Closed flokli closed 10 months ago
Looks like this was fixed by
Be careful. Performance is not the reason why signing and decryption primitives are written in assembler. Constant-time execution is the reason.
@amjoseph-nixpkgs true.
I knew that supporting all target expressions will be tricky, so I thought the approach to avoid errors and be fine if it compiles is a good one. But I was not thinking about security implications...
Probably, this should be opt-in but then again it will break already "working" crates again...
But I was not thinking about security implications...
Oh, my comment about constant time refers to @flokli's reproducer crate, dalek-cryptography
.
I was not criticizing crate2nix
!
In any event I think this issue can be closed as resolved by #307. I'm able to crate2nix generate && nom build -f Cargo.nix
the reproducer crate.
This indeed does work now, thanks.
Any chance for a new release to be tagged? There's quite a bunch of things I cherry-pick since the last release…
https://github.com/dalek-cryptography/curve25519-dalek/blob/72761ca6b4772af985f969db53faf7accbad9b36/curve25519-dalek/Cargo.toml#L73 seems to use
and
in various places in the code.
It looks like
crate2nix
has some logic to turn these expressions from Cargo.toml into nix expressions, but it seems to look for these keys in atarget
function argument, and that specific key seems to not exits, causing evaluation of such a Crate.nix to fail: