feat(tls-certificate): generate and parse libp2p tls certificate #1209
Conversation
| const extValueSize = 256 # Buffer size for ASN.1 encoding | ||
| var | ||
| extValue: array[extValueSize, byte] | ||
| extPtr: ptr byte = addr extValue[extValueSize - 1] # Start at the end of the buffer |
There was a problem hiding this comment.
At first I thought it was an error, I had to check mbedtls_asn1_write_octet_string to understand that this function works backward. Maybe you can add this as a comment somewhere.
|
|
||
| # Exception types for TLS certificate errors | ||
| type | ||
| TLSCertificateError* = object of Exception |
There was a problem hiding this comment.
As it is inside nim-libp2p, maybe inherit from LPError instead of exception?
| return extValueSeq | ||
|
|
||
| proc makeLibp2pExtension( | ||
| identityKeypair: KeyPair, certificateKeypair: mbedtls_pk_context |
There was a problem hiding this comment.
Maybe it's my C background talking, but I would use a ptr mbedtls_pk_context here instead of mbedtls_pk_context. It could work in Nim (I'm not sure if it uses a copy, a reference or a pointer for this kind of call), but as mbedtls only use pointer for their context, I would change that for our own function aswell.
There was a problem hiding this comment.
What's the benefit of it? I don't think this is a pattern in Nim, is it?
| for i in 0 ..< P2P_SIGNING_PREFIX.len: | ||
| msg[i] = byte(P2P_SIGNING_PREFIX[i]) |
There was a problem hiding this comment.
Seems it's not possible to use it with a const
| ## - `ASN1EncodingError` if encoding fails. | ||
| # Initialize entropy and DRBG contexts | ||
| var | ||
| entropy = mbedtls_entropy_context() |
There was a problem hiding this comment.
If I remember correctly, entropy is a bit heavy to create. It might be interesting to find a way to only initialize it once and not every time you generate. I'm not 100% sure though, but this could be checked.
There was a problem hiding this comment.
And how would be the right way of initializing and freeing this only once in Nim?
There was a problem hiding this comment.
I tried one approach.
| let notBefore = "19750101000000" | ||
| let notAfter = "40960101000000" |
There was a problem hiding this comment.
They don't mention this in the spec, I used the same values in the Rust implementation.
| for i in 0 ..< LIBP2P_EXT_OID_DER.len: | ||
| if ptrInc(oid.p, i.uint)[] != LIBP2P_EXT_OID_DER[i]: | ||
| return MBEDTLS_ERR_OID_NOT_FOUND # Extension not handled by this callback |
There was a problem hiding this comment.
Maybe use nimCmpMem? Not sure if importing just for that is necessary.
There was a problem hiding this comment.
Where is it defined?
diegomrsantos
changed the title
This PR implements the certificate generation and parsing for https://github.com/libp2p/specs/blob/master/tls/tls.md.