korlibs-archive / krypto Goto Github PK

View Code? Open in Web Editor NEW

140.0 140.0 20.0 421 KB

Pure Kotlin cryptography library for Multiplatform Kotlin 1.3

Home Page: https://korlibs.soywiz.com/krypto

License: Other

Kotlin 97.23% Shell 1.46% Batchfile 1.31%

krypto's People

Contributors

Stargazers

Watchers

Forkers

paycoin-com psihaker4 felipehjcosta saschpe janstoltman lastprofane penn5 xuxiangjun umeshdangat ignaciocarrionn mercandj yipchung6 cybernetics wiltonlazary razvizion dmitrykolesnikovich yfn020 roshanrajaratnam brammos

krypto's Issues

SecureRandom seeding

It would be useful if we can add a seed to the SecureRandom (i.e. mix in some entropy from a remote server). This is available on JVM through java.security.SecureRandom.setSeed - Reseeds this random object. The given seed supplements, rather than replaces, the existing seed. Thus, repeated calls are guaranteed never to reduce randomness.

Adapt to UByteArray

I try to convert encrypting/decrypting from OpenSSL.

My IV contains values that is larger than Byte.MAX_VALUE.

Now, krypto handles them as negative values.

val iv = arrayOf(
    0xF3, 0xF3, 0xF3, 0xF3, 0xF3, 0xF3, 0xF3, 0xF3,
    0xF3, 0xF3, 0xF3, 0xF3, 0xF3, 0xF3, 0xF3, 0xF3
)
.map { it.toByte() }
.toByteArray()

SecureRandom should have companion object

The current SecureRandom implementation is designed as an object. It should be implemented as a class with a companion, or (more restrictively and IMHO worse) as an object, because it is ultimately calling static (root-level) functions and properties

Restore SecureRandom open class + companion object while not causing mutability exceptions on K/N

Relates to #33

Gradle metadata

Ideally this and your other libraries would be published with Gradle Metadata enabled. That would drastically simplify usage. It's not final yet, thus currently it comes down to adding this to the library's settings.gradle:

enableFeaturePreview("GRADLE_METADATA")

"com.soywiz.krypto.SecureRandom.nextBytes" fails with the error "Method myPid in android.os.Process not mocked. See http://g.co/androidstudio/not-mocked for details"

The error appears in Kotlin multi-platform project when I run the test where com.soywiz.krypto.SecureRandom.nextBytes is used via Task :<sub project name>:testDebugUnitTest

StackTrace

Method myPid in android.os.Process not mocked. See http://g.co/androidstudio/not-mocked for details.
java.lang.RuntimeException: Method myPid in android.os.Process not mocked. See http://g.co/androidstudio/not-mocked for details.
	at android.os.Process.myPid(Process.java)
	at com.soywiz.krypto.PRNGFixes.generateSeed(PRNGFixes.kt:314)
	at com.soywiz.krypto.PRNGFixes.access$generateSeed(PRNGFixes.kt:30)
	at com.soywiz.krypto.PRNGFixes$LinuxPRNGSecureRandom.engineNextBytes(PRNGFixes.kt:243)
	at java.base/java.security.SecureRandom.nextBytes(SecureRandom.java:754)
	at com.soywiz.krypto.SecureRandomJvmKt.fillRandomBytes(SecureRandomJvm.kt:13)
	at com.soywiz.krypto.SecureRandom.nextBytes(SecureRandom.kt:23)
	at kotlin.random.Random.nextBytes(Random.kt:253)
	at kotlin.random.Random.nextBytes(Random.kt:260)
	...

Library version - 2.4.12
Gradle version - 7.0.2
Java version - 11
Kotlin multi-platform plugin version - 1.6.0
Android library plugin - 4.1.2

AES example

Hi,

I face difficulties to use AES to encrypt/decrypt a string. Can you please provide an example?
Example: "Hello World"

PBKDF2

Newer version

Hey guys, any plan to distribute a new version? The latests available version on maven is 0.4.0.

Deployment

Hey, are you gonna deploy new version somewhere? I found only 0.4.0 in jcenter repo and that is quite old different from the code here ;)
Cheers!

Could not resolve com.soywiz.korlibs.krypto:krypto-metadata:1.9.2.

This works fine when using gradle 4.10.1

however, it fails using gradle 6.1.1,

repositories in build.gradle

repositories {
    google()
    jcenter()
    maven { url "https://kotlin.bintray.com/kotlinx" }
    maven { url 'https://dl.bintray.com/kotlinx/kotlinx' }
    maven { url "https://jitpack.io" }
    maven { url "http://dl.bintray.com/kotlin/ktor" }
    maven { url "https://dl.bintray.com/korlibs/korlibs" }
    maven { url 'https://dl.bintray.com/kotlin/kotlin-js-wrappers' }
    mavenCentral()
}

Console output

Could not resolve com.soywiz.korlibs.klock:klock-metadata:1.8.9.
     Required by:
         project : > com.github.andylamax.asoft-auth:asoft-auth-metadata:30.0.0
      > Unable to find a matching variant of com.soywiz.korlibs.klock:klock-metadata:1.8.9:
          - Variant 'metadata-api' capability com.soywiz.korlibs.klock:klock-metadata:1.8.9:
              - Incompatible attributes:
                  - Required org.gradle.usage 'kotlin-runtime' and found incompatible value 'kotlin-api'.
                  - Required org.jetbrains.kotlin.platform.type 'js' and found incompatible value 'common'.
              - Other attribute:
                  - Found org.gradle.status 'release' but wasn't required.
   > Could not resolve com.soywiz.korlibs.krypto:krypto-metadata:1.9.2.
     Required by:
         project : > com.github.andylamax.asoft-auth:asoft-auth-metadata:30.0.0
      > Unable to find a matching variant of com.soywiz.korlibs.krypto:krypto-metadata:1.9.2:
          - Variant 'metadata-api' capability com.soywiz.korlibs.krypto:krypto-metadata:1.9.2:
              - Incompatible attributes:
                  - Required org.gradle.usage 'kotlin-runtime' and found incompatible value 'kotlin-api'.
                  - Required org.jetbrains.kotlin.platform.type 'js' and found incompatible value 'common'.
              - Other attribute:
                  - Found org.gradle.status 'release' but wasn't required.

What am I doing wrong?

This happens with the klock lib too

Cannot access class 'com.soywiz.krypto.Hash'. Check your module classpath for missing or conflicting dependencies

from below function

fun String.hash256(): String {
var byteArray = this.encodeToByteArray()
var sha = SHA256.digest(byteArray)
return sha.base64
}

base64 url safe encoder

Currently, the base64 encoder is not url safe. It would be nice to have an option for that. According to the RFC 4648, you just have to replace the "+" and "/" here with "-" and "_".

Missing Android published libraries

I noticed that there isn't any new library for Android platform published into bintray after 1.7.1 although the others platforms have new version. Is the Android platform deprecated?

Kotlin 1.3.40

Hey!

Any plan to support Kotlin 1.3.40?

Thanks!

Incompatible abi version when building in xcode

Project could be built on Android but not iOS, I got the following error messages:
I have checked the gradle cache directory, files are there, I also tried to manually copy those files to the mentioned directories, but it still say not found:

e: Could not find "/Users/raymond/.gradle/caches/modules-2/files-2.1/com.soywiz.korlibs.krypto/krypto-iosx64/2.2.0/67ae17ccbc8347dd875721555ebaf9e1a5e5b0d6/krypto.klib" in [/Users/raymond/workspace/9gag-ios/Pods, /Users/raymond/.konan/klib, /Users/raymond/.konan/kotlin-native-prebuilt-macos-1.5.10/klib/common, /Users/raymond/.konan/kotlin-native-prebuilt-macos-1.5.10/klib/platform/ios_x64]

Krypto verison: 2.2.0

ArrayIndexOutOfBoundsException when decoding base64

Hi,

With Kotlin 1.4.10 and Krypto 2.0.0 I have an ArrayIndexOutOfBoundsException when I try to decode
the payload example JWT at https://jwt.io/.

val payload = Base64.decode("eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ")

2020-11-27 10:09:05.331 13401-13401/com.ale.rainbowsdk2.androidApp E/AndroidRuntime: FATAL EXCEPTION: main
    Process: com.ale.rainbowsdk2.androidApp, PID: 13401
    java.lang.ArrayIndexOutOfBoundsException: length=74; index=74
        at com.soywiz.krypto.encoding.Base64.readU8(Base64.kt:83)
        at com.soywiz.krypto.encoding.Base64.decode(Base64.kt:38)
        at com.soywiz.krypto.encoding.Base64.decode(Base64.kt:18)
        at com.soywiz.krypto.encoding.Base64.decodeIgnoringSpaces(Base64.kt:22)
        at com.ale.rainbowsdk2.shared.RainbowApi.getExpiredTime(RainbowApi.kt:128)
        ...

Any plan to support kotlin 1.4?

hi, just curious if there is any timeline to support kotlin 1.4?

Typo in public API function name

https://github.com/korlibs/krypto/blob/master/krypto/src/commonMain/kotlin/com/soywiz/krypto/AES.kt#L173
Function is misspelled