go-rosenpass
go-rosenpass copied to clipboard
cunicu
A port of Rosenpass post-quantum key-exchange protocol to Go.
Thank you for writing this module. I think you did an incredible job with this! Cryptography implementation is hard; I will document any observations about crypto I make I will...
By @koraa in https://github.com/stv0g/go-rosenpass/issues/27#issuecomment-1604395815 https://github.com/stv0g/go-rosenpass/blob/d7e38ecaf9e7803f2824a03ac24ac34944a53af6/server.go#L251 **Severity: N/A** – How do you make sure all these locks never cause a dead-lock situation?
By @koraa in https://github.com/stv0g/go-rosenpass/issues/27#issuecomment-1604364074 **Severerity: N/A** – Have you made sure to exclude the possibility of errors inside processing triggered by network messages that could crash the application?
https://app.codecov.io/gh/stv0g/go-rosenpass/tree/master/config
By @koraa in https://github.com/stv0g/go-rosenpass/issues/27#issuecomment-1604344997 **Severity: 3 (Dangerous):** No zeroization is attempted. https://github.com/golang/go/issues/21865
By @koraa in https://github.com/stv0g/go-rosenpass/issues/27#issuecomment-1604368943 **Severerity: N/A** – What is the situation with regards to switch-case-fallthrough and none of the branches of a switch statement being covered in go?
By @koraa in https://github.com/stv0g/go-rosenpass/issues/27#issuecomment-1604380483 https://github.com/stv0g/go-rosenpass/blob/d7e38ecaf9e7803f2824a03ac24ac34944a53af6/messages.go#L184-201 **Severity: B** – Manual offset arithmetic like that is treacherous. There is a danger of subtle errors. In the Rust implementation we put a lot...
By @koraa in https://github.com/stv0g/go-rosenpass/issues/27#issuecomment-1604367970 **Severerity: N/A** – Is it possible to write allocation-free code in go? The implementation must not have network-dependent memory usage and it should not allocate in...