protocols/noise: Introduce NoiseAuthenticated::xx constructor with X25519 DH key exchange (#2887)

Co-authored-by: Max Inden <mail@max-inden.de>

Cargo.toml

@@ -88,7 +88,7 @@ libp2p-identify = { version = "0.39.0", path = "protocols/identify", optional =
 libp2p-kad = { version = "0.41.0", path = "protocols/kad", optional = true }
 libp2p-metrics = { version = "0.10.0", path = "misc/metrics", optional = true }
 libp2p-mplex = { version = "0.36.0", path = "muxers/mplex", optional = true }
-libp2p-noise = { version = "0.39.0", path = "transports/noise", optional = true }
+libp2p-noise = { version = "0.39.1", path = "transports/noise", optional = true }
 libp2p-ping = { version = "0.39.0", path = "protocols/ping", optional = true }
 libp2p-plaintext = { version = "0.36.0", path = "transports/plaintext", optional = true }
 libp2p-pnet = { version = "0.22.0", path = "transports/pnet", optional = true }

core/tests/transport_upgrade.rs

@@ -79,12 +79,9 @@ where
 fn upgrade_pipeline() {
     let listener_keys = identity::Keypair::generate_ed25519();
     let listener_id = listener_keys.public().to_peer_id();
-    let listener_noise_keys = noise::Keypair::<noise::X25519Spec>::new()
-        .into_authentic(&listener_keys)
-        .unwrap();
     let mut listener_transport = MemoryTransport::default()
         .upgrade(upgrade::Version::V1)
-        .authenticate(noise::NoiseConfig::xx(listener_noise_keys).into_authenticated())
+        .authenticate(noise::NoiseAuthenticated::xx(&listener_keys).unwrap())
         .apply(HelloUpgrade {})
         .apply(HelloUpgrade {})
         .apply(HelloUpgrade {})
@@ -93,12 +90,9 @@ fn upgrade_pipeline() {
 
     let dialer_keys = identity::Keypair::generate_ed25519();
     let dialer_id = dialer_keys.public().to_peer_id();
-    let dialer_noise_keys = noise::Keypair::<noise::X25519Spec>::new()
-        .into_authentic(&dialer_keys)
-        .unwrap();
     let mut dialer_transport = MemoryTransport::default()
         .upgrade(upgrade::Version::V1)
-        .authenticate(noise::NoiseConfig::xx(dialer_noise_keys).into_authenticated())
+        .authenticate(noise::NoiseAuthenticated::xx(&dialer_keys).unwrap())
         .apply(HelloUpgrade {})
         .apply(HelloUpgrade {})
         .apply(HelloUpgrade {})

examples/chat-tokio.rs

@@ -70,16 +70,14 @@ async fn main() -> Result<(), Box<dyn Error>> {
     let peer_id = PeerId::from(id_keys.public());
     println!("Local peer id: {:?}", peer_id);
 
-    // Create a keypair for authenticated encryption of the transport.
-    let noise_keys = noise::Keypair::<noise::X25519Spec>::new()
-        .into_authentic(&id_keys)
-        .expect("Signing libp2p-noise static DH keypair failed.");
-
     // Create a tokio-based TCP transport use noise for authenticated
     // encryption and Mplex for multiplexing of substreams on a TCP stream.
     let transport = TokioTcpTransport::new(GenTcpConfig::default().nodelay(true))
         .upgrade(upgrade::Version::V1)
-        .authenticate(noise::NoiseConfig::xx(noise_keys).into_authenticated())
+        .authenticate(
+            noise::NoiseAuthenticated::xx(&id_keys)
+                .expect("Signing libp2p-noise static DH keypair failed."),
+        )
         .multiplex(mplex::MplexConfig::new())
         .boxed();
 

examples/ipfs-private.rs

@@ -57,10 +57,7 @@ pub fn build_transport(
     key_pair: identity::Keypair,
     psk: Option<PreSharedKey>,
 ) -> transport::Boxed<(PeerId, StreamMuxerBox)> {
-    let noise_keys = noise::Keypair::<noise::X25519Spec>::new()
+    let noise_config = noise::NoiseAuthenticated::xx(&key_pair).unwrap();
-        .into_authentic(&key_pair)
-        .unwrap();
-    let noise_config = noise::NoiseConfig::xx(noise_keys).into_authenticated();
     let yamux_config = YamuxConfig::default();
 
     let base_transport = TcpTransport::new(GenTcpConfig::default().nodelay(true));

protocols/dcutr/examples/client.rs

@@ -89,10 +89,6 @@ fn main() -> Result<(), Box<dyn Error>> {
 
     let (relay_transport, client) = Client::new_transport_and_behaviour(local_peer_id);
 
-    let noise_keys = noise::Keypair::<noise::X25519Spec>::new()
-        .into_authentic(&local_key)
-        .expect("Signing libp2p-noise static DH keypair failed.");
-
     let transport = OrTransport::new(
         relay_transport,
         block_on(DnsConfig::system(TcpTransport::new(
@@ -101,7 +97,10 @@ fn main() -> Result<(), Box<dyn Error>> {
         .unwrap(),
     )
     .upgrade(upgrade::Version::V1)
-    .authenticate(noise::NoiseConfig::xx(noise_keys).into_authenticated())
+    .authenticate(
+        noise::NoiseAuthenticated::xx(&local_key)
+            .expect("Signing libp2p-noise static DH keypair failed."),
+    )
     .multiplex(libp2p_yamux::YamuxConfig::default())
     .boxed();
 

protocols/gossipsub/src/lib.rs

@@ -97,10 +97,9 @@
 //!
 //! // Set up an encrypted TCP Transport over the Mplex
 //! // This is test transport (memory).
-//! let noise_keys = libp2p_noise::Keypair::<libp2p_noise::X25519Spec>::new().into_authentic(&local_key).unwrap();
 //! let transport = MemoryTransport::default()
 //!            .upgrade(libp2p_core::upgrade::Version::V1)
-//!            .authenticate(libp2p_noise::NoiseConfig::xx(noise_keys).into_authenticated())
+//!            .authenticate(libp2p_noise::NoiseAuthenticated::xx(&local_key).unwrap())
 //!            .multiplex(libp2p_mplex::MplexConfig::new())
 //!            .boxed();
 //!

protocols/kad/src/behaviour/test.rs

@@ -56,12 +56,9 @@ fn build_node() -> (Multiaddr, TestSwarm) {
 fn build_node_with_config(cfg: KademliaConfig) -> (Multiaddr, TestSwarm) {
     let local_key = identity::Keypair::generate_ed25519();
     let local_public_key = local_key.public();
-    let noise_keys = noise::Keypair::<noise::X25519>::new()
-        .into_authentic(&local_key)
-        .unwrap();
     let transport = MemoryTransport::default()
         .upgrade(upgrade::Version::V1)
-        .authenticate(noise::NoiseConfig::xx(noise_keys).into_authenticated())
+        .authenticate(noise::NoiseAuthenticated::xx(&local_key).unwrap())
         .multiplex(yamux::YamuxConfig::default())
         .boxed();
 

protocols/ping/tests/ping.rs

@@ -243,14 +243,11 @@ fn unsupported_doesnt_fail() {
 fn mk_transport(muxer: MuxerChoice) -> (PeerId, transport::Boxed<(PeerId, StreamMuxerBox)>) {
     let id_keys = identity::Keypair::generate_ed25519();
     let peer_id = id_keys.public().to_peer_id();
-    let noise_keys = noise::Keypair::<noise::X25519Spec>::new()
-        .into_authentic(&id_keys)
-        .unwrap();
     (
         peer_id,
         TcpTransport::new(GenTcpConfig::default().nodelay(true))
             .upgrade(upgrade::Version::V1)
-            .authenticate(noise::NoiseConfig::xx(noise_keys).into_authenticated())
+            .authenticate(noise::NoiseAuthenticated::xx(&id_keys).unwrap())
             .multiplex(match muxer {
                 MuxerChoice::Yamux => upgrade::EitherUpgrade::A(yamux::YamuxConfig::default()),
                 MuxerChoice::Mplex => upgrade::EitherUpgrade::B(mplex::MplexConfig::default()),

protocols/relay/examples/relay_v2.rs

@@ -48,13 +48,12 @@ fn main() -> Result<(), Box<dyn Error>> {
 
     let tcp_transport = TcpTransport::default();
 
-    let noise_keys = noise::Keypair::<noise::X25519Spec>::new()
-        .into_authentic(&local_key)
-        .expect("Signing libp2p-noise static DH keypair failed.");
-
     let transport = tcp_transport
         .upgrade(upgrade::Version::V1)
-        .authenticate(noise::NoiseConfig::xx(noise_keys).into_authenticated())
+        .authenticate(
+            noise::NoiseAuthenticated::xx(&local_key)
+                .expect("Signing libp2p-noise static DH keypair failed."),
+        )
         .multiplex(libp2p_yamux::YamuxConfig::default())
         .boxed();
 

protocols/rendezvous/tests/harness.rs

@@ -27,7 +27,7 @@ use libp2p::core::transport::MemoryTransport;
 use libp2p::core::upgrade::SelectUpgrade;
 use libp2p::core::{identity, Multiaddr, PeerId, Transport};
 use libp2p::mplex::MplexConfig;
-use libp2p::noise::{Keypair, NoiseConfig, X25519Spec};
+use libp2p::noise::NoiseAuthenticated;
 use libp2p::swarm::{AddressScore, NetworkBehaviour, Swarm, SwarmBuilder, SwarmEvent};
 use libp2p::yamux::YamuxConfig;
 use std::fmt::Debug;
@@ -43,14 +43,9 @@ where
     let identity = identity::Keypair::generate_ed25519();
     let peer_id = PeerId::from(identity.public());
 
-    let dh_keys = Keypair::<X25519Spec>::new()
-        .into_authentic(&identity)
-        .expect("failed to create dh_keys");
-    let noise = NoiseConfig::xx(dh_keys).into_authenticated();
-
     let transport = MemoryTransport::default()
         .upgrade(Version::V1)
-        .authenticate(noise)
+        .authenticate(NoiseAuthenticated::xx(&identity).unwrap())
         .multiplex(SelectUpgrade::new(
             YamuxConfig::default(),
             MplexConfig::new(),

protocols/request-response/tests/ping.rs

@@ -29,7 +29,7 @@ use libp2p_core::{
     upgrade::{self, read_length_prefixed, write_length_prefixed},
     Multiaddr, PeerId,
 };
-use libp2p_noise::{Keypair, NoiseConfig, X25519Spec};
+use libp2p_noise::NoiseAuthenticated;
 use libp2p_request_response::*;
 use libp2p_swarm::{Swarm, SwarmEvent};
 use libp2p_tcp::{GenTcpConfig, TcpTransport};
@@ -295,14 +295,12 @@ fn emits_inbound_connection_closed_if_channel_is_dropped() {
 fn mk_transport() -> (PeerId, transport::Boxed<(PeerId, StreamMuxerBox)>) {
     let id_keys = identity::Keypair::generate_ed25519();
     let peer_id = id_keys.public().to_peer_id();
-    let noise_keys = Keypair::<X25519Spec>::new()
+
-        .into_authentic(&id_keys)
-        .unwrap();
     (
         peer_id,
         TcpTransport::new(GenTcpConfig::default().nodelay(true))
             .upgrade(upgrade::Version::V1)
-            .authenticate(NoiseConfig::xx(noise_keys).into_authenticated())
+            .authenticate(NoiseAuthenticated::xx(&id_keys).unwrap())
             .multiplex(libp2p_yamux::YamuxConfig::default())
             .boxed(),
     )

src/lib.rs

@@ -217,13 +217,9 @@ pub async fn development_transport(
         dns_tcp.or_transport(ws_dns_tcp)
     };
 
-    let noise_keys = noise::Keypair::<noise::X25519Spec>::new()
-        .into_authentic(&keypair)
-        .expect("Signing libp2p-noise static DH keypair failed.");
-
     Ok(transport
         .upgrade(core::upgrade::Version::V1)
-        .authenticate(noise::NoiseConfig::xx(noise_keys).into_authenticated())
+        .authenticate(noise::NoiseAuthenticated::xx(&keypair).unwrap())
         .multiplex(core::upgrade::SelectUpgrade::new(
             yamux::YamuxConfig::default(),
             mplex::MplexConfig::default(),
@@ -277,13 +273,9 @@ pub fn tokio_development_transport(
         dns_tcp.or_transport(ws_dns_tcp)
     };
 
-    let noise_keys = noise::Keypair::<noise::X25519Spec>::new()
-        .into_authentic(&keypair)
-        .expect("Signing libp2p-noise static DH keypair failed.");
-
     Ok(transport
         .upgrade(core::upgrade::Version::V1)
-        .authenticate(noise::NoiseConfig::xx(noise_keys).into_authenticated())
+        .authenticate(noise::NoiseAuthenticated::xx(&keypair).unwrap())
         .multiplex(core::upgrade::SelectUpgrade::new(
             yamux::YamuxConfig::default(),
             mplex::MplexConfig::default(),

transports/noise/CHANGELOG.md

@@ -1,3 +1,10 @@
+# 0.39.1 [unreleased]
+
+- Introduce `NoiseAuthenticated::xx` constructor, assuming a X25519 DH key exchange. An XX key exchange and X25519 keys
+  are the most common way of using noise in libp2p and thus deserve a convenience constructor. See [PR 2887].
+
+[PR 2887]: https://github.com/libp2p/rust-libp2p/pull/2887
+
 # 0.39.0
 
 - Update to `libp2p-core` `v0.36.0`.

transports/noise/Cargo.toml

@@ -3,7 +3,7 @@ name = "libp2p-noise"
 edition = "2021"
 rust-version = "1.56.1"
 description = "Cryptographic handshake protocol using the noise framework."
-version = "0.39.0"
+version = "0.39.1"
 authors = ["Parity Technologies <admin@parity.io>"]
 license = "MIT"
 repository = "https://github.com/libp2p/rust-libp2p"

transports/noise/src/lib.rs

@@ -41,12 +41,11 @@
 //! ```
 //! use libp2p_core::{identity, Transport, upgrade};
 //! use libp2p_tcp::TcpTransport;
-//! use libp2p_noise::{Keypair, X25519Spec, NoiseConfig};
+//! use libp2p_noise::{Keypair, X25519Spec, NoiseAuthenticated};
 //!
 //! # fn main() {
 //! let id_keys = identity::Keypair::generate_ed25519();
-//! let dh_keys = Keypair::<X25519Spec>::new().into_authentic(&id_keys).unwrap();
+//! let noise = NoiseAuthenticated::xx(&id_keys).unwrap();
-//! let noise = NoiseConfig::xx(dh_keys).into_authenticated();
 //! let builder = TcpTransport::default().upgrade(upgrade::Version::V1).authenticate(noise);
 //! // let transport = builder.multiplex(...);
 //! # }
@@ -357,6 +356,19 @@ pub struct NoiseAuthenticated<P, C: Zeroize, R> {
     config: NoiseConfig<P, C, R>,
 }
 
+impl NoiseAuthenticated<XX, X25519, ()> {
+    /// Create a new [`NoiseAuthenticated`] for the `XX` handshake pattern using X25519 DH keys.
+    ///
+    /// For now, this is the only combination that is guaranteed to be compatible with other libp2p implementations.
+    pub fn xx(id_keys: &identity::Keypair) -> Result<Self, NoiseError> {
+        let dh_keys = Keypair::<X25519>::new();
+        let noise_keys = dh_keys.into_authentic(id_keys)?;
+        let config = NoiseConfig::xx(noise_keys);
+
+        Ok(config.into_authenticated())
+    }
+}
+
 impl<P, C: Zeroize, R> UpgradeInfo for NoiseAuthenticated<P, C, R>
 where
     NoiseConfig<P, C, R>: UpgradeInfo,

transports/noise/tests/smoke.rs

@@ -27,7 +27,8 @@ use libp2p_core::identity;
 use libp2p_core::transport::{self, Transport};
 use libp2p_core::upgrade::{self, apply_inbound, apply_outbound, Negotiated};
 use libp2p_noise::{
-    Keypair, NoiseConfig, NoiseError, NoiseOutput, RemoteIdentity, X25519Spec, X25519,
+    Keypair, NoiseAuthenticated, NoiseConfig, NoiseError, NoiseOutput, RemoteIdentity, X25519Spec,
+    X25519,
 };
 use libp2p_tcp::TcpTransport;
 use log::info;
@@ -39,8 +40,7 @@ fn core_upgrade_compat() {
     // Tests API compaibility with the libp2p-core upgrade API,
     // i.e. if it compiles, the "test" is considered a success.
     let id_keys = identity::Keypair::generate_ed25519();
-    let dh_keys = Keypair::<X25519>::new().into_authentic(&id_keys).unwrap();
+    let noise = NoiseAuthenticated::xx(&id_keys).unwrap();
-    let noise = NoiseConfig::xx(dh_keys).into_authenticated();
     let _ = TcpTransport::default()
         .upgrade(upgrade::Version::V1)
         .authenticate(noise);