Dmitry Yu Okunev
205fb711b9
Use standard library "crypto/ed25519"
2019-12-06 21:58:31 -05:00
Steven Allen
54a9d30499
Merge pull request #56 from JorikSchellekens/patch-1
...
Fix documentation missmatch for crypto methods.
2019-12-06 21:50:47 -05:00
Steven Allen
11af061e49
chore(dep): update protobuf
2019-10-28 13:07:54 -07:00
Steven Allen
bf79471ef0
fix(key size): forbid small openssl RSA keys
...
Also, add a test.
2019-10-21 15:52:27 -07:00
Mike Goelzer
e331ba838c
Comment that KeyStretcher is pre-deprecation
2019-09-30 09:58:09 -07:00
Steven Allen
0c42806002
Merge pull request #59 from adam-hanna/master
...
adds ability to create keys from crypto.PrivateKey types
2019-09-30 09:23:17 -07:00
Steven Allen
469ed581a0
Merge pull request #48 from libp2p/fix/fallback-cmp
...
fix: use fallback comparison for ed25519 keys
2019-09-27 15:33:55 -07:00
Steven Allen
c3facda1a2
crypto: use basicEquals for ECDSA
...
The check was incomplete as it didn't test the curve. This switches us to use
basicEquals (which is also constant-time).
Note: This key type isn't used by anyone in-practice (to the best of my
knowledge).
2019-09-24 10:41:53 -07:00
Steven Allen
d68e65376d
crypto: make the ECDSA receiver consistent
2019-09-24 10:41:53 -07:00
Steven Allen
947196bbb7
crypto: use constant time compare when decoding private keys
...
In practice, this is impossible to exploit without being able to corrupt the
private key which would allow a much simpler guess-and-check attack. However,
it's still a bad practice to compare private key material like this.
2019-09-24 10:40:54 -07:00
adam
2b32a36d90
incorporates code review comments from @raulk; changes KeyPairFromKey to KeyPairFromStdKey and improves godoc.
2019-09-20 23:37:38 -07:00
adam
23811ec09b
fixes typo
2019-09-19 16:24:24 -07:00
adam
316b0af70d
incorporates code review from @Stebalien
2019-09-19 16:21:08 -07:00
adam
0468ff83df
adds ability to create keys from crypto.PrivateKey types
2019-09-19 15:16:52 -07:00
Jorik Schellekens
dd55087854
The docs seem to lie
...
The docs seem to lie about what these methods do.
This is the naive solution since it's my first day looking
at go but would it be possible to get these methods
to marshal to public or private key correctly by passing
a type to them?
2019-09-04 13:53:57 +01:00
Cole Brown
d50ea9bc1f
Ensure all tests pass without weak RSA key flag
2019-08-28 11:34:22 -04:00
bigs
9698a72f45
Merge pull request #31 from libp2p/bug/remove-blowfish-support
...
Remove support for blowfish
2019-08-06 12:29:59 -04:00
Cole Brown
47983a3ab5
Add test for panic on unknown cipher type
2019-08-06 12:15:40 -04:00
Cole Brown
58281f5c6d
Add note about panic to KeyStretcher comments
2019-08-06 11:18:41 -04:00
Steven Allen
1461eb16af
fix: use fallback comparison for ed25519 keys
2019-08-01 17:45:55 -07:00
Steven Allen
543dbe6c29
nit: simplify equality check
2019-08-01 16:37:58 -07:00
Steven Allen
963cc997b2
remove non-constant-time private key comparison
2019-08-01 16:37:58 -07:00
Steven Allen
9a4415d1a6
use a fallback basicEquals function everywhere
...
This also ensures we check that the types are equal, even if we're comparing
directly with `k1.Equals(k2)` instead of `KeyEquals(k1, k2)`.
2019-08-01 16:37:58 -07:00
dignifiedquire
2df9672ee4
use equal method from openssl
...
uses https://github.com/spacemonkeygo/openssl/pull/126
2019-08-01 16:37:58 -07:00
dignifiedquire
bab5f6dd95
fixup: openssl
2019-08-01 16:37:30 -07:00
dignifiedquire
da42c385fc
fix: do not allocate when comparing keys
2019-08-01 16:37:30 -07:00
bigs
a7cc4bffb1
Merge pull request #34 from libp2p/bug/weak-rsa-keys
...
Raise minimum bits required for RSA key to 2048
2019-08-01 15:28:04 -08:00
Cole Brown
f1175dbc91
Rename constant for weak RSA key environment variable
2019-08-01 19:05:47 -04:00
Cole Brown
d95ff26e5e
UNSAFE -> WEAK in RSA key environment variable
2019-08-01 13:57:48 -04:00
Yusef Napora
62b2c6c482
bring back plaintext 2.0.0 with new constructor ( #42 )
...
* bring back plaintext 2.0.0 with new constructor
* fix deprecation comment
* rm unused context argument
* only check remote id validity if we actually have keys
* bring back msgio & simultaneous read/write
2019-07-30 16:46:24 -04:00
Cole Brown
0ae8685baf
Add defualt case with meaningful panic
2019-07-17 17:34:22 -04:00
Raúl Kripalani
8890e1b22b
Revert "update insecure transport to plaintext/2.0.0 ( #37 )" ( #38 )
...
This reverts commit b5729d89f3
2019-07-15 00:10:22 +01:00
bigs
1d45af25d9
Merge pull request #33 from libp2p/bug/curve-name
...
Return error rather than panic in GenerateEKeyPair
2019-07-12 17:32:13 -04:00
Cole Brown
c7c0a1cdf0
Add test for unknown elliptic curves
2019-07-12 17:09:27 -04:00
bigs
c3f7bb216e
Merge pull request #32 from libp2p/bug/key-equality
...
Replace bytes.Equal -> subtle.ConstantTimeCompare
2019-07-12 16:45:22 -04:00
Cole Brown
652a852edd
Use short-circuiting comparisons for public keys
2019-07-12 16:34:29 -04:00
Cole Brown
c817d49d02
Add env flag for allowing unsafe rsa keys in tests
2019-07-12 16:04:56 -04:00
Yusef Napora
b5729d89f3
update insecure transport to plaintext/2.0.0 ( #37 )
...
* add plaintext/2.0.0 (with ugly protoc hack)
* gofmt
* gofmt (for real this time)
* add `go_package` option to proto files
* Revert "add `go_package` option to proto files"
5a543a79bd
2019-07-12 13:24:30 -04:00
Cole Brown
f10115e58f
Raise minimum bits required for RSA key to 2048
2019-07-10 17:54:14 -04:00
Cole Brown
bc01c84a59
Remove support for blowfish
2019-07-10 17:30:45 -04:00
Cole Brown
23da4bd6da
Return error rather than panic in GenerateEKeyPair
2019-07-10 15:42:51 -04:00
Cole Brown
2726b6493c
Replace bytes.Equal -> subtle.ConstantTimeCompare
2019-07-10 15:30:22 -04:00
Raúl Kripalani
07fbce0b46
absorb {crypto,peer} test utils. ( #8 )
...
Avoids circular module dependency.
2019-05-23 16:07:58 +01:00
Raúl Kripalani
6e566d10f4
Absorb go-libp2p abstractions and core types into this module ( #1 )
2019-05-22 18:31:11 +01:00
