search

WebOfTrustInfo / ld-signatures-java

Java implementation of Linked Data Signatures
Apache License 2.0
17 stars 15 forks source link

Crashing during JsonLD signing on Android #19

Open kenneth-leong-gt opened 1 year ago

kenneth-leong-gt commented 1 year ago

Is this library able to be used in an Android device? I am getting exception for the instantiation of com.danubetech.keyformats.crypto.provider.impl.NaClSodiumEd25519Provider when running in Android.

Full stack trace below

java.util.ServiceConfigurationError: com.danubetech.keyformats.crypto.provider.Ed25519Provider: Provider com.danubetech.keyformats.crypto.provider.impl.NaClSodiumEd25519Provider could not be instantiated
    at java.util.ServiceLoader.fail(ServiceLoader.java:233)
    at java.util.ServiceLoader.-$$Nest$smfail(Unknown Source:0)
    at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:392)
    at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:416)
    at java.util.ServiceLoader$1.next(ServiceLoader.java:494)
    at com.danubetech.keyformats.crypto.provider.Ed25519Provider.get(Ed25519Provider.java:27)
    at com.danubetech.keyformats.crypto.impl.Ed25519_EdDSA_PrivateKeySigner.sign(Ed25519_EdDSA_PrivateKeySigner.java:19)
    at com.danubetech.keyformats.crypto.ByteSigner.sign(ByteSigner.java:18)
    at info.weboftrust.ldsignatures.signer.Ed25519Signature2020LdSigner.sign(Ed25519Signature2020LdSigner.java:37)
    at info.weboftrust.ldsignatures.signer.Ed25519Signature2020LdSigner.sign(Ed25519Signature2020LdSigner.java:48)
    at info.weboftrust.ldsignatures.signer.LdSigner.sign(LdSigner.java:99)
    at info.weboftrust.ldsignatures.signer.LdSigner.sign(LdSigner.java:123)
    at com.example.FirstFragmentViewModel.webOfTrustSigner(FirstFragmentViewModel.kt:484)
    at com.example.FirstFragmentViewModel.access$webOfTrustSigner(FirstFragmentViewModel.kt:45)
    at com.example.FirstFragmentViewModel$createSignVP$1.invokeSuspend(FirstFragmentViewModel.kt:399)
    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
    at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
    at kotlinx.coroutines.internal.LimitedDispatcher.run(LimitedDispatcher.kt:42)
    at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:95)
    at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:570)
    at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750)
    at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:677)
    at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:664)
    Suppressed: kotlinx.coroutines.DiagnosticCoroutineContextException: [StandaloneCoroutine{Cancelling}@d91dd9a, Dispatchers.IO]
Caused by: java.lang.ExceptionInInitializerError
    at java.lang.Class.newInstance(Native Method)
    at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:388)
    ... 20 more
Caused by: java.lang.NullPointerException: Attempt to invoke virtual method 'java.lang.String java.net.URL.getFile()' on a null object reference
    at com.goterl.resourceloader.ResourceLoader.getFileFromFileSystem(ResourceLoader.java:234)
    at com.goterl.resourceloader.ResourceLoader.copyToTempDirectory(ResourceLoader.java:88)
    at com.goterl.resourceloader.SharedLibraryLoader.load(SharedLibraryLoader.java:53)
    at com.goterl.lazysodium.utils.LibraryLoader.loadBundledLibrary(LibraryLoader.java:134)
    at com.goterl.lazysodium.utils.LibraryLoader.loadLibrary(LibraryLoader.java:95)
    at com.goterl.lazysodium.SodiumJava.<init>(SodiumJava.java:34)
    at com.goterl.lazysodium.SodiumJava.<init>(SodiumJava.java:23)
    at com.danubetech.keyformats.crypto.provider.impl.NaClSodiumEd25519Provider.<clinit>(NaClSodiumEd25519Provider.java:15)
    ... 22 more
peacekeeper commented 1 year ago

Hello @kenneth-leong-gt thanks for your feedback. Could you please check issue https://github.com/danubetech/key-formats-java/issues/11 on the "key-formats-java" library to see if that solves the problem? If not, or if that other issue discussion isn't clear, please reply back here and we'll take another look to help!

kenneth-leong-gt commented 1 year ago

ok seems to be working using the tink povider now. Thank you very much.

But one comment on the api for Ed25519Signature2020LdSigner constructor.

 public Ed25519Signature2020LdSigner(byte[] privateKey) {

        this(new Ed25519_EdDSA_PrivateKeySigner(privateKey));
    }

It states that the param needed is the byte array for the private key, but actually it requires the private key byte array concat-ed with the public key byte array as internally its checking for 64 bytes for the byte array length. As shown in this check below.

@Override
    public byte[] sign(byte[] content, byte[] privateKey) throws GeneralSecurityException {

        if (privateKey.length != Ed25519Sign.SECRET_KEY_LEN + Ed25519Verify.PUBLIC_KEY_LEN) throw new GeneralSecurityException("Invalid private key length: " + privateKey.length); // <-------this check here

        byte[] privateKeyOnly = new byte[32];
        System.arraycopy(privateKey, 0, privateKeyOnly, 0, Ed25519Sign.SECRET_KEY_LEN);

        byte[] signatureValue = new Ed25519Sign(privateKeyOnly).sign(content);

        return signatureValue;
    }

So kinda confusing imo.

peacekeeper commented 1 year ago

It states that the param needed is the byte array for the private key, but actually it requires the private key byte array concat-ed with the public key byte array

I agree this is confusing, however we did this to mirror what libsodium has been doing, where in several places the public and private keys are used together. Not sure what's the reason for this.

See e.g. here:

I suppose the Tink approach is better, where the "private key" is really only the private key.

peacekeeper commented 1 year ago

I just added two commits which hopefully document the issues that were raised here a bit:

https://github.com/danubetech/key-formats-java/commit/433dd834589d6b34badcd534d00de8d8d41c34bc https://github.com/danubetech/key-formats-java/commit/06809721fe70d68470d9ec9652489007cb8ce52e

kenneth-leong-gt commented 1 year ago

thanks for the updates. btw are there any plans for something like ld-signatures-swift or anything for iOS?

peacekeeper commented 1 year ago

No sorry, at the moment we don't have plans to implement this in any other lanaguge...

peacekeeper commented 11 months ago

Can we close this issue?

kenneth-leong-gt commented 11 months ago

yes, thanks