Fatal error with Sodium\hex2bin

[raghuveer]

Our PHP application is working correctly with Halite 1.0 on PHP 5.6 and corresponding Libsodium and PECL Libsodium.

Recently, we started migrating our application to Halite v3.2.0, and we are receiving error, as below,

Fatal error: Uncaught Error: Call to undefined function Sodium\hex2bin() in /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php:676
Stack trace:
#0 /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php(587): ParagonIE\Halite\KeyFactory::loadKeyFile('/home/uatpgsw/g...')
#1 /home/uatpgsw/public_html/index.php(267): ParagonIE\Halite\KeyFactory::loadEncryptionKeyPair('/home/uatpgsw/g...')
#2 {main}
thrown in /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php on line 676

Our dev system has:

• PHP v7.0.26
• Libsodium: v1.0.9
• PECL libsodium v2.0.10

When I run the following:

<?php var_dump([ SODIUM_LIBRARY_MAJOR_VERSION, SODIUM_LIBRARY_MINOR_VERSION, SODIUM_LIBRARY_VERSION ]); ?>

the response is as follows:

array(3) { [0]=> int(9) [1]=> int(6) [2]=> string(6) "1.0.14" }

Please share, if I am missing something or do we specifically need to use the older versions like PECL Libsodium 1.0.6 / 2.0.4, along with PHP v7.0 and Libsodium v1.0.9, as documented in https://github.com/paragonie/halite?

thank you

[raghuveer]

I did change \Sodium\hex2bin to sodium_hex2bin

Now, I get the following error,

Fatal error: Uncaught Error: Call to undefined function Sodium\memzero() in /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php:678 Stack trace: #0 /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php(587): ParagonIE\Halite\KeyFactory::loadKeyFile('/home/uatpgsw/g...') #1 /home/uatpgsw/public_html/index.php(267): ParagonIE\Halite\KeyFactory::loadEncryptionKeyPair('/home/uatpgsw/g...') #2 {main} thrown in /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php on line 678

When tried replacing, \Sodium\memzero with sodium_memzero, this error got subsided too.

an update

P.S. will share, if I have any further issues, thank you

[raghuveer]

Now, I get the following error,

Fatal error: Uncaught Error: Undefined constant 'Sodium\CRYPTO_GENERICHASH_BYTES_MAX' in /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php:699 Stack trace: #0 /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php(681): ParagonIE\Halite\KeyFactory::getKeyDataFromString('1@\x01\x00\xF0\xA0\xB6\x8DSX\xAE\x80\xCB\xC0h...') #1 /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php(587): ParagonIE\Halite\KeyFactory::loadKeyFile('/home/uatpgsw/g...') #2 /home/uatpgsw/public_html/index.php(267): ParagonIE\Halite\KeyFactory::loadEncryptionKeyPair('/home/uatpgsw/g...') #3 {main} thrown in /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php on line 699

hope, we should not use values of constants directly from https://paragonie.com/book/pecl-libsodium/read/01-quick-start.md

please suggest, thank you

[sstok]

PECL libsodium as of version 2 no longer uses namespaces but underscore functions.
When you use the correct version of Halite this should work as expected.
https://github.com/paragonie/halite#installing-halite

PHP 7.0 is reaching end of life soon, you should upgrade to PHP 7.1 or better PHP 7.2 which has Libsodium build-in (2.0, so remember to use the underscored function names).

Secondly, you shoudn't hack into Halite as this may cause problems with interoperability.

[raghuveer]

Dear Mr.Sebastiaan

thanks for the quick response.

Does Halite v3.2.0 support PHP v7.1 Branch?
if so, which versions of Libsodium and PECL Libsodium, do I use w.r.t. latest minor version of PHP v7.1 Branch?

Alternatively, if we have to choose PHP v7.2.0, that is released a week before, only Halite 4 will be the option know?

Moreover, we currently, use a Control Panel (CPanel), to manage our dev server.

I am looking at all possible options, please share your inputs,

thank you

[paragonie-security]

Does Halite v3.2.0 support PHP v7.1 Branch?
if so, which versions of Libsodium and PECL Libsodium, do I use w.r.t. latest minor version of PHP v7.1 Branch?

Our supported versions are in this table on the README: https://github.com/paragonie/halite#installing-halite

Alternatively, if we have to choose PHP v7.2.0, that is released a week before, only Halite 4 will be the option know?

No, I'm fairly sure Halite 3 will work on PHP 7.2, but you'll be better served with version 4, which will be supported when support for versions 2 and 3 are dropped.

[raghuveer]

Thanks for the confirmation,

we will test and share updates

[raghuveer]

Our Dev Environment:

• PHP 7.2.0

• Libsodium v1.0.14

• PECL Libsodium v2.0.10

I had downloaded Halite v4.01. While I donot use composer, and since, we keep libraries, outside webroot, I did change the $basedir, to reflect the correct path, in the autoload.php code.

irrespective of whether, I use manual includes, of all library files or when using the above approach, I am finding a common error, when loading the previously saved Asymmetric Encryption KeyPair:

Fatal error: Uncaught Error: Class 'ParagonIE\ConstantTime\Hex' not found in /home/uatpgsw/app/includes/halite-v401/src/KeyFactory.php:677 Stack trace: #0 /home/uatpgsw/app/includes/halite-v401/src/KeyFactory.php(588): ParagonIE\Halite\KeyFactory::loadKeyFile('/home/uatpgsw/g...') #1 /home/uatpgsw/public_html/index.php(352): ParagonIE\Halite\KeyFactory::loadEncryptionKeyPair('/home/uatpgsw/g...') #2 {main} thrown in /home/uatpgsw/app/includes/halite-v401/src/KeyFactory.php on line 677
Do I need to specifically uninstall PECL Libsodium v2.0.10, since, I have PHP 7.2.0 and Libsodium 1.0.14?

can someone, share, where I am doing wrong?

thanks alot, for the quick response :)

[paragonie-scott]

While I donot use composer, and since, we keep libraries, outside webroot, I did change the $basedir, to reflect the correct path.

Use composer.

Alternatively, make sure you install this library too, which is listed in the require block in composer.json.

If you're on PHP 7.2, you shouldn't need anything from PECL.

[raghuveer]

Thanks a lot Mr.Scott

I will do as you suggested,

[raghuveer]

Thanks a lot Mr.Scott, the Hex Encoding issue seems to be resolved, I now get the following error,

Fatal error:  Uncaught Error: Call to undefined function sodium_memzero() in /home/uatpgsw/app/includes/halite-v401/src/KeyFactory.php:678
Stack trace:
#0 /home/uatpgsw/app/includes/halite-v401/src/KeyFactory.php(588): ParagonIE\Halite\KeyFactory::loadKeyFile('/home/uatpgsw/g...')
#1 /home/uatpgsw/public_html/index.php(354): ParagonIE\Halite\KeyFactory::loadEncryptionKeyPair('/home/uatpgsw/g...')
#2 {main}
  thrown in /home/uatpgsw/app/includes/halite-v401/src/KeyFactory.php on line 678

the following is the code, I see, in the Keyfactory.php page

/**
     * Read a key from a file, verify its checksum
     * 
     * @param string $filePath
     * @return HiddenString
     * @throws Alerts\CannotPerformOperation
     */
    protected static function loadKeyFile(string $filePath): HiddenString
    {
        $fileData = \file_get_contents($filePath);
        if ($fileData === false) {
            throw new Alerts\CannotPerformOperation(
                'Cannot load key from file: '. $filePath
            );
        }
        $data = Hex::decode($fileData);
        \sodium_memzero($fileData);
        return new HiddenString(
            self::getKeyDataFromString($data)
        );
    }

your help is really appreciated :)

[paragonie-scott]

Uhhhh, what. sodium_memzero() must exist or else something screwy is going on. Can you run ParagonIE\Halite\Halite::isLibsodiumSetupCorrectly(true) and paste the output? (Note, use three backticks followed by a newline to open a code block, and then follow it up with the same thing.)

```
code
```

[raghuveer]

echo ParagonIE\Halite\Halite::isLibsodiumSetupCorrectly(true);

Result:

You do not have the sodium extension enabled.

I did ask our server admin, to uninstall PECL Libsodium v2.0.10 only.

While sodium_memzero is correct, is the following, in the loadKeyFile() function correct?

\sodium_memzero($fileData);

[paragonie-scott]

Yes, it's wiping data from memory after it builds it into a key object.

[raghuveer]

thank you for the update,

seeing this, http://php.net/manual/en/function.sodium-memzero.php

am I doing something wrong somewhere? I got the PECL Libsodium v2.0.10 uninstalled, after you confirmed,

please share your inputs, thank you

[paragonie-scott]

The manual entry was auto-generated. There is no length argument.

If ParagonIE\Halite\Halite::isLibsodiumSetupCorrectly() does not return TRUE, install PECL libsodium again just to be sure.

[raghuveer]

the PECL Libsodium v2.0.10 is re-installed now.

if (ParagonIE\Halite\Halite::isLibsodiumSetupCorrectly(true) === true) {
	echo "true";
}

results in:

true

Sample Anonymous Asymmetric Encryption code:

$sealed = \ParagonIE\Halite\Asymmetric\Crypto::seal(
    new HiddenString(
        "Your message here. Any string content will do just fine."
    ),
    $public_key
);
echo "sealed: <br>" . $sealed . "<br><hr><br>";

Result:

Fatal error:  Uncaught Error: Class 'HiddenString' not found in /home/uatpgsw/public_html/index.php:386
Stack trace:
#0 {main}
  thrown in /home/uatpgsw/public_html/index.php on line 386

As the auto loader code, will include this src/HiddenString.php file, do i still try to manually attempt, to include this, or some other error scenario?

please share your inputs,

thank you

[raghuveer]

when I run the following:

var_dump([
    SODIUM_LIBRARY_MAJOR_VERSION,
    SODIUM_LIBRARY_MINOR_VERSION,
    SODIUM_LIBRARY_VERSION
]);

Result:
array(3) { [0]=> int(9) [1]=> int(6) [2]=> string(6) "1.0.14" }

[paragonie-scott]

As the auto loader code, will include this src/HiddenString.php file, do i still try to manually attempt, to include this, or some other error scenario?

You need a use statement, or to refer to it by its fully qualified class name (ParagonIE\Halite\HiddenString).

[raghuveer]

now, it is working, Thanks a lot Mr.Scott and Paragonie-security and Mr.Sebastian as well, everyone, for helping me, with Libsodium issues and in the process of migration to latest version of v4.01, from Halite 1.5

[paragonie-scott]

Happy to hear it. 👍