ipfs · Stebalien · Mar 10, 2020 · Feb 20, 2020
@@ -6,12 +6,14 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/ipfs/go-ipfs/repo"
+
 	"github.com/libp2p/go-libp2p"
-	host "github.com/libp2p/go-libp2p-core/host"
-	pnet "github.com/libp2p/go-libp2p-pnet"
+	"github.com/libp2p/go-libp2p-core/host"
+	"github.com/libp2p/go-libp2p-core/pnet"
 	"go.uber.org/fx"
-
-	"github.com/ipfs/go-ipfs/repo"
+	"golang.org/x/crypto/salsa20"
+	"golang.org/x/crypto/sha3"
 )
 
 type PNetFingerprint []byte
@@ -22,14 +24,14 @@ func PNet(repo repo.Repo) (opts Libp2pOpts, fp PNetFingerprint, err error) {
 		return opts, nil, err
 	}
 
-	protec, err := pnet.NewProtector(bytes.NewReader(swarmkey))
+	psk, err := pnet.DecodeV1PSK(bytes.NewReader(swarmkey))
 	if err != nil {
 		return opts, nil, fmt.Errorf("failed to configure private network: %s", err)
 	}
-	fp = protec.Fingerprint()
 
-	opts.Opts = append(opts.Opts, libp2p.PrivateNetwork(protec))
-	return opts, fp, nil
+	opts.Opts = append(opts.Opts, libp2p.PrivateNetwork(psk))
+
+	return opts, pnetFingerprint(psk), nil
 }
 
 func PNetChecker(repo repo.Repo, ph host.Host, lc fx.Lifecycle) error {
@@ -68,3 +70,23 @@ func PNetChecker(repo repo.Repo, ph host.Host, lc fx.Lifecycle) error {
 	})
 	return nil
 }
+
+func pnetFingerprint(psk pnet.PSK) []byte {
+	var pskArr [32]byte
+	copy(pskArr[:], psk)
+
+	enc := make([]byte, 64)
+	zeros := make([]byte, 64)
+	out := make([]byte, 16)
+
+	// We encrypt data first so we don't feed PSK to hash function.
+	// Salsa20 function is not reversible thus increasing our security margin.
+	salsa20.XORKeyStream(enc, zeros, []byte("finprint"), &pskArr)
+
+	// Then do Shake-128 hash to reduce its length.
+	// This way if for some reason Shake is broken and Salsa20 preimage is possible,
+	// attacker has only half of the bytes necessary to recreate psk.
+	sha3.ShakeSum128(out, enc)
+
+	return out
+}
@@ -58,29 +58,28 @@ require (
 	github.com/jbenet/go-random v0.0.0-20190219211222-123a90aedc0c
 	github.com/jbenet/go-temp-err-catcher v0.0.0-20150120210811-aac704a3f4f2
 	github.com/jbenet/goprocess v0.1.3
-	github.com/libp2p/go-libp2p v0.5.2
+	github.com/libp2p/go-libp2p v0.6.0
 	github.com/libp2p/go-libp2p-autonat-svc v0.1.0
 	github.com/libp2p/go-libp2p-circuit v0.1.4
 	github.com/libp2p/go-libp2p-connmgr v0.2.1
-	github.com/libp2p/go-libp2p-core v0.4.0
+	github.com/libp2p/go-libp2p-core v0.5.0
 	github.com/libp2p/go-libp2p-discovery v0.2.0
 	github.com/libp2p/go-libp2p-http v0.1.4
 	github.com/libp2p/go-libp2p-kad-dht v0.5.1
 	github.com/libp2p/go-libp2p-kbucket v0.2.3
 	github.com/libp2p/go-libp2p-loggables v0.1.0
-	github.com/libp2p/go-libp2p-mplex v0.2.1
-	github.com/libp2p/go-libp2p-peerstore v0.1.4
-	github.com/libp2p/go-libp2p-pnet v0.1.0
+	github.com/libp2p/go-libp2p-mplex v0.2.2
+	github.com/libp2p/go-libp2p-peerstore v0.2.0
 	github.com/libp2p/go-libp2p-pubsub v0.2.6
 	github.com/libp2p/go-libp2p-pubsub-router v0.2.1
-	github.com/libp2p/go-libp2p-quic-transport v0.2.3
+	github.com/libp2p/go-libp2p-quic-transport v0.3.1
 	github.com/libp2p/go-libp2p-record v0.1.2
 	github.com/libp2p/go-libp2p-routing-helpers v0.1.0
 	github.com/libp2p/go-libp2p-secio v0.2.1
 	github.com/libp2p/go-libp2p-swarm v0.2.2
 	github.com/libp2p/go-libp2p-testing v0.1.1
 	github.com/libp2p/go-libp2p-tls v0.1.3
-	github.com/libp2p/go-libp2p-yamux v0.2.1
+	github.com/libp2p/go-libp2p-yamux v0.2.2
 	github.com/libp2p/go-maddr-filter v0.0.5
 	github.com/libp2p/go-socket-activation v0.0.2
 	github.com/mattn/go-runewidth v0.0.8 // indirect
@@ -100,7 +99,8 @@ require (
 	github.com/whyrusleeping/multiaddr-filter v0.0.0-20160516205228-e903e4adabd7
 	github.com/whyrusleeping/tar-utils v0.0.0-20180509141711-8c6c8ba81d5c
 	go.uber.org/fx v1.10.0
-	golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9
+	golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d
+	golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae
 	gopkg.in/cheggaaa/pb.v1 v1.0.28
 )