libp2p/go-libp2p-core
1
0
Fork 0
mirror of https://github.com/libp2p/go-libp2p-core.git synced 2024-12-27 23:40:11 +08:00
Code Issues Projects Releases Wiki Activity
94 Commits 76 Branches 54 Tags 1.3 MiB
fix/plaintext-varint
Commit Graph

41 Commits

Author SHA1 Message Date
Steven Allen
11af061e49 chore(dep): update protobuf 2019-10-28 13:07:54 -07:00
Steven Allen
bf79471ef0 fix(key size): forbid small openssl RSA keys 
Also, add a test.
 2019-10-21 15:52:27 -07:00
Mike Goelzer
e331ba838c
Comment that KeyStretcher is pre-deprecation 2019-09-30 09:58:09 -07:00
Steven Allen
0c42806002
Merge pull request #59 from adam-hanna/master 
adds ability to create keys from crypto.PrivateKey types
 2019-09-30 09:23:17 -07:00
Steven Allen
469ed581a0
Merge pull request #48 from libp2p/fix/fallback-cmp 
fix: use fallback comparison for ed25519 keys
 2019-09-27 15:33:55 -07:00
Steven Allen
c3facda1a2 crypto: use basicEquals for ECDSA 
The check was incomplete as it didn't test the curve. This switches us to use
basicEquals (which is also constant-time).

Note: This key type isn't used by anyone in-practice (to the best of my
knowledge).
 2019-09-24 10:41:53 -07:00
Steven Allen
d68e65376d crypto: make the ECDSA receiver consistent 2019-09-24 10:41:53 -07:00
Steven Allen
947196bbb7 crypto: use constant time compare when decoding private keys 
In practice, this is impossible to exploit without being able to corrupt the
private key which would allow a much simpler guess-and-check attack. However,
it's still a bad practice to compare private key material like this.
 2019-09-24 10:40:54 -07:00
adam
2b32a36d90
incorporates code review comments from @raulk; changes KeyPairFromKey to KeyPairFromStdKey and improves godoc. 2019-09-20 23:37:38 -07:00
adam
23811ec09b
fixes typo 2019-09-19 16:24:24 -07:00
adam
316b0af70d
incorporates code review from @Stebalien 2019-09-19 16:21:08 -07:00
adam
0468ff83df
adds ability to create keys from crypto.PrivateKey types 2019-09-19 15:16:52 -07:00
Cole Brown
d50ea9bc1f Ensure all tests pass without weak RSA key flag 2019-08-28 11:34:22 -04:00
bigs
9698a72f45
Merge pull request #31 from libp2p/bug/remove-blowfish-support 
Remove support for blowfish
 2019-08-06 12:29:59 -04:00
Cole Brown
47983a3ab5 Add test for panic on unknown cipher type 2019-08-06 12:15:40 -04:00
Cole Brown
58281f5c6d Add note about panic to KeyStretcher comments 2019-08-06 11:18:41 -04:00
Steven Allen
1461eb16af fix: use fallback comparison for ed25519 keys 2019-08-01 17:45:55 -07:00
Steven Allen
543dbe6c29 nit: simplify equality check 2019-08-01 16:37:58 -07:00
Steven Allen
963cc997b2 remove non-constant-time private key comparison 2019-08-01 16:37:58 -07:00
Steven Allen
9a4415d1a6 use a fallback basicEquals function everywhere 
This also ensures we check that the types are equal, even if we're comparing
directly with `k1.Equals(k2)` instead of `KeyEquals(k1, k2)`.
 2019-08-01 16:37:58 -07:00
dignifiedquire
2df9672ee4 use equal method from openssl 
uses https://github.com/spacemonkeygo/openssl/pull/126
 2019-08-01 16:37:58 -07:00
dignifiedquire
bab5f6dd95 fixup: openssl 2019-08-01 16:37:30 -07:00
dignifiedquire
da42c385fc fix: do not allocate when comparing keys 2019-08-01 16:37:30 -07:00
bigs
a7cc4bffb1
Merge pull request #34 from libp2p/bug/weak-rsa-keys 
Raise minimum bits required for RSA key to 2048
 2019-08-01 15:28:04 -08:00
Cole Brown
f1175dbc91 Rename constant for weak RSA key environment variable 2019-08-01 19:05:47 -04:00
Cole Brown
d95ff26e5e UNSAFE -> WEAK in RSA key environment variable 2019-08-01 13:57:48 -04:00
Yusef Napora
62b2c6c482
bring back plaintext 2.0.0 with new constructor (#42) 
* bring back plaintext 2.0.0 with new constructor

* fix deprecation comment

* rm unused context argument

* only check remote id validity if we actually have keys

* bring back msgio & simultaneous read/write
 2019-07-30 16:46:24 -04:00
Cole Brown
0ae8685baf Add defualt case with meaningful panic 2019-07-17 17:34:22 -04:00
Raúl Kripalani
8890e1b22b
Revert "update insecure transport to plaintext/2.0.0 (#37)" (#38) 
This reverts commit b5729d89f3.
 2019-07-15 00:10:22 +01:00
bigs
1d45af25d9
Merge pull request #33 from libp2p/bug/curve-name 
Return error rather than panic in GenerateEKeyPair
 2019-07-12 17:32:13 -04:00
Cole Brown
c7c0a1cdf0 Add test for unknown elliptic curves 2019-07-12 17:09:27 -04:00
bigs
c3f7bb216e
Merge pull request #32 from libp2p/bug/key-equality 
Replace bytes.Equal -> subtle.ConstantTimeCompare
 2019-07-12 16:45:22 -04:00
Cole Brown
652a852edd Use short-circuiting comparisons for public keys 2019-07-12 16:34:29 -04:00
Cole Brown
c817d49d02 Add env flag for allowing unsafe rsa keys in tests 2019-07-12 16:04:56 -04:00
Yusef Napora
b5729d89f3
update insecure transport to plaintext/2.0.0 (#37) 
* add plaintext/2.0.0 (with ugly protoc hack)

* gofmt

* gofmt (for real this time)

* add `go_package` option to proto files

* Revert "add `go_package` option to proto files"

5a543a79bd

* less hacky protobuf imports

* add doc comment for PublicKeyFromProto

* clean up handshake

* go fmt, lol

* use network.MessageSizeMax for ggio reader
 2019-07-12 13:24:30 -04:00
Cole Brown
f10115e58f Raise minimum bits required for RSA key to 2048 2019-07-10 17:54:14 -04:00
Cole Brown
bc01c84a59 Remove support for blowfish 2019-07-10 17:30:45 -04:00
Cole Brown
23da4bd6da Return error rather than panic in GenerateEKeyPair 2019-07-10 15:42:51 -04:00
Cole Brown
2726b6493c Replace bytes.Equal -> subtle.ConstantTimeCompare 2019-07-10 15:30:22 -04:00
Raúl Kripalani
07fbce0b46
absorb {crypto,peer} test utils. (#8) 
Avoids circular module dependency.
 2019-05-23 16:07:58 +01:00
Raúl Kripalani
6e566d10f4
Absorb go-libp2p abstractions and core types into this module (#1) 2019-05-22 18:31:11 +01:00