haxefoundation / crypto Goto Github PK

Description

I want to secure session related data by encrypting it, and being able to retreive it by decrypting it.

I ran into an error trying to run this snippet (taken from the README example)

import haxe.io.Bytes;
import haxe.crypto.mode.Mode;
import haxe.crypto.padding.Padding;
import haxe.crypto.Aes;

@:nullSafety(Strict)
final class Main {
  static var key = "";

  public static function main() {
    final aes : Aes = new Aes();

    final key = Bytes.ofHex("603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4");
    final text = Bytes.ofString("Haxe - The Cross-platform Toolkit");
    final iv: Bytes = Bytes.ofHex("4F021DB243BC633D7178183A9FA071E8");

    aes.init(key,iv);

    // Encrypt
    final data = aes.encrypt(Mode.CTR, text, Padding.NoPadding);
  }
}

And I get this error:

haxe.io.Bytes should be String

Around the last line (I supposed it is related to the second parameter.

Additional data

• Haxe version: 4.1.5
• Target: PHP
• Package version: 0.3.0 and 1.0.2-alpha
• OS: Alpine (over Docker for Windows 10)

It would be nice to publish this to haxelib. It'll probably also need a haxelib.json file.

Please provide support for PKCS5 padding. Currently it supports only PKCS7.

A reference to PKCS5 can be found on sowyiz.crypto.

It said support Aes , but does not mention which one
does the default is 256 bit , or which one ?
if supported , how to set it ?

It appears that you went backwards in version numbering, which is potentially confusing and dangerous (especially for an encryption library, which needs to be held to a high standard, considering the security implications). Luckily, it seems that haxelib install crypto installs version 0.4.0 correctly, but the Haxelib website still says that 1.0.2-alpha is the newest version (which it isn't, obviously).

I hope that you will consider making the next published version be 1.5.0 or 2.0.0 (or anything higher than 1.0.2) instead of 0.5.0.

I did some test with string éあ😂 and this give different length 9 and 4 with different Haxe 4 version.
What should be the correct length ? I think this is the problem for Sha256 particulary here in s.length) :

var h = sh.doEncode(str2blks(s), s.length*8);

Sha256
Test string: éあ😂
Length: 9
Version: Haxe 4.0.0-preview.4+1e3e5e016
Result : d0230b8d8ac2d6d0dbcee11ad0e0eaa68a6565347261871dc241571cab591676
Correct !

Test string: éあ😂
Length: 4
Version: Haxe development
Result : e662834bdc1a099b9f7b8d97975a1b1d9b6730c991268bba0e7fe7427e68be74
Incorrect

Like the titel says: Rsa Support.

First stuff that we need is a bigint class.
i don't know where it fits. But i think BigInt should be directly in the core haxe repo?

Can I expect this library should work with haxe 3?

Haxe 4.2.4 / PHP 8.1.0 with crypto 1.0.2-alpha.

If I generate a SHA-256 hash code using the PHP hash function:

trace(php.Global.hash("sha256", "FooBar123"));
// 77853caf12f9d2020f3715accd9c7b15738705daf03650906af17a7a655c2ee2

If I generate the same SHA-256 hash code using the haxe.crypto.Sha256 class... without the crypto library enabled:

trace(haxe.crypto.Sha256.encode("FooBar123"));
// 77853caf12f9d2020f3715accd9c7b15738705daf03650906af17a7a655c2ee2

If I generate the same SHA-256 hash code using the haxe.crypto.Sha256 class... with the crypto library enabled:

trace(haxe.crypto.Sha256.encode("FooBar123"));
// c029836676a2e454cdafcd48507c211c8d52f0e06db9bd6d7a409fcf970f57c6 => What?!?

It seems that PR #12 was not released on Haxelib...
https://lib.haxe.org/p/crypto/1.0.2-alpha/files/crypto-1.0.2-alpha/src/haxe/crypto/Sha256.hx

...and it seems that there is a difference between the implementations provided by this package and the Haxe standard library.

Hello! I'm encountering an issue with the library. After successfully compiling the code, I'm trying to execute the resulting neko file. However, I'm getting an Uncaught exception - load.c(398) : Invalid module : main.n error. This seems to be a neko-specific issue rather than a problem with the library itself. This happened once I imported the haxe.crypto.Poly1305 library into the project

Steps to reproduce:

1. Download the library using haxelib git crypto https://github.com/HaxeFoundation/crypto
2. Compile the code using haxe -main Main --neko main.n -L crypto.
3. Attempt to execute the neko file using neko main.n.
4. Get the Uncaught exception - load.c(398) : Invalid module : main.n error

Expected behavior:
The neko file should execute without any errors.

Actual behavior:
An Uncaught exception - load.c(398) : Invalid module : main.n error is encountered.

Additional information:
Operating system: Windows 10 22H2
Haxe version: 4.2.5
Neko version: 2.3.0

Any kind of help would be appreciated, thank you! :3

Request

Add a SHA-512 implementation to the package haxe.crypto.

Details

This implementation should be based on the NIST FIPS 180 Secure Hash Standard:
https://csrc.nist.gov/pubs/fips/180-4/upd1/final
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf

This implementation should be modeled after the existing class haxe.crypto.Sha256 as a template for usage, exposing similar static functions encode(String):String and make(haxe.io.Bytes):haxe.io.Bytes, and including similar designs/patterns for other non-exposed functions/fields.

Suggested Code Change

I can start off by submitting a pull request to show what this would look like.

Additional Thoughts

A shared base class or even just shared interfaces should also be added for defining any overlaps between the various SHA classes. This is not being included as part of this request since that effort would ideally be done under a different ticket w/ a larger scope, as it would involve refactoring all existing SHA implementations.

Just found out about https://lib.haxe.org/p/haxe-crypto/
Maybe the work there should be merged with it ? we maybe don't need two crypto libraries.

Tests currently fail on PHP. Can we make them not fail on PHP?

AesTest.hx failed on import with error "Type not found : haxe.crypto.Aes".

I think the problem is because haxe compiler search in his repository in haxe.crypto package , but Aes class exist in same package haxe.crypto , but in crypto repository .

I set classpath in https://github.com/HaxeFoundation/crypto/blob/master/tests/compile.hxml to be "src" and "../src" , but it doesn't help.

For me , package haxe.crypto is logical choice for crypto repository data, for severa reasons:

1. If old projects install crypto package , they still can use Hmac, Sha256 , Sha224 without to change any code.
2. Crypto repository can be consider as crypto+ against haxe.crypto in haxe repository and both can work in parallel

import haxe.io.*;
import haxe.crypto.*;

class Main {
  static function main() {
    var decrypted = Bytes.ofHex('124c4e4243484b473030303531320000000c03000000000000000000001b03064327020c850308200002095e020b160a0d00ff00e7000080000097');
    var key = Bytes.ofHex('79ddd935f38f2a99cead496b9ef75f4d');
    var iv = Bytes.ofHex('b5cb4d8dd2c2fc705e10a825000043fd');
    var encrypted = Bytes.ofHex('6ac6e4f866d87942eeb002baf7b2c9d7f600bc639f30c90baffc20d7eacb83472a20d03f60e9348a651f138ffb44e27306fd3b39b5595086b491ac');
    var aes = new Aes();
    aes.init(key, iv);
    
    
    trace('encrpyt:    ${decrypted.toHex()}');
    trace('with key:   ${key.toHex()}');
    trace('with iv:    ${iv.toHex()}');
    var enc = aes.encrypt(CTR, decrypted, NoPadding);
    trace('expected:   ${encrypted.toHex()}');
    trace('calculated: ${enc.toHex()}');
    trace('match:      ' + (enc.toHex() == encrypted.toHex()));
  }
} 

result:

encrpyt:    124c4e4243484b473030303531320000000c03000000000000000000001b03064327020c850308200002095e020b160a0d00ff00e7000080000097
with key:   79ddd935f38f2a99cead496b9ef75f4d
with iv:    b5cb4d8dd2c2fc705e10a825000043fd
expected:   6ac6e4f866d87942eeb002baf7b2c9d7f600bc639f30c90baffc20d7eacb83472a20d03f60e9348a651f138ffb44e27306fd3b39b5595086b491ac
calculated: 6ac6e4f866d87942eeb002baf7b2c9d7f600bc639f30c90baffc20d7eacb83472a20d03f60e9348a651f138ffb44e2732a3858f61514161820ae9c
match:      false

The expected value is obtained from this or this site. Note that the value generated by this lib is correct up to the 48-th byte (total is 59 bytes), so I think the issue may be related to 16-byte blocks / paddings.

First word from the test pass, all other failed.
The problem is not reproducible from my side ( on my PC ) and for that reason don't know how to fix it.
The only things which is different is using of BytesBuffer class and clear with new BytesBuffer();

BCrypt is way too slow . For rounds=10 should give ~10 hashes/sec , now give 1 hash for 10 sec.

These is because Feistel function ( i.e. f( x : Int ) ) .
For some reason bit shift operation are too slow in Haxe or it's maybe other specific issue.

Simple bcrypt hash for 10 rounds with salt = $2a$10$/OxwMgmw06Zkhz/SLgc.4u and text = some_text will take about 10 seconds.
Final result is : $2a$10$/OxwMgmw06Zkhz/SLgc.4uYyFJfaVs5/O.1.8Z9dPYIDxio8Jpc6W

Right now haxe.crytop.Sha256 and friends require all the data to be hashed to be in RAM before hashing. This means it cannot be used to eg hash large files. It would be good to provide an incremental hashing function with .update() method as is found in other ecosystems.

E.g. here: https://github.com/HaxeFoundation/crypto/blob/master/src/haxe/crypto/Aes.hx#L10

Vector is significantly faster on some targets.