search

terl / lazysodium-java

A Java implementation of the Libsodium crypto library. For the lazy dev.
https://github.com/terl/lazysodium-java/wiki
Mozilla Public License 2.0
134 stars 46 forks source link

Some sort of memory issue using cryptoBoxKeyPair() #99

Closed Lull3n closed 3 years ago

Lull3n commented 3 years ago

Using the precompiled sodium.so for armv7 running the following:

KeyPair keyPair = lazySodium.cryptoBoxKeypair(); if (!lazySodium.cryptoSignKeypair(keyPair.getPublicKey().getAsBytes(), keyPair.getSecretKey().getAsBytes())) { throw new SodiumException("Could not generate a signing keypair."); } Generates the output: Error in `java': free(): invalid next size (fast): 0xaa9102c8 Aborted I've found the error occurs in the cryptoSignKeypair call, and im fairly sure ive ran the same code before with no issues. But now it allways fails, and i have no idea how to investigate further.

gurpreet- commented 3 years ago

What are you trying to do here?

This Lazy method generates a cryptoBox keypair lazySodium.cryptoBoxKeypair(). This Native method generates a signing keypair lazySodium.cryptoSignKeypair(publicKey, secretKey). 2 things might have happened here:

  1. You want to generate a cryptoBox keypair. In that case the first method is the only one you need.
  2. You want to generate a signing keypair. In that case you can either use the Sign.Lazy lazySodium.cryptoSignKeypair() which does all the magic for you. Or you can use the Sign.Native lazySodium.cryptoSignKeypair(publicKeyBytes, privateKeyBytes) which you need to provide correctly sized empty byte arrays.
Lull3n commented 3 years ago

Hmm maybe I've misunderstood. I figured the second call was some sort of method to verify that the keys are in fact a pair. Unless I'm missing something your example code does this in the same way? See ln 110 -116 in https://github.com/terl/lazysodium-examples/blob/master/java/src/main/java/com/goterl/lazycode/Main.java

Though if the second step is unnecessary I'll just remove it and go about my day? :)

Edit: Oh.... I see what I did here. Apologies for the stupid issue.

gurpreet- commented 3 years ago

I see what's going on. So in that example what I'm doing is being extra lazy 😅 I'm generating a keypair then I'm overwriting them by generating a keypair over that keypair.

I could have easily done this:

byte[] publicKey = randomBytesBuf(Sign.PUBLICKEYBYTES);
byte[] secretKey = randomBytesBuf(Sign.SECRETKEYBYTES);

if (!lazySodium.cryptoSignKeypair(publicKey.getAsBytes(), secretKey.getAsBytes())) {
      throw new SodiumException("Could not generate a signing keypair.");
}

Or if you don't want to deal with byte arrays:

Sign.Lazy cryptoSignLazy = (Sign.Lazy) lazySodium;
String message = "This should get signed";

KeyPair keyPair = cryptoSignLazy.cryptoSignKeypair();
String signed = cryptoSignLazy.cryptoSign(message, keyPair.getSecretKey());

// Now we can verify the signed message.
String resultingMessage = cryptoSignLazy.cryptoSignOpen(signed, keyPair.getPublicKey());
Lull3n commented 3 years ago

Ah ok, thanks! Yeah I guess I must have changed the call to cryptoBox instead of cryptoSign somehow. Cheers for the help, and I'll close the issue seeing as there was none to start off with! :)