luajitos

IMPORT_EXAMPLE.md (11689B)

---

 # Importing Crypto Library in Other Apps
 
 This document shows how to import and use the crypto library from other LuajitOS applications.
 
 ## Quick Start
 
 ### Step 1: Update Your Manifest
 
 Add `import` and `run` permissions to your app's `manifest.lua`:
 
 ```lua
 return {
     name = "myapp",
     developer = "mydev",
     version = "1.0.0",
     entry = "src/init.lua",
     mode = "cli",  -- or "gui"
     permissions = {
         "stdio",
         "import",  -- Required to import from other apps
         "run"      -- Required to run the crypto app
     }
 }
 ```
 
 ### Step 2: Import Crypto in Your Code
 
 In your `src/init.lua`:
 
 ```lua
 -- Run the crypto app to initialize exports
 run("crypto")
 
 -- Import the crypto library
 local cryptoApp = apps["com.luajitos.crypto"]
 if not cryptoApp then
     print("Error: crypto app not found")
     return
 end
 
 local crypto = cryptoApp:call("crypto")
 if not crypto then
     print("Error: failed to import crypto library")
     return
 end
 
 -- Now you can use all crypto functions!
 local hash = crypto.SHA256("Hello World")
 
 -- Convert binary hash to hex for display
 local function toHex(data)
     local hex = ""
     for i = 1, #data do
         hex = hex .. string.format("%02x", string.byte(data, i))
     end
     return hex
 end
 
 print("SHA256 hash: " .. toHex(hash))
 ```
 
 ## Complete Examples
 
 ### Example 1: Simple Hash Calculator
 
 ```lua
 -- com.mydev.hashcalc/manifest.lua
 return {
     name = "hashcalc",
     developer = "mydev",
     version = "1.0.0",
     entry = "src/init.lua",
     mode = "cli",
     permissions = {"stdio", "import", "run"}
 }
 
 -- com.mydev.hashcalc/src/init.lua
 run("crypto")
 local crypto = apps["com.luajitos.crypto"]:call("crypto")
 
 local function toHex(data)
     local hex = ""
     for i = 1, #data do
         hex = hex .. string.format("%02x", string.byte(data, i))
     end
     return hex
 end
 
 local data = args[1] or "test"
 
 print("Input: " .. data)
 print("MD5:      " .. toHex(crypto.MD5(data)))
 print("SHA1:     " .. toHex(crypto.SHA1(data)))
 print("SHA256:   " .. toHex(crypto.SHA256(data)))
 print("BLAKE2b:  " .. toHex(crypto["BLAKE2b-256"](data)))
 ```
 
 Usage: `hashcalc "hello world"`
 
 ### Example 2: Password Manager
 
 ```lua
 -- com.mydev.pwdmgr/manifest.lua
 return {
     name = "pwdmgr",
     developer = "mydev",
     version = "1.0.0",
     entry = "src/init.lua",
     mode = "cli",
     permissions = {"stdio", "import", "run", "filesystem"}
 }
 
 -- com.mydev.pwdmgr/src/init.lua
 run("crypto")
 local crypto = apps["com.luajitos.crypto"]:call("crypto")
 
 local function toHex(data)
     local hex = ""
     for i = 1, #data do
         hex = hex .. string.format("%02x", string.byte(data, i))
     end
     return hex
 end
 
 local function fromHex(hex)
     local binary = ""
     for i = 1, #hex, 2 do
         local byte = tonumber(hex:sub(i, i+1), 16)
         binary = binary .. string.char(byte)
     end
     return binary
 end
 
 -- Hash a password with a random salt
 local function hashPassword(password)
     local salt = crypto.generateSalt()
     local hash = crypto.PBKDF2(password, salt, 100000, 32)
 
     return {
         salt = toHex(salt),
         hash = toHex(hash)
     }
 end
 
 -- Verify a password against stored hash
 local function verifyPassword(password, salt_hex, hash_hex)
     local salt = fromHex(salt_hex)
     local stored_hash = fromHex(hash_hex)
     local computed_hash = crypto.PBKDF2(password, salt, 100000, 32)
 
     return computed_hash == stored_hash
 end
 
 -- Example usage
 print("Password Manager Example")
 print("")
 
 -- Hash a password
 local password = "MySecurePassword123"
 print("Hashing password: " .. password)
 local result = hashPassword(password)
 print("Salt: " .. result.salt)
 print("Hash: " .. result.hash)
 print("")
 
 -- Verify correct password
 print("Verifying correct password...")
 if verifyPassword(password, result.salt, result.hash) then
     print("✓ Password verified!")
 else
     print("✗ Password verification failed")
 end
 
 -- Verify wrong password
 print("")
 print("Verifying wrong password...")
 if verifyPassword("WrongPassword", result.salt, result.hash) then
     print("✓ Password verified!")
 else
     print("✗ Password verification failed (expected)")
 end
 ```
 
 Usage: `pwdmgr`
 
 ### Example 3: Digital Signature Tool
 
 ```lua
 -- com.mydev.signer/manifest.lua
 return {
     name = "signer",
     developer = "mydev",
     version = "1.0.0",
     entry = "src/init.lua",
     mode = "cli",
     permissions = {"stdio", "import", "run"}
 }
 
 -- com.mydev.signer/src/init.lua
 run("crypto")
 local crypto = apps["com.luajitos.crypto"]:call("crypto")
 
 local function toHex(data)
     local hex = ""
     for i = 1, #data do
         hex = hex .. string.format("%02x", string.byte(data, i))
     end
     return hex
 end
 
 print("Ed25519 Digital Signature Tool")
 print("")
 
 -- Generate keypair
 print("Generating Ed25519 keypair...")
 local pubkey, privkey = crypto.sign.Ed25519.keypair()
 print("Public Key:  " .. toHex(pubkey))
 print("Private Key: " .. toHex(privkey))
 print("")
 
 -- Sign a message
 local message = "This is a signed message"
 print("Signing message: " .. message)
 local signature = crypto.sign.Ed25519.sign(message, privkey)
 print("Signature: " .. toHex(signature))
 print("")
 
 -- Verify signature
 print("Verifying signature...")
 local valid = crypto.sign.Ed25519.verify(message, signature, pubkey)
 if valid then
     print("✓ Signature is VALID")
 else
     print("✗ Signature is INVALID")
 end
 print("")
 
 -- Try to verify tampered message
 local tampered = "This is a tampered message"
 print("Verifying tampered message: " .. tampered)
 local valid2 = crypto.sign.Ed25519.verify(tampered, signature, pubkey)
 if valid2 then
     print("✓ Signature is VALID")
 else
     print("✗ Signature is INVALID (expected)")
 end
 ```
 
 Usage: `signer`
 
 ### Example 4: Key Exchange Demo
 
 ```lua
 -- com.mydev.keyexchange/manifest.lua
 return {
     name = "keyexchange",
     developer = "mydev",
     version = "1.0.0",
     entry = "src/init.lua",
     mode = "cli",
     permissions = {"stdio", "import", "run"}
 }
 
 -- com.mydev.keyexchange/src/init.lua
 run("crypto")
 local crypto = apps["com.luajitos.crypto"]:call("crypto")
 
 local function toHex(data)
     local hex = ""
     for i = 1, #data do
         hex = hex .. string.format("%02x", string.byte(data, i))
     end
     return hex
 end
 
 print("X25519 Diffie-Hellman Key Exchange Demo")
 print("")
 
 -- Alice generates her keypair
 print("Alice generates keypair...")
 local alice_pub, alice_priv = crypto.keyExchange.X25519.keypair()
 print("Alice's public key:  " .. toHex(alice_pub))
 print("Alice's private key: " .. toHex(alice_priv):sub(1, 32) .. "...")
 print("")
 
 -- Bob generates his keypair
 print("Bob generates keypair...")
 local bob_pub, bob_priv = crypto.keyExchange.X25519.keypair()
 print("Bob's public key:  " .. toHex(bob_pub))
 print("Bob's private key: " .. toHex(bob_priv):sub(1, 32) .. "...")
 print("")
 
 -- Alice computes shared secret using her private key and Bob's public key
 print("Alice computes shared secret...")
 local alice_shared = crypto.keyExchange.X25519.sharedSecret(alice_priv, bob_pub)
 print("Alice's shared secret: " .. toHex(alice_shared))
 print("")
 
 -- Bob computes shared secret using his private key and Alice's public key
 print("Bob computes shared secret...")
 local bob_shared = crypto.keyExchange.X25519.sharedSecret(bob_priv, alice_pub)
 print("Bob's shared secret:   " .. toHex(bob_shared))
 print("")
 
 -- Verify they match
 if alice_shared == bob_shared then
     print("✓ Shared secrets match! Secure channel established.")
 else
     print("✗ Shared secrets don't match! Something went wrong.")
 end
 ```
 
 Usage: `keyexchange`
 
 ## Available Crypto Functions
 
 Once you import the crypto library, you have access to:
 
 ### Hashing
 - `crypto.MD5(data)` → 16 bytes
 - `crypto.SHA1(data)` → 20 bytes
 - `crypto.SHA256(data)` → 32 bytes
 - `crypto.SHA512(data)` → 64 bytes
 - `crypto["SHA3-256"](data)` → 32 bytes
 - `crypto["SHA3-512"](data)` → 64 bytes
 - `crypto["BLAKE2b-256"](data)` → 32 bytes
 - `crypto["BLAKE2b-512"](data)` → 64 bytes
 - `crypto.CRC32(data)` → 4 bytes
 
 ### Key Derivation
 - `crypto.PBKDF2(password, salt, iterations, keylen)` → keylen bytes
 - `crypto.Argon2id(password, salt)` → 32 bytes
 - `crypto.generateSalt()` → 32 bytes
 
 ### Digital Signatures (Ed25519)
 - `crypto.sign.Ed25519.keypair()` → (pubkey, privkey)
 - `crypto.sign.Ed25519.sign(data, privkey)` → signature (64 bytes)
 - `crypto.sign.Ed25519.verify(data, signature, pubkey)` → boolean
 
 ### Key Exchange (X25519)
 - `crypto.keyExchange.X25519.keypair()` → (pubkey, privkey)
 - `crypto.keyExchange.X25519.publicKey(privkey)` → pubkey
 - `crypto.keyExchange.X25519.sharedSecret(privkey, pubkey)` → shared_secret (32 bytes)
 
 ### Random Generation
 - `crypto.random(bytes)` → random data
 - `crypto.newKey(bytes)` → random key
 
 ## Helper Functions
 
 You'll often need these helper functions to convert between binary and hex:
 
 ```lua
 -- Convert binary data to hex string
 local function toHex(data)
     if not data then return "nil" end
     local hex = ""
     for i = 1, #data do
         hex = hex .. string.format("%02x", string.byte(data, i))
     end
     return hex
 end
 
 -- Convert hex string to binary data
 local function fromHex(hex)
     if not hex then return nil end
     hex = hex:gsub("%s+", "")  -- Remove whitespace
     if #hex % 2 ~= 0 then
         return nil, "Hex string must have even length"
     end
     local binary = ""
     for i = 1, #hex, 2 do
         local byte = tonumber(hex:sub(i, i+1), 16)
         if not byte then
             return nil, "Invalid hex character at position " .. i
         end
         binary = binary .. string.char(byte)
     end
     return binary
 end
 ```
 
 ## Best Practices
 
 1. **Always check if import succeeded**
    ```lua
    local crypto = apps["com.luajitos.crypto"]:call("crypto")
    if not crypto then
        print("Error: Failed to import crypto")
        return
    end
    ```
 
 2. **Store keys securely**
    - Use the filesystem permission to save keys to `$/data/`
    - Never hardcode keys in your source code
    - Use proper key derivation (PBKDF2/Argon2id) for passwords
 
 3. **Use appropriate hash functions**
    - **Passwords**: Use PBKDF2 or Argon2id (with salt and high iterations)
    - **File integrity**: Use SHA256 or BLAKE2b
    - **Quick checksums**: Use CRC32 (not cryptographically secure)
 
 4. **Handle binary data correctly**
    - All crypto functions return binary data
    - Use `toHex()` or base64 encoding for storage/display
    - Use `fromHex()` or base64 decoding when loading keys
 
 5. **Understand key sizes**
    - Ed25519: 32-byte public key, 64-byte private key
    - X25519: 32-byte keys
    - PBKDF2/Argon2id: Configurable output length
    - Random/keys: Specify desired byte count
 
 ## Troubleshooting
 
 ### "Error: crypto app not found"
 - Make sure you have the `run` permission in your manifest
 - The crypto app must be installed at `/apps/com.luajitos.crypto/`
 
 ### "Error: failed to import crypto library"
 - Make sure you have the `import` permission in your manifest
 - Ensure you ran `run("crypto")` before trying to import
 
 ### "Attempt to access undefined global: crypto"
 - The crypto library must be imported, it's not automatically available
 - Follow the import steps above
 
 ### Binary data looks garbled
 - Crypto functions return binary data, not strings
 - Always use `toHex()` or base64 encoding to display binary data
 
 ## Notes
 
 - The crypto library is already available globally in the sandbox, but importing via the crypto app provides a consistent interface
 - All cryptographic operations are performed in C for performance
 - The import mechanism ensures the crypto app is loaded before use
 - Multiple apps can import crypto simultaneously without conflicts