ResiLien
/
nebula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: use X25519 instead of ScalarBaseMult (#533) 

As suggested in https://pkg.go.dev/golang.org/x/crypto/curve25519#ScalarBaseMult,
use X25519 instead of ScalarBaseMult. When using Basepoint, it may employ
some precomputed values, enhancing performance.

Co-authored-by: Wade Simmons <wade@wades.im>
Co-authored-by: Wade Simmons <wadey@slack-corp.com>
This commit is contained in:
Manuel Romei 2021-10-12 18:03:43 +02:00 committed by GitHub
parent 34d002d695
commit 3a8f533b24
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 32 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cert/cert.go
View File

@ -337,10 +337,11 @@ func (nc *NebulaCertificate) VerifyPrivateKey(key []byte) error {
return nil return nil
} }
var dst, key32 [32]byte pub, err := curve25519.X25519(key, curve25519.Basepoint)
copy(key32[:], key) if err != nil {
curve25519.ScalarBaseMult(&dst, &key32) return err
if !bytes.Equal(dst[:], nc.Details.PublicKey) { }
if !bytes.Equal(pub, nc.Details.PublicKey) {
return fmt.Errorf("public key in cert and private key supplied don't match") return fmt.Errorf("public key in cert and private key supplied don't match")
} }

13
cert/cert_test.go
View File

@ -860,10 +860,15 @@ func newTestCert(ca *NebulaCertificate, key []byte, before, after time.Time, ips
} }
func x25519Keypair() ([]byte, []byte) { func x25519Keypair() ([]byte, []byte) {
var pubkey, privkey [32]byte privkey := make([]byte, 32)
if _, err := io.ReadFull(rand.Reader, privkey[:]); err != nil { if _, err := io.ReadFull(rand.Reader, privkey); err != nil {
panic(err) panic(err)
} }
curve25519.ScalarBaseMult(&pubkey, &privkey)
return pubkey[:], privkey[:] pubkey, err := curve25519.X25519(privkey, curve25519.Basepoint)
if err != nil {
panic(err)
}
return pubkey, privkey
} }

13
cmd/nebula-cert/sign.go
View File

@ -226,12 +226,17 @@ func signCert(args []string, out io.Writer, errOut io.Writer) error {
} }
func x25519Keypair() ([]byte, []byte) { func x25519Keypair() ([]byte, []byte) {
var pubkey, privkey [32]byte privkey := make([]byte, 32)
if _, err := io.ReadFull(rand.Reader, privkey[:]); err != nil { if _, err := io.ReadFull(rand.Reader, privkey); err != nil {
panic(err) panic(err)
} }
curve25519.ScalarBaseMult(&pubkey, &privkey)
return pubkey[:], privkey[:] pubkey, err := curve25519.X25519(privkey, curve25519.Basepoint)
if err != nil {
panic(err)
}
return pubkey, privkey
} }
func signSummary() string { func signSummary() string {

13
e2e/helpers_test.go
View File

@ -186,12 +186,17 @@ func newTestCert(ca *cert.NebulaCertificate, key []byte, name string, before, af
} }
func x25519Keypair() ([]byte, []byte) { func x25519Keypair() ([]byte, []byte) {
var pubkey, privkey [32]byte privkey := make([]byte, 32)
if _, err := io.ReadFull(rand.Reader, privkey[:]); err != nil { if _, err := io.ReadFull(rand.Reader, privkey); err != nil {
panic(err) panic(err)
} }
curve25519.ScalarBaseMult(&pubkey, &privkey)
return pubkey[:], privkey[:] pubkey, err := curve25519.X25519(privkey, curve25519.Basepoint)
if err != nil {
panic(err)
}
return pubkey, privkey
} }
func ip2int(ip []byte) uint32 { func ip2int(ip []byte) uint32 {