update insecure transport to plaintext/2.0.0 (#37)

* add plaintext/2.0.0 (with ugly protoc hack) * gofmt * gofmt (for real this time) * add `go_package` option to proto files * Revert "add `go_package` option to proto files" 5a543a79bd89d75c9697f852638b8fe56da862f4 * less hacky protobuf imports * add doc comment for PublicKeyFromProto * clean up handshake * go fmt, lol * use network.MessageSizeMax for ggio reader
libp2p · Jul 12, 2019 · 4ff4dbe · 4ff4dbe
1 parent 8483b62
commit 4ff4dbe
Show file tree

Hide file tree

Showing 6 changed files with 739 additions and 28 deletions.
diff --git a/core/crypto/key.go b/core/crypto/key.go
@@ -276,29 +276,46 @@ func UnmarshalPublicKey(data []byte) (PubKey, error) {
 	if err != nil {
 		return nil, err
 	}
+	return PublicKeyFromProto(*pmes)
+}
 
-	um, ok := PubKeyUnmarshallers[pmes.GetType()]
+// PublicKeyFromProto converts an unserialized protobuf PublicKey message
+// into its representative object. To convert a serialized public key,
+// see UnmarshalPublicKey.
+func PublicKeyFromProto(keyMessage pb.PublicKey) (PubKey, error) {
+	um, ok := PubKeyUnmarshallers[keyMessage.GetType()]
 	if !ok {
 		return nil, ErrBadKeyType
 	}
 
-	return um(pmes.GetData())
+	return um(keyMessage.GetData())
 }
 
 // MarshalPublicKey converts a public key object into a protobuf serialized
 // public key
 func MarshalPublicKey(k PubKey) ([]byte, error) {
-	pbmes := new(pb.PublicKey)
-	pbmes.Type = k.Type()
-	data, err := k.Raw()
+	pbmes, err := PublicKeyToProto(k)
 	if err != nil {
 		return nil, err
 	}
-	pbmes.Data = data
 
 	return proto.Marshal(pbmes)
 }
 
+// PublicKeyToProto converts a public key object into an unserialized protobuf
+// PublicKey message.
+func PublicKeyToProto(k PubKey) (*pb.PublicKey, error) {
+	data, err := k.Raw()
+	if err != nil {
+		return nil, err
+	}
+
+	pbmes := new(pb.PublicKey)
+	pbmes.Type = k.Type()
+	pbmes.Data = data
+	return pbmes, nil
+}
+
 // UnmarshalPrivateKey converts a protobuf serialized private key into its
 // representative object
 func UnmarshalPrivateKey(data []byte) (PrivKey, error) {

diff --git a/core/sec/insecure/insecure.go b/core/sec/insecure/insecure.go
@@ -5,64 +5,172 @@ package insecure
 
 import (
 	"context"
+	"fmt"
+	"github.com/libp2p/go-libp2p-core/network"
 	"net"
 
 	"github.com/libp2p/go-libp2p-core/peer"
 	"github.com/libp2p/go-libp2p-core/sec"
 
+	ggio "github.com/gogo/protobuf/io"
 	ci "github.com/libp2p/go-libp2p-core/crypto"
+	pb "github.com/libp2p/go-libp2p-core/sec/insecure/pb"
 )
 
 // ID is the multistream-select protocol ID that should be used when identifying
 // this security transport.
-const ID = "/plaintext/1.0.0"
+const ID = "/plaintext/2.0.0"
 
 // Transport is a no-op stream security transport. It provides no
-// security and simply mocks the security and identity methods to
-// return peer IDs known ahead of time.
+// security and simply mocks the security methods. Identity methods
+// return the local peer's ID and private key, and whatever the remote
+// peer presents as their ID and public key.
+// No authentication of the remote identity is performed.
 type Transport struct {
-	id peer.ID
+	id  peer.ID
+	key ci.PrivKey
 }
 
 // New constructs a new insecure transport.
-func New(id peer.ID) *Transport {
+func New(id peer.ID, key ci.PrivKey) *Transport {
 	return &Transport{
-		id: id,
+		id:  id,
+		key: key,
 	}
 }
 
-// LocalPeer returns the transports local peer ID.
+// LocalPeer returns the transport's local peer ID.
 func (t *Transport) LocalPeer() peer.ID {
 	return t.id
 }
 
-// LocalPrivateKey returns nil. This transport is not secure.
+// LocalPrivateKey returns the local private key.
+// This key is used only for identity generation and provides no security.
 func (t *Transport) LocalPrivateKey() ci.PrivKey {
-	return nil
+	return t.key
 }
 
 // SecureInbound *pretends to secure* an outbound connection to the given peer.
+// It sends the local peer's ID and public key, and receives the same from the remote peer.
+// No validation is performed as to the authenticity or ownership of the provided public key,
+// and the key exchange provides no security.
+//
+// SecureInbound may fail if the remote peer sends an ID and public key that are inconsistent
+// with each other, or if a network error occurs during the ID exchange.
 func (t *Transport) SecureInbound(ctx context.Context, insecure net.Conn) (sec.SecureConn, error) {
-	return &Conn{
-		Conn:  insecure,
-		local: t.id,
-	}, nil
+	conn := &Conn{
+		Conn:         insecure,
+		local:        t.id,
+		localPrivKey: t.key,
+	}
+
+	err := conn.runHandshakeSync(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	return conn, nil
 }
 
 // SecureOutbound *pretends to secure* an outbound connection to the given peer.
+// It sends the local peer's ID and public key, and receives the same from the remote peer.
+// No validation is performed as to the authenticity or ownership of the provided public key,
+// and the key exchange provides no security.
+//
+// SecureOutbound may fail if the remote peer sends an ID and public key that are inconsistent
+// with each other, or if the ID sent by the remote peer does not match the one dialed. It may
+// also fail if a network error occurs during the ID exchange.
 func (t *Transport) SecureOutbound(ctx context.Context, insecure net.Conn, p peer.ID) (sec.SecureConn, error) {
-	return &Conn{
-		Conn:   insecure,
-		local:  t.id,
-		remote: p,
-	}, nil
+	conn := &Conn{
+		Conn:         insecure,
+		local:        t.id,
+		localPrivKey: t.key,
+	}
+
+	err := conn.runHandshakeSync(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	if p != conn.remote {
+		return nil, fmt.Errorf("remote peer sent unexpected peer ID. expected=%s received=%s",
+			p, conn.remote)
+	}
+
+	return conn, nil
 }
 
 // Conn is the connection type returned by the insecure transport.
 type Conn struct {
 	net.Conn
+
 	local  peer.ID
 	remote peer.ID
+
+	localPrivKey ci.PrivKey
+	remotePubKey ci.PubKey
+}
+
+func makeExchangeMessage(privkey ci.PrivKey) (*pb.Exchange, error) {
+	pubkey, err := ci.PublicKeyToProto(privkey.GetPublic())
+	if err != nil {
+		return nil, err
+	}
+	id, err := peer.IDFromPrivateKey(privkey)
+	if err != nil {
+		return nil, err
+	}
+
+	return &pb.Exchange{
+		Id:     []byte(id),
+		Pubkey: pubkey,
+	}, nil
+}
+
+func (ic *Conn) runHandshakeSync(ctx context.Context) error {
+	reader := ggio.NewDelimitedReader(ic.Conn, network.MessageSizeMax)
+	writer := ggio.NewDelimitedWriter(ic.Conn)
+
+	// Generate an Exchange message
+	msg, err := makeExchangeMessage(ic.localPrivKey)
+	if err != nil {
+		return err
+	}
+
+	// Send our Exchange and read theirs
+	err = writer.WriteMsg(msg)
+	if err != nil {
+		return err
+	}
+
+	remoteMsg := new(pb.Exchange)
+	err = reader.ReadMsg(remoteMsg)
+	if err != nil {
+		return err
+	}
+
+	// Pull remote ID and public key from message
+	remotePubkey, err := ci.PublicKeyFromProto(*remoteMsg.Pubkey)
+	if err != nil {
+		return err
+	}
+
+	remoteID, err := peer.IDFromPublicKey(remotePubkey)
+	if err != nil {
+		return err
+	}
+
+	// Validate that ID matches public key
+	if !remoteID.MatchesPublicKey(remotePubkey) {
+		calculatedID, _ := peer.IDFromPublicKey(remotePubkey)
+		return fmt.Errorf("remote peer id does not match public key. id=%s calculated_id=%s",
+			remoteID, calculatedID)
+	}
+
+	// Add remote ID and key to conn state
+	ic.remotePubKey = remotePubkey
+	ic.remote = remoteID
+	return nil
 }
 
 // LocalPeer returns the local peer ID.
@@ -76,14 +184,15 @@ func (ic *Conn) RemotePeer() peer.ID {
 	return ic.remote
 }
 
-// RemotePublicKey returns nil. This connection is not secure
+// RemotePublicKey returns whatever public key was given by the remote peer.
+// Note that no verification of ownership is done, as this connection is not secure.
 func (ic *Conn) RemotePublicKey() ci.PubKey {
-	return nil
+	return ic.remotePubKey
 }
 
-// LocalPrivateKey returns nil. This connection is not secure.
+// LocalPrivateKey returns the private key for the local peer.
 func (ic *Conn) LocalPrivateKey() ci.PrivKey {
-	return nil
+	return ic.localPrivKey
 }
 
 var _ sec.SecureTransport = (*Transport)(nil)