mirrors/redoctober
1
0
Fork 0
mirror of https://github.com/cloudflare/redoctober.git synced 2026-01-07 14:05:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
208 Commits 12 Branches 0 Tags
9e54751efc9c55083943e922262ab042f7dc3915
Commit Graph

208 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Zi Lin
9e54751efc Merge pull request #113 from cloudflare/jkroll/listen-tls 
Modify the way we listen on TLS
 2015-12-04 15:12:26 -08:00
Nick Sullivan
eb38e1afe3 Merge pull request #111 from Bren2010/brendan/parsers 
Rewrite MSP parsers.
 2015-12-04 13:01:24 -08:00
Brendan McMillion
5e1cff9d9d Rewrite MSP parsers. 
- Stop using container/list.  It requires casting which keeps causing panics.
- Justify all slice accesses.  Nil pointers also keep causing panics.
 2015-12-04 11:32:00 -08:00
Nick Sullivan
d89bb05295 Merge pull request #104 from andrewbuss/single_owner 
Allow encryption with a single owner
 2015-12-03 17:36:45 -08:00
Kyle Isom
0c286e1166 Merge pull request #108 from j-delaney/go-version 
Upadte README to specify Go 1.4
 2015-12-03 12:57:07 -08:00
J Delaney
b2ecf864e6 Upadte README to specify Go 1.4 2015-12-03 11:19:06 -08:00
Joshua Kroll
d9e9f26d8d Modify the way we listen on TLS, to try to encourage it to always happen. 2015-12-02 20:02:30 -08:00
Andrew Buss
13f6616e60 Allow encryption with a single owner 
The "minimum" parameter was ignored, so when a single user
was provided as an owner, the encrypted data had no KeySet value
and could not be decrypted.

This change fixes the API and cryptor to pay attention to the Minimum
parameter and handle the case where Minimum is 1
 2015-11-30 03:07:07 -08:00
Kyle Isom
f06cd674ba Merge pull request #103 from cloudflare/jkroll/backoff 
Add exponential backoff to the Red October client
 2015-11-24 15:25:33 -08:00
Nick Sullivan
3ce99ea48a Merge pull request #57 from Bren2010/master 
Support for Arbitrarily Complex Predicates
 2015-11-24 14:39:30 -08:00
Brendan McMillion
95e414474a Bugfix: Not enough arguments to Fatalf. 2015-11-23 10:43:39 -08:00
Brendan McMillion
c5da2f748e Comment the DerivePath logic. 2015-11-23 10:32:31 -08:00
Brendan McMillion
7e56983fa6 Move field and matrix logic into their own files and abstractions. 
- Instead of using GF(2^127-1) as one of many options, move to GF(2^128) exclusively.
- Don't clear the first two bits of every secret key.
 2015-11-21 09:23:55 -08:00
Joshua Kroll
5a748b9249 Add exponential backoff to the Red October client, following the pattern in the CFSSL transport package client. 2015-11-21 05:02:53 -08:00
Brendan McMillion
07b99b15f3 Update comments. 2015-11-20 10:22:59 -08:00
Brendan McMillion
61540eca4e Bug fixes from code audit. 
- Catch ignored error.
- Make sure that key data exists in the EncryptedData object as well as in the key cache.
 2015-11-13 16:21:30 -08:00
Brendan McMillion
362e20533a Respond to PR requests. 
- Type String renamed Name.
- Panic if an invalid modulus size is chosen rather.
- Name the interface arguments for the UserDatabase.
 2015-11-12 09:12:22 -08:00
Brendan McMillion
2422b2920d Update owners API and README with predicates. 2015-11-11 15:23:14 -08:00
Brendan McMillion
68e5403a7b Add predicate section to UI. 2015-11-11 15:22:57 -08:00
Brendan McMillion
d93709973e Track delegates when decrypting with shares. 2015-11-11 15:22:33 -08:00
Brendan McMillion
701b938562 Import bug fixes from MSP. 2015-11-11 15:22:12 -08:00
Brendan McMillion
4c161e343c Write better error messages. 2015-11-11 15:22:00 -08:00
Brendan McMillion
9e514e902a Shorten key by 2 bits. 2015-11-11 15:21:49 -08:00
Brendan McMillion
e652300f43 Vendored in Bren2010/MSP 2015-11-11 15:20:46 -08:00
Brendan Mc
becabb40e9 Integration with Bren2010/MSP 2015-11-11 15:20:17 -08:00
Kyle Isom
c0932d9cb5 Merge pull request #102 from ejcx/multiDel 
Multiple delegations to redoctober
 2015-11-11 08:28:35 -08:00
ejcx
c9a381d5c2 Multiple delegations to redoctober 
The idea is to create a new type (to avoid ugly string parsing) and
then, instead of iterating through delegations with the username, iterate
through the delegations and look for your username and matching slot. Also
in cases we don't have the slot (everything but delegation), find the slot
when we match a user.
 2015-11-11 08:26:26 -08:00
Kyle Isom
c08ad05776 Merge pull request #93 from j-delaney/api-testing 
Allow testing the API itself
 2015-11-03 13:57:49 -08:00
J Delaney
e4612a6e40 Test API response format and messages 2015-11-03 13:36:25 -08:00
jkroll-cf
9f7d323706 Merge pull request #101 from cloudflare/jkroll/add-sni 
Add a NameToCertificate map.
 2015-11-02 16:53:37 -08:00
Joshua Kroll
bdd83dee7c Add a NameToCertificate map. 
This enables SNI. Also fix bad session tickets issue from before.
 2015-11-02 16:14:05 -08:00
jkroll-cf
f3d13da29b Merge pull request #100 from cloudflare/jkroll/listen-tls-socket-activated 
Wrap systemd-provided sockets in a TLS listener.
 2015-11-02 15:45:14 -08:00
Joshua Kroll
90ff2ceae2 Improve RO TLS config. 2015-11-02 15:06:17 -08:00
Joshua Kroll
fe973169fa Wrap systemd-provided sockets in a TLS listener. 
This fixes a bug introduced by the new socket activation/systemd-brokered listening whereby Red October speaks HTTP rather than HTTPS over that socket.
 2015-11-02 13:20:53 -08:00
Kyle Isom
b7956979f4 Merge pull request #99 from ejcx/evan/ro-98 
Return error when attempting to delegate to non-existant user
 2015-10-29 15:06:17 -07:00
evan
846ac3f6c4 Return error when attempting to delegate to non-existant user to UI and API 2015-10-29 14:20:38 -07:00
jkroll-cf
ca3a0c6b77 Merge pull request #96 from cloudflare/jkroll/multicert 
Merge -multicert/-cert and -multikey/-key into new flags -certs and -keys
 2015-10-15 15:03:26 -07:00
Joshua Kroll
96c07919bb Fix the usage string, example systemd files, and README for breaking flags change. 2015-10-15 12:41:10 -07:00
Joshua Kroll
883ec0d8fb Merge the functionality of multiple keys/certs and single keys/certs into single flags. 
This makes configuration easier, as the same flag is used regardless of how many keys/certs are being provided.
 2015-10-15 10:54:06 -07:00
jkroll-cf
4614f48525 Merge pull request #95 from cloudflare/jkroll/multicert 
Modify Red October to listen with multiple certificates.
 2015-10-14 16:04:47 -07:00
Joshua Kroll
1c9bccbfcc Modify Red October to listen with multiple certificates. 
This allows a single Red October instance to have multiple names,
which is useful for load-balancing across multiple instances (e.g.,
one can have a fleet of instances (ro1, ro2, ...) and also a logical
name (redoctober.example.com) and have working access via both names
thanks to the magic of SNI.
 2015-10-13 21:44:30 -07:00
Nick Sullivan
309f6021e2 Merge pull request #88 from cloudflare/jkroll/listen-systemd 
Add the ability to listen to systemd-provided sockets.
 2015-10-10 15:35:47 -07:00
Nick Sullivan
1b7bc1fb07 Merge pull request #94 from j-delaney/test-passvault 
Add tests for passvault ChangePassword, NumRecords, and GetSummary
 2015-10-10 15:34:31 -07:00
J Delaney
a909e17694 Add tests for passvault ChangePassword, NumRecords, and GetSummary 2015-10-10 14:54:26 -07:00
Nick Sullivan
15600b08ff Merge pull request #92 from j-delaney/create-user-readme 
Update README to explain the UserType option in create-user API
 2015-10-10 12:05:38 -07:00
J Delaney
3eab302f81 Update README to explain what the UserType option is for in the create-user API 2015-10-10 11:32:19 -07:00
Nick Sullivan
a196ecaa99 Merge pull request #89 from wl2002/updating_passvault_test 
MakeRevokeAdmin, DeleteRecord tests
 2015-10-09 13:28:12 -07:00
Nick Sullivan
a580acccda Merge pull request #90 from j-delaney/create-user-api 
Dedicated API endpoint for creating users
 2015-10-09 13:27:50 -07:00
J Delaney
51f74f29e2 Update README to include documentation on create user API 2015-10-09 13:06:32 -07:00
J Delaney
f3c8ec98e6 Add tests for dedicated user creation API 2015-10-09 13:00:45 -07:00