[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-developers] gnunet-go status update
|
From: |
Bernd Fix |
|
Subject: |
[GNUnet-developers] gnunet-go status update |
|
Date: |
Sat, 7 Sep 2019 08:37:25 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 |
After running more and longer tests I noticed that about every 16th
ECDHE key exchanged failed (shared secret mimatch). The investigation
lead to a problem in the copied and re-used package source from
golang.org/x/crypto/ed25519. The interal scalar multiplication for a
point returns the wrong result if the scalar has a bitlen <= 248 (that
is, has the most significant byte of its binary representation set to zero).
This bug does not "disturb" the EdDSA key generation (the private scalar
is always large enough, because it is generated that way). Even the
EdDSA signing and verification algos work OK with it.
I filed an issue with the Golang people
(https://github.com/golang/go/issues/34122), but I consider it unlikely
that the "bug" will be fixed at all - I even believe that it is on
purpose (optimization).
So I wrote a functional, but less performant Ed25519 implementation by
re-using the ECC stuff I did for the bitcoin package in the Gospel
library. The new code is now also part of it
(https://github.com/bfix/gospel/tree/master/crypto/ed25519).
I am using that package in gnunet-go for now; all unit tests pass but I
am certain there will be a few minor glitches when it comes to actually
using it in processing GNUnet messages.
Therefore I would appreciate feedback (and bug reports); anyone playing
around with gnunet-go needs to update:
$ go get -u github.com/bfix/gospel/...
$ cd gnunet-go
$ git pull
Cheers, Bernd.
- [GNUnet-developers] gnunet-go status update,
Bernd Fix <=