Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crypto: Implement secp256r1 in constant time #245

Closed
kevaundray opened this issue Mar 28, 2019 · 1 comment · Fixed by #352
Closed

Crypto: Implement secp256r1 in constant time #245

kevaundray opened this issue Mar 28, 2019 · 1 comment · Fixed by #352
Labels
I3 Minimal impact security Affects security
Milestone
v0.50.0

Comments

@kevaundray
Copy link
Contributor

No description provided.

@hal0x2328 hal0x2328 added the I3 Minimal impact label Mar 29, 2019
@roman-khimov roman-khimov mentioned this issue Aug 9, 2019
Closed
@roman-khimov
Copy link
Member

No need to implement it, just use P256 from crypto/elliptic (see discussion in #81 also).

roman-khimov added a commit that referenced this issue Aug 26, 2019
@roman-khimov
_pkg.dev: drop crypto/elliptic
651e4d7 
It's the same implementation that we have in pkg/crypto (based on
https://github.com/vsergeev/btckeygenie) but with tests preserved. I don't see
any reason to port tests from it because even the pkg/crypto copy should go
away to fix #245.
@roman-khimov roman-khimov reopened this Aug 30, 2019
roman-khimov added a commit that referenced this issue Sep 4, 2019
@roman-khimov
crypto: drop home-grown elliptic crypto, use crypto/elliptic
39981af 
As NEO uses P256 we can use standard crypto/elliptic library for almost
everything, the only exception being decompression of the Y coordinate. For
some reason the standard library only supports uncompressed format in its
Marshal()/Unmarshal() functions. elliptic.P256() is known to have
constant-time implementation, so it fixes #245 (and the decompression using
big.Int operates on public key, so nobody really cares about that part being
constant-time).
@roman-khimov roman-khimov mentioned this issue Sep 4, 2019
Merged
@roman-khimov roman-khimov added the security Affects security label Sep 4, 2019
@roman-khimov roman-khimov added this to the v0.5.0 milestone Sep 4, 2019
roman-khimov added a commit that referenced this issue Sep 4, 2019
@roman-khimov
crypto: drop home-grown elliptic crypto, use crypto/elliptic
0f324d0 
As NEO uses P256 we can use standard crypto/elliptic library for almost
everything, the only exception being decompression of the Y coordinate. For
some reason the standard library only supports uncompressed format in its
Marshal()/Unmarshal() functions. elliptic.P256() is known to have
constant-time implementation, so it fixes #245 (and the decompression using
big.Int operates on public key, so nobody really cares about that part being
constant-time).
roman-khimov added a commit that referenced this issue Sep 5, 2019
@roman-khimov
crypto: drop home-grown elliptic crypto, use crypto/elliptic
16900ba 
As NEO uses P256 we can use standard crypto/elliptic library for almost
everything, the only exception being decompression of the Y coordinate. For
some reason the standard library only supports uncompressed format in its
Marshal()/Unmarshal() functions. elliptic.P256() is known to have
constant-time implementation, so it fixes #245 (and the decompression using
big.Int operates on public key, so nobody really cares about that part being
constant-time).
roman-khimov added a commit that referenced this issue Sep 5, 2019
@roman-khimov
crypto: drop home-grown elliptic crypto, use crypto/elliptic
f0fbe9f 
As NEO uses P256 we can use standard crypto/elliptic library for almost
everything, the only exception being decompression of the Y coordinate. For
some reason the standard library only supports uncompressed format in its
Marshal()/Unmarshal() functions. elliptic.P256() is known to have
constant-time implementation, so it fixes #245 (and the decompression using
big.Int operates on public key, so nobody really cares about that part being
constant-time).

New decompress function is inspired by
https://stackoverflow.com/questions/46283760, even though the previous one
really did the same thing just in a little less obvious way.
roman-khimov added a commit that referenced this issue Sep 5, 2019
@roman-khimov
Merge pull request #352 from nspcc-dev/drop-bad-crypto-fix-245
bcd81bc 
Really simplifies our crypto library and fixes #245.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
I3 Minimal impact security Affects security
Projects
None yet
Milestone
v0.50.0
Development

Successfully merging a pull request may close this issue.

Drop bad crypto, fix 245 nspcc-dev/neo-go
4 participants
@volekerb @roman-khimov @hal0x2328 @kevaundray