Replace inactive libsodium-sys dependency

[JelleMillenaar]

Description

Libsodium-sys dependency is used by Stronghold-runtime for memcpy, memzero and randomByteArray type functionalities. It should be replaced with an easier-to-use crate that requires no external installations if possible and that is in active development.

Edit to add: mprotect and mlock is also used.

Motivation

The library has not been maintained for 2 years. It so happens to be really annoying to compile and work with as developers need to install Libsodium on the compiling device, while it provides little functionality.

Requirements

Write a list of what you want this feature to do.

1. Remove Libsodium-sys
2. Implement replacement
3. Breath a sign of relieve

Are you planning to do it yourself in a pull request?

Only if a particular crate of choice is recommended, but that is the majority of the work, so at that point you might as well make the PR ;)

[PhilippGackstatter]

I don't plan on doing this, but just to give some input on this. I think the constant time equality could be replaced with subtle, the zeroizing functionality with zeroize and iota-crypto could be used to provide cryptographically secure randomness. I would also question whether some of that functionality is even used anymore, there's a few #[allow(dead_code)] lints in there, that shouldn't be there. That would be the first thing to check.

[semenov-vladyslav]

Add mprotect and mlock to the list.

[kthecoder]

I am attempting to implement Stronghold bindings for Flutter. The cargo build keeps failing because of libsodium-sys.

How were you able to build for Android, Linux, Windows, etc ?

Nothing I do seems to make it work.

I have installed:

Android NDK, LLVM, Zig, Clang, build-essential, libsodium-dev, libsodium23, gcc-arm-linux-gnueabihf, libc6-armhf-cross, libc6-dev-armhf-cross, libstdc++-12-dev, gobjc++

The errors for Android are :

error: failed to run custom build command for `libsodium-sys v0.2.7`

Caused by:

  process didn't exit successfully: `/<path to Code>/target/release/build/libsodium-sys-11b166de2de8c9de/build-script-build` (exit status: 101)
  --- stdout
  cargo:rerun-if-env-changed=SODIUM_LIB_DIR
  cargo:rerun-if-env-changed=SODIUM_SHARED
  cargo:rerun-if-env-changed=SODIUM_USE_PKG_CONFIG
  cargo:rerun-if-env-changed=SODIUM_DISABLE_PIE
  OPT_LEVEL = Some("3")
  TARGET = Some("aarch64-linux-android")
  HOST = Some("x86_64-unknown-linux-gnu")
  cargo:rerun-if-env-changed=CC_aarch64-linux-android
  CC_aarch64-linux-android = Some("/<home>/Applications/android/ndk/23.1.7779620/toolchains/llvm/prebuilt/linux-x86_64/bin/clang")
  cargo:rerun-if-env-changed=CFLAGS_aarch64-linux-android
  CFLAGS_aarch64-linux-android = None
  cargo:rerun-if-env-changed=CFLAGS_aarch64_linux_android
  CFLAGS_aarch64_linux_android = None
  cargo:rerun-if-env-changed=TARGET_CFLAGS
  TARGET_CFLAGS = None
  cargo:rerun-if-env-changed=CFLAGS
  CFLAGS = None
  cargo:rerun-if-env-changed=CRATE_CC_NO_DEFAULTS
  CRATE_CC_NO_DEFAULTS = None
  DEBUG = Some("false")
  checking build system type... x86_64-pc-linux-gnu
  checking host system type... aarch64-unknown-linux-android
  checking for a BSD-compatible install... /usr/bin/install -c
  checking whether build environment is sane... yes
  checking for aarch64-linux-android-strip... no
  checking for strip... strip
  checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
  checking for gawk... gawk
  checking whether make sets $(MAKE)... yes
  checking whether make supports nested variables... yes
  checking whether UID '1000' is supported by ustar format... yes
  checking whether GID '1000' is supported by ustar format... yes
  checking how to create a ustar tar archive... gnutar
  checking whether make supports nested variables... (cached) yes
  checking whether to enable maintainer-specific portions of Makefiles... no
  checking whether make supports the include directive... yes (GNU style)
  checking for aarch64-linux-android-gcc... /<home>/Applications/android/ndk/23.1.7779620/toolchains/llvm/prebuilt/linux-x86_64/bin/clang
  checking whether the C compiler works... no

  --- stderr
  configure: error: in `/<path to Code>/target/aarch64-linux-android/release/build/libsodium-sys-15f3d8b1500fcbaa/out/source/libsodium':
  configure: error: C compiler cannot create executables
  See `config.log' for more details
  thread 'main' panicked at '
  Failed to configure libsodium using cd "/<path to Code>/target/aarch64-linux-android/release/build/libsodium-sys-15f3d8b1500fcbaa/out/source/libsodium" && CC="/<home>/Applications/android/ndk/23.1.7779620/toolchains/llvm/prebuilt/linux-x86_64/bin/clang" CFLAGS="-O3 -DANDROID -ffunction-sections -fdata-sections -fPIC --target=aarch64-linux-android -Wall -Wextra" "/<path to Code>/target/aarch64-linux-android/release/build/libsodium-sys-15f3d8b1500fcbaa/out/source/libsodium/configure" "--prefix=/<path to Code>/target/aarch64-linux-android/release/build/libsodium-sys-15f3d8b1500fcbaa/out/installed" "--libdir=/<path to Code>/target/aarch64-linux-android/release/build/libsodium-sys-15f3d8b1500fcbaa/out/installed/lib" "--host=aarch64-linux-android" "--enable-shared=no"
  CFLAGS=-O3 -DANDROID -ffunction-sections -fdata-sections -fPIC --target=aarch64-linux-android -Wall -Wextra
  CC=/<home>/Applications/android/ndk/23.1.7779620/toolchains/llvm/prebuilt/linux-x86_64/bin/clang
  ***********************************************************
  Possible missing dependencies.
  See https://github.com/sodiumoxide/sodiumoxide#cross-compiling
  ***********************************************************

  ', /<>/.cargo/registry/src/github.com-1ecc6299db9ec823/libsodium-sys-0.2.7/build.rs:257:9
  note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

The Errors for Windows/Linux are :

error: failed to run custom build command for `libsodium-sys v0.2.7`

Caused by:
  process didn't exit successfully: `/<path to code>/target/release/build/libsodium-sys-11b166de2de8c9de/build-script-build` (exit status: 101)
  --- stdout
  cargo:rerun-if-env-changed=SODIUM_LIB_DIR
  cargo:rerun-if-env-changed=SODIUM_SHARED
  cargo:rerun-if-env-changed=SODIUM_USE_PKG_CONFIG
  cargo:rerun-if-env-changed=SODIUM_DISABLE_PIE
  OPT_LEVEL = Some("3")
  TARGET = Some("x86_64-pc-windows-msvc")
  HOST = Some("x86_64-unknown-linux-gnu")
  cargo:rerun-if-env-changed=CC_x86_64-pc-windows-msvc
  CC_x86_64-pc-windows-msvc = None
  cargo:rerun-if-env-changed=CC_x86_64_pc_windows_msvc
  CC_x86_64_pc_windows_msvc = Some("clang-cl")
  cargo:rerun-if-env-changed=CFLAGS_x86_64-pc-windows-msvc
  CFLAGS_x86_64-pc-windows-msvc = None
  cargo:rerun-if-env-changed=CFLAGS_x86_64_pc_windows_msvc
  CFLAGS_x86_64_pc_windows_msvc = Some("--target=x86_64-pc-windows-msvc -Wno-unused-command-line-argument -fuse-ld=lld-link /imsvc/<home>/.cache/cargo-xwin/xwin/crt/include /imsvc/<home>/.cache/cargo-xwin/xwin/sdk/include/ucrt /imsvc/<home>/.cache/cargo-xwin/xwin/sdk/include/um /imsvc/<home>/.cache/cargo-xwin/xwin/sdk/include/shared  ")
  cargo:rerun-if-env-changed=CRATE_CC_NO_DEFAULTS
  CRATE_CC_NO_DEFAULTS = None
  CARGO_CFG_TARGET_FEATURE = Some("fxsr,sse,sse2")
  DEBUG = Some("false")
  checking build system type... x86_64-pc-linux-gnu
  checking host system type... 
  --- stderr
  Invalid configuration `x86_64-pc-windows-msvc': OS `msvc' not recognized
  configure: error: /bin/bash build-aux/config.sub x86_64-pc-windows-msvc failed
  thread 'main' panicked at '
  Failed to configure libsodium using cd "/<path to code>/target/x86_64-pc-windows-msvc/release/build/libsodium-sys-93f0dade3d3f4658/out/source/libsodium" && CC="clang-cl" CFLAGS="-nologo -MD -O2 -Brepro -m64 --target=x86_64-pc-windows-msvc -Wno-unused-command-line-argument -fuse-ld=lld-link /imsvc/<home>/.cache/cargo-xwin/xwin/crt/include /imsvc/<home>/.cache/cargo-xwin/xwin/sdk/include/ucrt /imsvc/<home>/.cache/cargo-xwin/xwin/sdk/include/um /imsvc/<home>/.cache/cargo-xwin/xwin/sdk/include/shared" "/<path to code>/target/x86_64-pc-windows-msvc/release/build/libsodium-sys-93f0dade3d3f4658/out/source/libsodium/configure" "--prefix=/<path to code>/target/x86_64-pc-windows-msvc/release/build/libsodium-sys-93f0dade3d3f4658/out/installed" "--libdir=/<path to code>/target/x86_64-pc-windows-msvc/release/build/libsodium-sys-93f0dade3d3f4658/out/installed/lib" "--host=x86_64-pc-windows-msvc" "--enable-shared=no"
  CFLAGS=-nologo -MD -O2 -Brepro -m64 --target=x86_64-pc-windows-msvc -Wno-unused-command-line-argument -fuse-ld=lld-link /imsvc/<home>/.cache/cargo-xwin/xwin/crt/include /imsvc/<home>/.cache/cargo-xwin/xwin/sdk/include/ucrt /imsvc/<home>/.cache/cargo-xwin/xwin/sdk/include/um /imsvc/<home>/.cache/cargo-xwin/xwin/sdk/include/shared
  CC=clang-cl
  ***********************************************************
  Possible missing dependencies.
  See https://github.com/sodiumoxide/sodiumoxide#cross-compiling
  ***********************************************************

  ', /<home>/.cargo/registry/src/github.com-1ecc6299db9ec823/libsodium-sys-0.2.7/build.rs:257:9
  note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Haven't attempted MacOS or iOS yet.

[JelleMillenaar]

@kthecoder Sorry I have no answer for you, but its the exact reason why I opened this issue. Building from Windows seems to be impossible, my developers were able to build from a Linux and MacOS device and cross-compile for Android and IOS. Somehow in Windows, Libsodium just doesn't want to play ball and it hurts adoption of Stronghold.

[kthecoder]

@kthecoder Sorry I have no answer for you, but its the exact reason why I opened this issue. Building from Windows seems to be impossible, my developers were able to build from a Linux and MacOS device and cross-compile for Android and IOS. Somehow in Windows, Libsodium just doesn't want to play ball and it hurts adoption of Stronghold.

Any chance you could share how they were able to compile for Android and iOS?

Yeah I hope I can figure out how to use stronghold, it looks great and easy to use.

I was also considering implementing TPM2 as an alternative using ESAPI. But right now stronghold would be a quicker plug and play solution. ESAPI could take me a long time to figure out and implement.

[Ludea]

I hit this issue too