-
-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
smp: command authorization #982
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
90d1f9b
to
c411173
Compare
c411173
to
a7a4671
Compare
…patibility yet from new clients to old servers)
304e1a3
to
a734c29
Compare
spaced4ndy
reviewed
Feb 13, 2024
spaced4ndy
reviewed
Feb 13, 2024
* THandleParams (WIP, does not compile) * transport: fetch and store server certificate * smp: add getOnlinePubKey example to smpClientHandshake * add server certs and sign authPub * cleanup * update * style * load server certs from test fixtures * sign ntf authPubKey * fix onServerCertificate * increase delay before sending messages * require certificate with key in SMP server handshake --------- Co-authored-by: Evgeny Poberezkin <evgeny@poberezkin.com>
This reverts commit 75adfc9.
61a2b61
to
a53605c
Compare
spaced4ndy
reviewed
Feb 15, 2024
dpwiz
added a commit
that referenced
this pull request
Feb 16, 2024
* smp: command authorization * fix encoding, most tests * remove old tests * authorize via crypto_box * extract authenticator to Crypto module * make TransmissionAuth Maybe * rfc * support authenticators in NTF protocol, test matrix (no backwards compatibility yet from new clients to old servers) * fix/add tests, add version config to "small" agent * separate client and server versions for SMP protocol * test batching SMP v7 * do not send session ID in each transmission * refactor auth verification in the server, split tests * server "warm up" fixes timing test * uncomment SUB timing test * comments, disable two timing tests * rename version * increase auth timing test failure threshold * use different algorithms to authorize snd/rcv commands, use random correlation ID * transport: fetch and store server certificate (#985) * THandleParams (WIP, does not compile) * transport: fetch and store server certificate * smp: add getOnlinePubKey example to smpClientHandshake * add server certs and sign authPub * cleanup * update * style * load server certs from test fixtures * sign ntf authPubKey * fix onServerCertificate * increase delay before sending messages * require certificate with key in SMP server handshake --------- Co-authored-by: Evgeny Poberezkin <evgeny@poberezkin.com> * remove dhSecret from THandle * remove v8, merge all changes to one version * parameterize THandle * rfc: transmission ecnryption * Revert "parameterize THandle" This reverts commit 75adfc9. * use batch syntax for ntf server commands * separate encodeTransmission when there is no key * typo Co-authored-by: spaced4ndy <8711996+spaced4ndy@users.noreply.github.com> * rename * diff --------- Co-authored-by: Alexander Bondarenko <486682+dpwiz@users.noreply.github.com> Co-authored-by: spaced4ndy <8711996+spaced4ndy@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Scope:
Test required: new/existing connections via 16 combinations of old (pre v5.5.3)/new clients and old/new servers participating in the connection (4 parties) - 32 tests in total.
The same testing will need to be repeated once server versions are raised in code; old (pre v5.5.3) clients will not work with the new servers but new clients will continue supporting old servers (see migration plan in Deniability RFC).