crypto: drop go-openssl in favor of go1.19's boringcrypto

libp2p · Aug 17, 2022 · e79963f · e79963f
1 parent d4e64c7
commit e79963f
Show file tree

Hide file tree

Showing 12 changed files with 155 additions and 393 deletions.
diff --git a/.github/workflows/go-boring.yml b/.github/workflows/go-boring.yml
@@ -0,0 +1,41 @@
+# Workflow to test libp2p with boringcrypto enabled
+
+on: [push, pull_request]
+name: Go Boring
+
+jobs:
+  unit:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ "ubuntu" ]
+        go: [ "go1.19" ]
+    env:
+      COVERAGES: ""
+    runs-on: ${{ format('{0}-latest', matrix.os) }}
+    name: ${{ matrix.os }} (${{ matrix.go }})
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          submodules: recursive
+      - name: build Go with boringcrypto enabled
+        run: |
+          cd /tmp
+          git clone https://go.googlesource.com/go -b "$TARGET" --depth 1
+          cd go/src
+          export GOEXPERIMENT="boringcrypto"
+          ./make.bash
+          echo "/tmp/go/bin" >> $GITHUB_PATH
+        env:
+          TARGET: ${{ matrix.go }}
+      - name: Go information
+        run: |
+          go version
+          go env
+      - name: Run repo-specific setup
+        uses: ./.github/actions/go-test-setup
+        if: hashFiles('./.github/actions/go-test-setup') != ''
+      - name: Run tests
+        uses: protocol/[email protected]
+        with:
+          run: go test -v -shuffle=on ./...
diff --git a/README.md b/README.md
@@ -78,3 +78,14 @@ There's a few things you can do right now to help out:
 
 We test against and support the two most recent major releases of Go. This is
 informed by Go's own [security policy](https://go.dev/security).
+
+### `boringcrypto`
+
+For thoses who want faster cryptographic handshakes, this package support the go1.19 `boringcrypto` experiment.
+To use it build your custom version of go with this flag set:
+```bash
+git clone https://go.googlesource.com/go -b go1.19 --depth 1 && cd go/src # clone go's source code
+GOEXPERIMENT=boringcrypto ./make.bash # build go from source with boringcrypto enabled
+export PATH="$(realpath ../bin):$PATH" # add your build of go to your PATH
+# you can now use go build to build with boringcrypto enabled
+```
diff --git a/core/crypto/deprecated_openssl.go b/core/crypto/deprecated_openssl.go
@@ -0,0 +1,6 @@
+//go:build openssl && !nonLibp2pOpenssl
+// +build openssl,!nonLibp2pOpenssl
+
+package crypto
+
+var _ = 0 + "" // libp2p's openssl tag has been removed and is now replaced by go's boringcrypto experiment, see https://github.com/libp2p/go-libp2p#boringcrypto, if this is a mistake and the openssl tag is conflicting with your build process you can add the nonLibp2pOpenssl tag to ignore this error
diff --git a/core/crypto/key.go b/core/crypto/key.go
@@ -4,8 +4,12 @@
 package crypto
 
 import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/elliptic"
 	"crypto/rand"
+	"crypto/rsa"
 	"crypto/subtle"
 	"encoding/base64"
 	"errors"
@@ -14,6 +18,7 @@ import (
 
 	pb "github.com/libp2p/go-libp2p/core/crypto/pb"
 
+	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/gogo/protobuf/proto"
 )
 
@@ -288,3 +293,71 @@ func basicEquals(k1, k2 Key) bool {
 	}
 	return subtle.ConstantTimeCompare(a, b) == 1
 }
+
+// KeyPairFromStdKey wraps standard library (and secp256k1) private keys in libp2p/go-libp2p/core/crypto keys
+func KeyPairFromStdKey(priv crypto.PrivateKey) (PrivKey, PubKey, error) {
+	if priv == nil {
+		return nil, nil, ErrNilPrivateKey
+	}
+
+	switch p := priv.(type) {
+	case *rsa.PrivateKey:
+		return &RsaPrivateKey{*p}, &RsaPublicKey{k: p.PublicKey}, nil
+
+	case *ecdsa.PrivateKey:
+		return &ECDSAPrivateKey{p}, &ECDSAPublicKey{&p.PublicKey}, nil
+
+	case *ed25519.PrivateKey:
+		pubIfc := p.Public()
+		pub, _ := pubIfc.(ed25519.PublicKey)
+		return &Ed25519PrivateKey{*p}, &Ed25519PublicKey{pub}, nil
+
+	case *btcec.PrivateKey:
+		sPriv := Secp256k1PrivateKey(*p)
+		sPub := Secp256k1PublicKey(*p.PubKey())
+		return &sPriv, &sPub, nil
+
+	default:
+		return nil, nil, ErrBadKeyType
+	}
+}
+
+// PrivKeyToStdKey converts libp2p/go-libp2p/core/crypto private keys to standard library (and secp256k1) private keys
+func PrivKeyToStdKey(priv PrivKey) (crypto.PrivateKey, error) {
+	if priv == nil {
+		return nil, ErrNilPrivateKey
+	}
+
+	switch p := priv.(type) {
+	case *RsaPrivateKey:
+		return &p.sk, nil
+	case *ECDSAPrivateKey:
+		return p.priv, nil
+	case *Ed25519PrivateKey:
+		return &p.k, nil
+	case *Secp256k1PrivateKey:
+		return p, nil
+	default:
+		return nil, ErrBadKeyType
+	}
+}
+
+// PubKeyToStdKey converts libp2p/go-libp2p/core/crypto private keys to standard library (and secp256k1) public keys
+func PubKeyToStdKey(pub PubKey) (crypto.PublicKey, error) {
+	if pub == nil {
+		return nil, ErrNilPublicKey
+	}
+
+	switch p := pub.(type) {
+	case *RsaPublicKey:
+		return &p.k, nil
+	case *ECDSAPublicKey:
+		return p.pub, nil
+	case *Ed25519PublicKey:
+		return p.k, nil
+	case *Secp256k1PublicKey:
+		return p, nil
+	default:
+		return nil, ErrBadKeyType
+	}
+}
diff --git a/core/crypto/key_not_openssl.go b/core/crypto/key_not_openssl.go
diff --git a/core/crypto/key_openssl.go b/core/crypto/key_openssl.go