SECIO (#41)

* Fix public key part in echo server example
* Remove unused Plaintext session class
* Rename Plaintext header guards
* Fix illegal comparison in crypto provider impl
* Implement SECIO
* Switch Kademlia to boost::optional instead of std
* Add -insecure option to echo server
* Add MessageReadWriterBigEndian
* Add SECIO cases to host_integration_test
* Add SECIO marshallers tests

Possible Drawbacks

Not possible to perform cross-implementation testing by now (go implementation of libp2p got updated much so c++ implementation needs to be changed too).

P521 curve-based algorithm could be faulty - needs to be tested when cross-implementation testing gets possible.

User's callback could be called twice in case of error inside secureInbound and secureOutbound methods - this could be easily fixed if we count this as an issue.

Signed-off-by: Igor Egorov <[email protected]>

Author: Igor Egorov

.gitignore

@@ -31,7 +31,7 @@ include/generated/*
 peers.list
 cmake-build*
 
-cmake-build*
+deps
 .gtm
 /.gtm/
 

example/01-echo/README.md

@@ -1,7 +1,31 @@
 # Example Libp2p Echo
+
 ## General description
 
-This example shows you how to create a simple Echo client and server in cpp-libp2p. There are three ways to launch this example: C++ to C++, C++ Client to Go Server and C++ Server to Go Client. The last two examples can be used to test a compatibility between the implementations and should be moved to some separate repository to produce automatic tests.
+This example shows you how to create a simple Echo client and server in cpp-libp2p. 
+There are three ways to launch this example: C++ to C++, C++ Client to Go Server and C++ Server to Go Client. 
+The last two examples can be used to test a compatibility between the implementations and should be moved to some separate repository to produce automatic tests.
+
+
+## C++ Server and Client
+
+Currently, `libp2p_echo_server` can operate in two modes - via Plaintext or SECIO security protocols.
+By default, it is launched in SECIO secured mode.
+To run it with Plaintext exclusive mode just add `-insecure` command-line argument.
+
+```bash
+libp2p_echo_server -insecure
+```
+
+The client application does **not** have such an option and supports both types of connection at any time.
+Which security type is going to be used is defined by the server's working mode and its preferences.
+
+## Golang Implementation Compatibility Note
+
+The `libp2p_client.go` which is an echo server source from `go-libp2p-examples` can be built only when `go.mod` file is present.
+The current version of the `go.mod` is outdated, and only Plaintext security could be cross-tested.
+To update the `go.mod` file there are changes required in c++ implementation of libp2p.
+Those changes are the subject of ongoin work.
 
 ## C++ to C++
 
@@ -23,6 +47,6 @@ This example shows you how to create a simple Echo client and server in cpp-libp
 
 1. Build C++ target `libp2p_echo_server`
 2. Build a Go example via `go build libp2p_client.go`
-3. Execute `../../cmake-build-debug/example/01-echo/libp2p_echo_server`. It will start a C++ server.
+3. Execute `../../cmake-build-debug/example/01-echo/libp2p_echo_server -insecure`. It will start a C++ server.
 4. Execute `./libp2p_client -insecure -l 40011 -d /ip4/127.0.0.1/tcp/40010/ipfs/12D3KooWLs7RC93EGXZzn9YdKyZYYx3f9UjTLYNX1reThpCkFb83`
 5. Watch how message is exchanged

example/01-echo/go.mod

@@ -0,0 +1,25 @@
+module github.com/libp2p/go-libp2p-examples
+
+require (
+	github.com/gogo/protobuf v1.3.1
+	github.com/google/uuid v1.1.1
+	github.com/ipfs/go-datastore v0.3.1
+	github.com/ipfs/go-log v0.0.1
+	github.com/libp2p/go-libp2p v0.5.0
+	github.com/libp2p/go-libp2p-autonat-svc v0.1.0
+	github.com/libp2p/go-libp2p-circuit v0.1.4
+	github.com/libp2p/go-libp2p-connmgr v0.2.1
+	github.com/libp2p/go-libp2p-core v0.3.0
+	github.com/libp2p/go-libp2p-discovery v0.2.0
+	github.com/libp2p/go-libp2p-kad-dht v0.4.1
+	github.com/libp2p/go-libp2p-quic-transport v0.2.2
+	github.com/libp2p/go-libp2p-routing v0.1.0
+	github.com/libp2p/go-libp2p-secio v0.2.1
+	github.com/libp2p/go-libp2p-swarm v0.2.2
+	github.com/libp2p/go-libp2p-tls v0.1.2
+	github.com/multiformats/go-multiaddr v0.2.0
+	github.com/multiformats/go-multiaddr-net v0.1.1
+	github.com/whyrusleeping/go-logging v0.0.1
+)
+
+go 1.13

example/01-echo/libp2p_echo_client.cpp

@@ -63,7 +63,7 @@ int main(int argc, char *argv[]) {
 
     auto peer_info = libp2p::peer::PeerInfo{server_peer_id, {server_ma}};
 
-    // create Host object an open a stream through it
+    // create Host object and open a stream through it
     host->newStream(
         peer_info, echo.getProtocolId(), [&echo](auto &&stream_res) {
           if (!stream_res) {

example/01-echo/libp2p_echo_server.cpp

@@ -6,45 +6,88 @@
 #include <chrono>
 #include <iostream>
 #include <memory>
+#include <string>
 
+#include <gsl/multi_span>
 #include <libp2p/common/literals.hpp>
 #include <libp2p/host/basic_host.hpp>
 #include <libp2p/injector/host_injector.hpp>
 #include <libp2p/protocol/echo.hpp>
+#include <libp2p/security/plaintext.hpp>
+#include <libp2p/security/secio.hpp>
 
-int main() {
+bool isInsecure(int argc, char **argv) {
+  if (2 == argc) {
+    const std::string insecure{"-insecure"};
+    auto args = gsl::multi_span<char *>(argv, argc);
+    if (insecure == args[1]) {
+      return true;
+    }
+  }
+  return false;
+}
+
+struct ServerContext {
+  std::shared_ptr<libp2p::Host> host;
+  std::shared_ptr<boost::asio::io_context> io_context;
+};
+
+ServerContext initSecureServer(const libp2p::crypto::KeyPair &keypair) {
+  auto injector = libp2p::injector::makeHostInjector(
+      libp2p::injector::useKeyPair(keypair),
+      libp2p::injector::useSecurityAdaptors<libp2p::security::Secio>());
+  auto host = injector.create<std::shared_ptr<libp2p::Host>>();
+  auto context = injector.create<std::shared_ptr<boost::asio::io_context>>();
+  return {.host = host, .io_context = context};
+}
+
+ServerContext initInsecureServer(const libp2p::crypto::KeyPair &keypair) {
+  auto injector = libp2p::injector::makeHostInjector(
+      libp2p::injector::useKeyPair(keypair),
+      libp2p::injector::useSecurityAdaptors<libp2p::security::Plaintext>());
+  auto host = injector.create<std::shared_ptr<libp2p::Host>>();
+  auto context = injector.create<std::shared_ptr<boost::asio::io_context>>();
+  return {.host = host, .io_context = context};
+}
+
+int main(int argc, char **argv) {
   using libp2p::crypto::Key;
   using libp2p::crypto::KeyPair;
   using libp2p::crypto::PrivateKey;
   using libp2p::crypto::PublicKey;
   using libp2p::common::operator""_unhex;
 
-  // this keypair generates a PeerId
-  // "12D3KooWLs7RC93EGXZzn9YdKyZYYx3f9UjTLYNX1reThpCkFb83"
+  // resulting PeerId should be
+  // 12D3KooWEgUjBV5FJAuBSoNMRYFRHjV7PjZwRQ7b43EKX9g7D6xV
   KeyPair keypair{PublicKey{{Key::Type::Ed25519,
-                             "a4249ea6d62bdd8bccf62257ac4899ff284796"
-                             "3228b388fda288db5d64e517e0"_unhex}},
+                             "48453469c62f4885373099421a7365520b5ffb"
+                             "0d93726c124166be4b81d852e6"_unhex}},
                   PrivateKey{{Key::Type::Ed25519,
                               "4a9361c525840f7086b893d584ebbe475b4ec"
                               "7069951d2e897e8bceb0a3f35ce"_unhex}}};
 
+  bool insecure_mode{isInsecure(argc, argv)};
+  if (insecure_mode) {
+    std::cout << "Starting in insecure mode" << std::endl;
+  } else {
+    std::cout << "Starting in secure mode" << std::endl;
+  }
+
   // create a default Host via an injector, overriding a random-generated
   // keypair with ours
-  auto injector =
-      libp2p::injector::makeHostInjector(libp2p::injector::useKeyPair(keypair));
-  auto host = injector.create<std::shared_ptr<libp2p::Host>>();
+  ServerContext server =
+      insecure_mode ? initInsecureServer(keypair) : initSecureServer(keypair);
 
   // set a handler for Echo protocol
   libp2p::protocol::Echo echo{libp2p::protocol::EchoConfig{1}};
-  host->setProtocolHandler(
+  server.host->setProtocolHandler(
       echo.getProtocolId(),
       [&echo](std::shared_ptr<libp2p::connection::Stream> received_stream) {
         echo.handle(std::move(received_stream));
       });
 
   // launch a Listener part of the Host
-  auto context = injector.create<std::shared_ptr<boost::asio::io_context>>();
-  context->post([host{std::move(host)}] {
+  server.io_context->post([host{std::move(server.host)}] {
     auto ma =
         libp2p::multi::Multiaddress::create("/ip4/127.0.0.1/tcp/40010").value();
     auto listen_res = host->listen(ma);
@@ -56,9 +99,18 @@ int main() {
 
     host->start();
     std::cout << "Server started\nListening on: " << ma.getStringAddress()
-              << "\nPeer id: " << host->getPeerInfo().id.toBase58() << "\n";
+              << "\nPeer id: " << host->getPeerInfo().id.toBase58()
+              << std::endl;
+    std::cout << "Connection string: " << ma.getStringAddress() << "/ipfs/"
+              << host->getPeerInfo().id.toBase58() << std::endl;
   });
 
   // run the IO context
-  context->run();
+  try {
+    server.io_context->run();
+  } catch (const boost::system::error_code &ec) {
+    std::cout << "Server cannot run: " << ec.message() << std::endl;
+  } catch (...) {
+    std::cout << "Unknown error happened" << std::endl;
+  }
 }

example/02-kad/factory.cpp

@@ -10,6 +10,7 @@
 #include <libp2p/crypto/crypto_provider/crypto_provider_impl.hpp>
 #include <libp2p/crypto/ecdsa_provider/ecdsa_provider_impl.hpp>
 #include <libp2p/crypto/ed25519_provider/ed25519_provider_impl.hpp>
+#include <libp2p/crypto/hmac_provider/hmac_provider_impl.hpp>
 #include <libp2p/crypto/key_marshaller/key_marshaller_impl.hpp>
 #include <libp2p/crypto/key_validator/key_validator_impl.hpp>
 #include <libp2p/crypto/random_generator/boost_generator.hpp>
@@ -84,10 +85,12 @@ namespace libp2p::protocol::kademlia::example {
           std::make_shared<crypto::ecdsa::EcdsaProviderImpl>();
       auto secp256k1_provider =
           std::make_shared<crypto::secp256k1::Secp256k1ProviderImpl>();
+      auto hmac_provider = std::make_shared<crypto::hmac::HmacProviderImpl>();
+
       std::shared_ptr<crypto::CryptoProvider> crypto_provider =
           std::make_shared<crypto::CryptoProviderImpl>(
               csprng, ed25519_provider, rsa_provider, ecdsa_provider,
-              secp256k1_provider);
+              secp256k1_provider, hmac_provider);
       auto validator = std::make_shared<crypto::validator::KeyValidatorImpl>(
           crypto_provider);
 

include/libp2p/basic/message_read_writer.hpp

@@ -15,36 +15,31 @@
 
 namespace libp2p::basic {
   /**
-   * Allows to read and write messages, which are prepended with a varint -
-   * standard, for example, for Protobuf messages in Libp2p
+   * An interface for message read writers for messages prepended with its
+   * length that is somehow encoded.
    */
-  class MessageReadWriter
-      : public std::enable_shared_from_this<MessageReadWriter> {
+  class MessageReadWriter {
    public:
     using ReadCallback = outcome::result<std::shared_ptr<std::vector<uint8_t>>>;
     using ReadCallbackFunc = std::function<void(ReadCallback)>;
 
-    /**
-     * Create an instance of MessageReadWriter
-     * @param conn, from which to read/write messages
-     */
-    explicit MessageReadWriter(std::shared_ptr<ReadWriter> conn);
+    virtual ~MessageReadWriter() = default;
 
     /**
-     * Read a message, which is prepended with a varint
-     * @param cb, which is called, when the message is read or error happens
+     * Reads a message that is prepended with its length
+     * @param cb is called when read gets done. Read bytes or an error will be
+     * passed as an argument in case of success
      */
-    void read(ReadCallbackFunc cb);
+    virtual void read(ReadCallbackFunc cb) = 0;
 
     /**
-     * Write a message; varint with its length will be prepended to it
-     * @param buffer - the message to be written
-     * @param cb, which is called, when the message is read or error happens
+     * Writes a message and preprends its length
+     * @param buffer - bytes to be written
+     * @param cb is called when the message is written or an error happened.
+     * Quantity of bytes written is passed as an argument in case of success
      */
-    void write(gsl::span<const uint8_t> buffer, Writer::WriteCallbackFunc cb);
-
-   private:
-    std::shared_ptr<ReadWriter> conn_;
+    virtual void write(gsl::span<const uint8_t> buffer,
+                       Writer::WriteCallbackFunc cb) = 0;
   };
 }  // namespace libp2p::basic
 

include/libp2p/basic/message_read_writer_bigendian.hpp

@@ -0,0 +1,55 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef LIBP2P_MESSAGE_READ_WRITER_BIGENDIAN_HPP
+#define LIBP2P_MESSAGE_READ_WRITER_BIGENDIAN_HPP
+
+#include <memory>
+#include <vector>
+
+#include <gsl/span>
+#include <libp2p/basic/message_read_writer.hpp>
+#include <libp2p/basic/readwriter.hpp>
+#include <libp2p/outcome/outcome.hpp>
+
+namespace libp2p::basic {
+  /**
+   * Allows to read and write messages, which are prepended with a message
+   * length as 32-byte number passed in network byte order (Big Endian). For
+   * example, this is used in SECIO security protocol.
+   */
+  class MessageReadWriterBigEndian
+      : public MessageReadWriter,
+        public std::enable_shared_from_this<MessageReadWriterBigEndian> {
+   public:
+    static constexpr auto kLenMarkerSize = sizeof(uint32_t);
+
+    /**
+     * Create an instance of MessageReadWriter
+     * @param conn, from which to read/write messages
+     */
+    explicit MessageReadWriterBigEndian(std::shared_ptr<ReadWriter> conn);
+
+    /**
+     * Read a message, which is prepended with a 32-byte Big Endian lenght
+     * @param cb, which is called, when the message is read or error happens
+     */
+    void read(ReadCallbackFunc cb) override;
+
+    /**
+     * Write a message; 32-byte Big Endian number with its length will be
+     * prepended to it
+     * @param buffer - the message to be written
+     * @param cb, which is called, when the message is read or error happens
+     */
+    void write(gsl::span<const uint8_t> buffer,
+               Writer::WriteCallbackFunc cb) override;
+
+   private:
+    std::shared_ptr<ReadWriter> conn_;
+  };
+}  // namespace libp2p::basic
+
+#endif  // LIBP2P_MESSAGE_READ_WRITER_BIGENDIAN_HPP

include/libp2p/basic/message_read_writer_uvarint.hpp

@@ -0,0 +1,51 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef LIBP2P_MESSAGE_READ_WRITER_UVARINT_HPP
+#define LIBP2P_MESSAGE_READ_WRITER_UVARINT_HPP
+
+#include <memory>
+#include <vector>
+
+#include <gsl/span>
+#include <libp2p/basic/message_read_writer.hpp>
+#include <libp2p/basic/readwriter.hpp>
+#include <libp2p/outcome/outcome.hpp>
+
+namespace libp2p::basic {
+  /**
+   * Allows to read and write messages, which are prepended with a uvarint -
+   * standard, for example, for Protobuf messages in Libp2p
+   */
+  class MessageReadWriterUvarint
+      : public MessageReadWriter,
+        public std::enable_shared_from_this<MessageReadWriterUvarint> {
+   public:
+    /**
+     * Create an instance of MessageReadWriter
+     * @param conn, from which to read/write messages
+     */
+    explicit MessageReadWriterUvarint(std::shared_ptr<ReadWriter> conn);
+
+    /**
+     * Read a message, which is prepended with a uvarint
+     * @param cb, which is called, when the message is read or error happens
+     */
+    void read(ReadCallbackFunc cb) override;
+
+    /**
+     * Write a message; uvarint with its length will be prepended to it
+     * @param buffer - the message to be written
+     * @param cb, which is called, when the message is read or error happens
+     */
+    void write(gsl::span<const uint8_t> buffer,
+               Writer::WriteCallbackFunc cb) override;
+
+   private:
+    std::shared_ptr<ReadWriter> conn_;
+  };
+}  // namespace libp2p::basic
+
+#endif  // LIBP2P_MESSAGE_READ_WRITER_UVARINT_HPP