Merge pull request #1466 from libp2p/merge-tls

move go-libp2p-tls here

defaults.go

@@ -8,6 +8,7 @@ import (
 	"github.com/libp2p/go-libp2p/p2p/muxer/yamux"
 	"github.com/libp2p/go-libp2p/p2p/net/connmgr"
 	"github.com/libp2p/go-libp2p/p2p/security/noise"
+	tls "github.com/libp2p/go-libp2p/p2p/security/tls"
 	quic "github.com/libp2p/go-libp2p/p2p/transport/quic"
 	"github.com/libp2p/go-libp2p/p2p/transport/tcp"
 	ws "github.com/libp2p/go-libp2p/p2p/transport/websocket"
@@ -16,7 +17,6 @@ import (
 
 	"github.com/libp2p/go-libp2p-peerstore/pstoremem"
 	rcmgr "github.com/libp2p/go-libp2p-resource-manager"
-	tls "github.com/libp2p/go-libp2p-tls"
 	"github.com/multiformats/go-multiaddr"
 )
 

go.mod

@@ -26,7 +26,6 @@ require (
 	github.com/libp2p/go-libp2p-pnet v0.2.0
 	github.com/libp2p/go-libp2p-resource-manager v0.2.1
 	github.com/libp2p/go-libp2p-testing v0.9.2
-	github.com/libp2p/go-libp2p-tls v0.4.1
 	github.com/libp2p/go-mplex v0.7.0
 	github.com/libp2p/go-msgio v0.2.0
 	github.com/libp2p/go-netroute v0.2.0
@@ -52,6 +51,7 @@ require (
 	github.com/whyrusleeping/multiaddr-filter v0.0.0-20160516205228-e903e4adabd7
 	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
+	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
 )
 
 require (
@@ -82,6 +82,7 @@ require (
 	github.com/libp2p/go-libp2p-blankhost v0.3.0 // indirect
 	github.com/libp2p/go-libp2p-quic-transport v0.17.0 // indirect
 	github.com/libp2p/go-libp2p-swarm v0.10.2 // indirect
+	github.com/libp2p/go-libp2p-tls v0.4.1 // indirect
 	github.com/libp2p/go-libp2p-transport-upgrader v0.7.1 // indirect
 	github.com/libp2p/go-libp2p-yamux v0.9.1 // indirect
 	github.com/libp2p/go-nat v0.1.0 // indirect
@@ -117,7 +118,6 @@ require (
 	go.uber.org/zap v1.21.0 // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect
 	golang.org/x/net v0.0.0-20220418201149-a630d4f3e7a2 // indirect
-	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect
 	golang.org/x/tools v0.1.10 // indirect
 	golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
 	google.golang.org/grpc v1.45.0 // indirect

p2p/security/tls/LICENSE.md

@@ -0,0 +1,7 @@
+Copyright 2018 Marten Seemann
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

p2p/security/tls/cmd/README.md

@@ -0,0 +1,6 @@
+# TLS handshake example
+
+Run
+```bash
+go run cmd/tlsdiag.go server
+```

p2p/security/tls/cmd/tlsdiag.go

@@ -0,0 +1,33 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/libp2p/go-libp2p/p2p/security/tls/cmd/tlsdiag"
+)
+
+func main() {
+	if len(os.Args) <= 1 {
+		fmt.Println("missing argument: client / server")
+		return
+	}
+
+	role := os.Args[1]
+	// remove the role argument from os.Args
+	os.Args = append([]string{os.Args[0]}, os.Args[2:]...)
+
+	var err error
+	switch role {
+	case "client":
+		err = tlsdiag.StartClient()
+	case "server":
+		err = tlsdiag.StartServer()
+	default:
+		fmt.Println("invalid argument. Expected client / server")
+		return
+	}
+	if err != nil {
+		panic(err)
+	}
+}

p2p/security/tls/cmd/tlsdiag/client.go

@@ -0,0 +1,63 @@
+package tlsdiag
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"time"
+
+	libp2ptls "github.com/libp2p/go-libp2p/p2p/security/tls"
+
+	"github.com/libp2p/go-libp2p-core/peer"
+)
+
+func StartClient() error {
+	port := flag.Int("p", 5533, "port")
+	peerIDString := flag.String("id", "", "peer ID")
+	keyType := flag.String("key", "ecdsa", "rsa, ecdsa, ed25519 or secp256k1")
+	flag.Parse()
+
+	priv, err := generateKey(*keyType)
+	if err != nil {
+		return err
+	}
+
+	peerID, err := peer.Decode(*peerIDString)
+	if err != nil {
+		return err
+	}
+
+	id, err := peer.IDFromPrivateKey(priv)
+	if err != nil {
+		return err
+	}
+	fmt.Printf(" Peer ID: %s\n", id.Pretty())
+	tp, err := libp2ptls.New(priv)
+	if err != nil {
+		return err
+	}
+
+	remoteAddr := fmt.Sprintf("localhost:%d", *port)
+	fmt.Printf("Dialing %s\n", remoteAddr)
+	conn, err := net.Dial("tcp", remoteAddr)
+	if err != nil {
+		return err
+	}
+	fmt.Printf("Dialed raw connection to %s\n", conn.RemoteAddr())
+
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+	sconn, err := tp.SecureOutbound(ctx, conn, peerID)
+	if err != nil {
+		return err
+	}
+	fmt.Printf("Authenticated server: %s\n", sconn.RemotePeer().Pretty())
+	data, err := ioutil.ReadAll(sconn)
+	if err != nil {
+		return err
+	}
+	fmt.Printf("Received message from server: %s\n", string(data))
+	return nil
+}

p2p/security/tls/cmd/tlsdiag/key.go

@@ -0,0 +1,28 @@
+package tlsdiag
+
+import (
+	"crypto/rand"
+	"fmt"
+
+	ic "github.com/libp2p/go-libp2p-core/crypto"
+)
+
+func generateKey(keyType string) (priv ic.PrivKey, err error) {
+	switch keyType {
+	case "rsa":
+		fmt.Printf("Generated new peer with an RSA key.")
+		priv, _, err = ic.GenerateRSAKeyPair(2048, rand.Reader)
+	case "ecdsa":
+		fmt.Printf("Generated new peer with an ECDSA key.")
+		priv, _, err = ic.GenerateECDSAKeyPair(rand.Reader)
+	case "ed25519":
+		fmt.Printf("Generated new peer with an Ed25519 key.")
+		priv, _, err = ic.GenerateEd25519Key(rand.Reader)
+	case "secp256k1":
+		fmt.Printf("Generated new peer with an Secp256k1 key.")
+		priv, _, err = ic.GenerateSecp256k1Key(rand.Reader)
+	default:
+		return nil, fmt.Errorf("unknown key type: %s", keyType)
+	}
+	return
+}

p2p/security/tls/cmd/tlsdiag/server.go

@@ -0,0 +1,68 @@
+package tlsdiag
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"net"
+	"time"
+
+	libp2ptls "github.com/libp2p/go-libp2p/p2p/security/tls"
+
+	"github.com/libp2p/go-libp2p-core/peer"
+)
+
+func StartServer() error {
+	port := flag.Int("p", 5533, "port")
+	keyType := flag.String("key", "ecdsa", "rsa, ecdsa, ed25519 or secp256k1")
+	flag.Parse()
+
+	priv, err := generateKey(*keyType)
+	if err != nil {
+		return err
+	}
+
+	id, err := peer.IDFromPrivateKey(priv)
+	if err != nil {
+		return err
+	}
+	fmt.Printf(" Peer ID: %s\n", id.Pretty())
+	tp, err := libp2ptls.New(priv)
+	if err != nil {
+		return err
+	}
+
+	ln, err := net.Listen("tcp", fmt.Sprintf("localhost:%d", *port))
+	if err != nil {
+		return err
+	}
+	fmt.Printf("Listening for new connections on %s\n", ln.Addr())
+	fmt.Printf("Now run the following command in a separate terminal:\n")
+	fmt.Printf("\tgo run cmd/tlsdiag.go client -p %d -id %s\n", *port, id.Pretty())
+
+	for {
+		conn, err := ln.Accept()
+		if err != nil {
+			return err
+		}
+		fmt.Printf("Accepted raw connection from %s\n", conn.RemoteAddr())
+		go func() {
+			if err := handleConn(tp, conn); err != nil {
+				fmt.Printf("Error handling connection from %s: %s\n", conn.RemoteAddr(), err)
+			}
+		}()
+	}
+}
+
+func handleConn(tp *libp2ptls.Transport, conn net.Conn) error {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+	sconn, err := tp.SecureInbound(ctx, conn, "")
+	if err != nil {
+		return err
+	}
+	fmt.Printf("Authenticated client: %s\n", sconn.RemotePeer().Pretty())
+	fmt.Fprintf(sconn, "Hello client!")
+	fmt.Printf("Closing connection to %s\n", conn.RemoteAddr())
+	return sconn.Close()
+}

p2p/security/tls/conn.go

@@ -0,0 +1,37 @@
+package libp2ptls
+
+import (
+	"crypto/tls"
+
+	ci "github.com/libp2p/go-libp2p-core/crypto"
+	"github.com/libp2p/go-libp2p-core/peer"
+	"github.com/libp2p/go-libp2p-core/sec"
+)
+
+type conn struct {
+	*tls.Conn
+
+	localPeer peer.ID
+	privKey   ci.PrivKey
+
+	remotePeer   peer.ID
+	remotePubKey ci.PubKey
+}
+
+var _ sec.SecureConn = &conn{}
+
+func (c *conn) LocalPeer() peer.ID {
+	return c.localPeer
+}
+
+func (c *conn) LocalPrivateKey() ci.PrivKey {
+	return c.privKey
+}
+
+func (c *conn) RemotePeer() peer.ID {
+	return c.remotePeer
+}
+
+func (c *conn) RemotePublicKey() ci.PubKey {
+	return c.remotePubKey
+}