fix: Redact pnet pre-shared key Debug output#6490
Conversation
milaforge
changed the title
milaforge
force-pushed
the
pnet-redact-psk-debug
branch
from
0fa9016 to
8c52925
Compare
jxs
left a comment
jxs
left a comment
There was a problem hiding this comment.
Hi, and thanks! Left a comment otherwise LGTM
| pub fn to_key_file(self) -> String { | ||
| format!("/key/swarm/psk/1.0.0/\n/base16/\n{}\n", to_hex(&self.0)) |
There was a problem hiding this comment.
why do we require this? This doesn't look like canonical
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
| Fingerprint(out) | ||
| } | ||
|
|
||
| /// Export the unredacted key in go-libp2p key file format. |
There was a problem hiding this comment.
| /// Export the unredacted key in go-libp2p key file format. | |
| /// Export the unredacted private key. |
| } | ||
|
|
||
| #[test] | ||
| fn debug_formatting_does_not_leak_raw_psk() { |
There was a problem hiding this comment.
I don't think these tests are required
There was a problem hiding this comment.
Why?
debug_formatting_does_not_leak_raw_psk directly covers the security promise of the PR. PreSharedKey Debug redacts the raw key, and derived PnetConfig Debug does not accidentally re-expose it through the field. This is valuable regression coverage.
Co-authored-by: João Oliveira <hello@jxs.pt>
| writeln!(f, "/key/swarm/psk/1.0.0/")?; | ||
| writeln!(f, "/base16/")?; | ||
| writeln!(f, "{}", to_hex(&self.0)) | ||
| f.write_str(&self.to_key_file()) |
There was a problem hiding this comment.
Making to_key_file() the canonical raw-export implementation and having Display delegate to it.
2 participants
Description
Redacts PreSharedKey Debug output, covers PnetConfig derived Debug, and adds to_key_file for explicit raw keyfile export.
Tests:
cargo test -p libp2p-pnetAI Assistance Disclosure
Tools used Codex
Attestation (required):
Notes & open questions
Change checklist