2019-09-05 00:28:53 +08:00
|
|
|
from typing import Optional
|
|
|
|
|
2019-10-17 15:19:39 +08:00
|
|
|
from libp2p.crypto.exceptions import MissingDeserializerError
|
2019-09-05 00:28:53 +08:00
|
|
|
from libp2p.crypto.keys import PrivateKey, PublicKey
|
2019-08-21 13:59:42 +08:00
|
|
|
from libp2p.crypto.pb import crypto_pb2
|
2019-09-25 00:31:35 +08:00
|
|
|
from libp2p.crypto.serialization import deserialize_public_key
|
2019-09-05 00:28:53 +08:00
|
|
|
from libp2p.io.abc import ReadWriteCloser
|
2019-09-16 19:16:41 +08:00
|
|
|
from libp2p.network.connection.exceptions import RawConnError
|
2019-08-08 14:24:54 +08:00
|
|
|
from libp2p.network.connection.raw_connection_interface import IRawConnection
|
|
|
|
from libp2p.peer.id import ID
|
2019-08-03 07:50:44 +08:00
|
|
|
from libp2p.security.base_session import BaseSession
|
|
|
|
from libp2p.security.base_transport import BaseSecureTransport
|
2019-09-16 19:16:41 +08:00
|
|
|
from libp2p.security.exceptions import HandshakeFailure
|
2019-08-03 13:36:19 +08:00
|
|
|
from libp2p.security.secure_conn_interface import ISecureConn
|
2019-08-20 11:02:21 +08:00
|
|
|
from libp2p.typing import TProtocol
|
2019-08-17 21:41:17 +08:00
|
|
|
from libp2p.utils import encode_fixedint_prefixed, read_fixedint_prefixed
|
2019-08-20 11:02:21 +08:00
|
|
|
|
2019-08-17 01:38:50 +08:00
|
|
|
from .pb import plaintext_pb2
|
|
|
|
|
|
|
|
# Reference: https://github.com/libp2p/go-libp2p-core/blob/master/sec/insecure/insecure.go
|
|
|
|
|
|
|
|
|
|
|
|
PLAINTEXT_PROTOCOL_ID = TProtocol("/plaintext/2.0.0")
|
2019-08-01 19:12:11 +08:00
|
|
|
|
2019-04-30 15:09:05 +08:00
|
|
|
|
2019-08-03 07:50:44 +08:00
|
|
|
class InsecureSession(BaseSession):
|
2019-09-05 00:28:53 +08:00
|
|
|
def __init__(
|
|
|
|
self,
|
|
|
|
local_peer: ID,
|
|
|
|
local_private_key: PrivateKey,
|
|
|
|
conn: ReadWriteCloser,
|
2019-10-25 01:18:29 +08:00
|
|
|
is_initiator: bool,
|
2019-09-05 00:28:53 +08:00
|
|
|
peer_id: Optional[ID] = None,
|
|
|
|
) -> None:
|
2019-10-25 01:18:29 +08:00
|
|
|
super().__init__(local_peer, local_private_key, is_initiator, peer_id)
|
2019-09-05 00:28:53 +08:00
|
|
|
self.conn = conn
|
|
|
|
|
|
|
|
async def write(self, data: bytes) -> int:
|
|
|
|
await self.conn.write(data)
|
|
|
|
return len(data)
|
|
|
|
|
|
|
|
async def read(self, n: int = -1) -> bytes:
|
|
|
|
return await self.conn.read(n)
|
|
|
|
|
|
|
|
async def close(self) -> None:
|
|
|
|
await self.conn.close()
|
|
|
|
|
2019-08-21 23:04:59 +08:00
|
|
|
async def run_handshake(self) -> None:
|
2019-09-19 22:19:36 +08:00
|
|
|
"""
|
|
|
|
Raise `HandshakeFailure` when handshake failed
|
|
|
|
"""
|
2019-08-17 01:38:50 +08:00
|
|
|
msg = make_exchange_message(self.local_private_key.get_public_key())
|
2019-08-17 21:41:17 +08:00
|
|
|
msg_bytes = msg.SerializeToString()
|
|
|
|
encoded_msg_bytes = encode_fixedint_prefixed(msg_bytes)
|
2019-09-16 19:16:41 +08:00
|
|
|
try:
|
|
|
|
await self.write(encoded_msg_bytes)
|
|
|
|
except RawConnError:
|
|
|
|
raise HandshakeFailure("connection closed")
|
2019-08-17 01:38:50 +08:00
|
|
|
|
2019-09-16 19:16:41 +08:00
|
|
|
try:
|
|
|
|
remote_msg_bytes = await read_fixedint_prefixed(self.conn)
|
|
|
|
except RawConnError:
|
|
|
|
raise HandshakeFailure("connection closed")
|
2019-08-20 23:54:33 +08:00
|
|
|
remote_msg = plaintext_pb2.Exchange()
|
|
|
|
remote_msg.ParseFromString(remote_msg_bytes)
|
2019-08-21 23:56:04 +08:00
|
|
|
received_peer_id = ID(remote_msg.id)
|
|
|
|
|
|
|
|
# Verify if the receive `ID` matches the one we originally initialize the session.
|
|
|
|
# We only need to check it when we are the initiator, because only in that condition
|
|
|
|
# we possibly knows the `ID` of the remote.
|
2019-10-25 01:18:29 +08:00
|
|
|
if self.is_initiator and self.remote_peer_id != received_peer_id:
|
2019-08-21 23:56:04 +08:00
|
|
|
raise HandshakeFailure(
|
|
|
|
"remote peer sent unexpected peer ID. "
|
|
|
|
f"expected={self.remote_peer_id} received={received_peer_id}"
|
|
|
|
)
|
2019-08-17 21:41:17 +08:00
|
|
|
|
2019-08-20 23:54:33 +08:00
|
|
|
# Verify if the given `pubkey` matches the given `peer_id`
|
|
|
|
try:
|
2019-09-25 00:31:35 +08:00
|
|
|
received_pubkey = deserialize_public_key(
|
|
|
|
remote_msg.pubkey.SerializeToString()
|
|
|
|
)
|
2019-08-21 15:12:35 +08:00
|
|
|
except ValueError:
|
|
|
|
raise HandshakeFailure(
|
|
|
|
f"unknown `key_type` of remote_msg.pubkey={remote_msg.pubkey}"
|
|
|
|
)
|
2019-10-17 15:19:39 +08:00
|
|
|
except MissingDeserializerError as error:
|
|
|
|
raise HandshakeFailure(error)
|
2019-08-21 23:56:04 +08:00
|
|
|
peer_id_from_received_pubkey = ID.from_pubkey(received_pubkey)
|
|
|
|
if peer_id_from_received_pubkey != received_peer_id:
|
2019-08-21 15:12:35 +08:00
|
|
|
raise HandshakeFailure(
|
2019-08-20 23:54:33 +08:00
|
|
|
"peer id and pubkey from the remote mismatch: "
|
2019-08-21 23:56:04 +08:00
|
|
|
f"received_peer_id={received_peer_id}, remote_pubkey={received_pubkey}, "
|
|
|
|
f"peer_id_from_received_pubkey={peer_id_from_received_pubkey}"
|
2019-08-20 23:54:33 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
# Nothing is wrong. Store the `pubkey` and `peer_id` in the session.
|
2019-08-21 23:56:04 +08:00
|
|
|
self.remote_permanent_pubkey = received_pubkey
|
|
|
|
# Only need to set peer's id when we don't know it before,
|
|
|
|
# i.e. we are not the connection initiator.
|
2019-10-25 01:18:29 +08:00
|
|
|
if not self.is_initiator:
|
2019-08-21 23:56:04 +08:00
|
|
|
self.remote_peer_id = received_peer_id
|
2019-08-20 23:54:33 +08:00
|
|
|
|
|
|
|
# TODO: Store `pubkey` and `peer_id` to `PeerStore`
|
2019-08-03 07:50:44 +08:00
|
|
|
|
|
|
|
|
|
|
|
class InsecureTransport(BaseSecureTransport):
|
2019-08-03 03:07:35 +08:00
|
|
|
"""
|
|
|
|
``InsecureTransport`` provides the "identity" upgrader for a ``IRawConnection``,
|
|
|
|
i.e. the upgraded transport does not add any additional security.
|
|
|
|
"""
|
|
|
|
|
2019-08-08 14:22:06 +08:00
|
|
|
async def secure_inbound(self, conn: IRawConnection) -> ISecureConn:
|
2019-04-30 15:09:05 +08:00
|
|
|
"""
|
|
|
|
Secure the connection, either locally or by communicating with opposing node via conn,
|
|
|
|
for an inbound connection (i.e. we are not the initiator)
|
|
|
|
:return: secure connection object (that implements secure_conn_interface)
|
|
|
|
"""
|
2019-09-09 03:37:41 +08:00
|
|
|
session = InsecureSession(self.local_peer, self.local_private_key, conn, False)
|
2019-08-17 01:38:50 +08:00
|
|
|
await session.run_handshake()
|
|
|
|
return session
|
2019-04-30 15:09:05 +08:00
|
|
|
|
2019-08-08 14:22:06 +08:00
|
|
|
async def secure_outbound(self, conn: IRawConnection, peer_id: ID) -> ISecureConn:
|
2019-04-30 15:09:05 +08:00
|
|
|
"""
|
|
|
|
Secure the connection, either locally or by communicating with opposing node via conn,
|
|
|
|
for an inbound connection (i.e. we are the initiator)
|
|
|
|
:return: secure connection object (that implements secure_conn_interface)
|
|
|
|
"""
|
2019-08-24 05:49:59 +08:00
|
|
|
session = InsecureSession(
|
2019-09-09 03:37:41 +08:00
|
|
|
self.local_peer, self.local_private_key, conn, True, peer_id
|
2019-08-24 05:49:59 +08:00
|
|
|
)
|
2019-08-17 01:38:50 +08:00
|
|
|
await session.run_handshake()
|
|
|
|
return session
|
|
|
|
|
|
|
|
|
|
|
|
def make_exchange_message(pubkey: PublicKey) -> plaintext_pb2.Exchange:
|
2019-08-21 13:59:42 +08:00
|
|
|
pubkey_pb = crypto_pb2.PublicKey(
|
|
|
|
key_type=pubkey.get_type().value, data=pubkey.to_bytes()
|
|
|
|
)
|
2019-08-17 01:38:50 +08:00
|
|
|
id_bytes = ID.from_pubkey(pubkey).to_bytes()
|
|
|
|
return plaintext_pb2.Exchange(id=id_bytes, pubkey=pubkey_pb)
|