libp2p/go-libp2p-core
1
0
Fork 0
mirror of https://github.com/libp2p/go-libp2p-core.git synced 2025-03-14 11:10:05 +08:00
Code Issues Projects Releases Wiki Activity
74 Commits 76 Branches 54 Tags 1.3 MiB
469ed581a0
Commit Graph

74 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Steven Allen
469ed581a0
Merge pull request #48 from libp2p/fix/fallback-cmp 
fix: use fallback comparison for ed25519 keys
 2019-09-27 15:33:55 -07:00
Steven Allen
26b960839d
Merge pull request #61 from libp2p/dep/update 
chore(dep): update deps
 2019-09-25 11:24:15 -07:00
Steven Allen
ac53ea6aa0 chore(dep): update deps 
* Update gogo protobuf to 1.3.0
* Update go-multiaddr to move protocol definitions _into_ go-multiaddr itself.
* update opencensus to 0.22.1
* update golang.org/x/crypto
* update sha256-simd to fix webasm build.
* update btcd (used by sekp keys)
 2019-09-25 11:12:15 -07:00
Steven Allen
e0ae17a661
Merge pull request #60 from libp2p/fix/constant-time-compare 
crypto: improve key comparison logic
 2019-09-25 10:41:26 -07:00
Steven Allen
c3facda1a2 crypto: use basicEquals for ECDSA 
The check was incomplete as it didn't test the curve. This switches us to use
basicEquals (which is also constant-time).

Note: This key type isn't used by anyone in-practice (to the best of my
knowledge).
 2019-09-24 10:41:53 -07:00
Steven Allen
d68e65376d crypto: make the ECDSA receiver consistent 2019-09-24 10:41:53 -07:00
Steven Allen
947196bbb7 crypto: use constant time compare when decoding private keys 
In practice, this is impossible to exploit without being able to corrupt the
private key which would allow a much simpler guess-and-check attack. However,
it's still a bad practice to compare private key material like this.
 2019-09-24 10:40:54 -07:00
Steven Allen
3b4a4b474f mod: require go 1.12 2019-09-24 10:31:44 -07:00
Steven Allen
b74f60b9cc
Merge pull request #55 from libp2p/bug/rsa-key-test-failure 
Ensure all tests pass without weak RSA key flag
 2019-08-28 09:05:45 -07:00
Cole Brown
961a767ba5 Remove weak RSA flag from CI 2019-08-28 11:35:23 -04:00
Cole Brown
d50ea9bc1f Ensure all tests pass without weak RSA key flag 2019-08-28 11:34:22 -04:00
Steven Allen
f61804b905
Merge pull request #50 from ralexstokes/use-clearer-multihash-code 
Compare multihash `Code` to `IDENTITY` when extracting public key
 2019-08-14 14:58:53 -07:00
Alex Stokes
e6f5a2cbcc
Uses v0.0.7 of go-multihash that includes the correct symbol 2019-08-14 14:51:45 -07:00
Alex Stokes
686c1736fd
Compare multihash Code to IDENTITY when extracting public key 
This PR is a non-substantive change with the goal of making this method
`ExtractPublicKey` from a `peer.ID` clearer to the reader. This goal is
accomplished by using the full name of the identity hash code `IDENTITY` instead
of the deprecated `ID` code. This change makes its clearer to the reader that
there is a trivial way to compute the public key given the digest. Without this
change it is easy to confuse `ID` with a concept relating to peer IDs (and thus
implying this function somehow computes a hash pre-image to get the
corrresponding public key.
 2019-08-14 14:27:04 -07:00
bigs
d204016fc6
Merge pull request #45 from libp2p/feat/event-bus-signature 
Return error in Emit
 2019-08-06 16:32:28 -04:00
Cole Brown
baf7d1a4e3 Return error in Emit 2019-08-06 12:55:08 -04:00
bigs
9698a72f45
Merge pull request #31 from libp2p/bug/remove-blowfish-support 
Remove support for blowfish
 2019-08-06 12:29:59 -04:00
Cole Brown
47983a3ab5 Add test for panic on unknown cipher type 2019-08-06 12:15:40 -04:00
Cole Brown
58281f5c6d Add note about panic to KeyStretcher comments 2019-08-06 11:18:41 -04:00
Steven Allen
1461eb16af fix: use fallback comparison for ed25519 keys 2019-08-01 17:45:55 -07:00
Steven Allen
33faefebfc
Merge pull request #46 from libp2p/feat/cherry-pick-stabalize 
cherry-pick key optimizations from stabilize
 2019-08-01 17:30:46 -07:00
Steven Allen
b47dbc0e29 dep: update go-openssl 
Add freebsd/openbsd openssl support.
 2019-08-01 16:42:13 -07:00
Steven Allen
1e3fcd96e1 dep: add back missing go.sum lines 2019-08-01 16:37:58 -07:00
Steven Allen
543dbe6c29 nit: simplify equality check 2019-08-01 16:37:58 -07:00
Steven Allen
963cc997b2 remove non-constant-time private key comparison 2019-08-01 16:37:58 -07:00
Steven Allen
9a4415d1a6 use a fallback basicEquals function everywhere 
This also ensures we check that the types are equal, even if we're comparing
directly with `k1.Equals(k2)` instead of `KeyEquals(k1, k2)`.
 2019-08-01 16:37:58 -07:00
dignifiedquire
2df9672ee4 use equal method from openssl 
uses https://github.com/spacemonkeygo/openssl/pull/126
 2019-08-01 16:37:58 -07:00
dignifiedquire
bab5f6dd95 fixup: openssl 2019-08-01 16:37:30 -07:00
dignifiedquire
da42c385fc fix: do not allocate when comparing keys 2019-08-01 16:37:30 -07:00
Steven Allen
3390f7d16d
Merge pull request #47 from libp2p/fix/go-mod-tidy 
chore: tidy
 2019-08-01 16:37:17 -07:00
Steven Allen
35e24d3b6b chore: tidy 2019-08-01 16:36:54 -07:00
bigs
a7cc4bffb1
Merge pull request #34 from libp2p/bug/weak-rsa-keys 
Raise minimum bits required for RSA key to 2048
 2019-08-01 15:28:04 -08:00
Cole Brown
f1175dbc91 Rename constant for weak RSA key environment variable 2019-08-01 19:05:47 -04:00
Cole Brown
d95ff26e5e UNSAFE -> WEAK in RSA key environment variable 2019-08-01 13:57:48 -04:00
Yusef Napora
62b2c6c482
bring back plaintext 2.0.0 with new constructor (#42) 
* bring back plaintext 2.0.0 with new constructor

* fix deprecation comment

* rm unused context argument

* only check remote id validity if we actually have keys

* bring back msgio & simultaneous read/write
 2019-07-30 16:46:24 -04:00
Steven Allen
be90519893
Merge pull request #44 from libp2p/fix/43 
avoid duplicate randomly generated keys/peer-ids
 2019-07-25 10:10:45 -07:00
Jakub Sztandera
f9ca60b486 Add compat check (#40) 
License: MIT
Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>
 2019-07-25 15:51:06 +01:00
Steven Allen
a182f52659 avoid duplicate randomly generated keys/peer-ids 
This implements #4 from #43.

fixes #43
 2019-07-22 15:12:08 -07:00
Cole Brown
0ae8685baf Add defualt case with meaningful panic 2019-07-17 17:34:22 -04:00
Raúl Kripalani
8890e1b22b
Revert "update insecure transport to plaintext/2.0.0 (#37)" (#38) 
This reverts commit b5729d89f3.
 2019-07-15 00:10:22 +01:00
bigs
1d45af25d9
Merge pull request #33 from libp2p/bug/curve-name 
Return error rather than panic in GenerateEKeyPair
 2019-07-12 17:32:13 -04:00
Cole Brown
c7c0a1cdf0 Add test for unknown elliptic curves 2019-07-12 17:09:27 -04:00
bigs
c3f7bb216e
Merge pull request #32 from libp2p/bug/key-equality 
Replace bytes.Equal -> subtle.ConstantTimeCompare
 2019-07-12 16:45:22 -04:00
Cole Brown
652a852edd Use short-circuiting comparisons for public keys 2019-07-12 16:34:29 -04:00
Cole Brown
c817d49d02 Add env flag for allowing unsafe rsa keys in tests 2019-07-12 16:04:56 -04:00
Yusef Napora
b5729d89f3
update insecure transport to plaintext/2.0.0 (#37) 
* add plaintext/2.0.0 (with ugly protoc hack)

* gofmt

* gofmt (for real this time)

* add `go_package` option to proto files

* Revert "add `go_package` option to proto files"

5a543a79bd

* less hacky protobuf imports

* add doc comment for PublicKeyFromProto

* clean up handshake

* go fmt, lol

* use network.MessageSizeMax for ggio reader
 2019-07-12 13:24:30 -04:00
Cole Brown
f10115e58f Raise minimum bits required for RSA key to 2048 2019-07-10 17:54:14 -04:00
Cole Brown
bc01c84a59 Remove support for blowfish 2019-07-10 17:30:45 -04:00
Cole Brown
23da4bd6da Return error rather than panic in GenerateEKeyPair 2019-07-10 15:42:51 -04:00
Cole Brown
2726b6493c Replace bytes.Equal -> subtle.ConstantTimeCompare 2019-07-10 15:30:22 -04:00