Support P256 network curve in API calls #16

johnmaguire · 2024-11-11T20:06:00Z

Depends on #17.

This PR adds PrivateKey, PublicKey, and TrustedKey types for handling host keys and CA keys. dnapi will always send both P256 and Ed25519 keys with enrollment requests. From that point forward, dnapi will only generate keys of the type used in prior requests.

dnapi does not attempt to "filter" trusted keys to only the curve supported by Nebula. In other words, a P256 network requires P256 CAs and host keys, but does not necessarily require P256 trusted keys. Do we want to add enforcement here?

Some code was moved into a keys sub-package in order to allow dnapitest to import it, while still allowing the dnapi package to import dnapitest. The bulk of this code is tested through a call to DoUpdate.

Code reorgnization allows dnapitest to import the marshal/unmarshal functions from the keys package.

johnmaguire requested a review from brad-defined November 11, 2024 20:06

johnmaguire changed the title ~~Support P256 network curve in enroll call~~ Support P256 network curve in API calls Dec 3, 2024

johnmaguire force-pushed the p256 branch from f0e3304 to c4bcb2b Compare December 5, 2024 16:24

johnmaguire marked this pull request as ready for review December 5, 2024 16:25

johnmaguire mentioned this pull request Dec 5, 2024

Update to build with Go 1.22 #17

Merged

johnmaguire force-pushed the p256 branch from c4bcb2b to c5ff27d Compare December 5, 2024 16:28

johnmaguire changed the base branch from main to go-1.22 December 5, 2024 16:28

Base automatically changed from go-1.22 to main December 5, 2024 16:32

brad-defined previously approved these changes Dec 5, 2024

View reviewed changes

johnmaguire added 11 commits December 5, 2024 12:06

Support P256 network curve in enroll call

b69702e

Support P256 in Credentials and DoUpdate

079e1cf

Update to match api changes

1eba727

Rename struct fields and JSON tags again

077b906

Update with full support for P256

2d0c253

Cleanup

d1ea449

Add length check for P256 trusted key

885c57b

Get tests passing

f5b62dd

Code reorgnization allows dnapitest to import the marshal/unmarshal functions from the keys package.

Add P256 test to verify signing and rotation

e117b0d

Return wrapped type to avoid callers having to do it

f20ab4e

Abstract public key handling

dd31b67

johnmaguire force-pushed the p256 branch from c5ff27d to dd31b67 Compare December 5, 2024 17:06

Default curve to avoid breaking old tests

5e0456d

johnmaguire dismissed brad-defined’s stale review via 5e0456d December 5, 2024 17:06

johnmaguire requested a review from brad-defined December 5, 2024 17:33

brad-defined previously approved these changes Dec 5, 2024

View reviewed changes

Rename types to be consistent with other code

c1b65ed

johnmaguire dismissed brad-defined’s stale review via c1b65ed December 5, 2024 18:44

johnmaguire requested a review from brad-defined December 5, 2024 18:48

brad-defined approved these changes Dec 5, 2024

View reviewed changes

johnmaguire merged commit 9f2241d into main Dec 5, 2024
2 checks passed

johnmaguire deleted the p256 branch December 5, 2024 18:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Support P256 network curve in API calls #16

Support P256 network curve in API calls #16

Uh oh!

johnmaguire commented Nov 11, 2024 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Support P256 network curve in API calls #16

Support P256 network curve in API calls #16

Uh oh!

Conversation

johnmaguire commented Nov 11, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

johnmaguire commented Nov 11, 2024 •

edited

Loading