From 88879a4ccd0e91e6d4fc54ef311a2152006077fd Mon Sep 17 00:00:00 2001 From: Adin Schmahmann Date: Tue, 1 Aug 2023 13:44:26 -0400 Subject: [PATCH] feat: add ErrPeerIDMismatch error type to replace ad-hoc errors --- core/sec/security.go | 12 ++++++++++++ p2p/security/noise/handshake.go | 3 ++- p2p/security/tls/crypto.go | 3 ++- p2p/security/tls/transport_test.go | 6 ++++-- 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/core/sec/security.go b/core/sec/security.go index 83059d94ca..d9e9183298 100644 --- a/core/sec/security.go +++ b/core/sec/security.go @@ -3,6 +3,7 @@ package sec import ( "context" + "fmt" "net" "github.com/libp2p/go-libp2p/core/network" @@ -29,3 +30,14 @@ type SecureTransport interface { // ID is the protocol ID of the security protocol. ID() protocol.ID } + +type ErrPeerIDMismatch struct { + Expected peer.ID + Actual peer.ID +} + +func (e ErrPeerIDMismatch) Error() string { + return fmt.Sprintf("peer id mismatch: expected %s, but remote key matches %s", e.Expected, e.Actual) +} + +var _ error = (*ErrPeerIDMismatch)(nil) diff --git a/p2p/security/noise/handshake.go b/p2p/security/noise/handshake.go index 4a235c3217..a9493bf8d8 100644 --- a/p2p/security/noise/handshake.go +++ b/p2p/security/noise/handshake.go @@ -12,6 +12,7 @@ import ( "github.com/libp2p/go-libp2p/core/crypto" "github.com/libp2p/go-libp2p/core/peer" + "github.com/libp2p/go-libp2p/core/sec" "github.com/libp2p/go-libp2p/internal/sha256" "github.com/libp2p/go-libp2p/p2p/security/noise/pb" @@ -276,7 +277,7 @@ func (s *secureSession) handleRemoteHandshakePayload(payload []byte, remoteStati // check the peer ID if enabled if s.checkPeerID && s.remoteID != id { - return nil, fmt.Errorf("peer id mismatch: expected %s, but remote key matches %s", s.remoteID.Pretty(), id.Pretty()) + return nil, sec.ErrPeerIDMismatch{Expected: s.remoteID, Actual: id} } // verify payload is signed by asserted remote libp2p key. diff --git a/p2p/security/tls/crypto.go b/p2p/security/tls/crypto.go index b8f23f39e1..385de5a167 100644 --- a/p2p/security/tls/crypto.go +++ b/p2p/security/tls/crypto.go @@ -18,6 +18,7 @@ import ( ic "github.com/libp2p/go-libp2p/core/crypto" "github.com/libp2p/go-libp2p/core/peer" + "github.com/libp2p/go-libp2p/core/sec" ) const certValidityPeriod = 100 * 365 * 24 * time.Hour // ~100 years @@ -129,7 +130,7 @@ func (i *Identity) ConfigForPeer(remote peer.ID) (*tls.Config, <-chan ic.PubKey) if err != nil { peerID = peer.ID(fmt.Sprintf("(not determined: %s)", err.Error())) } - return fmt.Errorf("peer IDs don't match: expected %s, got %s", remote, peerID) + return sec.ErrPeerIDMismatch{Expected: remote, Actual: peerID} } keyCh <- pubKey return nil diff --git a/p2p/security/tls/transport_test.go b/p2p/security/tls/transport_test.go index 2d3c2d9706..6cd785a57d 100644 --- a/p2p/security/tls/transport_test.go +++ b/p2p/security/tls/transport_test.go @@ -376,7 +376,8 @@ func TestPeerIDMismatch(t *testing.T) { thirdPartyID, _ := createPeer(t) _, err = clientTransport.SecureOutbound(context.Background(), clientInsecureConn, thirdPartyID) require.Error(t, err) - require.Contains(t, err.Error(), "peer IDs don't match") + var mismatchErr sec.ErrPeerIDMismatch + require.ErrorAs(t, err, &mismatchErr) var serverErr error select { @@ -412,7 +413,8 @@ func TestPeerIDMismatch(t *testing.T) { t.Fatal("expected handshake to return on the server side") } require.Error(t, serverErr) - require.Contains(t, serverErr.Error(), "peer IDs don't match") + var mismatchErr sec.ErrPeerIDMismatch + require.ErrorAs(t, serverErr, &mismatchErr) }) }