crypto_generichash_blake2b_salt_personal has another result on x86 emulator

terl / lazysodium-android

An Android implementation of the Libsodium cryptography library. For the lazy dev.

https://github.com/terl/lazysodium-java/wiki

Mozilla Public License 2.0

108 stars 25 forks source link

crypto_generichash_blake2b_salt_personal has another result on x86 emulator #29

Open samosudov opened 5 years ago

samosudov commented 5 years ago

Hey!

Device: Android emulator Pixel 2 API 27 (x86)

I built a test app to demonstrate working the function. https://github.com/samosudov/test-libsodium I've got K variable after doing crypto_generichash_blake2b_salt_personal function. Results from a real device and from emulator are different. Device: K=[30, 124, 96, -39, 26, 25, -21, -24, -11, 38, -119, -118, -9, -119, 89, -7, 111, 66, -6, 41, 62, -78, -68, -60, -118, 33, -117, -58, 85, -110, 65, 102] Emulator: K=[2, 2, -20, -102, 39, 111, -117, 61, 29, -12, -19, 86, -106, -14, -127, -33, 41, -39, -65, 4, 110, -4, -34, 113, -86, -124, 32, 36, -50, 51, 83, 116]

dependencies:

implementation "com.goterl.lazycode:lazysodium-android:4.1.0@aar"
implementation "net.java.dev.jna:jna:5.4.0@aar"

gurpreet- commented 5 years ago

Does the real device have an architecture of x86 just like the emulator?

samosudov commented 5 years ago

Can't check it. Have no real device

gurpreet- commented 5 years ago

Hi just tested this on my device and emulator:

Real device: Samsung Galaxy S10, API 28 (64 bit)
K=[30, 124, 96, -39, 26, 25, -21, -24, -11, 38, -119, -118, -9, -119, 89, -7, 111, 66, -6, 41, 62, -78, -68, -60, -118, 33, -117, -58, 85, -110, 65, 102]

Emulator - Pixel 2, API 25 (32 bit)
K=[30, 124, 96, -39, 26, 25, -21, -24, -11, 38, -119, -118, -9, -119, 89, -7, 111, 66, -6, 41, 62, -78, -68, -60, -118, 33, -117, -58, 85, -110, 65, 102]

Seems to work for me!

Also why aren't you passing a masterKey parameter? As far as I'm aware, the Blake2b function is a key derivation function that puts the derived subkey into the subKey array that you provide.

samosudov commented 5 years ago

I've checked on Emulator - Pixel 2, API 25 x86 (Android Studio emulator), but the result is the same as in my first message. I implemented this functionality (https://github.com/str4d/librustzcash/blob/note-spending-v5/zcash_primitives/src/note_encryption.rs#L175). As I know there is no master key or it's empty. I don't need to use masterkey, but I need to use a personal field.

What kind of emulator do you use, Genymotion?

samosudov commented 4 years ago

@gurpreet- Hi! I found an old device with Android Kitkat (4.4.2), which has the same result as my emulator. It's BQS-4009 (with parameters Build.CPU_ABI = armeabi-v7a and Build.CPU_ABI2 = armeabi). The result of the same code on the device is:

01-22 13:43:02.351 23299-23299/work.samosudov.testlibsodium D/tag: KDFSapling - K=[2, 2, -20, -102, 39, 111, -117, 61, 29, -12, -19, 86, -106, -14, -127, -33, 41, -39, -65, 4, 110, -4, -34, 113, -86, -124, 32, 36, -50, 51, 83, 116]

gurpreet- commented 4 years ago

Hold on, crypto_generichash_blake2b_salt_personal says that if all the parameters are the same then it should have the same resulting K array. More info can be found here https://libsodium.gitbook.io/doc/key_derivation#key-derivation-with-libsodium-less-than-1-0-12