Skip to content

[mob] Add crypto abstraction layer (ente_crypto_api) #8628

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ua741 merged 9 commits into from
Jan 13, 2026
Merged

[mob] Add crypto abstraction layer (ente_crypto_api) #8628

ua741 merged 9 commits into from
Jan 13, 2026

Conversation

@neeraj-pilot
Copy link
Contributor

@neeraj-pilot neeraj-pilot commented Jan 6, 2026

Summary

Introduce a crypto abstraction layer to allow swapping implementations without changing consumer code. This enables future support for different crypto backends (Rust FFI, platform plugins, etc).

Changes

  • Add ente_crypto_api package with CryptoApi interface and CryptoUtil façade
  • Add ente_crypto_dart_adapter wrapping existing ente_crypto_dart
  • Update all packages/apps to use the new abstraction
  • Register adapter at app startup before any crypto operations

Architecture

┌─────────────────────────────────────────────────────────────────────────────────────┐
│                                    APPLICATIONS                                      │
├─────────────────────┬─────────────────────┬─────────────────────────────────────────┤
│     apps/auth       │    apps/locker      │              apps/photos                │
│                     │                     │                                         │
│  main.dart:         │  main.dart:         │  main.dart:                             │
│  registerCryptoApi( │  registerCryptoApi( │  registerCryptoApi(                     │
│    EnteCryptoDart   │    EnteCryptoDart   │    EntePhotosPluginAdapter() // future  │
│    Adapter()        │    Adapter()        │  )                                      │
│  )                  │  )                  │                                         │
└─────────┬───────────┴─────────┬───────────┴──────────────────┬──────────────────────┘
          │                     │                              │
          │ depends on          │ depends on                   │ depends on
          ▼                     ▼                              ▼
┌─────────────────────────────────────────────────────────────────────────────────────┐
│                              ADAPTER LAYER                                           │
├────────────────────────────────┬────────────────────────────┬───────────────────────┤
│  ente_crypto_dart_adapter      │  ente_crypto_rust_adapter  │ ente_photos_plugin    │
│  (CURRENT)                     │  (FUTURE)                  │ _adapter (FUTURE)     │
│                                │                            │                       │
│  class EnteCryptoDartAdapter   │  class EnteCryptoRust      │ class EntePhotos      │
│    implements CryptoApi {      │    Adapter                 │   PluginAdapter       │
│    ...                         │    implements CryptoApi {  │   implements CryptoApi│
│  }                             │    // FFI to Rust          │ {                     │
│                                │  }                         │   // calls plugin     │
│         │                      │         │                  │ }                     │
│         │ wraps                │         │ wraps            │         │ wraps       │
│         ▼                      │         ▼                  │         ▼             │
│  ┌──────────────────┐          │  ┌──────────────────┐      │  ┌──────────────────┐ │
│  │ ente_crypto_dart │          │  │ ente_crypto_rs   │      │  │ photos/plugins/  │ │
│  │ (git dependency) │          │  │ (native lib)     │      │  │ crypto           │ │
│  └──────────────────┘          │  └──────────────────┘      │  └──────────────────┘ │
└────────────────────────────────┴────────────────────────────┴───────────────────────┘
          │                                │                              │
          │ implements                     │ implements                   │ implements
          └────────────────────────────────┼──────────────────────────────┘
                                           ▼
┌─────────────────────────────────────────────────────────────────────────────────────┐
│                              API LAYER (INTERFACE)                                   │
│                                                                                      │
│                               ente_crypto_api                                        │
│  ┌────────────────────────────────────────────────────────────────────────────────┐ │
│  │  abstract class CryptoApi { ... }                                              │ │
│  │  void registerCryptoApi(CryptoApi impl);   ◄── called once at app startup      │ │
│  │  class CryptoUtil { ... }                  ◄── static façade for consumers     │ │
│  └────────────────────────────────────────────────────────────────────────────────┘ │
│                                                                                      │
│  Models: EncryptionResult, FileEncryptResult, DerivedKeyResult, CryptoKeyPair        │
└─────────────────────────────────────────────────────────────────────────────────────┘
                                           ▲
                                           │ depends on (interface only)
                                           │
┌─────────────────────────────────────────────────────────────────────────────────────┐
│                              SHARED PACKAGES                                         │
│  accounts, configuration, lock_screen, sharing, legacy                               │
│  (import ente_crypto_api, call CryptoUtil.*, no knowledge of adapter)               │
└─────────────────────────────────────────────────────────────────────────────────────┘

Adding a New Adapter

To add a new adapter (e.g., Rust FFI):

  1. Create package implementing CryptoApi
  2. Change app's main.dart to register the new adapter
  3. No changes needed in shared packages

@ua741 ua741 requested review from AmanRajSinghMourya, prateekmedia and vishnukvmd and removed request for vishnukvmd January 6, 2026 09:47
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Jan 6, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fefd6306df

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

mobile/packages/lock_screen/lib/ui/lock_screen_pin.dart
import "dart:io";

import "package:ente_crypto_dart/ente_crypto_dart.dart";
import "package:ente_crypto_api/ente_crypto_api.dart";
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Replace cryptoPwHash/sodium usage after API switch

After switching this file to ente_crypto_api, it still calls the old top-level cryptoPwHash and sodium symbols inside confirmPinAuth. Those symbols are not exported by the new package, so the lock_screen package will fail to compile with undefined identifiers unless the call is migrated to CryptoUtil.cryptoPwHash and the CryptoUtil.pwhash* getters.

Useful? React with 👍 / 👎.

mobile/apps/locker/lib/services/files/upload/file_upload_service.dart
import 'package:dio/dio.dart';
import 'package:ente_accounts/services/user_service.dart';
import 'package:ente_crypto_dart/ente_crypto_dart.dart';
import 'package:ente_crypto_api/ente_crypto_api.dart';
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Rename encryptFileWithMD5 call to new API

This file now imports ente_crypto_api, but later invokes CryptoUtil.encryptFileWithMD5. The new API only exposes encryptFileWithMd5, so the locker app will not compile after this change; rename the call (or add a compatibility wrapper) to keep uploads building.

Useful? React with 👍 / 👎.

@ua741
[mob] Add crypto abstraction layer (ente_crypto_api)
656152f 
Introduce a crypto abstraction to allow swapping implementations without
changing consumer code. This enables future support for different crypto
backends (Rust FFI, platform plugins, etc).

- Add ente_crypto_api package with CryptoApi interface and CryptoUtil façade
- Add ente_crypto_dart_adapter wrapping existing ente_crypto_dart
- Update all packages/apps to use the new abstraction
- Register adapter at app startup before any crypto operations
@AmanRajSinghMourya
Copy link
Contributor

AmanRajSinghMourya commented Jan 7, 2026

Found a couple of issues that need fixing:

1. mobile/apps/locker/lib/services/files/upload/file_upload_service.dart:340
Method name mismatch - encryptFileWithMD5 should be encryptFileWithMd5 (lowercase 'd5')

2. mobile/packages/ente_crypto_api/lib/src/crypto_api.dart

  • Line 4: Unused import package:meta/meta.dart - remove it
  • Line 6: Unused import errors.dart - remove it
  • Lines 7-9: Use package:ente_crypto_api/... imports instead of relative imports

@ua741 ua741 marked this pull request as draft January 7, 2026 12:03
@ua741 ua741 marked this pull request as ready for review January 12, 2026 10:39
@ua741 ua741 enabled auto-merge January 12, 2026 10:39
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Jan 12, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d5ea90862b

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

mobile/packages/ente_crypto_dart_adapter/lib/ente_crypto_dart_adapter.dart Outdated
Comment on lines 6 to 9
import 'package:ente_crypto_dart/src/models/derived_key_result.dart'
as dart_models;
import 'package:ente_crypto_dart/src/models/encryption_result.dart'
as dart_models;
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Use distinct prefixes for dart_models imports

Dart does not allow the same import prefix to be assigned to multiple libraries. Here both derived_key_result.dart and encryption_result.dart are imported as dart_models, which triggers a compile-time error (“prefix 'dart_models' is already defined”). As a result, any app depending on ente_crypto_dart_adapter (e.g., auth/locker) will fail to build. Rename one prefix or drop the unused import.

Useful? React with 👍 / 👎.

auto-merge was automatically disabled January 13, 2026 05:12

Head branch was pushed to by a user without write access

@ua741 ua741 merged commit f8f2e5a into ente-io:main Jan 13, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@AmanRajSinghMourya AmanRajSinghMourya AmanRajSinghMourya approved these changes

@vishnukvmd vishnukvmd Awaiting requested review from vishnukvmd

@prateekmedia prateekmedia Awaiting requested review from prateekmedia

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@neeraj-pilot @AmanRajSinghMourya @ua741