Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update copyright | Jon Bratseth | 2023-10-09 | 114 | -128/+129 |
| | |||||
* | - Bring some libraries up to date. | Henning Baldersheim | 2023-08-29 | 1 | -1/+1 |
| | | | | | - Specify versions in dependency-versions module. - Avoid using opentest4j internally. | ||||
* | Enable TLSv1.3 for Vespa mTLS | Bjørn Christian Seime | 2023-07-20 | 1 | -10/+7 |
| | |||||
* | Defer side channel-safe array checks to existing BC utils | Tor Brede Vekterli | 2023-07-19 | 3 | -24/+13 |
| | | | | Use constant-time array compare for TokenCheckHash equality checks. | ||||
* | Short-cut re-acquiring ordered locks | jonmv | 2023-06-27 | 1 | -10/+4 |
| | |||||
* | Simplify token API by using fixed context for fingerprints | Tor Brede Vekterli | 2023-06-15 | 3 | -40/+51 |
| | | | | | | | | | | Fingerprints are now always derived using the a fixed context of `Vespa token fingerprint`. Enforcement has been added that a `TokenDomain` cannot be initialized with a context equal to the fingerprint context. This changes the fingerprint outputs from their previous values, but that's fine since they are not yet in use anywhere. | ||||
* | Add factory methods accepting hex string | Bjørn Christian Seime | 2023-06-14 | 3 | -0/+24 |
| | |||||
* | Also include domain when printing token | Tor Brede Vekterli | 2023-06-06 | 3 | -3/+12 |
| | |||||
* | Emit fingerprints with delimiters by default | Tor Brede Vekterli | 2023-06-06 | 3 | -3/+18 |
| | | | | Uses standard fingerprint `hex:hex:hex:...` format | ||||
* | Fix some silly typos | Tor Brede Vekterli | 2023-06-06 | 1 | -3/+3 |
| | |||||
* | Add a simple token primitive to security utils | Tor Brede Vekterli | 2023-06-06 | 6 | -0/+398 |
| | | | | | | | A token is an arbitrary, opaque (secret) string from which a fingerprint and audience-specific access-check hashes can be derived. A CSPRNG-backed token generator that returns random Base62-encoded tokens (with an optional prefix) is included. | ||||
* | Build with jdk20 | Jon Bratseth | 2023-04-17 | 2 | -4/+4 |
| | |||||
* | Revert "Enable TLSv1.3 for Vespa mTLS" | Henning Baldersheim | 2023-03-25 | 1 | -7/+10 |
| | |||||
* | Enable TLSv1.3 for Vespa mTLS | Bjørn Christian Seime | 2023-03-24 | 1 | -10/+7 |
| | |||||
* | Implement RFC 9180 HPKE sender asymmetric key authentication mode | Tor Brede Vekterli | 2023-03-23 | 4 | -13/+195 |
| | | | | | | | | We already have support for the `base` unauthenticated mode, so this just adds the `auth` mode where the sender's key pair is added to the ECDH shared key derivation mix. This ensures that a message may only be successfully opened if the sender was in possession of the private key (`skS`) corresponding to the expected public key (`pkS`). | ||||
* | Merge pull request #26168 from ↵ | Tor Brede Vekterli | 2023-02-24 | 2 | -2/+4 |
|\ | | | | | | | | | vespa-engine/revert-26152-revert-26139-vekterli/add-content-state-api-capability Reapply: add `vespa.content.state_api` capability" | ||||
| * | Revert "Revert "Add `vespa.content.state_api` capability" MERGEOK" | Tor Brede Vekterli | 2023-02-23 | 2 | -2/+4 |
| | | |||||
* | | Revert "Revert "Store original capability (set) names from JSON config in ↵ | Bjørn Christian Seime | 2023-02-23 | 6 | -25/+72 |
|/ | | | | PeerPolicy" MERGEOK" | ||||
* | Merge pull request #26153 from vespa-engine/revert-26145-bjorncs/capabilities | Bjørn Christian Seime | 2023-02-23 | 6 | -72/+25 |
|\ | | | | | Revert "Store original capability (set) names from JSON config in PeerPolicy" MERGEOK | ||||
| * | Revert "Store original capability (set) names from JSON config in PeerPolicy" | Bjørn Christian Seime | 2023-02-23 | 6 | -72/+25 |
| | | |||||
* | | Revert "Add `vespa.content.state_api` capability" | Bjørn Christian Seime | 2023-02-23 | 2 | -4/+2 |
|/ | |||||
* | Merge pull request #26139 from ↵ | Tor Brede Vekterli | 2023-02-22 | 2 | -2/+4 |
|\ | | | | | | | | | vespa-engine/vekterli/add-content-state-api-capability Add `vespa.content.state_api` capability | ||||
| * | Add `vespa.content.state_api` capability to Java | Tor Brede Vekterli | 2023-02-22 | 2 | -2/+4 |
| | | | | | | | | Add new capability to existing `vespa.telemetry` capability set. | ||||
* | | Store original capability (set) names from JSON config in PeerPolicy | Bjørn Christian Seime | 2023-02-22 | 6 | -25/+72 |
|/ | | | | Add additional helper methods to convert `names <=> capabilities`. | ||||
* | Grant container nodes access to container document api | Bjørn Christian Seime | 2023-02-20 | 1 | -1/+2 |
| | |||||
* | Specify that '/logs' requires logserver capability | Bjørn Christian Seime | 2023-02-17 | 1 | -1/+2 |
| | |||||
* | Warn instead of fail for unknown capability (set) | Bjørn Christian Seime | 2023-02-17 | 2 | -9/+10 |
| | |||||
* | Improve metric names, fix wiring | Bjørn Christian Seime | 2023-02-16 | 1 | -9/+9 |
| | |||||
* | Add capability 'vespa.sentinel.inspect_services' | Bjørn Christian Seime | 2023-02-16 | 1 | -0/+1 |
| | |||||
* | Add metrics for capability checks | Bjørn Christian Seime | 2023-02-16 | 2 | -0/+39 |
| | |||||
* | Add capability 'vespa.content.proton_admin_api' | Bjørn Christian Seime | 2023-02-15 | 1 | -0/+1 |
| | |||||
* | Add slobrok capability to all application nodes | Bjørn Christian Seime | 2023-02-15 | 1 | -2/+2 |
| | |||||
* | Add new capabilities to existing capability sets | Bjørn Christian Seime | 2023-02-15 | 1 | -6/+10 |
| | |||||
* | Use explicit `equals` and `hashCode` to use contents of arrays, not just refs | Tor Brede Vekterli | 2023-02-14 | 2 | -0/+55 |
| | | | | Also add a friendlier `toString()` that hex dumps the enc/ciphertext fields. | ||||
* | Require capabilities for built-in request handlers | Bjørn Christian Seime | 2023-02-14 | 1 | -0/+4 |
| | |||||
* | Revert "Revert "Bjorncs/capabilities"" | Henning Baldersheim | 2023-02-14 | 5 | -21/+34 |
| | |||||
* | Revert "Bjorncs/capabilities" | Henning Baldersheim | 2023-02-14 | 5 | -34/+21 |
| | |||||
* | Add new capabilities in node specific capability sets | Bjørn Christian Seime | 2023-02-13 | 3 | -11/+24 |
| | |||||
* | Rename 'from()' to 'of()' | Bjørn Christian Seime | 2023-02-13 | 5 | -10/+10 |
| | |||||
* | Define required capabilities for existing JRT RPC methods | Bjørn Christian Seime | 2023-02-09 | 1 | -0/+12 |
| | |||||
* | Introduce capbilities for unclassified APIs | Bjørn Christian Seime | 2023-02-09 | 1 | -0/+3 |
| | | | | Require 'vespa.rpc.unclassified' by default for all JRT APIs | ||||
* | Move definition of predefined capability set to parent class | Bjørn Christian Seime | 2023-02-09 | 4 | -30/+46 |
| | | | | Introduce functional interface ToCapabilitySet to simplify construction of second order capability sets. | ||||
* | Add 'vespa.none' capability | Bjørn Christian Seime | 2023-02-06 | 1 | -0/+1 |
| | |||||
* | Add an "interactive" token resealing protocol and basic tooling support | Tor Brede Vekterli | 2023-01-31 | 4 | -10/+197 |
| | | | | | | | | | | | | | | Implements a protocol for delegated access to a shared secret key of a token whose private key we do not possess. This builds directly on top of the existing token resealing mechanisms. The primary benefit of the resealing protocol is that none of the data exchanged can reveal anything about the underlying secret. Security note: neither resealing requests nor responses are explicitly authenticated (this is a property inherited from the sealed shared key tokens themselves). It is assumed that an attacker can observe all requests and responses in transit, but cannot modify them. | ||||
* | Add y64 encoder | Bjørn Christian Seime | 2023-01-30 | 2 | -0/+65 |
| | |||||
* | Unify on Streams.toList | Henning Baldersheim | 2023-01-17 | 5 | -10/+5 |
| | |||||
* | Ensure that HTTPS clients only use allowed ciphers and protocol versions | Bjørn Christian Seime | 2023-01-09 | 2 | -2/+25 |
| | |||||
* | Revert "Ensure that HTTPS clients only use allowed ciphers and protocol ↵ | Andreas Eriksen | 2023-01-06 | 2 | -25/+2 |
| | | | | versions" (#25436) | ||||
* | Ensure that HTTPS clients only use allowed ciphers and protocol versions | Bjørn Christian Seime | 2023-01-06 | 2 | -2/+25 |
| | |||||
* | Use ChaCha20-Poly1305 instead of AES-GCM for shared key-based crypto | Tor Brede Vekterli | 2023-01-05 | 5 | -24/+228 |
| | | | | | | | | | | | | | | | | | | | | | This is to get around the limitation where AES GCM can only produce a maximum of 64 GiB of ciphertext for a particular <key, IV> pair before its security properties break down. ChaCha20-Poly1305 does not have any practical limitations here. ChaCha20-Poly1305 uses a 256-bit key whereas the shared key is 128 bits. A HKDF is used to internally expand the key material to 256 bits. To let token based decryption be fully backwards compatible, introduce a token version 2. V1 tokens will be decrypted with AES-GCM 128, while V2 tokens use ChaCha20-Poly1305. As a bonus, cryptographic operations will generally be _faster_ after this cipher change, as we use BouncyCastle ciphers and these do not use any native AES instructions. ChaCha20-Poly1305 is usually considerably faster when running without specialized hardware support. An ad-hoc experiment with a large ciphertext showed a near 70% performance increase over AES-GCM 128. |