[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #33464 [Circumvention/Obfs4]: ed25519 has been removed by maintainer, breaking obfs4 builds and go gets



#33464: ed25519 has been removed by maintainer, breaking obfs4 builds and go gets
---------------------------------+--------------------------
 Reporter:  markness@…           |          Owner:  phw
     Type:  defect               |         Status:  assigned
 Priority:  Medium               |      Milestone:
Component:  Circumvention/Obfs4  |        Version:
 Severity:  Major                |     Resolution:
 Keywords:                       |  Actual Points:
Parent ID:                       |         Points:
 Reviewer:                       |        Sponsor:
---------------------------------+--------------------------
Changes (by phw):

 * status:  new => assigned
 * owner:  (none) => phw


Comment:

 Langley's now-abandoned repository suggests using golang's
 x/crypto/ed25519 instead. This won't help us because obfs4 uses Langley's
 extra25519 package (specifically, the functions `ScalarBaseMult` and
 `RepresentativeToPublicKey`) which, as far as I can tell, has
 [https://github.com/agl/ed25519/issues/27#issuecomment-591073699 only ever
 been implemented by Langley]. (On top of that,
 [https://github.com/dedis/kyber/issues/117 this implementation may be
 incorrect].)

 I see three ways to fix this:

 1. We could ask how much of this code (if any) golang's x/crypto
 maintainer (I believe it's Filippo Valsorda) would be willing to add to
 the standard library.

 2. We could add these two functions plus the edwards25519 package (there
 is golang.org/x/crypto/ed25519/internal/edwards25519 but we cannot use it
 because it's an internal package) to obfs4proxy.

 3. We could fork github.com/agl/ed25519/ and restore it to its previous
 state.

 I prefer 1 over 2 over 3.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33464#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs