Merge pull request #1042 from openmina/feat/webrtc-sniffer

WebRTC sniffer

Author: vlad9486

Cargo.lock

@@ -31,6 +31,8 @@ members = [
     "tools/fuzzing",
     "tools/archive-breadcrumb-compare",
     "tools/heartbeats-processor",
+    "tools/webrtc-sniffer",
+
     "producer-dashboard",
 
     "fuzzer",
@@ -54,8 +56,8 @@ mina-curves = { git = "https://github.com/openmina/proof-systems", rev = "dec49a
 # UNCOMMENTED_IN_CI mina-curves = { git = "https://github.com/openmina/proof-systems", rev = "dec49a9", features = [ "32x9" ] }
 o1-utils = { git = "https://github.com/openmina/proof-systems", rev = "dec49a9" }
 kimchi = { git = "https://github.com/openmina/proof-systems", rev = "dec49a9" }
-mina-poseidon = {git = "https://github.com/openmina/proof-systems", rev = "dec49a9" }
-poly-commitment = {git = "https://github.com/openmina/proof-systems", rev = "dec49a9" }
+mina-poseidon = { git = "https://github.com/openmina/proof-systems", rev = "dec49a9" }
+poly-commitment = { git = "https://github.com/openmina/proof-systems", rev = "dec49a9" }
 
 libp2p = { git = "https://github.com/openmina/rust-libp2p", rev = "5c44c7d9", default-features = false }
 vrf = { path = "vrf" }
@@ -90,9 +92,9 @@ incremental = false
 codegen-units = 1
 
 [patch.crates-io]
-ark-ff = { git = "https://github.com/openmina/algebra", rev = "aea157a" } # branch: fix-openmina-webnode
-ark-ec = { git = "https://github.com/openmina/algebra", rev = "aea157a" } # branch: fix-openmina-webnode
-ark-poly = { git = "https://github.com/openmina/algebra", rev = "aea157a" } # branch: fix-openmina-webnode
+ark-ff = { git = "https://github.com/openmina/algebra", rev = "aea157a" }        # branch: fix-openmina-webnode
+ark-ec = { git = "https://github.com/openmina/algebra", rev = "aea157a" }        # branch: fix-openmina-webnode
+ark-poly = { git = "https://github.com/openmina/algebra", rev = "aea157a" }      # branch: fix-openmina-webnode
 ark-serialize = { git = "https://github.com/openmina/algebra", rev = "aea157a" } # branch: fix-openmina-webnode
 
 num-bigint = { git = "https://github.com/openmina/num-bigint", rev = "8bb5ee4" }     # branch: on-stack

Cargo.toml

@@ -171,6 +171,9 @@ pub struct Node {
     /// - OPENMINA_AWS_BUCKET_NAME
     #[arg(long, env)]
     pub archive_aws_storage: bool,
+
+    #[arg(long, env)]
+    pub rng_seed: Option<String>,
 }
 
 impl Node {
@@ -216,7 +219,27 @@ impl Node {
                 node::config::DEVNET_CONFIG.clone(),
             ),
         };
-        let mut node_builder: NodeBuilder = NodeBuilder::new(None, daemon_conf, genesis_conf);
+
+        let custom_rng_seed = match self.rng_seed {
+            None => None,
+            Some(v) => match hex::decode(v)
+                .map_err(anyhow::Error::from)
+                .and_then(|bytes| {
+                    <[u8; 32]>::try_from(bytes.as_slice()).map_err(anyhow::Error::from)
+                }) {
+                Ok(v) => Some(v),
+                Err(err) => {
+                    node::core::error!(
+                        node::core::log::system_time();
+                        summary = "bad rng seed",
+                        err = err.to_string(),
+                    );
+                    return Err(err);
+                }
+            },
+        };
+        let mut node_builder: NodeBuilder =
+            NodeBuilder::new(custom_rng_seed, daemon_conf, genesis_conf);
 
         // let genesis_config = match self.config {
         //     Some(config_path) => GenesisConfig::DaemonJsonFile(config_path).into(),

cli/src/commands/node/mod.rs

@@ -112,6 +112,7 @@ impl NodeServiceCommonBuilder {
         self.p2p = Some(<NodeService as P2pServiceWebrtcWithLibp2p>::init(
             secret_key.clone(),
             task_spawner,
+            self.rng_seed,
         ));
         self
     }

node/common/src/service/builder.rs

@@ -40,6 +40,8 @@ pub struct CommandScenariosGenerate {
     pub name: Option<String>,
     #[arg(long, short)]
     pub use_debugger: bool,
+    #[arg(long, short)]
+    pub webrtc: bool,
 }
 
 /// Run scenario located at `res/scenarios`.
@@ -83,6 +85,9 @@ impl Command {
                         if cmd.use_debugger {
                             config.use_debugger();
                         }
+                        if cmd.webrtc {
+                            config.set_all_rust_to_rust_use_webrtc();
+                        }
                         Ok(scenario.run_only_from_scratch(config))
                     };
                     let fut = async move {

node/testing/src/main.rs

@@ -131,7 +131,7 @@ impl Scenarios {
             Self::SimulationSmall(_) => true,
             Self::SimulationSmallForeverRealTime(_) => true,
             Self::MultiNodePubsubPropagateBlock(_) => true, // in progress
-            Self::P2pSignaling(_) => cfg!(feature = "p2p-webrtc"),
+            Self::P2pSignaling(_) => !cfg!(feature = "p2p-webrtc"),
             _ => false,
         }
     }

node/testing/src/scenarios/mod.rs

@@ -24,7 +24,7 @@ cfg-if = "1.0.0"
 url = "2.3.1"
 multihash = "0.18.1"
 sha2 = "0.10.6"
-ed25519-dalek = { version = "2.1.1", features = ["serde"] }
+ed25519-dalek = { version = "2.1.1", features = ["serde", "pem"] }
 x25519-dalek = { version = "2.0.1", features = ["static_secrets"] }
 aes-gcm = "0.10.3"
 faster-stun = { version = "1.0.1", optional = true }
@@ -80,10 +80,11 @@ p2p-testing = { path = "testing" }
 [target.'cfg(not(target_arch = "wasm32"))'.dependencies]
 redux = { workspace = true, features = ["serializable_callbacks"] }
 tokio = { version = "1.26", features = ["rt"] }
-webrtc = { git = "https://github.com/openmina/webrtc.git", rev = "e8705db39af1b198b324a5db6ff57fb213ba75e9", optional = true }
+webrtc = { git = "https://github.com/openmina/webrtc.git", rev = "aeaa62682b97f6984627bedd6e6811fe17af18eb", optional = true }
 datachannel = { git = "https://github.com/openmina/datachannel-rs.git", rev = "1bfb064d0ff3e54a93ae0288409902aab8d102d3", optional = true, features = [
     "vendored",
 ] }
+rcgen = { version = "0.13", features = ["pem", "x509-parser"], optional = true }
 reqwest = { version = "0.11", features = ["json"] }
 mio = { version = "0.8.11", features = ["os-poll", "net"] }
 libc = { version = "0.2.151" }
@@ -119,7 +120,7 @@ getrandom = { version = "0.2", features = ["js"] }
 [features]
 serializable_callbacks = []
 p2p-webrtc = ["p2p-webrtc-rs"]
-p2p-webrtc-rs = ["webrtc"]
+p2p-webrtc-rs = ["webrtc", "rcgen"]
 p2p-webrtc-cpp = ["datachannel"]
 p2p-libp2p = ["fuzzing", "dep:reqwest", "dep:faster-stun"]
 fuzzing = ["openmina-fuzzer", "openmina-core/fuzzing"]

p2p/Cargo.toml

@@ -1,10 +1,13 @@
 use std::{fmt, path::Path, str::FromStr};
 
 use base64::Engine;
-use ed25519_dalek::{ed25519::signature::SignerMut, SigningKey as Ed25519SecretKey};
+use ed25519_dalek::{
+    ed25519::signature::SignerMut, pkcs8::EncodePrivateKey as _, SigningKey as Ed25519SecretKey,
+};
 use openmina_core::{EncryptedSecretKey, EncryptedSecretKeyFile, EncryptionError};
 use rand::{CryptoRng, Rng};
 use serde::{Deserialize, Serialize};
+use zeroize::Zeroizing;
 
 use super::{PublicKey, Signature};
 
@@ -53,6 +56,12 @@ impl SecretKey {
         self.0.to_scalar_bytes().into()
     }
 
+    pub fn to_pem(&self) -> Zeroizing<String> {
+        self.0
+            .to_pkcs8_pem(Default::default())
+            .expect("must be valid key")
+    }
+
     pub fn from_encrypted_file(
         path: impl AsRef<Path>,
         password: &str,

p2p/src/identity/secret_key.rs

@@ -51,7 +51,11 @@ pub mod webrtc {
 
         fn peers(&mut self) -> &mut BTreeMap<PeerId, PeerState>;
 
-        fn init<S: TaskSpawner>(_secret_key: SecretKey, _spawner: S) -> P2pServiceCtx {
+        fn init<S: TaskSpawner>(
+            _secret_key: SecretKey,
+            _spawner: S,
+            _rng_seed: [u8; 32],
+        ) -> P2pServiceCtx {
             let (cmd_sender, _) = mpsc::unbounded_channel();
             P2pServiceCtx {
                 cmd_sender,

p2p/src/service_impl/mod.rs

@@ -33,22 +33,22 @@ use crate::{
 #[cfg(all(not(target_arch = "wasm32"), feature = "p2p-webrtc-rs"))]
 mod imports {
     pub use super::webrtc_rs::{
-        build_api, webrtc_signal_send, Api, RTCChannel, RTCConnection, RTCConnectionState,
-        RTCSignalingError,
+        build_api, certificate_from_pem_key, webrtc_signal_send, Api, RTCCertificate, RTCChannel,
+        RTCConnection, RTCConnectionState, RTCSignalingError,
     };
 }
 #[cfg(all(not(target_arch = "wasm32"), feature = "p2p-webrtc-cpp"))]
 mod imports {
     pub use super::webrtc_cpp::{
-        build_api, webrtc_signal_send, Api, RTCChannel, RTCConnection, RTCConnectionState,
-        RTCSignalingError,
+        build_api, certificate_from_pem_key, webrtc_signal_send, Api, RTCCertificate, RTCChannel,
+        RTCConnection, RTCConnectionState, RTCSignalingError,
     };
 }
 #[cfg(target_arch = "wasm32")]
 mod imports {
     pub use super::web::{
-        build_api, webrtc_signal_send, Api, RTCChannel, RTCConnection, RTCConnectionState,
-        RTCSignalingError,
+        build_api, certificate_from_pem_key, webrtc_signal_send, Api, RTCCertificate, RTCChannel,
+        RTCConnection, RTCConnectionState, RTCSignalingError,
     };
 }
 
@@ -140,7 +140,8 @@ pub type OnConnectionStateChangeHdlrFn = Box<
 
 pub struct RTCConfig {
     pub ice_servers: RTCConfigIceServers,
-    // TODO(binier): certificate
+    pub certificate: RTCCertificate,
+    pub seed: [u8; 32],
 }
 
 #[derive(Serialize)]
@@ -223,7 +224,14 @@ async fn wait_for_ice_gathering_complete(pc: &mut RTCConnection) {
     }
 }
 
-async fn peer_start(api: Api, args: PeerAddArgs, abort: Aborted, closed: mpsc::Sender<()>) {
+async fn peer_start(
+    api: Api,
+    args: PeerAddArgs,
+    abort: Aborted,
+    closed: mpsc::Sender<()>,
+    certificate: RTCCertificate,
+    rng_seed: [u8; 32],
+) {
     let PeerAddArgs {
         peer_id,
         kind,
@@ -234,6 +242,8 @@ async fn peer_start(api: Api, args: PeerAddArgs, abort: Aborted, closed: mpsc::S
 
     let config = RTCConfig {
         ice_servers: Default::default(),
+        certificate,
+        seed: rng_seed,
     };
     let fut = async {
         let mut pc = RTCConnection::create(&api, config).await?;
@@ -723,11 +733,15 @@ pub trait P2pServiceWebrtc: redux::Service {
 
     fn peers(&mut self) -> &mut BTreeMap<PeerId, PeerState>;
 
-    fn init<S: TaskSpawner>(secret_key: SecretKey, spawner: S) -> P2pServiceCtx {
+    fn init<S: TaskSpawner>(
+        secret_key: SecretKey,
+        spawner: S,
+        rng_seed: [u8; 32],
+    ) -> P2pServiceCtx {
         const MAX_PEERS: usize = 500;
         let (cmd_sender, mut cmd_receiver) = mpsc::unbounded_channel();
 
-        let _ = secret_key;
+        let certificate = certificate_from_pem_key(secret_key.to_pem().as_str());
 
         spawner.spawn_main("webrtc", async move {
             #[allow(clippy::all)]
@@ -741,6 +755,7 @@ pub trait P2pServiceWebrtc: redux::Service {
                         let conn_permits = conn_permits.clone();
                         let peer_id = args.peer_id;
                         let event_sender = args.event_sender.clone();
+                        let certificate = certificate.clone();
                         spawn_local(async move {
                             let Ok(_permit) = conn_permits.try_acquire() else {
                                 // state machine shouldn't allow this to happen.
@@ -755,8 +770,9 @@ pub trait P2pServiceWebrtc: redux::Service {
                                 event_sender_clone(P2pConnectionEvent::Closed(peer_id).into());
                             });
                             tokio::select! {
-                                _ = peer_start(api, args, aborted.clone(), closed_tx.clone()) => {}
-                                _ = aborted.wait() => {}
+                                _ = peer_start(api, args, aborted.clone(), closed_tx.clone(), certificate, rng_seed) => {}
+                                _ = aborted.wait() => {
+                                }
                             }
 
                             // delay dropping permit to give some time for cleanup.