Update go-libp2p, fix tests with weak RSA keys

cmd/seccat/seccat.go

@@ -113,8 +113,8 @@ func main() {
 }
 
 func setupPeer(a args) (peer.ID, pstore.Peerstore, error) {
-	if a.keybits < 1024 {
-		return "", nil, errors.New("bitsize less than 1024 is considered unsafe")
+	if a.keybits < 2048 {
+		return "", nil, errors.New("bitsize less than 2048 is considered unsafe")
 	}
 
 	out("generating key pair...")

core/coreapi/test/api_test.go

@@ -39,7 +39,7 @@ func (NodeProvider) MakeAPISwarm(ctx context.Context, fullIdentity bool, n int)
 	for i := 0; i < n; i++ {
 		var ident config.Identity
 		if fullIdentity {
-			sk, pk, err := ci.GenerateKeyPair(ci.RSA, 512)
+			sk, pk, err := ci.GenerateKeyPair(ci.RSA, 2048)
 			if err != nil {
 				return nil, err
 			}

core/node/builder.go

@@ -124,7 +124,7 @@ func (cfg *BuildCfg) options(ctx context.Context) (fx.Option, *cfg.Config) {
 
 func defaultRepo(dstore repo.Datastore) (repo.Repo, error) {
 	c := cfg.Config{}
-	priv, pub, err := ci.GenerateKeyPairWithReader(ci.RSA, 1024, rand.Reader)
+	priv, pub, err := ci.GenerateKeyPairWithReader(ci.RSA, 2048, rand.Reader)
 	if err != nil {
 		return nil, err
 	}

go.mod

@@ -13,11 +13,11 @@ require (
 	github.com/gogo/protobuf v1.2.1
 	github.com/golangci/golangci-lint v1.17.1
 	github.com/hashicorp/go-multierror v1.0.0
-	github.com/hashicorp/golang-lru v0.5.1
+	github.com/hashicorp/golang-lru v0.5.3
 	github.com/ipfs/go-bitswap v0.1.6
 	github.com/ipfs/go-block-format v0.0.2
 	github.com/ipfs/go-blockservice v0.1.0
-	github.com/ipfs/go-cid v0.0.2
+	github.com/ipfs/go-cid v0.0.3
 	github.com/ipfs/go-cidutil v0.0.2
 	github.com/ipfs/go-datastore v0.0.5
 	github.com/ipfs/go-detect-race v0.0.1
@@ -52,47 +52,46 @@ require (
 	github.com/ipfs/go-unixfs v0.2.1
 	github.com/ipfs/go-verifcid v0.0.1
 	github.com/ipfs/hang-fds v0.0.1
-	github.com/ipfs/interface-go-ipfs-core v0.1.0
+	github.com/ipfs/interface-go-ipfs-core v0.2.2
 	github.com/ipfs/iptb v1.4.0
 	github.com/ipfs/iptb-plugins v0.1.0
 	github.com/jbenet/go-is-domain v1.0.2
 	github.com/jbenet/go-random v0.0.0-20190219211222-123a90aedc0c
 	github.com/jbenet/go-random-files v0.0.0-20190219210431-31b3f20ebded
 	github.com/jbenet/go-temp-err-catcher v0.0.0-20150120210811-aac704a3f4f2
 	github.com/jbenet/goprocess v0.1.3
-	github.com/libp2p/go-eventbus v0.0.3 // indirect
-	github.com/libp2p/go-libp2p v0.2.0
+	github.com/libp2p/go-eventbus v0.1.0 // indirect
+	github.com/libp2p/go-libp2p v0.3.0
 	github.com/libp2p/go-libp2p-autonat-svc v0.1.0
-	github.com/libp2p/go-libp2p-circuit v0.1.0
+	github.com/libp2p/go-libp2p-circuit v0.1.1
 	github.com/libp2p/go-libp2p-connmgr v0.1.1
-	github.com/libp2p/go-libp2p-core v0.0.6
+	github.com/libp2p/go-libp2p-core v0.2.2
 	github.com/libp2p/go-libp2p-http v0.1.2
-	github.com/libp2p/go-libp2p-kad-dht v0.1.1
+	github.com/libp2p/go-libp2p-kad-dht v0.2.0
 	github.com/libp2p/go-libp2p-kbucket v0.2.0
 	github.com/libp2p/go-libp2p-loggables v0.1.0
 	github.com/libp2p/go-libp2p-mplex v0.2.1
-	github.com/libp2p/go-libp2p-peerstore v0.1.2-0.20190621130618-cfa9bb890c1a
+	github.com/libp2p/go-libp2p-peerstore v0.1.3
 	github.com/libp2p/go-libp2p-pnet v0.1.0
 	github.com/libp2p/go-libp2p-pubsub v0.1.0
 	github.com/libp2p/go-libp2p-pubsub-router v0.1.0
 	github.com/libp2p/go-libp2p-quic-transport v0.1.1
-	github.com/libp2p/go-libp2p-record v0.1.0
+	github.com/libp2p/go-libp2p-record v0.1.1
 	github.com/libp2p/go-libp2p-routing-helpers v0.1.0
-	github.com/libp2p/go-libp2p-secio v0.1.0
-	github.com/libp2p/go-libp2p-swarm v0.1.1
-	github.com/libp2p/go-libp2p-testing v0.0.4
+	github.com/libp2p/go-libp2p-secio v0.2.0
+	github.com/libp2p/go-libp2p-swarm v0.2.0
+	github.com/libp2p/go-libp2p-testing v0.1.0
 	github.com/libp2p/go-libp2p-tls v0.1.0
 	github.com/libp2p/go-libp2p-yamux v0.2.1
 	github.com/libp2p/go-maddr-filter v0.0.5
 	github.com/mattn/go-runewidth v0.0.4 // indirect
-	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/mr-tron/base58 v1.1.2
 	github.com/multiformats/go-multiaddr v0.0.4
 	github.com/multiformats/go-multiaddr-dns v0.0.3
 	github.com/multiformats/go-multiaddr-net v0.0.1
 	github.com/multiformats/go-multibase v0.0.1
-	github.com/multiformats/go-multihash v0.0.5
+	github.com/multiformats/go-multihash v0.0.7
 	github.com/opentracing/opentracing-go v1.1.0
 	github.com/pkg/errors v0.8.1
 	github.com/prometheus/client_golang v0.9.3

namesys/ipns_resolver_validation_test.go

@@ -9,14 +9,14 @@ import (
 	dssync "github.com/ipfs/go-datastore/sync"
 	mockrouting "github.com/ipfs/go-ipfs-routing/mock"
 	offline "github.com/ipfs/go-ipfs-routing/offline"
-	u "github.com/ipfs/go-ipfs-util"
 	ipns "github.com/ipfs/go-ipns"
 	path "github.com/ipfs/go-path"
 	opts "github.com/ipfs/interface-go-ipfs-core/options/namesys"
 	ci "github.com/libp2p/go-libp2p-core/crypto"
 	peer "github.com/libp2p/go-libp2p-core/peer"
 	pstore "github.com/libp2p/go-libp2p-core/peerstore"
 	routing "github.com/libp2p/go-libp2p-core/routing"
+	"github.com/libp2p/go-libp2p-core/test"
 	pstoremem "github.com/libp2p/go-libp2p-peerstore/pstoremem"
 	record "github.com/libp2p/go-libp2p-record"
 	testutil "github.com/libp2p/go-libp2p-testing/net"
@@ -137,19 +137,15 @@ func TestResolverValidation(t *testing.T) {
 }
 
 func genKeys(t *testing.T) (ci.PrivKey, peer.ID, string, string) {
-	sr := u.NewTimeSeededRand()
-	priv, _, err := ci.GenerateKeyPairWithReader(ci.RSA, 1024, sr)
+	sk, pk, err := test.RandTestKeyPair(ci.RSA, 2048)
 	if err != nil {
 		t.Fatal(err)
 	}
-
-	// Create entry with expiry in one hour
-	pid, err := peer.IDFromPrivateKey(priv)
+	id, err := peer.IDFromPublicKey(pk)
 	if err != nil {
 		t.Fatal(err)
 	}
-
-	return priv, pid, PkKeyForID(pid), ipns.RecordKey(pid)
+	return sk, id, PkKeyForID(id), ipns.RecordKey(id)
 }
 
 type mockValueStore struct {

namesys/namesys_test.go

@@ -88,7 +88,7 @@ func TestNamesysResolution(t *testing.T) {
 
 func TestPublishWithCache0(t *testing.T) {
 	dst := dssync.MutexWrap(ds.NewMapDatastore())
-	priv, _, err := ci.GenerateKeyPair(ci.RSA, 1024)
+	priv, _, err := ci.GenerateKeyPair(ci.RSA, 2048)
 	if err != nil {
 		t.Fatal(err)
 	}

namesys/resolve_test.go

@@ -11,10 +11,8 @@ import (
 	mockrouting "github.com/ipfs/go-ipfs-routing/mock"
 	ipns "github.com/ipfs/go-ipns"
 	path "github.com/ipfs/go-path"
-	ci "github.com/libp2p/go-libp2p-core/crypto"
-	peer "github.com/libp2p/go-libp2p-core/peer"
-	test "github.com/libp2p/go-libp2p-core/test"
 	testutil "github.com/libp2p/go-libp2p-testing/net"
+	tnet "github.com/libp2p/go-libp2p-testing/net"
 )
 
 func TestRoutingResolve(t *testing.T) {
@@ -26,23 +24,15 @@ func TestRoutingResolve(t *testing.T) {
 	resolver := NewIpnsResolver(d)
 	publisher := NewIpnsPublisher(d, dstore)
 
-	privk, pubk, err := test.RandTestKeyPair(ci.RSA, 512)
-	if err != nil {
-		t.Fatal(err)
-	}
+	identity := tnet.RandIdentityOrFatal(t)
 
 	h := path.FromString("/ipfs/QmZULkCELmmk5XNfCgTnCyFgAVxBRBXyDHGGMVoLFLiXEN")
-	err = publisher.Publish(context.Background(), privk, h)
+	err := publisher.Publish(context.Background(), identity.PrivateKey(), h)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	pid, err := peer.IDFromPublicKey(pubk)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	res, err := resolver.Resolve(context.Background(), pid.Pretty())
+	res, err := resolver.Resolve(context.Background(), identity.ID().Pretty())
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -59,36 +49,28 @@ func TestPrexistingExpiredRecord(t *testing.T) {
 	resolver := NewIpnsResolver(d)
 	publisher := NewIpnsPublisher(d, dstore)
 
-	privk, pubk, err := test.RandTestKeyPair(ci.RSA, 512)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	id, err := peer.IDFromPublicKey(pubk)
-	if err != nil {
-		t.Fatal(err)
-	}
+	identity := tnet.RandIdentityOrFatal(t)
 
 	// Make an expired record and put it in the datastore
 	h := path.FromString("/ipfs/QmZULkCELmmk5XNfCgTnCyFgAVxBRBXyDHGGMVoLFLiXEN")
 	eol := time.Now().Add(time.Hour * -1)
 
-	entry, err := ipns.Create(privk, []byte(h), 0, eol)
+	entry, err := ipns.Create(identity.PrivateKey(), []byte(h), 0, eol)
 	if err != nil {
 		t.Fatal(err)
 	}
-	err = PutRecordToRouting(context.Background(), d, pubk, entry)
+	err = PutRecordToRouting(context.Background(), d, identity.PublicKey(), entry)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// Now, with an old record in the system already, try and publish a new one
-	err = publisher.Publish(context.Background(), privk, h)
+	err = publisher.Publish(context.Background(), identity.PrivateKey(), h)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	err = verifyCanResolve(resolver, id.Pretty(), h)
+	err = verifyCanResolve(resolver, identity.ID().Pretty(), h)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -101,35 +83,27 @@ func TestPrexistingRecord(t *testing.T) {
 	resolver := NewIpnsResolver(d)
 	publisher := NewIpnsPublisher(d, dstore)
 
-	privk, pubk, err := test.RandTestKeyPair(ci.RSA, 512)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	id, err := peer.IDFromPublicKey(pubk)
-	if err != nil {
-		t.Fatal(err)
-	}
+	identity := tnet.RandIdentityOrFatal(t)
 
 	// Make a good record and put it in the datastore
 	h := path.FromString("/ipfs/QmZULkCELmmk5XNfCgTnCyFgAVxBRBXyDHGGMVoLFLiXEN")
 	eol := time.Now().Add(time.Hour)
-	entry, err := ipns.Create(privk, []byte(h), 0, eol)
+	entry, err := ipns.Create(identity.PrivateKey(), []byte(h), 0, eol)
 	if err != nil {
 		t.Fatal(err)
 	}
-	err = PutRecordToRouting(context.Background(), d, pubk, entry)
+	err = PutRecordToRouting(context.Background(), d, identity.PublicKey(), entry)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// Now, with an old record in the system already, try and publish a new one
-	err = publisher.Publish(context.Background(), privk, h)
+	err = publisher.Publish(context.Background(), identity.PrivateKey(), h)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	err = verifyCanResolve(resolver, id.Pretty(), h)
+	err = verifyCanResolve(resolver, identity.ID().Pretty(), h)
 	if err != nil {
 		t.Fatal(err)
 	}

test/3nodetest/bootstrap/Dockerfile

@@ -1,6 +1,6 @@
 FROM zaqwsx_ipfs-test-img
 
-RUN ipfs init -b=1024
+RUN ipfs init -b=2048
 ADD . /tmp/id
 RUN mv -f /tmp/id/config /root/.ipfs/config
 RUN ipfs id

test/3nodetest/client/Dockerfile

@@ -1,6 +1,6 @@
 FROM zaqwsx_ipfs-test-img
 
-RUN ipfs init -b=1024
+RUN ipfs init -b=2048
 ADD . /tmp/id
 RUN mv -f /tmp/id/config /root/.ipfs/config
 RUN ipfs id

test/3nodetest/server/Dockerfile

@@ -1,6 +1,6 @@
 FROM zaqwsx_ipfs-test-img
 
-RUN ipfs init -b=1024
+RUN ipfs init -b=2048
 ADD . /tmp/test
 RUN mv -f /tmp/test/config /root/.ipfs/config
 RUN ipfs id

test/bench/bench_cli_ipfs_add/main.go

@@ -65,7 +65,7 @@ func benchmarkAdd(amount int64) (*testing.BenchmarkResult, error) {
 				}
 			}
 
-			initCmd := exec.Command("ipfs", "init", "-b=1024")
+			initCmd := exec.Command("ipfs", "init", "-b=2048")
 			setupCmd(initCmd)
 			if err := initCmd.Run(); err != nil {
 				benchmarkError = err

test/bench/offline_add/main.go

@@ -49,7 +49,7 @@ func benchmarkAdd(amount int64) (*testing.BenchmarkResult, error) {
 				cmd.Env = env
 			}
 
-			cmd := exec.Command("ipfs", "init", "-b=1024")
+			cmd := exec.Command("ipfs", "init", "-b=2048")
 			setupCmd(cmd)
 			if err := cmd.Run(); err != nil {
 				b.Fatal(err)

test/sharness/lib/test-lib.sh

@@ -148,7 +148,7 @@ test_init_ipfs() {
 
   test_expect_success "ipfs init succeeds" '
     export IPFS_PATH="$(pwd)/.ipfs" &&
-    ipfs init --profile=test -b=1024 > /dev/null
+    ipfs init --profile=test -b=2048 > /dev/null
   '
 
   test_expect_success "prepare config -- mounting" '

test/sharness/t0020-init.sh

@@ -98,7 +98,7 @@ test_expect_success "clean up ipfs dir" '
 '
 
 test_expect_success "'ipfs init --empty-repo' succeeds" '
-  BITS="1024" &&
+  BITS="2048" &&
   ipfs init --bits="$BITS" --empty-repo >actual_init
 '
 
@@ -128,14 +128,14 @@ test_expect_success "clean up ipfs dir" '
 
 # test init profiles
 test_expect_success "'ipfs init --profile' with invalid profile fails" '
-  BITS="1024" &&
+  BITS="2048" &&
   test_must_fail ipfs init --bits="$BITS" --profile=nonexistent_profile 2> invalid_profile_out
   EXPECT="Error: invalid configuration profile: nonexistent_profile" &&
   grep "$EXPECT" invalid_profile_out
 '
 
 test_expect_success "'ipfs init --profile' succeeds" '
-  BITS="1024" &&
+  BITS="2048" &&
   ipfs init --bits="$BITS" --profile=server
 '
 
@@ -149,7 +149,7 @@ test_expect_success "clean up ipfs dir" '
 '
 
 test_expect_success "'ipfs init --profile=test' succeeds" '
-  BITS="1024" &&
+  BITS="2048" &&
   ipfs init --bits="$BITS" --profile=test
 '
 
@@ -168,7 +168,7 @@ test_expect_success "clean up ipfs dir" '
 '
 
 test_expect_success "'ipfs init --profile=lowpower' succeeds" '
-  BITS="1024" &&
+  BITS="2048" &&
   ipfs init --bits="$BITS" --profile=lowpower
 '
 

test/sharness/t0025-datastores.sh

@@ -5,7 +5,7 @@ test_description="Test non-standard datastores"
 . lib/test-lib.sh
 
 test_expect_success "'ipfs init --profile=badgerds' succeeds" '
-  BITS="1024" &&
+  BITS="2048" &&
   ipfs init --bits="$BITS" --profile=badgerds
 '