Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: constant time AES and GCM #19413

Open
DemiMarie opened this issue Mar 5, 2017 · 2 comments
Open

crypto: constant time AES and GCM #19413

DemiMarie opened this issue Mar 5, 2017 · 2 comments
Milestone

Comments

@DemiMarie
Copy link

@DemiMarie DemiMarie commented Mar 5, 2017

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

1.7.4

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH=""
GORACE=""
GOROOT="/home/dobenour/archives/go"
GOTOOLDIR="/home/dobenour/archives/go/pkg/tool/linux_amd64"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build902131924=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"

What did you do?

Looked at the Go docs for crypto/aes

What did you expect to see?

That the AES implementation uses bitslicing to make it constant time.

What did you see instead?

That the AES-GCM implementation is not constatn time and is vulnerable to timing attacks.

@ALTree
Copy link
Member

@ALTree ALTree commented Mar 6, 2017

This is pretty much a dup of #16821 (initially titled: "crypto: non-constant time arithmetic").

gri wrote on that issue:

We certainly can't change the implementation in the near-term - there's too much to change and it's subtle. I let [@]agl weigh in regarding the need to do so in the first place (or not).

At the end it was decided to just update the documentation to make clear what is (or isn't) constant-time.

Making everything constant-time on every system is probably a (very) long-term goal.

@ALTree ALTree changed the title Constant time AES and GCM crypto: constant time AES and GCM Mar 6, 2017
@ALTree ALTree added this to the Unplanned milestone Mar 6, 2017
@bradfitz
Copy link
Contributor

@bradfitz bradfitz commented Mar 6, 2017

Yeah, the docs in 850e55b are sufficient for now.

We can leave this open as a tracking bug, though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.