Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto: edwards25519.go has unnecessary code that does not appear in reference or other implementations #37536

Closed
WernerVasquez opened this issue Feb 28, 2020 · 4 comments
Closed

x/crypto: edwards25519.go has unnecessary code that does not appear in reference or other implementations #37536

WernerVasquez opened this issue Feb 28, 2020 · 4 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unreleased

Comments

@WernerVasquez
Copy link

WernerVasquez commented Feb 28, 2020
edited

The following code located at https://github.com/golang/crypto/blob/2aa609cf4a9d7d1126360de73b55b6002f9e052a/ed25519/internal/edwards25519/edwards25519.go#L750 is unnecessary and is not in the reference or many other widely used implementations:

		FeToBytes(&tmpX, &p.X)
		for i, v := range tmpX {
			tmp2[31-i] = v
		}

While FeToBytes does change the form of p.X, but it does not impact the point represented by p.

tmpX and tmp2 are never used for anything beyond this snippet.

Obviously, the declaration of the variables at line 738 is also not needed.

See the following to verify this code is not present in the ref10 implementation:

https://github.com/floodyberry/supercop/blob/a351f2c29235512a042d4b6989d241a67e86ad23/crypto_sign/ed25519/ref10/ge_frombytes.c#L42

Perhaps this was debugging code that was left in on accident? Or is there some real utility that I am just not seeing?
@gopherbot gopherbot added this to the Unreleased milestone Feb 28, 2020
@ALTree
Copy link
Member

ALTree commented Feb 28, 2020

cc @FiloSottile

@ALTree ALTree added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Feb 28, 2020
@ALTree ALTree changed the title x/crypto: ed25519/internal/edwards25519/edwards25519.go Unnecessary code that does not appear in reference or other implementations x/crypto: edwards25519.go has nnecessary code that does not appear in reference or other implementations Feb 28, 2020
@ALTree ALTree changed the title x/crypto: edwards25519.go has nnecessary code that does not appear in reference or other implementations x/crypto: edwards25519.go has unnecessary code that does not appear in reference or other implementations Feb 28, 2020
@WernerVasquez
Copy link
Author

@FiloSottile It seems questionable to have off reference code with no documented purpose in a crypto package.

It is especially strange since it "appears" to do nothing.

It doesn't change the answer.

It does process a meaningful number. It changes the representation of that number. But to what end....?

I'd like to believe it is there to mitigate some side channel attack. But without any documentation, I am far more concerned that it could create a side channel attack.

@AlexanderYastrebov
Copy link
Contributor

So it looks like that stdlib now contains maintained implementation and x/crypto/ed25519 is a wrapper

@FiloSottile
Copy link
Contributor

Indeed, it looks like a debugging leftover to extract the big-endian value of the x coordinate. It does not make any secret-dependent branch or index, so it's not a side channel concern. Anyway, it's gone with the new, more documented edwards255119 implementation.

@golang golang locked and limited conversation to collaborators Oct 17, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
5 participants
@AlexanderYastrebov @FiloSottile @ALTree @gopherbot @WernerVasquez