Rethink sodiumoxidez fork

[Dhole]

sodiumoxidez was the fork I made of sodiumoxide that adds the functions to convert from ed25519 to curve25519 which in the original sodiumoxide, but it's implemented in libsodium. Maybe instead of using a fork we should solve this via the kuska-crypto crate? Or maybe we could keep sodiumoxidez and move it here?

[adria0]

It seems that sodiumoxide is not going to add this functionality that has been requested for near 5 years, see https://github.com/sodiumoxide/sodiumoxide/issues/85, https://github.com/sodiumoxide/sodiumoxide/issues/165, sodiumoxide/sodiumoxide#343 and sodiumoxide/sodiumoxide#361.

I prefer writing our own kuska-crypto crate #7 option instead forking it

[Dhole]

I prefer writing our own kuska-crypto crate #7 option instead forking it

Sounds good to me! We can keep this issue open until we make the kuska-crypto crate.

[adria0]

What about forking the last version of sodioumoxide repo in this org, adding the changes you made and using it? The current forked version you used have a ugly security advisory:

ID:       RUSTSEC-2019-0026
Crate:    sodiumoxide
Version:  0.2.4
Date:     2019-10-11
URL:      https://rustsec.org/advisories/RUSTSEC-2019-0026
Title:    generichash::Digest::eq always return true
Solution:  upgrade to >= 0.2.5
Dependency tree: 
sodiumoxide 0.2.4

[llebout]

@adria0 they're annoying, we're asking for typesafe libsodium bindings, not arguments on whether libsodium apis are cryptographically safe or not. smh.