Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix!: remove localPeer from secureInbound and secureOutbound #2304

Merged
merged 4 commits into from
Aug 14, 2024
Merged

fix!: remove localPeer from secureInbound and secureOutbound #2304

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e180f48
fix!: remove peerId from secureInbound and secureOutbound
wemeetagain Dec 5, 2023
55a2209
Merge branch 'release-v2.0' into fix/remove-peer-id-encrypter
achingbrain Aug 9, 2024
3e9b5c5
chore: fix tests
achingbrain Aug 9, 2024
d253f50
chore: fix tests
achingbrain Aug 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions packages/connection-encrypter-plaintext/src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ import type { Uint8ArrayList } from 'uint8arraylist'
const PROTOCOL = '/plaintext/2.0.0'

export interface PlaintextComponents {
peerId: PeerId
logger: ComponentLogger
}

Expand All @@ -44,10 +45,12 @@ export interface PlaintextInit {

class Plaintext implements ConnectionEncrypter {
public protocol: string = PROTOCOL
private readonly peerId: PeerId
private readonly log: Logger
private readonly timeout: number

constructor (components: PlaintextComponents, init: PlaintextInit = {}) {
this.peerId = components.peerId
this.log = components.logger.forComponent('libp2p:plaintext')
this.timeout = init.timeout ?? 1000
}
Expand All @@ -58,12 +61,12 @@ class Plaintext implements ConnectionEncrypter {
'@libp2p/connection-encryption'
]

async secureInbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (localId: PeerId, conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
return this._encrypt(localId, conn, remoteId)
async secureInbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
return this._encrypt(this.peerId, conn, remoteId)
}

async secureOutbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (localId: PeerId, conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
return this._encrypt(localId, conn, remoteId)
async secureOutbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
return this._encrypt(this.peerId, conn, remoteId)
}

/**
Expand Down
4 changes: 3 additions & 1 deletion packages/connection-encrypter-plaintext/test/compliance.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,14 @@

import suite from '@libp2p/interface-compliance-tests/connection-encryption'
import { defaultLogger } from '@libp2p/logger'
import { createEd25519PeerId } from '@libp2p/peer-id-factory'
import { plaintext } from '../src/index.js'

describe('plaintext compliance', () => {
suite({
async setup () {
async setup (opts) {
return plaintext()({
peerId: opts?.peerId ?? await createEd25519PeerId(),
logger: defaultLogger()
})
},
Expand Down
19 changes: 15 additions & 4 deletions packages/connection-encrypter-plaintext/test/index.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ describe('plaintext', () => {
let remotePeer: PeerId
let wrongPeer: PeerId
let encrypter: ConnectionEncrypter
let encrypterRemote: ConnectionEncrypter

beforeEach(async () => {
[localPeer, remotePeer, wrongPeer] = await Promise.all([
Expand All @@ -28,6 +29,11 @@ describe('plaintext', () => {
])

encrypter = plaintext()({
peerId: localPeer,
logger: defaultLogger()
})
encrypterRemote = plaintext()({
peerId: remotePeer,
logger: defaultLogger()
})
})
Expand All @@ -46,8 +52,8 @@ describe('plaintext', () => {
})

await Promise.all([
encrypter.secureInbound(remotePeer, inbound),
encrypter.secureOutbound(localPeer, outbound, wrongPeer)
encrypterRemote.secureInbound(inbound),
encrypter.secureOutbound(outbound, wrongPeer)
]).then(() => expect.fail('should have failed'), (err) => {
expect(err).to.exist()
expect(err).to.have.property('code', UnexpectedPeerError.code)
Expand All @@ -58,6 +64,11 @@ describe('plaintext', () => {
const peer = await createRSAPeerId()
remotePeer = peerIdFromBytes(peer.toBytes())

encrypter = plaintext()({
peerId: remotePeer,
logger: defaultLogger()
})

const { inbound, outbound } = mockMultiaddrConnPair({
remotePeer,
addrs: [
Expand All @@ -67,8 +78,8 @@ describe('plaintext', () => {
})

await expect(Promise.all([
encrypter.secureInbound(localPeer, inbound),
encrypter.secureOutbound(remotePeer, outbound, localPeer)
encrypter.secureInbound(inbound),
encrypterRemote.secureOutbound(outbound, localPeer)
]))
.to.eventually.be.rejected.with.property('code', InvalidCryptoExchangeError.code)
})
Expand Down
3 changes: 2 additions & 1 deletion packages/connection-encrypter-tls/src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,12 @@
*/

import { TLS } from './tls.js'
import type { ComponentLogger, ConnectionEncrypter } from '@libp2p/interface'
import type { ComponentLogger, ConnectionEncrypter, PeerId } from '@libp2p/interface'

export const PROTOCOL = '/tls/1.0.0'

export interface TLSComponents {
peerId: PeerId
logger: ComponentLogger
}

Expand Down
14 changes: 8 additions & 6 deletions packages/connection-encrypter-tls/src/tls.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,12 @@ import type { Uint8ArrayList } from 'uint8arraylist'
export class TLS implements ConnectionEncrypter {
public protocol: string = PROTOCOL
private readonly log: Logger
private readonly peerId: PeerId
private readonly timeout: number

constructor (components: TLSComponents, init: TLSInit = {}) {
this.log = components.logger.forComponent('libp2p:tls')
this.peerId = components.peerId
this.timeout = init.timeout ?? 1000
}

Expand All @@ -43,20 +45,20 @@ export class TLS implements ConnectionEncrypter {
'@libp2p/connection-encryption'
]

async secureInbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (localId: PeerId, conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
return this._encrypt(localId, conn, true, remoteId)
async secureInbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
return this._encrypt(conn, true, remoteId)
}

async secureOutbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (localId: PeerId, conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
return this._encrypt(localId, conn, false, remoteId)
async secureOutbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
return this._encrypt(conn, false, remoteId)
}

/**
* Encrypt connection
*/
async _encrypt <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (localId: PeerId, conn: Stream, isServer: boolean, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
async _encrypt <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (conn: Stream, isServer: boolean, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
const opts: TLSSocketOptions = {
...await generateCertificate(localId),
...await generateCertificate(this.peerId),
isServer,
// require TLS 1.3 or later
minVersion: 'TLSv1.3',
Expand Down
4 changes: 3 additions & 1 deletion packages/connection-encrypter-tls/test/compliance.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,14 @@

import suite from '@libp2p/interface-compliance-tests/connection-encryption'
import { defaultLogger } from '@libp2p/logger'
import { createEd25519PeerId } from '@libp2p/peer-id-factory'
import { tls } from '../src/index.js'

describe('tls compliance', () => {
suite({
async setup () {
async setup (opts) {
return tls()({
peerId: opts?.peerId ?? await createEd25519PeerId(),
logger: defaultLogger()
})
},
Expand Down
14 changes: 10 additions & 4 deletions packages/connection-encrypter-tls/test/index.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ describe('tls', () => {
])

encrypter = tls()({
peerId: await createEd25519PeerId(),
logger: defaultLogger()
})
})
Expand All @@ -46,8 +47,8 @@ describe('tls', () => {
})

await Promise.all([
encrypter.secureInbound(remotePeer, inbound),
encrypter.secureOutbound(localPeer, outbound, wrongPeer)
encrypter.secureInbound(inbound, remotePeer),
encrypter.secureOutbound(outbound, wrongPeer)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Curious, do we need an encrypterRemote here like we have in packages/connection-encrypter-plaintext/test/index.spec.ts ?

If we can do either/or, it would be nice to use the same setup to not cause confusion and questions like this one :)

If we can't, maybe a comment explaining why? (maybe only for libp2p noobs like myself)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would make the test easier to read but this encrypter is stateless which is why it works as-is.

]).then(() => expect.fail('should have failed'), (err) => {
expect(err).to.exist()
expect(err).to.have.property('code', UnexpectedPeerError.code)
Expand All @@ -58,6 +59,11 @@ describe('tls', () => {
const peer = await createRSAPeerId()
remotePeer = peerIdFromBytes(peer.toBytes())

encrypter = tls()({
peerId: remotePeer,
logger: defaultLogger()
})

const { inbound, outbound } = mockMultiaddrConnPair({
remotePeer,
addrs: [
Expand All @@ -67,8 +73,8 @@ describe('tls', () => {
})

await expect(Promise.all([
encrypter.secureInbound(localPeer, inbound),
encrypter.secureOutbound(remotePeer, outbound, localPeer)
encrypter.secureInbound(inbound),
encrypter.secureOutbound(outbound, localPeer)
]))
.to.eventually.be.rejected.with.property('code', InvalidCryptoExchangeError.code)
})
Expand Down
23 changes: 15 additions & 8 deletions packages/interface-compliance-tests/src/connection-encryption/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,21 +10,28 @@ import { createMaConnPair } from './utils/index.js'
import type { TestSetup } from '../index.js'
import type { ConnectionEncrypter, PeerId } from '@libp2p/interface'

export default (common: TestSetup<ConnectionEncrypter>): void => {
export interface ConnectionEncrypterSetupArgs {
peerId: PeerId
}

export default (common: TestSetup<ConnectionEncrypter, ConnectionEncrypterSetupArgs>): void => {
describe('interface-connection-encrypter compliance tests', () => {
let crypto: ConnectionEncrypter
let cryptoRemote: ConnectionEncrypter
let localPeer: PeerId
let remotePeer: PeerId
let mitmPeer: PeerId

before(async () => {
[
crypto,
cryptoRemote,
localPeer,
remotePeer,
mitmPeer
] = await Promise.all([
common.setup(),
common.setup({ peerId: await PeerIdFactory.createFromJSON(peers[0]) }),
common.setup({ peerId: await PeerIdFactory.createFromJSON(peers[1]) }),
PeerIdFactory.createFromJSON(peers[0]),
PeerIdFactory.createFromJSON(peers[1]),
PeerIdFactory.createFromJSON(peers[2])
Expand All @@ -47,8 +54,8 @@ export default (common: TestSetup<ConnectionEncrypter>): void => {
inboundResult,
outboundResult
] = await Promise.all([
crypto.secureInbound(remotePeer, localConn),
crypto.secureOutbound(localPeer, remoteConn, remotePeer)
cryptoRemote.secureInbound(localConn),
crypto.secureOutbound(remoteConn, remotePeer)
Comment on lines +57 to +58
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

similar question about dissimilarities between encrypters we create&call for secureInbound and secureOutbound calls

])

// Echo server
Expand Down Expand Up @@ -77,8 +84,8 @@ export default (common: TestSetup<ConnectionEncrypter>): void => {
inboundResult,
outboundResult
] = await Promise.all([
crypto.secureInbound(remotePeer, localConn),
crypto.secureOutbound(localPeer, remoteConn, remotePeer)
cryptoRemote.secureInbound(localConn),
crypto.secureOutbound(remoteConn, remotePeer)
])

// Inbound should return the initiator (local) peer
Expand All @@ -91,8 +98,8 @@ export default (common: TestSetup<ConnectionEncrypter>): void => {
const [localConn, remoteConn] = createMaConnPair()

await Promise.all([
crypto.secureInbound(remotePeer, localConn, mitmPeer),
crypto.secureOutbound(localPeer, remoteConn, remotePeer)
cryptoRemote.secureInbound(localConn, mitmPeer),
crypto.secureOutbound(remoteConn, remotePeer)
]).then(() => expect.fail(), (err) => {
expect(err).to.exist()
expect(err).to.have.property('code', UnexpectedPeerError.code)
Expand Down
4 changes: 2 additions & 2 deletions packages/interface/src/connection-encrypter/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,14 @@ export interface ConnectionEncrypter<Extension = unknown> {
* pass it for extra verification, otherwise it will be determined during
* the handshake.
*/
secureOutbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (localPeer: PeerId, connection: Stream, remotePeer?: PeerId): Promise<SecuredConnection<Stream, Extension>>
secureOutbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (connection: Stream, remotePeer?: PeerId): Promise<SecuredConnection<Stream, Extension>>

/**
* Decrypt incoming data. If the remote PeerId is known,
* pass it for extra verification, otherwise it will be determined during
* the handshake
*/
secureInbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (localPeer: PeerId, connection: Stream, remotePeer?: PeerId): Promise<SecuredConnection<Stream, Extension>>
secureInbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (connection: Stream, remotePeer?: PeerId): Promise<SecuredConnection<Stream, Extension>>
}

export interface SecuredConnection<Stream = any, Extension = unknown> {
Expand Down
4 changes: 2 additions & 2 deletions packages/libp2p/src/upgrader.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -644,7 +644,7 @@ export class DefaultUpgrader implements Upgrader {
connection.log('encrypting inbound connection using', protocol)

return {
...await encrypter.secureInbound(this.components.peerId, stream),
...await encrypter.secureInbound(stream),
protocol
}
} catch (err: any) {
Expand Down Expand Up @@ -681,7 +681,7 @@ export class DefaultUpgrader implements Upgrader {
connection.log('encrypting outbound connection to %p using %s', remotePeerId, encrypter)

return {
...await encrypter.secureOutbound(this.components.peerId, stream, remotePeerId),
...await encrypter.secureOutbound(stream, remotePeerId),
protocol
}
} catch (err: any) {
Expand Down
12 changes: 6 additions & 6 deletions packages/libp2p/test/upgrading/upgrader.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@ describe('Upgrader', () => {
})
remoteUpgrader = new DefaultUpgrader(remoteComponents, {
connectionEncryption: [
plaintext()(localComponents)
plaintext()(remoteComponents)
],
muxers: [],
inboundUpgradeTimeout: 1000
Expand Down Expand Up @@ -361,19 +361,19 @@ describe('Upgrader', () => {
})
remoteUpgrader = new DefaultUpgrader(remoteComponents, {
connectionEncryption: [
plaintext()(localComponents)
plaintext()(remoteComponents)
],
muxers: [
yamux()(localComponents),
mplex()(localComponents)
yamux()(remoteComponents),
mplex()(remoteComponents)
],
inboundUpgradeTimeout: 1000
})

// Wait for the results of each side of the connection
const results = await Promise.allSettled([
localUpgrader.upgradeOutbound(outbound),
remoteUpgrader.upgradeInbound(inbound)
localUpgrader.upgradeOutbound(inbound),
remoteUpgrader.upgradeInbound(outbound)
])

// Ensure both sides fail
Expand Down
4 changes: 1 addition & 3 deletions packages/transport-webrtc/src/private-to-public/transport.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,8 +190,6 @@ export class WebRTCDirectTransport implements Transport {
// wait for peerconnection.onopen to fire, or for the datachannel to open
const handshakeDataChannel = await dataChannelOpenPromise

const myPeerId = this.components.peerId

// Do noise handshake.
// Set the Noise Prologue to libp2p-webrtc-noise:<FINGERPRINTS> before starting the actual Noise handshake.
// <FINGERPRINTS> is the concatenation of the of the two TLS fingerprints of A and B in their multihash byte representation, sorted in ascending order.
Expand Down Expand Up @@ -260,7 +258,7 @@ export class WebRTCDirectTransport implements Transport {

// For outbound connections, the remote is expected to start the noise handshake.
// Therefore, we need to secure an inbound noise connection from the remote.
await connectionEncrypter.secureInbound(myPeerId, wrappedDuplex, theirPeerId)
await connectionEncrypter.secureInbound(wrappedDuplex, theirPeerId)

return await options.upgrader.upgradeOutbound(maConn, { skipProtection: true, skipEncryption: true, muxerFactory })
} catch (err) {
Expand Down
Loading
Loading