DAWN-83 ⁃ p2p authenticate peer on handshake #505

[blockone-syncclient]

github #505

One of the security enhancements identified as part of #291

ATC, Test Plan

Introduction

This issue adds functionality to eosd and launcher. eosd can now optionally authenticate connecting peers in the p2p network via public key. eosd has a new config file setting called allowed-connection. Valid values for this setting are none, producers, specified, and any. If the setting is not present, it defaults to none. launcher defaults to generating config files with allowed-connection = any. launcher has a new command line option to control this setting: -m. Valid values for this option are identical to those used on the eosd config file.

The repository currently includes a tests/p2p_tests/sync directory with a test.sh script that is run by Travis during every GitHub-initiated build. This script currently tests only the default launcher setting.

Tests

All tests below assume a successful build of the repository. Test commands illustrated below must be run from the top level build directory.

Note: Any or all of the tests described below could be and probably should be automated.

launcher-driven Tests

Verify producer-only authentication (positive validation)

1. Run programs/launcher/launcher -p 3 -n 3 -i now -m producers
2. Allow eosd to run for at least 2 minutes.
3. Run programs/launcher/launcher -k 2
4. Verify each of tn_data_0/config.ini, tn_data_1/config.ini, and tn_data_2/config.ini contains allowed-connection = producers.
5. Verify each of tn_data_0/stderr.txt, tn_data_1/stderr.txt, and tn_data_2/stderr.txt does not contain Peer not authenticated. Closing connection.

Verify producer-only authentication (negative validation)

1. Run programs/launcher/launcher -p 2 -n 3 -i now -m producers
2. Allow eosd to run for at least 2 minutes.
3. Run programs/launcher/launcher -k 2
4. Verify each of tn_data_0/config.ini, tn_data_1/config.ini, and tn_data_2/config.ini contains allowed-connection = producers.
5. For the two instances which contain producer-name = lines in config.ini verify either of the corresponding stderr.txt s contains Peer localhost:9878 sent a handshake with an unauthorized key: EOS1111111111111111111111111111111114T1Anm. and Peer not authenticated. Closing connection.
6. For the instance which does not contain producer-name = lines in config.ini verify the corresponding stderr.txt does not contain any chain_controller.cpp:235 _push_block lines and does contain repeated Peer localhost:9876 sent a handshake with an unauthorized key: EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV. lines.

Verify specified authentication

1. Run programs/launcher/launcher -p 3 -n 3 -i now -m specified
2. Allow eosd to run for at least 2 minutes.
3. Run programs/launcher/launcher -k 2
4. Verify each of tn_data_0/config.ini, tn_data_1/config.ini, and tn_data_2/config.ini contains allowed-connection = specified, and entries for peer-key = and peer-private-key =.
5. Verify each of tn_data_0/stderr.txt, tn_data_1/stderr.txt, and tn_data_2/stderr.txt does not contain Peer not authenticated. Closing connection.

Verify none authentication

1. Run programs/launcher/launcher -p 3 -n 3 -i now -m none
2. Allow eosd to run for at least 2 minutes.
3. Run programs/launcher/launcher -k 2
4. Verify each of tn_data_0/config.ini, tn_data_1/config.ini, and tn_data_2/config.ini does not contain any allowed-connection = lines.
5. Verify each of tn_data_0/stderr.txt, tn_data_1/stderr.txt, and tn_data_2/stderr.txt contains Peer not authenticated. Closing connection.

Manually Configured Tests

Verify producer and specified authentication

1. Run programs/launcher/launcher -p 2 -n 3 -i now -m producers -m specified
2. Run programs/launcher/launcher -k 2
3. Run programs/eosc/eosc create key three times.
4. In a text editor in tn_data_0/config.ini, change the line peer-key = "EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV" to include the first public key generated in the preceding step by pasting the value between the double quotes, overwriting the existing value. Be sure to preserve the double quotes.
5. In tn_data_0/config.ini add a second peer-key = "" line containing the second public key generated in the step above.
6. In tn_data_0/config.ini, change the line peer-private-key = ["EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV","5KQwrPbwdL6PhXujxW37FSSQZ1JiwsST4cqQzDeyXtP79zkvFD3"] to include the third key pair generated in the step above by pasting first the public key between the first pair of double quotes and second the private key between the second pair of double quotes.
7. In a text editor in tn_data_1/config.ini, change the line peer-key = "EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV" to include the first public key generated in the step above.
8. In tn_data_1/config.ini, add a second peer-key = "" line containing the third public key generated in the step above.
9. In tn_data_1/config.ini, change the line peer-private-key = ["EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV","5KQwrPbwdL6PhXujxW37FSSQZ1JiwsST4cqQzDeyXtP79zkvFD3"] to include the second key pair generated in the step above.
10. In a text editor in tn_data_2/config.ini, change the line peer-key = "EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV" to include the second public key generated in the step above.
11. In tn_data_2/config.ini, add a second peer-key = "" line containing the third public key generated in the step above.
12. In tn_data_2/config.ini, change the line peer-private-key = ["EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV","5KQwrPbwdL6PhXujxW37FSSQZ1JiwsST4cqQzDeyXtP79zkvFD3"] to include the first key pair generated in the step above.

#* The distribution of keys to config files described above is summarized in the following table:
#* ||config.ini||peer-key||peer-private-key||

|----|----|----|
|tn_data_0|1 ^st^ and 2 ^nd^|3 ^rd^|
|tn_data_1|1 ^st^ and 3 ^rd^|2 ^nd^|
|tn_data_2|2 ^nd^ and 3 ^rd^|1 ^st^|

1. Run programs/eosd/eosd --skip-transaction-signatures --data-dir tn_data_0 > tn_data_0/stdout.txt 2> tn_data_0/stderr.txt &
2. Run programs/eosd/eosd --skip-transaction-signatures --data-dir tn_data_1 > tn_data_1/stdout.txt 2> tn_data_1/stderr.txt &
3. Run programs/eosd/eosd --skip-transaction-signatures --data-dir tn_data_2 > tn_data_2/stdout.txt 2> tn_data_2/stderr.txt &
4. Allow eosd to run for at least 2 minutes.
5. Run pkill eosd
6. Verify each of tn_data_0/stderr.txt, tn_data_1/stderr.txt, and tn_data_2/stderr.txt does not contain Peer not authenticated. Closing connection.

┆Attachments: config.ini | config.ini | config.ini

[blockone-syncclient]

➤ Kevin Heifner commented:

[~jonathan.giszczak] [~phil.mesnier] It seems to me this is out of scope for STAT but it is what Jonathan is currently working on. Should we stop work on this and move to something in scope of STAT?

[blockone-syncclient]

➤ Phil Mesnier commented:

Jonathan is working on this now because Dan specifically directed him to do so. He is nearly done anyway.

[blockone-syncclient]

➤ Kevin Heifner commented:

[~jonathan.giszczak] What is your estimate for completion, in terms of story points?

[blockone-syncclient]

➤ Jonathan Giszczak commented:

All issues addressed. Merge conflicts addressed. All automated tests pass. Ready for peer review and merging.

[blockone-syncclient]

➤ Kevin Heifner commented:

[~matias.romeo] Why did you mark this as blocked?

[blockone-syncclient]

➤ Matias Romeo commented:

My bad, It was unintentional! I can't move it back to where it was!

[blockone-syncclient]

➤ Corey Lederer commented:

No problem [~matias.romeo]. I'll move it back.

[blockone-syncclient]

➤ Corey Lederer commented:

Placing this back in "Code Review" after is was marked as blocked by accident.

[blockone-syncclient]

➤ Bezwada Satyapravin commented:

The ATC is very descriptive but it is not clear to me if I should use the launcher to start nodes locally or on testnet. Please advise.

[blockone-syncclient]

➤ Jonathan Giszczak commented:

The instructions were written for a local testnet, since the daemons will be started and stopped a lot. No need to interfere with the operation of the testnet.

[blockone-syncclient]

➤ Bezwada Satyapravin commented:

Following commands don't work:

MacBook01:build pravin$ programs/launcher/launcher p 3 n 3 i now m none
unrecognized connection mode: none

MacBook01:build pravin$ programs/launcher/launcher -p 2 n 3 i now m producer m specified
unrecognized connection mode: producer

[blockone-syncclient]

➤ Bezwada Satyapravin commented:

Jonathan Giszczak, [Nov 17, 2017 at 8:41:41 PM]:
With two notes: reverse priority of producer and peer-private keys.

Please attach the three config.ini files.

And the other note...

non-producing node is not sending the correct authorization key.

[blockone-syncclient]

➤ Dhanesh Valappil commented:

Can you please update ATC for 21 nodes?

[blockone-syncclient]

➤ Jonathan Giszczak commented:

The ATC requires a "broken" configuration to verify functionality, and so should be executed as written on local nodes.

[blockone-syncclient]

➤ Andrianto Lie commented:

Fail for the fourth test case.

andrianto@MacbookPro build ((HEAD detached at STAT-2017-11-27)) $ programs/launcher/launcher -p 3 -n 3 -i now -m none
unrecognized connection mode: none

[blockone-syncclient]

➤ Andrianto Lie commented:

The other test cases pass

[blockone-syncclient]

➤ Jonathan Giszczak commented:

Launcher enhanced to support the remaining test case.

[heifner]

Verified by QA.

[blockone-syncclient]

➤ Corey Lederer commented:

Moving to finished, this was moved to closed-withdrawn by mistake.