From 22a064cd4294c7c34941e4e205c61cae0ec9eda1 Mon Sep 17 00:00:00 2001 From: Roman Date: Tue, 3 Aug 2021 21:50:13 +0300 Subject: [PATCH 1/3] Update tls.md Define precisely how to marshal SubjectPublicKeyInfo structure --- tls/tls.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/tls/tls.md b/tls/tls.md index c92659500..eaa3a145e 100644 --- a/tls/tls.md +++ b/tls/tls.md @@ -74,7 +74,20 @@ In order to prove ownership of its host key, an endpoint sends two values: The public host key allows the peer to calculate the peer ID of the peer it is connecting to. Clients MUST verify that the peer ID derived from the certificate matches the peer ID they intended to connect to, and MUST abort the connection if there is a mismatch. -The peer signs the concatenation of the string `libp2p-tls-handshake:` and the public key that it used to generate the certificate carrying the libp2p Public Key Extension, using its private host key. This signature provides cryptographic proof that the peer was in possession of the private host key at the time the certificate was signed. Peers MUST verify the signature, and abort the connection attempt if signature verification fails. +The peer signs the concatenation of the string `libp2p-tls-handshake:` and the public key that it used to generate the certificate carrying the libp2p Public Key Extension, using its private host key. The encoded public key is a `SubjectPublicKeyInfo` structure (see RFC 5280, Section 4.1): + +```asn1 +SubjectPublicKeyInfo ::= SEQUENCE { + algorithm AlgorithmIdentifier, + subject_public_key BIT STRING +} +AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY DEFINED BY algorithm OPTIONAL +} +``` + +This signature provides cryptographic proof that the peer was in possession of the private host key at the time the certificate was signed. Peers MUST verify the signature, and abort the connection attempt if signature verification fails. The public host key and the signature are ANS.1-encoded into the SignedKey data structure, which is carried in the libp2p Public Key Extension. The libp2p Public Key Extension is a X.509 extension with the Object Identier `1.3.6.1.4.1.53594.1.1`, [allocated by IANA to the libp2p project at Protocol Labs](https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers). From 66ee50cbe70c6b4e7e174e5466de8b9cba5f10cd Mon Sep 17 00:00:00 2001 From: Roman Date: Fri, 6 Aug 2021 10:48:29 +0300 Subject: [PATCH 2/3] Apply suggestion Co-authored-by: Max Inden --- tls/tls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tls/tls.md b/tls/tls.md index eaa3a145e..89c5c7b6c 100644 --- a/tls/tls.md +++ b/tls/tls.md @@ -74,7 +74,7 @@ In order to prove ownership of its host key, an endpoint sends two values: The public host key allows the peer to calculate the peer ID of the peer it is connecting to. Clients MUST verify that the peer ID derived from the certificate matches the peer ID they intended to connect to, and MUST abort the connection if there is a mismatch. -The peer signs the concatenation of the string `libp2p-tls-handshake:` and the public key that it used to generate the certificate carrying the libp2p Public Key Extension, using its private host key. The encoded public key is a `SubjectPublicKeyInfo` structure (see RFC 5280, Section 4.1): +The peer signs the concatenation of the string `libp2p-tls-handshake:` and the encoded public key that it used to generate the certificate carrying the libp2p Public Key Extension, using its private host key. The public key is encoded as a `SubjectPublicKeyInfo` structure (see RFC 5280, Section 4.1): ```asn1 SubjectPublicKeyInfo ::= SEQUENCE { From 38d9706e9ee8ee85aae690f85ae6293f7daa30f8 Mon Sep 17 00:00:00 2001 From: Roman Date: Tue, 17 Aug 2021 14:40:40 +0300 Subject: [PATCH 3/3] Review fixes --- tls/tls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tls/tls.md b/tls/tls.md index 89c5c7b6c..83771f9aa 100644 --- a/tls/tls.md +++ b/tls/tls.md @@ -74,7 +74,7 @@ In order to prove ownership of its host key, an endpoint sends two values: The public host key allows the peer to calculate the peer ID of the peer it is connecting to. Clients MUST verify that the peer ID derived from the certificate matches the peer ID they intended to connect to, and MUST abort the connection if there is a mismatch. -The peer signs the concatenation of the string `libp2p-tls-handshake:` and the encoded public key that it used to generate the certificate carrying the libp2p Public Key Extension, using its private host key. The public key is encoded as a `SubjectPublicKeyInfo` structure (see RFC 5280, Section 4.1): +The peer signs the concatenation of the string `libp2p-tls-handshake:` and the encoded public key that it used to generate the certificate carrying the libp2p Public Key Extension, using its private host key. The public key is encoded as a `SubjectPublicKeyInfo` structure as described in RFC 5280, Section 4.1: ```asn1 SubjectPublicKeyInfo ::= SEQUENCE {