ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-19 04:57:58 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

CORDA-1969 Retire SECP256K1 for TLS (#3920)

Browse Source 
* Flag SECP256K1 as not supported for TLS

* Remove authentication tests using SECP256K1 for TLS

* Remove K1 leftover
This commit is contained in:
Christian Sailer 2018-09-11 13:04:29 +01:00 committed by GitHub
parent 8bc46d9f7d
commit 7459115f54
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/source/cipher-suites.rst
View File

@ -73,7 +73,7 @@ are compatible with TLS 1.2, while the default scheme per key type is also shown
| | and SHA-256 | | vendors. | | - tls |
| | | | - network map (CN) |
+-------------------------+---------------------------------------------------------------+-----+-------------------------+
| | ECDSA using the | | secp256k1 is the curve adopted by Bitcoin and as such there | YES | |
| | ECDSA using the | | secp256k1 is the curve adopted by Bitcoin and as such there | NO | |
| | Koblitz k1 curve | | is a wealth of infrastructure, code and advanced algorithms | | |
| | (secp256k1) | | designed for use with it. This curve is standardised by | | |
| | and SHA-256 | | NIST as part of the "Suite B" cryptographic algorithms and | | |

34
node/src/test/kotlin/net/corda/node/utilities/TLSAuthenticationTests.kt
View File

@ -100,22 +100,6 @@ class TLSAuthenticationTests {
testConnect(serverSocket, clientSocket, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256")
}
@Test
fun `All EC K1`() {
val (serverSocketFactory, clientSocketFactory) = buildTLSFactories(
rootCAScheme = Crypto.ECDSA_SECP256K1_SHA256,
intermediateCAScheme = Crypto.ECDSA_SECP256K1_SHA256,
client1CAScheme = Crypto.ECDSA_SECP256K1_SHA256,
client1TLSScheme = Crypto.ECDSA_SECP256K1_SHA256,
client2CAScheme = Crypto.ECDSA_SECP256K1_SHA256,
client2TLSScheme = Crypto.ECDSA_SECP256K1_SHA256
)
val (serverSocket, clientSocket) = buildTLSSockets(serverSocketFactory, clientSocketFactory, 0, 0)
testConnect(serverSocket, clientSocket, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256")
}
// Server's public key type is the one selected if users use different key types (e.g RSA and EC R1).
@Test
fun `Server RSA - Client EC R1 - CAs all EC R1`() {
@ -162,22 +146,6 @@ class TLSAuthenticationTests {
testConnect(serverSocket, clientSocket, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256")
}
@Test
fun `Server EC K1 - Client EC R1 - CAs all RSA`() {
val (serverSocketFactory, clientSocketFactory) = buildTLSFactories(
rootCAScheme = Crypto.RSA_SHA256,
intermediateCAScheme = Crypto.RSA_SHA256,
client1CAScheme = Crypto.RSA_SHA256,
client1TLSScheme = Crypto.ECDSA_SECP256K1_SHA256,
client2CAScheme = Crypto.RSA_SHA256,
client2TLSScheme = Crypto.ECDSA_SECP256R1_SHA256
)
val (serverSocket, clientSocket) = buildTLSSockets(serverSocketFactory, clientSocketFactory, 0, 0)
testConnect(serverSocket, clientSocket, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256")
}
@Test
fun `Server EC R1 - Client RSA - Mixed CAs`() {
val (serverSocketFactory, clientSocketFactory) = buildTLSFactories(
@ -185,7 +153,7 @@ class TLSAuthenticationTests {
intermediateCAScheme = Crypto.RSA_SHA256,
client1CAScheme = Crypto.RSA_SHA256,
client1TLSScheme = Crypto.ECDSA_SECP256R1_SHA256,
client2CAScheme = Crypto.ECDSA_SECP256K1_SHA256,
client2CAScheme = Crypto.ECDSA_SECP256R1_SHA256,
client2TLSScheme = Crypto.RSA_SHA256
)