feat(tls-certificate): generate and parse libp2p tls certificate #1209

diegomrsantos · 2024-10-03T15:00:35Z

This PR implements the certificate generation and parsing for https://github.com/libp2p/specs/blob/master/tls/tls.md.

libp2p/transports/tls/certificate.nim

lchenut · 2024-10-04T11:09:42Z

libp2p/transports/tls/certificate.nim

+  for i in 0 ..< LIBP2P_EXT_OID_DER.len:
+    if ptrInc(oid.p, i.uint)[] != LIBP2P_EXT_OID_DER[i]:
+      return MBEDTLS_ERR_OID_NOT_FOUND # Extension not handled by this callback


Maybe use nimCmpMem? Not sure if importing just for that is necessary.

Where is it defined?

richard-ramos · 2025-02-06T22:56:00Z

The certificates that was being generated was considered invalid due to not having a serial number. This was fixed in last commit and now the certificates are readable in openssl:

openssl x509 -in certificate.pem  -serial -text
serial=0B0A736832F1AC4C4BF193F41386C5D772B9BFA7
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:0a:73:68:32:f1:ac:4c:4b:f1:93:f4:13:86:c5:d7:72:b9:bf:a7
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: CN = libp2p.io
        Validity
            Not Before: Jan  1 00:00:00 1975 GMT
            Not After : Jan  1 00:00:00 4096 GMT
        Subject: CN = libp2p.io
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:67:fc:ae:4a:3b:0f:e9:fa:66:b3:a6:f1:08:3c:
                    13:f6:26:9c:0a:ef:ea:db:06:8c:bd:03:d6:b2:b7:
                    d1:ba:c9:1c:1a:bd:4c:7b:08:c9:58:26:86:a8:5f:
                    b6:ed:e4:00:3a:3d:b9:c3:9a:5a:4a:20:f0:48:62:
                    04:e0:3e:2e:47
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            1.3.6.1.4.1.53594.1.1:
                0o.%...!../4..I....$.c.OC..
.c......&m= j.F0D. ;U.
..w..`..-..~..-.......]..1.!. -0...l.P#.-.v..~d.>...!..:..4..=.
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
    Signature Algorithm: ecdsa-with-SHA256
    Signature Value:
        30:46:02:21:00:f3:86:c5:b2:5f:0e:83:e9:f4:53:23:11:6f:
        68:b4:0e:0a:e0:93:ca:ee:3a:48:7c:72:6f:3a:16:e5:14:e2:
        39:02:21:00:90:76:3a:d6:64:2d:61:1b:5f:5e:a2:7e:f5:17:
        48:f6:f9:47:4b:f6:23:6d:ae:fb:14:87:15:09:dd:20:a4:16
-----BEGIN CERTIFICATE-----
MIIB0zCCAXagAwIBAgIUCwpzaDLxrExL8ZP0E4bF13K5v6cwDAYIKoZIzj0EAwIF
ADAUMRIwEAYDVQQDDAlsaWJwMnAuaW8wIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAx
MDEwMDAwMDBaMBQxEjAQBgNVBAMMCWxpYnAycC5pbzBZMBMGByqGSM49AgEGCCqG
SM49AwEHA0IABGf8rko7D+n6ZrOm8Qg8E/YmnArv6tsGjL0D1rK30brJHBq9THsI
yVgmhqhftu3kADo9ucOaWkog8EhiBOA+LkejgaEwgZ4wgYAGCisGAQQBg6JaAQEE
cjBvBCUIAhIhA64vNM/RSX+NwZMkh2OlT0MusQquY4cQFRAIGSZtPSBqBEYwRAIg
O1XNCuWYdwcXYPgWLa0ffujeLYm1seHt3ONd+KYxgCECIC0w68TbbB9QI7UtE3bv
B35k1z6P2fAhsxw6r5Y0hIk9ADAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAM
BggqhkjOPQQDAgUAA0kAMEYCIQDzhsWyXw6D6fRTIxFvaLQOCuCTyu46SHxybzoW
5RTiOQIhAJB2OtZkLWEbX16ifvUXSPb5R0v2I22u+xSHFQndIKQW
-----END CERTIFICATE-----

cc: @kaiserd

github-actions · 2025-02-07T14:16:52Z

Commits must follow the Conventional Commits specification
Please fix these commit messages:

vladopajic

lgtm; minor comment

libp2p/transports/tls/certificate.nim

diegomrsantos force-pushed the tls branch from 9e8ac8a to 5b7ea1c Compare October 3, 2024 15:10