RSA keygen in preparation to asking /id from ipfs

[koivunej]

Sorry for the refactoring with the http being here as well, I created a config module with configuration file handling there. The rsa keygen and following import/export thing was a lot more difficult than I thought.

I made some questionable changes to ipfs::config as well, I removed it from the ifps::IpfsOptions. I made this because looking back at the ipfs::config::KeyMaterial it seems like a bad idea to extend it with Pkcs8Buffer or something similar, I am not so sure if the mutability through Options makes a lot of sense. If this solution feels worse I can present the KeyMaterial extension as well. I also thought that the "library initialization through configuration file" might not be so important use case after all, as most likely you'd like to bring your application configuration file and turn that into the ipfs::IpfsOptions.

This could be mergeable as is. I'll continue from here into spawning the background task and exposing the ipfs::Ipfs to the filters, but hopefully on a different PR.

[dvc94ch]

Looks very good, thanks!

[dvc94ch]

are the go ipfs error messages checked in the compliance test suite?

[koivunej]

I don't think so but I tried to include the ones I found. These might be presented in the conformance test assertion failures, at least if it happens during preparation.

[dvc94ch]

Is there no other way to do it except using openssl?

[koivunej]

Sadly I cannot see a way. rsa crate exists and would be suitable for our testing purposes at least (there are warnings for not having audited) but for testing purposes I'd be happy to get any key from rsa imported as ring key used by rust-libp2p. There isn't any export PKCS#{1,8} functionality in rsa I could find (even less import/export in released version, some import features have been added later) but even the latest importing seems to differ from how ring imports RSA keys. As DER functionality is not exposed by openssl either so I had to hack it, luckily it's the easiest thing done here (see pem_to_der).

I wrote more/different notes on aae24e1.

The windows github actions openssl should be doable, but I can't see what would the solution be. Trying to ask around.

[koivunej]

@dvc94ch asking to make sure you saw the ipfs::config::ConfigFile related changes in ipfs::IpfsOptions I mentioned in PR description while I research the openssl library installation:

I made some questionable changes to ipfs::config as well, I removed it from the ifps::IpfsOptions. I made this because looking back at the ipfs::config::KeyMaterial it seems like a bad idea to extend it with Pkcs8Buffer or something similar, I am not so sure if the mutability through Options makes a lot of sense.

[dvc94ch]

I agree that it makes sense to make the configuration the responsibility of the user, in this case http

[koivunej]

Is there no other way to do it except using openssl?

Sadly I cannot see a way.

To elaborate on others than the rsa:

• rustls: couldn't find key generation or export
• ring: couldn't find key generation (but help to use openssl), not sure on exporting

I agree that it makes sense to make the configuration the responsibility of the user, in this case http

Great! Thanks for the another look.

Still no luck with the build however, there are some open issues like sfackler/rust-openssl#1062 but strange not to find examples on this.

[koivunej]

Trying to disable http on cross builds as I have no idea on how to start building openssl or downloading any prebuilts for the cross compilation with either apt or brew. I'll create an issue for this, I'm sure someone knows how to fix this.