diff --git a/MAINTAINERS.md b/MAINTAINERS.md index 818dd7af..6a026a2f 100644 --- a/MAINTAINERS.md +++ b/MAINTAINERS.md @@ -9,6 +9,7 @@ | Steffen Rattay | [@rmbrt](https://github.com/rmbrt) | rmbrt | | Ilja von Hoessle | [@iljabvh](https://github.com/iljabvh) | iljabvh | | Jens Winkle | [@DragonDev1906](https://github.com/DragonDev1906) | jens#4601 | +| Minh Huy Tran | [@NhoxxKienn](https://github.com/NhoxxKienn) | NhoxxKienn | ## Emeritus Maintainers diff --git a/NOTICE b/NOTICE index 37145564..1476ec69 100644 --- a/NOTICE +++ b/NOTICE @@ -42,6 +42,7 @@ PolyCrypt GmbH Oliver Tale-Yazdi Ilja von Hoessle Jens Winkle + Minh Huy Tran Robert Bosch GmbH Manoranjith diff --git a/wire/account.go b/wire/account.go index 55e8f786..5b8abb25 100644 --- a/wire/account.go +++ b/wire/account.go @@ -57,7 +57,7 @@ func (m *AuthResponseMsg) Type() Type { // Encode encodes this AuthResponseMsg into an io.Writer. func (m *AuthResponseMsg) Encode(w io.Writer) error { // Write the signature size first - if err := encodeUint32(w, uint32(m.SignatureSize)); err != nil { + if err := encodeUint32(w, m.SignatureSize); err != nil { return err } @@ -101,7 +101,8 @@ func NewAuthResponseMsg(acc Account) (Msg, error) { // encodeUint32 encodes a uint32 value into an io.Writer. func encodeUint32(w io.Writer, v uint32) error { - buf := make([]byte, 4) + sigSize := 4 // uint32 size + buf := make([]byte, sigSize) binary.BigEndian.PutUint32(buf, v) _, err := w.Write(buf) return err @@ -109,7 +110,8 @@ func encodeUint32(w io.Writer, v uint32) error { // decodeUint32 decodes a uint32 value from an io.Reader. func decodeUint32(r io.Reader) (uint32, error) { - buf := make([]byte, 4) + sigSize := 4 // uint32 size + buf := make([]byte, sigSize) if _, err := io.ReadFull(r, buf); err != nil { return 0, err } diff --git a/wire/net/exchange_addr.go b/wire/net/exchange_addr.go index 8cf2b5d4..f57bb225 100644 --- a/wire/net/exchange_addr.go +++ b/wire/net/exchange_addr.go @@ -81,7 +81,6 @@ func ExchangeAddrsActive(ctx context.Context, id wire.Account, peer wire.Address } else if _, ok := e.Msg.(*wire.AuthResponseMsg); !ok { err = errors.Errorf("expected AuthResponse wire msg, got %v", e.Msg.Type()) } else if check := verifyAddressSignature(peer, e.Msg.(*wire.AuthResponseMsg).Signature); check != nil { - fmt.Println(e.Msg.(*wire.AuthResponseMsg).Signature) err = errors.WithMessage(err, "verifying peer address's signature") } else if !e.Recipient.Equal(id.Address()) && !e.Sender.Equal(peer) { diff --git a/wire/net/simple/account.go b/wire/net/simple/account.go index 64f9f642..d0c11854 100644 --- a/wire/net/simple/account.go +++ b/wire/net/simple/account.go @@ -41,7 +41,7 @@ func (acc *Account) Sign(msg []byte) ([]byte, error) { if acc.privateKey == nil { return nil, errors.New("private key is nil") } - hashed := sha256.Sum256([]byte(msg)) + hashed := sha256.Sum256(msg) signature, err := rsa.SignPKCS1v15(crypto_rand.Reader, acc.privateKey, crypto.SHA256, hashed[:]) if err != nil { return nil, err diff --git a/wire/net/simple/dialer_internal_test.go b/wire/net/simple/dialer_internal_test.go index 5d6f360a..9f32f2cd 100644 --- a/wire/net/simple/dialer_internal_test.go +++ b/wire/net/simple/dialer_internal_test.go @@ -38,19 +38,25 @@ import ( ) func TestNewTCPDialer(t *testing.T) { - tlsConfig := &tls.Config{} + tlsConfig := &tls.Config{ + MinVersion: tls.VersionTLS12, // Set minimum TLS version to TLS 1.2 + } d := NewTCPDialer(0, tlsConfig) assert.Equal(t, d.network, "tcp") } func TestNewUnixDialer(t *testing.T) { - tlsConfig := &tls.Config{} + tlsConfig := &tls.Config{ + MinVersion: tls.VersionTLS12, // Set minimum TLS version to TLS 1.2 + } d := NewUnixDialer(0, tlsConfig) assert.Equal(t, d.network, "unix") } func TestDialer_Register(t *testing.T) { - tlsConfig := &tls.Config{} + tlsConfig := &tls.Config{ + MinVersion: tls.VersionTLS12, // Set minimum TLS version to TLS 1.2 + } rng := test.Prng(t) addr := NewRandomAddress(rng) key := wire.Key(addr) @@ -151,14 +157,15 @@ func TestDialer_Dial(t *testing.T) { // generateSelfSignedCertConfigs generates a self-signed certificate and returns // the server and client TLS configurations. func generateSelfSignedCertConfigs(commonName string, sans []string) (*tls.Config, *tls.Config, error) { + keySize := 2048 // Generate a new RSA private key for the server - serverPrivateKey, err := rsa.GenerateKey(rand.Reader, 2048) + serverPrivateKey, err := rsa.GenerateKey(rand.Reader, keySize) if err != nil { return nil, nil, err } // Generate a new RSA private key for the client - clientPrivateKey, err := rsa.GenerateKey(rand.Reader, 2048) + clientPrivateKey, err := rsa.GenerateKey(rand.Reader, keySize) if err != nil { return nil, nil, err } @@ -247,6 +254,7 @@ func generateSelfSignedCertConfigs(commonName string, sans []string) (*tls.Confi ClientCAs: serverCertPool, Certificates: []tls.Certificate{serverCert}, ClientAuth: tls.RequireAndVerifyClientCert, + MinVersion: tls.VersionTLS12, // Set minimum TLS version to TLS 1.2 } clientCertPool := x509.NewCertPool() @@ -259,6 +267,7 @@ func generateSelfSignedCertConfigs(commonName string, sans []string) (*tls.Confi clientConfig := &tls.Config{ RootCAs: clientCertPool, Certificates: []tls.Certificate{clientCert}, + MinVersion: tls.VersionTLS12, // Set minimum TLS version to TLS 1.2 } return serverConfig, clientConfig, nil diff --git a/wire/net/simple/init.go b/wire/net/simple/init.go index 29af22ab..cce04c41 100644 --- a/wire/net/simple/init.go +++ b/wire/net/simple/init.go @@ -14,10 +14,21 @@ package simple -import "perun.network/go-perun/wire" +import ( + "math/rand" + + "perun.network/go-perun/wire" + "perun.network/go-perun/wire/test" +) func init() { wire.SetNewAddressFunc(func() wire.Address { return NewAddress("") }) + test.SetNewRandomAddress(func(rng *rand.Rand) wire.Address { + return NewRandomAddress(rng) + }) + test.SetNewRandomAccount(func(rng *rand.Rand) wire.Account { + return NewRandomAccount(rng) + }) } diff --git a/wire/net/simple/listener_internal_test.go b/wire/net/simple/listener_internal_test.go index 1f30b8f7..b5cc7258 100644 --- a/wire/net/simple/listener_internal_test.go +++ b/wire/net/simple/listener_internal_test.go @@ -30,7 +30,7 @@ const addr = "0.0.0.0:1337" // serverKey and serverCert are generated with the following commands: // openssl ecparam -genkey -name prime256v1 -out server.key -// openssl req -new -x509 -key server.key -out server.pem -days 3650 +// openssl req -new -x509 -key server.key -out server.pem -days 3650. const testServerKey = `-----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- @@ -60,6 +60,7 @@ func TestNewTCPListener(t *testing.T) { cer, err := tls.X509KeyPair([]byte(testServerCert), []byte(testServerKey)) require.NoError(t, err, "loading server key and cert") tlsConfig := &tls.Config{ + MinVersion: tls.VersionTLS12, // Set minimum TLS version to TLS 1.2 Certificates: []tls.Certificate{cer}, } l, err := NewTCPListener(addr, tlsConfig) @@ -71,6 +72,7 @@ func TestNewUnixListener(t *testing.T) { cer, err := tls.X509KeyPair([]byte(testServerCert), []byte(testServerKey)) require.NoError(t, err, "loading server key and cert") tlsConfig := &tls.Config{ + MinVersion: tls.VersionTLS12, // Set minimum TLS version to TLS 1.2 Certificates: []tls.Certificate{cer}, } l, err := NewUnixListener(addr, tlsConfig) @@ -82,6 +84,7 @@ func TestListener_Close(t *testing.T) { cer, err := tls.X509KeyPair([]byte(testServerCert), []byte(testServerKey)) require.NoError(t, err, "loading server key and cert") tlsConfig := &tls.Config{ + MinVersion: tls.VersionTLS12, // Set minimum TLS version to TLS 1.2 Certificates: []tls.Certificate{cer}, } t.Run("double close", func(t *testing.T) { @@ -96,6 +99,7 @@ func TestNewListener(t *testing.T) { cer, err := tls.X509KeyPair([]byte(testServerCert), []byte(testServerKey)) require.NoError(t, err, "loading server key and cert") tlsConfig := &tls.Config{ + MinVersion: tls.VersionTLS12, // Set minimum TLS version to TLS 1.2 Certificates: []tls.Certificate{cer}, } t.Run("happy", func(t *testing.T) { @@ -124,6 +128,7 @@ func TestListener_Accept(t *testing.T) { cer, err := tls.X509KeyPair([]byte(testServerCert), []byte(testServerKey)) require.NoError(t, err, "loading server key and cert") tlsConfig := &tls.Config{ + MinVersion: tls.VersionTLS12, // Set minimum TLS version to TLS 1.2 Certificates: []tls.Certificate{cer}, } // Happy case already tested in TestDialer_Dial.