rmculpepper / crypto Goto Github PK

View Code? Open in Web Editor NEW

17.0 17.0 13.0 2.63 MB

Racket 99.95% Shell 0.05%

racket

crypto's People

Contributors

Stargazers

Watchers

Forkers

qingyunapp dstorrs jaromirmuller ogennadi soegaard soapdog bogdanp gr-qft m4burns evdubs samth noahstorym hglabplh-tech

crypto's Issues

tests fail on HEAD/release pkg build

See errors here: https://plt.cs.northwestern.edu/release-pkg-build/server/built/test-fail/crypto-test.txt and https://plt.cs.northwestern.edu/pkg-build/server/built/test-fail/crypto-test.txt

The errors look like:


raco test: (submod "/home/root//user/.local/share/racket/snapshot/pkgs/crypto-test/tests/test.rkt" test)
test.rkt: racket test: #<<non-empty stderr
--------------------
kdfs > libcrypto > crypto tests > Unnamed test
ERROR
name:       check-equal?
location:   kdf.rkt:48:8

match: no matching clause for '#hash(($id . scrypt) (ln . 15) (p . 1) (pwhash . #"?\34\353\373\363]\363\377T\177\367\3170&\31\305\321\362\255\251Uv\302\23\371\362>\1f\322\34B") (r . 8) (salt . #"x\240\31Ci\241E\206\330J\ff\372\213\265Z"))
--------------------

One possibility is that the machine running these tests has different software or hardware, and these tests do not adapt properly.

/usr/lib/libnettle.so: undefined symbol: nettle_hashes

I have version 3.5.1-2 of the nettle library on manjaro linux. I'm running Racket CS v7.5. I get this error when trying to run an application that uses racket/crypto

/home/pltbuild/build/plt-cs-release/bundle/racket/share/pkgs/drracket/drracket/private/stack-checkpoint.rkt:40:30: ffi-obj: could not find export from foreign library
  name: nettle_hashes
  library: libnettle.so
  system error: /usr/lib/libnettle.so: undefined symbol: nettle_hashes

Looking up symbols in libnettle.so gets me this:

$ nm -gD /usr/lib/libnettle.so | grep hashes
0000000000018bc0 T nettle_get_hashes
0000000000038360 D _nettle_hashes

An update to libnettle has changed the api

Updating libnettle to /usr/local/Cellar/nettle/3.6/lib/libnettle.8.0.dylib broke crypto.

The problem is that libnettle has libnettle_hashes from a C function to a C macro.
Now one must use nettle_get_hashes instead:

https://www.lysator.liu.se/~nisse/nettle/nettle.html#nettle_005fhash-abstraction

The error I get, when I try to use crypto is:

ffi-obj: couldn't get "nettle_hashes" from "libnettle.dylib" (dlsym(0x7f8a0152d190, nettle_hashes): symbol not found)
  context...:
   "/Users/soegaard/Library/Racket/7.5/pkgs/crypto-lib/private/nettle/ffi.rkt": [running body]

New Function Names in OpenSSL 3

Hi,

The Linux distribution I use (Ubuntu 22.04) recently migrated to using OpenSSL 3. OpenSSL 3 has some API/ABI changes. In particular,

EVP_MD_size -> EVP_MD_get_size
EVP_MD_block_size -> EVP_MD_get_block_size

in ffi.rkt and digest.rkt needed to be added/changed for the library to work for me. Is there a way to incorporate these new function names as a fall back in case the original functions aren't found?

Exposing more of libsodium high-level APIs

Hi,

I'm working with the Secure Scuttlebutt protocol which makes heavy use of many high-level libsodium APIs. I noticed that this package is not exposing sealed and secret boxes and other features from that library.

I don't know if the maintainers of this package are interested in such features or if I should work on creating a separate sodium package. I decided to check here if a PR for such features is OK before I start coding anything.

generate-private-key: could not get implementation

When I run

(require crypto crypto/sodium racket/match)
(crypto-factories sodium-factory)
(define alice:privkey (generate-private-key 'ecx '((curve x25519))))

then on my macosx I get error:

generate-private-key: could not get implementation
  algorithm: 'ecx

I have no idea what is wrong.

I my ubuntu machine it works fine.

Thank you for any help.

Recommended process or abstraction for modern asymmetric encryption

Cryptographic right answers says about asymmetric encryption:

Of all the cryptographic “right answers”, this is the one you’re least likely to get right on your own. Don’t freelance public key encryption, and don’t use a low-level crypto library like OpenSSL or BouncyCastle.

Well, but I want to do want to use asymmetric encryption, and it's probably correct that unless (and maybe even if) I use RSA (which doesn't seem recommended anymore), I'm probably going to get this wrong.

What's recommended is that someone who moderately knows what they're doing implements all the pieces to give something that's safe-ish. What libsodium provides is its sealed boxes abstraction.

For my own selfish purposes, it would be extra nice if this could use the same encryption primitives as Tor v3 onion addresses, which is to say ed25519/curve25519. But this isn't strictly necessary.

Unhandled errors when trying to use crypto.

Hi, I got this error trying to use crypto:


crypto: EVP_CIPHER_CTX_new: internal error: unhandled error
 No such file or directory [system library:fopen:33558530]

crypto: EVP_CIPHER_CTX_new: internal error: unhandled error
 no such file [BIO routines:BIO_new_file:537317504]

crypto: EVP_CIPHER_CTX_new: internal error: unhandled error
 system lib [x509 certificate routines:X509_load_cert_crl_file:185090050]

And yet the operation I'm calling succeeds.

Fails to get-kdf on current Racket CS

Hy Ryan.

I've been having trouble getting the password hashing to work with Racket CS built from the current master. Here's what I'm seeing on Racket v7.7.0.4 [cs] with libargon2 installed from Bogdan's https://github.com/Bogdanp/racket-libargon2

#lang racket

(require crypto
         crypto/argon2)

#;(parameterize ((crypto-factories (list argon2-factory)))
    (pwhash 'argon2id #"mypassword" '((t 1000) (m 4096) (p 1))))

;; =>

; pwhash: could not get implementation
;   KDF: 'argon2id
; Context:
;  .../crypto-lib/main.rkt:460:0 pwhash
;  .../private/arrow-val-first.rkt:489:18


(get-kdf 'argon2id (list argon2-factory))

;; =>

#f

;; Do factories hide their identity or does this mean object sets itself to #f at some point?
(object-info argon2-factory)
#f
#t

(require setup/dirs)
(get-lib-search-dirs)

;; =>

'(#<path:/Users/russki/Library/Racket/development/lib>
  #<path:/Users/russki/Code/racket-cs/racket/lib>)

Dylib appears where it needs to be:

~/Code/racket-cs/racket/lib $ nm -gU libargon2.dylib
0000000000009080 D _FLAG_clear_internal_memory
0000000000002380 T _allocate_memory
0000000000000db0 T _argon2_ctx
0000000000001b60 T _argon2_encodedlen
0000000000001b30 T _argon2_error_message
0000000000000e70 T _argon2_hash
0000000000005910 T _argon2_thread_create
0000000000005950 T _argon2_thread_exit
0000000000005940 T _argon2_thread_join
0000000000000d50 T _argon2_type2string
00000000000011f0 T _argon2_verify
0000000000001490 T _argon2_verify_ctx
0000000000001650 T _argon2d_ctx
00000000000010d0 T _argon2d_hash_encoded
0000000000001120 T _argon2d_hash_raw
0000000000001630 T _argon2d_verify
0000000000001680 T _argon2d_verify_ctx
0000000000001660 T _argon2i_ctx
0000000000001040 T _argon2i_hash_encoded
0000000000001090 T _argon2i_hash_raw
0000000000001620 T _argon2i_verify
0000000000001810 T _argon2i_verify_ctx
0000000000001670 T _argon2id_ctx
0000000000001160 T _argon2id_hash_encoded
00000000000011b0 T _argon2id_hash_raw
0000000000001640 T _argon2id_verify
00000000000019a0 T _argon2id_verify_ctx
0000000000006a30 T _b64len
0000000000005150 T _blake2b
0000000000005000 T _blake2b_final
0000000000004530 T _blake2b_init
0000000000004640 T _blake2b_init_key
0000000000004430 T _blake2b_init_param
0000000000005300 T _blake2b_long
0000000000004850 T _blake2b_update
0000000000002460 T _clear_internal_memory
0000000000001c20 T _copy_block
0000000000005960 T _decode_string
0000000000006100 T _encode_string
0000000000003650 T _fill_first_blocks
0000000000002f30 T _fill_memory_blocks
0000000000006ab0 T _fill_segment
00000000000024b0 T _finalize
0000000000002400 T _free_memory
0000000000002e80 T _index_alpha
0000000000001c10 T _init_block_value
00000000000040d0 T _initial_hash
0000000000004310 T _initialize
0000000000006a70 T _numlen
0000000000002480 T _secure_wipe_memory
0000000000003500 T _validate_inputs
0000000000001c30 T _xor_block

Related issue Bogdanp/koyo#18

crypto: internal error: invalid version string: "1.10.1-unknown"

I use Racket 8.5, Linux.

The following problem occurs when executing (require crypto/all) after I install crypto:

crypto: internal error: invalid version string: "1.10.1-unknown"

Error in example crypto/examples/signing-ec

I get an error running the example crypto/examples/signing-ec under OSX.

BC

generate-private-key: could not get implementation
  algorithm: 'ec
  context...:
   /Users/ayman/Library/Racket/8.1-bc/pkgs/crypto-lib/main.rkt:708:0: generate-private-key
   "/Users/ayman/Library/Racket/8.1-bc/pkgs/crypto-doc/examples/signing-ec.rkt": [running body]

CS

racket(27006,0x10acd3e00) malloc: *** error for object 0x10a5a5548: pointer being realloc'd was not allocated
racket(27006,0x10acd3e00) malloc: *** set a breakpoint in malloc_error_break to debug
[1]    27006 abort      racket -l crypto/examples/signing-ec

libnettle is installed on my system, although I don't know whether it is 3.6 (as brew reports) or 8 as the filename would suggest.

Racket BC doesn't find the library, while Racket CS seems to find it fine.

$ /Applications/Racket\ v8.1/bin/racket
Welcome to Racket v8.1 [bc].
> (require crypto/private/nettle/ffi)
> libnettle
#f
> nettle-load-error
"ffi-lib: couldn't open \"libnettle.8.dylib\" (dlopen(libnettle.8.dylib, 6): image not found)"

$ racket
Welcome to Racket v8.1.0.6 [cs].
> (require crypto/private/nettle/ffi)
> libnettle
#<ffi-lib>

I've tried hardcoding the library path for BC to see if I can change its behaviour, but it still gives me the same error, so I may be barking up the wrong tree.

Encrypt: could not get implementation

I am working on problem 7 of cryptopals [1], but I am getting could not get implementation.

> (define key (generate-cipher-key '(aes ecb)))
>  (define iv (generate-cipher-iv '(aes ecb)))
> key
#"\321h8~FO\203\3478\273\264\337\317=W\345"
> iv
#""
> (define ciphertext (encrypt '(aes ecb) key iv "Hello world!"))
. . encrypt: could not get implementation
  cipher: '(aes ecb)

[1] https://cryptopals.com/sets/1/challenges/7

(require crypto/libcrypto) Fails On Fedora 26

In crypto-lib/private/libcrypto/pkey.rkt the function builtin-curve-nids maps car over the curve-table ,which as documented, may have a #f value for some key.

;; curve-table : Hash[String => (cons Nat String/#f)] ;; <-- #f is possible and must be accounted for
(define curve-table (make-hash))

On my Fedora 26 system this is in fact the case and the map call in builtin-curve-nids fails, which in turn causes a (require crypto/libcrypto) to fail.

A fix would be to filter #f values and leaving only the pairs for map car to operate on.

(define builtin-curve-nids (map car (filter (λ (x) x) (hash-values curve-table))))