Commit Graph

29 Commits

Author SHA1 Message Date
Wade Simmons 69a6db705a cleanup unused test 2026-06-09 12:26:42 -04:00
Wade Simmons 9709893009 use testing log 2026-06-09 12:26:04 -04:00
Wade Simmons f437c7d372 more cleanup 2026-06-09 10:55:57 -04:00
Wade Simmons 06fb503fc3 WIP 2026-06-09 10:31:49 -04:00
Wade Simmons 7cd3875934 fix expected for fips140
We actually set the nonce wrong before this branch, fixing now.
2026-06-08 12:22:25 -04:00
Wade Simmons 90ea6346e9 WIP 2026-06-08 11:41:07 -04:00
Wade Simmons 37b752bb23 WIP 2026-06-08 09:43:28 -04:00
Wade Simmons adb01f66a3 make the test match the code
Ensure we use the correctly AESGCM for fips140
2026-06-01 13:48:34 -04:00
Wade Simmons cf5d73d625 better check 2026-06-01 11:24:09 -04:00
Wade Simmons 56a09b7cbb fix 2026-06-01 11:22:39 -04:00
Wade Simmons 1d17c785a8 fixup tests 2026-06-01 11:19:12 -04:00
Wade Simmons 8671a4ebbd cleanup 2026-06-01 10:21:34 -04:00
Wade Simmons b5ad62aea1 Merge remote-tracking branch 'origin/master' into fips140 2026-06-01 09:52:57 -04:00
Nate Brown 5f920fdd7d Remove the global noiseEndianness var (#1707)
gofmt / Run gofmt (push) Failing after 3s
smoke-extra / Run extra smoke tests (push) Failing after 3s
smoke / Run multi node smoke test (push) Failing after 3s
Build and test / Build all and test on ubuntu-linux (push) Failing after 2s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2s
Build and test / Build and test on linux with pkcs11 (push) Failing after 3s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2026-05-06 17:37:03 -05:00
Wade Simmons 5dd566e220 also support fips140v1.26
This will be inprocess soon
2026-04-30 15:21:58 -04:00
Wade Simmons 243cf4a7c5 Revert "cleanup"
This reverts commit 08ee2ab35f.
2026-04-27 16:22:09 -04:00
Wade Simmons 08ee2ab35f cleanup 2026-04-27 14:18:17 -04:00
Wade Simmons 6fa1ecdc29 Merge remote-tracking branch 'origin/master' into fips140 2026-01-30 13:41:49 -05:00
zhetaicheleba e5f60fa54f chore: fix some typos in comments (#1582)
Signed-off-by: zhetaicheleba <taicheleba@outlook.com>
2026-01-20 11:03:31 -05:00
Wade Simmons fd3fa57e79 comments 2025-07-25 14:42:54 -04:00
Wade Simmons 0eb92dcab4 WIP 2025-07-25 14:32:37 -04:00
Wade Simmons f6b206d96c cleanup 2025-07-25 10:38:52 -04:00
Wade Simmons 6da314aa6b WIP 2025-07-24 13:56:42 -04:00
Wade Simmons 4485c47641 WIP support new Go fips140 module
This will replace boring crypto at some point.

We should modify our protocol a bit and instead change to
NewGCMWithRandomNonce.
2025-03-31 12:08:58 -04:00
Jack Doan 35603d1c39 add PKCS11 support (#1153)
* add PKCS11 support

* add pkcs11 build option to the makefile, add a stub pkclient to avoid forcing CGO onto people

* don't print the pkcs11 option on nebula-cert keygen if not compiled in

* remove linux-arm64-pkcs11 from the all target to fix CI

* correctly serialize ec keys

* nebula-cert: support PKCS#11 for sign and ca

* fix gofmt lint

* clean up some logic with regard to closing sessions

* pkclient: handle empty correctly for TPM2

* Update Makefile and Actions

---------

Co-authored-by: Morgan Jones <me@numin.it>
Co-authored-by: John Maguire <contact@johnmaguire.me>
2024-09-09 17:51:58 -04:00
Jack Doan fd1906b16f minor text fixes (#1135) 2024-05-03 20:43:40 -05:00
Wade Simmons 31ed9269d7 add test for GOEXPERIMENT=boringcrypto (#861)
* add test for GOEXPERIMENT=boringcrypto

* fix NebulaCertificate.Sign

Set the PublicKey field in a more compatible way for the tests. The
current method grabs the public key from the certificate, but the
correct thing to do is to derive it from the private key. Either way
doesn't really matter as I don't think the Sign method actually even
uses the PublicKey field.

* assert boring

* cleanup tests
2023-05-08 13:27:01 -04:00
Wade Simmons e0185c4b01 Support NIST curve P256 (#769)
* Support NIST curve P256

This change adds support for NIST curve P256. When you use `nebula-cert ca`
or `nebula-cert keygen`, you can specify `-curve P256` to enable it. The
curve to use is based on the curve defined in your CA certificate.

Internally, we use ECDSA P256 to sign certificates, and ECDH P256 to do
Noise handshakes. P256 is not supported natively in Noise Protocol, so
we define `DHP256` in the `noiseutil` package to implement support for
it.

You cannot have a mixed network of Curve25519 and P256 certificates,
since the Noise protocol will only attempt to parse using the Curve
defined in the host's certificate.

* verify the curves match in VerifyPrivateKey

This would have failed anyways once we tried to actually use the bytes
in the private key, but its better to detect the issue up front with
a better error message.

* add cert.Curve argument to Sign method

* fix mismerge

* use crypto/ecdh

This is the preferred method for doing ECDH functions now, and also has
a boringcrypto specific codepath.

* remove other ecdh uses of crypto/elliptic

use crypto/ecdh instead
2023-05-04 17:50:23 -04:00
Wade Simmons e0553822b0 Use NewGCMTLS (when using experiment boringcrypto) (#803)
* Use NewGCMTLS (when using experiment boringcrypto)

This change only affects builds built using `GOEXPERIMENT=boringcrypto`.
When built with this experiment, we use the NewGCMTLS() method exposed by
goboring, which validates that the nonce is strictly monotonically increasing.
This is the TLS 1.2 specification for nonce generation (which also matches the
method used by the Noise Protocol)

- https://github.com/golang/go/blob/go1.19/src/crypto/tls/cipher_suites.go#L520-L522
- https://github.com/golang/go/blob/go1.19/src/crypto/internal/boring/aes.go#L235-L237
- https://github.com/golang/go/blob/go1.19/src/crypto/internal/boring/aes.go#L250
- https://github.com/google/boringssl/blob/ae223d6138807a13006342edfeef32e813246b39/include/openssl/aead.h#L379-L381
- https://github.com/google/boringssl/blob/ae223d6138807a13006342edfeef32e813246b39/crypto/fipsmodule/cipher/e_aes.c#L1082-L1093

* need to lock around EncryptDanger in SendVia

* fix link to test vector
2023-04-05 11:08:23 -04:00