crypto/elliptic: possible bug with deriving a secret for ApplePay token #28723
Labels
FrozenDueToAge
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes.
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I've got an AP (ApplePay) tokens decryption library (really like all the rest existing in terms of algorithms). It is based on this library: https://github.com/processout/applepay with a few refactors for my app.
The library almost successfully works on production. The problem is, not every token gets decrypted. Sometimes there are tokens which (as far as I've known) for which the secret gets broken. Why and how broken?
Well, every single token gets decrypted without any errors with this library: https://github.com/sidimansourjs/applepay-token, but this is Node and JS. The byte representation of a derived secret in Node (for "bad" tokens) differs from that one in Go by 1 single byte in the beginning, which is sometimes a zero (0), in cases where the Go implementation can't decrypt an AP token. So when Go application can't decode a token, it's always missing a zero in the beginning of a secret, which leads my thoughts there's something wrong with deriving a secret, so probably a bug in
elliptic
or similar.Note, that it doesn't really happen with every token, only like 1/20 of all tokens I get, and those which decrypt successfully by default, do not have a leading zero byte for their derived secret in both implementations.
What did you expect to see?
The same derived secret as in Node JS case, with a fully decrypted plaintext as a result.
What did you see instead?
The secret without a leading zero byte, leading to a failed decrypt result.
The text was updated successfully, but these errors were encountered: