
+  final List<int> _partial = [];
+
+  /// Adds bytes to the encoder buffer, encoding full 3-byte chunks immediately.
+  void add(List<int> bytes) {
+    _partial.addAll(bytes);
+    while (_partial.length >= 3) {
+      final chunk = _partial.sublist(0, 3);
+      _buffer.write(_encode(chunk));
+      _partial.removeRange(0, 3);
+    }
+  }
+
+  /// Finalizes the encoding, encoding any remaining bytes with padding.
+  /// Returns the full Base64 encoded string.
+  String finalize() {
+    if (_partial.isNotEmpty) {
+      _buffer.write(_encode(_partial));
+    }
+    return _buffer.toString();
+  }
+
+  /// Clears internal buffers to reset the encoder state.
+  void clean() {
+    _buffer.clear();
+    _partial.clear();
+  }
+}
+
+/// Utility class for encoding bytes into Base64 strings with options for
+/// URL-safe encoding and optional padding removal.
+class B64Encoder {
+  /// Encodes the given [data] bytes to a Base64 string.
+  ///
+  /// [noPadding]: If true, removes the '=' padding characters from the output.
+  /// Defaults to false (padding included).
+  ///
+  /// [urlSafe]: If true, uses URL-safe Base64 encoding by replacing '+' with '-'
+  /// and '/' with '_'. Defaults to false (standard Base64).
+  ///
+  /// Returns the Base64-encoded string.
+  static String encode(List<int> data,
+      {bool noPadding = false, bool urlSafe = false}) {
+    final encoder = _Base64StreamEncoder();
+    try {
+      encoder.add(data.asBytes);
+      String b64 = encoder.finalize();
+      if (urlSafe) {
+        b64 = b64.replaceAll('+', '-').replaceAll('/', '_');
+      }
+      if (noPadding) {
+        b64 = b64.replaceAll('=', '');
+      }
+      return b64;
+    } finally {
+      encoder.clean();
+    }
+  }
+}

lib/base64/exception/exception.dart

@@ -0,0 +1,5 @@
+import 'package:blockchain_utils/blockchain_utils.dart';
+
+class B64ConverterException extends BlockchainUtilsException {
+  const B64ConverterException(super.message, {super.details});
+}

lib/crypto/crypto/crypto.dart

@@ -65,3 +65,7 @@ export 'x_modem_crc/x_modem_crc.dart';
 
 export 'crc16/crc16.dart';
 export 'exception/exception.dart';
+
+export 'x25519/x25519.dart';
+export 'hkdf/hkdf.dart';
+export 'jwt/jwt.dart';

lib/crypto/crypto/hkdf/hkdf.dart

@@ -0,0 +1,69 @@
+import 'package:blockchain_utils/blockchain_utils.dart';
+
+/// A Dart implementation of the HKDF (HMAC-based Key Derivation Function) as defined in RFC 5869.
+/// This class supports both the extract and expand phases.
+class HKDF {
+  /// Pseudorandom key (output of HKDF-Extract if enabled)
+  final List<int> ork;
+
+  /// Internal HMAC instance used for HKDF-Expand
+  final HMAC _hmac;
+
+  /// Desired length of output keying material (OKM)
+  final int length;
+
+  /// Optional context/application-specific information
+  final List<int> info;
+  HKDF._(
+      {required List<int> ork,
+      required HMAC hmac,
+      List<int>? info,
+      required this.length})
+      : ork = ork.asImmutableBytes,
+        info = (info ?? []).asImmutableBytes,
+        _hmac = hmac;
+  factory HKDF(
+      {required List<int> ikm,
+      required HashFunc hash,
+      int length = 32,
+      List<int>? salt,
+      List<int>? info,
+      bool hkdfExtract = true}) {
+    final h = hash();
+    int iteration = (length / h.getDigestLength).ceil();
+    if (iteration > 255) {
+      throw CryptoException('Cannot expand to more than 255 blocks');
+    }
+    if (hkdfExtract) {
+      final ork = HMAC.hmac(hash, salt ?? List<int>.filled(32, 0), ikm);
+      return HKDF._(
+          ork: ork, info: info, hmac: HMAC(hash, ork), length: length);
+    }
+    return HKDF._(ork: ikm, hmac: HMAC(hash, ikm), info: info, length: length);
+  }
+  // HMAC-SHA256 helper
+  List<int> _hash(List<int> data) {
+    try {
+      return _hmac.update(data).digest();
+    } finally {
+      _hmac.reset();
+    }
+  }
+
+  /// Derives the final output keying material (OKM) using HKDF-Expand
+  List<int> derive({List<int> info = const []}) {
+    int iteration = (length / _hmac.getDigestLength).ceil();
+    List<int> okm = [];
+    List<int> previousBlock = [];
+    for (int i = 1; i <= iteration; i++) {
+      final data = <int>[];
+      data.addAll(previousBlock);
+      data.addAll([...this.info, ...info]);
+      data.add(i);
+      previousBlock = _hash(data);
+      okm.addAll(previousBlock);
+    }
+
+    return okm.sublist(0, length);
+  }
+}