Unmaintained dependency github.com/jacobsa/crypto

[piggynl]

Hi developers,

Dependency github.com/jacobsa/crypto is no longer maintained. The latest commit was 3 years ago, and the author isn't responding to new issues and PRs. It fails to build in riscv64 environment now. Do you have any plan to replace this dependency with a well-maintained alternative? Also, I can maintain a fork of it to make it build in riscv64 and accept new changes, so that Charm can use it.

[aymanbagabas]

Hi @piggynl

Why does it fail to build for riscv64? Do you know any well-maintained alternatives?

EDIT: I think this is a good alternative subtle

[piggynl]

Why does it fail to build for riscv64?

Because it misses an implementation of function xorBlock for RISC-V, as jacobsa/crypto#13 mentioned. (Although the code is not used by charm EDIT: it is actually used) jacobsa/crypto#14 adds the implementation.

I think this is a good alternative subtle

I'll take a closer look. 😸

[piggynl]

Hi @aymanbagabas,

Currently, charm uses a 32-byte key (cr.keys[0].Key[:32]) and no additional associated data (AD, the last argument nil)...

charm/crypt/crypt.go

Line 106 in dab882a

ct, err := siv.Encrypt(nil, []byte(cr.keys[0].Key[:32]), []byte(field), nil)

...while github.com/google/tink/go/daead/subtle you mentioned only supports 64-byte keys ...

https://github.com/google/tink/blob/9f30c97cb84b10bbba6978bc9c12c86478024050/go/daead/subtle/aes_siv.go#L63-L64

...and only implemented deterministic authenticated encryption with SIV (the number of components in AD vector is 1).

https://github.com/google/tink/blob/9f30c97cb84b10bbba6978bc9c12c86478024050/go/daead/subtle/aes_siv.go#L114

https://github.com/google/tink/blob/9f30c97cb84b10bbba6978bc9c12c86478024050/go/daead/subtle/aes_siv.go#L131

It appears Google thinks a 32-byte key cannot provide enough security...

...A consequence of this attack is that 128-bit MAC keys give unsufficient security.

https://pkg.go.dev/github.com/google/tink/go/daead/subtle#AESSIV

...so they probably won't consider add support to meet our use. As a result, this package is not we're looking for.

What we're looking for is package implemented AEAD_AES_SIV_CMAC_256 in RFC 5297. There are a few in this GitHub search result, but most of them haven't been updated in years. The last update on github.com/ChandraNarreddy/siv was 5 months ago, but I have no idea how reliable it is too. Do you have any idea?

[piggynl]

I'll use

go mod edit -replace github.com/jacobsa/crypto=github.com/piggynl/jacobsa-crypto@xorblock-generic

(replace github.com/jacobsa/crypto with jacobsa/crypto#14) to make charm build on linux/riscv64 on my side 😸

[paralin]

Ran into this earlier trying to get gocryptfs to build on risc, thanks for looking into it and saving me the hassle @piggynl

[paralin]

@piggynl I'm wondering if it might be good to fork this & maintain it as a different import path if the author doesn't merge.