fluencelabs/rust-libp2p
1
0
Fork 0
mirror of https://github.com/fluencelabs/rust-libp2p synced 2025-04-25 11:02:12 +00:00
Code Issues Projects Releases Wiki Activity
rust-libp2p/protocols/noise/tests/smoke.rs

273 lines
11 KiB
Rust
Raw Normal View History

Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
// Copyright 2019 Parity Technologies (UK) Ltd.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the "Software"),
// to deal in the Software without restriction, including without limitation
// the rights to use, copy, modify, merge, publish, distribute, sublicense,
// and/or sell copies of the Software, and to permit persons to whom the
// Software is furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
[tcp] Port-reuse, async-io, if-watch (#1887) * Update tomls. * Let transports decide when to translate. * Improve tcp transport. * Update stuff. * Remove background task. Enhance documentation. To avoid spawning a background task and thread within `TcpConfig::new()`, with communication via unbounded channels, a `TcpConfig` now keeps track of the listening addresses for port reuse in an `Arc<RwLock>`. Furthermore, an `IfWatcher` is only used by a `TcpListenStream` if it listens on any interface and directly polls the `IfWatcher` both for initialisation and new events. Includes some documentation and test enhancements. * Reintroduce feature flags for tokio vs async-io. To avoid having an extra reactor thread running for tokio users and to make sure all TCP I/O uses the mio-based tokio reactor. Thereby run tests with both backends. * Add missing files. * Fix docsrs attributes. * Update transports/tcp/src/lib.rs Co-authored-by: Max Inden <mail@max-inden.de> * Restore chat-tokio example. * Forward poll_write_vectored for tokio's AsyncWrite. * Update changelogs. Co-authored-by: David Craven <david@craven.ch> Co-authored-by: Max Inden <mail@max-inden.de>
2021-01-12 13:35:11 +01:00
use async_io::Async;
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
use futures::{future::{self, Either}, prelude::*};
use libp2p_core::identity;
Rework the transport upgrade API. (#1240) * Rework the transport upgrade API. ALthough transport upgrades must follow a specific pattern in order fot the resulting transport to be usable with a `Network` or `Swarm`, that pattern is currently not well reflected in the transport upgrade API. Rather, transport upgrades are rather laborious and involve non-trivial code duplication. This commit introduces a `transport::upgrade::Builder` that is obtained from `Transport::upgrade`. The `Builder` encodes the previously implicit rules for transport upgrades: 1. Authentication upgrades must happen first. 2. Any number of upgrades may follow. 3. A multiplexer upgrade must happen last. Since multiplexing is the last (regular) transport upgrade (because that upgrade yields a `StreamMuxer` which is no longer a `AsyncRead` / `AsyncWrite` resource, which the upgrade process is based on), the upgrade starts with `Transport::upgrade` and ends with `Builder::multiplex`, which drops back down to the `Transport`, providing a fluent API. Authentication and multiplexer upgrades must furthermore adhere to a minimal contract w.r.t their outputs: 1. An authentication upgrade is given an (async) I/O resource `C` and must produce a pair `(I, D)` where `I: ConnectionInfo` and `D` is a new (async) I/O resource `D`. 2. A multiplexer upgrade is given an (async) I/O resource `C` and must produce a `M: StreamMuxer`. To that end, two changes to the `secio` and `noise` protocols have been made: 1. The `secio` upgrade now outputs a pair of `(PeerId, SecioOutput)`. The former implements `ConnectionInfo` and the latter `AsyncRead` / `AsyncWrite`, fulfilling the `Builder` contract. 2. A new `NoiseAuthenticated` upgrade has been added that wraps around any noise upgrade (i.e. `NoiseConfig`) and has an output of `(PeerId, NoiseOutput)`, i.e. it checks if the `RemoteIdentity` from the handshake output is an `IdentityKey`, failing if that is not the case. This is the standard upgrade procedure one wants for integrating noise with libp2p-core/swarm. * Cleanup * Add a new integration test. * Add missing license.
2019-09-10 15:42:45 +02:00
use libp2p_core::upgrade::{self, Negotiated, apply_inbound, apply_outbound};
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
use libp2p_core::transport::{Transport, ListenerEvent};
Spec-compliant Noise Protocol (#1545) * Add spec-compliant x25519 protocol. * Cosmetic protobuf spec compliance. * Keep support for IK/IX. Update changelog. * Update docs. * CI
2020-05-06 14:30:23 +02:00
use libp2p_noise::{Keypair, X25519, X25519Spec, NoiseConfig, RemoteIdentity, NoiseError, NoiseOutput};
[tcp] Port-reuse, async-io, if-watch (#1887) * Update tomls. * Let transports decide when to translate. * Improve tcp transport. * Update stuff. * Remove background task. Enhance documentation. To avoid spawning a background task and thread within `TcpConfig::new()`, with communication via unbounded channels, a `TcpConfig` now keeps track of the listening addresses for port reuse in an `Arc<RwLock>`. Furthermore, an `IfWatcher` is only used by a `TcpListenStream` if it listens on any interface and directly polls the `IfWatcher` both for initialisation and new events. Includes some documentation and test enhancements. * Reintroduce feature flags for tokio vs async-io. To avoid having an extra reactor thread running for tokio users and to make sure all TCP I/O uses the mio-based tokio reactor. Thereby run tests with both backends. * Add missing files. * Fix docsrs attributes. * Update transports/tcp/src/lib.rs Co-authored-by: Max Inden <mail@max-inden.de> * Restore chat-tokio example. * Forward poll_write_vectored for tokio's AsyncWrite. * Update changelogs. Co-authored-by: David Craven <david@craven.ch> Co-authored-by: Max Inden <mail@max-inden.de>
2021-01-12 13:35:11 +01:00
use libp2p_tcp::TcpConfig;
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
use log::info;
use quickcheck::QuickCheck;
[tcp] Port-reuse, async-io, if-watch (#1887) * Update tomls. * Let transports decide when to translate. * Improve tcp transport. * Update stuff. * Remove background task. Enhance documentation. To avoid spawning a background task and thread within `TcpConfig::new()`, with communication via unbounded channels, a `TcpConfig` now keeps track of the listening addresses for port reuse in an `Arc<RwLock>`. Furthermore, an `IfWatcher` is only used by a `TcpListenStream` if it listens on any interface and directly polls the `IfWatcher` both for initialisation and new events. Includes some documentation and test enhancements. * Reintroduce feature flags for tokio vs async-io. To avoid having an extra reactor thread running for tokio users and to make sure all TCP I/O uses the mio-based tokio reactor. Thereby run tests with both backends. * Add missing files. * Fix docsrs attributes. * Update transports/tcp/src/lib.rs Co-authored-by: Max Inden <mail@max-inden.de> * Restore chat-tokio example. * Forward poll_write_vectored for tokio's AsyncWrite. * Update changelogs. Co-authored-by: David Craven <david@craven.ch> Co-authored-by: Max Inden <mail@max-inden.de>
2021-01-12 13:35:11 +01:00
use std::{convert::TryInto, io, net::TcpStream};
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
Rework the transport upgrade API. (#1240) * Rework the transport upgrade API. ALthough transport upgrades must follow a specific pattern in order fot the resulting transport to be usable with a `Network` or `Swarm`, that pattern is currently not well reflected in the transport upgrade API. Rather, transport upgrades are rather laborious and involve non-trivial code duplication. This commit introduces a `transport::upgrade::Builder` that is obtained from `Transport::upgrade`. The `Builder` encodes the previously implicit rules for transport upgrades: 1. Authentication upgrades must happen first. 2. Any number of upgrades may follow. 3. A multiplexer upgrade must happen last. Since multiplexing is the last (regular) transport upgrade (because that upgrade yields a `StreamMuxer` which is no longer a `AsyncRead` / `AsyncWrite` resource, which the upgrade process is based on), the upgrade starts with `Transport::upgrade` and ends with `Builder::multiplex`, which drops back down to the `Transport`, providing a fluent API. Authentication and multiplexer upgrades must furthermore adhere to a minimal contract w.r.t their outputs: 1. An authentication upgrade is given an (async) I/O resource `C` and must produce a pair `(I, D)` where `I: ConnectionInfo` and `D` is a new (async) I/O resource `D`. 2. A multiplexer upgrade is given an (async) I/O resource `C` and must produce a `M: StreamMuxer`. To that end, two changes to the `secio` and `noise` protocols have been made: 1. The `secio` upgrade now outputs a pair of `(PeerId, SecioOutput)`. The former implements `ConnectionInfo` and the latter `AsyncRead` / `AsyncWrite`, fulfilling the `Builder` contract. 2. A new `NoiseAuthenticated` upgrade has been added that wraps around any noise upgrade (i.e. `NoiseConfig`) and has an output of `(PeerId, NoiseOutput)`, i.e. it checks if the `RemoteIdentity` from the handshake output is an `IdentityKey`, failing if that is not the case. This is the standard upgrade procedure one wants for integrating noise with libp2p-core/swarm. * Cleanup * Add a new integration test. * Add missing license.
2019-09-10 15:42:45 +02:00
#[allow(dead_code)]
fn core_upgrade_compat() {
// Tests API compaibility with the libp2p-core upgrade API,
// i.e. if it compiles, the "test" is considered a success.
let id_keys = identity::Keypair::generate_ed25519();
let dh_keys = Keypair::<X25519>::new().into_authentic(&id_keys).unwrap();
let noise = NoiseConfig::xx(dh_keys).into_authenticated();
Merge master into stable-futures (#1271) * Configurable multistream-select protocol. Add V1Lazy variant. (#1245) Make the multistream-select protocol (version) configurable on transport upgrades as well as for individual substreams. Add a "lazy" variant of multistream-select 1.0 that delays sending of negotiation protocol frames as much as possible but is only safe to use under additional assumptions that go beyond what is required by the multistream-select v1 specification. * Improve the code readability of the chat example (#1253) * Add bridged chats (#1252) * Try fix CI (#1261) * Print Rust version on CI * Don't print where not appropriate * Change caching strategy * Remove win32 build * Remove win32 from list * Update libsecp256k1 dep to 0.3.0 (#1258) * Update libsecp256k1 dep to 0.3.0 * Sign now cannot fail * Upgrade url and percent-encoding deps to 2.1.0 (#1267) * Upgrade percent-encoding dep to 2.1.0 * Upgrade url dep to 2.1.0 * Fix more conflicts * Revert CIPHERS set to null (#1273)
2019-10-10 11:31:44 +02:00
let _ = TcpConfig::new().upgrade(upgrade::Version::V1).authenticate(noise);
Rework the transport upgrade API. (#1240) * Rework the transport upgrade API. ALthough transport upgrades must follow a specific pattern in order fot the resulting transport to be usable with a `Network` or `Swarm`, that pattern is currently not well reflected in the transport upgrade API. Rather, transport upgrades are rather laborious and involve non-trivial code duplication. This commit introduces a `transport::upgrade::Builder` that is obtained from `Transport::upgrade`. The `Builder` encodes the previously implicit rules for transport upgrades: 1. Authentication upgrades must happen first. 2. Any number of upgrades may follow. 3. A multiplexer upgrade must happen last. Since multiplexing is the last (regular) transport upgrade (because that upgrade yields a `StreamMuxer` which is no longer a `AsyncRead` / `AsyncWrite` resource, which the upgrade process is based on), the upgrade starts with `Transport::upgrade` and ends with `Builder::multiplex`, which drops back down to the `Transport`, providing a fluent API. Authentication and multiplexer upgrades must furthermore adhere to a minimal contract w.r.t their outputs: 1. An authentication upgrade is given an (async) I/O resource `C` and must produce a pair `(I, D)` where `I: ConnectionInfo` and `D` is a new (async) I/O resource `D`. 2. A multiplexer upgrade is given an (async) I/O resource `C` and must produce a `M: StreamMuxer`. To that end, two changes to the `secio` and `noise` protocols have been made: 1. The `secio` upgrade now outputs a pair of `(PeerId, SecioOutput)`. The former implements `ConnectionInfo` and the latter `AsyncRead` / `AsyncWrite`, fulfilling the `Builder` contract. 2. A new `NoiseAuthenticated` upgrade has been added that wraps around any noise upgrade (i.e. `NoiseConfig`) and has an output of `(PeerId, NoiseOutput)`, i.e. it checks if the `RemoteIdentity` from the handshake output is an `IdentityKey`, failing if that is not the case. This is the standard upgrade procedure one wants for integrating noise with libp2p-core/swarm. * Cleanup * Add a new integration test. * Add missing license.
2019-09-10 15:42:45 +02:00
}
Spec-compliant Noise Protocol (#1545) * Add spec-compliant x25519 protocol. * Cosmetic protobuf spec compliance. * Keep support for IK/IX. Update changelog. * Update docs. * CI
2020-05-06 14:30:23 +02:00
#[test]
fn xx_spec() {
let _ = env_logger::try_init();
fn prop(mut messages: Vec<Message>) -> bool {
messages.truncate(5);
let server_id = identity::Keypair::generate_ed25519();
let client_id = identity::Keypair::generate_ed25519();
let server_id_public = server_id.public();
let client_id_public = client_id.public();
let server_dh = Keypair::<X25519Spec>::new().into_authentic(&server_id).unwrap();
let server_transport = TcpConfig::new()
.and_then(move |output, endpoint| {
upgrade::apply(output, NoiseConfig::xx(server_dh), endpoint, upgrade::Version::V1)
})
.and_then(move |out, _| expect_identity(out, &client_id_public));
let client_dh = Keypair::<X25519Spec>::new().into_authentic(&client_id).unwrap();
let client_transport = TcpConfig::new()
.and_then(move |output, endpoint| {
upgrade::apply(output, NoiseConfig::xx(client_dh), endpoint, upgrade::Version::V1)
})
.and_then(move |out, _| expect_identity(out, &server_id_public));
run(server_transport, client_transport, messages);
true
}
QuickCheck::new().max_tests(30).quickcheck(prop as fn(Vec<Message>) -> bool)
}
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
#[test]
fn xx() {
let _ = env_logger::try_init();
Grow noise buffers dynamically. (#1436) * Grow noise buffers dynamically. Currently we allocate a buffer of 176 KiB for each noise state, i.e. each connection. For connections which see only small data frames this is wasteful. At the same time we limit the max. write buffer size to 16 KiB to keep the total buffer size relatively small, which results in smaller encrypted messages and also makes it less likely to ever encounter the max. noise package size of 64 KiB in practice when communicating with other nodes using the same implementation. This PR repaces the static buffer allocation with a dynamic one. We only reserve a small space for the authentication tag plus some extra reserve and are able to buffer larger data frames before encrypting. * Grow write buffer from offset. As suggested by @mxinden, this prevents increasing the write buffer up to MAX_WRITE_BUF_LEN. Co-authored-by: Pierre Krieger <pierre.krieger1708@gmail.com>
2020-02-13 12:38:33 +01:00
fn prop(mut messages: Vec<Message>) -> bool {
messages.truncate(5);
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
let server_id = identity::Keypair::generate_ed25519();
let client_id = identity::Keypair::generate_ed25519();
Consolidate keypairs in core. (#972) * Consolidate keypairs in core. Introduce the concept of a node's identity keypair in libp2p-core, instead of only the public key: * New module: libp2p_core::identity with submodules for the currently supported key types. An identity::Keypair and identity::PublicKey support the creation and verification of signatures. The public key supports encoding/decoding according to the libp2p specs. * The secio protocol is simplified as a result of moving code to libp2p-core. * The noise protocol is slightly simplified by consolidating ed25519 keypairs in libp2p-core and using x25519-dalek for DH. Furthermore, Ed25519 to X25519 keypair conversion is now complete and tested. Generalise over the DH keys in the noise protocol. Generalise over the DH keys and thus DH parameter in handshake patterns of the Noise protocol, such that it is easy to support other DH schemes in the future, e.g. X448. * Address new review comments.
2019-03-11 13:42:53 +01:00
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
let server_id_public = server_id.public();
let client_id_public = client_id.public();
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
let server_dh = Keypair::<X25519>::new().into_authentic(&server_id).unwrap();
let server_transport = TcpConfig::new()
Rework the transport upgrade API. (#1240) * Rework the transport upgrade API. ALthough transport upgrades must follow a specific pattern in order fot the resulting transport to be usable with a `Network` or `Swarm`, that pattern is currently not well reflected in the transport upgrade API. Rather, transport upgrades are rather laborious and involve non-trivial code duplication. This commit introduces a `transport::upgrade::Builder` that is obtained from `Transport::upgrade`. The `Builder` encodes the previously implicit rules for transport upgrades: 1. Authentication upgrades must happen first. 2. Any number of upgrades may follow. 3. A multiplexer upgrade must happen last. Since multiplexing is the last (regular) transport upgrade (because that upgrade yields a `StreamMuxer` which is no longer a `AsyncRead` / `AsyncWrite` resource, which the upgrade process is based on), the upgrade starts with `Transport::upgrade` and ends with `Builder::multiplex`, which drops back down to the `Transport`, providing a fluent API. Authentication and multiplexer upgrades must furthermore adhere to a minimal contract w.r.t their outputs: 1. An authentication upgrade is given an (async) I/O resource `C` and must produce a pair `(I, D)` where `I: ConnectionInfo` and `D` is a new (async) I/O resource `D`. 2. A multiplexer upgrade is given an (async) I/O resource `C` and must produce a `M: StreamMuxer`. To that end, two changes to the `secio` and `noise` protocols have been made: 1. The `secio` upgrade now outputs a pair of `(PeerId, SecioOutput)`. The former implements `ConnectionInfo` and the latter `AsyncRead` / `AsyncWrite`, fulfilling the `Builder` contract. 2. A new `NoiseAuthenticated` upgrade has been added that wraps around any noise upgrade (i.e. `NoiseConfig`) and has an output of `(PeerId, NoiseOutput)`, i.e. it checks if the `RemoteIdentity` from the handshake output is an `IdentityKey`, failing if that is not the case. This is the standard upgrade procedure one wants for integrating noise with libp2p-core/swarm. * Cleanup * Add a new integration test. * Add missing license.
2019-09-10 15:42:45 +02:00
.and_then(move |output, endpoint| {
Merge master into stable-futures (#1271) * Configurable multistream-select protocol. Add V1Lazy variant. (#1245) Make the multistream-select protocol (version) configurable on transport upgrades as well as for individual substreams. Add a "lazy" variant of multistream-select 1.0 that delays sending of negotiation protocol frames as much as possible but is only safe to use under additional assumptions that go beyond what is required by the multistream-select v1 specification. * Improve the code readability of the chat example (#1253) * Add bridged chats (#1252) * Try fix CI (#1261) * Print Rust version on CI * Don't print where not appropriate * Change caching strategy * Remove win32 build * Remove win32 from list * Update libsecp256k1 dep to 0.3.0 (#1258) * Update libsecp256k1 dep to 0.3.0 * Sign now cannot fail * Upgrade url and percent-encoding deps to 2.1.0 (#1267) * Upgrade percent-encoding dep to 2.1.0 * Upgrade url dep to 2.1.0 * Fix more conflicts * Revert CIPHERS set to null (#1273)
2019-10-10 11:31:44 +02:00
upgrade::apply(output, NoiseConfig::xx(server_dh), endpoint, upgrade::Version::V1)
Rework the transport upgrade API. (#1240) * Rework the transport upgrade API. ALthough transport upgrades must follow a specific pattern in order fot the resulting transport to be usable with a `Network` or `Swarm`, that pattern is currently not well reflected in the transport upgrade API. Rather, transport upgrades are rather laborious and involve non-trivial code duplication. This commit introduces a `transport::upgrade::Builder` that is obtained from `Transport::upgrade`. The `Builder` encodes the previously implicit rules for transport upgrades: 1. Authentication upgrades must happen first. 2. Any number of upgrades may follow. 3. A multiplexer upgrade must happen last. Since multiplexing is the last (regular) transport upgrade (because that upgrade yields a `StreamMuxer` which is no longer a `AsyncRead` / `AsyncWrite` resource, which the upgrade process is based on), the upgrade starts with `Transport::upgrade` and ends with `Builder::multiplex`, which drops back down to the `Transport`, providing a fluent API. Authentication and multiplexer upgrades must furthermore adhere to a minimal contract w.r.t their outputs: 1. An authentication upgrade is given an (async) I/O resource `C` and must produce a pair `(I, D)` where `I: ConnectionInfo` and `D` is a new (async) I/O resource `D`. 2. A multiplexer upgrade is given an (async) I/O resource `C` and must produce a `M: StreamMuxer`. To that end, two changes to the `secio` and `noise` protocols have been made: 1. The `secio` upgrade now outputs a pair of `(PeerId, SecioOutput)`. The former implements `ConnectionInfo` and the latter `AsyncRead` / `AsyncWrite`, fulfilling the `Builder` contract. 2. A new `NoiseAuthenticated` upgrade has been added that wraps around any noise upgrade (i.e. `NoiseConfig`) and has an output of `(PeerId, NoiseOutput)`, i.e. it checks if the `RemoteIdentity` from the handshake output is an `IdentityKey`, failing if that is not the case. This is the standard upgrade procedure one wants for integrating noise with libp2p-core/swarm. * Cleanup * Add a new integration test. * Add missing license.
2019-09-10 15:42:45 +02:00
})
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
.and_then(move |out, _| expect_identity(out, &client_id_public));
let client_dh = Keypair::<X25519>::new().into_authentic(&client_id).unwrap();
let client_transport = TcpConfig::new()
Rework the transport upgrade API. (#1240) * Rework the transport upgrade API. ALthough transport upgrades must follow a specific pattern in order fot the resulting transport to be usable with a `Network` or `Swarm`, that pattern is currently not well reflected in the transport upgrade API. Rather, transport upgrades are rather laborious and involve non-trivial code duplication. This commit introduces a `transport::upgrade::Builder` that is obtained from `Transport::upgrade`. The `Builder` encodes the previously implicit rules for transport upgrades: 1. Authentication upgrades must happen first. 2. Any number of upgrades may follow. 3. A multiplexer upgrade must happen last. Since multiplexing is the last (regular) transport upgrade (because that upgrade yields a `StreamMuxer` which is no longer a `AsyncRead` / `AsyncWrite` resource, which the upgrade process is based on), the upgrade starts with `Transport::upgrade` and ends with `Builder::multiplex`, which drops back down to the `Transport`, providing a fluent API. Authentication and multiplexer upgrades must furthermore adhere to a minimal contract w.r.t their outputs: 1. An authentication upgrade is given an (async) I/O resource `C` and must produce a pair `(I, D)` where `I: ConnectionInfo` and `D` is a new (async) I/O resource `D`. 2. A multiplexer upgrade is given an (async) I/O resource `C` and must produce a `M: StreamMuxer`. To that end, two changes to the `secio` and `noise` protocols have been made: 1. The `secio` upgrade now outputs a pair of `(PeerId, SecioOutput)`. The former implements `ConnectionInfo` and the latter `AsyncRead` / `AsyncWrite`, fulfilling the `Builder` contract. 2. A new `NoiseAuthenticated` upgrade has been added that wraps around any noise upgrade (i.e. `NoiseConfig`) and has an output of `(PeerId, NoiseOutput)`, i.e. it checks if the `RemoteIdentity` from the handshake output is an `IdentityKey`, failing if that is not the case. This is the standard upgrade procedure one wants for integrating noise with libp2p-core/swarm. * Cleanup * Add a new integration test. * Add missing license.
2019-09-10 15:42:45 +02:00
.and_then(move |output, endpoint| {
Merge master into stable-futures (#1271) * Configurable multistream-select protocol. Add V1Lazy variant. (#1245) Make the multistream-select protocol (version) configurable on transport upgrades as well as for individual substreams. Add a "lazy" variant of multistream-select 1.0 that delays sending of negotiation protocol frames as much as possible but is only safe to use under additional assumptions that go beyond what is required by the multistream-select v1 specification. * Improve the code readability of the chat example (#1253) * Add bridged chats (#1252) * Try fix CI (#1261) * Print Rust version on CI * Don't print where not appropriate * Change caching strategy * Remove win32 build * Remove win32 from list * Update libsecp256k1 dep to 0.3.0 (#1258) * Update libsecp256k1 dep to 0.3.0 * Sign now cannot fail * Upgrade url and percent-encoding deps to 2.1.0 (#1267) * Upgrade percent-encoding dep to 2.1.0 * Upgrade url dep to 2.1.0 * Fix more conflicts * Revert CIPHERS set to null (#1273)
2019-10-10 11:31:44 +02:00
upgrade::apply(output, NoiseConfig::xx(client_dh), endpoint, upgrade::Version::V1)
Rework the transport upgrade API. (#1240) * Rework the transport upgrade API. ALthough transport upgrades must follow a specific pattern in order fot the resulting transport to be usable with a `Network` or `Swarm`, that pattern is currently not well reflected in the transport upgrade API. Rather, transport upgrades are rather laborious and involve non-trivial code duplication. This commit introduces a `transport::upgrade::Builder` that is obtained from `Transport::upgrade`. The `Builder` encodes the previously implicit rules for transport upgrades: 1. Authentication upgrades must happen first. 2. Any number of upgrades may follow. 3. A multiplexer upgrade must happen last. Since multiplexing is the last (regular) transport upgrade (because that upgrade yields a `StreamMuxer` which is no longer a `AsyncRead` / `AsyncWrite` resource, which the upgrade process is based on), the upgrade starts with `Transport::upgrade` and ends with `Builder::multiplex`, which drops back down to the `Transport`, providing a fluent API. Authentication and multiplexer upgrades must furthermore adhere to a minimal contract w.r.t their outputs: 1. An authentication upgrade is given an (async) I/O resource `C` and must produce a pair `(I, D)` where `I: ConnectionInfo` and `D` is a new (async) I/O resource `D`. 2. A multiplexer upgrade is given an (async) I/O resource `C` and must produce a `M: StreamMuxer`. To that end, two changes to the `secio` and `noise` protocols have been made: 1. The `secio` upgrade now outputs a pair of `(PeerId, SecioOutput)`. The former implements `ConnectionInfo` and the latter `AsyncRead` / `AsyncWrite`, fulfilling the `Builder` contract. 2. A new `NoiseAuthenticated` upgrade has been added that wraps around any noise upgrade (i.e. `NoiseConfig`) and has an output of `(PeerId, NoiseOutput)`, i.e. it checks if the `RemoteIdentity` from the handshake output is an `IdentityKey`, failing if that is not the case. This is the standard upgrade procedure one wants for integrating noise with libp2p-core/swarm. * Cleanup * Add a new integration test. * Add missing license.
2019-09-10 15:42:45 +02:00
})
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
.and_then(move |out, _| expect_identity(out, &server_id_public));
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
Grow noise buffers dynamically. (#1436) * Grow noise buffers dynamically. Currently we allocate a buffer of 176 KiB for each noise state, i.e. each connection. For connections which see only small data frames this is wasteful. At the same time we limit the max. write buffer size to 16 KiB to keep the total buffer size relatively small, which results in smaller encrypted messages and also makes it less likely to ever encounter the max. noise package size of 64 KiB in practice when communicating with other nodes using the same implementation. This PR repaces the static buffer allocation with a dynamic one. We only reserve a small space for the authentication tag plus some extra reserve and are able to buffer larger data frames before encrypting. * Grow write buffer from offset. As suggested by @mxinden, this prevents increasing the write buffer up to MAX_WRITE_BUF_LEN. Co-authored-by: Pierre Krieger <pierre.krieger1708@gmail.com>
2020-02-13 12:38:33 +01:00
run(server_transport, client_transport, messages);
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
true
}
Grow noise buffers dynamically. (#1436) * Grow noise buffers dynamically. Currently we allocate a buffer of 176 KiB for each noise state, i.e. each connection. For connections which see only small data frames this is wasteful. At the same time we limit the max. write buffer size to 16 KiB to keep the total buffer size relatively small, which results in smaller encrypted messages and also makes it less likely to ever encounter the max. noise package size of 64 KiB in practice when communicating with other nodes using the same implementation. This PR repaces the static buffer allocation with a dynamic one. We only reserve a small space for the authentication tag plus some extra reserve and are able to buffer larger data frames before encrypting. * Grow write buffer from offset. As suggested by @mxinden, this prevents increasing the write buffer up to MAX_WRITE_BUF_LEN. Co-authored-by: Pierre Krieger <pierre.krieger1708@gmail.com>
2020-02-13 12:38:33 +01:00
QuickCheck::new().max_tests(30).quickcheck(prop as fn(Vec<Message>) -> bool)
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
}
#[test]
fn ix() {
let _ = env_logger::try_init();
Grow noise buffers dynamically. (#1436) * Grow noise buffers dynamically. Currently we allocate a buffer of 176 KiB for each noise state, i.e. each connection. For connections which see only small data frames this is wasteful. At the same time we limit the max. write buffer size to 16 KiB to keep the total buffer size relatively small, which results in smaller encrypted messages and also makes it less likely to ever encounter the max. noise package size of 64 KiB in practice when communicating with other nodes using the same implementation. This PR repaces the static buffer allocation with a dynamic one. We only reserve a small space for the authentication tag plus some extra reserve and are able to buffer larger data frames before encrypting. * Grow write buffer from offset. As suggested by @mxinden, this prevents increasing the write buffer up to MAX_WRITE_BUF_LEN. Co-authored-by: Pierre Krieger <pierre.krieger1708@gmail.com>
2020-02-13 12:38:33 +01:00
fn prop(mut messages: Vec<Message>) -> bool {
messages.truncate(5);
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
let server_id = identity::Keypair::generate_ed25519();
let client_id = identity::Keypair::generate_ed25519();
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
let server_id_public = server_id.public();
let client_id_public = client_id.public();
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
let server_dh = Keypair::<X25519>::new().into_authentic(&server_id).unwrap();
let server_transport = TcpConfig::new()
Rework the transport upgrade API. (#1240) * Rework the transport upgrade API. ALthough transport upgrades must follow a specific pattern in order fot the resulting transport to be usable with a `Network` or `Swarm`, that pattern is currently not well reflected in the transport upgrade API. Rather, transport upgrades are rather laborious and involve non-trivial code duplication. This commit introduces a `transport::upgrade::Builder` that is obtained from `Transport::upgrade`. The `Builder` encodes the previously implicit rules for transport upgrades: 1. Authentication upgrades must happen first. 2. Any number of upgrades may follow. 3. A multiplexer upgrade must happen last. Since multiplexing is the last (regular) transport upgrade (because that upgrade yields a `StreamMuxer` which is no longer a `AsyncRead` / `AsyncWrite` resource, which the upgrade process is based on), the upgrade starts with `Transport::upgrade` and ends with `Builder::multiplex`, which drops back down to the `Transport`, providing a fluent API. Authentication and multiplexer upgrades must furthermore adhere to a minimal contract w.r.t their outputs: 1. An authentication upgrade is given an (async) I/O resource `C` and must produce a pair `(I, D)` where `I: ConnectionInfo` and `D` is a new (async) I/O resource `D`. 2. A multiplexer upgrade is given an (async) I/O resource `C` and must produce a `M: StreamMuxer`. To that end, two changes to the `secio` and `noise` protocols have been made: 1. The `secio` upgrade now outputs a pair of `(PeerId, SecioOutput)`. The former implements `ConnectionInfo` and the latter `AsyncRead` / `AsyncWrite`, fulfilling the `Builder` contract. 2. A new `NoiseAuthenticated` upgrade has been added that wraps around any noise upgrade (i.e. `NoiseConfig`) and has an output of `(PeerId, NoiseOutput)`, i.e. it checks if the `RemoteIdentity` from the handshake output is an `IdentityKey`, failing if that is not the case. This is the standard upgrade procedure one wants for integrating noise with libp2p-core/swarm. * Cleanup * Add a new integration test. * Add missing license.
2019-09-10 15:42:45 +02:00
.and_then(move |output, endpoint| {
Merge master into stable-futures (#1271) * Configurable multistream-select protocol. Add V1Lazy variant. (#1245) Make the multistream-select protocol (version) configurable on transport upgrades as well as for individual substreams. Add a "lazy" variant of multistream-select 1.0 that delays sending of negotiation protocol frames as much as possible but is only safe to use under additional assumptions that go beyond what is required by the multistream-select v1 specification. * Improve the code readability of the chat example (#1253) * Add bridged chats (#1252) * Try fix CI (#1261) * Print Rust version on CI * Don't print where not appropriate * Change caching strategy * Remove win32 build * Remove win32 from list * Update libsecp256k1 dep to 0.3.0 (#1258) * Update libsecp256k1 dep to 0.3.0 * Sign now cannot fail * Upgrade url and percent-encoding deps to 2.1.0 (#1267) * Upgrade percent-encoding dep to 2.1.0 * Upgrade url dep to 2.1.0 * Fix more conflicts * Revert CIPHERS set to null (#1273)
2019-10-10 11:31:44 +02:00
upgrade::apply(output, NoiseConfig::ix(server_dh), endpoint, upgrade::Version::V1)
Rework the transport upgrade API. (#1240) * Rework the transport upgrade API. ALthough transport upgrades must follow a specific pattern in order fot the resulting transport to be usable with a `Network` or `Swarm`, that pattern is currently not well reflected in the transport upgrade API. Rather, transport upgrades are rather laborious and involve non-trivial code duplication. This commit introduces a `transport::upgrade::Builder` that is obtained from `Transport::upgrade`. The `Builder` encodes the previously implicit rules for transport upgrades: 1. Authentication upgrades must happen first. 2. Any number of upgrades may follow. 3. A multiplexer upgrade must happen last. Since multiplexing is the last (regular) transport upgrade (because that upgrade yields a `StreamMuxer` which is no longer a `AsyncRead` / `AsyncWrite` resource, which the upgrade process is based on), the upgrade starts with `Transport::upgrade` and ends with `Builder::multiplex`, which drops back down to the `Transport`, providing a fluent API. Authentication and multiplexer upgrades must furthermore adhere to a minimal contract w.r.t their outputs: 1. An authentication upgrade is given an (async) I/O resource `C` and must produce a pair `(I, D)` where `I: ConnectionInfo` and `D` is a new (async) I/O resource `D`. 2. A multiplexer upgrade is given an (async) I/O resource `C` and must produce a `M: StreamMuxer`. To that end, two changes to the `secio` and `noise` protocols have been made: 1. The `secio` upgrade now outputs a pair of `(PeerId, SecioOutput)`. The former implements `ConnectionInfo` and the latter `AsyncRead` / `AsyncWrite`, fulfilling the `Builder` contract. 2. A new `NoiseAuthenticated` upgrade has been added that wraps around any noise upgrade (i.e. `NoiseConfig`) and has an output of `(PeerId, NoiseOutput)`, i.e. it checks if the `RemoteIdentity` from the handshake output is an `IdentityKey`, failing if that is not the case. This is the standard upgrade procedure one wants for integrating noise with libp2p-core/swarm. * Cleanup * Add a new integration test. * Add missing license.
2019-09-10 15:42:45 +02:00
})
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
.and_then(move |out, _| expect_identity(out, &client_id_public));
let client_dh = Keypair::<X25519>::new().into_authentic(&client_id).unwrap();
let client_transport = TcpConfig::new()
Rework the transport upgrade API. (#1240) * Rework the transport upgrade API. ALthough transport upgrades must follow a specific pattern in order fot the resulting transport to be usable with a `Network` or `Swarm`, that pattern is currently not well reflected in the transport upgrade API. Rather, transport upgrades are rather laborious and involve non-trivial code duplication. This commit introduces a `transport::upgrade::Builder` that is obtained from `Transport::upgrade`. The `Builder` encodes the previously implicit rules for transport upgrades: 1. Authentication upgrades must happen first. 2. Any number of upgrades may follow. 3. A multiplexer upgrade must happen last. Since multiplexing is the last (regular) transport upgrade (because that upgrade yields a `StreamMuxer` which is no longer a `AsyncRead` / `AsyncWrite` resource, which the upgrade process is based on), the upgrade starts with `Transport::upgrade` and ends with `Builder::multiplex`, which drops back down to the `Transport`, providing a fluent API. Authentication and multiplexer upgrades must furthermore adhere to a minimal contract w.r.t their outputs: 1. An authentication upgrade is given an (async) I/O resource `C` and must produce a pair `(I, D)` where `I: ConnectionInfo` and `D` is a new (async) I/O resource `D`. 2. A multiplexer upgrade is given an (async) I/O resource `C` and must produce a `M: StreamMuxer`. To that end, two changes to the `secio` and `noise` protocols have been made: 1. The `secio` upgrade now outputs a pair of `(PeerId, SecioOutput)`. The former implements `ConnectionInfo` and the latter `AsyncRead` / `AsyncWrite`, fulfilling the `Builder` contract. 2. A new `NoiseAuthenticated` upgrade has been added that wraps around any noise upgrade (i.e. `NoiseConfig`) and has an output of `(PeerId, NoiseOutput)`, i.e. it checks if the `RemoteIdentity` from the handshake output is an `IdentityKey`, failing if that is not the case. This is the standard upgrade procedure one wants for integrating noise with libp2p-core/swarm. * Cleanup * Add a new integration test. * Add missing license.
2019-09-10 15:42:45 +02:00
.and_then(move |output, endpoint| {
Merge master into stable-futures (#1271) * Configurable multistream-select protocol. Add V1Lazy variant. (#1245) Make the multistream-select protocol (version) configurable on transport upgrades as well as for individual substreams. Add a "lazy" variant of multistream-select 1.0 that delays sending of negotiation protocol frames as much as possible but is only safe to use under additional assumptions that go beyond what is required by the multistream-select v1 specification. * Improve the code readability of the chat example (#1253) * Add bridged chats (#1252) * Try fix CI (#1261) * Print Rust version on CI * Don't print where not appropriate * Change caching strategy * Remove win32 build * Remove win32 from list * Update libsecp256k1 dep to 0.3.0 (#1258) * Update libsecp256k1 dep to 0.3.0 * Sign now cannot fail * Upgrade url and percent-encoding deps to 2.1.0 (#1267) * Upgrade percent-encoding dep to 2.1.0 * Upgrade url dep to 2.1.0 * Fix more conflicts * Revert CIPHERS set to null (#1273)
2019-10-10 11:31:44 +02:00
upgrade::apply(output, NoiseConfig::ix(client_dh), endpoint, upgrade::Version::V1)
Rework the transport upgrade API. (#1240) * Rework the transport upgrade API. ALthough transport upgrades must follow a specific pattern in order fot the resulting transport to be usable with a `Network` or `Swarm`, that pattern is currently not well reflected in the transport upgrade API. Rather, transport upgrades are rather laborious and involve non-trivial code duplication. This commit introduces a `transport::upgrade::Builder` that is obtained from `Transport::upgrade`. The `Builder` encodes the previously implicit rules for transport upgrades: 1. Authentication upgrades must happen first. 2. Any number of upgrades may follow. 3. A multiplexer upgrade must happen last. Since multiplexing is the last (regular) transport upgrade (because that upgrade yields a `StreamMuxer` which is no longer a `AsyncRead` / `AsyncWrite` resource, which the upgrade process is based on), the upgrade starts with `Transport::upgrade` and ends with `Builder::multiplex`, which drops back down to the `Transport`, providing a fluent API. Authentication and multiplexer upgrades must furthermore adhere to a minimal contract w.r.t their outputs: 1. An authentication upgrade is given an (async) I/O resource `C` and must produce a pair `(I, D)` where `I: ConnectionInfo` and `D` is a new (async) I/O resource `D`. 2. A multiplexer upgrade is given an (async) I/O resource `C` and must produce a `M: StreamMuxer`. To that end, two changes to the `secio` and `noise` protocols have been made: 1. The `secio` upgrade now outputs a pair of `(PeerId, SecioOutput)`. The former implements `ConnectionInfo` and the latter `AsyncRead` / `AsyncWrite`, fulfilling the `Builder` contract. 2. A new `NoiseAuthenticated` upgrade has been added that wraps around any noise upgrade (i.e. `NoiseConfig`) and has an output of `(PeerId, NoiseOutput)`, i.e. it checks if the `RemoteIdentity` from the handshake output is an `IdentityKey`, failing if that is not the case. This is the standard upgrade procedure one wants for integrating noise with libp2p-core/swarm. * Cleanup * Add a new integration test. * Add missing license.
2019-09-10 15:42:45 +02:00
})
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
.and_then(move |out, _| expect_identity(out, &server_id_public));
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
Grow noise buffers dynamically. (#1436) * Grow noise buffers dynamically. Currently we allocate a buffer of 176 KiB for each noise state, i.e. each connection. For connections which see only small data frames this is wasteful. At the same time we limit the max. write buffer size to 16 KiB to keep the total buffer size relatively small, which results in smaller encrypted messages and also makes it less likely to ever encounter the max. noise package size of 64 KiB in practice when communicating with other nodes using the same implementation. This PR repaces the static buffer allocation with a dynamic one. We only reserve a small space for the authentication tag plus some extra reserve and are able to buffer larger data frames before encrypting. * Grow write buffer from offset. As suggested by @mxinden, this prevents increasing the write buffer up to MAX_WRITE_BUF_LEN. Co-authored-by: Pierre Krieger <pierre.krieger1708@gmail.com>
2020-02-13 12:38:33 +01:00
run(server_transport, client_transport, messages);
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
true
}
Grow noise buffers dynamically. (#1436) * Grow noise buffers dynamically. Currently we allocate a buffer of 176 KiB for each noise state, i.e. each connection. For connections which see only small data frames this is wasteful. At the same time we limit the max. write buffer size to 16 KiB to keep the total buffer size relatively small, which results in smaller encrypted messages and also makes it less likely to ever encounter the max. noise package size of 64 KiB in practice when communicating with other nodes using the same implementation. This PR repaces the static buffer allocation with a dynamic one. We only reserve a small space for the authentication tag plus some extra reserve and are able to buffer larger data frames before encrypting. * Grow write buffer from offset. As suggested by @mxinden, this prevents increasing the write buffer up to MAX_WRITE_BUF_LEN. Co-authored-by: Pierre Krieger <pierre.krieger1708@gmail.com>
2020-02-13 12:38:33 +01:00
QuickCheck::new().max_tests(30).quickcheck(prop as fn(Vec<Message>) -> bool)
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
}
#[test]
fn ik_xx() {
let _ = env_logger::try_init();
Grow noise buffers dynamically. (#1436) * Grow noise buffers dynamically. Currently we allocate a buffer of 176 KiB for each noise state, i.e. each connection. For connections which see only small data frames this is wasteful. At the same time we limit the max. write buffer size to 16 KiB to keep the total buffer size relatively small, which results in smaller encrypted messages and also makes it less likely to ever encounter the max. noise package size of 64 KiB in practice when communicating with other nodes using the same implementation. This PR repaces the static buffer allocation with a dynamic one. We only reserve a small space for the authentication tag plus some extra reserve and are able to buffer larger data frames before encrypting. * Grow write buffer from offset. As suggested by @mxinden, this prevents increasing the write buffer up to MAX_WRITE_BUF_LEN. Co-authored-by: Pierre Krieger <pierre.krieger1708@gmail.com>
2020-02-13 12:38:33 +01:00
fn prop(mut messages: Vec<Message>) -> bool {
messages.truncate(5);
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
let server_id = identity::Keypair::generate_ed25519();
let server_id_public = server_id.public();
let client_id = identity::Keypair::generate_ed25519();
let client_id_public = client_id.public();
let server_dh = Keypair::<X25519>::new().into_authentic(&server_id).unwrap();
let server_dh_public = server_dh.public().clone();
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
let server_transport = TcpConfig::new()
.and_then(move |output, endpoint| {
if endpoint.is_listener() {
protocols/noise: Update to futures-preview (#1248) * protocols/noise: Fix obvious future errors * protocol/noise: Make Handshake methods independent functions * protocols/noise: Abstract T and C for handshake * protocols/noise: Replace FutureResult with Result * protocols/noise: Introduce recv_identity stub * protocols/noise: Implement recv_identity stub * protocols/noise: Change NoiseConfig::Future from Handshake to Result * protocols/noise: Adjust to new Poll syntax * protocols/noise: Return early on state creation failure * protocols/noise: Add bounds Async{Write,Read} to initiator / respoder * protocols/noise: Add Protocol trait bound for C in rt functions * protocols/noise: Do io operations on state.io instead of state * protocols/noise: Have upgrade_xxx return a pinned future * protocols/noise: Have NoiseOutput::poll_read self be mutable * protocols/noise: Make recv_identity buffers mutable * protocols/noise: Fix warnings * protocols/noise: Replace NoiseOutput io::Read impl with AsyncRead * protocols/noise: Replace NoiseOutput io::Write impl with AsyncWrite * protocols/noise: Adjust tests to new futures * protocols/noise: Don't use {AsyncRead,AsyncWrite,TryStream}*Ext* bound * protocols/noise: Don't use async_closure feature * protocols/noise: use futures::ready! macro * protocols/noise: Make NoiseOutput AsyncRead return unsafe NopInitializer The previous implementation of AsyncRead for NoiseOutput would operate on uninitialized buffers, given that it properly returned the number of bytest that were written to the buffer. With this patch the current implementation operates on uninitialized buffers as well by returning an Initializer::nop() in AsyncRead::initializer. * protocols/noise: Remove resolved TODO questions * protocols/noise: Remove 'this = self' comment Given that `let mut this = &mut *self` is not specific to a pinned self, but follows the dereference coercion [1] happening at compile time when trying to mutably borrow two distinct struct fields, this patch removes the code comment. [1] ```rust let x = &mut self.deref_mut().x; let y = &mut self.deref_mut().y; // error // --- let mut this = self.deref_mut(); let x = &mut this.x; let y = &mut this.y; // ok ``` * Remove redundant nested futures. * protocols/noise/Cargo: Update to futures preview 0.3.0-alpha.18 * protocols/noise: Improve formatting * protocols/noise: Return pinned future on authenticated noise upgrade * protocols/noise: Specify Output of Future embedded in Handshake directly * *: Ensure Noise handshake futures are Send * Revert "*: Ensure Noise handshake futures are Send" This reverts commit 555c2df315e44f21ad39d4408445ce2cb84dd1a4. * protocols/noise: Ensure NoiseConfig Future is Send * protocols/noise: Use relative import path for {In,Out}boundUpgrade
2019-10-03 23:40:14 +02:00
Either::Left(apply_inbound(output, NoiseConfig::ik_listener(server_dh)))
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
} else {
Merge master into stable-futures (#1271) * Configurable multistream-select protocol. Add V1Lazy variant. (#1245) Make the multistream-select protocol (version) configurable on transport upgrades as well as for individual substreams. Add a "lazy" variant of multistream-select 1.0 that delays sending of negotiation protocol frames as much as possible but is only safe to use under additional assumptions that go beyond what is required by the multistream-select v1 specification. * Improve the code readability of the chat example (#1253) * Add bridged chats (#1252) * Try fix CI (#1261) * Print Rust version on CI * Don't print where not appropriate * Change caching strategy * Remove win32 build * Remove win32 from list * Update libsecp256k1 dep to 0.3.0 (#1258) * Update libsecp256k1 dep to 0.3.0 * Sign now cannot fail * Upgrade url and percent-encoding deps to 2.1.0 (#1267) * Upgrade percent-encoding dep to 2.1.0 * Upgrade url dep to 2.1.0 * Fix more conflicts * Revert CIPHERS set to null (#1273)
2019-10-10 11:31:44 +02:00
Either::Right(apply_outbound(output, NoiseConfig::xx(server_dh),
upgrade::Version::V1))
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
}
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
})
.and_then(move |out, _| expect_identity(out, &client_id_public));
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
let client_dh = Keypair::<X25519>::new().into_authentic(&client_id).unwrap();
let server_id_public2 = server_id_public.clone();
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
let client_transport = TcpConfig::new()
.and_then(move |output, endpoint| {
if endpoint.is_dialer() {
protocols/noise: Update to futures-preview (#1248) * protocols/noise: Fix obvious future errors * protocol/noise: Make Handshake methods independent functions * protocols/noise: Abstract T and C for handshake * protocols/noise: Replace FutureResult with Result * protocols/noise: Introduce recv_identity stub * protocols/noise: Implement recv_identity stub * protocols/noise: Change NoiseConfig::Future from Handshake to Result * protocols/noise: Adjust to new Poll syntax * protocols/noise: Return early on state creation failure * protocols/noise: Add bounds Async{Write,Read} to initiator / respoder * protocols/noise: Add Protocol trait bound for C in rt functions * protocols/noise: Do io operations on state.io instead of state * protocols/noise: Have upgrade_xxx return a pinned future * protocols/noise: Have NoiseOutput::poll_read self be mutable * protocols/noise: Make recv_identity buffers mutable * protocols/noise: Fix warnings * protocols/noise: Replace NoiseOutput io::Read impl with AsyncRead * protocols/noise: Replace NoiseOutput io::Write impl with AsyncWrite * protocols/noise: Adjust tests to new futures * protocols/noise: Don't use {AsyncRead,AsyncWrite,TryStream}*Ext* bound * protocols/noise: Don't use async_closure feature * protocols/noise: use futures::ready! macro * protocols/noise: Make NoiseOutput AsyncRead return unsafe NopInitializer The previous implementation of AsyncRead for NoiseOutput would operate on uninitialized buffers, given that it properly returned the number of bytest that were written to the buffer. With this patch the current implementation operates on uninitialized buffers as well by returning an Initializer::nop() in AsyncRead::initializer. * protocols/noise: Remove resolved TODO questions * protocols/noise: Remove 'this = self' comment Given that `let mut this = &mut *self` is not specific to a pinned self, but follows the dereference coercion [1] happening at compile time when trying to mutably borrow two distinct struct fields, this patch removes the code comment. [1] ```rust let x = &mut self.deref_mut().x; let y = &mut self.deref_mut().y; // error // --- let mut this = self.deref_mut(); let x = &mut this.x; let y = &mut this.y; // ok ``` * Remove redundant nested futures. * protocols/noise/Cargo: Update to futures preview 0.3.0-alpha.18 * protocols/noise: Improve formatting * protocols/noise: Return pinned future on authenticated noise upgrade * protocols/noise: Specify Output of Future embedded in Handshake directly * *: Ensure Noise handshake futures are Send * Revert "*: Ensure Noise handshake futures are Send" This reverts commit 555c2df315e44f21ad39d4408445ce2cb84dd1a4. * protocols/noise: Ensure NoiseConfig Future is Send * protocols/noise: Use relative import path for {In,Out}boundUpgrade
2019-10-03 23:40:14 +02:00
Either::Left(apply_outbound(output,
Merge master into stable-futures (#1271) * Configurable multistream-select protocol. Add V1Lazy variant. (#1245) Make the multistream-select protocol (version) configurable on transport upgrades as well as for individual substreams. Add a "lazy" variant of multistream-select 1.0 that delays sending of negotiation protocol frames as much as possible but is only safe to use under additional assumptions that go beyond what is required by the multistream-select v1 specification. * Improve the code readability of the chat example (#1253) * Add bridged chats (#1252) * Try fix CI (#1261) * Print Rust version on CI * Don't print where not appropriate * Change caching strategy * Remove win32 build * Remove win32 from list * Update libsecp256k1 dep to 0.3.0 (#1258) * Update libsecp256k1 dep to 0.3.0 * Sign now cannot fail * Upgrade url and percent-encoding deps to 2.1.0 (#1267) * Upgrade percent-encoding dep to 2.1.0 * Upgrade url dep to 2.1.0 * Fix more conflicts * Revert CIPHERS set to null (#1273)
2019-10-10 11:31:44 +02:00
NoiseConfig::ik_dialer(client_dh, server_id_public, server_dh_public),
upgrade::Version::V1))
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
} else {
protocols/noise: Update to futures-preview (#1248) * protocols/noise: Fix obvious future errors * protocol/noise: Make Handshake methods independent functions * protocols/noise: Abstract T and C for handshake * protocols/noise: Replace FutureResult with Result * protocols/noise: Introduce recv_identity stub * protocols/noise: Implement recv_identity stub * protocols/noise: Change NoiseConfig::Future from Handshake to Result * protocols/noise: Adjust to new Poll syntax * protocols/noise: Return early on state creation failure * protocols/noise: Add bounds Async{Write,Read} to initiator / respoder * protocols/noise: Add Protocol trait bound for C in rt functions * protocols/noise: Do io operations on state.io instead of state * protocols/noise: Have upgrade_xxx return a pinned future * protocols/noise: Have NoiseOutput::poll_read self be mutable * protocols/noise: Make recv_identity buffers mutable * protocols/noise: Fix warnings * protocols/noise: Replace NoiseOutput io::Read impl with AsyncRead * protocols/noise: Replace NoiseOutput io::Write impl with AsyncWrite * protocols/noise: Adjust tests to new futures * protocols/noise: Don't use {AsyncRead,AsyncWrite,TryStream}*Ext* bound * protocols/noise: Don't use async_closure feature * protocols/noise: use futures::ready! macro * protocols/noise: Make NoiseOutput AsyncRead return unsafe NopInitializer The previous implementation of AsyncRead for NoiseOutput would operate on uninitialized buffers, given that it properly returned the number of bytest that were written to the buffer. With this patch the current implementation operates on uninitialized buffers as well by returning an Initializer::nop() in AsyncRead::initializer. * protocols/noise: Remove resolved TODO questions * protocols/noise: Remove 'this = self' comment Given that `let mut this = &mut *self` is not specific to a pinned self, but follows the dereference coercion [1] happening at compile time when trying to mutably borrow two distinct struct fields, this patch removes the code comment. [1] ```rust let x = &mut self.deref_mut().x; let y = &mut self.deref_mut().y; // error // --- let mut this = self.deref_mut(); let x = &mut this.x; let y = &mut this.y; // ok ``` * Remove redundant nested futures. * protocols/noise/Cargo: Update to futures preview 0.3.0-alpha.18 * protocols/noise: Improve formatting * protocols/noise: Return pinned future on authenticated noise upgrade * protocols/noise: Specify Output of Future embedded in Handshake directly * *: Ensure Noise handshake futures are Send * Revert "*: Ensure Noise handshake futures are Send" This reverts commit 555c2df315e44f21ad39d4408445ce2cb84dd1a4. * protocols/noise: Ensure NoiseConfig Future is Send * protocols/noise: Use relative import path for {In,Out}boundUpgrade
2019-10-03 23:40:14 +02:00
Either::Right(apply_inbound(output, NoiseConfig::xx(client_dh)))
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
}
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
})
.and_then(move |out, _| expect_identity(out, &server_id_public2));
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
Grow noise buffers dynamically. (#1436) * Grow noise buffers dynamically. Currently we allocate a buffer of 176 KiB for each noise state, i.e. each connection. For connections which see only small data frames this is wasteful. At the same time we limit the max. write buffer size to 16 KiB to keep the total buffer size relatively small, which results in smaller encrypted messages and also makes it less likely to ever encounter the max. noise package size of 64 KiB in practice when communicating with other nodes using the same implementation. This PR repaces the static buffer allocation with a dynamic one. We only reserve a small space for the authentication tag plus some extra reserve and are able to buffer larger data frames before encrypting. * Grow write buffer from offset. As suggested by @mxinden, this prevents increasing the write buffer up to MAX_WRITE_BUF_LEN. Co-authored-by: Pierre Krieger <pierre.krieger1708@gmail.com>
2020-02-13 12:38:33 +01:00
run(server_transport, client_transport, messages);
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
true
}
Grow noise buffers dynamically. (#1436) * Grow noise buffers dynamically. Currently we allocate a buffer of 176 KiB for each noise state, i.e. each connection. For connections which see only small data frames this is wasteful. At the same time we limit the max. write buffer size to 16 KiB to keep the total buffer size relatively small, which results in smaller encrypted messages and also makes it less likely to ever encounter the max. noise package size of 64 KiB in practice when communicating with other nodes using the same implementation. This PR repaces the static buffer allocation with a dynamic one. We only reserve a small space for the authentication tag plus some extra reserve and are able to buffer larger data frames before encrypting. * Grow write buffer from offset. As suggested by @mxinden, this prevents increasing the write buffer up to MAX_WRITE_BUF_LEN. Co-authored-by: Pierre Krieger <pierre.krieger1708@gmail.com>
2020-02-13 12:38:33 +01:00
QuickCheck::new().max_tests(30).quickcheck(prop as fn(Vec<Message>) -> bool)
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
}
[tcp] Port-reuse, async-io, if-watch (#1887) * Update tomls. * Let transports decide when to translate. * Improve tcp transport. * Update stuff. * Remove background task. Enhance documentation. To avoid spawning a background task and thread within `TcpConfig::new()`, with communication via unbounded channels, a `TcpConfig` now keeps track of the listening addresses for port reuse in an `Arc<RwLock>`. Furthermore, an `IfWatcher` is only used by a `TcpListenStream` if it listens on any interface and directly polls the `IfWatcher` both for initialisation and new events. Includes some documentation and test enhancements. * Reintroduce feature flags for tokio vs async-io. To avoid having an extra reactor thread running for tokio users and to make sure all TCP I/O uses the mio-based tokio reactor. Thereby run tests with both backends. * Add missing files. * Fix docsrs attributes. * Update transports/tcp/src/lib.rs Co-authored-by: Max Inden <mail@max-inden.de> * Restore chat-tokio example. * Forward poll_write_vectored for tokio's AsyncWrite. * Update changelogs. Co-authored-by: David Craven <david@craven.ch> Co-authored-by: Max Inden <mail@max-inden.de>
2021-01-12 13:35:11 +01:00
type Output<C> = (RemoteIdentity<C>, NoiseOutput<Negotiated<Async<TcpStream>>>);
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
Spec-compliant Noise Protocol (#1545) * Add spec-compliant x25519 protocol. * Cosmetic protobuf spec compliance. * Keep support for IK/IX. Update changelog. * Update docs. * CI
2020-05-06 14:30:23 +02:00
fn run<T, U, I, C>(server_transport: T, client_transport: U, messages: I)
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
where
Spec-compliant Noise Protocol (#1545) * Add spec-compliant x25519 protocol. * Cosmetic protobuf spec compliance. * Keep support for IK/IX. Update changelog. * Update docs. * CI
2020-05-06 14:30:23 +02:00
T: Transport<Output = Output<C>>,
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
T::Dial: Send + 'static,
Make errors on listener non-fatal (#1427) * Make errors on listener non-fatal * Fix bad rename * Some changes to trait bounds * Fix noise tests * Apply suggestions from code review Co-Authored-By: Toralf Wittner <tw@dtex.org> * Add reason for closure * Fix intra-doc link Co-authored-by: Toralf Wittner <tw@dtex.org>
2020-02-13 12:05:45 +01:00
T::Listener: Send + Unpin + 'static,
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
T::ListenerUpgrade: Send + 'static,
Spec-compliant Noise Protocol (#1545) * Add spec-compliant x25519 protocol. * Cosmetic protobuf spec compliance. * Keep support for IK/IX. Update changelog. * Update docs. * CI
2020-05-06 14:30:23 +02:00
U: Transport<Output = Output<C>>,
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
U::Dial: Send + 'static,
U::Listener: Send + 'static,
U::ListenerUpgrade: Send + 'static,
Grow noise buffers dynamically. (#1436) * Grow noise buffers dynamically. Currently we allocate a buffer of 176 KiB for each noise state, i.e. each connection. For connections which see only small data frames this is wasteful. At the same time we limit the max. write buffer size to 16 KiB to keep the total buffer size relatively small, which results in smaller encrypted messages and also makes it less likely to ever encounter the max. noise package size of 64 KiB in practice when communicating with other nodes using the same implementation. This PR repaces the static buffer allocation with a dynamic one. We only reserve a small space for the authentication tag plus some extra reserve and are able to buffer larger data frames before encrypting. * Grow write buffer from offset. As suggested by @mxinden, this prevents increasing the write buffer up to MAX_WRITE_BUF_LEN. Co-authored-by: Pierre Krieger <pierre.krieger1708@gmail.com>
2020-02-13 12:38:33 +01:00
I: IntoIterator<Item = Message> + Clone
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
{
protocols/noise: Update to futures-preview (#1248) * protocols/noise: Fix obvious future errors * protocol/noise: Make Handshake methods independent functions * protocols/noise: Abstract T and C for handshake * protocols/noise: Replace FutureResult with Result * protocols/noise: Introduce recv_identity stub * protocols/noise: Implement recv_identity stub * protocols/noise: Change NoiseConfig::Future from Handshake to Result * protocols/noise: Adjust to new Poll syntax * protocols/noise: Return early on state creation failure * protocols/noise: Add bounds Async{Write,Read} to initiator / respoder * protocols/noise: Add Protocol trait bound for C in rt functions * protocols/noise: Do io operations on state.io instead of state * protocols/noise: Have upgrade_xxx return a pinned future * protocols/noise: Have NoiseOutput::poll_read self be mutable * protocols/noise: Make recv_identity buffers mutable * protocols/noise: Fix warnings * protocols/noise: Replace NoiseOutput io::Read impl with AsyncRead * protocols/noise: Replace NoiseOutput io::Write impl with AsyncWrite * protocols/noise: Adjust tests to new futures * protocols/noise: Don't use {AsyncRead,AsyncWrite,TryStream}*Ext* bound * protocols/noise: Don't use async_closure feature * protocols/noise: use futures::ready! macro * protocols/noise: Make NoiseOutput AsyncRead return unsafe NopInitializer The previous implementation of AsyncRead for NoiseOutput would operate on uninitialized buffers, given that it properly returned the number of bytest that were written to the buffer. With this patch the current implementation operates on uninitialized buffers as well by returning an Initializer::nop() in AsyncRead::initializer. * protocols/noise: Remove resolved TODO questions * protocols/noise: Remove 'this = self' comment Given that `let mut this = &mut *self` is not specific to a pinned self, but follows the dereference coercion [1] happening at compile time when trying to mutably borrow two distinct struct fields, this patch removes the code comment. [1] ```rust let x = &mut self.deref_mut().x; let y = &mut self.deref_mut().y; // error // --- let mut this = self.deref_mut(); let x = &mut this.x; let y = &mut this.y; // ok ``` * Remove redundant nested futures. * protocols/noise/Cargo: Update to futures preview 0.3.0-alpha.18 * protocols/noise: Improve formatting * protocols/noise: Return pinned future on authenticated noise upgrade * protocols/noise: Specify Output of Future embedded in Handshake directly * *: Ensure Noise handshake futures are Send * Revert "*: Ensure Noise handshake futures are Send" This reverts commit 555c2df315e44f21ad39d4408445ce2cb84dd1a4. * protocols/noise: Ensure NoiseConfig Future is Send * protocols/noise: Use relative import path for {In,Out}boundUpgrade
2019-10-03 23:40:14 +02:00
futures::executor::block_on(async {
let mut server: T::Listener = server_transport
.listen_on("/ip4/127.0.0.1/tcp/0".parse().unwrap())
.unwrap();
let server_address = server.try_next()
.await
.expect("some event")
.expect("no error")
.into_new_address()
.expect("listen address");
Grow noise buffers dynamically. (#1436) * Grow noise buffers dynamically. Currently we allocate a buffer of 176 KiB for each noise state, i.e. each connection. For connections which see only small data frames this is wasteful. At the same time we limit the max. write buffer size to 16 KiB to keep the total buffer size relatively small, which results in smaller encrypted messages and also makes it less likely to ever encounter the max. noise package size of 64 KiB in practice when communicating with other nodes using the same implementation. This PR repaces the static buffer allocation with a dynamic one. We only reserve a small space for the authentication tag plus some extra reserve and are able to buffer larger data frames before encrypting. * Grow write buffer from offset. As suggested by @mxinden, this prevents increasing the write buffer up to MAX_WRITE_BUF_LEN. Co-authored-by: Pierre Krieger <pierre.krieger1708@gmail.com>
2020-02-13 12:38:33 +01:00
let outbound_msgs = messages.clone();
protocols/noise: Update to futures-preview (#1248) * protocols/noise: Fix obvious future errors * protocol/noise: Make Handshake methods independent functions * protocols/noise: Abstract T and C for handshake * protocols/noise: Replace FutureResult with Result * protocols/noise: Introduce recv_identity stub * protocols/noise: Implement recv_identity stub * protocols/noise: Change NoiseConfig::Future from Handshake to Result * protocols/noise: Adjust to new Poll syntax * protocols/noise: Return early on state creation failure * protocols/noise: Add bounds Async{Write,Read} to initiator / respoder * protocols/noise: Add Protocol trait bound for C in rt functions * protocols/noise: Do io operations on state.io instead of state * protocols/noise: Have upgrade_xxx return a pinned future * protocols/noise: Have NoiseOutput::poll_read self be mutable * protocols/noise: Make recv_identity buffers mutable * protocols/noise: Fix warnings * protocols/noise: Replace NoiseOutput io::Read impl with AsyncRead * protocols/noise: Replace NoiseOutput io::Write impl with AsyncWrite * protocols/noise: Adjust tests to new futures * protocols/noise: Don't use {AsyncRead,AsyncWrite,TryStream}*Ext* bound * protocols/noise: Don't use async_closure feature * protocols/noise: use futures::ready! macro * protocols/noise: Make NoiseOutput AsyncRead return unsafe NopInitializer The previous implementation of AsyncRead for NoiseOutput would operate on uninitialized buffers, given that it properly returned the number of bytest that were written to the buffer. With this patch the current implementation operates on uninitialized buffers as well by returning an Initializer::nop() in AsyncRead::initializer. * protocols/noise: Remove resolved TODO questions * protocols/noise: Remove 'this = self' comment Given that `let mut this = &mut *self` is not specific to a pinned self, but follows the dereference coercion [1] happening at compile time when trying to mutably borrow two distinct struct fields, this patch removes the code comment. [1] ```rust let x = &mut self.deref_mut().x; let y = &mut self.deref_mut().y; // error // --- let mut this = self.deref_mut(); let x = &mut this.x; let y = &mut this.y; // ok ``` * Remove redundant nested futures. * protocols/noise/Cargo: Update to futures preview 0.3.0-alpha.18 * protocols/noise: Improve formatting * protocols/noise: Return pinned future on authenticated noise upgrade * protocols/noise: Specify Output of Future embedded in Handshake directly * *: Ensure Noise handshake futures are Send * Revert "*: Ensure Noise handshake futures are Send" This reverts commit 555c2df315e44f21ad39d4408445ce2cb84dd1a4. * protocols/noise: Ensure NoiseConfig Future is Send * protocols/noise: Use relative import path for {In,Out}boundUpgrade
2019-10-03 23:40:14 +02:00
let client_fut = async {
let mut client_session = client_transport.dial(server_address.clone())
.unwrap()
.await
.map(|(_, session)| session)
.expect("no error");
Grow noise buffers dynamically. (#1436) * Grow noise buffers dynamically. Currently we allocate a buffer of 176 KiB for each noise state, i.e. each connection. For connections which see only small data frames this is wasteful. At the same time we limit the max. write buffer size to 16 KiB to keep the total buffer size relatively small, which results in smaller encrypted messages and also makes it less likely to ever encounter the max. noise package size of 64 KiB in practice when communicating with other nodes using the same implementation. This PR repaces the static buffer allocation with a dynamic one. We only reserve a small space for the authentication tag plus some extra reserve and are able to buffer larger data frames before encrypting. * Grow write buffer from offset. As suggested by @mxinden, this prevents increasing the write buffer up to MAX_WRITE_BUF_LEN. Co-authored-by: Pierre Krieger <pierre.krieger1708@gmail.com>
2020-02-13 12:38:33 +01:00
for m in outbound_msgs {
let n = (m.0.len() as u64).to_be_bytes();
client_session.write_all(&n[..]).await.expect("len written");
client_session.write_all(&m.0).await.expect("no error")
}
protocols/noise: Update to futures-preview (#1248) * protocols/noise: Fix obvious future errors * protocol/noise: Make Handshake methods independent functions * protocols/noise: Abstract T and C for handshake * protocols/noise: Replace FutureResult with Result * protocols/noise: Introduce recv_identity stub * protocols/noise: Implement recv_identity stub * protocols/noise: Change NoiseConfig::Future from Handshake to Result * protocols/noise: Adjust to new Poll syntax * protocols/noise: Return early on state creation failure * protocols/noise: Add bounds Async{Write,Read} to initiator / respoder * protocols/noise: Add Protocol trait bound for C in rt functions * protocols/noise: Do io operations on state.io instead of state * protocols/noise: Have upgrade_xxx return a pinned future * protocols/noise: Have NoiseOutput::poll_read self be mutable * protocols/noise: Make recv_identity buffers mutable * protocols/noise: Fix warnings * protocols/noise: Replace NoiseOutput io::Read impl with AsyncRead * protocols/noise: Replace NoiseOutput io::Write impl with AsyncWrite * protocols/noise: Adjust tests to new futures * protocols/noise: Don't use {AsyncRead,AsyncWrite,TryStream}*Ext* bound * protocols/noise: Don't use async_closure feature * protocols/noise: use futures::ready! macro * protocols/noise: Make NoiseOutput AsyncRead return unsafe NopInitializer The previous implementation of AsyncRead for NoiseOutput would operate on uninitialized buffers, given that it properly returned the number of bytest that were written to the buffer. With this patch the current implementation operates on uninitialized buffers as well by returning an Initializer::nop() in AsyncRead::initializer. * protocols/noise: Remove resolved TODO questions * protocols/noise: Remove 'this = self' comment Given that `let mut this = &mut *self` is not specific to a pinned self, but follows the dereference coercion [1] happening at compile time when trying to mutably borrow two distinct struct fields, this patch removes the code comment. [1] ```rust let x = &mut self.deref_mut().x; let y = &mut self.deref_mut().y; // error // --- let mut this = self.deref_mut(); let x = &mut this.x; let y = &mut this.y; // ok ``` * Remove redundant nested futures. * protocols/noise/Cargo: Update to futures preview 0.3.0-alpha.18 * protocols/noise: Improve formatting * protocols/noise: Return pinned future on authenticated noise upgrade * protocols/noise: Specify Output of Future embedded in Handshake directly * *: Ensure Noise handshake futures are Send * Revert "*: Ensure Noise handshake futures are Send" This reverts commit 555c2df315e44f21ad39d4408445ce2cb84dd1a4. * protocols/noise: Ensure NoiseConfig Future is Send * protocols/noise: Use relative import path for {In,Out}boundUpgrade
2019-10-03 23:40:14 +02:00
client_session.flush().await.expect("no error");
};
let server_fut = async {
let mut server_session = server.try_next()
.await
.expect("some event")
.map(ListenerEvent::into_upgrade)
.expect("no error")
.map(|client| client.0)
.expect("listener upgrade")
.await
.map(|(_, session)| session)
.expect("no error");
Grow noise buffers dynamically. (#1436) * Grow noise buffers dynamically. Currently we allocate a buffer of 176 KiB for each noise state, i.e. each connection. For connections which see only small data frames this is wasteful. At the same time we limit the max. write buffer size to 16 KiB to keep the total buffer size relatively small, which results in smaller encrypted messages and also makes it less likely to ever encounter the max. noise package size of 64 KiB in practice when communicating with other nodes using the same implementation. This PR repaces the static buffer allocation with a dynamic one. We only reserve a small space for the authentication tag plus some extra reserve and are able to buffer larger data frames before encrypting. * Grow write buffer from offset. As suggested by @mxinden, this prevents increasing the write buffer up to MAX_WRITE_BUF_LEN. Co-authored-by: Pierre Krieger <pierre.krieger1708@gmail.com>
2020-02-13 12:38:33 +01:00
for m in messages {
let len = {
let mut n = [0; 8];
match server_session.read_exact(&mut n).await {
Ok(()) => u64::from_be_bytes(n),
Err(e) if e.kind() == io::ErrorKind::UnexpectedEof => 0,
Err(e) => panic!("error reading len: {}", e)
}
};
info!("server: reading message ({} bytes)", len);
let mut server_buffer = vec![0; len.try_into().unwrap()];
server_session.read_exact(&mut server_buffer).await.expect("no error");
assert_eq!(server_buffer, m.0)
}
protocols/noise: Update to futures-preview (#1248) * protocols/noise: Fix obvious future errors * protocol/noise: Make Handshake methods independent functions * protocols/noise: Abstract T and C for handshake * protocols/noise: Replace FutureResult with Result * protocols/noise: Introduce recv_identity stub * protocols/noise: Implement recv_identity stub * protocols/noise: Change NoiseConfig::Future from Handshake to Result * protocols/noise: Adjust to new Poll syntax * protocols/noise: Return early on state creation failure * protocols/noise: Add bounds Async{Write,Read} to initiator / respoder * protocols/noise: Add Protocol trait bound for C in rt functions * protocols/noise: Do io operations on state.io instead of state * protocols/noise: Have upgrade_xxx return a pinned future * protocols/noise: Have NoiseOutput::poll_read self be mutable * protocols/noise: Make recv_identity buffers mutable * protocols/noise: Fix warnings * protocols/noise: Replace NoiseOutput io::Read impl with AsyncRead * protocols/noise: Replace NoiseOutput io::Write impl with AsyncWrite * protocols/noise: Adjust tests to new futures * protocols/noise: Don't use {AsyncRead,AsyncWrite,TryStream}*Ext* bound * protocols/noise: Don't use async_closure feature * protocols/noise: use futures::ready! macro * protocols/noise: Make NoiseOutput AsyncRead return unsafe NopInitializer The previous implementation of AsyncRead for NoiseOutput would operate on uninitialized buffers, given that it properly returned the number of bytest that were written to the buffer. With this patch the current implementation operates on uninitialized buffers as well by returning an Initializer::nop() in AsyncRead::initializer. * protocols/noise: Remove resolved TODO questions * protocols/noise: Remove 'this = self' comment Given that `let mut this = &mut *self` is not specific to a pinned self, but follows the dereference coercion [1] happening at compile time when trying to mutably borrow two distinct struct fields, this patch removes the code comment. [1] ```rust let x = &mut self.deref_mut().x; let y = &mut self.deref_mut().y; // error // --- let mut this = self.deref_mut(); let x = &mut this.x; let y = &mut this.y; // ok ``` * Remove redundant nested futures. * protocols/noise/Cargo: Update to futures preview 0.3.0-alpha.18 * protocols/noise: Improve formatting * protocols/noise: Return pinned future on authenticated noise upgrade * protocols/noise: Specify Output of Future embedded in Handshake directly * *: Ensure Noise handshake futures are Send * Revert "*: Ensure Noise handshake futures are Send" This reverts commit 555c2df315e44f21ad39d4408445ce2cb84dd1a4. * protocols/noise: Ensure NoiseConfig Future is Send * protocols/noise: Use relative import path for {In,Out}boundUpgrade
2019-10-03 23:40:14 +02:00
};
futures::future::join(server_fut, client_fut).await;
})
Add support for noise IX, XX, and IK handshakes. (#888)
2019-01-30 11:36:00 +01:00
}
Spec-compliant Noise Protocol (#1545) * Add spec-compliant x25519 protocol. * Cosmetic protobuf spec compliance. * Keep support for IK/IX. Update changelog. * Update docs. * CI
2020-05-06 14:30:23 +02:00
fn expect_identity<C>(output: Output<C>, pk: &identity::PublicKey)
-> impl Future<Output = Result<Output<C>, NoiseError>>
Integrate identity keys with libp2p-noise for authentication. (#1027) * Integrate use of identity keys into libp2p-noise. In order to make libp2p-noise usable with a `Swarm`, which requires a `Transport::Output` that is a pair of a peer ID and an implementation of `StreamMuxer`, it is necessary to bridge the gap between static DH public keys and public identity keys from which peer IDs are derived. Because the DH static keys and the identity keys need not be related, it is thus generally necessary that the public identity keys are exchanged as part of the Noise handshake, which the Noise protocol accomodates for through the use of handshake message payloads. The implementation of the existing (IK, IX, XX) handshake patterns is thus changed to send the public identity keys in the handshake payloads. Additionally, to facilitate the use of any identity keypair with Noise handshakes, the static DH public keys are signed using the identity keypairs and the signatures sent alongside the public identity key in handshake payloads, unless the static DH public key is "linked" to the public identity key by other means, e.g. when an Ed25519 identity keypair is (re)used as an X25519 keypair. * libp2p-noise doesn't build for wasm. Thus the development transport needs to be still constructed with secio for transport security when building for wasm. * Documentation tweaks. * For consistency, avoid wildcard enum imports. * For consistency, avoid wildcard enum imports. * Slightly simplify io::handshake::State::finish. * Simplify creation of 2-byte arrays. * Remove unnecessary cast and obey 100 char line limit. * Update protocols/noise/src/protocol.rs Co-Authored-By: romanb <romanb@users.noreply.github.com> * Address more review comments. * Cosmetics * Cosmetics * Give authentic DH keypairs a distinct type. This has a couple of advantages: * Signing the DH public key only needs to happen once, before creating a `NoiseConfig` for an authenticated handshake. * The identity keypair only needs to be borrowed and can be dropped if it is not used further outside of the Noise protocol, since it is no longer needed during Noise handshakes. * It is explicit in the construction of a `NoiseConfig` for a handshake pattern, whether it operates with a plain `Keypair` or a keypair that is authentic w.r.t. a public identity key and future handshake patterns may be built with either. * The function signatures for constructing `NoiseConfig`s for handshake patterns are simplified and a few unnecessary trait bounds removed. * Post-merge corrections. * Add note on experimental status of libp2p-noise.
2019-05-07 10:22:42 +02:00
{
match output.0 {
RemoteIdentity::IdentityKey(ref k) if k == pk => future::ok(output),
_ => panic!("Unexpected remote identity")
}
}
Grow noise buffers dynamically. (#1436) * Grow noise buffers dynamically. Currently we allocate a buffer of 176 KiB for each noise state, i.e. each connection. For connections which see only small data frames this is wasteful. At the same time we limit the max. write buffer size to 16 KiB to keep the total buffer size relatively small, which results in smaller encrypted messages and also makes it less likely to ever encounter the max. noise package size of 64 KiB in practice when communicating with other nodes using the same implementation. This PR repaces the static buffer allocation with a dynamic one. We only reserve a small space for the authentication tag plus some extra reserve and are able to buffer larger data frames before encrypting. * Grow write buffer from offset. As suggested by @mxinden, this prevents increasing the write buffer up to MAX_WRITE_BUF_LEN. Co-authored-by: Pierre Krieger <pierre.krieger1708@gmail.com>
2020-02-13 12:38:33 +01:00
#[derive(Debug, Clone, PartialEq, Eq)]
struct Message(Vec<u8>);
impl quickcheck::Arbitrary for Message {
fn arbitrary<G: quickcheck::Gen>(g: &mut G) -> Self {
let s = 1 + g.next_u32() % (128 * 1024);
let mut v = vec![0; s.try_into().unwrap()];
g.fill_bytes(&mut v);
Message(v)
}
}
Reference in New Issue Copy Permalink