Feature/tls (#89)

art-gor · web-flow · commit 6f0e310069fc · 2020-09-24T00:01:12.000+03:00
* tls transport

* build-related tiny fix

* removed unused file
diff --git a/example/01-echo/libp2p_echo_client.cpp b/example/01-echo/libp2p_echo_client.cpp
@@ -8,6 +8,7 @@
 #include <memory>
 
 #include <libp2p/common/literals.hpp>
+#include <libp2p/common/logger.hpp>
 #include <libp2p/host/basic_host.hpp>
 #include <libp2p/injector/host_injector.hpp>
 #include <libp2p/protocol/echo.hpp>
@@ -19,6 +20,12 @@ int main(int argc, char *argv[]) {
   using libp2p::crypto::PublicKey;
   using libp2p::common::operator""_unhex;
 
+  if (std::getenv("TRACE_DEBUG") != nullptr) {
+    spdlog::set_level(spdlog::level::trace);
+  } else {
+    spdlog::set_level(spdlog::level::err);
+  }
+
   if (argc != 2) {
     std::cerr << "please, provide an address of the server\n";
     std::exit(EXIT_FAILURE);
diff --git a/example/01-echo/libp2p_echo_server.cpp b/example/01-echo/libp2p_echo_server.cpp
@@ -3,7 +3,6 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-#include <chrono>
 #include <iostream>
 #include <memory>
 #include <string>
diff --git a/example/03-gossip/utility.cpp b/example/03-gossip/utility.cpp
@@ -63,6 +63,11 @@ namespace libp2p::protocol::example::utility {
     debug_logger->set_level(spdlog_level);
     logger->set_level(spdlog_level);
 
+    if (spdlog_level == spdlog::level::trace) {
+      // for all loggers
+      spdlog::set_level(spdlog_level);
+    }
+
     return logger;
   }
 
diff --git a/include/libp2p/injector/network_injector.hpp b/include/libp2p/injector/network_injector.hpp
@@ -34,6 +34,7 @@
 #include <libp2p/security/secio.hpp>
 #include <libp2p/security/secio/exchange_message_marshaller_impl.hpp>
 #include <libp2p/security/secio/propose_message_marshaller_impl.hpp>
+#include <libp2p/security/tls.hpp>
 #include <libp2p/transport/impl/upgrader_impl.hpp>
 #include <libp2p/transport/tcp.hpp>
 
@@ -281,7 +282,7 @@ namespace libp2p::injector {
         di::bind<protocol_muxer::ProtocolMuxer>().template to<protocol_muxer::Multiselect>(),
 
         // default adaptors
-        di::bind<security::SecurityAdaptor *[]>().template to<security::Plaintext, security::Secio>(),  // NOLINT
+        di::bind<security::SecurityAdaptor *[]>().template to<security::Plaintext, security::Secio, security::TlsAdaptor>(),  // NOLINT
         di::bind<muxer::MuxerAdaptor *[]>().template to<muxer::Yamux, muxer::Mplex>(),  // NOLINT
         di::bind<transport::TransportAdaptor *[]>().template to<transport::TcpTransport>(),  // NOLINT
 
diff --git a/include/libp2p/security/tls.hpp b/include/libp2p/security/tls.hpp
@@ -0,0 +1,11 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef LIBP2P_SECURITY_TLS_HPP
+#define LIBP2P_SECURITY_TLS_HPP
+
+#include <libp2p/security/tls/tls_adaptor.hpp>
+
+#endif  // LIBP2P_SECURITY_TLS_HPP
diff --git a/include/libp2p/security/tls/tls_adaptor.hpp b/include/libp2p/security/tls/tls_adaptor.hpp
@@ -0,0 +1,66 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef LIBP2P_SECURITY_TLS_ADAPTOR_HPP
+#define LIBP2P_SECURITY_TLS_ADAPTOR_HPP
+
+#include <boost/asio/io_context.hpp>
+#include <boost/asio/ssl.hpp>
+
+#include <libp2p/crypto/key_marshaller.hpp>
+#include <libp2p/peer/identity_manager.hpp>
+#include <libp2p/security/security_adaptor.hpp>
+#include <libp2p/security/tls/tls_errors.hpp>
+
+namespace libp2p::security {
+
+  /// TLS 1.3 security adaptor
+  class TlsAdaptor : public SecurityAdaptor,
+                     public std::enable_shared_from_this<TlsAdaptor> {
+   public:
+    /// Dtor.
+    ~TlsAdaptor() override = default;
+
+    /// Ctor.
+    TlsAdaptor(
+        std::shared_ptr<peer::IdentityManager> idmgr,
+        std::shared_ptr<boost::asio::io_context> io_context,
+        std::shared_ptr<crypto::marshaller::KeyMarshaller> key_marshaller);
+
+    /// Returns "/tls/1.0.0"
+    peer::Protocol getProtocolId() const override;
+
+    /// Performs async handshake for inbound connection
+    void secureInbound(std::shared_ptr<connection::RawConnection> inbound,
+                       SecConnCallbackFunc cb) override;
+
+    /// Performs async handshake for outbound connection
+    void secureOutbound(std::shared_ptr<connection::RawConnection> outbound,
+                        const peer::PeerId &p, SecConnCallbackFunc cb) override;
+
+   private:
+    /// Creates shared SSL context, generates certificate and private key
+    outcome::result<void> setupContext();
+
+    /// Creates TLSConnection and starts handshake
+    void asyncHandshake(std::shared_ptr<connection::RawConnection> conn,
+                         boost::optional<peer::PeerId> remote_peer,
+                         SecConnCallbackFunc cb);
+
+    /// Identity manager which contains this host's keys and peer id
+    std::shared_ptr<peer::IdentityManager> idmgr_;
+
+    /// IO context, used to defer callback on error
+    std::shared_ptr<boost::asio::io_context> io_context_;
+
+    /// Key marshaller, needed for custom cert extension
+    std::shared_ptr<crypto::marshaller::KeyMarshaller> key_marshaller_;
+
+    /// Shared ssl context
+    std::shared_ptr<boost::asio::ssl::context> ssl_context_;
+  };
+}  // namespace libp2p::security
+
+#endif  // LIBP2P_SECURITY_TLS_ADAPTOR_HPP
diff --git a/include/libp2p/security/tls/tls_errors.hpp b/include/libp2p/security/tls/tls_errors.hpp
@@ -0,0 +1,27 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef LIBP2P_SECURITY_TLS_ERRORS_HPP
+#define LIBP2P_SECURITY_TLS_ERRORS_HPP
+
+#include <libp2p/outcome/outcome.hpp>
+
+namespace libp2p::security {
+
+  enum class TlsError : int {
+    TLS_CTX_INIT_FAILED = 1,
+    TLS_INCOMPATIBLE_TRANSPORT,
+    TLS_NO_CERTIFICATE,
+    TLS_INCOMPATIBLE_CERTIFICATE_EXTENSION,
+    TLS_PEER_VERIFY_FAILED,
+    TLS_UNEXPECTED_PEER_ID,
+    TLS_REMOTE_PEER_NOT_AVAILABLE,
+    TLS_REMOTE_PUBKEY_NOT_AVAILABLE,
+  };
+}  // namespace libp2p::security
+
+OUTCOME_HPP_DECLARE_ERROR(libp2p::security, TlsError);
+
+#endif  // LIBP2P_SECURITY_TLS_ERRORS_HPP
diff --git a/include/libp2p/transport/tcp/tcp_connection.hpp b/include/libp2p/transport/tcp/tcp_connection.hpp
@@ -13,6 +13,8 @@
 #include <libp2p/connection/raw_connection.hpp>
 #include <libp2p/multi/multiaddress.hpp>
 
+namespace libp2p::security { class TlsAdaptor; }
+
 namespace libp2p::transport {
 
   /**
@@ -97,6 +99,8 @@ namespace libp2p::transport {
 
     boost::system::error_code handle_errcode(
         const boost::system::error_code &e) noexcept;
+
+    friend class security::TlsAdaptor;
   };
 }  // namespace libp2p::transport
 
diff --git a/src/network/CMakeLists.txt b/src/network/CMakeLists.txt
@@ -15,6 +15,7 @@ target_link_libraries(p2p_default_network
     p2p_mplex
     p2p_plaintext
     p2p_secio
+    p2p_tls
     p2p_connection_manager
     p2p_transport_manager
     p2p_listener_manager
diff --git a/src/network/impl/CMakeLists.txt b/src/network/impl/CMakeLists.txt
@@ -20,6 +20,7 @@ target_link_libraries(p2p_listener_manager
     Boost::boost
     p2p_multiaddress
     p2p_peer_id
+    p2p_logger
     )
 
 
diff --git a/src/network/impl/listener_manager_impl.cpp b/src/network/impl/listener_manager_impl.cpp
@@ -5,8 +5,17 @@
 
 #include <libp2p/network/impl/listener_manager_impl.hpp>
 
+#include <libp2p/common/logger.hpp>
+
 namespace libp2p::network {
 
+  namespace {
+    spdlog::logger &log() {
+      static common::Logger logger = common::createLogger("listener_mgr");
+      return *logger;
+    }
+  }  // namespace
+
   ListenerManagerImpl::ListenerManagerImpl(
       std::shared_ptr<protocol_muxer::ProtocolMuxer> multiselect,
       std::shared_ptr<network::Router> router,
@@ -167,16 +176,15 @@ namespace libp2p::network {
   void ListenerManagerImpl::onConnection(
       outcome::result<std::shared_ptr<connection::CapableConnection>> rconn) {
     if (!rconn) {
-      // can not accept valid connection
-      // TODO(Warchant): log error
+      log().warn("can not accept valid connection, {}",
+                 rconn.error().message());
       return;  // ignore
     }
     auto &&conn = rconn.value();
 
     auto rid = conn->remotePeer();
     if (!rid) {
-      // can not get remote peer id
-      // TODO(Warchant): log error
+      log().warn("can not get remote peer id, {}", rid.error().message());
       return;  // ignore
     }
     auto &&id = rid.value();
@@ -185,8 +193,7 @@ namespace libp2p::network {
     conn->onStream(
         [this](outcome::result<std::shared_ptr<connection::Stream>> rstream) {
           if (!rstream) {
-            // can not accept a stream
-            // TODO(Warchant): log error
+            log().warn("can not accept stream, {}", rstream.error().message());
             return;  // ignore
           }
           auto &&stream = rstream.value();
@@ -197,16 +204,16 @@ namespace libp2p::network {
               false /* not initiator */,
               [this, stream](outcome::result<peer::Protocol> rproto) {
                 if (!rproto) {
-                  // can not negotiate protocols
-                  // TODO(Warchant): log error
+                  log().warn("can not negotiate protocols, {}",
+                             rproto.error().message());
                   return;  // ignore
                 }
                 auto &&proto = rproto.value();
 
                 auto rhandle = this->router_->handle(proto, stream);
                 if (!rhandle) {
-                  // no handler found
-                  // TODO(Warchant): log
+                  log().warn("no protocol handler found, {}",
+                             rhandle.error().message());
                   return;  // this is not an error
                 }
               });
diff --git a/src/protocol_muxer/multiselect/multiselect.cpp b/src/protocol_muxer/multiselect/multiselect.cpp
@@ -169,6 +169,9 @@ namespace libp2p::protocol_muxer {
     // if we receive na message, send next protocol we consider; if none is
     // left, negotiation failed
     auto protos = connection_state->left_protocols;
+
+    TRACE("Multiselect::handleNaMsg trying {}", fmt::join(*protos, ", "));
+
     protos->erase(protos->begin());
     if (protos->empty()) {
       return negotiationRoundFailed(connection_state,
diff --git a/src/security/CMakeLists.txt b/src/security/CMakeLists.txt
@@ -5,6 +5,7 @@
 
 add_subdirectory(plaintext)
 add_subdirectory(secio)
+add_subdirectory(tls)
 
 libp2p_add_library(p2p_security_error
     error.cpp
diff --git a/src/security/tls/CMakeLists.txt b/src/security/tls/CMakeLists.txt
@@ -0,0 +1,16 @@
+#
+# Copyright Soramitsu Co., Ltd. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+
+libp2p_add_library(p2p_tls
+    tls_adaptor.cpp
+    tls_connection.cpp
+    tls_details.cpp
+    )
+target_link_libraries(p2p_tls
+    Boost::boost
+    p2p_crypto_error
+    p2p_logger
+    p2p_security_error
+    )
diff --git a/src/security/tls/tls_adaptor.cpp b/src/security/tls/tls_adaptor.cpp
diff --git a/src/security/tls/tls_connection.cpp b/src/security/tls/tls_connection.cpp
diff --git a/src/security/tls/tls_connection.hpp b/src/security/tls/tls_connection.hpp
diff --git a/src/security/tls/tls_details.cpp b/src/security/tls/tls_details.cpp
diff --git a/src/security/tls/tls_details.hpp b/src/security/tls/tls_details.hpp
diff --git a/test/acceptance/p2p/CMakeLists.txt b/test/acceptance/p2p/CMakeLists.txt
diff --git a/test/acceptance/p2p/protocol_streams_regression.cpp b/test/acceptance/p2p/protocol_streams_regression.cpp

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ target_link_libraries(p2p_listener_manager`
`20`	`20`	`Boost::boost`
`21`	`21`	`p2p_multiaddress`
`22`	`22`	`p2p_peer_id`
	`23`	`+ p2p_logger`
`23`	`24`	`)`
`24`	`25`
`25`	`26`