status-im/nim-libp2p
2
0
Fork 0
mirror of https://github.com/status-im/nim-libp2p.git synced 2025-02-28 04:20:39 +00:00
Code Issues Projects Releases Wiki Activity

chore: formatting

Browse Source
This commit is contained in:
Diego 2024-10-03 17:09:34 +02:00 committed by Richard Ramos
parent 3290e64e3a
commit b3fb4163e8
No known key found for this signature in database
GPG Key ID: 7218C1B2A89A1B6D
2 changed files with 92 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
libp2p/transports/tls/certificate.nim
View File

@ -36,9 +36,9 @@ const
P2P_SIGNING_PREFIX = "libp2p-tls-handshake:" P2P_SIGNING_PREFIX = "libp2p-tls-handshake:"
SIGNATURE_ALG = MBEDTLS_MD_SHA256 SIGNATURE_ALG = MBEDTLS_MD_SHA256
EC_GROUP_ID = MBEDTLS_ECP_DP_SECP256R1 EC_GROUP_ID = MBEDTLS_ECP_DP_SECP256R1
LIBP2P_EXT_OID_DER: array[10, byte] = [ LIBP2P_EXT_OID_DER: array[10, byte] =
0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0xA2, 0x5A, 0x01, 0x01 [0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0xA2, 0x5A, 0x01, 0x01]
] # "1.3.6.1.4.1.53594.1.1" # "1.3.6.1.4.1.53594.1.1"
# Exception types for TLS certificate errors # Exception types for TLS certificate errors
type type
@ -64,7 +64,9 @@ proc ptrInc*(p: ptr byte, n: uint): ptr byte =
## Utility function to increment a pointer by n bytes. ## Utility function to increment a pointer by n bytes.
cast[ptr byte](cast[uint](p) + n) cast[ptr byte](cast[uint](p) + n)
proc generateSignedKey(signature: seq[byte], pubKey: seq[byte]): seq[byte] {.raises: [ASN1EncodingError].} = proc generateSignedKey(
signature: seq[byte], pubKey: seq[byte]
): seq[byte] {.raises: [ASN1EncodingError].} =
## Generates the ASN.1-encoded SignedKey structure. ## Generates the ASN.1-encoded SignedKey structure.
## ##
## The SignedKey structure contains the public key and its signature, ## The SignedKey structure contains the public key and its signature,
@ -79,8 +81,7 @@ proc generateSignedKey(signature: seq[byte], pubKey: seq[byte]): seq[byte] {.rai
## ##
## Raises: ## Raises:
## - `ASN1EncodingError` if ASN.1 encoding fails. ## - `ASN1EncodingError` if ASN.1 encoding fails.
const const extValueSize = 256 # Buffer size for ASN.1 encoding
extValueSize = 256 # Buffer size for ASN.1 encoding
var var
extValue: array[extValueSize, byte] extValue: array[extValueSize, byte]
extPtr: ptr byte = addr extValue[extValueSize - 1] # Start at the end of the buffer extPtr: ptr byte = addr extValue[extValueSize - 1] # Start at the end of the buffer
@ -89,10 +90,7 @@ proc generateSignedKey(signature: seq[byte], pubKey: seq[byte]): seq[byte] {.rai
# Write signature OCTET STRING # Write signature OCTET STRING
let retSig = mbedtls_asn1_write_octet_string( let retSig = mbedtls_asn1_write_octet_string(
addr extPtr, addr extPtr, startPtr, unsafeAddr signature[0], signature.len.uint
startPtr,
unsafeAddr signature[0],
signature.len.uint
) )
if retSig < 0: if retSig < 0:
raise newException(ASN1EncodingError, "Failed to write signature OCTET STRING") raise newException(ASN1EncodingError, "Failed to write signature OCTET STRING")
@ -100,10 +98,7 @@ proc generateSignedKey(signature: seq[byte], pubKey: seq[byte]): seq[byte] {.rai
# Write publicKey OCTET STRING # Write publicKey OCTET STRING
let retPub = mbedtls_asn1_write_octet_string( let retPub = mbedtls_asn1_write_octet_string(
addr extPtr, addr extPtr, startPtr, unsafeAddr pubKey[0], pubKey.len.uint
startPtr,
unsafeAddr pubKey[0],
pubKey.len.uint
) )
if retPub < 0: if retPub < 0:
raise newException(ASN1EncodingError, "Failed to write publicKey OCTET STRING") raise newException(ASN1EncodingError, "Failed to write publicKey OCTET STRING")
@ -112,20 +107,14 @@ proc generateSignedKey(signature: seq[byte], pubKey: seq[byte]): seq[byte] {.rai
# Total length of the SEQUENCE contents # Total length of the SEQUENCE contents
let contentLen = retSig + retPub let contentLen = retSig + retPub
# Write SEQUENCE length # Write SEQUENCE length
let retLen = mbedtls_asn1_write_len( let retLen = mbedtls_asn1_write_len(addr extPtr, startPtr, contentLen.uint)
addr extPtr,
startPtr,
contentLen.uint
)
if retLen < 0: if retLen < 0:
raise newException(ASN1EncodingError, "Failed to write SEQUENCE length") raise newException(ASN1EncodingError, "Failed to write SEQUENCE length")
len += retLen len += retLen
# Write SEQUENCE tag # Write SEQUENCE tag
let retTag = mbedtls_asn1_write_tag( let retTag = mbedtls_asn1_write_tag(
addr extPtr, addr extPtr, startPtr, MBEDTLS_ASN1_CONSTRUCTED or MBEDTLS_ASN1_SEQUENCE
startPtr,
MBEDTLS_ASN1_CONSTRUCTED or MBEDTLS_ASN1_SEQUENCE
) )
if retTag < 0: if retTag < 0:
raise newException(ASN1EncodingError, "Failed to write SEQUENCE tag") raise newException(ASN1EncodingError, "Failed to write SEQUENCE tag")
@ -142,7 +131,12 @@ proc generateSignedKey(signature: seq[byte], pubKey: seq[byte]): seq[byte] {.rai
proc makeLibp2pExtension( proc makeLibp2pExtension(
identityKeypair: KeyPair, certificateKeypair: mbedtls_pk_context identityKeypair: KeyPair, certificateKeypair: mbedtls_pk_context
): seq[byte] {.raises: [CertificateCreationError, IdentityPubKeySerializationError, IdentitySigningError, ASN1EncodingError, TLSCertificateError].} = ): seq[byte] {.
raises: [
CertificateCreationError, IdentityPubKeySerializationError, IdentitySigningError,
ASN1EncodingError, TLSCertificateError,
]
.} =
## Creates the libp2p extension containing the SignedKey. ## Creates the libp2p extension containing the SignedKey.
## ##
## The libp2p extension is an ASN.1-encoded structure that includes ## The libp2p extension is an ASN.1-encoded structure that includes
@ -167,16 +161,15 @@ proc makeLibp2pExtension(
certPubKeyDerLen: cint certPubKeyDerLen: cint
certPubKeyDerLen = mbedtls_pk_write_pubkey_der( certPubKeyDerLen = mbedtls_pk_write_pubkey_der(
unsafeAddr certificateKeypair, unsafeAddr certificateKeypair, addr certPubKeyDer[0], certPubKeyDer.len.uint
addr certPubKeyDer[0],
certPubKeyDer.len.uint
) )
if certPubKeyDerLen < 0: if certPubKeyDerLen < 0:
raise newException(CertificateCreationError, "Failed to write certificate public key in DER format") raise newException(
CertificateCreationError, "Failed to write certificate public key in DER format"
)
# Adjust pointer to the start of the data # Adjust pointer to the start of the data
let certPubKeyDerPtr = let certPubKeyDerPtr = addr certPubKeyDer[certPubKeyDer.len - certPubKeyDerLen]
addr certPubKeyDer[certPubKeyDer.len - certPubKeyDerLen]
# Create the Message to Sign # Create the Message to Sign
var msg = newSeq[byte](P2P_SIGNING_PREFIX.len + certPubKeyDerLen.int.int) var msg = newSeq[byte](P2P_SIGNING_PREFIX.len + certPubKeyDerLen.int.int)
@ -186,11 +179,7 @@ proc makeLibp2pExtension(
msg[i] = byte(P2P_SIGNING_PREFIX[i]) msg[i] = byte(P2P_SIGNING_PREFIX[i])
# Copy the public key DER into msg # Copy the public key DER into msg
copyMem( copyMem(addr msg[P2P_SIGNING_PREFIX.len], certPubKeyDerPtr, certPubKeyDerLen.int)
addr msg[P2P_SIGNING_PREFIX.len],
certPubKeyDerPtr,
certPubKeyDerLen.int
)
# Compute SHA-256 hash of the message # Compute SHA-256 hash of the message
var hash: array[32, byte] var hash: array[32, byte]
@ -204,20 +193,30 @@ proc makeLibp2pExtension(
# Sign the hash with the Identity Key # Sign the hash with the Identity Key
let signatureResult = identityKeypair.seckey.sign(hash) let signatureResult = identityKeypair.seckey.sign(hash)
if signatureResult.isErr: if signatureResult.isErr:
raise newException(IdentitySigningError, "Failed to sign the hash with the identity key") raise newException(
IdentitySigningError, "Failed to sign the hash with the identity key"
)
let signature = signatureResult.get().data let signature = signatureResult.get().data
# Get the public key bytes # Get the public key bytes
let pubKeyBytesResult = identityKeypair.pubkey.getBytes() let pubKeyBytesResult = identityKeypair.pubkey.getBytes()
if pubKeyBytesResult.isErr: if pubKeyBytesResult.isErr:
raise newException(IdentityPubKeySerializationError, "Failed to get identity public key bytes") raise newException(
IdentityPubKeySerializationError, "Failed to get identity public key bytes"
)
let pubKeyBytes = pubKeyBytesResult.get() let pubKeyBytes = pubKeyBytesResult.get()
# Generate the SignedKey ASN.1 structure # Generate the SignedKey ASN.1 structure
return generateSignedKey(signature, pubKeyBytes) return generateSignedKey(signature, pubKeyBytes)
proc generate*(identityKeyPair: KeyPair): (seq[byte], seq[byte]) proc generate*(
{.raises: [KeyGenerationError, CertificateCreationError, ASN1EncodingError, IdentityPubKeySerializationError, IdentitySigningError, TLSCertificateError].} = identityKeyPair: KeyPair
): (seq[byte], seq[byte]) {.
raises: [
KeyGenerationError, CertificateCreationError, ASN1EncodingError,
IdentityPubKeySerializationError, IdentitySigningError, TLSCertificateError,
]
.} =
## Generates a self-signed X.509 certificate with the libp2p extension. ## Generates a self-signed X.509 certificate with the libp2p extension.
## ##
## Parameters: ## Parameters:
@ -258,29 +257,26 @@ proc generate*(identityKeyPair: KeyPair): (seq[byte], seq[byte])
mbedtls_entropy_func, mbedtls_entropy_func,
addr entropy, addr entropy,
cast[ptr byte](personalization.cstring), cast[ptr byte](personalization.cstring),
personalization.len.uint personalization.len.uint,
) )
if ret != 0: if ret != 0:
raise newException(KeyGenerationError, "Failed to seed CTR_DRBG") raise newException(KeyGenerationError, "Failed to seed CTR_DRBG")
# Initialize certificate key # Initialize certificate key
ret = mbedtls_pk_setup( ret = mbedtls_pk_setup(addr certKey, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY))
addr certKey,
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)
)
if ret != 0: if ret != 0:
raise newException(KeyGenerationError, "Failed to set up certificate key context") raise newException(KeyGenerationError, "Failed to set up certificate key context")
# Generate key pair for the certificate # Generate key pair for the certificate
let G = try: let G =
try:
mb_pk_ec(certKey) mb_pk_ec(certKey)
except MbedTLSError as e: except MbedTLSError as e:
raise newException(KeyGenerationError, e.msg) raise newException(KeyGenerationError, e.msg)
ret = mbedtls_ecp_gen_key( ret = mbedtls_ecp_gen_key(EC_GROUP_ID, G, mbedtls_ctr_drbg_random, addr ctrDrbg)
EC_GROUP_ID, G, mbedtls_ctr_drbg_random, addr ctrDrbg
)
if ret != 0: if ret != 0:
raise newException(KeyGenerationError, "Failed to generate EC key pair for certificate") raise
newException(KeyGenerationError, "Failed to generate EC key pair for certificate")
## Initialize libp2p extension ## Initialize libp2p extension
let libp2pExtension = makeLibp2pExtension(identityKeyPair, certKey) let libp2pExtension = makeLibp2pExtension(identityKeyPair, certKey)
@ -297,11 +293,12 @@ proc generate*(identityKeyPair: KeyPair): (seq[byte], seq[byte])
# Set Validity Period # Set Validity Period
let notBefore = "19750101000000" let notBefore = "19750101000000"
let notAfter = "40960101000000" let notAfter = "40960101000000"
ret = mbedtls_x509write_crt_set_validity( ret =
addr crt, notBefore.cstring, notAfter.cstring mbedtls_x509write_crt_set_validity(addr crt, notBefore.cstring, notAfter.cstring)
)
if ret != 0: if ret != 0:
raise newException(CertificateCreationError, "Failed to set certificate validity period") raise newException(
CertificateCreationError, "Failed to set certificate validity period"
)
# Assign the Public Key to the Certificate # Assign the Public Key to the Certificate
mbedtls_x509write_crt_set_subject_key(addr crt, addr certKey) mbedtls_x509write_crt_set_subject_key(addr crt, addr certKey)
@ -318,7 +315,9 @@ proc generate*(identityKeyPair: KeyPair): (seq[byte], seq[byte])
libp2pExtension.len.uint, # Extension data length libp2pExtension.len.uint, # Extension data length
) )
if ret != 0: if ret != 0:
raise newException(CertificateCreationError, "Failed to set libp2p extension in certificate") raise newException(
CertificateCreationError, "Failed to set libp2p extension in certificate"
)
# Set Basic Constraints (optional, e.g., CA:FALSE) # Set Basic Constraints (optional, e.g., CA:FALSE)
ret = mbedtls_x509write_crt_set_basic_constraints( ret = mbedtls_x509write_crt_set_basic_constraints(
@ -351,15 +350,16 @@ proc generate*(identityKeyPair: KeyPair): (seq[byte], seq[byte])
addr certBuffer[0], addr certBuffer[0],
CERT_BUFFER_SIZE.uint, CERT_BUFFER_SIZE.uint,
mbedtls_ctr_drbg_random, mbedtls_ctr_drbg_random,
addr ctrDrbg addr ctrDrbg,
) )
if certLen < 0: if certLen < 0:
raise newException(CertificateCreationError, "Failed to write certificate in DER format") raise newException(
CertificateCreationError, "Failed to write certificate in DER format"
)
# Adjust the buffer to contain only the DER data # Adjust the buffer to contain only the DER data
let certificateDer = toSeq(certBuffer[ let certificateDer =
(CERT_BUFFER_SIZE - certLen) ..< CERT_BUFFER_SIZE toSeq(certBuffer[(CERT_BUFFER_SIZE - certLen) ..< CERT_BUFFER_SIZE])
])
# Serialize the Private Key in DER Format (PKCS#8) # Serialize the Private Key in DER Format (PKCS#8)
var var
@ -370,21 +370,25 @@ proc generate*(identityKeyPair: KeyPair): (seq[byte], seq[byte])
addr certKey, addr privKeyBuffer[0], privKeyBuffer.len.uint addr certKey, addr privKeyBuffer[0], privKeyBuffer.len.uint
) )
if privKeyLen < 0: if privKeyLen < 0:
raise newException(CertificateCreationError, "Failed to write private key in DER format") raise newException(
CertificateCreationError, "Failed to write private key in DER format"
)
# Adjust the buffer to contain only the DER data # Adjust the buffer to contain only the DER data
let privateKeyDer = toSeq(privKeyBuffer[ let privateKeyDer =
(privKeyBuffer.len - privKeyLen) ..< privKeyBuffer.len toSeq(privKeyBuffer[(privKeyBuffer.len - privKeyLen) ..< privKeyBuffer.len])
])
# Return the Serialized Certificate and Private Key # Return the Serialized Certificate and Private Key
return (certificateDer, privateKeyDer) return (certificateDer, privateKeyDer)
proc libp2pext( proc libp2pext(
p_ctx: pointer; crt: ptr mbedtls_x509_crt; p_ctx: pointer,
oid: ptr mbedtls_x509_buf; critical: cint; crt: ptr mbedtls_x509_crt,
p: ptr byte; endPtr: ptr byte oid: ptr mbedtls_x509_buf,
): cint {.cdecl.} = critical: cint,
p: ptr byte,
endPtr: ptr byte,
): cint {.cdecl.} =
## Callback function to parse the libp2p extension. ## Callback function to parse the libp2p extension.
## ##
## This function is used as a callback by mbedtls during certificate parsing ## This function is used as a callback by mbedtls during certificate parsing
@ -413,8 +417,7 @@ proc libp2pext(
# Parse SEQUENCE tag and length # Parse SEQUENCE tag and length
var len: uint var len: uint
if mbedtls_asn1_get_tag( if mbedtls_asn1_get_tag(
addr parsePtr, endPtr, addr len, addr parsePtr, endPtr, addr len, MBEDTLS_ASN1_CONSTRUCTED or MBEDTLS_ASN1_SEQUENCE
MBEDTLS_ASN1_CONSTRUCTED or MBEDTLS_ASN1_SEQUENCE
) != 0: ) != 0:
debug "Failed to parse SEQUENCE in libp2p extension" debug "Failed to parse SEQUENCE in libp2p extension"
return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
@ -432,7 +435,6 @@ proc libp2pext(
copyMem(addr publicKey[0], parsePtr, int(pubKeyLen)) copyMem(addr publicKey[0], parsePtr, int(pubKeyLen))
parsePtr = ptrInc(parsePtr, pubKeyLen) parsePtr = ptrInc(parsePtr, pubKeyLen)
# Parse signature OCTET STRING # Parse signature OCTET STRING
var signatureLen: uint var signatureLen: uint
if mbedtls_asn1_get_tag( if mbedtls_asn1_get_tag(
@ -452,7 +454,9 @@ proc libp2pext(
return 0 # Success return 0 # Success
proc parse*(certificateDer: seq[byte]): P2pCertificate {.raises: [CertificateParsingError].} = proc parse*(
certificateDer: seq[byte]
): P2pCertificate {.raises: [CertificateParsingError].} =
## Parses a DER-encoded certificate and extracts the P2pCertificate. ## Parses a DER-encoded certificate and extracts the P2pCertificate.
## ##
## Parameters: ## Parameters:
@ -475,9 +479,11 @@ proc parse*(certificateDer: seq[byte]): P2pCertificate {.raises: [CertificatePar
certificateDer.len.uint, certificateDer.len.uint,
0, 0,
libp2pext, libp2pext,
addr extension addr extension,
) )
if ret != 0: if ret != 0:
raise newException(CertificateParsingError, "Failed to parse certificate, error code: " & $ret) raise newException(
CertificateParsingError, "Failed to parse certificate, error code: " & $ret
)
return P2pCertificate(certificate: crt, extension: extension) return P2pCertificate(certificate: crt, extension: extension)

1
tests/transports/tls/testcertificate.nim
View File

@ -5,7 +5,6 @@ import ../../../libp2p/crypto/crypto
import ../../../libp2p/peerid import ../../../libp2p/peerid
suite "Certificate Tests": suite "Certificate Tests":
test "sanity check": test "sanity check":
var rng = newRng() var rng = newRng()