mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-10 20:03:34 -03:00
411ba32af2
bc9283c441[test] Add functional test to test early key response behaviour in BIP 324 (stratospher)ffe6a56d75[test] Check whether v2 TestNode performs downgrading (stratospher)ba737358a3[test] Add functional tests to test v2 P2P behaviour (stratospher)4115cf9956[test] Ignore BIP324 decoy messages (stratospher)8c054aa04d[test] Allow inbound and outbound connections supporting v2 P2P protocol (stratospher)382894c3ac[test] Reconnect using v1 P2P when v2 P2P terminates due to magic byte mismatch (stratospher)a94e350ac0[test] Build v2 P2P messages (stratospher)bb7bffed79[test] Use lock for sending P2P messages in test framework (stratospher)5b91fb14ab[test] Read v2 P2P messages (stratospher)05bddb20f5[test] Perform initial v2 handshake (stratospher)a049d1bd08[test] Introduce EncryptedP2PState object in P2PConnection (stratospher)b89fa59e71[test] Construct class to handle v2 P2P protocol functions (stratospher)8d6c848a48[test] Move MAGIC_BYTES to messages.py (stratospher)595ad4b168[test/crypto] Add ECDH (stratospher)4487b80517[rpc/net] Allow v2 p2p support in addconnection (stratospher) Pull request description: This PR introduces support for v2 P2P encryption(BIP 324) in the existing functional test framework and adds functional tests for the same. ### commits overview 1. introduces a new class `EncryptedP2PState` to store the keys, functions for performing the initial v2 handshake and encryption/decryption. 3. this class is used by `P2PConnection` in inbound/outbound connections to perform the initial v2 handshake before the v1 version handshake. Only after the initial v2 handshake is performed do application layer P2P messages(version, verack etc..) get exchanged. (in a v2 connection) - `v2_state` is the object of class `EncryptedP2PState` in `P2PConnection` used to store its keys, session-id etc. - a node [advertising](https://github.com/stratospher/blogosphere/blob/main/integration_test_bip324.md#advertising-to-support-v2-p2p) support for v2 P2P is different from a node actually [supporting v2 P2P](https://github.com/stratospher/blogosphere/blob/main/integration_test_bip324.md#supporting-v2-p2p) (differ when false advertisement of services occur) - introduce a boolean variable `supports_v2_p2p` in `P2PConnection` to denote if it supports v2 P2P. - introduce a boolean variable `advertises_v2_p2p` to denote whether `P2PConnection` which mimics peer behaviour advertises V2 P2P support. Default option is `False`. - In the test framework, you can create Inbound and Outbound connections to `TestNode` 1. During **Inbound Connections**, `P2PConnection` is the initiator [`TestNode` <--------- `P2PConnection`] - Case 1: - if the `TestNode` advertises/signals v2 P2P support (means `self.nodes[i]` set up with `"-v2transport=1"`), different behaviour will be exhibited based on whether: 1. `P2PConnection` supports v2 P2P 2. `P2PConnection` does not support v2 P2P - In a real world scenario, the initiator node would intrinsically know if they support v2 P2P based on whatever code they choose to run. However, in the test scenario where we mimic peer behaviour, we have no way of knowing if `P2PConnection` should support v2 P2P or not. So `supports_v2_p2p` boolean variable is used as an option to enable support for v2 P2P in `P2PConnection`. - Since the `TestNode` advertises v2 P2P support (using "-v2transport=1"), our initiator `P2PConnection` would send: 1. (if the `P2PConnection` supports v2 P2P) ellswift + garbage bytes to initiate the connection 2. (if the `P2PConnection` does not support v2 P2P) version message to initiate the connection - Case 2: - if the `TestNode` doesn't signal v2 P2P support; `P2PConnection` being the initiator would send version message to initiate a connection. 2. During **Outbound Connections** [TestNode --------> P2PConnection] - initiator `TestNode` would send: - (if the `P2PConnection` advertises v2 P2P) ellswift + garbage bytes to initiate the connection - (if the `P2PConnection` advertises v2 P2P) version message to initiate the connection - Suppose `P2PConnection` advertises v2 P2P support when it actually doesn't support v2 P2P (false advertisement scenario) - `TestNode` sends ellswift + garbage bytes - `P2PConnection` receives but can't process it and disconnects. - `TestNode` then tries using v1 P2P and sends version message - `P2PConnection` receives/processes this successfully and they communicate on v1 P2P 4. the encrypted P2P messages follow a different format - 3 byte length + 1-13 byte message_type + payload + 16 byte MAC 5. includes support for testing decoy messages and v2 connection downgrade(using false advertisement - when a v2 node makes an outbound connection to a node which doesn't support v2 but is advertised as v2 by some malicious intermediary) ### run the tests * functional test - `test/functional/p2p_v2_encrypted.py` `test/functional/p2p_v2_earlykeyresponse.py` I'm also super grateful to @ dhruv for his really valuable feedback on this branch. Also written a more elaborate explanation here - https://github.com/stratospher/blogosphere/blob/main/integration_test_bip324.md ACKs for top commit: naumenkogs: ACKbc9283c441mzumsande: Code Review ACKbc9283c441theStack: Code-review ACKbc9283c441glozow: ACKbc9283c441Tree-SHA512: 9b54ed27e925e1775e0e0d35e959cdbf2a9a1aab7bcf5d027e66f8b59780bdd0458a7a4311ddc7dd67657a4a2a2cd5034ead75524420d58a83f642a8304c9811
165 lines
8.6 KiB
Python
Executable file
165 lines
8.6 KiB
Python
Executable file
#!/usr/bin/env python3
|
|
# Copyright (c) 2021-present The Bitcoin Core developers
|
|
# Distributed under the MIT software license, see the accompanying
|
|
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
"""
|
|
Test v2 transport
|
|
"""
|
|
import socket
|
|
|
|
from test_framework.messages import MAGIC_BYTES, NODE_P2P_V2
|
|
from test_framework.test_framework import BitcoinTestFramework
|
|
from test_framework.util import (
|
|
assert_equal,
|
|
p2p_port,
|
|
)
|
|
|
|
|
|
class V2TransportTest(BitcoinTestFramework):
|
|
def set_test_params(self):
|
|
self.setup_clean_chain = True
|
|
self.num_nodes = 5
|
|
self.extra_args = [["-v2transport=1"], ["-v2transport=1"], ["-v2transport=0"], ["-v2transport=0"], ["-v2transport=0"]]
|
|
|
|
def run_test(self):
|
|
sending_handshake = "start sending v2 handshake to peer"
|
|
downgrading_to_v1 = "retrying with v1 transport protocol for peer"
|
|
self.disconnect_nodes(0, 1)
|
|
self.disconnect_nodes(1, 2)
|
|
self.disconnect_nodes(2, 3)
|
|
self.disconnect_nodes(3, 4)
|
|
|
|
# verify local services
|
|
network_info = self.nodes[2].getnetworkinfo()
|
|
assert_equal(int(network_info["localservices"], 16) & NODE_P2P_V2, 0)
|
|
assert "P2P_V2" not in network_info["localservicesnames"]
|
|
network_info = self.nodes[1].getnetworkinfo()
|
|
assert_equal(int(network_info["localservices"], 16) & NODE_P2P_V2, NODE_P2P_V2)
|
|
assert "P2P_V2" in network_info["localservicesnames"]
|
|
|
|
# V2 nodes can sync with V2 nodes
|
|
assert_equal(self.nodes[0].getblockcount(), 0)
|
|
assert_equal(self.nodes[1].getblockcount(), 0)
|
|
with self.nodes[0].assert_debug_log(expected_msgs=[sending_handshake],
|
|
unexpected_msgs=[downgrading_to_v1]):
|
|
self.connect_nodes(0, 1, peer_advertises_v2=True)
|
|
self.generate(self.nodes[0], 5, sync_fun=lambda: self.sync_all(self.nodes[0:2]))
|
|
assert_equal(self.nodes[1].getblockcount(), 5)
|
|
# verify there is a v2 connection between node 0 and 1
|
|
node_0_info = self.nodes[0].getpeerinfo()
|
|
node_1_info = self.nodes[1].getpeerinfo()
|
|
assert_equal(len(node_0_info), 1)
|
|
assert_equal(len(node_1_info), 1)
|
|
assert_equal(node_0_info[0]["transport_protocol_type"], "v2")
|
|
assert_equal(node_1_info[0]["transport_protocol_type"], "v2")
|
|
assert_equal(len(node_0_info[0]["session_id"]), 64)
|
|
assert_equal(len(node_1_info[0]["session_id"]), 64)
|
|
assert_equal(node_0_info[0]["session_id"], node_1_info[0]["session_id"])
|
|
|
|
# V1 nodes can sync with each other
|
|
assert_equal(self.nodes[2].getblockcount(), 0)
|
|
assert_equal(self.nodes[3].getblockcount(), 0)
|
|
with self.nodes[2].assert_debug_log(expected_msgs=[],
|
|
unexpected_msgs=[sending_handshake, downgrading_to_v1]):
|
|
self.connect_nodes(2, 3, peer_advertises_v2=False)
|
|
self.generate(self.nodes[2], 8, sync_fun=lambda: self.sync_all(self.nodes[2:4]))
|
|
assert_equal(self.nodes[3].getblockcount(), 8)
|
|
assert self.nodes[0].getbestblockhash() != self.nodes[2].getbestblockhash()
|
|
# verify there is a v1 connection between node 2 and 3
|
|
node_2_info = self.nodes[2].getpeerinfo()
|
|
node_3_info = self.nodes[3].getpeerinfo()
|
|
assert_equal(len(node_2_info), 1)
|
|
assert_equal(len(node_3_info), 1)
|
|
assert_equal(node_2_info[0]["transport_protocol_type"], "v1")
|
|
assert_equal(node_3_info[0]["transport_protocol_type"], "v1")
|
|
assert_equal(len(node_2_info[0]["session_id"]), 0)
|
|
assert_equal(len(node_3_info[0]["session_id"]), 0)
|
|
|
|
# V1 nodes can sync with V2 nodes
|
|
self.disconnect_nodes(0, 1)
|
|
self.disconnect_nodes(2, 3)
|
|
with self.nodes[2].assert_debug_log(expected_msgs=[],
|
|
unexpected_msgs=[sending_handshake, downgrading_to_v1]):
|
|
self.connect_nodes(2, 1, peer_advertises_v2=False) # cannot enable v2 on v1 node
|
|
self.sync_all(self.nodes[1:3])
|
|
assert_equal(self.nodes[1].getblockcount(), 8)
|
|
assert self.nodes[0].getbestblockhash() != self.nodes[1].getbestblockhash()
|
|
# verify there is a v1 connection between node 1 and 2
|
|
node_1_info = self.nodes[1].getpeerinfo()
|
|
node_2_info = self.nodes[2].getpeerinfo()
|
|
assert_equal(len(node_1_info), 1)
|
|
assert_equal(len(node_2_info), 1)
|
|
assert_equal(node_1_info[0]["transport_protocol_type"], "v1")
|
|
assert_equal(node_2_info[0]["transport_protocol_type"], "v1")
|
|
assert_equal(len(node_1_info[0]["session_id"]), 0)
|
|
assert_equal(len(node_2_info[0]["session_id"]), 0)
|
|
|
|
# V2 nodes can sync with V1 nodes
|
|
self.disconnect_nodes(1, 2)
|
|
with self.nodes[0].assert_debug_log(expected_msgs=[],
|
|
unexpected_msgs=[sending_handshake, downgrading_to_v1]):
|
|
self.connect_nodes(0, 3, peer_advertises_v2=False)
|
|
self.sync_all([self.nodes[0], self.nodes[3]])
|
|
assert_equal(self.nodes[0].getblockcount(), 8)
|
|
# verify there is a v1 connection between node 0 and 3
|
|
node_0_info = self.nodes[0].getpeerinfo()
|
|
node_3_info = self.nodes[3].getpeerinfo()
|
|
assert_equal(len(node_0_info), 1)
|
|
assert_equal(len(node_3_info), 1)
|
|
assert_equal(node_0_info[0]["transport_protocol_type"], "v1")
|
|
assert_equal(node_3_info[0]["transport_protocol_type"], "v1")
|
|
assert_equal(len(node_0_info[0]["session_id"]), 0)
|
|
assert_equal(len(node_3_info[0]["session_id"]), 0)
|
|
|
|
# V2 node mines another block and everyone gets it
|
|
self.connect_nodes(0, 1, peer_advertises_v2=True)
|
|
self.connect_nodes(1, 2, peer_advertises_v2=False)
|
|
self.generate(self.nodes[1], 1, sync_fun=lambda: self.sync_all(self.nodes[0:4]))
|
|
assert_equal(self.nodes[0].getblockcount(), 9) # sync_all() verifies tip hashes match
|
|
|
|
# V1 node mines another block and everyone gets it
|
|
self.generate(self.nodes[3], 2, sync_fun=lambda: self.sync_all(self.nodes[0:4]))
|
|
assert_equal(self.nodes[2].getblockcount(), 11) # sync_all() verifies tip hashes match
|
|
|
|
assert_equal(self.nodes[4].getblockcount(), 0)
|
|
# Peer 4 is v1 p2p, but is falsely advertised as v2.
|
|
with self.nodes[1].assert_debug_log(expected_msgs=[sending_handshake, downgrading_to_v1]):
|
|
self.connect_nodes(1, 4, peer_advertises_v2=True)
|
|
self.sync_all()
|
|
assert_equal(self.nodes[4].getblockcount(), 11)
|
|
|
|
# Check v1 prefix detection
|
|
V1_PREFIX = MAGIC_BYTES["regtest"] + b"version\x00\x00\x00\x00\x00"
|
|
assert_equal(len(V1_PREFIX), 16)
|
|
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
|
|
with self.nodes[0].wait_for_new_peer():
|
|
s.connect(("127.0.0.1", p2p_port(0)))
|
|
s.sendall(V1_PREFIX[:-1])
|
|
assert_equal(self.nodes[0].getpeerinfo()[-1]["transport_protocol_type"], "detecting")
|
|
s.sendall(bytes([V1_PREFIX[-1]])) # send out last prefix byte
|
|
self.wait_until(lambda: self.nodes[0].getpeerinfo()[-1]["transport_protocol_type"] == "v1")
|
|
|
|
# Check wrong network prefix detection (hits if the next 12 bytes correspond to a v1 version message)
|
|
wrong_network_magic_prefix = MAGIC_BYTES["signet"] + V1_PREFIX[4:]
|
|
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
|
|
with self.nodes[0].wait_for_new_peer():
|
|
s.connect(("127.0.0.1", p2p_port(0)))
|
|
with self.nodes[0].assert_debug_log(["V2 transport error: V1 peer with wrong MessageStart"]):
|
|
s.sendall(wrong_network_magic_prefix + b"somepayload")
|
|
|
|
# Check detection of missing garbage terminator (hits after fixed amount of data if terminator never matches garbage)
|
|
MAX_KEY_GARB_AND_GARBTERM_LEN = 64 + 4095 + 16
|
|
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
|
|
with self.nodes[0].wait_for_new_peer():
|
|
s.connect(("127.0.0.1", p2p_port(0)))
|
|
s.sendall(b'\x00' * (MAX_KEY_GARB_AND_GARBTERM_LEN - 1))
|
|
self.wait_until(lambda: self.nodes[0].getpeerinfo()[-1]["bytesrecv"] == MAX_KEY_GARB_AND_GARBTERM_LEN - 1)
|
|
with self.nodes[0].assert_debug_log(["V2 transport error: missing garbage terminator"]):
|
|
peer_id = self.nodes[0].getpeerinfo()[-1]["id"]
|
|
s.sendall(b'\x00') # send out last byte
|
|
# should disconnect immediately
|
|
self.wait_until(lambda: not peer_id in [p["id"] for p in self.nodes[0].getpeerinfo()])
|
|
|
|
|
|
if __name__ == '__main__':
|
|
V2TransportTest().main()
|