Skip to content

Commit

Permalink
core: remove LocalPrivateKey method from network.Conn interface (#2144)
Browse files Browse the repository at this point in the history
* core: remove LocalPrivateKey method from network.Conn interface

* add Changelog entry
  • Loading branch information
marten-seemann authored Mar 5, 2023
1 parent 75efaee commit 3fe6278
Show file tree
Hide file tree
Showing 16 changed files with 35 additions and 86 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@

# [v0.27.0](https://github.com/libp2p/go-libp2p/releases/tag/v0.27.0) (unreleased)

### Breaking Changes

* The `LocalPrivateKey` method was removed from the `network.Conn` interface.

# [v0.26.1](https://github.com/libp2p/go-libp2p/releases/tag/v0.26.1)

This patch release fixes two bugs:
Expand Down
3 changes: 0 additions & 3 deletions core/network/conn.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,6 @@ type ConnSecurity interface {
// LocalPeer returns our peer ID
LocalPeer() peer.ID

// LocalPrivateKey returns our private key
LocalPrivateKey() ic.PrivKey

// RemotePeer returns the peer ID of the remote peer.
RemotePeer() peer.ID

Expand Down
56 changes: 18 additions & 38 deletions core/sec/insecure/insecure.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,7 @@ type Transport struct {

var _ sec.SecureTransport = &Transport{}

// NewWithIdentity constructs a new insecure transport. The provided private key
// is stored and returned from LocalPrivateKey to satisfy the
// SecureTransport interface, and the public key is sent to
// NewWithIdentity constructs a new insecure transport. The public key is sent to
// remote peers. No security is provided.
func NewWithIdentity(protocolID protocol.ID, id peer.ID, key ci.PrivKey) *Transport {
return &Transport{
Expand All @@ -57,32 +55,25 @@ func (t *Transport) LocalPeer() peer.ID {
return t.id
}

// LocalPrivateKey returns the local private key.
// This key is used only for identity generation and provides no security.
func (t *Transport) LocalPrivateKey() ci.PrivKey {
return t.key
}

// SecureInbound *pretends to secure* an inbound connection to the given peer.
// It sends the local peer's ID and public key, and receives the same from the remote peer.
// No validation is performed as to the authenticity or ownership of the provided public key,
// and the key exchange provides no security.
//
// SecureInbound may fail if the remote peer sends an ID and public key that are inconsistent
// with each other, or if a network error occurs during the ID exchange.
func (t *Transport) SecureInbound(ctx context.Context, insecure net.Conn, p peer.ID) (sec.SecureConn, error) {
func (t *Transport) SecureInbound(_ context.Context, insecure net.Conn, p peer.ID) (sec.SecureConn, error) {
conn := &Conn{
Conn: insecure,
local: t.id,
localPrivKey: t.key,
Conn: insecure,
local: t.id,
localPubKey: t.key.GetPublic(),
}

err := conn.runHandshakeSync()
if err != nil {
if err := conn.runHandshakeSync(); err != nil {
return nil, err
}

if t.key != nil && p != "" && p != conn.remote {
if p != "" && p != conn.remote {
return nil, fmt.Errorf("remote peer sent unexpected peer ID. expected=%s received=%s", p, conn.remote)
}

Expand All @@ -97,39 +88,33 @@ func (t *Transport) SecureInbound(ctx context.Context, insecure net.Conn, p peer
// SecureOutbound may fail if the remote peer sends an ID and public key that are inconsistent
// with each other, or if the ID sent by the remote peer does not match the one dialed. It may
// also fail if a network error occurs during the ID exchange.
func (t *Transport) SecureOutbound(ctx context.Context, insecure net.Conn, p peer.ID) (sec.SecureConn, error) {
func (t *Transport) SecureOutbound(_ context.Context, insecure net.Conn, p peer.ID) (sec.SecureConn, error) {
conn := &Conn{
Conn: insecure,
local: t.id,
localPrivKey: t.key,
Conn: insecure,
local: t.id,
localPubKey: t.key.GetPublic(),
}

err := conn.runHandshakeSync()
if err != nil {
if err := conn.runHandshakeSync(); err != nil {
return nil, err
}

if t.key != nil && p != conn.remote {
if p != conn.remote {
return nil, fmt.Errorf("remote peer sent unexpected peer ID. expected=%s received=%s",
p, conn.remote)
}

return conn, nil
}

func (t *Transport) ID() protocol.ID {
return t.protocolID
}
func (t *Transport) ID() protocol.ID { return t.protocolID }

// Conn is the connection type returned by the insecure transport.
type Conn struct {
net.Conn

local peer.ID
remote peer.ID

localPrivKey ci.PrivKey
remotePubKey ci.PubKey
local, remote peer.ID
localPubKey, remotePubKey ci.PubKey
}

func makeExchangeMessage(pubkey ci.PubKey) (*pb.Exchange, error) {
Expand All @@ -150,12 +135,12 @@ func makeExchangeMessage(pubkey ci.PubKey) (*pb.Exchange, error) {

func (ic *Conn) runHandshakeSync() error {
// If we were initialized without keys, behave as in plaintext/1.0.0 (do nothing)
if ic.localPrivKey == nil {
if ic.localPubKey == nil {
return nil
}

// Generate an Exchange message
msg, err := makeExchangeMessage(ic.localPrivKey.GetPublic())
msg, err := makeExchangeMessage(ic.localPubKey)
if err != nil {
return err
}
Expand Down Expand Up @@ -239,11 +224,6 @@ func (ic *Conn) RemotePublicKey() ci.PubKey {
return ic.remotePubKey
}

// LocalPrivateKey returns the private key for the local peer.
func (ic *Conn) LocalPrivateKey() ci.PrivKey {
return ic.localPrivKey
}

// ConnState returns the security connection's state information.
func (ic *Conn) ConnState() network.ConnectionState {
return network.ConnectionState{}
Expand Down
7 changes: 4 additions & 3 deletions core/sec/insecure/insecure_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -103,16 +103,17 @@ func connect(t *testing.T, clientTpt, serverTpt *Transport, clientExpectsID, ser

// Check the peer IDs
func testIDs(t *testing.T, clientTpt, serverTpt *Transport, clientConn, serverConn sec.SecureConn) {
t.Helper()
require.Equal(t, clientConn.LocalPeer(), clientTpt.LocalPeer(), "Client Local Peer ID mismatch.")
require.Equal(t, clientConn.RemotePeer(), serverTpt.LocalPeer(), "Client Remote Peer ID mismatch.")
require.Equal(t, clientConn.LocalPeer(), serverConn.RemotePeer(), "Server Local Peer ID mismatch.")
}

// Check the keys
func testKeys(t *testing.T, clientTpt, serverTpt *Transport, clientConn, serverConn sec.SecureConn) {
sk := serverConn.LocalPrivateKey()
require.True(t, sk.Equals(serverTpt.LocalPrivateKey()), "private key mismatch")
require.True(t, sk.GetPublic().Equals(clientConn.RemotePublicKey()), "public key mismatch")
t.Helper()
require.True(t, clientConn.RemotePublicKey().Equals(serverTpt.key.GetPublic()), "client conn key mismatch")
require.True(t, serverConn.RemotePublicKey().Equals(clientTpt.key.GetPublic()), "server conn key mismatch")
}

// Check sending and receiving messages
Expand Down
1 change: 0 additions & 1 deletion p2p/net/connmgr/connmgr_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -796,7 +796,6 @@ type mockConn struct {

func (m mockConn) Close() error { panic("implement me") }
func (m mockConn) LocalPeer() peer.ID { panic("implement me") }
func (m mockConn) LocalPrivateKey() crypto.PrivKey { panic("implement me") }
func (m mockConn) RemotePeer() peer.ID { panic("implement me") }
func (m mockConn) RemotePublicKey() crypto.PubKey { panic("implement me") }
func (m mockConn) LocalMultiaddr() ma.Multiaddr { panic("implement me") }
Expand Down
5 changes: 0 additions & 5 deletions p2p/net/mock/mock_conn.go
Original file line number Diff line number Diff line change
Expand Up @@ -158,11 +158,6 @@ func (c *conn) LocalPeer() peer.ID {
return c.local
}

// LocalPrivateKey is the private key of the peer on our side.
func (c *conn) LocalPrivateKey() ic.PrivKey {
return c.localPrivKey
}

// RemoteMultiaddr is the Multiaddr on the remote side
func (c *conn) RemoteMultiaddr() ma.Multiaddr {
return c.remoteAddr
Expand Down
5 changes: 0 additions & 5 deletions p2p/net/swarm/swarm_conn.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,11 +168,6 @@ func (c *Conn) RemotePeer() peer.ID {
return c.conn.RemotePeer()
}

// LocalPrivateKey is the public key of the peer on this side
func (c *Conn) LocalPrivateKey() ic.PrivKey {
return c.conn.LocalPrivateKey()
}

// RemotePublicKey is the public key of the peer on the remote side
func (c *Conn) RemotePublicKey() ic.PubKey {
return c.conn.RemotePublicKey()
Expand Down
4 changes: 0 additions & 4 deletions p2p/security/noise/session.go
Original file line number Diff line number Diff line change
Expand Up @@ -95,10 +95,6 @@ func (s *secureSession) LocalPeer() peer.ID {
return s.localID
}

func (s *secureSession) LocalPrivateKey() crypto.PrivKey {
return s.localKey
}

func (s *secureSession) LocalPublicKey() crypto.PubKey {
return s.localKey.GetPublic()
}
Expand Down
15 changes: 8 additions & 7 deletions p2p/security/noise/transport_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -159,15 +159,16 @@ func TestKeys(t *testing.T) {
defer initConn.Close()
defer respConn.Close()

sk := respConn.LocalPrivateKey()
pk := sk.GetPublic()

if !sk.Equals(respTransport.privateKey) {
t.Error("Private key Mismatch.")
pk1 := respConn.RemotePublicKey()
pk2 := initTransport.privateKey.GetPublic()
if !pk1.Equals(pk2) {
t.Errorf("Public key mismatch. expected %x got %x", pk1, pk2)
}

if !pk.Equals(initConn.RemotePublicKey()) {
t.Errorf("Public key mismatch. expected %x got %x", pk, initConn.RemotePublicKey())
pk3 := initConn.RemotePublicKey()
pk4 := respTransport.privateKey.GetPublic()
if !pk3.Equals(pk4) {
t.Errorf("Public key mismatch. expected %x got %x", pk3, pk4)
}
}

Expand Down
8 changes: 1 addition & 7 deletions p2p/security/tls/conn.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,7 @@ import (
type conn struct {
*tls.Conn

localPeer peer.ID
privKey ci.PrivKey

localPeer peer.ID
remotePeer peer.ID
remotePubKey ci.PubKey
connectionState network.ConnectionState
Expand All @@ -26,10 +24,6 @@ func (c *conn) LocalPeer() peer.ID {
return c.localPeer
}

func (c *conn) LocalPrivateKey() ci.PrivKey {
return c.privKey
}

func (c *conn) RemotePeer() peer.ID {
return c.remotePeer
}
Expand Down
1 change: 0 additions & 1 deletion p2p/security/tls/transport.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,6 @@ func (t *Transport) setupConn(tlsConn *tls.Conn, remotePubKey ci.PubKey) (sec.Se
return &conn{
Conn: tlsConn,
localPeer: t.localPeer,
privKey: t.privKey,
remotePeer: remotePeerID,
remotePubKey: remotePubKey,
connectionState: network.ConnectionState{
Expand Down
4 changes: 0 additions & 4 deletions p2p/security/tls/transport_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -111,8 +111,6 @@ func TestHandshakeSucceeds(t *testing.T) {

require.Equal(t, clientConn.LocalPeer(), clientID)
require.Equal(t, serverConn.LocalPeer(), serverID)
require.True(t, clientConn.LocalPrivateKey().Equals(clientKey), "client private key mismatch")
require.True(t, serverConn.LocalPrivateKey().Equals(serverKey), "server private key mismatch")
require.Equal(t, clientConn.RemotePeer(), serverID)
require.Equal(t, serverConn.RemotePeer(), clientID)
require.True(t, clientConn.RemotePublicKey().Equals(serverKey.GetPublic()), "server public key mismatch")
Expand Down Expand Up @@ -249,8 +247,6 @@ func TestHandshakeWithNextProtoSucceeds(t *testing.T) {

require.Equal(t, clientConn.LocalPeer(), clientID)
require.Equal(t, serverConn.LocalPeer(), serverID)
require.True(t, clientConn.LocalPrivateKey().Equals(clientKey), "client private key mismatch")
require.True(t, serverConn.LocalPrivateKey().Equals(serverKey), "server private key mismatch")
require.Equal(t, clientConn.RemotePeer(), serverID)
require.Equal(t, serverConn.RemotePeer(), clientID)
require.True(t, clientConn.RemotePublicKey().Equals(serverKey.GetPublic()), "server public key mismatch")
Expand Down
4 changes: 0 additions & 4 deletions p2p/transport/quic/conn.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ type conn struct {
scope network.ConnManagementScope

localPeer peer.ID
privKey ic.PrivKey
localMultiaddr ma.Multiaddr

remotePeerID peer.ID
Expand Down Expand Up @@ -66,9 +65,6 @@ func (c *conn) AcceptStream() (network.MuxedStream, error) {
// LocalPeer returns our peer ID
func (c *conn) LocalPeer() peer.ID { return c.localPeer }

// LocalPrivateKey returns our private key
func (c *conn) LocalPrivateKey() ic.PrivKey { return c.privKey }

// RemotePeer returns the peer ID of the remote peer.
func (c *conn) RemotePeer() peer.ID { return c.remotePeerID }

Expand Down
2 changes: 0 additions & 2 deletions p2p/transport/quic/conn_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -103,12 +103,10 @@ func testHandshake(t *testing.T, tc *connTestCase) {
defer serverConn.Close()

require.Equal(t, conn.LocalPeer(), clientID)
require.True(t, conn.LocalPrivateKey().Equals(clientKey), "local private key doesn't match")
require.Equal(t, conn.RemotePeer(), serverID)
require.True(t, conn.RemotePublicKey().Equals(serverKey.GetPublic()), "remote public key doesn't match")

require.Equal(t, serverConn.LocalPeer(), serverID)
require.True(t, serverConn.LocalPrivateKey().Equals(serverKey), "local private key doesn't match")
require.Equal(t, serverConn.RemotePeer(), clientID)
require.True(t, serverConn.RemotePublicKey().Equals(clientKey.GetPublic()), "remote public key doesn't match")
}
Expand Down
1 change: 0 additions & 1 deletion p2p/transport/quic/listener.go
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,6 @@ func (l *listener) setupConnWithScope(qconn quic.Connection, connScope network.C
scope: connScope,
localPeer: l.localPeer,
localMultiaddr: localMultiaddr,
privKey: l.privKey,
remoteMultiaddr: remoteMultiaddr,
remotePeerID: remotePeerID,
remotePubKey: remotePubKey,
Expand Down
1 change: 0 additions & 1 deletion p2p/transport/quic/transport.go
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,6 @@ func (t *transport) dialWithScope(ctx context.Context, raddr ma.Multiaddr, p pee
quicConn: pconn,
transport: t,
scope: scope,
privKey: t.privKey,
localPeer: t.localPeer,
localMultiaddr: localMultiaddr,
remotePubKey: remotePubKey,
Expand Down

0 comments on commit 3fe6278

Please sign in to comment.