Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
p2p
go-p2p-tls
Commits
22625285
Unverified
Commit
22625285
authored
Jan 12, 2019
by
Marten Seemann
Committed by
GitHub
Jan 12, 2019
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #9 from libp2p/ecdsa
add support for ECDSA keys
parents
a1e7e95d
31fbe71d
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
65 additions
and
13 deletions
+65
-13
.travis.yml
.travis.yml
+4
-1
crypto.go
crypto.go
+17
-2
libp2p_tls_suite_test.go
libp2p_tls_suite_test.go
+5
-0
transport_test.go
transport_test.go
+39
-10
No files found.
.travis.yml
View file @
22625285
...
...
@@ -19,7 +19,10 @@ before_install:
-
go env
# for debugging
script
:
-
ginkgo -r -v --cover --randomizeAllSpecs --randomizeSuites --trace --progress
# some tests are randomized. Run them a few times.
-
for i in `seq 1 3`; do
ginkgo -r -v --cover --randomizeAllSpecs --randomizeSuites --trace --progress;
done
after_success
:
-
cat go-libp2p-tls.coverprofile > coverage.txt
...
...
crypto.go
View file @
22625285
...
...
@@ -5,6 +5,7 @@ import (
"crypto/tls"
"crypto/x509"
"errors"
"fmt"
"math/big"
"time"
...
...
@@ -93,7 +94,14 @@ func getRemotePubKey(chain []*x509.Certificate) (ic.PubKey, error) {
if
err
!=
nil
{
return
nil
,
err
}
return
ic
.
UnmarshalRsaPublicKey
(
remotePubKey
)
switch
chain
[
0
]
.
PublicKeyAlgorithm
{
case
x509
.
RSA
:
return
ic
.
UnmarshalRsaPublicKey
(
remotePubKey
)
case
x509
.
ECDSA
:
return
ic
.
UnmarshalECDSAPublicKey
(
remotePubKey
)
default
:
return
nil
,
fmt
.
Errorf
(
"unexpected public key algorithm: %d"
,
chain
[
0
]
.
PublicKeyAlgorithm
)
}
}
func
keyToCertificate
(
sk
ic
.
PrivKey
)
(
interface
{},
*
x509
.
Certificate
,
error
)
{
...
...
@@ -124,7 +132,14 @@ func keyToCertificate(sk ic.PrivKey) (interface{}, *x509.Certificate, error) {
}
publicKey
=
&
k
.
PublicKey
privateKey
=
k
// TODO: add support for ECDSA
case
pb
.
KeyType_ECDSA
:
k
,
err
:=
x509
.
ParseECPrivateKey
(
pbmes
.
GetData
())
if
err
!=
nil
{
return
nil
,
nil
,
err
}
publicKey
=
&
k
.
PublicKey
privateKey
=
k
// TODO: add support for Ed25519
default
:
return
nil
,
nil
,
errors
.
New
(
"unsupported key type for TLS"
)
}
...
...
libp2p_tls_suite_test.go
View file @
22625285
package
libp2ptls
import
(
mrand
"math/rand"
"testing"
.
"github.com/onsi/ginkgo"
...
...
@@ -11,3 +12,7 @@ func TestLibp2pTLS(t *testing.T) {
RegisterFailHandler
(
Fail
)
RunSpecs
(
t
,
"libp2p TLS Suite"
)
}
var
_
=
BeforeSuite
(
func
()
{
mrand
.
Seed
(
GinkgoRandomSeed
())
})
transport_test.go
View file @
22625285
...
...
@@ -2,9 +2,12 @@ package libp2ptls
import
(
"context"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"fmt"
mrand
"math/rand"
"net"
cs
"github.com/libp2p/go-conn-security"
...
...
@@ -21,10 +24,18 @@ var _ = Describe("Transport", func() {
)
createPeer
:=
func
()
(
peer
.
ID
,
ic
.
PrivKey
)
{
key
,
err
:=
rsa
.
GenerateKey
(
rand
.
Reader
,
1024
)
Expect
(
err
)
.
ToNot
(
HaveOccurred
())
priv
,
err
:=
ic
.
UnmarshalRsaPrivateKey
(
x509
.
MarshalPKCS1PrivateKey
(
key
))
Expect
(
err
)
.
ToNot
(
HaveOccurred
())
var
priv
ic
.
PrivKey
if
mrand
.
Int
()
%
2
==
0
{
fmt
.
Fprintln
(
GinkgoWriter
,
" using an ECDSA key"
)
var
err
error
priv
,
_
,
err
=
ic
.
GenerateECDSAKeyPair
(
rand
.
Reader
)
Expect
(
err
)
.
ToNot
(
HaveOccurred
())
}
else
{
fmt
.
Fprintln
(
GinkgoWriter
,
" using an RSA key"
)
var
err
error
priv
,
_
,
err
=
ic
.
GenerateRSAKeyPair
(
1024
,
rand
.
Reader
)
Expect
(
err
)
.
ToNot
(
HaveOccurred
())
}
id
,
err
:=
peer
.
IDFromPrivateKey
(
priv
)
Expect
(
err
)
.
ToNot
(
HaveOccurred
())
return
id
,
priv
...
...
@@ -48,13 +59,24 @@ var _ = Describe("Transport", func() {
// modify the cert chain such that verificiation will fail
invalidateCertChain
:=
func
(
identity
*
Identity
)
{
key
,
err
:=
rsa
.
GenerateKey
(
rand
.
Reader
,
1024
)
Expect
(
err
)
.
ToNot
(
HaveOccurred
())
identity
.
Config
.
Certificates
[
0
]
.
PrivateKey
=
key
switch
identity
.
Config
.
Certificates
[
0
]
.
PrivateKey
.
(
type
)
{
case
*
rsa
.
PrivateKey
:
key
,
err
:=
rsa
.
GenerateKey
(
rand
.
Reader
,
1024
)
Expect
(
err
)
.
ToNot
(
HaveOccurred
())
identity
.
Config
.
Certificates
[
0
]
.
PrivateKey
=
key
case
*
ecdsa
.
PrivateKey
:
key
,
err
:=
ecdsa
.
GenerateKey
(
elliptic
.
P224
(),
rand
.
Reader
)
Expect
(
err
)
.
ToNot
(
HaveOccurred
())
identity
.
Config
.
Certificates
[
0
]
.
PrivateKey
=
key
default
:
Fail
(
"unexpected private key type"
)
}
}
BeforeEach
(
func
()
{
fmt
.
Fprintf
(
GinkgoWriter
,
"Initializing a server"
)
serverID
,
serverKey
=
createPeer
()
fmt
.
Fprintf
(
GinkgoWriter
,
"Initializing a client"
)
clientID
,
clientKey
=
createPeer
()
})
...
...
@@ -135,6 +157,7 @@ var _ = Describe("Transport", func() {
})
It
(
"fails if the peer ID doesn't match"
,
func
()
{
fmt
.
Fprintf
(
GinkgoWriter
,
"Creating another peer"
)
thirdPartyID
,
_
:=
createPeer
()
serverTransport
,
err
:=
New
(
serverKey
)
...
...
@@ -172,7 +195,10 @@ var _ = Describe("Transport", func() {
defer
GinkgoRecover
()
_
,
err
:=
serverTransport
.
SecureInbound
(
context
.
Background
(),
serverInsecureConn
)
Expect
(
err
)
.
To
(
HaveOccurred
())
Expect
(
err
.
Error
())
.
To
(
ContainSubstring
(
"crypto/rsa: verification error"
))
Expect
(
err
.
Error
())
.
To
(
Or
(
ContainSubstring
(
"crypto/rsa: verification error"
),
ContainSubstring
(
"ECDSA verification failure"
),
))
close
(
done
)
}()
...
...
@@ -202,7 +228,10 @@ var _ = Describe("Transport", func() {
_
,
err
=
clientTransport
.
SecureOutbound
(
context
.
Background
(),
clientInsecureConn
,
serverID
)
Expect
(
err
)
.
To
(
HaveOccurred
())
Expect
(
err
.
Error
())
.
To
(
ContainSubstring
(
"crypto/rsa: verification error"
))
Expect
(
err
.
Error
())
.
To
(
Or
(
ContainSubstring
(
"crypto/rsa: verification error"
),
ContainSubstring
(
"ECDSA verification failure"
),
))
Eventually
(
done
)
.
Should
(
BeClosed
())
})
})
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment