From 7e0d57a7908bc52e76aedcaa2d21ca34fd6f29cd Mon Sep 17 00:00:00 2001 From: skosito Date: Tue, 22 Oct 2024 13:06:24 +0200 Subject: [PATCH 01/22] add boilerplate for whitelist connection gater --- p2p/communication.go | 1 + p2p/whitelist_connection_gater.go | 41 +++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 p2p/whitelist_connection_gater.go diff --git a/p2p/communication.go b/p2p/communication.go index 81ab547..e362c29 100644 --- a/p2p/communication.go +++ b/p2p/communication.go @@ -301,6 +301,7 @@ func (c *Communication) startChannel(privKeyBytes []byte) error { libp2p.AddrsFactory(addressFactory), libp2p.ResourceManager(m), libp2p.ConnectionManager(cmgr), + libp2p.ConnectionGater(WhitelistConnectionGater{whitelistedPeers: make(map[peer.ID]bool)}), ) if err != nil { return fmt.Errorf("fail to create p2p host: %w", err) diff --git a/p2p/whitelist_connection_gater.go b/p2p/whitelist_connection_gater.go new file mode 100644 index 0000000..691896b --- /dev/null +++ b/p2p/whitelist_connection_gater.go @@ -0,0 +1,41 @@ +package p2p + +import ( + "github.com/libp2p/go-libp2p/core/control" + "github.com/libp2p/go-libp2p/core/network" + "github.com/rs/zerolog" + + "github.com/libp2p/go-libp2p/core/peer" + maddr "github.com/multiformats/go-multiaddr" +) + +type WhitelistConnectionGater struct { + whitelistedPeers map[peer.ID]bool + logger zerolog.Logger +} + +func (wg WhitelistConnectionGater) InterceptPeerDial(p peer.ID) (allow bool) { + wg.logger.Info().Msgf("InterceptPeerDial %s", p.String()) + // _, allow = wg.whitelistedPeers[p] + return true +} + +func (wg WhitelistConnectionGater) InterceptAddrDial(p peer.ID, m maddr.Multiaddr) (allow bool) { + wg.logger.Info().Msgf("InterceptAddrDial %s", p.String()) + // Not checking addresses here, just allowing based on peer ID + return true +} + +func (wg WhitelistConnectionGater) InterceptAccept(network.ConnMultiaddrs) (allow bool) { + return true +} + +func (wg WhitelistConnectionGater) InterceptSecured(direction network.Direction, p peer.ID, _ network.ConnMultiaddrs) (allow bool) { + _, allow = wg.whitelistedPeers[p] + return allow +} + +func (wg WhitelistConnectionGater) InterceptUpgraded(network.Conn) (bool, control.DisconnectReason) { + // Allow connection upgrades + return true, 0 +} From d29d2628257362962ef6b1b1d4eb9ae6b98412e0 Mon Sep 17 00:00:00 2001 From: skosito Date: Tue, 22 Oct 2024 13:09:29 +0200 Subject: [PATCH 02/22] intercept secured log and comment out whitelist --- p2p/whitelist_connection_gater.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/p2p/whitelist_connection_gater.go b/p2p/whitelist_connection_gater.go index 691896b..2ef5c13 100644 --- a/p2p/whitelist_connection_gater.go +++ b/p2p/whitelist_connection_gater.go @@ -31,8 +31,9 @@ func (wg WhitelistConnectionGater) InterceptAccept(network.ConnMultiaddrs) (allo } func (wg WhitelistConnectionGater) InterceptSecured(direction network.Direction, p peer.ID, _ network.ConnMultiaddrs) (allow bool) { - _, allow = wg.whitelistedPeers[p] - return allow + wg.logger.Info().Msgf("InterceptSecured %s", p.String()) + // _, allow = wg.whitelistedPeers[p] + return true } func (wg WhitelistConnectionGater) InterceptUpgraded(network.Conn) (bool, control.DisconnectReason) { From c6db5532eaf4ff2794ab96426bc910cbb58b4644 Mon Sep 17 00:00:00 2001 From: skosito Date: Tue, 22 Oct 2024 13:22:49 +0200 Subject: [PATCH 03/22] fixes --- p2p/communication.go | 2 +- p2p/whitelist_connection_gater.go | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/p2p/communication.go b/p2p/communication.go index e362c29..02c894b 100644 --- a/p2p/communication.go +++ b/p2p/communication.go @@ -301,7 +301,7 @@ func (c *Communication) startChannel(privKeyBytes []byte) error { libp2p.AddrsFactory(addressFactory), libp2p.ResourceManager(m), libp2p.ConnectionManager(cmgr), - libp2p.ConnectionGater(WhitelistConnectionGater{whitelistedPeers: make(map[peer.ID]bool)}), + libp2p.ConnectionGater(&WhitelistConnectionGater{whitelistedPeers: make(map[peer.ID]bool)}), ) if err != nil { return fmt.Errorf("fail to create p2p host: %w", err) diff --git a/p2p/whitelist_connection_gater.go b/p2p/whitelist_connection_gater.go index 2ef5c13..9687d4d 100644 --- a/p2p/whitelist_connection_gater.go +++ b/p2p/whitelist_connection_gater.go @@ -14,29 +14,29 @@ type WhitelistConnectionGater struct { logger zerolog.Logger } -func (wg WhitelistConnectionGater) InterceptPeerDial(p peer.ID) (allow bool) { +func (wg *WhitelistConnectionGater) InterceptPeerDial(p peer.ID) (allow bool) { wg.logger.Info().Msgf("InterceptPeerDial %s", p.String()) // _, allow = wg.whitelistedPeers[p] return true } -func (wg WhitelistConnectionGater) InterceptAddrDial(p peer.ID, m maddr.Multiaddr) (allow bool) { +func (wg *WhitelistConnectionGater) InterceptAddrDial(p peer.ID, m maddr.Multiaddr) (allow bool) { wg.logger.Info().Msgf("InterceptAddrDial %s", p.String()) // Not checking addresses here, just allowing based on peer ID return true } -func (wg WhitelistConnectionGater) InterceptAccept(network.ConnMultiaddrs) (allow bool) { +func (wg *WhitelistConnectionGater) InterceptAccept(network.ConnMultiaddrs) (allow bool) { return true } -func (wg WhitelistConnectionGater) InterceptSecured(direction network.Direction, p peer.ID, _ network.ConnMultiaddrs) (allow bool) { +func (wg *WhitelistConnectionGater) InterceptSecured(direction network.Direction, p peer.ID, _ network.ConnMultiaddrs) (allow bool) { wg.logger.Info().Msgf("InterceptSecured %s", p.String()) // _, allow = wg.whitelistedPeers[p] return true } -func (wg WhitelistConnectionGater) InterceptUpgraded(network.Conn) (bool, control.DisconnectReason) { +func (wg *WhitelistConnectionGater) InterceptUpgraded(network.Conn) (bool, control.DisconnectReason) { // Allow connection upgrades return true, 0 } From ec5aee1393d9a8c715307b9c0671478b45ba00df Mon Sep 17 00:00:00 2001 From: skosito Date: Tue, 22 Oct 2024 13:23:06 +0200 Subject: [PATCH 04/22] init logger --- p2p/communication.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/p2p/communication.go b/p2p/communication.go index 02c894b..b5ed471 100644 --- a/p2p/communication.go +++ b/p2p/communication.go @@ -301,7 +301,7 @@ func (c *Communication) startChannel(privKeyBytes []byte) error { libp2p.AddrsFactory(addressFactory), libp2p.ResourceManager(m), libp2p.ConnectionManager(cmgr), - libp2p.ConnectionGater(&WhitelistConnectionGater{whitelistedPeers: make(map[peer.ID]bool)}), + libp2p.ConnectionGater(&WhitelistConnectionGater{whitelistedPeers: make(map[peer.ID]bool), logger: c.logger}), ) if err != nil { return fmt.Errorf("fail to create p2p host: %w", err) From 69d39f76c4ffff9ec14df0afc6cd5d7093181e2a Mon Sep 17 00:00:00 2001 From: skosito Date: Tue, 22 Oct 2024 13:40:29 +0200 Subject: [PATCH 05/22] comment out dht code --- p2p/communication.go | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/p2p/communication.go b/p2p/communication.go index b5ed471..29417b8 100644 --- a/p2p/communication.go +++ b/p2p/communication.go @@ -10,14 +10,11 @@ import ( "time" libp2p "github.com/libp2p/go-libp2p" - dht "github.com/libp2p/go-libp2p-kad-dht" "github.com/libp2p/go-libp2p/core/crypto" "github.com/libp2p/go-libp2p/core/host" "github.com/libp2p/go-libp2p/core/network" "github.com/libp2p/go-libp2p/core/peer" "github.com/libp2p/go-libp2p/core/protocol" - discovery_routing "github.com/libp2p/go-libp2p/p2p/discovery/routing" - discovery_util "github.com/libp2p/go-libp2p/p2p/discovery/util" rcmgr "github.com/libp2p/go-libp2p/p2p/host/resource-manager" "github.com/libp2p/go-libp2p/p2p/net/connmgr" "github.com/libp2p/go-libp2p/p2p/protocol/ping" @@ -244,7 +241,7 @@ func (c *Communication) bootStrapConnectivityCheck() error { } func (c *Communication) startChannel(privKeyBytes []byte) error { - ctx := context.Background() + // ctx := context.Background() p2pPriKey, err := crypto.UnmarshalSecp256k1PrivateKey(privKeyBytes) if err != nil { c.logger.Error().Msgf("error is %f", err) @@ -309,18 +306,18 @@ func (c *Communication) startChannel(privKeyBytes []byte) error { c.host = h c.logger.Info().Msgf("Host created, we are: %s, at: %s", h.ID(), h.Addrs()) h.SetStreamHandler(TSSProtocolID, c.handleStream) - // Start a DHT, for use in peer discovery. We can't just make a new DHT - // client because we want each peer to maintain its own local copy of the - // DHT, so that the bootstrapping node of the DHT can go down without - // inhibiting future peer discovery. - kademliaDHT, err := dht.New(ctx, h, dht.Mode(dht.ModeServer)) - if err != nil { - return fmt.Errorf("fail to create DHT: %w", err) - } - c.logger.Debug().Msg("Bootstrapping the DHT") - if err = kademliaDHT.Bootstrap(ctx); err != nil { - return fmt.Errorf("fail to bootstrap DHT: %w", err) - } + // // Start a DHT, for use in peer discovery. We can't just make a new DHT + // // client because we want each peer to maintain its own local copy of the + // // DHT, so that the bootstrapping node of the DHT can go down without + // // inhibiting future peer discovery. + // kademliaDHT, err := dht.New(ctx, h, dht.Mode(dht.ModeServer)) + // if err != nil { + // return fmt.Errorf("fail to create DHT: %w", err) + // } + // c.logger.Debug().Msg("Bootstrapping the DHT") + // if err = kademliaDHT.Bootstrap(ctx); err != nil { + // return fmt.Errorf("fail to bootstrap DHT: %w", err) + // } var connectionErr error for i := 0; i < 5; i++ { @@ -337,8 +334,8 @@ func (c *Communication) startChannel(privKeyBytes []byte) error { // We use a rendezvous point "meet me here" to announce our location. // This is like telling your friends to meet you at the Eiffel Tower. - routingDiscovery := discovery_routing.NewRoutingDiscovery(kademliaDHT) - discovery_util.Advertise(ctx, routingDiscovery, c.rendezvous) + // routingDiscovery := discovery_routing.NewRoutingDiscovery(kademliaDHT) + // discovery_util.Advertise(ctx, routingDiscovery, c.rendezvous) err = c.bootStrapConnectivityCheck() if err != nil { return err From 81c3bb9262739625c456d033fe55fbab5e4ffb3a Mon Sep 17 00:00:00 2001 From: skosito Date: Tue, 22 Oct 2024 15:58:52 +0200 Subject: [PATCH 06/22] add whitelist peers to constructor and gater --- p2p/communication.go | 15 +++++++++++-- p2p/whitelist_connection_gater.go | 36 ++++++++++++++++++++++++++----- tss/tss.go | 8 ++++++- 3 files changed, 51 insertions(+), 8 deletions(-) diff --git a/p2p/communication.go b/p2p/communication.go index 29417b8..97cf636 100644 --- a/p2p/communication.go +++ b/p2p/communication.go @@ -59,10 +59,19 @@ type Communication struct { BroadcastMsgChan chan *messages.BroadcastMsgChan externalAddr maddr.Multiaddr streamMgr *StreamMgr + whitelistedPeers []string + disableWhitelist bool } // NewCommunication create a new instance of Communication -func NewCommunication(rendezvous string, bootstrapPeers []maddr.Multiaddr, port int, externalIP string) (*Communication, error) { +func NewCommunication( + rendezvous string, + bootstrapPeers []maddr.Multiaddr, + port int, + externalIP string, + whitelistedPeers []string, + disableWhitelist bool, +) (*Communication, error) { addr, err := maddr.NewMultiaddr(fmt.Sprintf("/ip4/0.0.0.0/tcp/%d", port)) if err != nil { return nil, fmt.Errorf("fail to create listen addr: %w", err) @@ -87,6 +96,8 @@ func NewCommunication(rendezvous string, bootstrapPeers []maddr.Multiaddr, port BroadcastMsgChan: make(chan *messages.BroadcastMsgChan, 1024), externalAddr: externalAddr, streamMgr: NewStreamMgr(), + whitelistedPeers: whitelistedPeers, + disableWhitelist: disableWhitelist, }, nil } @@ -298,7 +309,7 @@ func (c *Communication) startChannel(privKeyBytes []byte) error { libp2p.AddrsFactory(addressFactory), libp2p.ResourceManager(m), libp2p.ConnectionManager(cmgr), - libp2p.ConnectionGater(&WhitelistConnectionGater{whitelistedPeers: make(map[peer.ID]bool), logger: c.logger}), + libp2p.ConnectionGater(NewWhitelistConnectionGater(c.whitelistedPeers, c.disableWhitelist, c.logger)), ) if err != nil { return fmt.Errorf("fail to create p2p host: %w", err) diff --git a/p2p/whitelist_connection_gater.go b/p2p/whitelist_connection_gater.go index 9687d4d..8d31ee5 100644 --- a/p2p/whitelist_connection_gater.go +++ b/p2p/whitelist_connection_gater.go @@ -10,18 +10,40 @@ import ( ) type WhitelistConnectionGater struct { - whitelistedPeers map[peer.ID]bool + whitelistedPeers map[string]bool logger zerolog.Logger + disableWhitelist bool +} + +func NewWhitelistConnectionGater(whitelistedPeers []string, disableWhitelist bool, logger zerolog.Logger) *WhitelistConnectionGater { + gater := &WhitelistConnectionGater{ + disableWhitelist: disableWhitelist, + logger: logger, + whitelistedPeers: make(map[string]bool), + } + + for _, p := range whitelistedPeers { + gater.whitelistedPeers[p] = true + } + + return gater } func (wg *WhitelistConnectionGater) InterceptPeerDial(p peer.ID) (allow bool) { - wg.logger.Info().Msgf("InterceptPeerDial %s", p.String()) - // _, allow = wg.whitelistedPeers[p] + wg.logger.Info().Msgf("InterceptPeerDial %s", p.String(), wg.disableWhitelist) + if !wg.disableWhitelist { + wg.logger.Info().Msgf("peer allowed", wg.whitelistedPeers[p.String()]) + return wg.whitelistedPeers[p.String()] + } return true } func (wg *WhitelistConnectionGater) InterceptAddrDial(p peer.ID, m maddr.Multiaddr) (allow bool) { - wg.logger.Info().Msgf("InterceptAddrDial %s", p.String()) + wg.logger.Info().Msgf("InterceptAddrDial %s", p.String(), wg.disableWhitelist) + if !wg.disableWhitelist { + wg.logger.Info().Msgf("peer allowed", wg.whitelistedPeers[p.String()]) + return wg.whitelistedPeers[p.String()] + } // Not checking addresses here, just allowing based on peer ID return true } @@ -31,7 +53,11 @@ func (wg *WhitelistConnectionGater) InterceptAccept(network.ConnMultiaddrs) (all } func (wg *WhitelistConnectionGater) InterceptSecured(direction network.Direction, p peer.ID, _ network.ConnMultiaddrs) (allow bool) { - wg.logger.Info().Msgf("InterceptSecured %s", p.String()) + wg.logger.Info().Msgf("InterceptSecured %s", p.String(), wg.disableWhitelist) + if !wg.disableWhitelist { + wg.logger.Info().Msgf("peer allowed", wg.whitelistedPeers[p.String()]) + return wg.whitelistedPeers[p.String()] + } // _, allow = wg.whitelistedPeers[p] return true } diff --git a/tss/tss.go b/tss/tss.go index 953589e..3bce1de 100644 --- a/tss/tss.go +++ b/tss/tss.go @@ -59,6 +59,8 @@ func NewTss( preParams *bkeygen.LocalPreParams, externalIP string, tssPassword string, + whitelistedPeers []string, + disableWhitelist bool, ) (*TssServer, error) { pk := coskey.PubKey{ Key: priKey.PubKey().Bytes()[:], @@ -74,6 +76,10 @@ func NewTss( return nil, fmt.Errorf("fail to create file state manager") } + if !disableWhitelist && (whitelistedPeers == nil || len(whitelistedPeers) == 0) { + return nil, fmt.Errorf("whitelisted peers missing") + } + var bootstrapPeers []maddr.Multiaddr savedPeers, err := stateManager.RetrieveP2PAddresses() if err != nil { @@ -82,7 +88,7 @@ func NewTss( bootstrapPeers = savedPeers bootstrapPeers = append(bootstrapPeers, cmdBootstrapPeers...) } - comm, err := p2p.NewCommunication(rendezvous, bootstrapPeers, p2pPort, externalIP) + comm, err := p2p.NewCommunication(rendezvous, bootstrapPeers, p2pPort, externalIP, whitelistedPeers, disableWhitelist) if err != nil { return nil, fmt.Errorf("fail to create communication layer: %w", err) } From a893c9955d75499384d85987806b05795bb8fab9 Mon Sep 17 00:00:00 2001 From: skosito Date: Tue, 22 Oct 2024 16:14:04 +0200 Subject: [PATCH 07/22] logs --- p2p/whitelist_connection_gater.go | 1 + 1 file changed, 1 insertion(+) diff --git a/p2p/whitelist_connection_gater.go b/p2p/whitelist_connection_gater.go index 8d31ee5..8ee209d 100644 --- a/p2p/whitelist_connection_gater.go +++ b/p2p/whitelist_connection_gater.go @@ -23,6 +23,7 @@ func NewWhitelistConnectionGater(whitelistedPeers []string, disableWhitelist boo } for _, p := range whitelistedPeers { + logger.Info().Msgf("Adding peer %s to whitelist", p) gater.whitelistedPeers[p] = true } From 97ba467b82530890ee2d2d3030e5242eaf9ed296 Mon Sep 17 00:00:00 2001 From: skosito Date: Tue, 22 Oct 2024 17:20:34 +0200 Subject: [PATCH 08/22] ci fixes --- cmd/tss/main.go | 2 ++ keygen/ecdsa/keygen_test.go | 4 ++-- keygen/eddsa/keygen_test.go | 4 ++-- p2p/whitelist_connection_gater.go | 12 ++++++------ tss/tss_4nodes_test.go | 2 +- 5 files changed, 13 insertions(+), 11 deletions(-) diff --git a/cmd/tss/main.go b/cmd/tss/main.go index f458bde..902a348 100644 --- a/cmd/tss/main.go +++ b/cmd/tss/main.go @@ -63,6 +63,8 @@ func main() { nil, p2pConf.ExternalIP, os.Getenv("PASSWORD"), + []string{}, + true, ) if nil != err { log.Fatal(err) diff --git a/keygen/ecdsa/keygen_test.go b/keygen/ecdsa/keygen_test.go index 5093a9d..48302f3 100644 --- a/keygen/ecdsa/keygen_test.go +++ b/keygen/ecdsa/keygen_test.go @@ -118,13 +118,13 @@ func (s *TssECDSAKeygenTestSuite) SetUpTest(c *C) { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) c.Assert(err, IsNil) if i == 0 { - comm, err := p2p.NewCommunication("asgard", nil, ports[i], "") + comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}, true) c.Assert(err, IsNil) c.Assert(comm.Start(buf[:]), IsNil) s.comms[i] = comm continue } - comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "") + comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}, true) c.Assert(err, IsNil) c.Assert(comm.Start(buf[:]), IsNil) s.comms[i] = comm diff --git a/keygen/eddsa/keygen_test.go b/keygen/eddsa/keygen_test.go index 13e6f87..13a14b7 100644 --- a/keygen/eddsa/keygen_test.go +++ b/keygen/eddsa/keygen_test.go @@ -104,13 +104,13 @@ func (s *EddsaKeygenTestSuite) SetUpTest(c *C) { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) c.Assert(err, IsNil) if i == 0 { - comm, err := p2p.NewCommunication("asgard", nil, ports[i], "") + comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}, true) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm continue } - comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "") + comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}, true) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm diff --git a/p2p/whitelist_connection_gater.go b/p2p/whitelist_connection_gater.go index 8ee209d..1d36c01 100644 --- a/p2p/whitelist_connection_gater.go +++ b/p2p/whitelist_connection_gater.go @@ -31,18 +31,18 @@ func NewWhitelistConnectionGater(whitelistedPeers []string, disableWhitelist boo } func (wg *WhitelistConnectionGater) InterceptPeerDial(p peer.ID) (allow bool) { - wg.logger.Info().Msgf("InterceptPeerDial %s", p.String(), wg.disableWhitelist) + wg.logger.Info().Msgf("InterceptPeerDial %s", p.String()) if !wg.disableWhitelist { - wg.logger.Info().Msgf("peer allowed", wg.whitelistedPeers[p.String()]) + wg.logger.Info().Msgf("peer allowed %t", wg.whitelistedPeers[p.String()]) return wg.whitelistedPeers[p.String()] } return true } func (wg *WhitelistConnectionGater) InterceptAddrDial(p peer.ID, m maddr.Multiaddr) (allow bool) { - wg.logger.Info().Msgf("InterceptAddrDial %s", p.String(), wg.disableWhitelist) + wg.logger.Info().Msgf("InterceptAddrDial %s", p.String()) if !wg.disableWhitelist { - wg.logger.Info().Msgf("peer allowed", wg.whitelistedPeers[p.String()]) + wg.logger.Info().Msgf("peer allowed %t", wg.whitelistedPeers[p.String()]) return wg.whitelistedPeers[p.String()] } // Not checking addresses here, just allowing based on peer ID @@ -54,9 +54,9 @@ func (wg *WhitelistConnectionGater) InterceptAccept(network.ConnMultiaddrs) (all } func (wg *WhitelistConnectionGater) InterceptSecured(direction network.Direction, p peer.ID, _ network.ConnMultiaddrs) (allow bool) { - wg.logger.Info().Msgf("InterceptSecured %s", p.String(), wg.disableWhitelist) + wg.logger.Info().Msgf("InterceptSecured %s", p.String()) if !wg.disableWhitelist { - wg.logger.Info().Msgf("peer allowed", wg.whitelistedPeers[p.String()]) + wg.logger.Info().Msgf("peer allowed %t", wg.whitelistedPeers[p.String()]) return wg.whitelistedPeers[p.String()] } // _, allow = wg.whitelistedPeers[p] diff --git a/tss/tss_4nodes_test.go b/tss/tss_4nodes_test.go index be58e52..de7be3e 100644 --- a/tss/tss_4nodes_test.go +++ b/tss/tss_4nodes_test.go @@ -369,7 +369,7 @@ func (s *FourNodeTestSuite) getTssServer(c *C, index int, conf common.TssConfig, } else { peerIDs = nil } - instance, err := NewTss(peerIDs, s.ports[index], priKey, "Asgard", baseHome, conf, s.preParams[index], "", "password") + instance, err := NewTss(peerIDs, s.ports[index], priKey, "Asgard", baseHome, conf, s.preParams[index], "", "password", []string{}, true) c.Assert(err, IsNil) return instance } From 25a51902840d82f4236c228634e339f2f0aa99a7 Mon Sep 17 00:00:00 2001 From: skosito Date: Tue, 22 Oct 2024 17:30:30 +0200 Subject: [PATCH 09/22] tests fixes --- keysign/ecdsa/keysign_old_test.go | 4 ++-- keysign/ecdsa/keysign_test.go | 4 ++-- keysign/eddsa/keysign_test.go | 4 ++-- p2p/communication_test.go | 10 +++++----- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/keysign/ecdsa/keysign_old_test.go b/keysign/ecdsa/keysign_old_test.go index 4211a27..ba96b4b 100644 --- a/keysign/ecdsa/keysign_old_test.go +++ b/keysign/ecdsa/keysign_old_test.go @@ -130,13 +130,13 @@ func (s *TssECDSAKeysignOldTestSuite) SetUpTest(c *C) { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) c.Assert(err, IsNil) if i == 0 { - comm, err := p2p.NewCommunication("asgard", nil, ports[i], "") + comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}, true) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm continue } - comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "") + comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}, true) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm diff --git a/keysign/ecdsa/keysign_test.go b/keysign/ecdsa/keysign_test.go index a8bf7af..64a2161 100644 --- a/keysign/ecdsa/keysign_test.go +++ b/keysign/ecdsa/keysign_test.go @@ -142,13 +142,13 @@ func (s *TssECDSAKeysignTestSuite) SetUpTest(c *C) { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) c.Assert(err, IsNil) if i == 0 { - comm, err := p2p.NewCommunication("asgard", nil, ports[i], "") + comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}, true) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm continue } - comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "") + comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}, true) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm diff --git a/keysign/eddsa/keysign_test.go b/keysign/eddsa/keysign_test.go index 5697a00..aed7df2 100644 --- a/keysign/eddsa/keysign_test.go +++ b/keysign/eddsa/keysign_test.go @@ -140,13 +140,13 @@ func (s *EddsaKeysignTestSuite) SetUpTest(c *C) { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) c.Assert(err, IsNil) if i == 0 { - comm, err := p2p.NewCommunication("asgard", nil, ports[i], "") + comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}, true) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm continue } - comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "") + comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}, true) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm diff --git a/p2p/communication_test.go b/p2p/communication_test.go index 9d77c40..8a24ec8 100644 --- a/p2p/communication_test.go +++ b/p2p/communication_test.go @@ -18,7 +18,7 @@ type CommunicationTestSuite struct{} var _ = Suite(&CommunicationTestSuite{}) func (CommunicationTestSuite) TestBasicCommunication(c *C) { - comm, err := NewCommunication("rendezvous", nil, 6668, "") + comm, err := NewCommunication("rendezvous", nil, 6668, "", []string{}, true) c.Assert(err, IsNil) c.Assert(comm, NotNil) comm.SetSubscribe(messages.TSSKeyGenMsg, "hello", make(chan *Message)) @@ -47,7 +47,7 @@ func (CommunicationTestSuite) TestEstablishP2pCommunication(c *C) { c.Assert(err, IsNil) privKey, err := base64.StdEncoding.DecodeString(bootstrapPrivKey) c.Assert(err, IsNil) - comm, err := NewCommunication("commTest", nil, 2220, fakeExternalIP) + comm, err := NewCommunication("commTest", nil, 2220, fakeExternalIP, []string{}, true) c.Assert(err, IsNil) c.Assert(comm.Start(privKey), IsNil) @@ -55,7 +55,7 @@ func (CommunicationTestSuite) TestEstablishP2pCommunication(c *C) { sk1, _, err := crypto.GenerateSecp256k1Key(rand.Reader) sk1raw, _ := sk1.Raw() c.Assert(err, IsNil) - comm2, err := NewCommunication("commTest", []maddr.Multiaddr{validMultiAddr}, 2221, "") + comm2, err := NewCommunication("commTest", []maddr.Multiaddr{validMultiAddr}, 2221, "", []string{}, true) c.Assert(err, IsNil) err = comm2.Start(sk1raw) c.Assert(err, IsNil) @@ -69,14 +69,14 @@ func (CommunicationTestSuite) TestEstablishP2pCommunication(c *C) { invalidAddr := "/ip4/127.0.0.1/tcp/2220/p2p/" + id.String() invalidMultiAddr, err := maddr.NewMultiaddr(invalidAddr) c.Assert(err, IsNil) - comm3, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr}, 2222, "") + comm3, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr}, 2222, "", []string{}, true) c.Assert(err, IsNil) err = comm3.Start(sk1raw) c.Assert(err, ErrorMatches, "fail to connect to bootstrap peer: fail to connect to any peer") defer comm3.Stop() // we connect to one invalid and one valid address - comm4, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr, validMultiAddr}, 2223, "") + comm4, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr, validMultiAddr}, 2223, "", []string{}, true) c.Assert(err, IsNil) err = comm4.Start(sk1raw) c.Assert(err, IsNil) From db434de5dee367c57cc7091461a7533fbc6ac0e4 Mon Sep 17 00:00:00 2001 From: skosito Date: Tue, 22 Oct 2024 17:39:11 +0200 Subject: [PATCH 10/22] test fixes --- tss/tss_4nodes_zeta_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tss/tss_4nodes_zeta_test.go b/tss/tss_4nodes_zeta_test.go index 208b1c8..c911e44 100644 --- a/tss/tss_4nodes_zeta_test.go +++ b/tss/tss_4nodes_zeta_test.go @@ -234,7 +234,7 @@ func (s *FourNodeScaleZetaSuite) getTssServer(c *C, index int, conf common.TssCo } else { peerIDs = nil } - instance, err := NewTss(peerIDs, s.ports[index], priKey, "Zeta", baseHome, conf, s.preParams[index], "", "password") + instance, err := NewTss(peerIDs, s.ports[index], priKey, "Zeta", baseHome, conf, s.preParams[index], "", "password", []string{}, true) c.Assert(err, IsNil) return instance } From 2738661f73eb4fbc436a8977a25d35be79c2de11 Mon Sep 17 00:00:00 2001 From: skosito Date: Tue, 22 Oct 2024 18:43:14 +0200 Subject: [PATCH 11/22] debug --- p2p/whitelist_connection_gater.go | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/p2p/whitelist_connection_gater.go b/p2p/whitelist_connection_gater.go index 1d36c01..28fe546 100644 --- a/p2p/whitelist_connection_gater.go +++ b/p2p/whitelist_connection_gater.go @@ -1,6 +1,9 @@ package p2p import ( + "fmt" + "strings" + "github.com/libp2p/go-libp2p/core/control" "github.com/libp2p/go-libp2p/core/network" "github.com/rs/zerolog" @@ -40,7 +43,7 @@ func (wg *WhitelistConnectionGater) InterceptPeerDial(p peer.ID) (allow bool) { } func (wg *WhitelistConnectionGater) InterceptAddrDial(p peer.ID, m maddr.Multiaddr) (allow bool) { - wg.logger.Info().Msgf("InterceptAddrDial %s", p.String()) + wg.logger.Info().Msgf("InterceptAddrDial %s %s", p.String(), m.String()) if !wg.disableWhitelist { wg.logger.Info().Msgf("peer allowed %t", wg.whitelistedPeers[p.String()]) return wg.whitelistedPeers[p.String()] @@ -49,12 +52,16 @@ func (wg *WhitelistConnectionGater) InterceptAddrDial(p peer.ID, m maddr.Multiad return true } -func (wg *WhitelistConnectionGater) InterceptAccept(network.ConnMultiaddrs) (allow bool) { +func (wg *WhitelistConnectionGater) InterceptAccept(m network.ConnMultiaddrs) (allow bool) { + hasAllowedPort := hasAllowedPort(m, "6668") + wg.logger.Info().Msgf("InterceptAccept %t", hasAllowedPort) + return true } -func (wg *WhitelistConnectionGater) InterceptSecured(direction network.Direction, p peer.ID, _ network.ConnMultiaddrs) (allow bool) { - wg.logger.Info().Msgf("InterceptSecured %s", p.String()) +func (wg *WhitelistConnectionGater) InterceptSecured(direction network.Direction, p peer.ID, m network.ConnMultiaddrs) (allow bool) { + hasAllowedPort := hasAllowedPort(m, "6668") + wg.logger.Info().Msgf("InterceptSecured %t %s", hasAllowedPort, p.String()) if !wg.disableWhitelist { wg.logger.Info().Msgf("peer allowed %t", wg.whitelistedPeers[p.String()]) return wg.whitelistedPeers[p.String()] @@ -67,3 +74,9 @@ func (wg *WhitelistConnectionGater) InterceptUpgraded(network.Conn) (bool, contr // Allow connection upgrades return true, 0 } + +// Helper function to check if multiaddr has the correct TCP port +func hasAllowedPort(multiaddrs network.ConnMultiaddrs, allowedPort string) bool { + fmt.Println("multiaddrs", multiaddrs.RemoteMultiaddr().String(), multiaddrs.RemoteMultiaddr().Protocols()) + return strings.Contains(multiaddrs.RemoteMultiaddr().String(), "/tcp/"+allowedPort) +} From 69798ef102eae382578725fc82544691fe577e1a Mon Sep 17 00:00:00 2001 From: skosito Date: Wed, 23 Oct 2024 00:30:00 +0200 Subject: [PATCH 12/22] shut down dht instead of removing --- p2p/communication.go | 47 ++++++++++++++++++++++++++++++-------------- 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/p2p/communication.go b/p2p/communication.go index 97cf636..0f00855 100644 --- a/p2p/communication.go +++ b/p2p/communication.go @@ -10,11 +10,14 @@ import ( "time" libp2p "github.com/libp2p/go-libp2p" + dht "github.com/libp2p/go-libp2p-kad-dht" "github.com/libp2p/go-libp2p/core/crypto" "github.com/libp2p/go-libp2p/core/host" "github.com/libp2p/go-libp2p/core/network" "github.com/libp2p/go-libp2p/core/peer" "github.com/libp2p/go-libp2p/core/protocol" + discovery_routing "github.com/libp2p/go-libp2p/p2p/discovery/routing" + discovery_util "github.com/libp2p/go-libp2p/p2p/discovery/util" rcmgr "github.com/libp2p/go-libp2p/p2p/host/resource-manager" "github.com/libp2p/go-libp2p/p2p/net/connmgr" "github.com/libp2p/go-libp2p/p2p/protocol/ping" @@ -252,7 +255,7 @@ func (c *Communication) bootStrapConnectivityCheck() error { } func (c *Communication) startChannel(privKeyBytes []byte) error { - // ctx := context.Background() + ctx := context.Background() p2pPriKey, err := crypto.UnmarshalSecp256k1PrivateKey(privKeyBytes) if err != nil { c.logger.Error().Msgf("error is %f", err) @@ -317,18 +320,18 @@ func (c *Communication) startChannel(privKeyBytes []byte) error { c.host = h c.logger.Info().Msgf("Host created, we are: %s, at: %s", h.ID(), h.Addrs()) h.SetStreamHandler(TSSProtocolID, c.handleStream) - // // Start a DHT, for use in peer discovery. We can't just make a new DHT - // // client because we want each peer to maintain its own local copy of the - // // DHT, so that the bootstrapping node of the DHT can go down without - // // inhibiting future peer discovery. - // kademliaDHT, err := dht.New(ctx, h, dht.Mode(dht.ModeServer)) - // if err != nil { - // return fmt.Errorf("fail to create DHT: %w", err) - // } - // c.logger.Debug().Msg("Bootstrapping the DHT") - // if err = kademliaDHT.Bootstrap(ctx); err != nil { - // return fmt.Errorf("fail to bootstrap DHT: %w", err) - // } + // Start a DHT, for use in peer discovery. We can't just make a new DHT + // client because we want each peer to maintain its own local copy of the + // DHT, so that the bootstrapping node of the DHT can go down without + // inhibiting future peer discovery. + kademliaDHT, err := dht.New(ctx, h, dht.Mode(dht.ModeServer)) + if err != nil { + return fmt.Errorf("fail to create DHT: %w", err) + } + c.logger.Debug().Msg("Bootstrapping the DHT") + if err = kademliaDHT.Bootstrap(ctx); err != nil { + return fmt.Errorf("fail to bootstrap DHT: %w", err) + } var connectionErr error for i := 0; i < 5; i++ { @@ -345,8 +348,22 @@ func (c *Communication) startChannel(privKeyBytes []byte) error { // We use a rendezvous point "meet me here" to announce our location. // This is like telling your friends to meet you at the Eiffel Tower. - // routingDiscovery := discovery_routing.NewRoutingDiscovery(kademliaDHT) - // discovery_util.Advertise(ctx, routingDiscovery, c.rendezvous) + routingDiscovery := discovery_routing.NewRoutingDiscovery(kademliaDHT) + discovery_util.Advertise(ctx, routingDiscovery, c.rendezvous) + + // Create a goroutine to shut down the DHT after 5 minutes + go func() { + select { + case <-time.After(5 * time.Minute): + c.logger.Info().Msg("Closing Kademlia DHT after 5 minutes") + if err := kademliaDHT.Close(); err != nil { + c.logger.Error().Err(err).Msg("Failed to close Kademlia DHT") + } + case <-ctx.Done(): + c.logger.Info().Msg("Context done, not waiting for 5 minutes to close DHT") + } + }() + err = c.bootStrapConnectivityCheck() if err != nil { return err From 26ad436b42a1eeec835ce1b0f3b4fb3c96c6e6eb Mon Sep 17 00:00:00 2001 From: skosito Date: Wed, 23 Oct 2024 21:44:02 +0200 Subject: [PATCH 13/22] whitelist bootstrap peers --- p2p/whitelist_connection_gater.go | 15 +-------------- tss/tss.go | 20 ++++++++++++++++++-- 2 files changed, 19 insertions(+), 16 deletions(-) diff --git a/p2p/whitelist_connection_gater.go b/p2p/whitelist_connection_gater.go index 28fe546..884e9db 100644 --- a/p2p/whitelist_connection_gater.go +++ b/p2p/whitelist_connection_gater.go @@ -1,9 +1,6 @@ package p2p import ( - "fmt" - "strings" - "github.com/libp2p/go-libp2p/core/control" "github.com/libp2p/go-libp2p/core/network" "github.com/rs/zerolog" @@ -53,15 +50,11 @@ func (wg *WhitelistConnectionGater) InterceptAddrDial(p peer.ID, m maddr.Multiad } func (wg *WhitelistConnectionGater) InterceptAccept(m network.ConnMultiaddrs) (allow bool) { - hasAllowedPort := hasAllowedPort(m, "6668") - wg.logger.Info().Msgf("InterceptAccept %t", hasAllowedPort) - return true } func (wg *WhitelistConnectionGater) InterceptSecured(direction network.Direction, p peer.ID, m network.ConnMultiaddrs) (allow bool) { - hasAllowedPort := hasAllowedPort(m, "6668") - wg.logger.Info().Msgf("InterceptSecured %t %s", hasAllowedPort, p.String()) + wg.logger.Info().Msgf("InterceptSecured %s", p.String()) if !wg.disableWhitelist { wg.logger.Info().Msgf("peer allowed %t", wg.whitelistedPeers[p.String()]) return wg.whitelistedPeers[p.String()] @@ -74,9 +67,3 @@ func (wg *WhitelistConnectionGater) InterceptUpgraded(network.Conn) (bool, contr // Allow connection upgrades return true, 0 } - -// Helper function to check if multiaddr has the correct TCP port -func hasAllowedPort(multiaddrs network.ConnMultiaddrs, allowedPort string) bool { - fmt.Println("multiaddrs", multiaddrs.RemoteMultiaddr().String(), multiaddrs.RemoteMultiaddr().Protocols()) - return strings.Contains(multiaddrs.RemoteMultiaddr().String(), "/tcp/"+allowedPort) -} diff --git a/tss/tss.go b/tss/tss.go index 3bce1de..a76cfce 100644 --- a/tss/tss.go +++ b/tss/tss.go @@ -76,7 +76,7 @@ func NewTss( return nil, fmt.Errorf("fail to create file state manager") } - if !disableWhitelist && (whitelistedPeers == nil || len(whitelistedPeers) == 0) { + if !disableWhitelist && len(whitelistedPeers) == 0 { return nil, fmt.Errorf("whitelisted peers missing") } @@ -88,7 +88,23 @@ func NewTss( bootstrapPeers = savedPeers bootstrapPeers = append(bootstrapPeers, cmdBootstrapPeers...) } - comm, err := p2p.NewCommunication(rendezvous, bootstrapPeers, p2pPort, externalIP, whitelistedPeers, disableWhitelist) + + // TODO: make this cleaner + var whitelistedBootstrapPeers []maddr.Multiaddr + for _, b := range bootstrapPeers { + peer, err := peer.AddrInfoFromP2pAddr(b) + if err != nil { + return nil, err + } + + for _, w := range whitelistedPeers { + if w == peer.ID.String() { + whitelistedBootstrapPeers = append(whitelistedBootstrapPeers, b) + } + } + } + + comm, err := p2p.NewCommunication(rendezvous, whitelistedBootstrapPeers, p2pPort, externalIP, whitelistedPeers, disableWhitelist) if err != nil { return nil, fmt.Errorf("fail to create communication layer: %w", err) } From f40fec610ee38bc9cd93fb6a8b4aae95ebc806d3 Mon Sep 17 00:00:00 2001 From: skosito Date: Wed, 23 Oct 2024 23:21:05 +0200 Subject: [PATCH 14/22] cleanup disableWhitelist flag --- cmd/tss/main.go | 1 - keygen/ecdsa/keygen_test.go | 4 ++-- keygen/eddsa/keygen_test.go | 4 ++-- keysign/ecdsa/keysign_old_test.go | 4 ++-- keysign/ecdsa/keysign_test.go | 4 ++-- keysign/eddsa/keysign_test.go | 4 ++-- p2p/communication.go | 18 +------------- p2p/communication_test.go | 10 ++++---- p2p/whitelist_connection_gater.go | 40 +++++++++++++------------------ tss/tss.go | 5 ++-- tss/tss_4nodes_test.go | 2 +- tss/tss_4nodes_zeta_test.go | 2 +- 12 files changed, 37 insertions(+), 61 deletions(-) diff --git a/cmd/tss/main.go b/cmd/tss/main.go index 902a348..b16ad27 100644 --- a/cmd/tss/main.go +++ b/cmd/tss/main.go @@ -64,7 +64,6 @@ func main() { p2pConf.ExternalIP, os.Getenv("PASSWORD"), []string{}, - true, ) if nil != err { log.Fatal(err) diff --git a/keygen/ecdsa/keygen_test.go b/keygen/ecdsa/keygen_test.go index 48302f3..01400e4 100644 --- a/keygen/ecdsa/keygen_test.go +++ b/keygen/ecdsa/keygen_test.go @@ -118,13 +118,13 @@ func (s *TssECDSAKeygenTestSuite) SetUpTest(c *C) { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) c.Assert(err, IsNil) if i == 0 { - comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}, true) + comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}) c.Assert(err, IsNil) c.Assert(comm.Start(buf[:]), IsNil) s.comms[i] = comm continue } - comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}, true) + comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}) c.Assert(err, IsNil) c.Assert(comm.Start(buf[:]), IsNil) s.comms[i] = comm diff --git a/keygen/eddsa/keygen_test.go b/keygen/eddsa/keygen_test.go index 13a14b7..1c4cdb5 100644 --- a/keygen/eddsa/keygen_test.go +++ b/keygen/eddsa/keygen_test.go @@ -104,13 +104,13 @@ func (s *EddsaKeygenTestSuite) SetUpTest(c *C) { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) c.Assert(err, IsNil) if i == 0 { - comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}, true) + comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm continue } - comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}, true) + comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm diff --git a/keysign/ecdsa/keysign_old_test.go b/keysign/ecdsa/keysign_old_test.go index ba96b4b..162b19b 100644 --- a/keysign/ecdsa/keysign_old_test.go +++ b/keysign/ecdsa/keysign_old_test.go @@ -130,13 +130,13 @@ func (s *TssECDSAKeysignOldTestSuite) SetUpTest(c *C) { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) c.Assert(err, IsNil) if i == 0 { - comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}, true) + comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm continue } - comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}, true) + comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm diff --git a/keysign/ecdsa/keysign_test.go b/keysign/ecdsa/keysign_test.go index 64a2161..2e5efd9 100644 --- a/keysign/ecdsa/keysign_test.go +++ b/keysign/ecdsa/keysign_test.go @@ -142,13 +142,13 @@ func (s *TssECDSAKeysignTestSuite) SetUpTest(c *C) { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) c.Assert(err, IsNil) if i == 0 { - comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}, true) + comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm continue } - comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}, true) + comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm diff --git a/keysign/eddsa/keysign_test.go b/keysign/eddsa/keysign_test.go index aed7df2..6a623f5 100644 --- a/keysign/eddsa/keysign_test.go +++ b/keysign/eddsa/keysign_test.go @@ -140,13 +140,13 @@ func (s *EddsaKeysignTestSuite) SetUpTest(c *C) { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) c.Assert(err, IsNil) if i == 0 { - comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}, true) + comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm continue } - comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}, true) + comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm diff --git a/p2p/communication.go b/p2p/communication.go index 0f00855..6900999 100644 --- a/p2p/communication.go +++ b/p2p/communication.go @@ -63,7 +63,6 @@ type Communication struct { externalAddr maddr.Multiaddr streamMgr *StreamMgr whitelistedPeers []string - disableWhitelist bool } // NewCommunication create a new instance of Communication @@ -73,7 +72,6 @@ func NewCommunication( port int, externalIP string, whitelistedPeers []string, - disableWhitelist bool, ) (*Communication, error) { addr, err := maddr.NewMultiaddr(fmt.Sprintf("/ip4/0.0.0.0/tcp/%d", port)) if err != nil { @@ -100,7 +98,6 @@ func NewCommunication( externalAddr: externalAddr, streamMgr: NewStreamMgr(), whitelistedPeers: whitelistedPeers, - disableWhitelist: disableWhitelist, }, nil } @@ -312,7 +309,7 @@ func (c *Communication) startChannel(privKeyBytes []byte) error { libp2p.AddrsFactory(addressFactory), libp2p.ResourceManager(m), libp2p.ConnectionManager(cmgr), - libp2p.ConnectionGater(NewWhitelistConnectionGater(c.whitelistedPeers, c.disableWhitelist, c.logger)), + libp2p.ConnectionGater(NewWhitelistConnectionGater(c.whitelistedPeers, c.logger)), ) if err != nil { return fmt.Errorf("fail to create p2p host: %w", err) @@ -351,19 +348,6 @@ func (c *Communication) startChannel(privKeyBytes []byte) error { routingDiscovery := discovery_routing.NewRoutingDiscovery(kademliaDHT) discovery_util.Advertise(ctx, routingDiscovery, c.rendezvous) - // Create a goroutine to shut down the DHT after 5 minutes - go func() { - select { - case <-time.After(5 * time.Minute): - c.logger.Info().Msg("Closing Kademlia DHT after 5 minutes") - if err := kademliaDHT.Close(); err != nil { - c.logger.Error().Err(err).Msg("Failed to close Kademlia DHT") - } - case <-ctx.Done(): - c.logger.Info().Msg("Context done, not waiting for 5 minutes to close DHT") - } - }() - err = c.bootStrapConnectivityCheck() if err != nil { return err diff --git a/p2p/communication_test.go b/p2p/communication_test.go index 8a24ec8..9231407 100644 --- a/p2p/communication_test.go +++ b/p2p/communication_test.go @@ -18,7 +18,7 @@ type CommunicationTestSuite struct{} var _ = Suite(&CommunicationTestSuite{}) func (CommunicationTestSuite) TestBasicCommunication(c *C) { - comm, err := NewCommunication("rendezvous", nil, 6668, "", []string{}, true) + comm, err := NewCommunication("rendezvous", nil, 6668, "", []string{}) c.Assert(err, IsNil) c.Assert(comm, NotNil) comm.SetSubscribe(messages.TSSKeyGenMsg, "hello", make(chan *Message)) @@ -47,7 +47,7 @@ func (CommunicationTestSuite) TestEstablishP2pCommunication(c *C) { c.Assert(err, IsNil) privKey, err := base64.StdEncoding.DecodeString(bootstrapPrivKey) c.Assert(err, IsNil) - comm, err := NewCommunication("commTest", nil, 2220, fakeExternalIP, []string{}, true) + comm, err := NewCommunication("commTest", nil, 2220, fakeExternalIP, []string{}) c.Assert(err, IsNil) c.Assert(comm.Start(privKey), IsNil) @@ -55,7 +55,7 @@ func (CommunicationTestSuite) TestEstablishP2pCommunication(c *C) { sk1, _, err := crypto.GenerateSecp256k1Key(rand.Reader) sk1raw, _ := sk1.Raw() c.Assert(err, IsNil) - comm2, err := NewCommunication("commTest", []maddr.Multiaddr{validMultiAddr}, 2221, "", []string{}, true) + comm2, err := NewCommunication("commTest", []maddr.Multiaddr{validMultiAddr}, 2221, "", []string{}) c.Assert(err, IsNil) err = comm2.Start(sk1raw) c.Assert(err, IsNil) @@ -69,14 +69,14 @@ func (CommunicationTestSuite) TestEstablishP2pCommunication(c *C) { invalidAddr := "/ip4/127.0.0.1/tcp/2220/p2p/" + id.String() invalidMultiAddr, err := maddr.NewMultiaddr(invalidAddr) c.Assert(err, IsNil) - comm3, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr}, 2222, "", []string{}, true) + comm3, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr}, 2222, "", []string{}) c.Assert(err, IsNil) err = comm3.Start(sk1raw) c.Assert(err, ErrorMatches, "fail to connect to bootstrap peer: fail to connect to any peer") defer comm3.Stop() // we connect to one invalid and one valid address - comm4, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr, validMultiAddr}, 2223, "", []string{}, true) + comm4, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr, validMultiAddr}, 2223, "", []string{}) c.Assert(err, IsNil) err = comm4.Start(sk1raw) c.Assert(err, IsNil) diff --git a/p2p/whitelist_connection_gater.go b/p2p/whitelist_connection_gater.go index 884e9db..e9e0ba7 100644 --- a/p2p/whitelist_connection_gater.go +++ b/p2p/whitelist_connection_gater.go @@ -12,12 +12,10 @@ import ( type WhitelistConnectionGater struct { whitelistedPeers map[string]bool logger zerolog.Logger - disableWhitelist bool } -func NewWhitelistConnectionGater(whitelistedPeers []string, disableWhitelist bool, logger zerolog.Logger) *WhitelistConnectionGater { +func NewWhitelistConnectionGater(whitelistedPeers []string, logger zerolog.Logger) *WhitelistConnectionGater { gater := &WhitelistConnectionGater{ - disableWhitelist: disableWhitelist, logger: logger, whitelistedPeers: make(map[string]bool), } @@ -31,22 +29,11 @@ func NewWhitelistConnectionGater(whitelistedPeers []string, disableWhitelist boo } func (wg *WhitelistConnectionGater) InterceptPeerDial(p peer.ID) (allow bool) { - wg.logger.Info().Msgf("InterceptPeerDial %s", p.String()) - if !wg.disableWhitelist { - wg.logger.Info().Msgf("peer allowed %t", wg.whitelistedPeers[p.String()]) - return wg.whitelistedPeers[p.String()] - } - return true + return wg.peerAllowed("InterceptPeerDial", p.String()) } func (wg *WhitelistConnectionGater) InterceptAddrDial(p peer.ID, m maddr.Multiaddr) (allow bool) { - wg.logger.Info().Msgf("InterceptAddrDial %s %s", p.String(), m.String()) - if !wg.disableWhitelist { - wg.logger.Info().Msgf("peer allowed %t", wg.whitelistedPeers[p.String()]) - return wg.whitelistedPeers[p.String()] - } - // Not checking addresses here, just allowing based on peer ID - return true + return wg.peerAllowed("InterceptAddrDial", p.String()) } func (wg *WhitelistConnectionGater) InterceptAccept(m network.ConnMultiaddrs) (allow bool) { @@ -54,16 +41,23 @@ func (wg *WhitelistConnectionGater) InterceptAccept(m network.ConnMultiaddrs) (a } func (wg *WhitelistConnectionGater) InterceptSecured(direction network.Direction, p peer.ID, m network.ConnMultiaddrs) (allow bool) { - wg.logger.Info().Msgf("InterceptSecured %s", p.String()) - if !wg.disableWhitelist { - wg.logger.Info().Msgf("peer allowed %t", wg.whitelistedPeers[p.String()]) - return wg.whitelistedPeers[p.String()] - } - // _, allow = wg.whitelistedPeers[p] - return true + return wg.peerAllowed("InterceptSecured", p.String()) } func (wg *WhitelistConnectionGater) InterceptUpgraded(network.Conn) (bool, control.DisconnectReason) { // Allow connection upgrades return true, 0 } + +func (wg *WhitelistConnectionGater) peerAllowed(p string, interceptor string) bool { + allowed := wg.whitelistedPeers[p] + + if allowed { + // TODO: switch to debug + wg.logger.Info().Msgf("%s: peer %s allowed", interceptor, p) + } else { + wg.logger.Info().Msgf("%s: peer %s denied", interceptor, p) + } + + return allowed +} diff --git a/tss/tss.go b/tss/tss.go index a76cfce..53f773d 100644 --- a/tss/tss.go +++ b/tss/tss.go @@ -60,7 +60,6 @@ func NewTss( externalIP string, tssPassword string, whitelistedPeers []string, - disableWhitelist bool, ) (*TssServer, error) { pk := coskey.PubKey{ Key: priKey.PubKey().Bytes()[:], @@ -76,7 +75,7 @@ func NewTss( return nil, fmt.Errorf("fail to create file state manager") } - if !disableWhitelist && len(whitelistedPeers) == 0 { + if len(whitelistedPeers) == 0 { return nil, fmt.Errorf("whitelisted peers missing") } @@ -104,7 +103,7 @@ func NewTss( } } - comm, err := p2p.NewCommunication(rendezvous, whitelistedBootstrapPeers, p2pPort, externalIP, whitelistedPeers, disableWhitelist) + comm, err := p2p.NewCommunication(rendezvous, whitelistedBootstrapPeers, p2pPort, externalIP, whitelistedPeers) if err != nil { return nil, fmt.Errorf("fail to create communication layer: %w", err) } diff --git a/tss/tss_4nodes_test.go b/tss/tss_4nodes_test.go index de7be3e..f3833b7 100644 --- a/tss/tss_4nodes_test.go +++ b/tss/tss_4nodes_test.go @@ -369,7 +369,7 @@ func (s *FourNodeTestSuite) getTssServer(c *C, index int, conf common.TssConfig, } else { peerIDs = nil } - instance, err := NewTss(peerIDs, s.ports[index], priKey, "Asgard", baseHome, conf, s.preParams[index], "", "password", []string{}, true) + instance, err := NewTss(peerIDs, s.ports[index], priKey, "Asgard", baseHome, conf, s.preParams[index], "", "password", []string{}) c.Assert(err, IsNil) return instance } diff --git a/tss/tss_4nodes_zeta_test.go b/tss/tss_4nodes_zeta_test.go index c911e44..f35ab0c 100644 --- a/tss/tss_4nodes_zeta_test.go +++ b/tss/tss_4nodes_zeta_test.go @@ -234,7 +234,7 @@ func (s *FourNodeScaleZetaSuite) getTssServer(c *C, index int, conf common.TssCo } else { peerIDs = nil } - instance, err := NewTss(peerIDs, s.ports[index], priKey, "Zeta", baseHome, conf, s.preParams[index], "", "password", []string{}, true) + instance, err := NewTss(peerIDs, s.ports[index], priKey, "Zeta", baseHome, conf, s.preParams[index], "", "password", []string{}) c.Assert(err, IsNil) return instance } From b70c068fd2227063da8bce611eb561fc7eafe4b0 Mon Sep 17 00:00:00 2001 From: skosito Date: Wed, 23 Oct 2024 23:53:00 +0200 Subject: [PATCH 15/22] move pubkey to peerid to conversion --- conversion/conversion.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/conversion/conversion.go b/conversion/conversion.go index 8024306..02f390b 100644 --- a/conversion/conversion.go +++ b/conversion/conversion.go @@ -18,6 +18,7 @@ import ( coseddkey "github.com/cosmos/cosmos-sdk/crypto/keys/ed25519" coskey "github.com/cosmos/cosmos-sdk/crypto/keys/secp256k1" "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/bech32/legacybech32" sdk "github.com/cosmos/cosmos-sdk/types/bech32/legacybech32" crypto2 "github.com/libp2p/go-libp2p/core/crypto" "github.com/libp2p/go-libp2p/core/peer" @@ -212,3 +213,15 @@ func GetEDDSAPrivateKeyRawBytes(privateKey crypto2.PrivKey) ([]byte, error) { copy(keyBytesArray[:], pk[:]) return keyBytesArray[:], nil } + +func Bech32PubkeyToPeerID(pubKey string) (peer.ID, error) { + bech32PubKey, err := legacybech32.UnmarshalPubKey(legacybech32.AccPK, pubKey) + if err != nil { + return "", err + } + secp256k1PubKey, err := crypto2.UnmarshalSecp256k1PublicKey(bech32PubKey.Bytes()) + if err != nil { + return "", err + } + return peer.IDFromPublicKey(secp256k1PubKey) +} From 1a7b79b89b48f58569b39d6db0984770869d204c Mon Sep 17 00:00:00 2001 From: skosito Date: Thu, 24 Oct 2024 00:38:03 +0200 Subject: [PATCH 16/22] fix peerAllowed bug... --- p2p/whitelist_connection_gater.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/p2p/whitelist_connection_gater.go b/p2p/whitelist_connection_gater.go index e9e0ba7..558d8d5 100644 --- a/p2p/whitelist_connection_gater.go +++ b/p2p/whitelist_connection_gater.go @@ -49,7 +49,7 @@ func (wg *WhitelistConnectionGater) InterceptUpgraded(network.Conn) (bool, contr return true, 0 } -func (wg *WhitelistConnectionGater) peerAllowed(p string, interceptor string) bool { +func (wg *WhitelistConnectionGater) peerAllowed(interceptor, p string) bool { allowed := wg.whitelistedPeers[p] if allowed { From 9ce4a783935dee76ce7afa82ad9442feac286d4f Mon Sep 17 00:00:00 2001 From: skosito Date: Thu, 24 Oct 2024 01:13:49 +0200 Subject: [PATCH 17/22] use whitelisted peers in tests --- keygen/ecdsa/keygen_test.go | 10 ++++++++-- keygen/eddsa/keygen_test.go | 10 ++++++++-- keysign/ecdsa/keysign_old_test.go | 10 ++++++++-- keysign/ecdsa/keysign_test.go | 11 +++++++++-- keysign/eddsa/keysign_test.go | 10 ++++++++-- tss/tss_4nodes_test.go | 8 +++++++- tss/tss_4nodes_zeta_test.go | 8 +++++++- 7 files changed, 55 insertions(+), 12 deletions(-) diff --git a/keygen/ecdsa/keygen_test.go b/keygen/ecdsa/keygen_test.go index 01400e4..c87f667 100644 --- a/keygen/ecdsa/keygen_test.go +++ b/keygen/ecdsa/keygen_test.go @@ -114,17 +114,23 @@ func (s *TssECDSAKeygenTestSuite) SetUpTest(c *C) { multiAddr, err := maddr.NewMultiaddr(bootstrapPeer) c.Assert(err, IsNil) s.preParams = getPreparams(c) + whitelistedPeers := []string{} + for _, pk := range testPubKeys { + peer, err := conversion.Bech32PubkeyToPeerID(pk) + c.Assert(err, IsNil) + whitelistedPeers = append(whitelistedPeers, peer.String()) + } for i := 0; i < s.partyNum; i++ { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) c.Assert(err, IsNil) if i == 0 { - comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}) + comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", whitelistedPeers) c.Assert(err, IsNil) c.Assert(comm.Start(buf[:]), IsNil) s.comms[i] = comm continue } - comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}) + comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", whitelistedPeers) c.Assert(err, IsNil) c.Assert(comm.Start(buf[:]), IsNil) s.comms[i] = comm diff --git a/keygen/eddsa/keygen_test.go b/keygen/eddsa/keygen_test.go index 1c4cdb5..7b84ccb 100644 --- a/keygen/eddsa/keygen_test.go +++ b/keygen/eddsa/keygen_test.go @@ -100,17 +100,23 @@ func (s *EddsaKeygenTestSuite) SetUpTest(c *C) { bootstrapPeer := "/ip4/127.0.0.1/tcp/19666/p2p/16Uiu2HAm4TmEzUqy3q3Dv7HvdoSboHk5sFj2FH3npiN5vDbJC6gh" multiAddr, err := maddr.NewMultiaddr(bootstrapPeer) c.Assert(err, IsNil) + whitelistedPeers := []string{} + for _, pk := range testPubKeys { + peer, err := conversion.Bech32PubkeyToPeerID(pk) + c.Assert(err, IsNil) + whitelistedPeers = append(whitelistedPeers, peer.String()) + } for i := 0; i < s.partyNum; i++ { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) c.Assert(err, IsNil) if i == 0 { - comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}) + comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", whitelistedPeers) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm continue } - comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}) + comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", whitelistedPeers) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm diff --git a/keysign/ecdsa/keysign_old_test.go b/keysign/ecdsa/keysign_old_test.go index 162b19b..3a8fa4c 100644 --- a/keysign/ecdsa/keysign_old_test.go +++ b/keysign/ecdsa/keysign_old_test.go @@ -126,17 +126,23 @@ func (s *TssECDSAKeysignOldTestSuite) SetUpTest(c *C) { bootstrapPeer := "/ip4/127.0.0.1/tcp/17666/p2p/16Uiu2HAm4TmEzUqy3q3Dv7HvdoSboHk5sFj2FH3npiN5vDbJC6gh" multiAddr, err := maddr.NewMultiaddr(bootstrapPeer) c.Assert(err, IsNil) + whitelistedPeers := []string{} + for _, pk := range testPubKeys { + peer, err := conversion.Bech32PubkeyToPeerID(pk) + c.Assert(err, IsNil) + whitelistedPeers = append(whitelistedPeers, peer.String()) + } for i := 0; i < s.partyNum; i++ { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) c.Assert(err, IsNil) if i == 0 { - comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}) + comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", whitelistedPeers) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm continue } - comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}) + comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", whitelistedPeers) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm diff --git a/keysign/ecdsa/keysign_test.go b/keysign/ecdsa/keysign_test.go index 2e5efd9..48901fe 100644 --- a/keysign/ecdsa/keysign_test.go +++ b/keysign/ecdsa/keysign_test.go @@ -138,17 +138,24 @@ func (s *TssECDSAKeysignTestSuite) SetUpTest(c *C) { bootstrapPeer := "/ip4/127.0.0.1/tcp/17666/p2p/16Uiu2HAm4TmEzUqy3q3Dv7HvdoSboHk5sFj2FH3npiN5vDbJC6gh" multiAddr, err := maddr.NewMultiaddr(bootstrapPeer) c.Assert(err, IsNil) + + whitelistedPeers := []string{} + for _, pk := range testPubKeys { + peer, err := conversion.Bech32PubkeyToPeerID(pk) + c.Assert(err, IsNil) + whitelistedPeers = append(whitelistedPeers, peer.String()) + } for i := 0; i < s.partyNum; i++ { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) c.Assert(err, IsNil) if i == 0 { - comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}) + comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", whitelistedPeers) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm continue } - comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}) + comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", whitelistedPeers) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm diff --git a/keysign/eddsa/keysign_test.go b/keysign/eddsa/keysign_test.go index 6a623f5..2fbe0e4 100644 --- a/keysign/eddsa/keysign_test.go +++ b/keysign/eddsa/keysign_test.go @@ -136,17 +136,23 @@ func (s *EddsaKeysignTestSuite) SetUpTest(c *C) { bootstrapPeer := "/ip4/127.0.0.1/tcp/15666/p2p/16Uiu2HAm4TmEzUqy3q3Dv7HvdoSboHk5sFj2FH3npiN5vDbJC6gh" multiAddr, err := maddr.NewMultiaddr(bootstrapPeer) c.Assert(err, IsNil) + whitelistedPeers := []string{} + for _, pk := range testPubKeys { + peer, err := conversion.Bech32PubkeyToPeerID(pk) + c.Assert(err, IsNil) + whitelistedPeers = append(whitelistedPeers, peer.String()) + } for i := 0; i < s.partyNum; i++ { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) c.Assert(err, IsNil) if i == 0 { - comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", []string{}) + comm, err := p2p.NewCommunication("asgard", nil, ports[i], "", whitelistedPeers) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm continue } - comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", []string{}) + comm, err := p2p.NewCommunication("asgard", []maddr.Multiaddr{multiAddr}, ports[i], "", whitelistedPeers) c.Assert(err, IsNil) c.Assert(comm.Start(buf), IsNil) s.comms[i] = comm diff --git a/tss/tss_4nodes_test.go b/tss/tss_4nodes_test.go index f3833b7..2e51402 100644 --- a/tss/tss_4nodes_test.go +++ b/tss/tss_4nodes_test.go @@ -369,7 +369,13 @@ func (s *FourNodeTestSuite) getTssServer(c *C, index int, conf common.TssConfig, } else { peerIDs = nil } - instance, err := NewTss(peerIDs, s.ports[index], priKey, "Asgard", baseHome, conf, s.preParams[index], "", "password", []string{}) + whitelistedPeers := []string{} + for _, pk := range testPubKeys { + peer, err := conversion.Bech32PubkeyToPeerID(pk) + c.Assert(err, IsNil) + whitelistedPeers = append(whitelistedPeers, peer.String()) + } + instance, err := NewTss(peerIDs, s.ports[index], priKey, "Asgard", baseHome, conf, s.preParams[index], "", "password", whitelistedPeers) c.Assert(err, IsNil) return instance } diff --git a/tss/tss_4nodes_zeta_test.go b/tss/tss_4nodes_zeta_test.go index f35ab0c..c205641 100644 --- a/tss/tss_4nodes_zeta_test.go +++ b/tss/tss_4nodes_zeta_test.go @@ -234,7 +234,13 @@ func (s *FourNodeScaleZetaSuite) getTssServer(c *C, index int, conf common.TssCo } else { peerIDs = nil } - instance, err := NewTss(peerIDs, s.ports[index], priKey, "Zeta", baseHome, conf, s.preParams[index], "", "password", []string{}) + whitelistedPeers := []string{} + for _, pk := range testPubKeys { + peer, err := conversion.Bech32PubkeyToPeerID(pk) + c.Assert(err, IsNil) + whitelistedPeers = append(whitelistedPeers, peer.String()) + } + instance, err := NewTss(peerIDs, s.ports[index], priKey, "Zeta", baseHome, conf, s.preParams[index], "", "password", whitelistedPeers) c.Assert(err, IsNil) return instance } From e2c887883a55c8abcf17296d19fb176f8f01748a Mon Sep 17 00:00:00 2001 From: skosito Date: Thu, 24 Oct 2024 01:18:22 +0200 Subject: [PATCH 18/22] cleanup --- tss/tss.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/tss/tss.go b/tss/tss.go index 53f773d..fd49d8d 100644 --- a/tss/tss.go +++ b/tss/tss.go @@ -88,7 +88,10 @@ func NewTss( bootstrapPeers = append(bootstrapPeers, cmdBootstrapPeers...) } - // TODO: make this cleaner + whitelistedPeerSet := make(map[string]bool) + for _, w := range whitelistedPeers { + whitelistedPeerSet[w] = true + } var whitelistedBootstrapPeers []maddr.Multiaddr for _, b := range bootstrapPeers { peer, err := peer.AddrInfoFromP2pAddr(b) @@ -96,10 +99,8 @@ func NewTss( return nil, err } - for _, w := range whitelistedPeers { - if w == peer.ID.String() { - whitelistedBootstrapPeers = append(whitelistedBootstrapPeers, b) - } + if whitelistedPeerSet[peer.ID.String()] { + whitelistedBootstrapPeers = append(whitelistedBootstrapPeers, b) } } From 8938bc1e1b9891ae2008a567c7564bb25f52b10d Mon Sep 17 00:00:00 2001 From: skosito Date: Thu, 24 Oct 2024 02:32:45 +0200 Subject: [PATCH 19/22] PR comment --- cmd/tss/main.go | 3 ++- keygen/ecdsa/keygen_test.go | 4 ++-- keygen/eddsa/keygen_test.go | 4 ++-- keysign/ecdsa/keysign_old_test.go | 4 ++-- keysign/ecdsa/keysign_test.go | 4 ++-- keysign/eddsa/keysign_test.go | 4 ++-- p2p/communication.go | 4 ++-- p2p/communication_test.go | 10 ++++----- p2p/whitelist_connection_gater.go | 36 ++++++++++++++++++++++--------- tss/tss.go | 6 +++--- tss/tss_4nodes_test.go | 5 +++-- tss/tss_4nodes_zeta_test.go | 5 +++-- 12 files changed, 54 insertions(+), 35 deletions(-) diff --git a/cmd/tss/main.go b/cmd/tss/main.go index b16ad27..9fa47f0 100644 --- a/cmd/tss/main.go +++ b/cmd/tss/main.go @@ -12,6 +12,7 @@ import ( "github.com/cosmos/cosmos-sdk/client/input" golog "github.com/ipfs/go-log" + "github.com/libp2p/go-libp2p/core/peer" "gitlab.com/thorchain/tss/go-tss/common" "gitlab.com/thorchain/tss/go-tss/conversion" @@ -63,7 +64,7 @@ func main() { nil, p2pConf.ExternalIP, os.Getenv("PASSWORD"), - []string{}, + []peer.ID{}, ) if nil != err { log.Fatal(err) diff --git a/keygen/ecdsa/keygen_test.go b/keygen/ecdsa/keygen_test.go index c87f667..f13e123 100644 --- a/keygen/ecdsa/keygen_test.go +++ b/keygen/ecdsa/keygen_test.go @@ -114,11 +114,11 @@ func (s *TssECDSAKeygenTestSuite) SetUpTest(c *C) { multiAddr, err := maddr.NewMultiaddr(bootstrapPeer) c.Assert(err, IsNil) s.preParams = getPreparams(c) - whitelistedPeers := []string{} + whitelistedPeers := []peer.ID{} for _, pk := range testPubKeys { peer, err := conversion.Bech32PubkeyToPeerID(pk) c.Assert(err, IsNil) - whitelistedPeers = append(whitelistedPeers, peer.String()) + whitelistedPeers = append(whitelistedPeers, peer) } for i := 0; i < s.partyNum; i++ { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) diff --git a/keygen/eddsa/keygen_test.go b/keygen/eddsa/keygen_test.go index 7b84ccb..e0bb06a 100644 --- a/keygen/eddsa/keygen_test.go +++ b/keygen/eddsa/keygen_test.go @@ -100,11 +100,11 @@ func (s *EddsaKeygenTestSuite) SetUpTest(c *C) { bootstrapPeer := "/ip4/127.0.0.1/tcp/19666/p2p/16Uiu2HAm4TmEzUqy3q3Dv7HvdoSboHk5sFj2FH3npiN5vDbJC6gh" multiAddr, err := maddr.NewMultiaddr(bootstrapPeer) c.Assert(err, IsNil) - whitelistedPeers := []string{} + whitelistedPeers := []peer.ID{} for _, pk := range testPubKeys { peer, err := conversion.Bech32PubkeyToPeerID(pk) c.Assert(err, IsNil) - whitelistedPeers = append(whitelistedPeers, peer.String()) + whitelistedPeers = append(whitelistedPeers, peer) } for i := 0; i < s.partyNum; i++ { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) diff --git a/keysign/ecdsa/keysign_old_test.go b/keysign/ecdsa/keysign_old_test.go index 3a8fa4c..e41f34d 100644 --- a/keysign/ecdsa/keysign_old_test.go +++ b/keysign/ecdsa/keysign_old_test.go @@ -126,11 +126,11 @@ func (s *TssECDSAKeysignOldTestSuite) SetUpTest(c *C) { bootstrapPeer := "/ip4/127.0.0.1/tcp/17666/p2p/16Uiu2HAm4TmEzUqy3q3Dv7HvdoSboHk5sFj2FH3npiN5vDbJC6gh" multiAddr, err := maddr.NewMultiaddr(bootstrapPeer) c.Assert(err, IsNil) - whitelistedPeers := []string{} + whitelistedPeers := []peer.ID{} for _, pk := range testPubKeys { peer, err := conversion.Bech32PubkeyToPeerID(pk) c.Assert(err, IsNil) - whitelistedPeers = append(whitelistedPeers, peer.String()) + whitelistedPeers = append(whitelistedPeers, peer) } for i := 0; i < s.partyNum; i++ { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) diff --git a/keysign/ecdsa/keysign_test.go b/keysign/ecdsa/keysign_test.go index 48901fe..546eea4 100644 --- a/keysign/ecdsa/keysign_test.go +++ b/keysign/ecdsa/keysign_test.go @@ -139,11 +139,11 @@ func (s *TssECDSAKeysignTestSuite) SetUpTest(c *C) { multiAddr, err := maddr.NewMultiaddr(bootstrapPeer) c.Assert(err, IsNil) - whitelistedPeers := []string{} + whitelistedPeers := []peer.ID{} for _, pk := range testPubKeys { peer, err := conversion.Bech32PubkeyToPeerID(pk) c.Assert(err, IsNil) - whitelistedPeers = append(whitelistedPeers, peer.String()) + whitelistedPeers = append(whitelistedPeers, peer) } for i := 0; i < s.partyNum; i++ { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) diff --git a/keysign/eddsa/keysign_test.go b/keysign/eddsa/keysign_test.go index 2fbe0e4..b122479 100644 --- a/keysign/eddsa/keysign_test.go +++ b/keysign/eddsa/keysign_test.go @@ -136,11 +136,11 @@ func (s *EddsaKeysignTestSuite) SetUpTest(c *C) { bootstrapPeer := "/ip4/127.0.0.1/tcp/15666/p2p/16Uiu2HAm4TmEzUqy3q3Dv7HvdoSboHk5sFj2FH3npiN5vDbJC6gh" multiAddr, err := maddr.NewMultiaddr(bootstrapPeer) c.Assert(err, IsNil) - whitelistedPeers := []string{} + whitelistedPeers := []peer.ID{} for _, pk := range testPubKeys { peer, err := conversion.Bech32PubkeyToPeerID(pk) c.Assert(err, IsNil) - whitelistedPeers = append(whitelistedPeers, peer.String()) + whitelistedPeers = append(whitelistedPeers, peer) } for i := 0; i < s.partyNum; i++ { buf, err := base64.StdEncoding.DecodeString(testPriKeyArr[i]) diff --git a/p2p/communication.go b/p2p/communication.go index 6900999..5fddec1 100644 --- a/p2p/communication.go +++ b/p2p/communication.go @@ -62,7 +62,7 @@ type Communication struct { BroadcastMsgChan chan *messages.BroadcastMsgChan externalAddr maddr.Multiaddr streamMgr *StreamMgr - whitelistedPeers []string + whitelistedPeers []peer.ID } // NewCommunication create a new instance of Communication @@ -71,7 +71,7 @@ func NewCommunication( bootstrapPeers []maddr.Multiaddr, port int, externalIP string, - whitelistedPeers []string, + whitelistedPeers []peer.ID, ) (*Communication, error) { addr, err := maddr.NewMultiaddr(fmt.Sprintf("/ip4/0.0.0.0/tcp/%d", port)) if err != nil { diff --git a/p2p/communication_test.go b/p2p/communication_test.go index 9231407..bb64407 100644 --- a/p2p/communication_test.go +++ b/p2p/communication_test.go @@ -18,7 +18,7 @@ type CommunicationTestSuite struct{} var _ = Suite(&CommunicationTestSuite{}) func (CommunicationTestSuite) TestBasicCommunication(c *C) { - comm, err := NewCommunication("rendezvous", nil, 6668, "", []string{}) + comm, err := NewCommunication("rendezvous", nil, 6668, "", []peer.ID{}) c.Assert(err, IsNil) c.Assert(comm, NotNil) comm.SetSubscribe(messages.TSSKeyGenMsg, "hello", make(chan *Message)) @@ -47,7 +47,7 @@ func (CommunicationTestSuite) TestEstablishP2pCommunication(c *C) { c.Assert(err, IsNil) privKey, err := base64.StdEncoding.DecodeString(bootstrapPrivKey) c.Assert(err, IsNil) - comm, err := NewCommunication("commTest", nil, 2220, fakeExternalIP, []string{}) + comm, err := NewCommunication("commTest", nil, 2220, fakeExternalIP, []peer.ID{}) c.Assert(err, IsNil) c.Assert(comm.Start(privKey), IsNil) @@ -55,7 +55,7 @@ func (CommunicationTestSuite) TestEstablishP2pCommunication(c *C) { sk1, _, err := crypto.GenerateSecp256k1Key(rand.Reader) sk1raw, _ := sk1.Raw() c.Assert(err, IsNil) - comm2, err := NewCommunication("commTest", []maddr.Multiaddr{validMultiAddr}, 2221, "", []string{}) + comm2, err := NewCommunication("commTest", []maddr.Multiaddr{validMultiAddr}, 2221, "", []peer.ID{}) c.Assert(err, IsNil) err = comm2.Start(sk1raw) c.Assert(err, IsNil) @@ -69,14 +69,14 @@ func (CommunicationTestSuite) TestEstablishP2pCommunication(c *C) { invalidAddr := "/ip4/127.0.0.1/tcp/2220/p2p/" + id.String() invalidMultiAddr, err := maddr.NewMultiaddr(invalidAddr) c.Assert(err, IsNil) - comm3, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr}, 2222, "", []string{}) + comm3, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr}, 2222, "", []peer.ID{}) c.Assert(err, IsNil) err = comm3.Start(sk1raw) c.Assert(err, ErrorMatches, "fail to connect to bootstrap peer: fail to connect to any peer") defer comm3.Stop() // we connect to one invalid and one valid address - comm4, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr, validMultiAddr}, 2223, "", []string{}) + comm4, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr, validMultiAddr}, 2223, "", []peer.ID{}) c.Assert(err, IsNil) err = comm4.Start(sk1raw) c.Assert(err, IsNil) diff --git a/p2p/whitelist_connection_gater.go b/p2p/whitelist_connection_gater.go index 558d8d5..570ef11 100644 --- a/p2p/whitelist_connection_gater.go +++ b/p2p/whitelist_connection_gater.go @@ -10,14 +10,14 @@ import ( ) type WhitelistConnectionGater struct { - whitelistedPeers map[string]bool + whitelistedPeers map[peer.ID]bool logger zerolog.Logger } -func NewWhitelistConnectionGater(whitelistedPeers []string, logger zerolog.Logger) *WhitelistConnectionGater { +func NewWhitelistConnectionGater(whitelistedPeers []peer.ID, logger zerolog.Logger) *WhitelistConnectionGater { gater := &WhitelistConnectionGater{ logger: logger, - whitelistedPeers: make(map[string]bool), + whitelistedPeers: make(map[peer.ID]bool), } for _, p := range whitelistedPeers { @@ -29,11 +29,11 @@ func NewWhitelistConnectionGater(whitelistedPeers []string, logger zerolog.Logge } func (wg *WhitelistConnectionGater) InterceptPeerDial(p peer.ID) (allow bool) { - return wg.peerAllowed("InterceptPeerDial", p.String()) + return wg.peerAllowed("InterceptPeerDial", p, nil) } func (wg *WhitelistConnectionGater) InterceptAddrDial(p peer.ID, m maddr.Multiaddr) (allow bool) { - return wg.peerAllowed("InterceptAddrDial", p.String()) + return wg.peerAllowed("InterceptAddrDial", p, &m) } func (wg *WhitelistConnectionGater) InterceptAccept(m network.ConnMultiaddrs) (allow bool) { @@ -41,7 +41,8 @@ func (wg *WhitelistConnectionGater) InterceptAccept(m network.ConnMultiaddrs) (a } func (wg *WhitelistConnectionGater) InterceptSecured(direction network.Direction, p peer.ID, m network.ConnMultiaddrs) (allow bool) { - return wg.peerAllowed("InterceptSecured", p.String()) + remoteMultiAddr := m.RemoteMultiaddr() + return wg.peerAllowed("InterceptSecured", p, &remoteMultiAddr) } func (wg *WhitelistConnectionGater) InterceptUpgraded(network.Conn) (bool, control.DisconnectReason) { @@ -49,14 +50,29 @@ func (wg *WhitelistConnectionGater) InterceptUpgraded(network.Conn) (bool, contr return true, 0 } -func (wg *WhitelistConnectionGater) peerAllowed(interceptor, p string) bool { +func (wg *WhitelistConnectionGater) peerAllowed(interceptor string, p peer.ID, remoteAddr *maddr.Multiaddr) bool { allowed := wg.whitelistedPeers[p] + var event *zerolog.Event if allowed { - // TODO: switch to debug - wg.logger.Info().Msgf("%s: peer %s allowed", interceptor, p) + event = wg.logger.Debug() // log allowed peers at Debug level } else { - wg.logger.Info().Msgf("%s: peer %s denied", interceptor, p) + event = wg.logger.Info() // log denied peers at Info level + } + + event = event. + Str("interceptor", interceptor). + Str("peer", p.String()). + Bool("allowed", allowed) + + if remoteAddr != nil { + event.Str("remote_address", (*remoteAddr).String()) + } + + if allowed { + event.Msg("Peer allowed") + } else { + event.Msg("Peer denied") } return allowed diff --git a/tss/tss.go b/tss/tss.go index fd49d8d..fc5294e 100644 --- a/tss/tss.go +++ b/tss/tss.go @@ -59,7 +59,7 @@ func NewTss( preParams *bkeygen.LocalPreParams, externalIP string, tssPassword string, - whitelistedPeers []string, + whitelistedPeers []peer.ID, ) (*TssServer, error) { pk := coskey.PubKey{ Key: priKey.PubKey().Bytes()[:], @@ -88,7 +88,7 @@ func NewTss( bootstrapPeers = append(bootstrapPeers, cmdBootstrapPeers...) } - whitelistedPeerSet := make(map[string]bool) + whitelistedPeerSet := make(map[peer.ID]bool) for _, w := range whitelistedPeers { whitelistedPeerSet[w] = true } @@ -99,7 +99,7 @@ func NewTss( return nil, err } - if whitelistedPeerSet[peer.ID.String()] { + if whitelistedPeerSet[peer.ID] { whitelistedBootstrapPeers = append(whitelistedBootstrapPeers, b) } } diff --git a/tss/tss_4nodes_test.go b/tss/tss_4nodes_test.go index 2e51402..caed466 100644 --- a/tss/tss_4nodes_test.go +++ b/tss/tss_4nodes_test.go @@ -15,6 +15,7 @@ import ( "time" btsskeygen "github.com/bnb-chain/tss-lib/ecdsa/keygen" + "github.com/libp2p/go-libp2p/core/peer" maddr "github.com/multiformats/go-multiaddr" . "gopkg.in/check.v1" @@ -369,11 +370,11 @@ func (s *FourNodeTestSuite) getTssServer(c *C, index int, conf common.TssConfig, } else { peerIDs = nil } - whitelistedPeers := []string{} + whitelistedPeers := []peer.ID{} for _, pk := range testPubKeys { peer, err := conversion.Bech32PubkeyToPeerID(pk) c.Assert(err, IsNil) - whitelistedPeers = append(whitelistedPeers, peer.String()) + whitelistedPeers = append(whitelistedPeers, peer) } instance, err := NewTss(peerIDs, s.ports[index], priKey, "Asgard", baseHome, conf, s.preParams[index], "", "password", whitelistedPeers) c.Assert(err, IsNil) diff --git a/tss/tss_4nodes_zeta_test.go b/tss/tss_4nodes_zeta_test.go index c205641..1cd3fa4 100644 --- a/tss/tss_4nodes_zeta_test.go +++ b/tss/tss_4nodes_zeta_test.go @@ -14,6 +14,7 @@ import ( "time" btsskeygen "github.com/bnb-chain/tss-lib/ecdsa/keygen" + "github.com/libp2p/go-libp2p/core/peer" maddr "github.com/multiformats/go-multiaddr" . "gopkg.in/check.v1" @@ -234,11 +235,11 @@ func (s *FourNodeScaleZetaSuite) getTssServer(c *C, index int, conf common.TssCo } else { peerIDs = nil } - whitelistedPeers := []string{} + whitelistedPeers := []peer.ID{} for _, pk := range testPubKeys { peer, err := conversion.Bech32PubkeyToPeerID(pk) c.Assert(err, IsNil) - whitelistedPeers = append(whitelistedPeers, peer.String()) + whitelistedPeers = append(whitelistedPeers, peer) } instance, err := NewTss(peerIDs, s.ports[index], priKey, "Zeta", baseHome, conf, s.preParams[index], "", "password", whitelistedPeers) c.Assert(err, IsNil) From 983cfc90aa14e88b46326b4a35bf4e0de3d07569 Mon Sep 17 00:00:00 2001 From: skosito Date: Mon, 28 Oct 2024 18:54:30 +0100 Subject: [PATCH 20/22] PR comments --- conversion/conversion.go | 3 +-- p2p/whitelist_connection_gater.go | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/conversion/conversion.go b/conversion/conversion.go index 02f390b..2379b74 100644 --- a/conversion/conversion.go +++ b/conversion/conversion.go @@ -18,7 +18,6 @@ import ( coseddkey "github.com/cosmos/cosmos-sdk/crypto/keys/ed25519" coskey "github.com/cosmos/cosmos-sdk/crypto/keys/secp256k1" "github.com/cosmos/cosmos-sdk/types" - "github.com/cosmos/cosmos-sdk/types/bech32/legacybech32" sdk "github.com/cosmos/cosmos-sdk/types/bech32/legacybech32" crypto2 "github.com/libp2p/go-libp2p/core/crypto" "github.com/libp2p/go-libp2p/core/peer" @@ -215,7 +214,7 @@ func GetEDDSAPrivateKeyRawBytes(privateKey crypto2.PrivKey) ([]byte, error) { } func Bech32PubkeyToPeerID(pubKey string) (peer.ID, error) { - bech32PubKey, err := legacybech32.UnmarshalPubKey(legacybech32.AccPK, pubKey) + bech32PubKey, err := sdk.UnmarshalPubKey(sdk.AccPK, pubKey) if err != nil { return "", err } diff --git a/p2p/whitelist_connection_gater.go b/p2p/whitelist_connection_gater.go index 570ef11..5bab73e 100644 --- a/p2p/whitelist_connection_gater.go +++ b/p2p/whitelist_connection_gater.go @@ -62,7 +62,7 @@ func (wg *WhitelistConnectionGater) peerAllowed(interceptor string, p peer.ID, r event = event. Str("interceptor", interceptor). - Str("peer", p.String()). + Stringer("peer", p). Bool("allowed", allowed) if remoteAddr != nil { From 5558cea583cb47bb8bad7970a0e060bca446e9bc Mon Sep 17 00:00:00 2001 From: skosito Date: Mon, 28 Oct 2024 19:43:52 +0100 Subject: [PATCH 21/22] communication tests --- p2p/communication_test.go | 42 ++++++++++++++++++++++++++------------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/p2p/communication_test.go b/p2p/communication_test.go index bb64407..87fc62d 100644 --- a/p2p/communication_test.go +++ b/p2p/communication_test.go @@ -3,14 +3,14 @@ package p2p import ( "crypto/rand" "encoding/base64" + "fmt" "github.com/libp2p/go-libp2p/core/peer" maddr "github.com/multiformats/go-multiaddr" + "gitlab.com/thorchain/tss/go-tss/messages" "github.com/libp2p/go-libp2p/core/crypto" . "gopkg.in/check.v1" - - "gitlab.com/thorchain/tss/go-tss/messages" ) type CommunicationTestSuite struct{} @@ -39,7 +39,20 @@ func checkExist(a []maddr.Multiaddr, b string) bool { } func (CommunicationTestSuite) TestEstablishP2pCommunication(c *C) { - bootstrapPeer := "/ip4/127.0.0.1/tcp/2220/p2p/16Uiu2HAm4TmEzUqy3q3Dv7HvdoSboHk5sFj2FH3npiN5vDbJC6gh" + bootstrapPeerID, err := peer.Decode("16Uiu2HAm4TmEzUqy3q3Dv7HvdoSboHk5sFj2FH3npiN5vDbJC6gh") + c.Assert(err, IsNil) + sk1, _, err := crypto.GenerateSecp256k1Key(rand.Reader) + c.Assert(err, IsNil) + sk1raw, _ := sk1.Raw() + id1, err := peer.IDFromPrivateKey(sk1) + c.Assert(err, IsNil) + sk2, _, err := crypto.GenerateSecp256k1Key(rand.Reader) + c.Assert(err, IsNil) + id2, err := peer.IDFromPrivateKey(sk2) + c.Assert(err, IsNil) + + bootstrapPeer := fmt.Sprintf("/ip4/127.0.0.1/tcp/2220/p2p/%s", bootstrapPeerID.String()) + whitelistedPeers := []peer.ID{bootstrapPeerID, id1, id2} bootstrapPrivKey := "6LABmWB4iXqkqOJ9H0YFEA2CSSx6bA7XAKGyI/TDtas=" fakeExternalIP := "11.22.33.44" fakeExternalMultiAddr := "/ip4/11.22.33.44/tcp/2220" @@ -47,36 +60,30 @@ func (CommunicationTestSuite) TestEstablishP2pCommunication(c *C) { c.Assert(err, IsNil) privKey, err := base64.StdEncoding.DecodeString(bootstrapPrivKey) c.Assert(err, IsNil) - comm, err := NewCommunication("commTest", nil, 2220, fakeExternalIP, []peer.ID{}) + comm, err := NewCommunication("commTest", nil, 2220, fakeExternalIP, whitelistedPeers) c.Assert(err, IsNil) c.Assert(comm.Start(privKey), IsNil) defer comm.Stop() - sk1, _, err := crypto.GenerateSecp256k1Key(rand.Reader) - sk1raw, _ := sk1.Raw() c.Assert(err, IsNil) - comm2, err := NewCommunication("commTest", []maddr.Multiaddr{validMultiAddr}, 2221, "", []peer.ID{}) + comm2, err := NewCommunication("commTest", []maddr.Multiaddr{validMultiAddr}, 2221, "", whitelistedPeers) c.Assert(err, IsNil) err = comm2.Start(sk1raw) c.Assert(err, IsNil) defer comm2.Stop() // we connect to an invalid peer and see - sk2, _, err := crypto.GenerateSecp256k1Key(rand.Reader) - c.Assert(err, IsNil) - id, err := peer.IDFromPrivateKey(sk2) - c.Assert(err, IsNil) - invalidAddr := "/ip4/127.0.0.1/tcp/2220/p2p/" + id.String() + invalidAddr := "/ip4/127.0.0.1/tcp/2220/p2p/" + id2.String() invalidMultiAddr, err := maddr.NewMultiaddr(invalidAddr) c.Assert(err, IsNil) - comm3, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr}, 2222, "", []peer.ID{}) + comm3, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr}, 2222, "", whitelistedPeers) c.Assert(err, IsNil) err = comm3.Start(sk1raw) c.Assert(err, ErrorMatches, "fail to connect to bootstrap peer: fail to connect to any peer") defer comm3.Stop() // we connect to one invalid and one valid address - comm4, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr, validMultiAddr}, 2223, "", []peer.ID{}) + comm4, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr, validMultiAddr}, 2223, "", whitelistedPeers) c.Assert(err, IsNil) err = comm4.Start(sk1raw) c.Assert(err, IsNil) @@ -88,4 +95,11 @@ func (CommunicationTestSuite) TestEstablishP2pCommunication(c *C) { c.Assert(checkExist(ps.Addrs(comm.host.ID()), fakeExternalMultiAddr), Equals, true) ps = comm4.host.Peerstore() c.Assert(checkExist(ps.Addrs(comm.host.ID()), fakeExternalMultiAddr), Equals, true) + + // same as above, just without whitelisted peers + comm5, err := NewCommunication("commTest", []maddr.Multiaddr{invalidMultiAddr, validMultiAddr}, 2224, "", []peer.ID{}) + c.Assert(err, IsNil) + err = comm5.Start(sk1raw) + c.Assert(err, ErrorMatches, "fail to connect to bootstrap peer: fail to connect to any peer") + defer comm5.Stop() } From 48efd48931223400b2290d2f206917126e34e2ad Mon Sep 17 00:00:00 2001 From: skosito Date: Mon, 28 Oct 2024 21:07:47 +0100 Subject: [PATCH 22/22] PR comment --- p2p/whitelist_connection_gater.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/p2p/whitelist_connection_gater.go b/p2p/whitelist_connection_gater.go index 5bab73e..0465aa0 100644 --- a/p2p/whitelist_connection_gater.go +++ b/p2p/whitelist_connection_gater.go @@ -21,7 +21,9 @@ func NewWhitelistConnectionGater(whitelistedPeers []peer.ID, logger zerolog.Logg } for _, p := range whitelistedPeers { - logger.Info().Msgf("Adding peer %s to whitelist", p) + logger.Info(). + Stringer("peer", p). + Msg("Adding peer to whitelist") gater.whitelistedPeers[p] = true }