From 8a33c17c3842d8c23c899f691863503ed23cba0b Mon Sep 17 00:00:00 2001 From: Ludovic Chenut Date: Fri, 18 Aug 2023 14:45:25 +0200 Subject: [PATCH] Some fixes in dtls --- webrtc/{ => dtls}/dtls.nim | 43 +--------------------------- webrtc/dtls/utils.nim | 58 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 42 deletions(-) rename webrtc/{ => dtls}/dtls.nim (64%) create mode 100644 webrtc/dtls/utils.nim diff --git a/webrtc/dtls.nim b/webrtc/dtls/dtls.nim similarity index 64% rename from webrtc/dtls.nim rename to webrtc/dtls/dtls.nim index 0e38b89..01041df 100644 --- a/webrtc/dtls.nim +++ b/webrtc/dtls/dtls.nim @@ -9,7 +9,7 @@ import std/times import chronos, chronicles -import webrtc_connection +import ./utils, ../webrtc_connection import mbedtls/ssl import mbedtls/pk @@ -40,47 +40,6 @@ type config: mbedtls_ssl_config ssl: mbedtls_ssl_context -proc mbedtls_pk_rsa(pk: mbedtls_pk_context): ptr mbedtls_rsa_context = - var key = pk - case mbedtls_pk_get_type(addr key): - of MBEDTLS_PK_RSA: - return cast[ptr mbedtls_rsa_context](pk.private_pk_ctx) - else: - return nil - -proc generateKey(self: DtlsConn): mbedtls_pk_context = - var res: mbedtls_pk_context - mb_pk_init(res) - discard mbedtls_pk_setup(addr res, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) - mb_rsa_gen_key(mb_pk_rsa(res), mbedtls_ctr_drbg_random, self.ctr_drbg, 4096, 65537) - return res - -proc generateCertificate(self: DtlsConn): mbedtls_x509_crt = - let - name = "C=FR,O=webrtc,CN=wbrtc" - time_format = initTimeFormat("YYYYMMddHHmmss") - time_from = times.now().format(time_format) - time_to = (times.now() + times.years(1)).format(time_format) - - var issuer_key = self.generateKey() - var write_cert: mbedtls_x509write_cert - var serial_mpi: mbedtls_mpi - mb_x509write_crt_init(write_cert) - mb_x509write_crt_set_md_alg(write_cert, MBEDTLS_MD_SHA256); - mb_x509write_crt_set_subject_key(write_cert, issuer_key) - mb_x509write_crt_set_issuer_key(write_cert, issuer_key) - mb_x509write_crt_set_subject_name(write_cert, name) - mb_x509write_crt_set_issuer_name(write_cert, name) - mb_x509write_crt_set_validity(write_cert, time_from, time_to) - mb_x509write_crt_set_basic_constraints(write_cert, 0, -1) - mb_x509write_crt_set_subject_key_identifier(write_cert) - mb_x509write_crt_set_authority_key_identifier(write_cert) - mb_mpi_init(serial_mpi) - let serial_hex = mb_mpi_read_string(serial_mpi, 16) - mb_x509write_crt_set_serial(write_cert, serial_mpi) - let buf = mb_x509write_crt_pem(write_cert, 4096, mbedtls_ctr_drbg_random, self.ctr_drbg) - mb_x509_crt_parse(result, buf) - proc dtlsSend*(ctx: pointer, buf: ptr byte, len: uint): cint {.cdecl.} = echo "Send: ", len let self = cast[ptr DtlsConn](ctx) diff --git a/webrtc/dtls/utils.nim b/webrtc/dtls/utils.nim new file mode 100644 index 0000000..eb71d3f --- /dev/null +++ b/webrtc/dtls/utils.nim @@ -0,0 +1,58 @@ +# Nim-WebRTC +# Copyright (c) 2023 Status Research & Development GmbH +# Licensed under either of +# * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE)) +# * MIT license ([LICENSE-MIT](LICENSE-MIT)) +# at your option. +# This file may not be copied, modified, or distributed except according to +# those terms. + +import std/times + +import mbedtls/pk +import mbedtls/rsa +import mbedtls/ctr_drbg +import mbedtls/x509_crt +import mbedtls/bignum +import mbedtls/md + +proc mbedtls_pk_rsa*(pk: mbedtls_pk_context): ptr mbedtls_rsa_context = + var key = pk + case mbedtls_pk_get_type(addr key): + of MBEDTLS_PK_RSA: + return cast[ptr mbedtls_rsa_context](pk.private_pk_ctx) + else: + return nil + +proc generateKey*(random: mbedtls_ctr_drbg_context): mbedtls_pk_context = + var res: mbedtls_pk_context + mb_pk_init(res) + discard mbedtls_pk_setup(addr res, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) + mb_rsa_gen_key(mb_pk_rsa(res), mbedtls_ctr_drbg_random, random, 4096, 65537) + return res + +proc generateCertificate*(random: mbedtls_ctr_drbg_context): mbedtls_x509_crt = + let + name = "C=FR,O=webrtc,CN=webrtc" + time_format = initTimeFormat("YYYYMMddHHmmss") + time_from = times.now().format(time_format) + time_to = (times.now() + times.years(1)).format(time_format) + + var issuer_key = random.generateKey() + var write_cert: mbedtls_x509write_cert + var serial_mpi: mbedtls_mpi + mb_x509write_crt_init(write_cert) + mb_x509write_crt_set_md_alg(write_cert, MBEDTLS_MD_SHA256); + mb_x509write_crt_set_subject_key(write_cert, issuer_key) + mb_x509write_crt_set_issuer_key(write_cert, issuer_key) + mb_x509write_crt_set_subject_name(write_cert, name) + mb_x509write_crt_set_issuer_name(write_cert, name) + mb_x509write_crt_set_validity(write_cert, time_from, time_to) + mb_x509write_crt_set_basic_constraints(write_cert, 0, -1) + mb_x509write_crt_set_subject_key_identifier(write_cert) + mb_x509write_crt_set_authority_key_identifier(write_cert) + mb_mpi_init(serial_mpi) + let serial_hex = mb_mpi_read_string(serial_mpi, 16) + mb_x509write_crt_set_serial(write_cert, serial_mpi) + let buf = mb_x509write_crt_pem(write_cert, 4096, mbedtls_ctr_drbg_random, random) + mb_x509_crt_parse(result, buf)