Support RSA remote network identity keys (paritytech#423)

Support remote RSA network identity keys to handle connections to nodes
with such keys. The support is gated behind `rsa` feature flag and
deliberately doesn't enable the use of RSA keys as a local network
identity keys. This preserves backward compatibility and allows for the
use of lighter `x509-parser` dependency supporting only X.509 parsing
and not serialization.

Author: dmitry-markin

Cargo.toml

@@ -103,6 +103,7 @@ fuzz = ["serde/derive", "serde/rc", "bytes/serde", "dep:serde_millis", "cid/serd
 # They are not yet suitable for production use-cases and should be used with caution.
 quic = ["dep:webpki", "dep:quinn", "dep:rustls", "dep:ring", "dep:rcgen"]
 webrtc = ["dep:str0m"]
+rsa = ["dep:ring"]
 
 [profile.release]
 debug = true

src/crypto/mod.rs

@@ -24,6 +24,9 @@
 use crate::{error::ParseError, peer_id::*};
 
 pub mod ed25519;
+#[cfg(feature = "rsa")]
+pub mod rsa;
+
 pub(crate) mod noise;
 #[cfg(feature = "quic")]
 pub(crate) mod tls;
@@ -39,18 +42,6 @@ pub enum PublicKey {
 }
 
 impl PublicKey {
-    /// Verify a signature for a message using this public key, i.e. check
-    /// that the signature has been produced by the corresponding
-    /// private key (authenticity), and that the message has not been
-    /// tampered with (integrity).
-    #[must_use]
-    pub fn verify(&self, msg: &[u8], sig: &[u8]) -> bool {
-        use PublicKey::*;
-        match self {
-            Ed25519(pk) => pk.verify(msg, sig),
-        }
-    }
-
     /// Encode the public key into a protobuf structure for storage or
     /// exchange with other nodes.
     pub fn to_protobuf_encoding(&self) -> Vec<u8> {
@@ -63,16 +54,6 @@ impl PublicKey {
         buf
     }
 
-    /// Decode a public key from a protobuf structure, e.g. read from storage
-    /// or received from another node.
-    pub fn from_protobuf_encoding(bytes: &[u8]) -> Result<PublicKey, ParseError> {
-        use prost::Message;
-
-        let pubkey = keys_proto::PublicKey::decode(bytes)?;
-
-        pubkey.try_into()
-    }
-
     /// Convert the `PublicKey` into the corresponding `PeerId`.
     pub fn to_peer_id(&self) -> PeerId {
         self.into()
@@ -110,3 +91,57 @@ impl From<ed25519::PublicKey> for PublicKey {
         PublicKey::Ed25519(public_key)
     }
 }
+
+/// The public key of a remote node's identity keypair. Supports RSA keys additionally to ed25519.
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub(crate) enum RemotePublicKey {
+    /// A public Ed25519 key.
+    Ed25519(ed25519::PublicKey),
+    /// A public RSA key.
+    #[cfg(feature = "rsa")]
+    Rsa(rsa::PublicKey),
+}
+
+impl RemotePublicKey {
+    /// Verify a signature for a message using this public key, i.e. check
+    /// that the signature has been produced by the corresponding
+    /// private key (authenticity), and that the message has not been
+    /// tampered with (integrity).
+    #[must_use]
+    pub fn verify(&self, msg: &[u8], sig: &[u8]) -> bool {
+        use RemotePublicKey::*;
+        match self {
+            Ed25519(pk) => pk.verify(msg, sig),
+            #[cfg(feature = "rsa")]
+            Rsa(pk) => pk.verify(msg, sig),
+        }
+    }
+
+    /// Decode a public key from a protobuf structure, e.g. read from storage
+    /// or received from another node.
+    pub fn from_protobuf_encoding(bytes: &[u8]) -> Result<RemotePublicKey, ParseError> {
+        use prost::Message;
+
+        let pubkey = keys_proto::PublicKey::decode(bytes)?;
+
+        pubkey.try_into()
+    }
+}
+
+impl TryFrom<keys_proto::PublicKey> for RemotePublicKey {
+    type Error = ParseError;
+
+    fn try_from(pubkey: keys_proto::PublicKey) -> Result<Self, Self::Error> {
+        let key_type = keys_proto::KeyType::try_from(pubkey.r#type)
+            .map_err(|_| ParseError::UnknownKeyType(pubkey.r#type))?;
+
+        match key_type {
+            keys_proto::KeyType::Ed25519 =>
+                ed25519::PublicKey::try_from_bytes(&pubkey.data).map(RemotePublicKey::Ed25519),
+            #[cfg(feature = "rsa")]
+            keys_proto::KeyType::Rsa =>
+                rsa::PublicKey::try_decode_x509(&pubkey.data).map(RemotePublicKey::Rsa),
+            _ => Err(ParseError::UnknownKeyType(key_type as i32)),
+        }
+    }
+}

src/crypto/noise/mod.rs

@@ -23,7 +23,7 @@
 
 use crate::{
     config::Role,
-    crypto::{ed25519::Keypair, PublicKey},
+    crypto::{ed25519::Keypair, PublicKey, RemotePublicKey},
     error::{NegotiationError, ParseError},
     PeerId,
 };
@@ -161,9 +161,9 @@ impl NoiseContext {
         Self::assemble(noise, keypair, id_keys, Role::Dialer)
     }
 
-    /// Get remote public key from the received Noise payload.
+    /// Get remote peer ID from the received Noise payload.
     #[cfg(feature = "webrtc")]
-    pub fn get_remote_public_key(&mut self, reply: &[u8]) -> Result<PublicKey, NegotiationError> {
+    pub fn get_remote_peer_id(&mut self, reply: &[u8]) -> Result<PeerId, NegotiationError> {
         if reply.len() < 2 {
             tracing::error!(target: LOG_TARGET, "reply too short to contain length prefix");
             return Err(NegotiationError::ParseError(ParseError::InvalidReplyLength));
@@ -191,7 +191,7 @@ impl NoiseContext {
             .map_err(|err| NegotiationError::ParseError(err.into()))?;
 
         let identity = payload.identity_key.ok_or(NegotiationError::PeerIdMissing)?;
-        PublicKey::from_protobuf_encoding(&identity).map_err(|err| err.into())
+        Ok(PeerId::from_public_key_protobuf(&identity))
     }
 
     /// Get first message.
@@ -745,13 +745,13 @@ fn parse_and_verify_peer_id(
     dh_remote_pubkey: &[u8],
 ) -> Result<PeerId, NegotiationError> {
     let identity = payload.identity_key.ok_or(NegotiationError::PeerIdMissing)?;
-    let remote_public_key = PublicKey::from_protobuf_encoding(&identity)?;
+    let remote_public_key = RemotePublicKey::from_protobuf_encoding(&identity)?;
     let remote_key_signature =
         payload.identity_sig.ok_or(NegotiationError::BadSignature).inspect_err(|_err| {
             tracing::debug!(target: LOG_TARGET, "payload without signature");
         })?;
 
-    let peer_id = PeerId::from_public_key(&remote_public_key);
+    let peer_id = PeerId::from_public_key_protobuf(&identity);
 
     if !remote_public_key.verify(
         &[STATIC_KEY_DOMAIN.as_bytes(), dh_remote_pubkey].concat(),

src/crypto/rsa.rs

@@ -0,0 +1,44 @@
+// Copyright 2025 litep2p developers
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the "Software"),
+// to deal in the Software without restriction, including without limitation
+// the rights to use, copy, modify, merge, publish, distribute, sublicense,
+// and/or sell copies of the Software, and to permit persons to whom the
+// Software is furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+// DEALINGS IN THE SOFTWARE.
+
+//! RSA public key.
+
+use crate::error::ParseError;
+use ring::signature::{UnparsedPublicKey, RSA_PKCS1_2048_8192_SHA256};
+use x509_parser::{prelude::FromDer, x509::SubjectPublicKeyInfo};
+
+/// An RSA public key.
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct PublicKey(Vec<u8>);
+
+impl PublicKey {
+    /// Decode an RSA public key from a DER-encoded X.509 SubjectPublicKeyInfo structure.
+    pub fn try_decode_x509(spki: &[u8]) -> Result<Self, ParseError> {
+        SubjectPublicKeyInfo::from_der(spki)
+            .map(|(_, spki)| Self(spki.subject_public_key.as_ref().to_vec()))
+            .map_err(|_| ParseError::InvalidPublicKey)
+    }
+
+    /// Verify the RSA signature on a message using the public key.
+    pub fn verify(&self, msg: &[u8], sig: &[u8]) -> bool {
+        let key = UnparsedPublicKey::new(&RSA_PKCS1_2048_8192_SHA256, &self.0);
+        key.verify(msg, sig).is_ok()
+    }
+}

src/crypto/tls/certificate.rs

@@ -23,7 +23,7 @@
 //! This module handles generation, signing, and verification of certificates.
 
 use crate::{
-    crypto::{ed25519::Keypair, PublicKey},
+    crypto::{ed25519::Keypair, RemotePublicKey},
     PeerId,
 };
 
@@ -102,10 +102,13 @@ pub struct P2pCertificate<'a> {
 /// The contents of the specific libp2p extension, containing the public host key
 /// and a signature performed using the private host key.
 pub struct P2pExtension {
-    public_key: PublicKey,
+    public_key: RemotePublicKey,
     /// This signature provides cryptographic proof that the peer was
     /// in possession of the private host key at the time the certificate was signed.
     signature: Vec<u8>,
+    /// PeerId derived from the public key. While not being part of the extension, we store it to
+    /// avoid the need to serialize the public key back to protobuf.
+    peer_id: PeerId,
 }
 
 #[derive(Debug, thiserror::Error)]
@@ -148,7 +151,7 @@ fn parse_unverified(der_input: &[u8]) -> Result<P2pCertificate, webpki::Error> {
             //    publicKey OCTET STRING,
             //    signature OCTET STRING
             // }
-            let (public_key, signature): (Vec<u8>, Vec<u8>) =
+            let (public_key_protobuf, signature): (Vec<u8>, Vec<u8>) =
                 yasna::decode_der(ext.value).map_err(|_| webpki::Error::ExtensionValueInvalid)?;
             // The publicKey field of SignedKey contains the public host key
             // of the endpoint, encoded using the following protobuf:
@@ -162,11 +165,13 @@ fn parse_unverified(der_input: &[u8]) -> Result<P2pCertificate, webpki::Error> {
             //    required KeyType Type = 1;
             //    required bytes Data = 2;
             // }
-            let public_key = PublicKey::from_protobuf_encoding(&public_key)
+            let public_key = RemotePublicKey::from_protobuf_encoding(&public_key_protobuf)
                 .map_err(|_| webpki::Error::UnknownIssuer)?;
+            let peer_id = PeerId::from_public_key_protobuf(&public_key_protobuf);
             let ext = P2pExtension {
                 public_key,
                 signature,
+                peer_id,
             };
             libp2p_extension = Some(ext);
             continue;
@@ -231,7 +236,7 @@ fn make_libp2p_extension(
 impl P2pCertificate<'_> {
     /// The [`PeerId`] of the remote peer.
     pub fn peer_id(&self) -> PeerId {
-        self.extension.public_key.to_peer_id()
+        self.extension.peer_id
     }
 
     /// Verify the `signature` of the `message` signed by the private key corresponding to the
@@ -453,7 +458,7 @@ mod tests {
 
         assert!(parsed_cert.verify().is_ok());
         assert_eq!(
-            crate::crypto::PublicKey::Ed25519(keypair.public()),
+            crate::crypto::RemotePublicKey::Ed25519(keypair.public()),
             parsed_cert.extension.public_key
         );
     }

src/peer_id.rs

@@ -59,15 +59,18 @@ impl fmt::Display for PeerId {
 impl PeerId {
     /// Builds a `PeerId` from a public key.
     pub fn from_public_key(key: &PublicKey) -> PeerId {
-        let key_enc = key.to_protobuf_encoding();
+        Self::from_public_key_protobuf(&key.to_protobuf_encoding())
+    }
 
+    /// Builds a `PeerId` from a public key in protobuf encoding.
+    pub fn from_public_key_protobuf(key_enc: &[u8]) -> PeerId {
         let hash_algorithm = if key_enc.len() <= MAX_INLINE_KEY_LENGTH {
             Code::Identity
         } else {
             Code::Sha2_256
         };
 
-        let multihash = hash_algorithm.digest(&key_enc);
+        let multihash = hash_algorithm.digest(key_enc);
 
         PeerId { multihash }
     }

src/transport/webrtc/opening.rs

@@ -254,8 +254,7 @@ impl OpeningWebRtcConnection {
         };
 
         let message = WebRtcMessage::decode(&data)?.payload.ok_or(Error::InvalidData)?;
-        let public_key = context.get_remote_public_key(&message)?;
-        let remote_peer_id = PeerId::from_public_key(&public_key);
+        let remote_peer_id = context.get_remote_peer_id(&message)?;
 
         tracing::trace!(
             target: LOG_TARGET,
@@ -282,7 +281,7 @@ impl OpeningWebRtcConnection {
             .with(Protocol::Udp(self.peer_address.port()))
             .with(Protocol::WebRTC)
             .with(Protocol::Certhash(certificate))
-            .with(Protocol::P2p(PeerId::from(public_key).into()));
+            .with(Protocol::P2p(remote_peer_id.into()));
 
         Ok(WebRtcEvent::ConnectionOpened {
             peer: remote_peer_id,