2021-06-16 20:19:45 +00:00
|
|
|
package noise
|
|
|
|
|
|
|
|
import (
|
2021-10-19 13:43:41 +00:00
|
|
|
"bufio"
|
2021-06-16 20:19:45 +00:00
|
|
|
"context"
|
|
|
|
"net"
|
|
|
|
"sync"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/flynn/noise"
|
|
|
|
|
2022-11-04 13:57:20 +00:00
|
|
|
"github.com/libp2p/go-libp2p/core/crypto"
|
2023-02-22 21:58:17 +00:00
|
|
|
"github.com/libp2p/go-libp2p/core/network"
|
2022-11-04 13:57:20 +00:00
|
|
|
"github.com/libp2p/go-libp2p/core/peer"
|
2023-02-22 21:58:17 +00:00
|
|
|
"github.com/libp2p/go-libp2p/core/protocol"
|
2021-06-16 20:19:45 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type secureSession struct {
|
2023-02-22 21:58:17 +00:00
|
|
|
initiator bool
|
|
|
|
checkPeerID bool
|
2021-06-16 20:19:45 +00:00
|
|
|
|
|
|
|
localID peer.ID
|
|
|
|
localKey crypto.PrivKey
|
|
|
|
remoteID peer.ID
|
|
|
|
remoteKey crypto.PubKey
|
|
|
|
|
|
|
|
readLock sync.Mutex
|
|
|
|
writeLock sync.Mutex
|
2021-10-19 13:43:41 +00:00
|
|
|
|
|
|
|
insecureConn net.Conn
|
|
|
|
insecureReader *bufio.Reader // to cushion io read syscalls
|
|
|
|
// we don't buffer writes to avoid introducing latency; optimisation possible. // TODO revisit
|
2021-06-16 20:19:45 +00:00
|
|
|
|
|
|
|
qseek int // queued bytes seek value.
|
|
|
|
qbuf []byte // queued bytes buffer.
|
|
|
|
rlen [2]byte // work buffer to read in the incoming message length.
|
|
|
|
|
|
|
|
enc *noise.CipherState
|
|
|
|
dec *noise.CipherState
|
2022-11-04 13:57:20 +00:00
|
|
|
|
|
|
|
// noise prologue
|
|
|
|
prologue []byte
|
|
|
|
|
|
|
|
initiatorEarlyDataHandler, responderEarlyDataHandler EarlyDataHandler
|
2023-02-22 21:58:17 +00:00
|
|
|
|
|
|
|
// ConnectionState holds state information releated to the secureSession entity.
|
|
|
|
connectionState network.ConnectionState
|
2021-06-16 20:19:45 +00:00
|
|
|
}
|
|
|
|
|
2021-10-19 13:43:41 +00:00
|
|
|
// newSecureSession creates a Noise session over the given insecureConn Conn, using
|
2021-06-16 20:19:45 +00:00
|
|
|
// the libp2p identity keypair from the given Transport.
|
2023-02-22 21:58:17 +00:00
|
|
|
func newSecureSession(tpt *Transport, ctx context.Context, insecure net.Conn, remote peer.ID, prologue []byte, initiatorEDH, responderEDH EarlyDataHandler, initiator, checkPeerID bool) (*secureSession, error) {
|
2021-06-16 20:19:45 +00:00
|
|
|
s := &secureSession{
|
2022-11-04 13:57:20 +00:00
|
|
|
insecureConn: insecure,
|
|
|
|
insecureReader: bufio.NewReader(insecure),
|
|
|
|
initiator: initiator,
|
|
|
|
localID: tpt.localID,
|
|
|
|
localKey: tpt.privateKey,
|
|
|
|
remoteID: remote,
|
|
|
|
prologue: prologue,
|
|
|
|
initiatorEarlyDataHandler: initiatorEDH,
|
|
|
|
responderEarlyDataHandler: responderEDH,
|
2023-02-22 21:58:17 +00:00
|
|
|
checkPeerID: checkPeerID,
|
2021-06-16 20:19:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// the go-routine we create to run the handshake will
|
|
|
|
// write the result of the handshake to the respCh.
|
|
|
|
respCh := make(chan error, 1)
|
|
|
|
go func() {
|
|
|
|
respCh <- s.runHandshake(ctx)
|
|
|
|
}()
|
|
|
|
|
|
|
|
select {
|
|
|
|
case err := <-respCh:
|
|
|
|
if err != nil {
|
2021-10-19 13:43:41 +00:00
|
|
|
_ = s.insecureConn.Close()
|
2021-06-16 20:19:45 +00:00
|
|
|
}
|
|
|
|
return s, err
|
|
|
|
|
|
|
|
case <-ctx.Done():
|
|
|
|
// If the context has been cancelled, we close the underlying connection.
|
|
|
|
// We then wait for the handshake to return because of the first error it encounters
|
|
|
|
// so we don't return without cleaning up the go-routine.
|
2021-10-19 13:43:41 +00:00
|
|
|
_ = s.insecureConn.Close()
|
2021-06-16 20:19:45 +00:00
|
|
|
<-respCh
|
|
|
|
return nil, ctx.Err()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *secureSession) LocalAddr() net.Addr {
|
2021-10-19 13:43:41 +00:00
|
|
|
return s.insecureConn.LocalAddr()
|
2021-06-16 20:19:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *secureSession) LocalPeer() peer.ID {
|
|
|
|
return s.localID
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *secureSession) LocalPublicKey() crypto.PubKey {
|
|
|
|
return s.localKey.GetPublic()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *secureSession) RemoteAddr() net.Addr {
|
2021-10-19 13:43:41 +00:00
|
|
|
return s.insecureConn.RemoteAddr()
|
2021-06-16 20:19:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *secureSession) RemotePeer() peer.ID {
|
|
|
|
return s.remoteID
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *secureSession) RemotePublicKey() crypto.PubKey {
|
|
|
|
return s.remoteKey
|
|
|
|
}
|
|
|
|
|
2023-02-22 21:58:17 +00:00
|
|
|
func (s *secureSession) ConnState() network.ConnectionState {
|
|
|
|
return s.connectionState
|
|
|
|
}
|
|
|
|
|
2021-06-16 20:19:45 +00:00
|
|
|
func (s *secureSession) SetDeadline(t time.Time) error {
|
2021-10-19 13:43:41 +00:00
|
|
|
return s.insecureConn.SetDeadline(t)
|
2021-06-16 20:19:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *secureSession) SetReadDeadline(t time.Time) error {
|
2021-10-19 13:43:41 +00:00
|
|
|
return s.insecureConn.SetReadDeadline(t)
|
2021-06-16 20:19:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *secureSession) SetWriteDeadline(t time.Time) error {
|
2021-10-19 13:43:41 +00:00
|
|
|
return s.insecureConn.SetWriteDeadline(t)
|
2021-06-16 20:19:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *secureSession) Close() error {
|
2021-10-19 13:43:41 +00:00
|
|
|
return s.insecureConn.Close()
|
2021-06-16 20:19:45 +00:00
|
|
|
}
|
2023-02-22 21:58:17 +00:00
|
|
|
|
|
|
|
func SessionWithConnState(s *secureSession, muxer protocol.ID) *secureSession {
|
|
|
|
if s != nil {
|
|
|
|
s.connectionState.StreamMultiplexer = muxer
|
2023-04-07 18:23:07 +00:00
|
|
|
s.connectionState.UsedEarlyMuxerNegotiation = muxer != ""
|
2023-02-22 21:58:17 +00:00
|
|
|
}
|
|
|
|
return s
|
|
|
|
}
|