LibSodium / LazySodium Problems
Closed this issue ยท 7 comments
Hi,
I've found two problems with your implementation:
First one is, if I want to instantiate a paseto.v2.builder I can't give it my own version of libsodium, despite the interface being available. This one is debatable, would be nice due to the second problem.
Second one, at the moment lazysodium-java has a small implementation bug concerning the loading of libsodium.dll in windows (maybe also linux?). See Issue terl/lazysodium-java#41
I'm not experienced in gradle, but as far as I understand these scripts version 2.5.0 of libsodium get's pulled into this project. So it would be nice, if you could update the project to use a version >3.5.2 (3.5.2 still contains the aforementioned bug) of lazysodium.
At the moment of writing there's not a new version released, so this issue serves as a reminder.
Thx and keep up the good work!
I'll look into updating to the newest version (3.5.2). Provided there's no major changes it should be quite simple.
For overriding, are you wanting to provide a custom instance of LazySodium? Or use another libsodium provider?
My LibSodiumV2CryptoProvider has a constructor which takes a LazySodium instance, you should be able to create a new instance of this class and provide it to the V2 builder.
Something like:
LazySodium customSodium;
LibSodiumV2CryptoProvider sodiumProvider = new LibSodiumV2CryptoProvider(customSodium);
PasetoV2 paseto = new PasetoV2.Builder(new Jvm8Base64Provider(),
new JacksonJsonProvider(), sodiumProvider).build();
You just loose the convenience methods under PasetoBuilders, which just select these defaults for you.
If you want to use a different java project to provide libsodium, that should also be possible by extending V2CryptoProvider. Take a look at the LazySodium one linked above. It's pretty simple as it just forwards the calls into LazySodium.
@atholbro version 3.5.2 still has the bug! I've submitted a pull request but it isn't merged into lazysodium. Should hopefully be done in the next days.
That's what I meant, that your Provider has a constructor but it isn't exposed to the outside. would be nice if it would be easy usable. I tried changing the PasetoBuilders to be able to just pass the libsodium as an optional argument during the build process. Complicates some stuff, because now the builder has a direct dependency.
But ultimately this is a design decision up to you.
I've updated the LazySodium to 3.5.2. There was a small change made inside LazySodium which required a tiny change in Paseto. I understand that the bug you're seeing is still in 3.5.2, but now Paseto should support the upcoming version without any further changes beyond just updating the build.gradle file.
Which constructor are you not able to access?
This works for me:
import com.goterl.lazycode.lazysodium.LazySodiumJava;
import com.goterl.lazycode.lazysodium.SodiumJava;
import net.aholbrook.paseto.PasetoV2;
import net.aholbrook.paseto.base64.jvm8.Jvm8Base64Provider;
import net.aholbrook.paseto.crypto.KeyPair;
import net.aholbrook.paseto.crypto.v2.libsodium.LibSodiumV2CryptoProvider;
import net.aholbrook.paseto.encoding.json.jackson.JacksonJsonProvider;
class Scratch {
public static void main(String[] args) {
LazySodium lazySodium = new LazySodiumJava(new SodiumJava());
LibSodiumV2CryptoProvider v2CryptoProvider = new LibSodiumV2CryptoProvider(lazySodium);
PasetoV2 paseto = new PasetoV2.Builder(new Jvm8Base64Provider(), new JacksonJsonProvider(),
v2CryptoProvider).build();
KeyPair keyPair = paseto.generateKeyPair();
System.out.println(paseto.encrypt("test", keyPair.getSecretKey()));
}
}```
Updated the lazysodium library to include your fix @vogt31337. Please upgrade to 3.6.0 ๐
@atholbro fix is now online. And I'll try your example, as soon as you've updated.
Thanks for the example and your work :) ๐
(Please close the issue when done)
Deploying 0.4.2 which uses LazySodium 3.6.0 now!
If you're using the Hex decoder from 0.3.0, it's been removed. Just use the Hex decoder from Apache Commons Codec.
works ๐