Commit Graph

123 Commits

Author SHA1 Message Date
Steven Allen
947196bbb7 crypto: use constant time compare when decoding private keys
In practice, this is impossible to exploit without being able to corrupt the
private key which would allow a much simpler guess-and-check attack. However,
it's still a bad practice to compare private key material like this.
2019-09-24 10:40:54 -07:00
Steven Allen
3b4a4b474f mod: require go 1.12 2019-09-24 10:31:44 -07:00
adam
2b32a36d90
incorporates code review comments from @raulk; changes KeyPairFromKey to KeyPairFromStdKey and improves godoc. 2019-09-20 23:37:38 -07:00
adam
23811ec09b
fixes typo 2019-09-19 16:24:24 -07:00
adam
316b0af70d
incorporates code review from @Stebalien 2019-09-19 16:21:08 -07:00
adam
0468ff83df
adds ability to create keys from crypto.PrivateKey types 2019-09-19 15:16:52 -07:00
Jorik Schellekens
dd55087854
The docs seem to lie
The docs seem to lie about what these methods do.
This is the naive solution since it's my first day looking
at go but would it be possible to get these methods
to marshal to public or private key correctly by passing
a type to them?
2019-09-04 13:53:57 +01:00
Steven Allen
b74f60b9cc
Merge pull request #55 from libp2p/bug/rsa-key-test-failure
Ensure all tests pass without weak RSA key flag
2019-08-28 09:05:45 -07:00
Cole Brown
961a767ba5 Remove weak RSA flag from CI 2019-08-28 11:35:23 -04:00
Cole Brown
d50ea9bc1f Ensure all tests pass without weak RSA key flag 2019-08-28 11:34:22 -04:00
Steven Allen
f61804b905
Merge pull request #50 from ralexstokes/use-clearer-multihash-code
Compare multihash `Code` to `IDENTITY` when extracting public key
2019-08-14 14:58:53 -07:00
Alex Stokes
e6f5a2cbcc
Uses v0.0.7 of go-multihash that includes the correct symbol 2019-08-14 14:51:45 -07:00
Alex Stokes
686c1736fd
Compare multihash Code to IDENTITY when extracting public key
This PR is a non-substantive change with the goal of making this method
`ExtractPublicKey` from a `peer.ID` clearer to the reader. This goal is
accomplished by using the full name of the identity hash code `IDENTITY` instead
of the deprecated `ID` code. This change makes its clearer to the reader that
there is a trivial way to compute the public key given the digest. Without this
change it is easy to confuse `ID` with a concept relating to peer IDs (and thus
implying this function somehow computes a hash pre-image to get the
corrresponding public key.
2019-08-14 14:27:04 -07:00
bigs
d204016fc6
Merge pull request #45 from libp2p/feat/event-bus-signature
Return error in Emit
2019-08-06 16:32:28 -04:00
Cole Brown
baf7d1a4e3 Return error in Emit 2019-08-06 12:55:08 -04:00
bigs
9698a72f45
Merge pull request #31 from libp2p/bug/remove-blowfish-support
Remove support for blowfish
2019-08-06 12:29:59 -04:00
Cole Brown
47983a3ab5 Add test for panic on unknown cipher type 2019-08-06 12:15:40 -04:00
Cole Brown
58281f5c6d Add note about panic to KeyStretcher comments 2019-08-06 11:18:41 -04:00
Steven Allen
1461eb16af fix: use fallback comparison for ed25519 keys 2019-08-01 17:45:55 -07:00
Steven Allen
33faefebfc
Merge pull request #46 from libp2p/feat/cherry-pick-stabalize
cherry-pick key optimizations from stabilize
2019-08-01 17:30:46 -07:00
Steven Allen
b47dbc0e29 dep: update go-openssl
Add freebsd/openbsd openssl support.
2019-08-01 16:42:13 -07:00
Steven Allen
1e3fcd96e1 dep: add back missing go.sum lines 2019-08-01 16:37:58 -07:00
Steven Allen
543dbe6c29 nit: simplify equality check 2019-08-01 16:37:58 -07:00
Steven Allen
963cc997b2 remove non-constant-time private key comparison 2019-08-01 16:37:58 -07:00
Steven Allen
9a4415d1a6 use a fallback basicEquals function everywhere
This also ensures we check that the types are equal, even if we're comparing
directly with `k1.Equals(k2)` instead of `KeyEquals(k1, k2)`.
2019-08-01 16:37:58 -07:00
dignifiedquire
2df9672ee4 use equal method from openssl
uses https://github.com/spacemonkeygo/openssl/pull/126
2019-08-01 16:37:58 -07:00
dignifiedquire
bab5f6dd95 fixup: openssl 2019-08-01 16:37:30 -07:00
dignifiedquire
da42c385fc fix: do not allocate when comparing keys 2019-08-01 16:37:30 -07:00
Steven Allen
3390f7d16d
Merge pull request #47 from libp2p/fix/go-mod-tidy
chore: tidy
2019-08-01 16:37:17 -07:00
Steven Allen
35e24d3b6b chore: tidy 2019-08-01 16:36:54 -07:00
bigs
a7cc4bffb1
Merge pull request #34 from libp2p/bug/weak-rsa-keys
Raise minimum bits required for RSA key to 2048
2019-08-01 15:28:04 -08:00
Cole Brown
f1175dbc91 Rename constant for weak RSA key environment variable 2019-08-01 19:05:47 -04:00
Cole Brown
d95ff26e5e UNSAFE -> WEAK in RSA key environment variable 2019-08-01 13:57:48 -04:00
Yusef Napora
62b2c6c482
bring back plaintext 2.0.0 with new constructor (#42)
* bring back plaintext 2.0.0 with new constructor

* fix deprecation comment

* rm unused context argument

* only check remote id validity if we actually have keys

* bring back msgio & simultaneous read/write
2019-07-30 16:46:24 -04:00
Steven Allen
be90519893
Merge pull request #44 from libp2p/fix/43
avoid duplicate randomly generated keys/peer-ids
2019-07-25 10:10:45 -07:00
Jakub Sztandera
f9ca60b486 Add compat check (#40)
License: MIT
Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>
2019-07-25 15:51:06 +01:00
Steven Allen
a182f52659 avoid duplicate randomly generated keys/peer-ids
This implements #4 from #43.

fixes #43
2019-07-22 15:12:08 -07:00
Cole Brown
0ae8685baf Add defualt case with meaningful panic 2019-07-17 17:34:22 -04:00
Raúl Kripalani
8890e1b22b
Revert "update insecure transport to plaintext/2.0.0 (#37)" (#38)
This reverts commit b5729d89f3.
2019-07-15 00:10:22 +01:00
bigs
1d45af25d9
Merge pull request #33 from libp2p/bug/curve-name
Return error rather than panic in GenerateEKeyPair
2019-07-12 17:32:13 -04:00
Cole Brown
c7c0a1cdf0 Add test for unknown elliptic curves 2019-07-12 17:09:27 -04:00
bigs
c3f7bb216e
Merge pull request #32 from libp2p/bug/key-equality
Replace bytes.Equal -> subtle.ConstantTimeCompare
2019-07-12 16:45:22 -04:00
Cole Brown
652a852edd Use short-circuiting comparisons for public keys 2019-07-12 16:34:29 -04:00
Cole Brown
c817d49d02 Add env flag for allowing unsafe rsa keys in tests 2019-07-12 16:04:56 -04:00
Yusef Napora
b5729d89f3
update insecure transport to plaintext/2.0.0 (#37)
* add plaintext/2.0.0 (with ugly protoc hack)

* gofmt

* gofmt (for real this time)

* add `go_package` option to proto files

* Revert "add `go_package` option to proto files"

5a543a79bd

* less hacky protobuf imports

* add doc comment for PublicKeyFromProto

* clean up handshake

* go fmt, lol

* use network.MessageSizeMax for ggio reader
2019-07-12 13:24:30 -04:00
Cole Brown
f10115e58f Raise minimum bits required for RSA key to 2048 2019-07-10 17:54:14 -04:00
Cole Brown
bc01c84a59 Remove support for blowfish 2019-07-10 17:30:45 -04:00
Cole Brown
23da4bd6da Return error rather than panic in GenerateEKeyPair 2019-07-10 15:42:51 -04:00
Cole Brown
2726b6493c Replace bytes.Equal -> subtle.ConstantTimeCompare 2019-07-10 15:30:22 -04:00
Jakub Sztandera
2835a4015f Add license files (#24)
License: MIT
Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>
2019-06-24 18:25:52 +01:00