Skip to content
This repository has been archived by the owner on Jul 15, 2018. It is now read-only.

make PrivateKey + Signature comparisons use constant time comparisons #44

Closed
wants to merge 1 commit into from
Closed

make PrivateKey + Signature comparisons use constant time comparisons #44

wants to merge 1 commit into from

Conversation

odeke-em
Copy link
Contributor

Fixes #43

Avoid susceptibility to timing/side channel attacks by ensuring
that private key and signature comparisons use
subtle.ConstantTimeCompare
instead of
bytes.Equal

@odeke-em
make PrivateKey + Signature comparisons use constant time comparisons
3df2ca1 
Fixes #43

Avoid susceptibility to timing/side channel attacks by ensuring
that private key and signature comparisons use
`subtle.ConstantTimeCompare`
instead of
`bytes.Equal`
@ebuchman
Copy link
Contributor

ebuchman commented Oct 26, 2017
edited
Loading

Thanks @odeke-em . Seems like a good idea.

But does it matter for signatures? And where do we even use privKey.Equals ?

@odeke-em
Copy link
Contributor Author

@ebuchman, yeah for signatures I infer that from the case that those are like authenticated messages, but I perhaps am wrong that it doesn't matter.

In regards to where we use PrivKey.Equals, interestingly I don't seem to see usages in our repos.
If the usage/correctness doesn't matter, then perhaps we should delete those otherwise it is something that will get the ears of any auditor burning. I found this by isolating package by package and reading through to ensure just sort of correctness of the code.

@ebuchman
Copy link
Contributor

Hm, seems maybe we can eliminate both Equals ? I see no reason to ever be checking privkey equality like that, and same for signatures? Are we using that anywhere?

@zramsay
Copy link
Contributor

zramsay commented Dec 21, 2017

status?

@ebuchman
Copy link
Contributor

Replaced by https://github.com/tendermint/go-crypto/pull/53/files

@ebuchman ebuchman closed this Dec 22, 2017
@ebuchman
Copy link
Contributor

ebuchman commented Dec 22, 2017
edited
Loading

@odeke-em note subtle uses 1 to denote equality: https://golang.org/pkg/crypto/subtle/#ConstantTimeCompare

Also, is there some reason the signatures need to be checked in constant time?

@odeke-em
Copy link
Contributor Author

Thank you @ebuchman for the refurbish! Mother of God, why did I use 0 instead? Moreover I was somewhat involved in reviewing the original Go package signature IIRC, how could I not catch that.

@odeke-em odeke-em deleted the use-ConstantTimeCompare-instead-of-Equal-for-privKeys+signatures branch December 22, 2017 02:01
@ebuchman
Copy link
Contributor

oh cool - agl doesn't think verify should be in constant time either: golang/crypto@c412588#diff-8183aa2c95dc1385c8f58bf1917fcb0b

@odeke-em
Copy link
Contributor Author

Gotcha gotcha, thanks for the discussion and you called this about signatures not needing constant time comparisons.

@ebuchman ebuchman mentioned this pull request May 14, 2018
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ethanfrey ethanfrey Awaiting requested review from ethanfrey

@ebuchman ebuchman Awaiting requested review from ebuchman

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@odeke-em @ebuchman @zramsay