zed-industries/zed
1
1
Fork 0
mirror of https://github.com/zed-industries/zed.git synced 2024-09-16 17:07:14 +03:00
Code Issues Packages Projects Releases Wiki Activity
Code at the speed of thought – Zed is a high-performance, multiplayer code editor from the creators of Atom and Tree-sitter.
21,042 Commits 658 Branches 714 Tags 222 MiB
Rust 91.4%
JSON-with-Comments 6.4%
Scheme 0.9%
Shell 0.3%
JavaScript 0.2%
Other 0.7%
c84da37030
Go to file
Marshall Bowers c84da37030
rpc: Add support for OAEP-based encryption format (#15058) 
This PR adds support for a new encryption format for exchanging access
tokens during the authentication flow.

The new format uses Optimal Asymmetric Encryption Padding (OAEP) instead
of PKCS#1 v1.5, which is known to be vulnerable to side-channel attacks.

**Note: We are not yet encrypting access tokens using the new format, as
this is a breaking change between the client and the server. This PR
only adds support for it, and makes it so the client and server can
decrypt either format moving forward.**

This required bumping the RSA key size from 1024 bits to 2048 bits. This
is necessary to be able to encode the access token into the ciphertext
when using OAEP.

This also follows OWASP recommendations:

> If ECC is not available and RSA must be used, then ensure that the key
is at least 2048 bits.
>
> —
[source](https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#algorithms)

Release Notes:

- N/A
2024-07-23 21:25:25 -04:00
.cargo Fix collab deploy (#13076) 2024-06-14 16:15:13 -06:00
.cloudflare Remove 2 removal (#11867) 2024-05-15 11:06:05 -06:00
.config tests: Test 'db' package sequentially (#2654) 2023-06-28 15:00:43 +02:00
.github Fixes for SSH remoting infrastructure (#14844) 2024-07-19 15:08:10 -07:00
.zed Keymap oneliners (#13887) 2024-07-05 22:00:18 -04:00
assets Extend task templates with shell and hide fields to use custom shells and custom close behavior (#15031) 2024-07-23 22:58:36 +03:00
crates rpc: Add support for OAEP-based encryption format (#15058) 2024-07-23 21:25:25 -04:00
docs inotify alert (#15027) 2024-07-23 14:21:56 -06:00
extensions astro: Ensure Typescript is present (#14849) 2024-07-23 10:39:25 -04:00
script Fix description of -l flag in bundle-mac (#14864) 2024-07-20 19:16:54 +03:00
tooling/xtask xtask: Check for licenses that are duplicated instead of being symlinked (#11777) 2024-05-13 19:13:09 -04:00
.dockerignore Update .dockerignore (#14016) 2024-07-09 16:27:55 -04:00
.git-blame-ignore-revs More ignorable commits (#14596) 2024-07-16 17:09:50 -04:00
.gitattributes Prevent GitHub from displaying comments within JSON files as errors (#7043) 2024-01-29 23:11:25 -05:00
.gitignore Add Nix/NixOS dev-shell (#13407) 2024-07-09 09:21:42 +02:00
.mailmap Update .mailmap (#13724) 2024-07-01 19:04:58 -04:00
Cargo.lock rpc: Add support for OAEP-based encryption format (#15058) 2024-07-23 21:25:25 -04:00
Cargo.toml Upgrade rsa to v0.9.6 (#15055) 2024-07-23 20:11:48 -04:00
CODE_OF_CONDUCT.md Add CODE_OF_CONDUCT.md (#4239) 2024-01-23 22:31:39 -05:00
compose.yml Update Docker Compose configuration (#13530) 2024-06-26 08:05:23 -04:00
CONTRIBUTING.md docs: Fix some typos (#13509) 2024-06-25 10:58:11 -04:00
debug.plist WIP 2023-12-14 09:25:14 -07:00
docker-compose.sql Add config files for running Postgres inside Docker Compose (#3637) 2023-12-13 17:25:07 -05:00
Dockerfile chore: Bump Rust version to 1.79 (#12987) 2024-06-13 23:05:25 +02:00
flake.lock Add Nix/NixOS dev-shell (#13407) 2024-07-09 09:21:42 +02:00
flake.nix Add Nix/NixOS dev-shell (#13407) 2024-07-09 09:21:42 +02:00
LICENSE-AGPL chore: Add crate licenses. (#4158) 2024-01-23 16:56:22 +01:00
LICENSE-APACHE chore: Add crate licenses. (#4158) 2024-01-23 16:56:22 +01:00
LICENSE-GPL Licenses: change license fields in Cargo.toml to AGPL-3.0-or-later. (#5535) 2024-01-27 13:51:16 +01:00
livekit.yaml Add LiveKit server to Docker Compose (#7907) 2024-02-16 10:49:48 -05:00
Procfile Revert change to tracing (#10578) 2024-04-15 14:00:56 -06:00
README.md Update README.md 2024-07-09 14:05:29 -07:00
rust-toolchain.toml chore: Bump Rust version to 1.79 (#12987) 2024-06-13 23:05:25 +02:00
shell.nix Add Nix/NixOS dev-shell (#13407) 2024-07-09 09:21:42 +02:00
typos.toml rpc: Add regression tests for encoding/decoding public keys (#15054) 2024-07-23 19:58:47 -04:00

README.md

Zed

CI

Welcome to Zed, a high-performance, multiplayer code editor from the creators of Atom and Tree-sitter.

Installation

Packaging status

On macOS and Linux you can download Zed directly or install Zed via your local package manager.

Other platforms are not yet available:

Developing Zed

Contributing

See CONTRIBUTING.md for ways you can contribute to Zed.

Also... we're hiring! Check out our jobs page for open roles.

Licensing

License information for third party dependencies must be correctly provided for CI to pass.

We use cargo-about to automatically comply with open source licenses. If CI is failing, check the following:

  • Is it showing a no license specified error for a crate you've created? If so, add publish = false under [package] in your crate's Cargo.toml.
  • Is the error failed to satisfy license requirements for a dependency? If so, first determine what license the project has and whether this system is sufficient to comply with this license's requirements. If you're unsure, ask a lawyer. Once you've verified that this system is acceptable add the license's SPDX identifier to the accepted array in script/licenses/zed-licenses.toml.
  • Is cargo-about unable to find the license for a dependency? If so, add a clarification field at the end of script/licenses/zed-licenses.toml, as specified in the cargo-about book.