refactor: crypto and pnet (#469)

* feat: add initial plaintext 2 module * refactor: initial refactor of pnet * chore: fix lint * fix: update plaintext api usage * test: use plaintext for test crypto * chore: update deps test: update dialer suite scope * feat: add connection protection to the upgrader * refactor: cleanup and lint fix * chore: remove unncessary transforms * chore: temporarily disable bundlesize * chore: add missing dep * fix: use it-handshake to prevent overreading * chore(fix): PR feedback updates * chore: apply suggestions from code review Co-Authored-By: Vasco Santos <vasco.santos@moxy.studio>
2025-06-18 19:51:23 +00:00 · 2019-11-04 14:05:58 +01:00
parent 5e1dbc21a2
commit fe2a8eddbb
19 changed files with 577 additions and 309 deletions
--- a/test/dialing/direct.node.js
+++ b/test/dialing/direct.node.js
@ -7,6 +7,7 @@ const { expect } = chai
 const sinon = require('sinon')
 const Transport = require('libp2p-tcp')
 const Muxer = require('libp2p-mplex')
+const Crypto = require('../../src/insecure/plaintext')
 const multiaddr = require('multiaddr')
 const PeerId = require('peer-id')
 const PeerInfo = require('peer-info')
@ -18,9 +19,10 @@ const Libp2p = require('../../src')
 const Dialer = require('../../src/dialer')
 const TransportManager = require('../../src/transport-manager')
 const { codes: ErrorCodes } = require('../../src/errors')
+const Protector = require('../../src/pnet')
+const swarmKeyBuffer = Buffer.from(require('../fixtures/swarm.key'))

 const mockUpgrader = require('../utils/mockUpgrader')
-const mockCrypto = require('../utils/mockCrypto')
 const Peers = require('../fixtures/peers')

 const listenAddr = multiaddr('/ip4/127.0.0.1/tcp/0')
@ -49,9 +51,7 @@ describe('Dialing (direct, TCP)', () => {
    remoteAddr = remoteTM.getAddrs()[0]
  })

-  after(async () => {
-    await remoteTM.close()
-  })
+  after(() => remoteTM.close())

  afterEach(() => {
    sinon.restore()
@ -171,66 +171,88 @@ describe('Dialing (direct, TCP)', () => {
    expect(dialer.queue.pending).to.equal(0)
    expect(dialer.queue.size).to.equal(0)
  })
-})

-describe('libp2p.dialer', () => {
-  let peerInfo
-  let remotePeerInfo
-  let libp2p
-  let remoteLibp2p
-  let remoteAddr
+  describe('libp2p.dialer', () => {
+    let peerInfo
+    let remotePeerInfo
+    let libp2p
+    let remoteLibp2p
+    let remoteAddr

-  before(async () => {
-    const [peerId, remotePeerId] = await Promise.all([
-      PeerId.createFromJSON(Peers[0]),
-      PeerId.createFromJSON(Peers[1])
-    ])
+    before(async () => {
+      const [peerId, remotePeerId] = await Promise.all([
+        PeerId.createFromJSON(Peers[0]),
+        PeerId.createFromJSON(Peers[1])
+      ])

-    peerInfo = new PeerInfo(peerId)
-    remotePeerInfo = new PeerInfo(remotePeerId)
+      peerInfo = new PeerInfo(peerId)
+      remotePeerInfo = new PeerInfo(remotePeerId)

-    remoteLibp2p = new Libp2p({
-      peerInfo: remotePeerInfo,
-      modules: {
-        transport: [Transport],
-        streamMuxer: [Muxer],
-        connEncryption: [mockCrypto]
-      }
-    })
-    remoteLibp2p.handle('/echo/1.0.0', ({ stream }) => pipe(stream, stream))
+      remoteLibp2p = new Libp2p({
+        peerInfo: remotePeerInfo,
+        modules: {
+          transport: [Transport],
+          streamMuxer: [Muxer],
+          connEncryption: [Crypto]
+        }
+      })
+      remoteLibp2p.handle('/echo/1.0.0', ({ stream }) => pipe(stream, stream))

-    await remoteLibp2p.transportManager.listen([listenAddr])
-    remoteAddr = remoteLibp2p.transportManager.getAddrs()[0]
-  })
-
-  afterEach(async () => {
-    sinon.restore()
-    libp2p && await libp2p.stop()
-    libp2p = null
-  })
-
-  after(async () => {
-    await remoteLibp2p.stop()
-  })
-
-  it('should use the dialer for connecting', async () => {
-    libp2p = new Libp2p({
-      peerInfo,
-      modules: {
-        transport: [Transport],
-        streamMuxer: [Muxer],
-        connEncryption: [mockCrypto]
-      }
+      await remoteLibp2p.transportManager.listen([listenAddr])
+      remoteAddr = remoteLibp2p.transportManager.getAddrs()[0]
    })

-    sinon.spy(libp2p.dialer, 'connectToMultiaddr')
+    afterEach(async () => {
+      sinon.restore()
+      libp2p && await libp2p.stop()
+      libp2p = null
+    })

-    const connection = await libp2p.dial(remoteAddr)
-    expect(connection).to.exist()
-    const { stream, protocol } = await connection.newStream('/echo/1.0.0')
-    expect(stream).to.exist()
-    expect(protocol).to.equal('/echo/1.0.0')
-    await connection.close()
-    expect(libp2p.dialer.connectToMultiaddr.callCount).to.equal(1)
+    after(() => remoteLibp2p.stop())
+
+    it('should use the dialer for connecting', async () => {
+      libp2p = new Libp2p({
+        peerInfo,
+        modules: {
+          transport: [Transport],
+          streamMuxer: [Muxer],
+          connEncryption: [Crypto]
+        }
+      })
+
+      sinon.spy(libp2p.dialer, 'connectToMultiaddr')
+
+      const connection = await libp2p.dial(remoteAddr)
+      expect(connection).to.exist()
+      const { stream, protocol } = await connection.newStream('/echo/1.0.0')
+      expect(stream).to.exist()
+      expect(protocol).to.equal('/echo/1.0.0')
+      await connection.close()
+      expect(libp2p.dialer.connectToMultiaddr.callCount).to.equal(1)
+    })
+
+    it('should use the protectors when provided for connecting', async () => {
+      const protector = new Protector(swarmKeyBuffer)
+      libp2p = new Libp2p({
+        peerInfo,
+        modules: {
+          transport: [Transport],
+          streamMuxer: [Muxer],
+          connEncryption: [Crypto],
+          connProtector: protector
+        }
+      })
+
+      sinon.spy(libp2p.upgrader.protector, 'protect')
+      sinon.stub(remoteLibp2p.upgrader, 'protector').value(new Protector(swarmKeyBuffer))
+
+      const connection = await libp2p.dialer.connectToMultiaddr(remoteAddr)
+      expect(connection).to.exist()
+      const { stream, protocol } = await connection.newStream('/echo/1.0.0')
+      expect(stream).to.exist()
+      expect(protocol).to.equal('/echo/1.0.0')
+      await connection.close()
+      expect(libp2p.upgrader.protector.protect.callCount).to.equal(1)
+    })
  })
 })
--- a/test/dialing/direct.spec.js
+++ b/test/dialing/direct.spec.js
@ -9,6 +9,7 @@ const pDefer = require('p-defer')
 const delay = require('delay')
 const Transport = require('libp2p-websockets')
 const Muxer = require('libp2p-mplex')
+const Crypto = require('../../src/insecure/plaintext')
 const multiaddr = require('multiaddr')
 const PeerId = require('peer-id')
 const PeerInfo = require('peer-info')
@ -22,7 +23,6 @@ const Libp2p = require('../../src')
 const Peers = require('../fixtures/peers')
 const { MULTIADDRS_WEBSOCKETS } = require('../fixtures/browser')
 const mockUpgrader = require('../utils/mockUpgrader')
-const mockCrypto = require('../utils/mockCrypto')
 const unsupportedAddr = multiaddr('/ip4/127.0.0.1/tcp/9999/ws')
 const remoteAddr = MULTIADDRS_WEBSOCKETS[0]

@ -162,50 +162,61 @@ describe('Dialing (direct, WebSockets)', () => {
    expect(dialer.queue.pending).to.equal(0)
    expect(dialer.queue.size).to.equal(0)
  })
-})

-describe.skip('libp2p.dialer', () => {
-  let peerInfo
-  let libp2p
+  describe('libp2p.dialer', () => {
+    let peerInfo
+    let libp2p
+    let remoteLibp2p

-  before(async () => {
-    const peerId = await PeerId.createFromJSON(Peers[0])
-    peerInfo = new PeerInfo(peerId)
-  })
-
-  afterEach(async () => {
-    sinon.restore()
-    libp2p && await libp2p.stop()
-    libp2p = null
-  })
-
-  it('should create a dialer', () => {
-    libp2p = new Libp2p({
-      peerInfo,
-      modules: {
-        transport: [Transport],
-        streamMuxer: [Muxer],
-        connEncryption: [mockCrypto]
-      }
+    before(async () => {
+      const peerId = await PeerId.createFromJSON(Peers[0])
+      peerInfo = new PeerInfo(peerId)
    })

-    expect(libp2p.dialer).to.exist()
-    // Ensure the dialer also has the transport manager
-    expect(libp2p.transportManager).to.equal(libp2p.dialer.transportManager)
-  })
-
-  it('should use the dialer for connecting', async () => {
-    libp2p = new Libp2p({
-      peerInfo,
-      modules: {
-        transport: [Transport],
-        streamMuxer: [Muxer],
-        connEncryption: [mockCrypto]
-      }
+    afterEach(async () => {
+      sinon.restore()
+      libp2p && await libp2p.stop()
+      libp2p = null
    })

-    const connection = await libp2p.dialer.connectToMultiaddr(remoteAddr)
-    expect(connection).to.exist()
-    await connection.close()
+    after(async () => {
+      remoteLibp2p && await remoteLibp2p.stop()
+    })
+
+    it('should create a dialer', () => {
+      libp2p = new Libp2p({
+        peerInfo,
+        modules: {
+          transport: [Transport],
+          streamMuxer: [Muxer],
+          connEncryption: [Crypto]
+        }
+      })
+
+      expect(libp2p.dialer).to.exist()
+      // Ensure the dialer also has the transport manager
+      expect(libp2p.transportManager).to.equal(libp2p.dialer.transportManager)
+    })
+
+    it('should use the dialer for connecting', async () => {
+      libp2p = new Libp2p({
+        peerInfo,
+        modules: {
+          transport: [Transport],
+          streamMuxer: [Muxer],
+          connEncryption: [Crypto]
+        }
+      })
+
+      sinon.spy(libp2p.dialer, 'connectToMultiaddr')
+
+      const connection = await libp2p.dialer.connectToMultiaddr(remoteAddr)
+      expect(connection).to.exist()
+      const { stream, protocol } = await connection.newStream('/echo/1.0.0')
+      expect(stream).to.exist()
+      expect(protocol).to.equal('/echo/1.0.0')
+      await connection.close()
+      expect(libp2p.dialer.connectToMultiaddr.callCount).to.equal(1)
+    })
  })
 })
--- a/test/fixtures/browser.js
+++ b/test/fixtures/browser.js
@ -3,5 +3,5 @@
 const multiaddr = require('multiaddr')

 module.exports.MULTIADDRS_WEBSOCKETS = [
-  multiaddr('/ip4/127.0.0.1/tcp/15001/ws')
+  multiaddr('/ip4/127.0.0.1/tcp/15001/ws/p2p/QmckxVrJw1Yo8LqvmDJNUmdAsKtSbiKWmrXJFyKmUraBoN')
 ]
--- a/test/fixtures/swarm.key.js
+++ b/test/fixtures/swarm.key.js
@ -0,0 +1,5 @@
+'use strict'
+
+module.exports = '/key/swarm/psk/1.0.0/\n' +
+  '/base16/\n' +
+  '411f0a244cbbc25ecbb2b070d00a1832516ded521eb3ee3aa13189efe2e2b9a2'
--- a/test/insecure/compliance.spec.js
+++ b/test/insecure/compliance.spec.js
@ -0,0 +1,13 @@
+'use strict'
+/* eslint-env mocha */
+
+const tests = require('libp2p-interfaces/src/crypto/tests')
+const plaintext = require('../../src/insecure/plaintext')
+
+describe('plaintext compliance', () => {
+  tests({
+    setup () {
+      return plaintext
+    }
+  })
+})
--- a/test/insecure/plaintext.spec.js
+++ b/test/insecure/plaintext.spec.js
@ -0,0 +1,69 @@
+'use strict'
+/* eslint-env mocha */
+
+const chai = require('chai')
+chai.use(require('dirty-chai'))
+const { expect } = chai
+const sinon = require('sinon')
+
+const PeerId = require('peer-id')
+const duplexPair = require('it-pair/duplex')
+
+const peers = require('../fixtures/peers')
+const plaintext = require('../../src/insecure/plaintext')
+const {
+  InvalidCryptoExchangeError,
+  UnexpectedPeerError
+} = require('libp2p-interfaces/src/crypto/errors')
+
+describe('plaintext', () => {
+  let localPeer
+  let remotePeer
+  let wrongPeer
+
+  before(async () => {
+    [localPeer, remotePeer, wrongPeer] = await Promise.all([
+      PeerId.createFromJSON(peers[0]),
+      PeerId.createFromJSON(peers[1]),
+      PeerId.createFromJSON(peers[2])
+    ])
+  })
+
+  afterEach(() => {
+    sinon.restore()
+  })
+
+  it('should verify the public key and id match', () => {
+    const [localConn, remoteConn] = duplexPair()
+
+    // When we attempt to get the remote peer key, return the wrong peers pub key
+    sinon.stub(remotePeer, 'marshalPubKey').callsFake(() => {
+      return wrongPeer.marshalPubKey()
+    })
+
+    return Promise.all([
+      plaintext.secureInbound(remotePeer, localConn),
+      plaintext.secureOutbound(localPeer, remoteConn, remotePeer)
+    ]).then(() => expect.fail('should have failed'), (err) => {
+      expect(err).to.exist()
+      expect(err).to.have.property('code', UnexpectedPeerError.code)
+    })
+  })
+
+  it('should fail if the peer does not provide its public key', () => {
+    const [localConn, remoteConn] = duplexPair()
+
+    // When we attempt to get the remote peer key, return the wrong peers pub key
+    sinon.stub(remotePeer, 'marshalPubKey').callsFake(() => {
+      return Buffer.alloc(0)
+    })
+
+    return Promise.all([
+      plaintext.secureInbound(remotePeer, localConn),
+      plaintext.secureOutbound(localPeer, remoteConn, remotePeer)
+    ]).then(() => expect.fail('should have failed'), (err) => {
+      expect(err).to.exist()
+      expect(err).to.have.property('code', InvalidCryptoExchangeError.code)
+    })
+  })
+})
--- a/test/pnet/index.spec.js
+++ b/test/pnet/index.spec.js
@ -0,0 +1,94 @@
+/* eslint-env mocha */
+'use strict'
+
+const chai = require('chai')
+const dirtyChai = require('dirty-chai')
+chai.use(dirtyChai)
+const expect = chai.expect
+const duplexPair = require('it-pair/duplex')
+const pipe = require('it-pipe')
+const { collect } = require('streaming-iterables')
+
+const Protector = require('../../src/pnet')
+const Errors = Protector.errors
+const generate = Protector.generate
+
+const swarmKeyBuffer = Buffer.alloc(95)
+const wrongSwarmKeyBuffer = Buffer.alloc(95)
+
+// Write new psk files to the buffers
+generate(swarmKeyBuffer)
+generate(wrongSwarmKeyBuffer)
+
+describe('private network', () => {
+  it('should accept a valid psk buffer', () => {
+    const protector = new Protector(swarmKeyBuffer)
+
+    expect(protector.tag).to.equal('/key/swarm/psk/1.0.0/')
+    expect(protector.psk.byteLength).to.equal(32)
+  })
+
+  it('should protect a simple connection', async () => {
+    const [inbound, outbound] = duplexPair()
+    const protector = new Protector(swarmKeyBuffer)
+
+    const [aToB, bToA] = await Promise.all([
+      protector.protect(inbound),
+      protector.protect(outbound)
+    ])
+
+    pipe(
+      [Buffer.from('hello world'), Buffer.from('doo dah')],
+      aToB
+    )
+
+    const output = await pipe(
+      bToA,
+      source => (async function * () {
+        for await (const chunk of source) {
+          yield chunk.slice()
+        }
+      })(),
+      collect
+    )
+
+    expect(output).to.eql([Buffer.from('hello world'), Buffer.from('doo dah')])
+  })
+
+  it('should not be able to share correct data with different keys', async () => {
+    const [inbound, outbound] = duplexPair()
+    const protector = new Protector(swarmKeyBuffer)
+    const protectorB = new Protector(wrongSwarmKeyBuffer)
+
+    const [aToB, bToA] = await Promise.all([
+      protector.protect(inbound),
+      protectorB.protect(outbound)
+    ])
+
+    pipe(
+      [Buffer.from('hello world'), Buffer.from('doo dah')],
+      aToB
+    )
+
+    const output = await pipe(
+      bToA,
+      collect
+    )
+
+    expect(output).to.not.eql([Buffer.from('hello world'), Buffer.from('doo dah')])
+  })
+
+  describe('invalid psks', () => {
+    it('should not accept a bad psk', () => {
+      expect(() => {
+        return new Protector(Buffer.from('not-a-key'))
+      }).to.throw(Errors.INVALID_PSK)
+    })
+
+    it('should not accept a psk of incorrect length', () => {
+      expect(() => {
+        return new Protector(Buffer.from('/key/swarm/psk/1.0.0/\n/base16/\ndffb7e'))
+      }).to.throw(Errors.INVALID_PSK)
+    })
+  })
+})
--- a/test/upgrading/upgrader.spec.js
+++ b/test/upgrading/upgrader.spec.js
@ -13,12 +13,14 @@ const pipe = require('it-pipe')
 const { collect } = require('streaming-iterables')
 const pSettle = require('p-settle')
 const Transport = require('libp2p-websockets')
+const Crypto = require('../../src/insecure/plaintext')
+const Protector = require('../../src/pnet')
+const swarmKeyBuffer = Buffer.from(require('../fixtures/swarm.key'))

 const Libp2p = require('../../src')
 const Upgrader = require('../../src/upgrader')
 const { codes } = require('../../src/errors')

-const mockCrypto = require('../utils/mockCrypto')
 const mockMultiaddrConnPair = require('../utils/mockMultiaddrConn')
 const Peers = require('../fixtures/peers')
 const addrs = [
@ -63,7 +65,7 @@ describe('Upgrader', () => {
    sinon.stub(localUpgrader, 'muxers').value(muxers)
    sinon.stub(remoteUpgrader, 'muxers').value(muxers)

-    const cryptos = new Map([[mockCrypto.tag, mockCrypto]])
+    const cryptos = new Map([[Crypto.protocol, Crypto]])
    sinon.stub(localUpgrader, 'cryptos').value(cryptos)
    sinon.stub(remoteUpgrader, 'cryptos').value(cryptos)

@ -85,7 +87,7 @@ describe('Upgrader', () => {
    sinon.stub(localUpgrader, 'muxers').value(muxers)
    sinon.stub(remoteUpgrader, 'muxers').value(muxers)

-    const cryptos = new Map([[mockCrypto.tag, mockCrypto]])
+    const cryptos = new Map([[Crypto.protocol, Crypto]])
    sinon.stub(localUpgrader, 'cryptos').value(cryptos)
    sinon.stub(remoteUpgrader, 'cryptos').value(cryptos)

@ -114,6 +116,48 @@ describe('Upgrader', () => {
    expect(result).to.eql([hello])
  })

+  it('should use a private connection protector when provided', async () => {
+    const { inbound, outbound } = mockMultiaddrConnPair({ addrs, remotePeer })
+
+    const muxers = new Map([[Muxer.multicodec, Muxer]])
+    sinon.stub(localUpgrader, 'muxers').value(muxers)
+    sinon.stub(remoteUpgrader, 'muxers').value(muxers)
+
+    const cryptos = new Map([[Crypto.protocol, Crypto]])
+    sinon.stub(localUpgrader, 'cryptos').value(cryptos)
+    sinon.stub(remoteUpgrader, 'cryptos').value(cryptos)
+
+    const protector = new Protector(swarmKeyBuffer)
+    sinon.stub(localUpgrader, 'protector').value(protector)
+    sinon.stub(remoteUpgrader, 'protector').value(protector)
+    sinon.spy(protector, 'protect')
+
+    const connections = await Promise.all([
+      localUpgrader.upgradeOutbound(outbound),
+      remoteUpgrader.upgradeInbound(inbound)
+    ])
+
+    expect(connections).to.have.length(2)
+
+    const { stream, protocol } = await connections[0].newStream('/echo/1.0.0')
+    expect(protocol).to.equal('/echo/1.0.0')
+
+    const hello = Buffer.from('hello there!')
+    const result = await pipe(
+      [hello],
+      stream,
+      function toBuffer (source) {
+        return (async function * () {
+          for await (const val of source) yield val.slice()
+        })()
+      },
+      collect
+    )
+
+    expect(result).to.eql([hello])
+    expect(protector.protect.callCount).to.eql(2)
+  })
+
  it('should fail if crypto fails', async () => {
    const { inbound, outbound } = mockMultiaddrConnPair({ addrs, remotePeer })

@ -153,7 +197,7 @@ describe('Upgrader', () => {
    sinon.stub(localUpgrader, 'muxers').value(muxersLocal)
    sinon.stub(remoteUpgrader, 'muxers').value(muxersRemote)

-    const cryptos = new Map([[mockCrypto.tag, mockCrypto]])
+    const cryptos = new Map([[Crypto.protocol, Crypto]])
    sinon.stub(localUpgrader, 'cryptos').value(cryptos)
    sinon.stub(remoteUpgrader, 'cryptos').value(cryptos)

@ -178,7 +222,7 @@ describe('Upgrader', () => {
    sinon.stub(localUpgrader, 'muxers').value(muxers)
    sinon.stub(remoteUpgrader, 'muxers').value(muxers)

-    const cryptos = new Map([[mockCrypto.tag, mockCrypto]])
+    const cryptos = new Map([[Crypto.protocol, Crypto]])
    sinon.stub(localUpgrader, 'cryptos').value(cryptos)
    sinon.stub(remoteUpgrader, 'cryptos').value(cryptos)

@ -212,7 +256,7 @@ describe('Upgrader', () => {
    sinon.stub(localUpgrader, 'muxers').value(muxers)
    sinon.stub(remoteUpgrader, 'muxers').value(muxers)

-    const cryptos = new Map([[mockCrypto.tag, mockCrypto]])
+    const cryptos = new Map([[Crypto.protocol, Crypto]])
    sinon.stub(localUpgrader, 'cryptos').value(cryptos)
    sinon.stub(remoteUpgrader, 'cryptos').value(cryptos)

@ -246,7 +290,7 @@ describe('Upgrader', () => {
    sinon.stub(localUpgrader, 'muxers').value(muxers)
    sinon.stub(remoteUpgrader, 'muxers').value(muxers)

-    const cryptos = new Map([[mockCrypto.tag, mockCrypto]])
+    const cryptos = new Map([[Crypto.protocol, Crypto]])
    sinon.stub(localUpgrader, 'cryptos').value(cryptos)
    sinon.stub(remoteUpgrader, 'cryptos').value(cryptos)

@ -288,18 +332,21 @@ describe('libp2p.upgrader', () => {
  })

  it('should create an Upgrader', () => {
+    const protector = new Protector(swarmKeyBuffer)
    libp2p = new Libp2p({
      peerInfo: peers[0],
      modules: {
        transport: [Transport],
        streamMuxer: [Muxer],
-        connEncryption: [mockCrypto]
+        connEncryption: [Crypto],
+        connProtector: protector
      }
    })

    expect(libp2p.upgrader).to.exist()
    expect(libp2p.upgrader.muxers).to.eql(new Map([[Muxer.multicodec, Muxer]]))
-    expect(libp2p.upgrader.cryptos).to.eql(new Map([[mockCrypto.tag, mockCrypto]]))
+    expect(libp2p.upgrader.cryptos).to.eql(new Map([[Crypto.protocol, Crypto]]))
+    expect(libp2p.upgrader.protector).to.equal(protector)
    // Ensure the transport manager also has the upgrader
    expect(libp2p.upgrader).to.equal(libp2p.transportManager.upgrader)
  })
@ -310,7 +357,7 @@ describe('libp2p.upgrader', () => {
      modules: {
        transport: [Transport],
        streamMuxer: [Muxer],
-        connEncryption: [mockCrypto]
+        connEncryption: [Crypto]
      }
    })

@ -335,14 +382,14 @@ describe('libp2p.upgrader', () => {
      modules: {
        transport: [Transport],
        streamMuxer: [Muxer],
-        connEncryption: [mockCrypto]
+        connEncryption: [Crypto]
      }
    })

    const remoteUpgrader = new Upgrader({
      localPeer: remotePeer.id,
      muxers: new Map([[Muxer.multicodec, Muxer]]),
-      cryptos: new Map([[mockCrypto.tag, mockCrypto]])
+      cryptos: new Map([[Crypto.protocol, Crypto]])
    })

    const { inbound, outbound } = mockMultiaddrConnPair({ addrs, remotePeer: remotePeer.id })
--- a/test/utils/mockCrypto.js
+++ b/test/utils/mockCrypto.js
@ -4,7 +4,7 @@ const PeerId = require('peer-id')
 const Peers = require('../fixtures/peers')

 module.exports = {
-  tag: '/insecure',
+  protocol: '/insecure',
  secureInbound: (localPeer, stream) => {
    return {
      conn: stream,