Enforce ed25519 private keys and identity.

See ipfs#3896
AtlantPlatform · Mar 13, 2018 · 2cb1d72 · 2cb1d72
1 parent db74330
commit 2cb1d72
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 5 deletions.
diff --git a/Makefile b/Makefile
@@ -24,5 +24,8 @@ extract-apply:
 	--unvendor go-libp2p-peer \
 	--unvendor go-libp2p-crypto
 
+patch-apply:
+	git apply patches/ed25519.patch
+
 test:
 	go install bitbucket.org/atlantproject/go-ipfs/cmd/ipfswatch
diff --git a/core/core.go b/core/core.go
@@ -808,7 +808,7 @@ func loadPrivateKey(cfg *config.Identity, id peer.ID) (ic.PrivKey, error) {
 		return nil, err
 	}
 
-	id2, err := peer.IDFromPrivateKey(sk)
+	id2, err := peer.IDFromEd25519PublicKey(sk.GetPublic())
 	if err != nil {
 		return nil, err
 	}

diff --git a/go-libp2p-peer/peer.go b/go-libp2p-peer/peer.go
@@ -59,7 +59,7 @@ func (id ID) MatchesPrivateKey(sk ic.PrivKey) bool {
 
 // MatchesPublicKey tests whether this ID was derived from pk
 func (id ID) MatchesPublicKey(pk ic.PubKey) bool {
-	oid, err := IDFromPublicKey(pk)
+	oid, err := IDFromEd25519PublicKey(pk)
 	if err != nil {
 		return false
 	}

diff --git a/patches/ed25519.patch b/patches/ed25519.patch
@@ -0,0 +1,50 @@
+diff --git a/core/core.go b/core/core.go
+index b4c423e2d..06c9ef633 100644
+--- a/core/core.go
++++ b/core/core.go
+@@ -808,7 +808,7 @@ func loadPrivateKey(cfg *config.Identity, id peer.ID) (ic.PrivKey, error) {
+ 		return nil, err
+ 	}
+
+-	id2, err := peer.IDFromPrivateKey(sk)
++	id2, err := peer.IDFromEd25519PublicKey(sk.GetPublic())
+ 	if err != nil {
+ 		return nil, err
+ 	}
+diff --git a/go-libp2p-peer/peer.go b/go-libp2p-peer/peer.go
+index 0b3bbbcb9..55786f4db 100644
+--- a/go-libp2p-peer/peer.go
++++ b/go-libp2p-peer/peer.go
+@@ -59,7 +59,7 @@ func (id ID) MatchesPrivateKey(sk ic.PrivKey) bool {
+
+ // MatchesPublicKey tests whether this ID was derived from pk
+ func (id ID) MatchesPublicKey(pk ic.PubKey) bool {
+-	oid, err := IDFromPublicKey(pk)
++	oid, err := IDFromEd25519PublicKey(pk)
+ 	if err != nil {
+ 		return false
+ 	}
+diff --git a/repo/config/init.go b/repo/config/init.go
+index b42fdcf14..775b6e782 100644
+--- a/repo/config/init.go
++++ b/repo/config/init.go
+@@ -150,8 +150,8 @@ func identityConfig(out io.Writer, nbits int) (Identity, error) {
+ 		return ident, errors.New("Bitsize less than 1024 is considered unsafe.")
+ 	}
+
+-	fmt.Fprintf(out, "generating %v-bit RSA keypair...", nbits)
+-	sk, pk, err := ci.GenerateKeyPair(ci.RSA, nbits)
++	fmt.Fprintf(out, "generating an Ed25519 keypair...")
++	sk, pk, err := ci.GenerateKeyPair(ci.Ed25519, 0)
+ 	if err != nil {
+ 		return ident, err
+ 	}
+@@ -165,7 +165,7 @@ func identityConfig(out io.Writer, nbits int) (Identity, error) {
+ 	}
+ 	ident.PrivKey = base64.StdEncoding.EncodeToString(skbytes)
+
+-	id, err := peer.IDFromPublicKey(pk)
++	id, err := peer.IDFromEd25519PublicKey(pk)
+ 	if err != nil {
+ 		return ident, err
+ 	}
diff --git a/repo/config/init.go b/repo/config/init.go
@@ -150,8 +150,8 @@ func identityConfig(out io.Writer, nbits int) (Identity, error) {
 		return ident, errors.New("Bitsize less than 1024 is considered unsafe.")
 	}
 
-	fmt.Fprintf(out, "generating %v-bit RSA keypair...", nbits)
-	sk, pk, err := ci.GenerateKeyPair(ci.RSA, nbits)
+	fmt.Fprintf(out, "generating an Ed25519 keypair...")
+	sk, pk, err := ci.GenerateKeyPair(ci.Ed25519, 0)
 	if err != nil {
 		return ident, err
 	}
@@ -165,7 +165,7 @@ func identityConfig(out io.Writer, nbits int) (Identity, error) {
 	}
 	ident.PrivKey = base64.StdEncoding.EncodeToString(skbytes)
 
-	id, err := peer.IDFromPublicKey(pk)
+	id, err := peer.IDFromEd25519PublicKey(pk)
 	if err != nil {
 		return ident, err
 	}