Re: [CFRG] Proposed resolution for erratum 5930 on RFC 8032

Ilari Liusvaara <ilariliusvaara@welho.com> Mon, 18 January 2021 05:52 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0C793A1030 for <cfrg@ietfa.amsl.com>; Sun, 17 Jan 2021 21:52:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.009, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V4CgEfIpXejE for <cfrg@ietfa.amsl.com>; Sun, 17 Jan 2021 21:52:29 -0800 (PST)
Received: from welho-filter3.welho.com (welho-filter3b.welho.com [83.102.41.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43A0C3A1028 for <cfrg@irtf.org>; Sun, 17 Jan 2021 21:52:28 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id D1EB2137E9; Mon, 18 Jan 2021 07:52:26 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id 4fuSr7-uQmYQ; Mon, 18 Jan 2021 07:52:26 +0200 (EET)
Received: from LK-Perkele-VII (78-27-99-170.bb.dnainternet.fi [78.27.99.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 6873F2315; Mon, 18 Jan 2021 07:52:24 +0200 (EET)
Date: Mon, 18 Jan 2021 07:52:23 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Message-ID: <YAUiF8vQ214FrPus@LK-Perkele-VII>
References: <42fdca41-bfdd-9d75-b144-0e2f3b5fa1d9@isode.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <42fdca41-bfdd-9d75-b144-0e2f3b5fa1d9@isode.com>
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/I54DRet3hjv82DYI-R49EOXPZfc>
Subject: Re: [CFRG] Proposed resolution for erratum 5930 on RFC 8032
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jan 2021 05:52:31 -0000

On Fri, Jan 15, 2021 at 05:39:22PM +0000, Alexey Melnikov wrote:
> Dear CFRG (and editors),
> 
> Daniel Bleichenbacher submitted the following editorial erratum on RFC 8032
> ("Edwards-Curve Digital Signature Algorithm (EdDSA)")
> 
> Section 6 says:
> 
> OLD:
> 
> def verify(public, msg, signature):
>     if len(public) != 32:
>         raise Exception("Bad public key length")
>     if len(signature) != 64:
>         Exception("Bad signature length")
> 
> It should say:
> 
> def verify(public, msg, signature):
>     if len(public) != 32:
>         raise Exception("Bad public key length")
>     if len(signature) != 64:
>         raise Exception("Bad signature length")
> 
> 
> Note: Missing raise before Exception
> 
> -------------------
> 
> This is indeed looks like a Python syntax error. So I propose to resolve
> this erratum as suggested by Daniel.
> 

While I think the proposed text above is correct, I am not so sure about
the errata being marked editorial (I very well might be incorrect here).
The error makes code work incorrectly (on one case with invalid input),
it is not an error in code that does not affect function (e.g., typo in
comment or consistent typo in variable name).



-Ilari