[tor-bugs] #33464 [Circumvention/Obfs4]: ed25519 has been removed by maintainer, breaking obfs4 builds and go gets
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 12 00:18:03 UTC 2020
#33464: ed25519 has been removed by maintainer, breaking obfs4 builds and go gets
---------------------------------+--------------------------
Reporter: markness@… | Owner: phw
Type: defect | Status: assigned
Priority: Medium | Milestone:
Component: Circumvention/Obfs4 | Version:
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------------+--------------------------
Changes (by phw):
* status: new => assigned
* owner: (none) => phw
Comment:
Langley's now-abandoned repository suggests using golang's
x/crypto/ed25519 instead. This won't help us because obfs4 uses Langley's
extra25519 package (specifically, the functions `ScalarBaseMult` and
`RepresentativeToPublicKey`) which, as far as I can tell, has
[https://github.com/agl/ed25519/issues/27#issuecomment-591073699 only ever
been implemented by Langley]. (On top of that,
[https://github.com/dedis/kyber/issues/117 this implementation may be
incorrect].)
I see three ways to fix this:
1. We could ask how much of this code (if any) golang's x/crypto
maintainer (I believe it's Filippo Valsorda) would be willing to add to
the standard library.
2. We could add these two functions plus the edwards25519 package (there
is golang.org/x/crypto/ed25519/internal/edwards25519 but we cannot use it
because it's an internal package) to obfs4proxy.
3. We could fork github.com/agl/ed25519/ and restore it to its previous
state.
I prefer 1 over 2 over 3.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33464#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list