Commit aa20ea2
committed
fix(tls,quic): expose libp2p host pubkey as remotePubKey, not the ephemeral cert subject key
Before this change, `SecureChannel.Session.remotePubKey` returned by the TLS
and QUIC transports was the ephemeral X.509 cert subject key (created per
handshake), not the libp2p host public key embedded in the libp2p cert
extension (OID 1.3.6.1.4.1.53594.1.1). This broke the invariant
`PeerId.fromPubKey(remotePubKey) == remoteId` that SecIO, Noise, and
Plaintext uphold and that downstream consumers rely on (e.g. signed-record
verification).
Changes:
* TLSSecureChannel.kt: introduce `TlsPeerIdentity(peerId, pubKey)` and
`verifyAndExtractIdentity(chain)` which derives both fields from the same
libp2p host key unmarshalled out of the cert extension. The legacy
`verifyAndExtractPeerId` now delegates so existing call sites
(CertificatesTest, Libp2pTrustManager) continue to work unchanged. The
session-construction site in `buildTlsHandler` is updated to use the new
helper, so `remotePubKey` is now the libp2p key, not the ephemeral
subject key.
* QuicTransport.kt (server inbound): replace the separate
`verifyAndExtractPeerId` + `getPublicKeyFromCert` pair with a single
`verifyAndExtractIdentity` call. Both `remoteId` and `remotePubKey`
now come from the same libp2p host key.
* QuicTransport.kt (client dial): delete the `Multihash.Digest.Identity`
special case entirely. The libp2p cert extension is the single source of
truth for the remote libp2p public key regardless of how the peer id is
encoded in the multiaddr (identity-digest vs sha-256). Add a sanity
check that the libp2p key extracted from the cert hashes to the
dial-target peer id — defence-in-depth on top of `Libp2pTrustManager`.
Remove now-unused imports (`Multihash`, `unmarshalPublicKey`,
`getPublicKeyFromCert`).
Tests:
* TlsSecureChannelTest now extends `CipherSecureChannelTest` (matching
the SecIO/Noise pattern), which contributes `verify secure session`
asserting `remotePubKey == pubKey<remote>` on both sides. The shared
malformed-cipher-bytes test is marked `open` in the base and overridden
with `@Disabled` for TLS because OpenSSL surfaces those errors through
a different path that is out of scope here.
* New `QuicRemotePubKeyIdentityTest` exercises a real QUIC handshake
between two hosts and asserts
`PeerId.fromPubKey(secureSession.remotePubKey) == secureSession.remoteId`
on both the client and server connection.1 parent 138fe9e commit aa20ea2
5 files changed
Lines changed: 162 additions & 61 deletions
File tree
- libp2p/src
- main/kotlin/io/libp2p
- security/tls
- transport/quic
- test/kotlin/io/libp2p
- security
- tls
- transport/quic
Lines changed: 34 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
150 | 150 | | |
151 | 151 | | |
152 | 152 | | |
| 153 | + | |
153 | 154 | | |
154 | 155 | | |
155 | 156 | | |
156 | | - | |
157 | | - | |
| 157 | + | |
| 158 | + | |
158 | 159 | | |
159 | 160 | | |
160 | 161 | | |
| |||
278 | 279 | | |
279 | 280 | | |
280 | 281 | | |
281 | | - | |
| 282 | + | |
| 283 | + | |
| 284 | + | |
| 285 | + | |
| 286 | + | |
| 287 | + | |
| 288 | + | |
| 289 | + | |
| 290 | + | |
| 291 | + | |
| 292 | + | |
| 293 | + | |
| 294 | + | |
| 295 | + | |
| 296 | + | |
| 297 | + | |
| 298 | + | |
| 299 | + | |
| 300 | + | |
| 301 | + | |
| 302 | + | |
282 | 303 | | |
283 | 304 | | |
284 | 305 | | |
| |||
314 | 335 | | |
315 | 336 | | |
316 | 337 | | |
317 | | - | |
| 338 | + | |
318 | 339 | | |
319 | 340 | | |
| 341 | + | |
| 342 | + | |
| 343 | + | |
| 344 | + | |
| 345 | + | |
| 346 | + | |
| 347 | + | |
| 348 | + | |
| 349 | + | |
320 | 350 | | |
321 | 351 | | |
322 | 352 | | |
| |||
Lines changed: 38 additions & 32 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
2 | 2 | | |
3 | 3 | | |
4 | 4 | | |
5 | | - | |
6 | 5 | | |
7 | 6 | | |
8 | | - | |
9 | 7 | | |
10 | 8 | | |
11 | 9 | | |
| |||
22 | 20 | | |
23 | 21 | | |
24 | 22 | | |
25 | | - | |
26 | | - | |
| 23 | + | |
27 | 24 | | |
28 | 25 | | |
29 | 26 | | |
| |||
270 | 267 | | |
271 | 268 | | |
272 | 269 | | |
| 270 | + | |
| 271 | + | |
| 272 | + | |
| 273 | + | |
| 274 | + | |
| 275 | + | |
| 276 | + | |
| 277 | + | |
273 | 278 | | |
274 | | - | |
275 | | - | |
276 | | - | |
277 | | - | |
278 | | - | |
279 | | - | |
280 | | - | |
281 | | - | |
282 | | - | |
283 | | - | |
284 | | - | |
285 | | - | |
286 | | - | |
287 | | - | |
288 | | - | |
289 | | - | |
290 | | - | |
| 279 | + | |
| 280 | + | |
| 281 | + | |
| 282 | + | |
| 283 | + | |
| 284 | + | |
| 285 | + | |
| 286 | + | |
291 | 287 | | |
292 | 288 | | |
293 | 289 | | |
294 | 290 | | |
295 | 291 | | |
296 | | - | |
297 | | - | |
| 292 | + | |
| 293 | + | |
298 | 294 | | |
299 | 295 | | |
300 | 296 | | |
| |||
415 | 411 | | |
416 | 412 | | |
417 | 413 | | |
418 | | - | |
419 | | - | |
| 414 | + | |
| 415 | + | |
| 416 | + | |
| 417 | + | |
| 418 | + | |
420 | 419 | | |
421 | | - | |
| 420 | + | |
422 | 421 | | |
423 | 422 | | |
424 | 423 | | |
425 | 424 | | |
426 | | - | |
427 | | - | |
| 425 | + | |
| 426 | + | |
428 | 427 | | |
429 | 428 | | |
430 | 429 | | |
| |||
533 | 532 | | |
534 | 533 | | |
535 | 534 | | |
| 535 | + | |
| 536 | + | |
| 537 | + | |
| 538 | + | |
536 | 539 | | |
537 | | - | |
538 | | - | |
| 540 | + | |
| 541 | + | |
| 542 | + | |
| 543 | + | |
| 544 | + | |
539 | 545 | | |
540 | 546 | | |
541 | 547 | | |
542 | 548 | | |
543 | | - | |
544 | | - | |
| 549 | + | |
| 550 | + | |
545 | 551 | | |
546 | 552 | | |
547 | 553 | | |
| |||
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
63 | 63 | | |
64 | 64 | | |
65 | 65 | | |
66 | | - | |
| 66 | + | |
67 | 67 | | |
68 | 68 | | |
69 | 69 | | |
| |||
Lines changed: 8 additions & 24 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
4 | | - | |
5 | | - | |
6 | 3 | | |
7 | 4 | | |
8 | 5 | | |
9 | | - | |
10 | | - | |
11 | | - | |
12 | | - | |
| 6 | + | |
| 7 | + | |
13 | 8 | | |
14 | 9 | | |
15 | | - | |
16 | 10 | | |
17 | 11 | | |
18 | 12 | | |
19 | 13 | | |
20 | | - | |
| 14 | + | |
21 | 15 | | |
22 | 16 | | |
23 | 17 | | |
24 | 18 | | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
25 | 22 | | |
26 | | - | |
27 | | - | |
28 | | - | |
29 | | - | |
30 | | - | |
31 | | - | |
32 | | - | |
33 | | - | |
34 | | - | |
35 | | - | |
36 | | - | |
37 | | - | |
38 | | - | |
39 | | - | |
40 | | - | |
| 23 | + | |
| 24 | + | |
41 | 25 | | |
42 | 26 | | |
Lines changed: 81 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
| 71 | + | |
| 72 | + | |
| 73 | + | |
| 74 | + | |
| 75 | + | |
| 76 | + | |
| 77 | + | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
| 81 | + | |
0 commit comments