Commit Graph

8 Commits

Author SHA1 Message Date
Manuel Romei 3a8f533b24
refactor: use X25519 instead of ScalarBaseMult (#533)
As suggested in https://pkg.go.dev/golang.org/x/crypto/curve25519#ScalarBaseMult,
use X25519 instead of ScalarBaseMult. When using Basepoint, it may employ
some precomputed values, enhancing performance.

Co-authored-by: Wade Simmons <wade@wades.im>
Co-authored-by: Wade Simmons <wadey@slack-corp.com>
2021-10-12 12:03:43 -04:00
John Maguire 34d002d695
Check CA cert and key match in nebula-cert sign (#503)
`func (nc *NebulaCertificate) VerifyPrivateKey(key []byte) error` would
previously return an error even if passed the correct private key for a
CA certificate `nc`.

That function has been updated to support CA certificates, and
nebula-cert now calls it before signing a new certificate. Previously,
it would perform all constraint checks against the CA certificate
provided, take a SHA256 fingerprint of the provided certificate, insert
it into the new node certificate, and then finally sign it with the
mismatching private key provided.
2021-10-01 12:43:33 -04:00
Tim Rots e7e6a23cde
fix a few typos (#302) 2021-03-01 11:14:34 -05:00
Nathan Brown d4b81f9b8d
Add QR code support to `nebula-cert` (#297) 2021-02-11 18:53:25 -06:00
Stephan 1592da921d fix(nebula-cert): flag duration is optional, so reflect this is the cli help (#117)
* fix: nebula-cert duration is optional, so reflect this is the cli help

nebula-cert sign defaults the duration flag to 1 second before the CA expires, so it is not required to be provided.

* tests: Fix test for duration flag help message

* nebula-cert: add duration default value hint
2020-01-06 10:51:29 -08:00
Nate Brown 328db6bb82 Root constraint usage and support in nebula-cert 2019-12-17 17:59:21 -08:00
Nate Brown 7076fc0004 Fix impossible error message condition, go fmt 2019-12-09 16:41:27 -08:00
Slack Security Team f22b4b584d Public Release 2019-11-19 17:00:20 +00:00