personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2025-12-15 03:18:28 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
349 Commits 42 Branches 24 Tags
6685856b5db2e4f5e8f69eac0af5280d7d1d930c
Commit Graph

14 Commits

Author SHA1 Message Date
John Maguire
a56a97e5c3 Add ability to encrypt CA private key at rest (#386) 
Fixes #8.

`nebula-cert ca` now supports encrypting the CA's private key with a
passphrase. Pass `-encrypt` in order to be prompted for a passphrase.
Encryption is performed using AES-256-GCM and Argon2id for KDF. KDF
parameters default to RFC recommendations, but can be overridden via CLI
flags `-argon-memory`, `-argon-parallelism`, and `-argon-iterations`.
 2023-04-03 13:59:38 -04:00
Wade Simmons
45d1d2b6c6 Update dependencies - 2022-04 (#664) 
Updated  github.com/kardianos/service         https://github.com/kardianos/service/compare/v1.2.0...v1.2.1
    Updated  github.com/miekg/dns                 https://github.com/miekg/dns/compare/v1.1.43...v1.1.48
    Updated  github.com/prometheus/client_golang  https://github.com/prometheus/client_golang/compare/v1.11.0...v1.12.1
    Updated  github.com/prometheus/common         https://github.com/prometheus/common/compare/v0.32.1...v0.33.0
    Updated  github.com/stretchr/testify          https://github.com/stretchr/testify/compare/v1.7.0...v1.7.1
    Updated  golang.org/x/crypto                  5770296d90...ae2d96664a
    Updated  golang.org/x/net                     69e39bad7d...749bd193bc
    Updated  golang.org/x/sys                     7861aae155...289d7a0edf
    Updated  golang.zx2c4.com/wireguard/windows   v0.5.1...v0.5.3
    Updated  google.golang.org/protobuf           v1.27.1...v1.28.0
 2022-04-18 12:12:25 -04:00
forfuncsake
1110756f0f Allow setup of a CA pool from bytes that contain expired certs (#599) 
Co-authored-by: Nate Brown <nbrown.us@gmail.com>
 2021-12-09 21:24:56 -06:00
Nate Brown
4453964e34 Move util to test, contextual errors to util (#575) 2021-11-10 21:47:38 -06:00
Manuel Romei
3a8f533b24 refactor: use X25519 instead of ScalarBaseMult (#533) 
As suggested in https://pkg.go.dev/golang.org/x/crypto/curve25519#ScalarBaseMult,
use X25519 instead of ScalarBaseMult. When using Basepoint, it may employ
some precomputed values, enhancing performance.

Co-authored-by: Wade Simmons <wade@wades.im>
Co-authored-by: Wade Simmons <wadey@slack-corp.com>
 2021-10-12 12:03:43 -04:00
John Maguire
34d002d695 Check CA cert and key match in nebula-cert sign (#503) 
`func (nc *NebulaCertificate) VerifyPrivateKey(key []byte) error` would
previously return an error even if passed the correct private key for a
CA certificate `nc`.

That function has been updated to support CA certificates, and
nebula-cert now calls it before signing a new certificate. Previously,
it would perform all constraint checks against the CA certificate
provided, take a SHA256 fingerprint of the provided certificate, insert
it into the new node certificate, and then finally sign it with the
mismatching private key provided.
 2021-10-01 12:43:33 -04:00
brad-defined
454bc8a6bb Check certificate banner during nebula-cert print (#373) 2021-02-05 14:52:32 -06:00
Wade Simmons
384b1166ea fix panic in UnmarshalNebulaCertificate (#339) 
This fixes a panic in UnmarshalNebulaCertificate when unmarshaling
a payload with Details set to nil.

Fixes: #332
 2020-11-19 08:44:54 -05:00
Nathan Brown
68e3e84fdc More like a library (#279) 2020-09-18 09:20:09 -05:00
forfuncsake
25964b54f6 Use inclusive terminology for cert blocking (#272) 2020-08-06 11:17:47 +10:00
Nate Brown
0dc9aafa14 Support root subnet asserts 2019-12-17 17:10:46 -08:00
Nate Brown
98d92ee4cf Support root IP assertions in cert.Verify 2019-12-17 17:06:13 -08:00
Ryan Huber
1884aec113 get rid of the annotation "errors" on github actions 2019-12-11 20:24:13 +00:00
Slack Security Team
f22b4b584d Public Release 2019-11-19 17:00:20 +00:00