status-im
/
go-libp2p
mirror of https://github.com/status-im/go-libp2p.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

improve log formatting

This commit is contained in:
noot 2019-08-26 18:18:07 -04:00
parent 618ebb896a
commit edc89c2210
4 changed files with 125 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
p2p/security/noise/ik_handshake.go
View File

@ -10,9 +10,6 @@ import (
)
func (s *secureSession) ik_sendHandshakeMessage(payload []byte, initial_stage bool) error {
log.Debugf("ik_sendHandshakeMessage", "initiator", s.initiator, "payload", payload, "payload len", len(payload))
// create send message w payload
var msgbuf ik.MessageBuffer
s.ik_ns, msgbuf = ik.SendMessage(s.ik_ns, payload)
var encMsgBuf []byte
@ -22,19 +19,19 @@ func (s *secureSession) ik_sendHandshakeMessage(payload []byte, initial_stage bo
encMsgBuf = msgbuf.Encode1()
}
log.Debugf("ik_sendHandshakeMessage", "initiator", s.initiator, "msgbuf", msgbuf)
log.Debugf("ik_sendHandshakeMessage initiator=%v msgbuf=%v", s.initiator, msgbuf)
err := s.writeLength(len(encMsgBuf))
if err != nil {
log.Error("xx_sendHandshakeMessage", "initiator", s.initiator, "error", err)
return fmt.Errorf("xx_sendHandshakeMessage write length fail: %s", err)
log.Error("ik_sendHandshakeMessage initiator=%v err=%s", s.initiator, err)
return fmt.Errorf("ik_sendHandshakeMessage write length err=%s", err)
}
// send message
_, err = s.insecure.Write(encMsgBuf)
if err != nil {
log.Error("ik_sendHandshakeMessage", "initiator", s.initiator, "error", err)
return fmt.Errorf("write to conn fail: %s", err)
log.Error("ik_sendHandshakeMessage initiator=%v err=%s", s.initiator, err)
return fmt.Errorf("ik_sendHandshakeMessage write to conn err=%s", err)
}
return nil
@ -43,14 +40,14 @@ func (s *secureSession) ik_sendHandshakeMessage(payload []byte, initial_stage bo
func (s *secureSession) ik_recvHandshakeMessage(initial_stage bool) (buf []byte, plaintext []byte, valid bool, err error) {
l, err := s.readLength()
if err != nil {
return nil, nil, false, fmt.Errorf("read length fail: %s", err)
return nil, nil, false, fmt.Errorf("ik_recvHandshakeMessage read length err=%s", err)
}
buf = make([]byte, l)
_, err = s.insecure.Read(buf)
if err != nil {
return buf, nil, false, fmt.Errorf("read from conn fail: %s", err)
return buf, nil, false, fmt.Errorf("ik_recvHandshakeMessage read from conn err=%s", err)
}
var msgbuf *ik.MessageBuffer
@ -60,64 +57,42 @@ func (s *secureSession) ik_recvHandshakeMessage(initial_stage bool) (buf []byte,
msgbuf, err = ik.Decode1(buf)
}
log.Debugf("ik_recvHandshakeMessage", "initiator", s.initiator, "msgbuf", msgbuf, "buf len", len(buf))
log.Debugf("ik_recvHandshakeMessage initiator=%v msgbuf=%v", s.initiator, msgbuf)
if err != nil {
log.Error("ik_recvHandshakeMessage decode", "initiator", s.initiator, "error", err)
return buf, nil, false, fmt.Errorf("decode msg fail: %s", err)
log.Error("ik_recvHandshakeMessage initiator=%v decode err=%s", s.initiator, err)
return buf, nil, false, fmt.Errorf("ik_recvHandshakeMessage decode msg fail: %s", err)
}
s.ik_ns, plaintext, valid = ik.RecvMessage(s.ik_ns, msgbuf)
if !valid {
log.Error("ik_recvHandshakeMessage", "initiator", s.initiator, "error", "validation fail")
return buf, nil, false, fmt.Errorf("validation fail")
log.Error("ik_recvHandshakeMessage initiator=%v err=%s", s.initiator, "validation fail")
return buf, nil, false, fmt.Errorf("ik_recvHandshakeMessage validation fail")
}
log.Debugf("recv handshake message", "initiator", s.initiator, "msgbuf", msgbuf, "payload len", len(plaintext))
return buf, plaintext, valid, nil
}
// IK:
// <- s
// ...
// -> e, es, s, ss
// <- e, ee, se
// returns last successful message upon error
func (s *secureSession) runHandshake_ik(ctx context.Context, payload []byte) ([]byte, error) {
kp := ik.NewKeypair(s.noiseKeypair.public_key, s.noiseKeypair.private_key)
log.Debugf("ik handshake", "noise pubkey", kp.PubKey())
// // setup libp2p keys
// localKeyRaw, err := s.LocalPublicKey().Bytes()
// if err != nil {
// return nil, fmt.Errorf("err getting raw pubkey: %s", err)
// }
// log.Debugf("ik handshake", "local libp2p key", localKeyRaw, "len", len(localKeyRaw))
// // sign noise data for payload
// noise_pub := kp.PubKey()
// signedPayload, err := s.localKey.Sign(append([]byte(payload_string), noise_pub[:]...))
// if err != nil {
// return nil, fmt.Errorf("err signing payload: %s", err)
// }
// // create payload
// payload := new(pb.NoiseHandshakePayload)
// payload.Libp2PKey = localKeyRaw
// payload.NoiseStaticKeySignature = signedPayload
// payloadEnc, err := proto.Marshal(payload)
// if err != nil {
// return nil, fmt.Errorf("proto marshal payload fail: %s", err)
// }
log.Debugf("runHandshake_ik initiator=%s pubkey=%x", kp.PubKey(), s.initiator)
// new XX noise session
s.ik_ns = ik.InitSession(s.initiator, s.prologue, kp, s.noiseStaticKeyCache[s.remotePeer])
log.Debugf("ik initiator init session", "remotePeer", s.noiseStaticKeyCache[s.remotePeer])
if s.initiator {
// stage 0 //
err := s.ik_sendHandshakeMessage(payload, true)
if err != nil {
log.Error("stage 0 initiator send", "err", err)
return nil, fmt.Errorf("stage 0 initiator fail: %s", err)
log.Errorf("runHandshake_ik stage=0 initiator=true send err=%s", err)
return nil, fmt.Errorf("runHandshake_ik stage=0 initiator=true err=%s", err)
}
// stage 1 //
@ -125,92 +100,86 @@ func (s *secureSession) runHandshake_ik(ctx context.Context, payload []byte) ([]
// read message
buf, plaintext, valid, err := s.ik_recvHandshakeMessage(false)
if err != nil {
return buf, fmt.Errorf("stage 1 initiator fail: %s", err)
return buf, fmt.Errorf("runHandshake_ik stage=1 initiator=true err=%s", err)
}
if !valid {
return buf, fmt.Errorf("stage 1 initiator validation fail")
return buf, fmt.Errorf("runHandshake_ik stage=1 initiator=true err=validation fail")
}
// unmarshal payload
nhp := new(pb.NoiseHandshakePayload)
err = proto.Unmarshal(plaintext, nhp)
if err != nil {
return buf, fmt.Errorf("stage 1 initiator validation fail: cannot unmarshal payload")
return buf, fmt.Errorf("runHandshake_ik stage=1 initiator=true err=validation fail: cannot unmarshal payload")
}
// set remote libp2p public key
err = s.setRemotePeerInfo(nhp.GetLibp2PKey())
if err != nil {
log.Error("stage 1 initiator set remote peer info", "err", err)
return buf, fmt.Errorf("stage 1 initiator read remote libp2p key fail")
log.Errorf("runHandshake_ik stage=1 initiator=true set remote peer info err=%s", err)
return buf, fmt.Errorf("runHandshake_ik stage=1 initiator=true err=read remote libp2p key fail")
}
// assert that remote peer ID matches libp2p key
err = s.setRemotePeerID(s.RemotePublicKey())
if err != nil {
log.Error("stage 1 initiator set remote peer id", "err", err)
log.Errorf("runHandshake_ik stage=1 initiator=true set remote peer id err=%s", err)
}
// verify payload is signed by libp2p key
err = s.verifyPayload(nhp, s.noiseStaticKeyCache[s.remotePeer])
if err != nil {
log.Error("stage 1 initiator verify payload", "err", err)
log.Errorf("runHandshake_ik stage=1 initiator=true verify payload err=%s", err)
}
} else {
// stage 0 //
log.Debugf("ik responder", "noiseKey", kp.PubKey())
// read message
buf, plaintext, valid, err := s.ik_recvHandshakeMessage(true)
if err != nil {
return buf, fmt.Errorf("stage 0 responder fail: %s", err)
return buf, fmt.Errorf("runHandshake_ik stage=0 initiator=false err=%s", err)
}
if !valid {
return buf, fmt.Errorf("stage 0 responder validation fail")
return buf, fmt.Errorf("runHandshake_ik stage=0 initiator=false err: validation fail")
}
log.Debugf("stage 0 responder", "plaintext", plaintext, "plaintext len", len(plaintext))
// unmarshal payload
nhp := new(pb.NoiseHandshakePayload)
err = proto.Unmarshal(plaintext, nhp)
if err != nil {
return buf, fmt.Errorf("stage 0 responder validation fail: cannot unmarshal payload")
return buf, fmt.Errorf("runHandshake_ik stage=0 initiator=false err=validation fail: cannot unmarshal payload")
}
// set remote libp2p public key
err = s.setRemotePeerInfo(nhp.GetLibp2PKey())
if err != nil {
log.Error("stage 0 responder set remote peer info", "err", err)
return buf, fmt.Errorf("stage 0 responder read remote libp2p key fail")
return buf, fmt.Errorf("runHandshake_ik stage=0 initiator=false err=read remote libp2p key fail")
}
// assert that remote peer ID matches libp2p key
err = s.setRemotePeerID(s.RemotePublicKey())
if err != nil {
log.Error("stage 0 responder set remote peer id", "err", err)
return buf, fmt.Errorf("runHandshake_ik stage=0 initiator=false set remote peer id err=%s:", err)
}
// verify payload is signed by libp2p key
err = s.verifyPayload(nhp, s.ik_ns.RemoteKey())
if err != nil {
log.Error("stage 1 responder verify payload", "err", err)
return buf, fmt.Errorf("runHandshake_ik stage=0 initiator=false verify payload err=%s", err)
}
// stage 1 //
err = s.ik_sendHandshakeMessage(payload, false)
if err != nil {
log.Error("stage 1 responder send", "err", err)
return nil, fmt.Errorf("stage 1 responder fail: %s", err)
return nil, fmt.Errorf("runHandshake_ik stage=1 initiator=false send err=%s", err)
}
}
log.Debugf("ik_handshake done", "initiator", s.initiator)
log.Debugf("runHandshake_ik done initiator=%v", s.initiator)
return nil, nil
}

61
p2p/security/noise/protocol.go
View File

@ -18,10 +18,10 @@ import (
xx "github.com/ChainSafe/go-libp2p-noise/xx"
)
var log = logging.Logger("noise")
const payload_string = "noise-libp2p-static-key:"
var log = logging.Logger("noise")
type secureSession struct {
insecure net.Conn
@ -101,6 +101,10 @@ func (s *secureSession) NoiseStaticKeyCache() map[peer.ID]([32]byte) {
return s.noiseStaticKeyCache
}
func (s *secureSession) NoisePublicKey() [32]byte {
return s.noiseKeypair.public_key
}
func (s *secureSession) NoisePrivateKey() [32]byte {
return s.noiseKeypair.private_key
}
@ -132,7 +136,7 @@ func (s *secureSession) verifyPayload(payload *pb.NoiseHandshakePayload, noiseKe
sig := payload.GetNoiseStaticKeySignature()
msg := append([]byte(payload_string), noiseKey[:]...)
log.Debugf("verifyPayload", "msg", fmt.Sprintf("%x", msg))
log.Debugf("verifyPayload msg=%x", msg)
ok, err := s.RemotePublicKey().Verify(msg, sig)
if err != nil {
@ -145,21 +149,18 @@ func (s *secureSession) verifyPayload(payload *pb.NoiseHandshakePayload, noiseKe
}
func (s *secureSession) runHandshake(ctx context.Context) error {
// setup libp2p keys
localKeyRaw, err := s.LocalPublicKey().Bytes()
if err != nil {
return fmt.Errorf("err getting raw pubkey: %s", err)
return fmt.Errorf("runHandshake err getting raw pubkey: %s", err)
}
log.Debugf("xx handshake", "local key", localKeyRaw, "len", len(localKeyRaw))
// sign noise data for payload
noise_pub := s.noiseKeypair.public_key
signedPayload, err := s.localKey.Sign(append([]byte(payload_string), noise_pub[:]...))
if err != nil {
log.Error("xx handshake signing payload", "err", err)
return fmt.Errorf("err signing payload: %s", err)
log.Errorf("runHandshake signing payload err=%s", err)
return fmt.Errorf("runHandshake signing payload err=%s", err)
}
// create payload
@ -168,23 +169,24 @@ func (s *secureSession) runHandshake(ctx context.Context) error {
payload.NoiseStaticKeySignature = signedPayload
payloadEnc, err := proto.Marshal(payload)
if err != nil {
log.Error("xx handshake marshal payload", "err", err)
return fmt.Errorf("proto marshal payload fail: %s", err)
log.Errorf("runHandshake marshal payload err=%s", err)
return fmt.Errorf("runHandshake proto marshal payload err=%s", err)
}
// if we have the peer's noise static key and we support noise pipes, we can try IK
// if we have the peer's noise static key (and we're the initiator,) and we support noise pipes,
// we can try IK first. if we support noise pipes and we're not the initiator, try IK first
// otherwise, default to XX
if (!s.initiator && s.noiseStaticKeyCache[s.remotePeer] != [32]byte{}) && s.noisePipesSupport {
// known static key for peer, try IK //
// known static key for peer, try IK
buf, err := s.runHandshake_ik(ctx, payloadEnc)
if err != nil {
log.Error("runHandshake_ik", "err", err)
log.Error("runHandshake ik err=%s", err)
// IK failed, pipe to XXfallback
err = s.runHandshake_xx(ctx, true, payloadEnc, buf)
if err != nil {
log.Error("runHandshake_xx", "err", err)
return fmt.Errorf("runHandshake_xx err %s", err)
log.Error("runHandshake xx err=err", err)
return fmt.Errorf("runHandshake xx err=%s", err)
}
s.xx_complete = true
@ -193,11 +195,10 @@ func (s *secureSession) runHandshake(ctx context.Context) error {
s.ik_complete = true
} else {
// unknown static key for peer, try XX //
// unknown static key for peer, try XX
err := s.runHandshake_xx(ctx, false, payloadEnc, nil)
if err != nil {
log.Error("runHandshake_xx", "err", err)
log.Error("runHandshake xx err=%s", err)
return err
}
@ -226,42 +227,38 @@ func (s *secureSession) LocalPublicKey() crypto.PubKey {
func (s *secureSession) Read(buf []byte) (int, error) {
l := len(buf)
// if the session has previously
// if we have previously unread bytes, and they fit into the buf, copy them over and return
if l <= len(s.msgBuffer) {
copy(buf, s.msgBuffer)
s.msgBuffer = s.msgBuffer[l:]
return l, nil
}
// read length of encrypted message
l, err := s.readLength()
if err != nil {
return 0, err
}
// read and decrypt ciphertext
ciphertext := make([]byte, l)
_, err = s.insecure.Read(ciphertext)
if err != nil {
log.Error("read ciphertext err", err)
return 0, err
}
plaintext, err := s.Decrypt(ciphertext)
if err != nil {
log.Error("decrypt err", err)
return 0, err
}
c := copy(buf, plaintext)
// if buffer isn't large enough to store the entire message, save the extra message data
// into the session's message buffer
if c < len(plaintext) {
s.msgBuffer = append(s.msgBuffer, plaintext[len(buf):]...)
}
// append plaintext to message buffer, copy over what can fit in the buf
// then advance message buffer to remove what was copied
s.msgBuffer = append(s.msgBuffer, plaintext...)
c := copy(buf, s.msgBuffer)
s.msgBuffer = s.msgBuffer[c:]
return c, nil
}

4
p2p/security/noise/transport.go
View File

@ -17,11 +17,13 @@ const ID = "/noise/0.0.1"
var _ sec.SecureTransport = &Transport{}
// Keypair is a noise ed25519 public-private keypair
type Keypair struct {
public_key [32]byte
private_key [32]byte
}
// GenerateKeypair creates a new ed25519 keypair
func GenerateKeypair() *Keypair {
var public_key [32]byte
var private_key [32]byte
@ -40,6 +42,8 @@ type Transport struct {
NoiseKeypair *Keypair
}
// NewTransport creates a new noise transport and can be configured to use noise pipes and a given
// noise ed25519 keypair
func NewTransport(localID peer.ID, privkey crypto.PrivKey, noisePipesSupport bool, kp *Keypair) *Transport {
if kp == nil {
kp = GenerateKeypair()

120
p2p/security/noise/xx_handshake.go
View File

@ -12,9 +12,6 @@ import (
)
func (s *secureSession) xx_sendHandshakeMessage(payload []byte, initial_stage bool) error {
log.Debugf("xx_sendHandshakeMessage", "initiator", s.initiator, "payload", payload, "payload len", len(payload), "initial_stage", initial_stage)
// create send message w payload
var msgbuf xx.MessageBuffer
s.xx_ns, msgbuf = xx.SendMessage(s.xx_ns, payload, nil)
var encMsgBuf []byte
@ -24,35 +21,34 @@ func (s *secureSession) xx_sendHandshakeMessage(payload []byte, initial_stage bo
encMsgBuf = msgbuf.Encode1()
}
log.Debugf("xx_sendHandshakeMessage", "initiator", s.initiator, "msgbuf", msgbuf, "initial_stage", initial_stage)
err := s.writeLength(len(encMsgBuf))
if err != nil {
log.Error("xx_sendHandshakeMessage", "initiator", s.initiator, "error", err)
return fmt.Errorf("xx_sendHandshakeMessage write length fail: %s", err)
log.Error("xx_sendHandshakeMessage initiator=%sverr=%s", s.initiator, err)
return fmt.Errorf("xx_sendHandshakeMessage write length err=%s", err)
}
// send message
_, err = s.insecure.Write(encMsgBuf)
if err != nil {
log.Error("xx_sendHandshakeMessage", "initiator", s.initiator, "error", err)
return fmt.Errorf("xx_sendHandshakeMessage write to conn fail: %s", err)
log.Error("xx_sendHandshakeMessage initiator=%v err=%s", s.initiator, err)
return fmt.Errorf("xx_sendHandshakeMessage write to conn err=%s", err)
}
log.Debugf("xx_sendHandshakeMessage initiator=%v msgbuf=%v initial_stage=%v", s.initiator, msgbuf, initial_stage)
return nil
}
func (s *secureSession) xx_recvHandshakeMessage(initial_stage bool) (buf []byte, plaintext []byte, valid bool, err error) {
l, err := s.readLength()
if err != nil {
return nil, nil, false, fmt.Errorf("read length fail: %s", err)
return nil, nil, false, fmt.Errorf("xx_recvHandshakeMessage read length err=%s", err)
}
buf = make([]byte, l)
_, err = s.insecure.Read(buf)
if err != nil {
return buf, nil, false, fmt.Errorf("read from conn fail: %s", err)
return buf, nil, false, fmt.Errorf("xx_recvHandshakeMessage read from conn err=%s", err)
}
var msgbuf *xx.MessageBuffer
@ -63,26 +59,32 @@ func (s *secureSession) xx_recvHandshakeMessage(initial_stage bool) (buf []byte,
}
if err != nil {
log.Debugf("xx_recvHandshakeMessage decode", "initiator", s.initiator, "error", err)
return buf, nil, false, fmt.Errorf("decode msg fail: %s", err)
log.Debugf("xx_recvHandshakeMessage initiator=%v decode err=%s", s.initiator, err)
return buf, nil, false, fmt.Errorf("xx_recvHandshakeMessage decode msg err=%s", err)
}
s.xx_ns, plaintext, valid = xx.RecvMessage(s.xx_ns, msgbuf)
if !valid {
log.Error("xx_recvHandshakeMessage", "initiator", s.initiator, "error", "validation fail")
return buf, nil, false, fmt.Errorf("validation fail")
log.Error("xx_recvHandshakeMessage initiator=%v err=validation fail", s.initiator)
return buf, nil, false, fmt.Errorf("xx_recvHandshakeMessage validation fail")
}
log.Debugf("xx_recvHandshakeMessage", "initiator", s.initiator, "msgbuf", msgbuf, "payload len", len(plaintext))
log.Debugf("xx_recvHandshakeMessage initiator=%v msgbuf=%v initial_stage=%v", s.initiator, msgbuf, initial_stage)
return buf, plaintext, valid, nil
}
// if fallback = true, use msg as initial message in stage 0
// Runs the XX handshake
// XX:
// -> e
// <- e, ee, s, es
// -> s, se
// if fallback = true, initialMsg is used as the message in stage 1 of the initiator and stage 0
// of the responder
func (s *secureSession) runHandshake_xx(ctx context.Context, fallback bool, payload []byte, initialMsg []byte) (err error) {
kp := xx.NewKeypair(s.noiseKeypair.public_key, s.noiseKeypair.private_key)
log.Debugf("xx handshake", "pubkey", kp.PubKey(), "initiator", s.initiator)
log.Debugf("runHandshake_xx initiator=%s fallback=%s pubkey=%x", s.initiator, fallback, kp.PubKey())
// new XX noise session
s.xx_ns = xx.InitSession(s.initiator, s.prologue, kp, [32]byte{})
@ -93,18 +95,18 @@ func (s *secureSession) runHandshake_xx(ctx context.Context, fallback bool, payl
if !fallback {
err = s.xx_sendHandshakeMessage(nil, true)
if err != nil {
return fmt.Errorf("stage 0 initiator fail: %s", err)
return fmt.Errorf("runHandshake_xx stage 0 initiator fail: %s", err)
}
} else {
e_ik := s.ik_ns.Ephemeral()
log.Debugf("xxfallback stage 0 initiator", "ephemeral keys from ik", e_ik)
log.Debugf("runHandshake_xx stage=0 initiator=true fallback=true ephemeralkeys=%x", e_ik)
e_xx := xx.NewKeypair(e_ik.PubKey(), e_ik.PrivKey())
// initialize state as if we sent the first message
var msgbuf xx.MessageBuffer
s.xx_ns, msgbuf = xx.SendMessage(s.xx_ns, nil, &e_xx)
log.Debugf("stage 0 initiator xx", "msgbuf", msgbuf)
log.Debugf("runHandshake_xx stage=0 initiator=true fallback=true msgbuf=%v", msgbuf)
}
// stage 1 //
@ -115,27 +117,27 @@ func (s *secureSession) runHandshake_xx(ctx context.Context, fallback bool, payl
// read reply
_, plaintext, valid, err = s.xx_recvHandshakeMessage(false)
if err != nil {
return fmt.Errorf("initiator stage 1 fail: %s", err)
return fmt.Errorf("runHandshake_xx initiator stage 1 fail: %s", err)
}
if !valid {
return fmt.Errorf("stage 1 initiator validation fail")
return fmt.Errorf("runHandshake_xx stage 1 initiator validation fail")
}
} else {
var msgbuf *xx.MessageBuffer
msgbuf, err = xx.Decode1(initialMsg)
log.Debugf("stage 1 xx_recvHandshakeMessage", "initiator", s.initiator, "msgbuf", msgbuf, "buf len", len(initialMsg))
log.Debugf("xx_recvHandshakeMessage stage=1 initiator=%s msgbuf=%v", s.initiator, msgbuf)
if err != nil {
log.Debugf("stage 1 xx_recvHandshakeMessage decode", "initiator", s.initiator, "error", err)
return fmt.Errorf("decode msg fail: %s", err)
log.Debugf("xx_recvHandshakeMessage stage=1 initiator=%s decode_err=%s", s.initiator, err)
return fmt.Errorf("runHandshake_xx decode msg fail: %s", err)
}
s.xx_ns, plaintext, valid = xx.RecvMessage(s.xx_ns, msgbuf)
if !valid {
log.Error("xx_recvHandshakeMessage", "initiator", s.initiator, "error", "validation fail")
return fmt.Errorf("validation fail")
log.Errorf("xx_recvHandshakeMessage initiator=%s", s.initiator, "error", "validation fail")
return fmt.Errorf("runHandshake_xx validation fail")
}
}
@ -144,35 +146,35 @@ func (s *secureSession) runHandshake_xx(ctx context.Context, fallback bool, payl
err = s.xx_sendHandshakeMessage(payload, false)
if err != nil {
return fmt.Errorf("stage 2 intiator fail: %s", err)
return fmt.Errorf("runHandshake_xx stage=2 initiator=true err=%s", err)
}
// unmarshal payload
nhp := new(pb.NoiseHandshakePayload)
err = proto.Unmarshal(plaintext, nhp)
if err != nil {
return fmt.Errorf("stage 2 initiator validation fail: cannot unmarshal payload")
return fmt.Errorf("runHandshake_xx stage=2 initiator=true err=cannot unmarshal payload")
}
// set remote libp2p public key
err = s.setRemotePeerInfo(nhp.GetLibp2PKey())
if err != nil {
log.Error("stage 2 initiator set remote peer info", "err", err)
return fmt.Errorf("stage 2 initiator read remote libp2p key fail")
log.Errorf("runHandshake_xx stage=2 initiator=true set remote peer info err=%s", err)
return fmt.Errorf("runHandshake_xx stage=2 initiator=true read remote libp2p key fail")
}
// assert that remote peer ID matches libp2p public key
pid, err := peer.IDFromPublicKey(s.RemotePublicKey())
if pid != s.remotePeer {
log.Error("stage 2 initiator check remote peer id err", "expected", s.remotePeer, "got", pid)
log.Errorf("runHandshake_xx stage=2 initiator=true check remote peer id err: expected %x got %x", s.remotePeer, pid)
} else if err != nil {
log.Error("stage 2 initiator check remote peer id", "err", err)
log.Errorf("runHandshake_xx stage 2 initiator check remote peer id err %s", err)
}
// verify payload is signed by libp2p key
err = s.verifyPayload(nhp, s.xx_ns.RemoteKey())
if err != nil {
log.Error("stage 2 initiator verify payload", "err", err)
log.Errorf("runHandshake_xx stage=2 initiator=true verify payload err=%s", err)
}
if s.noisePipesSupport {
@ -183,7 +185,7 @@ func (s *secureSession) runHandshake_xx(ctx context.Context, fallback bool, payl
// stage 0 //
var buf, plaintext []byte
var plaintext []byte
var valid bool
nhp := new(pb.NoiseHandshakePayload)
@ -191,43 +193,36 @@ func (s *secureSession) runHandshake_xx(ctx context.Context, fallback bool, payl
// read message
_, plaintext, valid, err = s.xx_recvHandshakeMessage(true)
if err != nil {
return fmt.Errorf("stage 0 responder fail: %s", err)
return fmt.Errorf("runHandshake_xx stage=0 initiator=false err=%s", err)
}
if !valid {
return fmt.Errorf("stage 0 responder validation fail")
return fmt.Errorf("runHandshake_xx stage=0 initiator=false err=validation fail")
}
} else {
var msgbuf *xx.MessageBuffer
msgbuf, err = xx.Decode1(initialMsg)
if err != nil {
log.Error("xx_recvHandshakeMessage err", err)
log.Errorf("runHandshake_xx recv msg err", err)
return err
}
xx_msgbuf := xx.NewMessageBuffer(msgbuf.NE(), nil, nil)
log.Debugf("xx_recvHandshakeMessage", "initiator", s.initiator, "msgbuf", msgbuf, "modified_msgbuf", xx_msgbuf, "buf len", len(buf))
if err != nil {
log.Debugf("xx_recvHandshakeMessage decode", "initiator", s.initiator, "error", err)
return fmt.Errorf("decode msg fail: %s", err)
}
log.Debugf("runHandshake_xx initiator=false msgbuf=%v modified_msgbuf=%v", msgbuf, xx_msgbuf)
s.xx_ns, plaintext, valid = xx.RecvMessage(s.xx_ns, &xx_msgbuf)
if !valid {
log.Error("xx_recvHandshakeMessage", "initiator", s.initiator, "error", "validation fail")
return fmt.Errorf("validation fail")
log.Errorf("runHandshake_xx initiator=false recv msg err=%s", "validation fail")
return fmt.Errorf("runHandshake_xx validation fail")
}
}
log.Debugf("stage 0 responder", "plaintext", plaintext, "plaintext len", len(plaintext))
// stage 1 //
err = s.xx_sendHandshakeMessage(payload, false)
if err != nil {
return fmt.Errorf("stage 1 responder fail: %s", err)
return fmt.Errorf("runHandshake_xx stage=1 initiator=false err=%s", err)
}
// stage 2 //
@ -235,32 +230,32 @@ func (s *secureSession) runHandshake_xx(ctx context.Context, fallback bool, payl
// read message
_, plaintext, valid, err = s.xx_recvHandshakeMessage(false)
if err != nil {
return fmt.Errorf("stage 2 responder fail: %s", err)
return fmt.Errorf("runHandshake_xx stage=2 initiator=false err=%s", err)
}
if !valid {
return fmt.Errorf("stage 2 responder validation fail")
return fmt.Errorf("runHandshake_xx stage=2 initiator=false err=validation fail")
}
log.Debugf("stage 2 responder", "plaintext", plaintext, "remote key", s.xx_ns.RemoteKey())
log.Debugf("runHandshake_xx stage=2 initiator=false remote key=%x", s.xx_ns.RemoteKey())
// unmarshal payload
err = proto.Unmarshal(plaintext, nhp)
if err != nil {
return fmt.Errorf("stage 0 responder validation fail: cannot unmarshal payload")
return fmt.Errorf("runHandshake_xx stage=2 initiator=false err=cannot unmarshal payload")
}
// set remote libp2p public key
err = s.setRemotePeerInfo(nhp.GetLibp2PKey())
if err != nil {
log.Error("stage 0 responder set remote peer info", "err", err)
return fmt.Errorf("stage 0 responder read remote libp2p key fail")
log.Errorf("runHandshake_xx stage=2 initiator=false set remote peer info err=%s", err)
return fmt.Errorf("runHandshake_xx stage=2 initiator=false read remote libp2p key fail")
}
// assert that remote peer ID matches libp2p key
err = s.setRemotePeerID(s.RemotePublicKey())
if err != nil {
log.Error("stage 0 responder set remote peer id", "err", err)
log.Errorf("runHandshake_xx stage=2 initiator=false set remote peer id err=%s", err)
}
s.remote.noiseKey = s.xx_ns.RemoteKey()
@ -268,16 +263,15 @@ func (s *secureSession) runHandshake_xx(ctx context.Context, fallback bool, payl
// verify payload is signed by libp2p key
err = s.verifyPayload(nhp, s.remote.noiseKey)
if err != nil {
log.Error("stage 2 responder verify payload", "err", err)
return fmt.Errorf("stage 2 responder fail: %s", err)
log.Errorf("runHandshake_xx stage=2 initiator=false verify payload err=%s", err)
return fmt.Errorf("runHandshake_xx stage=2 initiator=false err=%s", err)
}
if s.noisePipesSupport {
s.noiseStaticKeyCache[s.remotePeer] = s.remote.noiseKey
}
log.Debugf("stage 2 responder", "remote key", s.remote.noiseKey)
}
log.Debugf("xx_handshake done", "initiator", s.initiator)
log.Debugf("runHandshake_xx done initiator=%v", s.initiator)
return nil
}