Missing libsodiumjni APIs (Android)

[kozw]

IMPORTANT NOTE I'm currently porting flutter_sodium to FFI. The goal is to achieve 100% API coverage with FFI. The platform channel implementation is still maintained, but there are no plans to fix the missing APIs.

Several APIs are not available on Android. This is the complete list of libsodiumjni APIs that are missing or malfunctioning:

• [x] crypto_aead_chacha20poly1305_encrypt_detached
• [x] crypto_aead_chacha20poly1305_decrypt_detached
• [x] crypto_aead_chacha20poly1305_keygen
• [x] crypto_aead_chacha20poly1305_ietf_encrypt_detached
• [x] crypto_aead_chacha20poly1305_ietf_decrypt_detached
• [x] crypto_aead_chacha20poly1305_ietf_keygen
• [x] crypto_aead_xchacha20poly1305_ietf_encrypt
• [x] crypto_aead_xchacha20poly1305_ietf_decrypt
• [x] crypto_aead_xchacha20poly1305_ietf_encrypt_detached
• [x] crypto_aead_xchacha20poly1305_ietf_decrypt_detached
• [x] crypto_aead_xchacha20poly1305_ietf_keygen
• [ ] crypto_auth_keygen (randombytes_buf fallback)
• [ ] crypto_generichash_keygen (randombytes_buf fallback)
• [x] crypto_kdf_keygen
• [x] crypto_kdf_derive_from_key
• [ ] crypto_onetimeauth_keygen (randombytes_buf fallback)
• [ ] crypto_pwhash_str_needs_rehash
• [ ] crypto_secretbox_keygen (randombytes_buf fallback)
• [ ] crypto_shorthash_keygen (randombytes_buf fallback)
• [ ] crypto_sign_init
• [ ] crypto_sign_update
• [ ] crypto_sign_final_create
• [ ] crypto_sign_final_verify
• [ ] randombytes_buf_deterministic
• [ ] sodium_version_string (this one is available but throws)

[jeprojects]

I tested the sodium_version_string method, it returns a byte[] and not a string.

This worked for me:

    public void Version() {
        Sodium sodium= NaCl.sodium();

        byte[] version = Sodium.sodium_version_string();

        version.toString();

        System.out.print(version);
    }

[jeprojects]

Added to following methods in a pull request: https://github.com/joshjdevl/libsodium-jni/pull/115

crypto_aead_chacha20poly1305_encrypt_detached 
crypto_aead_chacha20poly1305_decrypt_detached
crypto_aead_chacha20poly1305_keygen
crypto_aead_chacha20poly1305_ietf_encrypt_detached
crypto_aead_chacha20poly1305_ietf_decrypt_detached
crypto_aead_chacha20poly1305_ietf_keygen
crypto_aead_xchacha20poly1305_ietf_encrypt
crypto_aead_xchacha20poly1305_ietf_decrypt
crypto_aead_xchacha20poly1305_ietf_encrypt_detached
crypto_aead_xchacha20poly1305_ietf_decrypt_detached
crypto_aead_xchacha20poly1305_ietf_keygen

crypto_aead_chacha20poly1305_ietf_encrypt already exists

[kozw]

I've tried using sodium_version_string with a byte[], but whatever I do, it always results in the following error (both in emulator and on physical device).

JNI DETECTED ERROR IN APPLICATION: attempt to return an instance of java.lang.String from byte[] org.libsodium.jni.SodiumJNI.sodium_version_string()
...
F/zygote  (26780): java_vm_ext.cc:523]   at org.libsodium.jni.SodiumJNI.sodium_version_string(Native method)
F/zygote  (26780): java_vm_ext.cc:523]   at org.libsodium.jni.Sodium.sodium_version_string(Sodium.java:17)
F/zygote  (26780): java_vm_ext.cc:523]   at com.firstfloorsoftware.fluttersodium.FlutterSodiumPlugin.sodium_version_string(FlutterSodiumPlugin.java:1027)
...

The stacktrace suggests an issue in SodiumJNI. How did you manage to get this working?

[kozw]

I've removed crypto_aead_chacha20poly1305_ietf_encrypt from the list. Thank you.

[jeprojects]

Yes your right.. When trying sodium_version_string on a device/emulation it explodes with that error.

I tested using libsodium-jni directly in java and not on an android device.

Added the issue here: https://github.com/joshjdevl/libsodium-jni/issues/117

[jeprojects]

Looks like my pull request was approved: joshjdevl/libsodium-jni#115

Feel free to update your libsodium-jni version from their git master and add the missing crypto_aead* and crypto_box_curve25519xchacha20poly1305 methods for android :)

[kozw]

Very cool. Working on it

[kozw]

Full cryptoaead* support is now available in flutter_sodium 0.0.7

[ralkan]

Looks very promising! When could we expect secretbox to be implemented?

[jeprojects]

@ralkan SecretBox has already been implemented. There is just the one method crypto_secretbox_keygen that is currently using the randombytes_buf fallback.

[kozw]

Correct, secretbox functions are available in both the core API (Sodium.cryptoSecretbox*) and the high-level API in the class SecretBox.

[ralkan]

@jeprojects Cool, this is great! Thanks.

[rashedmyt]

is the list up-to-date.. I was wondering if the crypto_sign_* methods are working as expected on both android and ios..

[kozw]

The list is up-to-date, crypto_sign_* only works on iOS. I'm looking into alternative Android bindings, in order to bring Android support in line with iOS.

[rashedmyt]

@kozw did you have a look at Google's tink library.. they support android with Java.. and support for iOS with obj-c will be in future according to the roadmap..

[MathiasDeWeerdt]

crypto_sign_ed25519_sk_to_curve25519 seems to be implemented but crypto_sign_ed25519_pk_to_curve25519 is not?

[kozw]

This issue is now obsolete with the current FFI implementation.