Replace AES with libsodium abstractions

lib/core/configuration.dart

@@ -51,15 +51,14 @@ class Configuration {
     final kek = CryptoUtil.scrypt(utf8.encode(passphrase), kekSalt);
     final kekHashSalt = CryptoUtil.getSecureRandomBytes(length: 32);
     final kekHash = CryptoUtil.scrypt(kek, kekHashSalt);
-    final iv = CryptoUtil.getSecureRandomBytes(length: 16);
-    final encryptedKey = CryptoUtil.aesEncrypt(key, kek, iv);
+    final encryptedKeyData = await CryptoUtil.encrypt(key, key: kek);
     final attributes = KeyAttributes(
-        base64.encode(kekSalt),
-        base64.encode(kekHash),
-        base64.encode(kekHashSalt),
-        base64.encode(encryptedKey),
-        base64.encode(iv));
-    await setKey(base64.encode(key));
+        Sodium.bin2base64(kekSalt),
+        Sodium.bin2base64(kekHash),
+        Sodium.bin2base64(kekHashSalt),
+        encryptedKeyData.encryptedData.base64,
+        encryptedKeyData.nonce.base64);
+    await setKey(Sodium.bin2base64(key));
     await setKeyAttributes(attributes);
     return attributes;
   }
@@ -71,13 +70,15 @@ class Configuration {
     final calculatedKekHash =
         CryptoUtil.scrypt(kek, base64.decode(attributes.kekHashSalt));
     bool correctPassphrase =
-        base64.encode(calculatedKekHash) == attributes.kekHash;
+        Sodium.bin2base64(calculatedKekHash) == attributes.kekHash;
     if (!correctPassphrase) {
       throw Exception("Incorrect passphrase");
     }
-    final key = CryptoUtil.aesDecrypt(base64.decode(attributes.encryptedKey),
-        kek, base64.decode(attributes.encryptedKeyIV));
-    await setKey(base64.encode(key));
+    final key = await CryptoUtil.decrypt(
+        Sodium.base642bin(attributes.encryptedKey),
+        kek,
+        Sodium.base642bin(attributes.encryptedKeyIV));
+    await setKey(Sodium.bin2base64(key));
   }
 
   String getHttpEndpoint() {

lib/utils/crypto_util.dart

@@ -2,8 +2,6 @@ import 'dart:typed_data';
 
 import 'dart:io' as io;
 import 'package:computer/computer.dart';
-import 'package:encrypt/encrypt.dart';
-import 'package:encrypt/encrypt.dart' as e;
 import 'package:flutter_sodium/flutter_sodium.dart';
 import 'package:logging/logging.dart';
 
@@ -158,24 +156,4 @@ class CryptoUtil {
     return steel.PassCryptRaw.scrypt()
         .hash(salt: salt, plain: plainText, len: 32);
   }
-
-  static Uint8List aesEncrypt(
-      Uint8List plainText, Uint8List key, Uint8List iv) {
-    final encrypter = AES(e.Key(key), mode: AESMode.cbc);
-    return encrypter
-        .encrypt(
-          plainText,
-          iv: IV(iv),
-        )
-        .bytes;
-  }
-
-  static Uint8List aesDecrypt(
-      Uint8List cipherText, Uint8List key, Uint8List iv) {
-    final encrypter = AES(e.Key(key), mode: AESMode.cbc);
-    return encrypter.decrypt(
-      Encrypted(cipherText),
-      iv: IV(iv),
-    );
-  }
 }

pubspec.lock

@@ -162,13 +162,6 @@ packages:
       url: "https://pub.dartlang.org"
     source: hosted
     version: "0.0.4"
-  encrypt:
-    dependency: "direct main"
-    description:
-      name: encrypt
-      url: "https://pub.dartlang.org"
-    source: hosted
-    version: "4.0.2"
   esys_flutter_share:
     dependency: "direct main"
     description:
@@ -506,13 +499,6 @@ packages:
       url: "https://pub.dartlang.org"
     source: hosted
     version: "1.0.2"
-  pointycastle:
-    dependency: transitive
-    description:
-      name: pointycastle
-      url: "https://pub.dartlang.org"
-    source: hosted
-    version: "1.0.2"
   process:
     dependency: transitive
     description:

pubspec.yaml

@@ -22,7 +22,6 @@ dependencies:
 
   # The following adds the Cupertino Icons font to your application.
   # Use with the CupertinoIcons class for iOS style icons.
-  encrypt: ^4.0.2
   cupertino_icons: ^0.1.2
   photo_manager: ^0.5.8
   provider: ^3.1.0