Merge pull request #638 from openmina/fix/p2p/crash-resilience

Improve crash resilience in p2p

Author: vlad9486

Cargo.lock

@@ -32,6 +32,7 @@ tracing-wasm = "0.2"
 [target.'cfg(not(target_family = "wasm"))'.dependencies]
 redux = { workspace = true, features=["serializable_callbacks"] }
 tracing-subscriber = { version = "0.3.17", features = ["json", "env-filter"] }
+libp2p-identity = { version = "=0.2.7", features = ["ed25519", "rand", "serde"] }
 
 [features]
 p2p-webrtc = ["node/p2p-webrtc"]

node/common/Cargo.toml

@@ -87,4 +87,14 @@ impl P2pCryptoService for NodeService {
             .sign(&msg)
             .expect("unable to create signature")
     }
+
+    fn verify_publication(
+        &mut self,
+        pk: &libp2p_identity::PublicKey,
+        publication: &[u8],
+        sig: &[u8],
+    ) -> bool {
+        let msg: Vec<u8> = [b"libp2p-pubsub:", publication].concat();
+        pk.verify(&msg, sig)
+    }
 }

node/common/src/service/p2p.rs

@@ -307,11 +307,14 @@ pub enum ActionKind {
     P2pNetworkPubsubBroadcastSigned,
     P2pNetworkPubsubGraft,
     P2pNetworkPubsubIncomingData,
+    P2pNetworkPubsubIncomingMessage,
     P2pNetworkPubsubNewStream,
     P2pNetworkPubsubOutgoingData,
     P2pNetworkPubsubOutgoingMessage,
+    P2pNetworkPubsubOutgoingMessageError,
     P2pNetworkPubsubPrune,
     P2pNetworkPubsubSign,
+    P2pNetworkPubsubSignError,
     P2pNetworkRpcHeartbeatSend,
     P2pNetworkRpcIncomingData,
     P2pNetworkRpcIncomingMessage,
@@ -538,7 +541,7 @@ pub enum ActionKind {
 }
 
 impl ActionKind {
-    pub const COUNT: u16 = 446;
+    pub const COUNT: u16 = 449;
 }
 
 impl std::fmt::Display for ActionKind {
@@ -1462,12 +1465,15 @@ impl ActionKindGet for P2pNetworkPubsubAction {
         match self {
             Self::NewStream { .. } => ActionKind::P2pNetworkPubsubNewStream,
             Self::IncomingData { .. } => ActionKind::P2pNetworkPubsubIncomingData,
+            Self::IncomingMessage { .. } => ActionKind::P2pNetworkPubsubIncomingMessage,
             Self::Graft { .. } => ActionKind::P2pNetworkPubsubGraft,
             Self::Prune { .. } => ActionKind::P2pNetworkPubsubPrune,
             Self::Broadcast { .. } => ActionKind::P2pNetworkPubsubBroadcast,
             Self::Sign { .. } => ActionKind::P2pNetworkPubsubSign,
+            Self::SignError { .. } => ActionKind::P2pNetworkPubsubSignError,
             Self::BroadcastSigned { .. } => ActionKind::P2pNetworkPubsubBroadcastSigned,
             Self::OutgoingMessage { .. } => ActionKind::P2pNetworkPubsubOutgoingMessage,
+            Self::OutgoingMessageError { .. } => ActionKind::P2pNetworkPubsubOutgoingMessageError,
             Self::OutgoingData { .. } => ActionKind::P2pNetworkPubsubOutgoingData,
         }
     }

node/src/action_kind.rs

@@ -55,6 +55,7 @@ hex = "0.4.3"
 
 [target.'cfg(not(target_family = "wasm"))'.dependencies]
 redux = { workspace = true, features=["serializable_callbacks"] }
+libp2p-identity = { version = "=0.2.7", features = ["ed25519", "rand", "serde"] }
 
 [features]
 default = ["p2p-libp2p", "scenario-generators"]

node/testing/Cargo.toml

@@ -296,6 +296,15 @@ impl P2pCryptoService for NodeTestingService {
     fn sign_publication(&mut self, publication: &[u8]) -> Vec<u8> {
         self.real.sign_publication(publication)
     }
+
+    fn verify_publication(
+        &mut self,
+        pk: &libp2p_identity::PublicKey,
+        publication: &[u8],
+        sig: &[u8],
+    ) -> bool {
+        self.real.verify_publication(pk, publication, sig)
+    }
 }
 
 impl node::ledger::LedgerService for NodeTestingService {

node/testing/src/service/mod.rs

@@ -52,11 +52,14 @@ impl P2pNetworkNoiseAction {
         } else {
             None
         };
-        let handshake_error = if let Some(P2pNetworkNoiseStateInner::Error(error)) = &state.inner {
-            Some(error)
-        } else {
-            None
-        };
+
+        if let Some(P2pNetworkNoiseStateInner::Error(error)) = &state.inner {
+            store.dispatch(P2pNetworkSchedulerAction::Error {
+                addr: *self.addr(),
+                error: error.clone().into(),
+            });
+            return;
+        }
 
         let middle_initiator =
             matches!(&state.inner, Some(P2pNetworkNoiseStateInner::Initiator(..)))
@@ -93,14 +96,6 @@ impl P2pNetworkNoiseAction {
                 }
             }
             P2pNetworkNoiseAction::IncomingChunk { addr, .. } => {
-                if let Some(error) = handshake_error {
-                    store.dispatch(P2pNetworkSchedulerAction::Error {
-                        addr,
-                        error: error.clone().into(),
-                    });
-                    return;
-                }
-
                 if let Some((peer_id, true)) = handshake_done {
                     let addr = *self.addr();
                     store.dispatch(P2pConnectionIncomingAction::FinalizePendingLibp2p {

p2p/src/network/noise/p2p_network_noise_effects.rs

@@ -1,14 +1,17 @@
 use chacha20poly1305::{aead::generic_array::GenericArray, AeadInPlace, ChaCha20Poly1305, KeyInit};
+use crypto_bigint::consts::U12;
 
 use self::p2p_network_noise_state::ResponderConsumeOutput;
 
 use super::*;
 
 use super::p2p_network_noise_state::{
-    NoiseError, NoiseState, P2pNetworkNoiseState, P2pNetworkNoiseStateInitiator,
+    InitiatorOutput, NoiseError, NoiseState, P2pNetworkNoiseState, P2pNetworkNoiseStateInitiator,
     P2pNetworkNoiseStateInner, P2pNetworkNoiseStateResponder, ResponderOutput,
 };
 
+const MAX_CHUNK_SIZE: usize = u16::MAX as usize - 19;
+
 impl P2pNetworkNoiseState {
     pub fn reducer(&mut self, action: redux::ActionWithMeta<&P2pNetworkNoiseAction>) {
         match action.action() {
@@ -68,13 +71,16 @@ impl P2pNetworkNoiseState {
                 let mut offset = 0;
                 loop {
                     let buf = &self.buffer[offset..];
-                    if buf.len() >= 2 {
-                        let len = u16::from_be_bytes(buf[..2].try_into().expect("cannot fail"));
+                    // TODO: add bug_condition
+                    let len = buf
+                        .get(..2)
+                        .and_then(|buf| Some(u16::from_be_bytes(buf.try_into().ok()?)));
+
+                    if let Some(len) = len {
                         let full_len = 2 + len as usize;
                         if buf.len() >= full_len {
                             self.incoming_chunks.push_back(buf[..full_len].to_vec());
                             offset += full_len;
-
                             continue;
                         }
                     }
@@ -187,56 +193,73 @@ impl P2pNetworkNoiseState {
                         ..
                     } => {
                         let aead = ChaCha20Poly1305::new(&send_key.0.into());
-                        let chunk_max_size = u16::MAX as usize - 19;
-                        let chunks = data
-                            .chunks(chunk_max_size)
-                            .map(|data| {
-                                let mut chunk = Vec::with_capacity(18 + data.len());
-                                chunk.extend_from_slice(&((data.len() + 16) as u16).to_be_bytes());
-                                chunk.extend_from_slice(data);
+                        let mut chunks = vec![];
+
+                        for data_chunk in data.chunks(MAX_CHUNK_SIZE) {
+                            let mut chunk = Vec::with_capacity(18 + data_chunk.len());
+                            chunk
+                                .extend_from_slice(&((data_chunk.len() + 16) as u16).to_be_bytes());
+                            chunk.extend_from_slice(data_chunk);
 
-                                let mut nonce = GenericArray::default();
-                                nonce[4..].clone_from_slice(&send_nonce.to_le_bytes());
-                                *send_nonce += 1;
+                            let mut nonce: GenericArray<u8, U12> = GenericArray::default();
+                            nonce[4..].clone_from_slice(&send_nonce.to_le_bytes());
+                            *send_nonce += 1;
 
-                                let tag = aead
-                                    .encrypt_in_place_detached(
-                                        &nonce,
-                                        &[],
-                                        &mut chunk[2..(2 + data.len())],
-                                    )
-                                    .expect("cannot fail");
-                                chunk.extend_from_slice(&tag);
-                                chunk.into()
-                            })
-                            .collect();
+                            let tag = aead.encrypt_in_place_detached(
+                                &nonce,
+                                &[],
+                                &mut chunk[2..(2 + data_chunk.len())],
+                            );
+
+                            let tag = match tag {
+                                Ok(tag) => tag,
+                                Err(_) => {
+                                    *state =
+                                        P2pNetworkNoiseStateInner::Error(NoiseError::Encryption);
+                                    return;
+                                }
+                            };
+
+                            chunk.extend_from_slice(&tag);
+                            chunks.push(chunk.into());
+                        }
                         self.outgoing_chunks.push_back(chunks);
                     }
                     P2pNetworkNoiseStateInner::Initiator(i) => {
-                        if let (Some((chunk, (send_key, recv_key))), Some(remote_pk)) =
-                            (i.generate(data), i.remote_pk.clone())
-                        {
-                            self.outgoing_chunks.push_back(vec![chunk.into()]);
-                            let remote_peer_id = remote_pk.peer_id();
-
-                            if self
-                                .expected_peer_id
-                                .is_some_and(|expected_per_id| expected_per_id != remote_peer_id)
-                            {
-                                *state = P2pNetworkNoiseStateInner::Error(dbg!(
-                                    NoiseError::RemotePeerIdMismatch
-                                ));
-                            } else {
-                                *state = P2pNetworkNoiseStateInner::Done {
-                                    incoming: false,
+                        match (i.generate(data), i.remote_pk.clone()) {
+                            (
+                                Ok(Some(InitiatorOutput {
                                     send_key,
                                     recv_key,
-                                    recv_nonce: 0,
-                                    send_nonce: 0,
-                                    remote_pk,
-                                    remote_peer_id,
-                                };
+                                    chunk,
+                                })),
+                                Some(remote_pk),
+                            ) => {
+                                self.outgoing_chunks.push_back(vec![chunk.into()]);
+                                let remote_peer_id = remote_pk.peer_id();
+
+                                if self.expected_peer_id.is_some_and(|expected_per_id| {
+                                    expected_per_id != remote_peer_id
+                                }) {
+                                    *state = P2pNetworkNoiseStateInner::Error(dbg!(
+                                        NoiseError::RemotePeerIdMismatch
+                                    ));
+                                } else {
+                                    *state = P2pNetworkNoiseStateInner::Done {
+                                        incoming: false,
+                                        send_key,
+                                        recv_key,
+                                        recv_nonce: 0,
+                                        send_nonce: 0,
+                                        remote_pk,
+                                        remote_peer_id,
+                                    };
+                                }
+                            }
+                            (Err(error), Some(_)) => {
+                                *state = P2pNetworkNoiseStateInner::Error(error);
                             }
+                            _ => (),
                         }
                     }
                     P2pNetworkNoiseStateInner::Responder(r) => {
@@ -268,9 +291,17 @@ impl P2pNetworkNoiseState {
                 nonce[4..].clone_from_slice(&send_nonce.to_le_bytes());
                 *send_nonce += 1;
 
-                let tag = aead
-                    .encrypt_in_place_detached(&nonce, &[], &mut chunk[2..(2 + data.len())])
-                    .expect("cannot fail");
+                let tag = match aead.encrypt_in_place_detached(
+                    &nonce,
+                    &[],
+                    &mut chunk[2..(2 + data.len())],
+                ) {
+                    Ok(tag) => tag,
+                    Err(_) => {
+                        self.inner = Some(P2pNetworkNoiseStateInner::Error(NoiseError::Encryption));
+                        return;
+                    }
+                };
                 chunk.extend_from_slice(&tag);
 
                 self.outgoing_chunks.push_back(vec![chunk.into()]);