Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: constant time AES and GCM #19413

Open
DemiMarie opened this issue Mar 5, 2017 · 2 comments

Comments

@DemiMarie
Copy link

commented Mar 5, 2017

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

1.7.4

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH=""
GORACE=""
GOROOT="/home/dobenour/archives/go"
GOTOOLDIR="/home/dobenour/archives/go/pkg/tool/linux_amd64"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build902131924=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"

What did you do?

Looked at the Go docs for crypto/aes

What did you expect to see?

That the AES implementation uses bitslicing to make it constant time.

What did you see instead?

That the AES-GCM implementation is not constatn time and is vulnerable to timing attacks.

@ALTree

This comment has been minimized.

Copy link
Member

commented Mar 6, 2017

This is pretty much a dup of #16821 (initially titled: "crypto: non-constant time arithmetic").

gri wrote on that issue:

We certainly can't change the implementation in the near-term - there's too much to change and it's subtle. I let [@]agl weigh in regarding the need to do so in the first place (or not).

At the end it was decided to just update the documentation to make clear what is (or isn't) constant-time.

Making everything constant-time on every system is probably a (very) long-term goal.

@ALTree ALTree changed the title Constant time AES and GCM crypto: constant time AES and GCM Mar 6, 2017

@ALTree ALTree added this to the Unplanned milestone Mar 6, 2017

@bradfitz

This comment has been minimized.

Copy link
Member

commented Mar 6, 2017

Yeah, the docs in 850e55b are sufficient for now.

We can leave this open as a tracking bug, though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.