Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/ed25519: document whether Verify is constant time #21137

Closed
kevinburke opened this issue Jul 24, 2017 · 2 comments
Closed

x/crypto/ed25519: document whether Verify is constant time #21137

kevinburke opened this issue Jul 24, 2017 · 2 comments
Labels
Documentation FrozenDueToAge
Milestone
Unreleased

Comments

@kevinburke
Copy link
Contributor

There have been some questions whether this function runs in constant time or not. I assume it does, otherwise there would be no reason to call subtle.ConstantTimeCompare on the last line of the function, but it would be good to double check, and/or document this.
@gopherbot gopherbot added this to the Unreleased milestone Jul 24, 2017
@agl
Copy link
Contributor

agl commented Aug 3, 2017

It does not, since it operates only on public data. The use of ConstantTimeCompare at the end is just out of habit and is misleading. I'll change that.

@agl agl self-assigned this Aug 3, 2017
@gopherbot
Copy link

Change https://golang.org/cl/53074 mentions this issue: ed25519: don't use constant-time functions in Verify.

maxtaco pushed a commit to keybase/go-crypto that referenced this issue Mar 28, 2018
@agl @maxtaco
ed25519: don't use constant-time functions in Verify.
91ed0d3 
Verify operates only on public data and thus is not constant-time. The
use of a constant-time function in Verify was thus misleading.

Fixes golang/go#21137

Change-Id: I1ff5a0371fbe8abe62420f19acf3e416fe1b1428
Reviewed-on: https://go-review.googlesource.com/53074
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Kevin Burke <kev@inburke.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
MeABc pushed a commit to MeABc/bogo that referenced this issue Apr 20, 2018
@agl @MeABc
ed25519: don't use constant-time functions in Verify.
ee6ea5a 
Verify operates only on public data and thus is not constant-time. The
use of a constant-time function in Verify was thus misleading.

Fixes golang/go#21137

Change-Id: I1ff5a0371fbe8abe62420f19acf3e416fe1b1428
Reviewed-on: https://go-review.googlesource.com/53074
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Kevin Burke <kev@inburke.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
MeABc pushed a commit to MeABc/bogo that referenced this issue Apr 20, 2018
@agl @MeABc
ed25519: don't use constant-time functions in Verify.
afd9ea6 
Verify operates only on public data and thus is not constant-time. The
use of a constant-time function in Verify was thus misleading.

Fixes golang/go#21137

Change-Id: I1ff5a0371fbe8abe62420f19acf3e416fe1b1428
Reviewed-on: https://go-review.googlesource.com/53074
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Kevin Burke <kev@inburke.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
MeABc pushed a commit to MeABc/bogo that referenced this issue Apr 25, 2018
@agl @MeABc
ed25519: don't use constant-time functions in Verify.
6bf9bae 
Verify operates only on public data and thus is not constant-time. The
use of a constant-time function in Verify was thus misleading.

Fixes golang/go#21137

Change-Id: I1ff5a0371fbe8abe62420f19acf3e416fe1b1428
Reviewed-on: https://go-review.googlesource.com/53074
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Kevin Burke <kev@inburke.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
MeABc pushed a commit to MeABc/bogo that referenced this issue Jun 10, 2018
@agl @MeABc
ed25519: don't use constant-time functions in Verify.
eaaf778 
Verify operates only on public data and thus is not constant-time. The
use of a constant-time function in Verify was thus misleading.

Fixes golang/go#21137

Change-Id: I1ff5a0371fbe8abe62420f19acf3e416fe1b1428
Reviewed-on: https://go-review.googlesource.com/53074
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Kevin Burke <kev@inburke.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
MeABc pushed a commit to MeABc/bogo that referenced this issue Jul 7, 2018
@agl @MeABc
ed25519: don't use constant-time functions in Verify.
03b209d 
Verify operates only on public data and thus is not constant-time. The
use of a constant-time function in Verify was thus misleading.

Fixes golang/go#21137

Change-Id: I1ff5a0371fbe8abe62420f19acf3e416fe1b1428
Reviewed-on: https://go-review.googlesource.com/53074
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Kevin Burke <kev@inburke.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
MeABc pushed a commit to MeABc/bogo that referenced this issue Jul 30, 2018
@agl @MeABc
ed25519: don't use constant-time functions in Verify.
3d92c45 
Verify operates only on public data and thus is not constant-time. The
use of a constant-time function in Verify was thus misleading.

Fixes golang/go#21137

Change-Id: I1ff5a0371fbe8abe62420f19acf3e416fe1b1428
Reviewed-on: https://go-review.googlesource.com/53074
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Kevin Burke <kev@inburke.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
@golang golang locked and limited conversation to collaborators Aug 3, 2018
MeABc pushed a commit to MeABc/bogo that referenced this issue Aug 6, 2018
@agl @MeABc
ed25519: don't use constant-time functions in Verify.
ef6cdce 
Verify operates only on public data and thus is not constant-time. The
use of a constant-time function in Verify was thus misleading.

Fixes golang/go#21137

Change-Id: I1ff5a0371fbe8abe62420f19acf3e416fe1b1428
Reviewed-on: https://go-review.googlesource.com/53074
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Kevin Burke <kev@inburke.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
MeABc pushed a commit to MeABc/bogo that referenced this issue Aug 25, 2018
@agl @MeABc
ed25519: don't use constant-time functions in Verify.
aae9268 
Verify operates only on public data and thus is not constant-time. The
use of a constant-time function in Verify was thus misleading.

Fixes golang/go#21137

Change-Id: I1ff5a0371fbe8abe62420f19acf3e416fe1b1428
Reviewed-on: https://go-review.googlesource.com/53074
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Kevin Burke <kev@inburke.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 28, 2022
@agl
ed25519: don't use constant-time functions in Verify.
3fd6870 
Verify operates only on public data and thus is not constant-time. The
use of a constant-time function in Verify was thus misleading.

Fixes golang/go#21137

Change-Id: I1ff5a0371fbe8abe62420f19acf3e416fe1b1428
Reviewed-on: https://go-review.googlesource.com/53074
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Kevin Burke <kev@inburke.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
c-expert-zigbee added a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 29, 2022
@c-expert-zigbee
ed25519: don't use constant-time functions in Verify.
50a350f 
Verify operates only on public data and thus is not constant-time. The
use of a constant-time function in Verify was thus misleading.

Fixes golang/go#21137

Change-Id: I1ff5a0371fbe8abe62420f19acf3e416fe1b1428
Reviewed-on: https://go-review.googlesource.com/53074
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Kevin Burke <kev@inburke.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
@rsc rsc unassigned agl Jun 23, 2022
LewiGoddard pushed a commit to LewiGoddard/crypto that referenced this issue Feb 16, 2023
@agl
ed25519: don't use constant-time functions in Verify.
e3119f3 
Verify operates only on public data and thus is not constant-time. The
use of a constant-time function in Verify was thus misleading.

Fixes golang/go#21137

Change-Id: I1ff5a0371fbe8abe62420f19acf3e416fe1b1428
Reviewed-on: https://go-review.googlesource.com/53074
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Kevin Burke <kev@inburke.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
BiiChris pushed a commit to BiiChris/crypto that referenced this issue Sep 15, 2023
@agl
ed25519: don't use constant-time functions in Verify.
e22e052 
Verify operates only on public data and thus is not constant-time. The
use of a constant-time function in Verify was thus misleading.

Fixes golang/go#21137

Change-Id: I1ff5a0371fbe8abe62420f19acf3e416fe1b1428
Reviewed-on: https://go-review.googlesource.com/53074
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Kevin Burke <kev@inburke.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Documentation FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@agl @kevinburke @gopherbot