[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #22006 [Core Tor/Tor]: prop224: Validate ed25519 pubkeys to remove torsion component
#22006: prop224: Validate ed25519 pubkeys to remove torsion component
-------------------------------------------------+-------------------------
Reporter: asn | Owner: asn
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone: Tor:
| 0.3.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hs, prop224, ed25519, review- | Actual Points:
group-18 |
Parent ID: #21888 | Points:
Reviewer: nickm, isis | Sponsor:
| SponsorR-can
-------------------------------------------------+-------------------------
Comment (by isis):
Replying to [comment:17 isis]:
> Replying to [comment:14 nickm]:
> > I left some quick notes on the patch. I need somebody mathy to look
at the actual multiplication functions
A couple minor things:
* In `ed25519_donna_scalarmult_with_group_order()` since it's unpacking
the public key from bytes into a point, perhaps we should not ignore the
return value of `ge25519_unpack_negative_vartime()`, since the latter
function will return 0 if the point wasn't on the curve (refer to the
`check ← sqrt(u/v)` comment from my code above for what the check in the
unpacking function is doing).
* The cleanups at the end of
`ed25519_donna_scalarmult_with_group_order()` seem like they might be
unnecessary overhead, since all those variables are public, but it doesn't
really harm anything to memwipe them.
LGTM though.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22006#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs