move go-libp2p-pnet here

go.mod

@@ -4,6 +4,7 @@ go 1.17
 
 require (
 	github.com/benbjohnson/clock v1.3.0
+	github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c
 	github.com/flynn/noise v1.0.0
 	github.com/gogo/protobuf v1.3.2
 	github.com/golang/mock v1.6.0
@@ -23,7 +24,6 @@ require (
 	github.com/libp2p/go-libp2p-core v0.15.1
 	github.com/libp2p/go-libp2p-nat v0.1.0
 	github.com/libp2p/go-libp2p-peerstore v0.6.0
-	github.com/libp2p/go-libp2p-pnet v0.2.0
 	github.com/libp2p/go-libp2p-resource-manager v0.2.1
 	github.com/libp2p/go-libp2p-testing v0.9.2
 	github.com/libp2p/go-libp2p-tls v0.4.1
@@ -63,7 +63,6 @@ require (
 	github.com/coreos/go-semver v0.3.0 // indirect
 	github.com/coreos/go-systemd/v22 v22.3.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect
 	github.com/docker/go-units v0.4.0 // indirect
 	github.com/elastic/gosigar v0.14.2 // indirect
 	github.com/francoispqt/gojay v1.2.13 // indirect

p2p/net/pnet/protector.go

@@ -0,0 +1,18 @@
+package pnet
+
+import (
+	"errors"
+	"net"
+
+	ipnet "github.com/libp2p/go-libp2p-core/pnet"
+)
+
+// NewProtectedConn creates a new protected connection
+func NewProtectedConn(psk ipnet.PSK, conn net.Conn) (net.Conn, error) {
+	if len(psk) != 32 {
+		return nil, errors.New("expected 32 byte PSK")
+	}
+	var p [32]byte
+	copy(p[:], psk)
+	return newPSKConn(&p, conn)
+}

p2p/net/pnet/psk_conn.go

@@ -0,0 +1,83 @@
+package pnet
+
+import (
+	"crypto/cipher"
+	"crypto/rand"
+	"io"
+	"net"
+
+	"github.com/libp2p/go-libp2p-core/pnet"
+
+	"github.com/davidlazar/go-crypto/salsa20"
+	pool "github.com/libp2p/go-buffer-pool"
+)
+
+// we are using buffer pool as user needs their slice back
+// so we can't do XOR cripter in place
+var (
+	errShortNonce  = pnet.NewError("could not read full nonce")
+	errInsecureNil = pnet.NewError("insecure is nil")
+	errPSKNil      = pnet.NewError("pre-shread key is nil")
+)
+
+type pskConn struct {
+	net.Conn
+	psk *[32]byte
+
+	writeS20 cipher.Stream
+	readS20  cipher.Stream
+}
+
+func (c *pskConn) Read(out []byte) (int, error) {
+	if c.readS20 == nil {
+		nonce := make([]byte, 24)
+		_, err := io.ReadFull(c.Conn, nonce)
+		if err != nil {
+			return 0, errShortNonce
+		}
+		c.readS20 = salsa20.New(c.psk, nonce)
+	}
+
+	n, err := c.Conn.Read(out) // read to in
+	if n > 0 {
+		c.readS20.XORKeyStream(out[:n], out[:n]) // decrypt to out buffer
+	}
+	return n, err
+}
+
+func (c *pskConn) Write(in []byte) (int, error) {
+	if c.writeS20 == nil {
+		nonce := make([]byte, 24)
+		_, err := rand.Read(nonce)
+		if err != nil {
+			return 0, err
+		}
+		_, err = c.Conn.Write(nonce)
+		if err != nil {
+			return 0, err
+		}
+
+		c.writeS20 = salsa20.New(c.psk, nonce)
+	}
+	out := pool.Get(len(in))
+	defer pool.Put(out)
+
+	c.writeS20.XORKeyStream(out, in) // encrypt
+
+	return c.Conn.Write(out) // send
+}
+
+var _ net.Conn = (*pskConn)(nil)
+
+func newPSKConn(psk *[32]byte, insecure net.Conn) (net.Conn, error) {
+	if insecure == nil {
+		return nil, errInsecureNil
+	}
+	if psk == nil {
+		return nil, errPSKNil
+	}
+	return &pskConn{
+		Conn: insecure,
+		psk:  psk,
+	}, nil
+}

p2p/net/pnet/psk_conn_test.go

@@ -0,0 +1,92 @@
+package pnet
+
+import (
+	"bytes"
+	"context"
+	"math/rand"
+	"net"
+	"testing"
+)
+
+func setupPSKConns(ctx context.Context, t *testing.T) (net.Conn, net.Conn) {
+	testPSK := make([]byte, 32) // null bytes are as good test key as any other key
+	conn1, conn2 := net.Pipe()
+
+	psk1, err := NewProtectedConn(testPSK, conn1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	psk2, err := NewProtectedConn(testPSK, conn2)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return psk1, psk2
+}
+
+func TestPSKSimpelMessges(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.TODO())
+	defer cancel()
+
+	psk1, psk2 := setupPSKConns(ctx, t)
+	msg1 := []byte("hello world")
+	out1 := make([]byte, len(msg1))
+
+	wch := make(chan error)
+	go func() {
+		_, err := psk1.Write(msg1)
+		wch <- err
+	}()
+	n, err := psk2.Read(out1)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = <-wch
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if n != len(out1) {
+		t.Fatalf("expected to read %d bytes, read: %d", len(out1), n)
+	}
+
+	if !bytes.Equal(msg1, out1) {
+		t.Fatalf("input and output are not the same")
+	}
+}
+
+func TestPSKFragmentation(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.TODO())
+	defer cancel()
+
+	psk1, psk2 := setupPSKConns(ctx, t)
+
+	in := make([]byte, 1000)
+	_, err := rand.Read(in)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	out := make([]byte, 100)
+
+	wch := make(chan error)
+	go func() {
+		_, err := psk1.Write(in)
+		wch <- err
+	}()
+
+	for i := 0; i < 10; i++ {
+		if _, err := psk2.Read(out); err != nil {
+			t.Fatal(err)
+		}
+		if !bytes.Equal(in[:100], out) {
+			t.Fatalf("input and output are not the same")
+		}
+		in = in[100:]
+	}
+
+	err = <-wch
+	if err != nil {
+		t.Fatal(err)
+	}
+}

p2p/net/upgrader/upgrader.go

@@ -7,14 +7,15 @@ import (
 	"net"
 	"time"
 
+	"github.com/libp2p/go-libp2p/p2p/net/pnet"
+
 	"github.com/libp2p/go-libp2p-core/connmgr"
 	"github.com/libp2p/go-libp2p-core/network"
 	"github.com/libp2p/go-libp2p-core/peer"
 	ipnet "github.com/libp2p/go-libp2p-core/pnet"
 	"github.com/libp2p/go-libp2p-core/sec"
 	"github.com/libp2p/go-libp2p-core/transport"
 
-	pnet "github.com/libp2p/go-libp2p-pnet"
 	manet "github.com/multiformats/go-multiaddr/net"
 )