Merge branch 'master' into fx

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: true
+contact_links:
+  - name: Technical Questions
+    url: https://github.com/libp2p/go-libp2p/discussions/new?category=q-a
+    about: Please ask technical questions in the go-libp2p Github Discusions forum.
+  - name: Community-wide libp2p Discussion
+    url: https://discuss.libp2p.io
+    about: Discussions and questions about the libp2p community.

.github/workflows/go-check.yml

@@ -16,3 +16,5 @@ concurrency:
 jobs:
   go-check:
     uses: pl-strflt/uci/.github/workflows/go-check.yml@v0.0
+    with:
+      go-generate-ignore-protoc-version-comments: true

.github/workflows/go-test.yml

@@ -17,4 +17,4 @@ jobs:
   go-test:
     uses: libp2p/uci/.github/workflows/go-test.yml@v0.0
     with:
-      go-versions: '["1.20.x","1.21.x"]'
+      go-versions: '["1.21.x", "1.22.x"]'

.github/workflows/interop-test.yml

@@ -19,14 +19,14 @@ on:
       - 'test-plans/**'
 
 jobs:
-  run-multidim-interop:
-    name: Run multidimensional interoperability tests
+  run-transport-interop:
+    name: Run transport interoperability tests
     runs-on: ${{ fromJSON(vars['INTEROP_TEST_RUNNER_UBUNTU'] || '"ubuntu-22.04"') }}
     steps:
       - uses: actions/checkout@v3
       - name: Build image
         run: docker build -t go-libp2p-head -f test-plans/PingDockerfile .
-      - uses: libp2p/test-plans/.github/actions/run-interop-ping-test@master
+      - uses: libp2p/test-plans/.github/actions/run-transport-interop-test@master
         with:
           test-filter: go-libp2p-head
           extra-versions: ${{ github.workspace }}/test-plans/ping-version.json

README.md

@@ -1,6 +1,6 @@
 
 <h1 align="center">
-  <a href="libp2p.io"><img width="250" src="https://github.com/libp2p/libp2p/blob/master/logo/black-bg-2.png?raw=true" alt="libp2p hex logo" /></a>
+  <a href="https://libp2p.io/"><img width="250" src="https://github.com/libp2p/libp2p/blob/master/logo/black-bg-2.png?raw=true" alt="libp2p hex logo" /></a>
 </h1>
 
 <h3 align="center">The Go implementation of the libp2p Networking Stack.</h3>
@@ -83,7 +83,7 @@ There's a few things you can do right now to help out:
 ## Supported Go Versions
 
 We test against and support the two most recent major releases of Go. This is
-informed by Go's own [security policy](https://go.dev/security).
+informed by Go's own [security policy](https://go.dev/doc/security/policy).
 
 # Notable Users
 Some notable users of go-libp2p are:

config/config.go

@@ -27,6 +27,7 @@ import (
 	blankhost "github.com/libp2p/go-libp2p/p2p/host/blank"
 	"github.com/libp2p/go-libp2p/p2p/host/eventbus"
 	"github.com/libp2p/go-libp2p/p2p/host/peerstore/pstoremem"
+	rcmgr "github.com/libp2p/go-libp2p/p2p/host/resource-manager"
 	routed "github.com/libp2p/go-libp2p/p2p/host/routed"
 	"github.com/libp2p/go-libp2p/p2p/net/swarm"
 	tptu "github.com/libp2p/go-libp2p/p2p/net/upgrader"
@@ -253,12 +254,13 @@ func (cfg *Config) addTransports() ([]fx.Option, error) {
 	}
 
 	fxopts = append(fxopts, fx.Provide(PrivKeyToStatelessResetKey))
+	fxopts = append(fxopts, fx.Provide(PrivKeyToTokenGeneratorKey))
 	if cfg.QUICReuse != nil {
 		fxopts = append(fxopts, cfg.QUICReuse...)
 	} else {
 		fxopts = append(fxopts,
-			fx.Provide(func(key quic.StatelessResetKey, _ *swarm.Swarm, lifecycle fx.Lifecycle) (*quicreuse.ConnManager, error) {
-				cm, err := quicreuse.NewConnManager(key)
+			fx.Provide(func(key quic.StatelessResetKey, tokenGenerator quic.TokenGeneratorKey, _ *swarm.Swarm, lifecycle fx.Lifecycle) (*quicreuse.ConnManager, error) {
+				cm, err := quicreuse.NewConnManager(key, tokenGenerator)
 				if err != nil {
 					return nil, err
 				}
@@ -326,6 +328,19 @@ func (cfg *Config) NewNode() (host.Host, error) {
 	if cfg.EnableAutoRelay && !cfg.Relay {
 		return nil, fmt.Errorf("cannot enable autorelay; relay is not enabled")
 	}
+	// If possible check that the resource manager conn limit is higher than the
+	// limit set in the conn manager.
+	if l, ok := cfg.ResourceManager.(connmgr.GetConnLimiter); ok {
+		err := cfg.ConnManager.CheckLimit(l)
+		if err != nil {
+			log.Warn(fmt.Sprintf("rcmgr limit conflicts with connmgr limit: %v", err))
+		}
+	}
+
+	if !cfg.DisableMetrics {
+		rcmgr.MustRegisterWith(cfg.PrometheusRegisterer)
+	}
+
 	fxopts := []fx.Option{
 		fx.Provide(func() event.Bus {
 			return eventbus.NewBus(eventbus.WithMetricsTracer(eventbus.NewMetricsTracer(eventbus.WithRegisterer(cfg.PrometheusRegisterer))))
@@ -348,7 +363,9 @@ func (cfg *Config) NewNode() (host.Host, error) {
 					// should probably fail if listening on *any* addr fails.
 					return sw.Listen(cfg.ListenAddrs...)
 				},
-				OnStop: func(context.Context) error { return sw.Close() },
+				OnStop: func(context.Context) error {
+					return sw.Close()
+				},
 			})
 			return sw
 		}),

config/quic_stateless_reset.go → config/quic.go

@@ -11,7 +11,10 @@ import (
 	"github.com/quic-go/quic-go"
 )
 
-const statelessResetKeyInfo = "libp2p quic stateless reset key"
+const (
+	statelessResetKeyInfo = "libp2p quic stateless reset key"
+	tokenGeneratorKeyInfo = "libp2p quic token generator key"
+)
 
 func PrivKeyToStatelessResetKey(key crypto.PrivKey) (quic.StatelessResetKey, error) {
 	var statelessResetKey quic.StatelessResetKey
@@ -25,3 +28,16 @@ func PrivKeyToStatelessResetKey(key crypto.PrivKey) (quic.StatelessResetKey, err
 	}
 	return statelessResetKey, nil
 }
+
+func PrivKeyToTokenGeneratorKey(key crypto.PrivKey) (quic.TokenGeneratorKey, error) {
+	var tokenKey quic.TokenGeneratorKey
+	keyBytes, err := key.Raw()
+	if err != nil {
+		return tokenKey, err
+	}
+	keyReader := hkdf.New(sha256.New, keyBytes, nil, []byte(tokenGeneratorKeyInfo))
+	if _, err := io.ReadFull(keyReader, tokenKey[:]); err != nil {
+		return tokenKey, err
+	}
+	return tokenKey, nil
+}

core/connmgr/manager.go

@@ -74,6 +74,10 @@ type ConnManager interface {
 	// then it will return true if the peer is protected for any tag
 	IsProtected(id peer.ID, tag string) (protected bool)
 
+	// CheckLimit will return an error if the connection manager's internal
+	// connection limit exceeds the provided system limit.
+	CheckLimit(l GetConnLimiter) error
+
 	// Close closes the connection manager and stops background processes.
 	Close() error
 }
@@ -89,3 +93,9 @@ type TagInfo struct {
 	// Conns maps connection ids (such as remote multiaddr) to their creation time.
 	Conns map[string]time.Time
 }
+
+// GetConnLimiter provides access to a component's total connection limit.
+type GetConnLimiter interface {
+	// GetConnLimit returns the total connection limit of the implementing component.
+	GetConnLimit() int
+}

core/connmgr/null.go

@@ -21,4 +21,5 @@ func (NullConnMgr) Notifee() network.Notifiee                { return network.Gl
 func (NullConnMgr) Protect(peer.ID, string)                  {}
 func (NullConnMgr) Unprotect(peer.ID, string) bool           { return false }
 func (NullConnMgr) IsProtected(peer.ID, string) bool         { return false }
+func (NullConnMgr) CheckLimit(l GetConnLimiter) error        { return nil }
 func (NullConnMgr) Close() error                             { return nil }

core/crypto/ecdsa.go

@@ -4,6 +4,7 @@ import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
+	"crypto/sha256"
 	"crypto/x509"
 	"encoding/asn1"
 	"errors"
@@ -12,7 +13,6 @@ import (
 
 	pb "github.com/libp2p/go-libp2p/core/crypto/pb"
 	"github.com/libp2p/go-libp2p/core/internal/catch"
-	"github.com/libp2p/go-libp2p/internal/sha256"
 )
 
 // ECDSAPrivateKey is an implementation of an ECDSA private key

core/crypto/ecdsa_test.go

@@ -25,7 +25,7 @@ func TestECDSABasicSignAndVerify(t *testing.T) {
 	}
 
 	if !ok {
-		t.Fatal("signature didnt match")
+		t.Fatal("signature didn't match")
 	}
 
 	// change data

core/crypto/key.go

@@ -4,12 +4,10 @@
 package crypto
 
 import (
-	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/subtle"
 	"encoding/base64"
 	"errors"
-	"fmt"
 	"io"
 
 	"github.com/libp2p/go-libp2p/core/crypto/pb"
@@ -122,51 +120,6 @@ func GenerateKeyPairWithReader(typ, bits int, src io.Reader) (PrivKey, PubKey, e
 	}
 }
 
-// GenerateEKeyPair returns an ephemeral public key and returns a function that will compute
-// the shared secret key.  Used in the identify module.
-//
-// Focuses only on ECDH now, but can be made more general in the future.
-func GenerateEKeyPair(curveName string) ([]byte, GenSharedKey, error) {
-	var curve elliptic.Curve
-
-	switch curveName {
-	case "P-256":
-		curve = elliptic.P256()
-	case "P-384":
-		curve = elliptic.P384()
-	case "P-521":
-		curve = elliptic.P521()
-	default:
-		return nil, nil, fmt.Errorf("unknown curve name")
-	}
-
-	priv, x, y, err := elliptic.GenerateKey(curve, rand.Reader)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	pubKey := elliptic.Marshal(curve, x, y)
-
-	done := func(theirPub []byte) ([]byte, error) {
-		// Verify and unpack node's public key.
-		x, y := elliptic.Unmarshal(curve, theirPub)
-		if x == nil {
-			return nil, fmt.Errorf("malformed public key: %d %v", len(theirPub), theirPub)
-		}
-
-		if !curve.IsOnCurve(x, y) {
-			return nil, errors.New("invalid public key")
-		}
-
-		// Generate shared secret.
-		secret, _ := curve.ScalarMult(x, y, priv)
-
-		return secret.Bytes(), nil
-	}
-
-	return pubKey, done, nil
-}
-
 // UnmarshalPublicKey converts a protobuf serialized public key into its
 // representative object
 func UnmarshalPublicKey(data []byte) (PubKey, error) {

core/crypto/key_test.go

@@ -8,6 +8,7 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
+	"crypto/sha256"
 	"crypto/x509"
 	"fmt"
 	"reflect"
@@ -16,7 +17,6 @@ import (
 	. "github.com/libp2p/go-libp2p/core/crypto"
 	pb "github.com/libp2p/go-libp2p/core/crypto/pb"
 	"github.com/libp2p/go-libp2p/core/test"
-	"github.com/libp2p/go-libp2p/internal/sha256"
 
 	"github.com/decred/dcrd/dcrec/secp256k1/v4"
 	secp256k1ecdsa "github.com/decred/dcrd/dcrec/secp256k1/v4/ecdsa"
@@ -291,15 +291,3 @@ func testKeyEquals(t *testing.T, k Key) {
 		t.Fatal("Keys should not equal.")
 	}
 }
-
-func TestUnknownCurveErrors(t *testing.T) {
-	_, _, err := GenerateEKeyPair("P-256")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	_, _, err = GenerateEKeyPair("error-please")
-	if err == nil {
-		t.Fatal("expected invalid key type to error")
-	}
-}

core/crypto/rsa_go.go

@@ -4,13 +4,13 @@ import (
 	"crypto"
 	"crypto/rand"
 	"crypto/rsa"
+	"crypto/sha256"
 	"crypto/x509"
 	"errors"
 	"io"
 
 	pb "github.com/libp2p/go-libp2p/core/crypto/pb"
 	"github.com/libp2p/go-libp2p/core/internal/catch"
-	"github.com/libp2p/go-libp2p/internal/sha256"
 )
 
 // RsaPrivateKey is a rsa private key

core/crypto/rsa_test.go

@@ -24,7 +24,7 @@ func TestRSABasicSignAndVerify(t *testing.T) {
 	}
 
 	if !ok {
-		t.Fatal("signature didnt match")
+		t.Fatal("signature didn't match")
 	}
 
 	// change data

core/crypto/secp256k1.go

@@ -1,6 +1,7 @@
 package crypto
 
 import (
+	"crypto/sha256"
 	"fmt"
 	"io"
 
@@ -9,7 +10,6 @@ import (
 
 	"github.com/decred/dcrd/dcrec/secp256k1/v4"
 	"github.com/decred/dcrd/dcrec/secp256k1/v4/ecdsa"
-	"github.com/libp2p/go-libp2p/internal/sha256"
 )
 
 // Secp256k1PrivateKey is a Secp256k1 private key

core/crypto/secp256k1_test.go

@@ -24,7 +24,7 @@ func TestSecp256k1BasicSignAndVerify(t *testing.T) {
 	}
 
 	if !ok {
-		t.Fatal("signature didnt match")
+		t.Fatal("signature didn't match")
 	}
 
 	// change data

core/network/context_test.go

@@ -47,13 +47,13 @@ func TestSimultaneousConnect(t *testing.T) {
 		ok, isClient, reason := GetSimultaneousConnect(serverCtx)
 		require.True(t, ok)
 		require.False(t, isClient)
-		require.Equal(t, reason, "foobar")
+		require.Equal(t, "foobar", reason)
 	})
 	t.Run("for the client", func(t *testing.T) {
 		serverCtx := WithSimultaneousConnect(context.Background(), true, "foo")
 		ok, isClient, reason := GetSimultaneousConnect(serverCtx)
 		require.True(t, ok)
 		require.True(t, isClient)
-		require.Equal(t, reason, "foo")
+		require.Equal(t, "foo", reason)
 	})
 }