Skip to content
This repository has been archived by the owner on Aug 19, 2022. It is now read-only.

implement the new handshake #20

Merged
merged 8 commits into from
Apr 9, 2019
Merged

implement the new handshake #20

merged 8 commits into from
Apr 9, 2019

Conversation

marten-seemann
Copy link
Collaborator

Please read libp2p/specs#151.

@marten-seemann marten-seemann mentioned this pull request Feb 28, 2019
Merged
@marten-seemann marten-seemann marked this pull request as ready for review March 8, 2019 05:45
Stebalien
Stebalien reviewed Mar 8, 2019
View reviewed changes
Copy link
Member

@Stebalien Stebalien left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

But can we have lots of comments so nobody does something stupid and changes something they shouldn't?

crypto.go
if err != nil {
return nil, fmt.Errorf("unmarshalling public key failed: %s", err)
}
certKeyPub, err := x509.MarshalPKIXPublicKey(cert.PublicKey)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this deterministic?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it is: https://golang.org/src/crypto/x509/pkcs1.go?s=3633:3686#L138

crypto.go
func keyToCertificate(sk ic.PrivKey) (crypto.PrivateKey, *x509.Certificate, error) {
sn, err := rand.Int(rand.Reader, big.NewInt(1<<62))
func keyToCertificate(sk ic.PrivKey) (*tls.Certificate, error) {
certKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are there any other curves we can use...?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Go TLS implementation doesn't support P224, and P256 is curve that produces the smallest signatures. We could also use P384 and P512.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it support curve25519?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

keyToCertificate does (as well as secp256k1), but the Go standard library doesn't. This was one of the reasons we had to invent this new handshake protocol.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahh, I made a mistake and thought it was ecdh not ecdsa. (curve25519 is DH, ed25519 is signature).

crypto.go Outdated Show resolved Hide resolved
raulk
raulk reviewed Mar 11, 2019
View reviewed changes
Copy link
Member

@raulk raulk left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't say I'm a crypto expert, but logically LGTM. Minor comments here, and I defer to @Kubuxu and @Stebalien for final approval. Thanks for the great work, @marten-seemann! 🎉

crypto.go Show resolved Hide resolved
crypto.go Show resolved Hide resolved
transport_test.go Outdated Show resolved Hide resolved
@marten-seemann
Merge pull request #26 from libp2p/cert-prefix
ec3177f 
use a prefix when signing the public key
@marten-seemann
disable session tickets
11dcfe4 
When resuming a session using session tickets, no certificate chain is
presented, and the callbacks needed to verify the peer identity would
not be called.
@marten-seemann marten-seemann requested a review from Stebalien April 7, 2019 05:37
@marten-seemann
Copy link
Collaborator Author

@Kubuxu, @Stebalien I just merged the TLS spec. Can you please review this PR now?

Kubuxu
Kubuxu reviewed Apr 8, 2019
View reviewed changes
Copy link
Member

@Kubuxu Kubuxu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGWM

Stebalien
Stebalien approved these changes Apr 9, 2019
View reviewed changes
crypto.go Show resolved Hide resolved
@marten-seemann marten-seemann merged commit a01e537 into master Apr 9, 2019
This was referenced Apr 9, 2019
Closed
Closed
@marten-seemann marten-seemann deleted the new-handshake branch April 9, 2019 03:34
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Kubuxu Kubuxu Kubuxu left review comments

@raulk raulk raulk left review comments

@Stebalien Stebalien Stebalien approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@marten-seemann @Stebalien @raulk @Kubuxu