New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/crypto: NaCl compatibility not clear #33109
Comments
Why do you think the x/crypto implementations don't interoperate with NaCl's crypto_box? Did you test it? If so, please provide the code for your tests. Isn't libsodium's crypto_box_easy supposed to be the same as djb NaCl's crypto_box? Libsodium just offers an additional detached mode (called crypto_box_detached) that allows you to write the tag somewhere else instead of prepending it to the ciphertext. |
@flyn-org Have you tested either with tweetNaCl/20140427/tweetnacl.{h,c} ? P.S. Check whether your NaCl code fulfills all "caller must ensure" points of NaCl documentation like:
|
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
The original NaCl API is bizarre to the point of being perplexing and unsafe, so while x/crypto/nacl is interoperable with it, it doesn't match its idiosyncrasies, so doesn't require the same padding. If you use the more reasonable "easy" libsodium API, or if you properly apply padding as required by the original NaCl API, you should find it to interoperate correctly with x/crypto/nacl. (If not, please open a new issue!) |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes.
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I spent some time investigating the compatibility of golang.org/x/crypto/nacl/box/ with DJB's NaCL and libsodium.
What did you expect to see?
The documentation at https://godoc.org/golang.org/x/crypto/nacl/box states "This package is interoperable with NaCl: https://nacl.cr.yp.to/box.html," so I expected the package's Seal function would produce ciphertext that NaCl's crypto_box_open function could decrypt.
What did you see instead?
After some experimentation, I found that the Go package instead seem to be compatible with libsodium's "easy" API. That is, Seal produces ciphertext that crypto_box_open_easy will decrypt, and crypto_box_easy produces ciphertext that Open will decrypt.
I recommend amending the documentation at https://godoc.org/golang.org/x/crypto/nacl/box to provide more clarity about this. I wrote some sample programs in Go and C which might help illustrate this.
The text was updated successfully, but these errors were encountered: