isis agora lovecruft isislovecruft

## 2019-08-07-dalek-quarkslab-audit-response.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                isislovecruft
                / 2019-08-07-dalek-quarkslab-audit-response.md
            
            
              Created
              August 7, 2019 23:33
            
          
    Notes on 2019 QuarksLab Audit of subtle, curve25519-dalek, and bulletproofs

Date: 07 August 2019
Author: isis agora lovecruft

§4.2.2. Measuring constant-timedness by standard deviation, while
useful for catching glaring mistakes, doesn't quite strike at the
heart of the matter that the instructions generated should not do


## .gitignore
/target
**/*.rs.bk
Cargo.lock

## test-sigspoof.py
#!/usr/bin/env python
#
# Test whether python-gnupg (https://github.com/isislovecruft/python-gnupg),
# *not* Vinay Sajip's vulnerable version (https://bitbucket.org/vinay.sajip/python-gnupg/),
# is also vulnerable.
#
# Authors: isis agora lovecruft <isis@patternsinthevoid.net>

from __future__ import print_function

## fucking-unusable.sh
curl \
  --data-urlencode sig="`\
   echo '{"body":{"key":{"eldest_kid":"0101a8dbef6ea8164aaa7a3616de95a1843c6e1996a5102c90200b54b41ba97de49b0a","fingerprint":"0a6a58a14b5946abde18e207a3adb67a2cdb8b35","full_hash":"99ed12fa1979ef175aecaaf3f0872f9e3ccfd30d1a8dcdf6e756ce0227ce4f80","host":"keybase.io","key_id":"a3adb67a2cdb8b35","kid":"0101a8dbef6ea8164aaa7a3616de95a1843c6e1996a5102c90200b54b41ba97de49b0a","uid":"03a69327bfbb7860c772345076484c19","username":"isislovecruft"},"type":"eldest","version":1},"ctime":1519428650,"expire_in":157680000,"prev":null,"seqno":1,"tag":"signature"}' | \
   gpg -u '0a6a58a14b5946abde18e207a3adb67a2cdb8b35' -a --sign`" \
  --data-urlencode type="eldest" \
  --data-urlencode session="lgHZIDAzYTY5MzI3YmZiYjc4NjBjNzcyMzQ1MDc2NDg0YzE5zlqQo1vOAeEzgNkgNzBmMmUwYzk5M2FiMjNkODQ3N2E1YjE1YTFiOGIxMDLEIOVa/OtsvVcgT66tlmlrIbkALadXIktmr5D4I4HdH2cY" \
  --data-urlencode csrf_token="lgHZIDAzYTY5MzI3YmZiYjc4NjBjNzcyMzQ1MDc2NDg0YzE5zlqQo1vOAAFRgMDEIIyPeDuHFq5EBgnha6MTZ8cSrgXO5XbEKP2QFOENmvD9" \


## gist:ef75792c51a079e6d596f7732c1c1dd9
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBE5qkHABEADVnasCm9w9hUff1E4iKnzcAdp4lx6XU5USmYdwKg2RQt2VFqWQ
Sm1e+7YXbuIsW0rUG26OU/8lyF2f7WHCxTpNt045N6uHP0N3Q14M9b7LuMpllUSc
mUL5rSX8gUiOkvf2q86upYm9KUZiniPhjPZimK8VGnGckh5sDW7uAd49iJLpdnbQ
fReDNlfKcbza5fW+XozGMXE7HvNT0eYgm+grnc1W7YzC6oiJxxHo4DErZmmdil66
iy3tgFSHTJzY686TVaQ7s6o/+p//ZUVNvgmrvXExDhGZszWafY47vD7lRTCO0mkh
x7hC9qT36oyKarfIyY7fREwDt+VE5a8oB0k60q/HmO2FtVkw6FdzsSuEK6CaXIgb
4+ysR8Y84Ybk4CZQ4Lm8coHyGsfDEFPXNbEnwPEAZucfj47KMAuZiLSFj1uz/oZQ
vXxKwH8PtgqOa5ygipI1YP5DKgSl4atP7U1hAb5d1RR/BWArD1ythNtIxeUUqtz0

## gist:8ac1569425fd3d029576f0ebc83933a6
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBE5qkHABEADVnasCm9w9hUff1E4iKnzcAdp4lx6XU5USmYdwKg2RQt2VFqWQ
Sm1e+7YXbuIsW0rUG26OU/8lyF2f7WHCxTpNt045N6uHP0N3Q14M9b7LuMpllUSc
mUL5rSX8gUiOkvf2q86upYm9KUZiniPhjPZimK8VGnGckh5sDW7uAd49iJLpdnbQ
fReDNlfKcbza5fW+XozGMXE7HvNT0eYgm+grnc1W7YzC6oiJxxHo4DErZmmdil66
iy3tgFSHTJzY686TVaQ7s6o/+p//ZUVNvgmrvXExDhGZszWafY47vD7lRTCO0mkh
x7hC9qT36oyKarfIyY7fREwDt+VE5a8oB0k60q/HmO2FtVkw6FdzsSuEK6CaXIgb
4+ysR8Y84Ybk4CZQ4Lm8coHyGsfDEFPXNbEnwPEAZucfj47KMAuZiLSFj1uz/oZQ
vXxKwH8PtgqOa5ygipI1YP5DKgSl4atP7U1hAb5d1RR/BWArD1ythNtIxeUUqtz0

## crypto_digest.rs
/* automatically generated by rust-bindgen */

pub const _STDINT_H: u32 = 1;
pub const _FEATURES_H: u32 = 1;
pub const _DEFAULT_SOURCE: u32 = 1;
pub const _BSD_SOURCE: u32 = 1;
pub const _SVID_SOURCE: u32 = 1;
pub const __USE_ISOC99: u32 = 1;
pub const __USE_ISOC95: u32 = 1;
pub const __USE_POSIX_IMPLICITLY: u32 = 1;

## crypto_digest.rs
/* automatically generated by rust-bindgen */

pub const _STDINT_H: u32 = 1;
pub const _FEATURES_H: u32 = 1;
pub const _DEFAULT_SOURCE: u32 = 1;
pub const _BSD_SOURCE: u32 = 1;
pub const _SVID_SOURCE: u32 = 1;
pub const __USE_ISOC99: u32 = 1;
pub const __USE_ISOC95: u32 = 1;
pub const __USE_POSIX_IMPLICITLY: u32 = 1;

## lib.rs
extern crate rand;

use rand::Rng;
use rand::chacha::ChaChaRng;

const PI: f64 = std::f64::consts::PI;

fn sin(x: f64) -> f64 {
    x.sin()
}

## 0001-Add-wipe_memory-function-like-bzero-3-via-CFFI-for-P.patch
From ac848cc17543b4a2378bfba743b889b5fa1225db Mon Sep 17 00:00:00 2001
From: Isis Lovecruft <isis@torproject.org>
Date: Thu, 9 Jul 2015 01:58:16 +0000
Subject: [PATCH] Add wipe_memory() function, like bzero(3), via CFFI for
 PyStringObjects.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This function would need to be manually called on keys and any other
	#!/usr/bin/env python
	#
	# Test whether python-gnupg (https://github.com/isislovecruft/python-gnupg),
	# not Vinay Sajip's vulnerable version (https://bitbucket.org/vinay.sajip/python-gnupg/),
	# is also vulnerable.
	#
	# Authors: isis agora lovecruft <isis@patternsinthevoid.net>

	from __future__ import print_function
	curl \
	--data-urlencode sig="`\
	echo '{"body":{"key":{"eldest_kid":"0101a8dbef6ea8164aaa7a3616de95a1843c6e1996a5102c90200b54b41ba97de49b0a","fingerprint":"0a6a58a14b5946abde18e207a3adb67a2cdb8b35","full_hash":"99ed12fa1979ef175aecaaf3f0872f9e3ccfd30d1a8dcdf6e756ce0227ce4f80","host":"keybase.io","key_id":"a3adb67a2cdb8b35","kid":"0101a8dbef6ea8164aaa7a3616de95a1843c6e1996a5102c90200b54b41ba97de49b0a","uid":"03a69327bfbb7860c772345076484c19","username":"isislovecruft"},"type":"eldest","version":1},"ctime":1519428650,"expire_in":157680000,"prev":null,"seqno":1,"tag":"signature"}' \| \
	gpg -u '0a6a58a14b5946abde18e207a3adb67a2cdb8b35' -a --sign`" \
	--data-urlencode type="eldest" \
	--data-urlencode session="lgHZIDAzYTY5MzI3YmZiYjc4NjBjNzcyMzQ1MDc2NDg0YzE5zlqQo1vOAeEzgNkgNzBmMmUwYzk5M2FiMjNkODQ3N2E1YjE1YTFiOGIxMDLEIOVa/OtsvVcgT66tlmlrIbkALadXIktmr5D4I4HdH2cY" \
	--data-urlencode csrf_token="lgHZIDAzYTY5MzI3YmZiYjc4NjBjNzcyMzQ1MDc2NDg0YzE5zlqQo1vOAAFRgMDEIIyPeDuHFq5EBgnha6MTZ8cSrgXO5XbEKP2QFOENmvD9" \
	-----BEGIN PGP PUBLIC KEY BLOCK-----

	mQINBE5qkHABEADVnasCm9w9hUff1E4iKnzcAdp4lx6XU5USmYdwKg2RQt2VFqWQ
	Sm1e+7YXbuIsW0rUG26OU/8lyF2f7WHCxTpNt045N6uHP0N3Q14M9b7LuMpllUSc
	mUL5rSX8gUiOkvf2q86upYm9KUZiniPhjPZimK8VGnGckh5sDW7uAd49iJLpdnbQ
	fReDNlfKcbza5fW+XozGMXE7HvNT0eYgm+grnc1W7YzC6oiJxxHo4DErZmmdil66
	iy3tgFSHTJzY686TVaQ7s6o/+p//ZUVNvgmrvXExDhGZszWafY47vD7lRTCO0mkh
	x7hC9qT36oyKarfIyY7fREwDt+VE5a8oB0k60q/HmO2FtVkw6FdzsSuEK6CaXIgb
	4+ysR8Y84Ybk4CZQ4Lm8coHyGsfDEFPXNbEnwPEAZucfj47KMAuZiLSFj1uz/oZQ
	vXxKwH8PtgqOa5ygipI1YP5DKgSl4atP7U1hAb5d1RR/BWArD1ythNtIxeUUqtz0
	/* automatically generated by rust-bindgen */

	pub const _STDINT_H: u32 = 1;
	pub const _FEATURES_H: u32 = 1;
	pub const _DEFAULT_SOURCE: u32 = 1;
	pub const _BSD_SOURCE: u32 = 1;
	pub const _SVID_SOURCE: u32 = 1;
	pub const __USE_ISOC99: u32 = 1;
	pub const __USE_ISOC95: u32 = 1;
	pub const __USE_POSIX_IMPLICITLY: u32 = 1;
	extern crate rand;

	use rand::Rng;
	use rand::chacha::ChaChaRng;

	const PI: f64 = std::f64::consts::PI;

	fn sin(x: f64) -> f64 {
	x.sin()
	}
	From ac848cc17543b4a2378bfba743b889b5fa1225db Mon Sep 17 00:00:00 2001
	From: Isis Lovecruft <isis@torproject.org>
	Date: Thu, 9 Jul 2015 01:58:16 +0000
	Subject: [PATCH] Add wipe_memory() function, like bzero(3), via CFFI for
	PyStringObjects.
	MIME-Version: 1.0
	Content-Type: text/plain; charset=UTF-8
	Content-Transfer-Encoding: 8bit

	This function would need to be manually called on keys and any other