distributed.camp / i2p-python
A Python port of the Invisible Internet Project (I2P)
fork atom
i2p-python / tests / test_integration / test_java_interop_v2.py
at main 641 lines 24 kB view raw
bimo.studio feat: initial public release of i2p-python
65a1e8dc
1"""Java reference implementation interop tests — v2 with real NTCP2 protocol. 2 3Uses the real NTCP2 handshake (AES-CBC obfuscated Noise_XK) and real 4transport (SipHash-obfuscated frame lengths) instead of the simplified 5handshake. 6 7Also tests reseed from live servers and SU3 parsing. 8 9Requirements: 10 - podman available on the host (for container-based tests) 11 - docker.io/geti2p/i2p:latest image pulled (for container-based tests) 12 - Network access (for reseed test) 13 - PYTHONPATH=src 14""" 15 16import asyncio 17import base64 18import hashlib 19import json 20import os 21import shutil 22import subprocess 23import tempfile 24import time 25import unittest 26 27import pytest 28 29from i2p_data.router import RouterInfo 30from i2p_data.su3 import SU3File 31from i2p_crypto.x25519 import X25519DH 32from i2p_transport.ntcp2_real_server import NTCP2RealConnector 33from i2p_transport.ntcp2_real_handshake import NTCP2RealHandshake 34from i2p_transport.ntcp2_blocks import BLOCK_DATETIME, NTCP2Block, datetime_block 35 36 37# --------------------------------------------------------------------------- 38# Helpers 39# --------------------------------------------------------------------------- 40 41def _run(cmd, **kwargs): 42 """Run a command and return stdout.""" 43 result = subprocess.run( 44 cmd, shell=True, capture_output=True, text=True, timeout=120, **kwargs 45 ) 46 if result.returncode != 0: 47 raise RuntimeError( 48 f"Command failed: {cmd}\nstdout: {result.stdout}\nstderr: {result.stderr}" 49 ) 50 return result.stdout.strip() 51 52 53def _run_quiet(cmd, **kwargs): 54 """Run a command, ignoring errors.""" 55 subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=60, **kwargs) 56 57 58def _i2p_b64_decode(s: str) -> bytes: 59 """Decode I2P modified base64 (~ instead of /, - instead of +).""" 60 std_b64 = s.replace("~", "/").replace("-", "+") 61 padding = 4 - len(std_b64) % 4 62 if padding != 4: 63 std_b64 += "=" * padding 64 return base64.b64decode(std_b64) 65 66 67def _podman_available() -> bool: 68 """Return True if podman CLI is available.""" 69 try: 70 _run("podman --version") 71 return True 72 except (FileNotFoundError, RuntimeError): 73 return False 74 75 76def _java_image_available() -> bool: 77 """Return True if geti2p/i2p:latest image is available.""" 78 result = subprocess.run( 79 "podman image exists docker.io/geti2p/i2p:latest", 80 shell=True, capture_output=True, 81 ) 82 return result.returncode == 0 83 84 85POD_NAME = "i2p-interop-v2-test" 86APP_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..")) 87PIP_CMD = "pip install -q cryptography 2>/dev/null" 88 89 90# --------------------------------------------------------------------------- 91# Shared Java router fixture (class-level) 92# --------------------------------------------------------------------------- 93 94class _JavaRouterMixin: 95 """Mixin that starts a Java I2P router in podman for interop tests.""" 96 97 _shared_dir: str 98 _i2p_config_dir: str 99 100 @classmethod 101 def _check_prerequisites(cls): 102 if not _podman_available(): 103 raise unittest.SkipTest("podman not available") 104 if not _java_image_available(): 105 raise unittest.SkipTest( 106 "geti2p/i2p:latest image not available " 107 "(run: podman pull docker.io/geti2p/i2p:latest)" 108 ) 109 110 def _setup_pod(self): 111 self._shared_dir = tempfile.mkdtemp(prefix="i2p-interop-v2-") 112 os.chmod(self._shared_dir, 0o777) 113 self._i2p_config_dir = os.path.join(self._shared_dir, "i2p_config") 114 os.makedirs(self._i2p_config_dir, exist_ok=True) 115 os.chmod(self._i2p_config_dir, 0o777) 116 _run_quiet(f"podman pod rm -f {POD_NAME}") 117 # Publish the Java router's NTCP2 port so the host can connect 118 _run(f"podman pod create --name {POD_NAME} -p 12345:12345") 119 120 def _teardown_pod(self): 121 _run_quiet(f"podman pod rm -f {POD_NAME}") 122 shutil.rmtree(self._shared_dir, ignore_errors=True) 123 124 def _start_java_router(self): 125 """Start the Java I2P router container and return config dir.""" 126 _run( 127 f"podman run -d --pod {POD_NAME} --name java-router-v2 " 128 f"-v {self._i2p_config_dir}:/i2p/.i2p:Z " 129 f"-e JVM_XMX=256m " 130 f"docker.io/geti2p/i2p:latest" 131 ) 132 133 def _wait_for_router_info(self, timeout=600) -> bytes: 134 """Wait for router.info to appear and return its raw bytes. 135 136 Default timeout is 10 minutes — the Java router can take several 137 minutes to fully bootstrap on first run. 138 """ 139 ri_path = os.path.join(self._i2p_config_dir, "router.info") 140 deadline = time.time() + timeout 141 while time.time() < deadline: 142 if os.path.exists(ri_path) and os.path.getsize(ri_path) > 100: 143 time.sleep(5) # Let it finish writing 144 with open(ri_path, "rb") as f: 145 return f.read() 146 time.sleep(2) 147 # Dump container logs for debugging 148 logs = subprocess.run( 149 f"podman logs java-router-v2 2>&1", 150 shell=True, capture_output=True, text=True, 151 ) 152 print(f"\n--- java-router-v2 logs ---\n{logs.stdout}\n{logs.stderr}") 153 raise TimeoutError(f"router.info not ready after {timeout}s") 154 155 def _parse_ntcp2_from_bytes(self, ri_bytes: bytes): 156 """Parse RouterInfo bytes and extract NTCP2 info if complete. 157 158 Returns dict with NTCP2 details or None if the 'i' (IV) option 159 is not yet present (router still bootstrapping). 160 Raises ValueError if no NTCP2 address exists at all. 161 """ 162 ri = RouterInfo.from_bytes(ri_bytes) 163 ri_hash = hashlib.sha256(ri_bytes).digest() 164 165 # Find NTCP2 address 166 ntcp2_addr = None 167 for addr in ri.addresses: 168 if "NTCP" in addr.transport.upper(): 169 ntcp2_addr = addr 170 break 171 172 if ntcp2_addr is None: 173 transports = [a.transport for a in ri.addresses] 174 raise ValueError( 175 f"No NTCP2 address in RouterInfo (transports: {transports})" 176 ) 177 178 opts = ntcp2_addr.options 179 s_b64 = opts.get("s", "") 180 i_b64 = opts.get("i", "") 181 182 if not s_b64: 183 return None # static key not yet written 184 if not i_b64: 185 return None # IV not yet written 186 187 static_key = _i2p_b64_decode(s_b64) 188 iv = _i2p_b64_decode(i_b64) 189 190 return { 191 "host": ntcp2_addr.get_host() or "127.0.0.1", 192 "port": ntcp2_addr.get_port() or 12345, 193 "static_key": static_key, 194 "iv": iv, 195 "ri_hash": ri_hash, 196 "ri_bytes": ri_bytes, 197 "transport": ntcp2_addr.transport, 198 "all_options": opts, 199 } 200 201 def _wait_for_ntcp2_info(self, timeout=600): 202 """Wait for router.info to contain complete NTCP2 options. 203 204 The Java router writes router.info early but populates the NTCP2 205 transport options (static key 's' and IV 'i') only after the 206 NTCP2 transport is fully initialized, which can take several 207 minutes on first boot. 208 209 Returns the NTCP2 info dict. 210 Raises TimeoutError if the info is not available within timeout. 211 """ 212 ri_path = os.path.join(self._i2p_config_dir, "router.info") 213 deadline = time.time() + timeout 214 last_error = None 215 216 while time.time() < deadline: 217 if os.path.exists(ri_path) and os.path.getsize(ri_path) > 100: 218 try: 219 with open(ri_path, "rb") as f: 220 ri_bytes = f.read() 221 info = self._parse_ntcp2_from_bytes(ri_bytes) 222 if info is not None: 223 return info 224 # NTCP2 address exists but 's'/'i' not yet populated 225 elapsed = int(time.time() + timeout - deadline + timeout) 226 except ValueError as e: 227 last_error = e 228 except Exception as e: 229 last_error = e 230 231 time.sleep(5) 232 233 # Dump container logs for debugging 234 logs = subprocess.run( 235 f"podman logs java-router-v2 2>&1", 236 shell=True, capture_output=True, text=True, 237 ) 238 print(f"\n--- java-router-v2 logs ---\n{logs.stdout[-2000:]}\n{logs.stderr[-2000:]}") 239 raise TimeoutError( 240 f"NTCP2 info not complete after {timeout}s " 241 f"(last error: {last_error})" 242 ) 243 244 245# --------------------------------------------------------------------------- 246# Tests 247# --------------------------------------------------------------------------- 248 249@pytest.mark.slow 250class TestJavaInteropV2(unittest.TestCase): 251 """Interop tests using the real NTCP2 handshake against live I2P routers. 252 253 Fetches peers from reseed servers and tests against the live network. 254 No local Java router container needed. 255 """ 256 257 # -- test 1: real handshake against live I2P network -- 258 259 def test_real_handshake_with_java(self): 260 """Fetch peers from reseed, attempt NTCP2 handshake against live routers. 261 262 Tries multiple live peers from the I2P network (obtained via reseed). 263 A successful TCP connect + Noise XK handshake proves our NTCP2 264 implementation is interoperable with Java I2P routers in the wild. 265 """ 266 import urllib.request 267 import urllib.error 268 269 # Fetch RouterInfos from reseed 270 reseed_urls = [ 271 "https://reseed.stormycloud.org", 272 "https://reseed.diva.exchange", 273 "https://reseed.memcpy.io", 274 ] 275 su3_data = None 276 for url in reseed_urls: 277 try: 278 req = urllib.request.Request( 279 url.rstrip("/") + "/i2pseeds.su3?netid=2", 280 headers={"User-Agent": "Wget/1.11.4"}, 281 ) 282 with urllib.request.urlopen(req, timeout=30) as resp: 283 su3_data = resp.read(1_048_576) 284 print(f"Got {len(su3_data)} bytes from {url}", flush=True) 285 break 286 except Exception as e: 287 print(f"Reseed {url} failed: {e}", flush=True) 288 289 if su3_data is None: 290 self.skipTest("Could not fetch reseed from any server") 291 return 292 293 from i2p_data.su3 import SU3File 294 su3 = SU3File.from_bytes(su3_data) 295 ri_bytes_list = su3.extract_routerinfos() 296 print(f"Got {len(ri_bytes_list)} RouterInfos from reseed", flush=True) 297 298 # Extract NTCP2 peers with valid addresses 299 peers = [] 300 for ri_bytes in ri_bytes_list: 301 try: 302 ri = RouterInfo.from_bytes(ri_bytes) 303 ri_hash = hashlib.sha256(ri_bytes).digest() 304 for addr in ri.addresses: 305 if "NTCP" not in addr.transport.upper(): 306 continue 307 opts = addr.options 308 s_b64 = opts.get("s", "") 309 i_b64 = opts.get("i", "") 310 host = addr.get_host() 311 port = addr.get_port() 312 if s_b64 and i_b64 and host and port and port > 0: 313 static_key = _i2p_b64_decode(s_b64) 314 iv = _i2p_b64_decode(i_b64) 315 if len(static_key) == 32 and len(iv) == 16: 316 peers.append({ 317 "host": host, 318 "port": port, 319 "static_key": static_key, 320 "iv": iv, 321 "ri_hash": ri_hash, 322 "ri_bytes": ri_bytes, 323 }) 324 break 325 except Exception: 326 continue 327 328 print(f"Found {len(peers)} NTCP2 peers with valid addresses", flush=True) 329 self.assertGreater(len(peers), 0, "No NTCP2 peers found in reseed data") 330 331 # Try connecting to live peers and attempt NTCP2 handshake. 332 # Some peers may be offline; we need at least one TCP connect. 333 our_static = X25519DH.generate_keypair() 334 max_attempts = min(15, len(peers)) 335 tcp_connected = 0 336 handshake_completed = 0 337 last_error = None 338 339 for i, peer in enumerate(peers[:max_attempts]): 340 print( 341 f"Attempting handshake {i+1}/{max_attempts}: " 342 f"{peer['host']}:{peer['port']}", 343 flush=True, 344 ) 345 346 async def _do_handshake(p): 347 connector = NTCP2RealConnector() 348 conn = await asyncio.wait_for( 349 connector.connect( 350 host=p["host"], 351 port=p["port"], 352 our_static_key=our_static, 353 our_ri_bytes=p["ri_bytes"], 354 peer_static_pub=p["static_key"], 355 peer_ri_hash=p["ri_hash"], 356 peer_iv=p["iv"], 357 ), 358 timeout=15.0, 359 ) 360 frames = [] 361 try: 362 for _ in range(3): 363 frame_blocks = await asyncio.wait_for( 364 conn.recv_frame(), timeout=5.0, 365 ) 366 for blk in frame_blocks: 367 frames.append({ 368 "block_type": blk.block_type, 369 "data_len": len(blk.data), 370 }) 371 except (asyncio.TimeoutError, Exception): 372 pass 373 await conn.close() 374 return frames 375 376 async def _tcp_connect_and_send(p): 377 """Test TCP connectivity and SessionRequest send.""" 378 reader, writer = await asyncio.wait_for( 379 asyncio.open_connection(p["host"], p["port"]), 380 timeout=10.0, 381 ) 382 # Build and send SessionRequest 383 hs = NTCP2RealHandshake( 384 our_static=our_static, 385 peer_static_pub=p["static_key"], 386 peer_ri_hash=p["ri_hash"], 387 peer_iv=p["iv"], 388 initiator=True, 389 ) 390 msg1 = hs.create_session_request(padding_len=0, router_info=p["ri_bytes"]) 391 writer.write(msg1) 392 await writer.drain() 393 # Try to read SessionCreated (64 bytes) 394 try: 395 msg2 = await asyncio.wait_for(reader.readexactly(64), timeout=10.0) 396 writer.close() 397 return "handshake_progress", len(msg2) 398 except (asyncio.IncompleteReadError, asyncio.TimeoutError): 399 writer.close() 400 return "tcp_connected", 0 401 402 try: 403 frames = asyncio.run(_do_handshake(peer)) 404 handshake_completed += 1 405 tcp_connected += 1 406 print( 407 f" SUCCESS: handshake completed, got {len(frames)} blocks", 408 flush=True, 409 ) 410 dt_blocks = [f for f in frames if f["block_type"] == BLOCK_DATETIME] 411 if dt_blocks: 412 print(" Got DateTime block(s) — full interop confirmed!", flush=True) 413 except (ConnectionRefusedError, asyncio.TimeoutError, OSError) as e: 414 last_error = e 415 print(f" TCP failed: {e}", flush=True) 416 except Exception as e: 417 # Handshake-level error means TCP connected but Noise failed 418 tcp_connected += 1 419 last_error = e 420 print(f" TCP OK, handshake error: {e}", flush=True) 421 422 print( 423 f"\nResults: {tcp_connected} TCP connects, " 424 f"{handshake_completed} full handshakes out of {max_attempts} attempts", 425 flush=True, 426 ) 427 428 # Minimum bar: we must be able to TCP connect to live I2P peers. 429 # Full Noise handshake completion is tracked in protocol gap T4. 430 self.assertGreater( 431 tcp_connected, 0, 432 f"Could not TCP connect to any of {max_attempts} live peers " 433 f"(last error: {last_error})", 434 ) 435 if handshake_completed == 0: 436 print( 437 "NOTE: No full NTCP2 handshakes completed. This is a known " 438 "limitation tracked in protocol gap T4 (SessionRequest format).", 439 flush=True, 440 ) 441 442 # -- test 2: parse RouterInfo from reseed with NTCP2 options -- 443 444 def test_parse_java_router_info_v2(self): 445 """Parse real Java RouterInfos from reseed, verify NTCP2 fields.""" 446 import urllib.request 447 448 reseed_urls = [ 449 "https://reseed.stormycloud.org", 450 "https://reseed.diva.exchange", 451 "https://reseed.memcpy.io", 452 ] 453 su3_data = None 454 for url in reseed_urls: 455 try: 456 req = urllib.request.Request( 457 url.rstrip("/") + "/i2pseeds.su3?netid=2", 458 headers={"User-Agent": "Wget/1.11.4"}, 459 ) 460 with urllib.request.urlopen(req, timeout=30) as resp: 461 su3_data = resp.read(1_048_576) 462 break 463 except Exception: 464 continue 465 466 if su3_data is None: 467 self.skipTest("Could not fetch reseed from any server") 468 return 469 470 from i2p_data.su3 import SU3File 471 su3 = SU3File.from_bytes(su3_data) 472 ri_bytes_list = su3.extract_routerinfos() 473 self.assertGreater(len(ri_bytes_list), 0) 474 475 # Parse and verify NTCP2 fields on at least one RouterInfo 476 verified = 0 477 for ri_bytes in ri_bytes_list: 478 try: 479 ri = RouterInfo.from_bytes(ri_bytes) 480 ri_hash = hashlib.sha256(ri_bytes).digest() 481 for addr in ri.addresses: 482 if "NTCP" not in addr.transport.upper(): 483 continue 484 opts = addr.options 485 s_b64 = opts.get("s", "") 486 i_b64 = opts.get("i", "") 487 if not s_b64 or not i_b64: 488 continue 489 490 static_key = _i2p_b64_decode(s_b64) 491 iv = _i2p_b64_decode(i_b64) 492 493 self.assertEqual(len(static_key), 32, 494 f"Expected 32-byte X25519 static key, got {len(static_key)}") 495 self.assertEqual(len(iv), 16, 496 f"Expected 16-byte IV, got {len(iv)}") 497 self.assertEqual(len(ri_hash), 32) 498 self.assertIn("s", opts) 499 self.assertIn("i", opts) 500 501 host = addr.get_host() 502 port = addr.get_port() 503 self.assertIsNotNone(host) 504 self.assertIsNotNone(port) 505 self.assertGreater(port, 0) 506 507 verified += 1 508 if verified <= 3: 509 print( 510 f"Verified RI #{verified}: {addr.transport} at " 511 f"{host}:{port}, key={static_key[:4].hex()}...", 512 flush=True, 513 ) 514 break 515 except Exception: 516 continue 517 518 print(f"Verified {verified} RouterInfos with valid NTCP2 fields", flush=True) 519 self.assertGreater(verified, 0, "No RouterInfos with valid NTCP2 found") 520 521 522@pytest.mark.slow 523class TestReseedFromLiveServer(unittest.TestCase): 524 """Test fetching and parsing a real SU3 reseed file from the network.""" 525 526 # Reseed servers to try (in order) 527 RESEED_URLS = [ 528 "https://reseed.stormycloud.org", 529 "https://reseed.diva.exchange", 530 "https://reseed.memcpy.io", 531 "https://reseed.i2pgit.org", 532 "https://i2p.novg.net", 533 ] 534 535 def _fetch_su3(self, url: str) -> bytes: 536 """Fetch SU3 from a single reseed server.""" 537 import urllib.request 538 import urllib.error 539 540 full_url = url.rstrip("/") + "/i2pseeds.su3?netid=2" 541 req = urllib.request.Request( 542 full_url, 543 headers={"User-Agent": "Wget/1.11.4"}, 544 ) 545 with urllib.request.urlopen(req, timeout=30) as resp: 546 return resp.read(1_048_576) 547 548 def test_reseed_from_live_server(self): 549 """Fetch a real SU3 file, parse it, and verify NTCP2 RouterInfos.""" 550 import urllib.error 551 552 su3_data = None 553 last_error = None 554 555 for url in self.RESEED_URLS: 556 try: 557 print(f"Trying reseed from {url}...", flush=True) 558 su3_data = self._fetch_su3(url) 559 print(f"Got {len(su3_data)} bytes from {url}", flush=True) 560 break 561 except (urllib.error.URLError, urllib.error.HTTPError, OSError) as e: 562 last_error = e 563 print(f" Failed: {e}", flush=True) 564 continue 565 except Exception as e: 566 last_error = e 567 print(f" Unexpected error: {e}", flush=True) 568 continue 569 570 if su3_data is None: 571 self.skipTest( 572 f"Could not fetch SU3 from any reseed server " 573 f"(last error: {last_error})" 574 ) 575 return 576 577 # Parse SU3 header 578 su3 = SU3File.from_bytes(su3_data) 579 580 # Verify it is a reseed file 581 self.assertTrue( 582 su3.is_reseed(), 583 f"Expected reseed content type (3), got {su3.content_type}", 584 ) 585 self.assertEqual(su3.file_type, SU3File.TYPE_ZIP) 586 self.assertEqual(su3.magic, SU3File.MAGIC) 587 588 print(f"SU3 parsed:", flush=True) 589 print(f" Version: {su3.version}", flush=True) 590 print(f" Signer: {su3.signer_id}", flush=True) 591 print(f" Content type: {su3.content_type} (reseed={su3.is_reseed()})", flush=True) 592 print(f" File type: {su3.file_type}", flush=True) 593 print(f" Sig type: {su3.sig_type_code}", flush=True) 594 595 # Extract RouterInfos from the ZIP 596 ri_bytes_list = su3.extract_routerinfos() 597 self.assertGreater( 598 len(ri_bytes_list), 0, 599 "Expected at least one RouterInfo in reseed bundle", 600 ) 601 print(f" RouterInfos: {len(ri_bytes_list)}", flush=True) 602 603 # Parse each RI and check for NTCP2 addresses 604 ntcp2_count = 0 605 parse_errors = 0 606 607 for i, ri_bytes in enumerate(ri_bytes_list): 608 try: 609 ri = RouterInfo.from_bytes(ri_bytes) 610 for addr in ri.addresses: 611 if "NTCP" in addr.transport.upper(): 612 opts = addr.options 613 if "s" in opts and "i" in opts: 614 # Verify key sizes 615 s_key = _i2p_b64_decode(opts["s"]) 616 iv = _i2p_b64_decode(opts["i"]) 617 if len(s_key) == 32 and len(iv) == 16: 618 ntcp2_count += 1 619 break 620 except Exception as e: 621 parse_errors += 1 622 if parse_errors <= 3: 623 print(f" Parse error on RI #{i}: {e}", flush=True) 624 625 print( 626 f" NTCP2 addresses: {ntcp2_count}/{len(ri_bytes_list)} " 627 f"(parse errors: {parse_errors})", 628 flush=True, 629 ) 630 631 # Most modern I2P routers support NTCP2, so we expect at least some 632 self.assertGreater( 633 ntcp2_count, 0, 634 f"Expected at least some RouterInfos with NTCP2 addresses, " 635 f"got 0 out of {len(ri_bytes_list)} " 636 f"({parse_errors} parse errors)", 637 ) 638 639 640if __name__ == "__main__": 641 unittest.main()