Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

transports: Deterministic certificate generation #3049

Open
melekes opened this issue Oct 20, 2022 · 11 comments
Open

transports: Deterministic certificate generation #3049

melekes opened this issue Oct 20, 2022 · 11 comments

Comments

@melekes
Copy link
Contributor

melekes commented Oct 20, 2022

Presently (#2622), the certificate is supposed to be generated and stored somewhere along the node's key. This could be improved. As it was pointed out in the spec, we should be able to derive a TLS certificate from node's key. This will improve dev experience.

@melekes
Copy link
Contributor Author

melekes commented Oct 20, 2022

I've spent today looking into ways of doing it. One way is

        // Convert `identity::KeyPair` into `rcgen::KeyPair`.
        let der = id_keys.serialize_der();
        let key_pair = rcgen::KeyPair::from_der(der).map_err(ConfigError::CertificateGenError)?;
        params.key_pair = Some(key_pair);

convert identity::KeyPair to DER and create rcgen::KeyPair from it.

@thomaseizinger pointed out that it might be simpler to use HKDF that will act as the seed for randomness (at what point? during certificate creation https://docs.rs/rcgen/0.10.0/rcgen/struct.CertificateParams.html#structfield.serial_number?).

@thomaseizinger
Copy link
Contributor

@thomaseizinger pointed out that it might be simpler to use HKDF that will act as the seed for randomness (at what point? during certificate creation https://docs.rs/rcgen/0.10.0/rcgen/struct.CertificateParams.html#structfield.serial_number?).

I think we need to patch rcgen to allow for configuration of the randomness source to put in a deterministic one based off a seed. You can then use a HKDF to generate the seed.

There is also randomness in the ECDSA signature on the certificate itself so if you want truly deterministic certificates, that needs to be fixed too. Just the same Keypair doesn't cut it.

For the HKDF, it is probably better to generate the certificate seed and the keypair from different derivations from a common secret and not the certificate from the keypair.

@mxinden
Copy link
Member

mxinden commented Oct 21, 2022

I would guess @MarcoPolo has opinions here given his related work on libp2p/go-libp2p#1833.

@thomaseizinger
Copy link
Contributor

If patching rcgen is too hard, we might also just inline the certificate generation. ring does all the heavy lifting of the crypto anyway and we don't need much configuration for our usecase so this could turn out quite clean actually.

@thomaseizinger thomaseizinger changed the title [transport/webrtc] Derive a certificate from node's identity transports/webrtc: Deterministic certificate generation Oct 21, 2022
@thomaseizinger
Copy link
Contributor

As mentioned in melekes#12, this is blocked on briansmith/ring@fe9e4d0 getting released and webrtc updating to that new ring release.

@thomaseizinger
Copy link
Contributor

thomaseizinger commented Apr 16, 2023

I think this would also be easier to resolve with #3659 because str0m depends on openssl and to parse the cerificate, meaning we don't necessarily need to use ring to generate it.

@thomaseizinger thomaseizinger changed the title transports/webrtc: Deterministic certificate generation transports: Deterministic certificate generation Dec 22, 2023
@thomaseizinger
Copy link
Contributor

This now also affects WebTransport: #4874

@dariusc93
Copy link
Member

While its possible to get around this by generating the cert outside of the behaviour, i think until ring does ever support RFC6979, we should probably do a workaround, though might be considered hacky, but would get the job done to make the cert deterministic out of the box for webrtc (and webtransport when the server side is implemented in libp2p) vs outside workarounds.

@thomaseizinger
Copy link
Contributor

thomaseizinger commented Sep 27, 2024

This crate might help: https://docs.rs/x509-cert.

Credits to @pinkforest for pointing me to it.

@thomaseizinger
Copy link
Contributor

Draft for generating deterministic(?) certificates: https://gist.github.com/nnathan/73ccb767ba706ccd07686066e0fde0f5

Also cc @dgarus

@dariusc93
Copy link
Member

Draft for generating deterministic(?) certificates: https://gist.github.com/nnathan/73ccb767ba706ccd07686066e0fde0f5

Also cc @dgarus

Forgotten all about x509-cert crate honestly. Hopefully we can use this in a meaningful way in rust-libp2p

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants