test(rendezvous): error cases (#1683)

Co-authored-by: Ben <benph@vac.dev>
Co-authored-by: vladopajic <vladopajic@users.noreply.github.com>

.appveyor.yml

@@ -1,52 +0,0 @@
-version: '{build}'
-
-image: Visual Studio 2015
-
-cache:
-  - NimBinaries
-  - p2pdCache
-
-matrix:
-  # We always want 32 and 64-bit compilation
-  fast_finish: false
-
-platform:
-  - x86
-  - x64
-
-# when multiple CI builds are queued, the tested commit needs to be in the last X commits cloned with "--depth X"
-clone_depth: 10
-
-install:
-  - git submodule update --init --recursive
-
-  # use the newest versions documented here: https://www.appveyor.com/docs/windows-images-software/#mingw-msys-cygwin
-  - IF "%PLATFORM%" == "x86" SET PATH=C:\mingw-w64\i686-6.3.0-posix-dwarf-rt_v5-rev1\mingw32\bin;%PATH%
-  - IF "%PLATFORM%" == "x64" SET PATH=C:\mingw-w64\x86_64-8.1.0-posix-seh-rt_v6-rev0\mingw64\bin;%PATH%
-
-  # build nim from our own branch - this to avoid the day-to-day churn and
-  # regressions of the fast-paced Nim development while maintaining the
-  # flexibility to apply patches
-  - curl -O -L -s -S https://raw.githubusercontent.com/status-im/nimbus-build-system/master/scripts/build_nim.sh
-  - env MAKE="mingw32-make -j2" ARCH_OVERRIDE=%PLATFORM% bash build_nim.sh Nim csources dist/nimble NimBinaries
-  - SET PATH=%CD%\Nim\bin;%PATH%
-
-  # set path for produced Go binaries
-  - MKDIR goblin
-  - CD goblin
-  - SET GOPATH=%CD%
-  - SET PATH=%GOPATH%\bin;%PATH%
-  - CD ..
-
-  # install and build go-libp2p-daemon
-  - bash scripts/build_p2pd.sh p2pdCache v0.3.0
-
-build_script:
-  - nimble install -y --depsOnly
-
-test_script:
-  - nimble test
-  - nimble examples_build
-
-deploy: off
-

.git-blame-ignore-revs

@@ -0,0 +1,2 @@
+# Formatted with nph 0.5.1
+dc83a1e9b68f00b3be7e09febdb1a3f877321b9a

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @vacp2p/p2p

.github/actions/add_comment/action.yml

@@ -0,0 +1,34 @@
+name: Add Comment
+description: "Add or update comment in the PR"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Add/Update Comment
+      uses: actions/github-script@v7
+      with:
+        script: |
+          const fs = require('fs');
+          const marker = "${{ env.MARKER }}";
+          const body = fs.readFileSync("${{ env.COMMENT_SUMMARY_PATH }}", 'utf8');
+          const { data: comments } = await github.rest.issues.listComments({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            issue_number: context.issue.number,
+          });
+          const existing = comments.find(c => c.body && c.body.startsWith(marker));
+          if (existing) {
+            await github.rest.issues.updateComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              comment_id: existing.id,
+              body,
+            });
+          } else {
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body,
+            });
+          }

.github/actions/discord_notify/action.yml

@@ -0,0 +1,49 @@
+name: Discord Failure Notification
+description: "Send Discord notification when CI jobs fail"
+inputs:
+  webhook_url:
+    description: "Discord webhook URL"
+    required: true
+  workflow_name:
+    description: "Name of the workflow that failed"
+    required: false
+    default: ${{ github.workflow }}
+  branch:
+    description: "Branch name"
+    required: false
+    default: ${{ github.ref_name }}
+  repository:
+    description: "Repository name"
+    required: false
+    default: ${{ github.repository }}
+  run_id:
+    description: "GitHub run ID"
+    required: false
+    default: ${{ github.run_id }}
+  server_url:
+    description: "GitHub server URL"
+    required: false
+    default: ${{ github.server_url }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Send Discord notification
+      shell: bash
+      run: |
+        curl -H "Content-Type: application/json" \
+             -X POST \
+             -d "{
+               \"embeds\": [{
+                 \"title\": \"${{ inputs.workflow_name }} Job Failed\",
+                 \"url\": \"${{ inputs.server_url }}/${{ inputs.repository }}/actions/runs/${{ inputs.run_id }}\",
+                 \"description\": \"The workflow has failed on branch \`${{ inputs.branch }}\`\",
+                 \"color\": 15158332,
+                 \"fields\": [
+                   {\"name\": \"Repository\", \"value\": \"${{ inputs.repository }}\", \"inline\": true},
+                   {\"name\": \"Branch\", \"value\": \"${{ inputs.branch }}\", \"inline\": true}
+                 ],
+                 \"timestamp\": \"$(date -u +%Y-%m-%dT%H:%M:%S.000Z)\"
+               }]
+             }" \
+             "${{ inputs.webhook_url }}"

.github/actions/generate_plots/action.yml

@@ -0,0 +1,24 @@
+name: Generate Plots
+description: "Set up Python and run script to generate plots with Docker Stats"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.12"
+
+    - name: Install Python dependencies
+      shell: bash
+      run: |
+        python -m pip install --upgrade pip
+        pip install matplotlib
+
+    - name: Plot Docker Stats
+      shell: bash
+      run: python performance/scripts/plot_docker_stats.py
+
+    - name: Plot Latency History
+      shell: bash
+      run: python performance/scripts/plot_latency_history.py

.github/actions/install_nim/action.yml

@@ -0,0 +1,133 @@
+name: Install Nim
+inputs:
+  os:
+    description: "Operating system to build for"
+    required: true
+  cpu:
+    description: "CPU to build for"
+    default: "amd64"
+  nim_ref:
+    description: "Nim version"
+    default: "version-2-0"
+  shell:
+    description: "Shell to run commands in"
+    default: "bash --noprofile --norc -e -o pipefail"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install build dependencies (Linux i386)
+      shell: ${{ inputs.shell }}
+      if: inputs.os == 'Linux' && inputs.cpu == 'i386'
+      run: |
+        sudo dpkg --add-architecture i386
+        sudo apt-get update -qq
+        sudo DEBIAN_FRONTEND='noninteractive' apt-get install \
+          --no-install-recommends -yq gcc-multilib g++-multilib \
+          libssl-dev:i386
+        mkdir -p external/bin
+        cat << EOF > external/bin/gcc
+        #!/bin/bash
+        exec $(which gcc) -m32 "\$@"
+        EOF
+        cat << EOF > external/bin/g++
+        #!/bin/bash
+        exec $(which g++) -m32 "\$@"
+        EOF
+        chmod 755 external/bin/gcc external/bin/g++
+        echo '${{ github.workspace }}/external/bin' >> $GITHUB_PATH
+
+    - name: MSYS2 (Windows i386)
+      if: inputs.os == 'Windows' && inputs.cpu == 'i386'
+      uses: msys2/setup-msys2@v2
+      with:
+        path-type: inherit
+        msystem: MINGW32
+        install: >-
+          base-devel
+          git
+          mingw-w64-i686-toolchain
+
+    - name: MSYS2 (Windows amd64)
+      if: inputs.os == 'Windows' && inputs.cpu == 'amd64'
+      uses: msys2/setup-msys2@v2
+      with:
+        path-type: inherit
+        install: >-
+          base-devel
+          git
+          mingw-w64-x86_64-toolchain
+
+    - name: Restore Nim DLLs dependencies (Windows) from cache
+      if: inputs.os == 'Windows'
+      id: windows-dlls-cache
+      uses: actions/cache@v4
+      with:
+        path: external/dlls
+        key: 'dlls'
+
+    - name: Install DLL dependencies (Windows)
+      shell: ${{ inputs.shell }}
+      if: >
+        steps.windows-dlls-cache.outputs.cache-hit != 'true' &&
+        inputs.os == 'Windows'
+      run: |
+        mkdir external
+        curl -L "https://nim-lang.org/download/windeps.zip" -o external/windeps.zip
+        7z x external/windeps.zip -oexternal/dlls
+
+    - name: Path to cached dependencies (Windows)
+      shell: ${{ inputs.shell }}
+      if: >
+        inputs.os == 'Windows'
+      run: |
+        echo '${{ github.workspace }}'"/external/dlls" >> $GITHUB_PATH
+
+    - name: Derive environment variables
+      shell: ${{ inputs.shell }}
+      run: |
+        if [[ '${{ inputs.cpu }}' == 'amd64' ]]; then
+          PLATFORM=x64
+        elif [[ '${{ inputs.cpu }}' == 'arm64' ]]; then
+          PLATFORM=arm64
+        else
+          PLATFORM=x86
+        fi
+        echo "PLATFORM=$PLATFORM" >> $GITHUB_ENV
+
+        ncpu=
+        MAKE_CMD="make"
+        case '${{ inputs.os }}' in
+        'Linux')
+          ncpu=$(nproc)
+          ;;
+        'macOS')
+          ncpu=$(sysctl -n hw.ncpu)
+          ;;
+        'Windows')
+          ncpu=$NUMBER_OF_PROCESSORS
+          MAKE_CMD="mingw32-make"
+          ;;
+        esac
+        [[ -z "$ncpu" || $ncpu -le 0 ]] && ncpu=1
+        echo "ncpu=$ncpu" >> $GITHUB_ENV
+        echo "MAKE_CMD=${MAKE_CMD}" >> $GITHUB_ENV
+        echo '${{ github.workspace }}/nim/bin' >> $GITHUB_PATH
+
+    - name: Restore Nim from cache
+      id: nim-cache
+      uses: actions/cache@v4
+      with:
+        path: '${{ github.workspace }}/nim'
+        key: ${{ inputs.os }}-${{ inputs.cpu }}-nim-${{ inputs.nim_ref }}-cache-${{ env.cache_nonce }}
+
+    - name: Build Nim and Nimble
+      shell: ${{ inputs.shell }}
+      if: ${{ steps.nim-cache.outputs.cache-hit != 'true' }}
+      run: |
+        # We don't want partial matches of the cache restored
+        rm -rf nim
+        curl -O -L -s -S https://raw.githubusercontent.com/status-im/nimbus-build-system/master/scripts/build_nim.sh
+        env MAKE="${MAKE_CMD} -j${ncpu}" ARCH_OVERRIDE=${PLATFORM} NIM_COMMIT=${{ inputs.nim_ref }} \
+          QUICK_AND_DIRTY_COMPILER=1 QUICK_AND_DIRTY_NIMBLE=1 CC=gcc \
+          bash build_nim.sh nim csources dist/nimble NimBinaries

.github/actions/process_stats/action.yml

@@ -0,0 +1,21 @@
+name: Process Stats
+description: "Set up Nim and run scripts to aggregate latency and process raw docker stats"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up Nim
+      uses: jiro4989/setup-nim-action@v2
+      with:
+        nim-version: "2.x"
+        repo-token: ${{ env.GITHUB_TOKEN }}
+
+    - name: Aggregate latency stats and prepare markdown for comment and summary 
+      shell: bash
+      run: |
+        nim c -r -d:release -o:/tmp/process_latency_stats ./performance/scripts/process_latency_stats.nim
+
+    - name: Process raw docker stats to csv files
+      shell: bash
+      run: |
+        nim c -r -d:release -o:/tmp/process_docker_stats ./performance/scripts/process_docker_stats.nim

.github/actions/publish_history/action.yml

@@ -0,0 +1,36 @@
+name: Publish Latency History
+description: "Publish latency history CSVs in a configurable branch and folder"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Clone the branch
+      uses: actions/checkout@v4
+      with:
+        repository: ${{ github.repository }}
+        ref: ${{ env.PUBLISH_BRANCH_NAME }}
+        path: ${{ env.CHECKOUT_SUBFOLDER_HISTORY }}
+        fetch-depth: 0
+
+    - name: Commit & push latency history CSVs
+      shell: bash
+      run: |
+        cd "$CHECKOUT_SUBFOLDER_HISTORY"
+        git fetch origin "$PUBLISH_BRANCH_NAME"
+        git reset --hard "origin/$PUBLISH_BRANCH_NAME"
+
+        mkdir -p "$PUBLISH_DIR_LATENCY_HISTORY"
+
+        cp ../$SHARED_VOLUME_PATH/$LATENCY_HISTORY_PREFIX*.csv "$PUBLISH_DIR_LATENCY_HISTORY/"
+        git add "$PUBLISH_DIR_LATENCY_HISTORY"
+
+        if git diff-index --quiet HEAD --; then
+          echo "No changes to commit"
+        else
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git config user.name "github-actions[bot]"
+          git commit -m "Update latency history CSVs"
+          git push origin "$PUBLISH_BRANCH_NAME"
+        fi
+
+        cd ..

.github/actions/publish_plots/action.yml

@@ -0,0 +1,56 @@
+name: Publish Plots
+description: "Publish plots in performance_plots branch and add to the workflow summary"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Clone the performance_plots branch
+      uses: actions/checkout@v4
+      with:
+        repository: ${{ github.repository }}
+        ref: ${{ env.PUBLISH_BRANCH_NAME }}
+        path: ${{ env.CHECKOUT_SUBFOLDER_SUBPLOTS }}
+        fetch-depth: 0
+
+    - name: Commit & push plots
+      shell: bash
+      run: |
+        cd $CHECKOUT_SUBFOLDER_SUBPLOTS
+        git fetch origin "$PUBLISH_BRANCH_NAME"
+        git reset --hard "origin/$PUBLISH_BRANCH_NAME"
+
+        # Remove any branch folder older than 7 days
+        DAYS=7
+        cutoff=$(( $(date +%s) - DAYS*24*3600 ))
+        scan_dir="${PUBLISH_DIR_PLOTS%/}"
+        find "$scan_dir" -mindepth 1 -maxdepth 1 -type d -print0 \
+          | while IFS= read -r -d $'\0' d; do \
+              ts=$(git log -1 --format=%ct -- "$d" 2>/dev/null || true); \
+              if [ -n "$ts" ] && [ "$ts" -le "$cutoff" ]; then \
+                echo "[cleanup] Deleting: $d"; \
+                rm -rf -- "$d"; \
+              fi; \
+            done
+
+        rm -rf $PUBLISH_DIR_PLOTS/$BRANCH_NAME
+        mkdir -p $PUBLISH_DIR_PLOTS/$BRANCH_NAME
+
+        cp ../$SHARED_VOLUME_PATH/*.png $PUBLISH_DIR_PLOTS/$BRANCH_NAME/ 2>/dev/null || true
+        cp ../$LATENCY_HISTORY_PATH/*.png $PUBLISH_DIR_PLOTS/ 2>/dev/null || true
+        git add -A "$PUBLISH_DIR_PLOTS/"
+
+        git status
+
+        if git diff-index --quiet HEAD --; then
+          echo "No changes to commit"
+        else
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git config user.name "github-actions[bot]"
+          git commit -m "Update performance plots for $BRANCH_NAME"
+          git push origin $PUBLISH_BRANCH_NAME
+        fi
+
+    - name: Add plots to GitHub Actions summary
+      shell: bash
+      run: |
+        nim c -r -d:release -o:/tmp/add_plots_to_summary ./performance/scripts/add_plots_to_summary.nim

.github/workflows/auto_assign_pr.yml

@@ -0,0 +1,12 @@
+name: Auto Assign PR to Creator
+
+on:
+  pull_request:
+    types:
+      - opened
+
+jobs:
+  assign_creator:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: toshimaru/auto-author-assign@v1.6.2

.github/workflows/bumper.yml

@@ -1,43 +0,0 @@
-name: Bumper
-on:
-  push:
-    branches:
-      - unstable
-      - bumper
-  workflow_dispatch:
-
-jobs:
-  bumpProjects:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        target: [
-          { repo: status-im/nimbus-eth2, branch: unstable },
-          { repo: status-im/nwaku, branch: master },
-          { repo: status-im/nim-codex, branch: main }
-        ]
-    steps:
-      - name: Clone repo
-        uses: actions/checkout@v2
-        with:
-          repository: ${{ matrix.target.repo }}
-          ref: ${{ matrix.target.branch }}
-          path: nbc
-          submodules: true
-          fetch-depth: 0
-          token:  ${{ secrets.ACTIONS_GITHUB_TOKEN }}
-
-      - name: Checkout this ref
-        run: |
-          cd nbc/vendor/nim-libp2p
-          git checkout $GITHUB_SHA
-
-      - name: Commit this bump
-        run: |
-          cd nbc
-          git config --global user.email "${{ github.actor }}@users.noreply.github.com"
-          git config --global user.name = "${{ github.actor }}"
-          git commit -a -m "auto-bump nim-libp2p"
-          git branch -D nim-libp2p-auto-bump-${GITHUB_REF##*/} || true
-          git switch -c nim-libp2p-auto-bump-${GITHUB_REF##*/}
-          git push -f origin nim-libp2p-auto-bump-${GITHUB_REF##*/}

.github/workflows/ci.yml

@@ -1,168 +1,105 @@
-name: CI
+name: Continuous Integration
+
 on:
   push:
     branches:
       - master
-      - unstable
   pull_request:
+  merge_group:
   workflow_dispatch:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
-  build:
-    timeout-minutes: 90
+  test:
+    timeout-minutes: 40
     strategy:
       fail-fast: false
       matrix:
-        target:
+        platform:
           - os: linux
             cpu: amd64
           - os: linux
             cpu: i386
-          - os: macos
+          - os: linux-gcc-14
             cpu: amd64
+          - os: macos-14
+            cpu: arm64
           - os: windows
             cpu: amd64
-          #- os: windows
-            #cpu: i386
-        branch: [version-1-2, version-1-6]
+        nim:
+          - ref: version-2-0
+            memory_management: refc
+          - ref: version-2-2
+            memory_management: refc
         include:
-          - target:
+          - platform:
               os: linux
-            builder: ubuntu-20.04
+            builder: ubuntu-22.04
             shell: bash
-          - target:
-              os: macos
-            builder: macos-12
+          - platform:
+              os: linux-gcc-14
+            builder: ubuntu-24.04
             shell: bash
-          - target:
+          - platform:
+              os: macos-14
+            builder: macos-14
+            shell: bash
+          - platform:
               os: windows
-            builder: windows-2019
+            builder: windows-2022
             shell: msys2 {0}
 
     defaults:
       run:
         shell: ${{ matrix.shell }}
 
-    name: '${{ matrix.target.os }}-${{ matrix.target.cpu }} (Nim ${{ matrix.branch }})'
+    name: '${{ matrix.platform.os }}-${{ matrix.platform.cpu }} (Nim ${{ matrix.nim.ref }})'
     runs-on: ${{ matrix.builder }}
-    continue-on-error: ${{ matrix.branch == 'version-1-6' || matrix.branch == 'devel' }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           submodules: true
 
-      - name: Install build dependencies (Linux i386)
-        if: runner.os == 'Linux' && matrix.target.cpu == 'i386'
-        run: |
-          sudo dpkg --add-architecture i386
-          sudo apt-get update -qq
-          sudo DEBIAN_FRONTEND='noninteractive' apt-get install \
-            --no-install-recommends -yq gcc-multilib g++-multilib \
-            libssl-dev:i386
-          mkdir -p external/bin
-          cat << EOF > external/bin/gcc
-          #!/bin/bash
-          exec $(which gcc) -m32 "\$@"
-          EOF
-          cat << EOF > external/bin/g++
-          #!/bin/bash
-          exec $(which g++) -m32 "\$@"
-          EOF
-          chmod 755 external/bin/gcc external/bin/g++
-          echo '${{ github.workspace }}/external/bin' >> $GITHUB_PATH
-
-      - name: MSYS2 (Windows i386)
-        if: runner.os == 'Windows' && matrix.target.cpu == 'i386'
-        uses: msys2/setup-msys2@v2
+      - name: Setup Nim
+        uses: "./.github/actions/install_nim"
         with:
-          path-type: inherit
-          msystem: MINGW32
-          install: >-
-            base-devel
-            git
-            mingw-w64-i686-toolchain
+          os: ${{ matrix.platform.os }}
+          cpu: ${{ matrix.platform.cpu }}
+          shell: ${{ matrix.shell }}
+          nim_ref: ${{ matrix.nim.ref }}
 
-      - name: MSYS2 (Windows amd64)
-        if: runner.os == 'Windows' && matrix.target.cpu == 'amd64'
-        uses: msys2/setup-msys2@v2
+      - name: Restore deps from cache
+        id: deps-cache
+        uses: actions/cache@v3
         with:
-          path-type: inherit
-          install: >-
-            base-devel
-            git
-            mingw-w64-x86_64-toolchain
+          path: nimbledeps
+          # Using nim.ref as a simple way to differentiate between nimble using the "pkgs" or "pkgs2" directories.
+          # The change happened on Nimble v0.14.0. Also forcing the deps to be reinstalled on each os and cpu.
+          key: nimbledeps-${{ matrix.nim.ref }}-${{ matrix.builder }}-${{ matrix.platform.cpu }}-${{ hashFiles('.pinned') }} # hashFiles returns a different value on windows
 
-      - name: Restore Nim DLLs dependencies (Windows) from cache
-        if: runner.os == 'Windows'
-        id: windows-dlls-cache
-        uses: actions/cache@v2
-        with:
-          path: external/dlls
-          key: 'dlls'
-
-      - name: Install DLL dependencies (Windows)
-        if: >
-          steps.windows-dlls-cache.outputs.cache-hit != 'true' &&
-          runner.os == 'Windows'
+      - name: Install deps
+        if: ${{ steps.deps-cache.outputs.cache-hit != 'true' }}
         run: |
-          mkdir external
-          curl -L "https://nim-lang.org/download/windeps.zip" -o external/windeps.zip
-          7z x external/windeps.zip -oexternal/dlls
+          nimble install_pinned
 
-      - name: Path to cached dependencies (Windows)
-        if: >
-          runner.os == 'Windows'
+      - name: Use gcc 14
+        if : ${{ matrix.platform.os == 'linux-gcc-14'}}
         run: |
-          echo '${{ github.workspace }}'"/external/dlls" >> $GITHUB_PATH
+          # Add GCC-14 to alternatives
+          sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 14
 
-      - name: Derive environment variables
-        run: |
-          if [[ '${{ matrix.target.cpu }}' == 'amd64' ]]; then
-            PLATFORM=x64
-          else
-            PLATFORM=x86
-          fi
-          echo "PLATFORM=$PLATFORM" >> $GITHUB_ENV
-
-          ncpu=
-          MAKE_CMD="make"
-          case '${{ runner.os }}' in
-          'Linux')
-            ncpu=$(nproc)
-            ;;
-          'macOS')
-            ncpu=$(sysctl -n hw.ncpu)
-            ;;
-          'Windows')
-            ncpu=$NUMBER_OF_PROCESSORS
-            MAKE_CMD="mingw32-make"
-            ;;
-          esac
-          [[ -z "$ncpu" || $ncpu -le 0 ]] && ncpu=1
-          echo "ncpu=$ncpu" >> $GITHUB_ENV
-          echo "MAKE_CMD=${MAKE_CMD}" >> $GITHUB_ENV
-
-      - name: Build Nim and Nimble
-        run: |
-          curl -O -L -s -S https://raw.githubusercontent.com/status-im/nimbus-build-system/master/scripts/build_nim.sh
-          env MAKE="${MAKE_CMD} -j${ncpu}" ARCH_OVERRIDE=${PLATFORM} NIM_COMMIT=${{ matrix.branch }} \
-            QUICK_AND_DIRTY_COMPILER=1 QUICK_AND_DIRTY_NIMBLE=1 CC=gcc \
-            bash build_nim.sh nim csources dist/nimble NimBinaries
-          echo '${{ github.workspace }}/nim/bin' >> $GITHUB_PATH
-
-      - name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: '~1.15.5'
-
-      - name: Install p2pd
-        run: |
-          V=1 bash scripts/build_p2pd.sh p2pdCache 124530a3
+          # Set GCC-14 as the default
+          sudo update-alternatives --set gcc /usr/bin/gcc-14
 
       - name: Run tests
         run: |
           nim --version
           nimble --version
-          nimble install_pinned
+          gcc --version
+
+          export NIMFLAGS="${NIMFLAGS} --mm:${{ matrix.nim.memory_management }}" 
           nimble test

.github/workflows/codecov.yml

@@ -1,140 +0,0 @@
-name: nim-libp2p codecov builds
-
-on:
-  #On push to common branches, this computes the "bases stats" for PRs
-  push:
-    branches:
-      - master
-  pull_request:
-  workflow_dispatch:
-
-jobs:
-  GossipSub:
-    runs-on: ubuntu-20.04
-    strategy:
-      matrix:
-        nim-options: [
-          "",
-          "-d:libp2p_pubsub_anonymize=true -d:libp2p_pubsub_sign=false -d:libp2p_pubsub_verify=false",
-          "-d:libp2p_pubsub_sign=true -d:libp2p_pubsub_verify=true"
-        ]
-        test-program: [
-          "tests/pubsub/testpubsub",
-          "tests/pubsub/testfloodsub",
-          "tests/pubsub/testgossipinternal"
-        ]
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      - name: Run
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y lcov build-essential git curl
-          mkdir coverage
-          curl -O -L -s -S https://raw.githubusercontent.com/status-im/nimbus-build-system/master/scripts/build_nim.sh
-          env MAKE="make -j${NPROC}" bash build_nim.sh Nim csources dist/nimble NimBinaries
-          export PATH="$PATH:$PWD/Nim/bin"
-          nimble install_pinned
-          export NIM_OPTIONS="--opt:speed -d:debug --verbosity:0 --hints:off --lineDir:on -d:chronicles_log_level=INFO --warning[CaseTransition]:off --warning[ObservableStores]:off --warning[LockLevel]:off --nimcache:nimcache --passC:-fprofile-arcs --passC:-ftest-coverage --passL:-fprofile-arcs --passL:-ftest-coverage ${{ matrix.nim-options }}"
-          nim c $NIM_OPTIONS -r ${{ matrix.test-program }}
-          cd nimcache; rm *.c; cd ..
-          lcov --capture --directory nimcache --output-file coverage/coverage.info
-          shopt -s globstar
-          ls `pwd`/libp2p/{*,**/*}.nim
-          lcov --extract coverage/coverage.info  `pwd`/libp2p/{*,**/*}.nim --output-file coverage/coverage.f.info
-          export COV_UUID=`cksum <<< "${{ matrix.test-program }} $NIM_OPTIONS" | cut -f 1 -d ' '`
-          genhtml coverage/coverage.f.info --output-directory coverage/$COV_UUID-output
-          echo ${{ matrix.test-program }} > coverage/$COV_UUID-nim_options.txt
-          echo $NIM_OPTIONS >> coverage/$COV_UUID-nim_options.txt
-          bash <(curl -s https://codecov.io/bash) -f coverage/coverage.f.info || echo "Codecov did not collect coverage reports"
-      - uses: actions/upload-artifact@master
-        with:
-          name: coverage
-          path: coverage
-
-  Tests:
-    runs-on: ubuntu-20.04
-    strategy:
-      matrix:
-        nim-options: [
-          ""
-        ]
-        test-program: [
-          "tests/testnative",
-        ]
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      - name: Run
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y lcov build-essential git curl
-          mkdir coverage
-          curl -O -L -s -S https://raw.githubusercontent.com/status-im/nimbus-build-system/master/scripts/build_nim.sh
-          env MAKE="make -j${NPROC}" bash build_nim.sh Nim csources dist/nimble NimBinaries
-          export PATH="$PATH:$PWD/Nim/bin"
-          nimble install_pinned
-          export NIM_OPTIONS="--opt:speed -d:debug --verbosity:0 --hints:off --lineDir:on -d:chronicles_log_level=INFO --warning[CaseTransition]:off --warning[ObservableStores]:off --warning[LockLevel]:off --nimcache:nimcache --passC:-fprofile-arcs --passC:-ftest-coverage --passL:-fprofile-arcs --passL:-ftest-coverage ${{ matrix.nim-options }} --clearNimblePath --NimblePath:nimbledeps/pkgs"
-          nim c $NIM_OPTIONS -r ${{ matrix.test-program }}
-          cd nimcache; rm *.c; cd ..
-          lcov --capture --directory nimcache --output-file coverage/coverage.info
-          shopt -s globstar
-          ls `pwd`/libp2p/{*,**/*}.nim
-          lcov --extract coverage/coverage.info  `pwd`/libp2p/{*,**/*}.nim --output-file coverage/coverage.f.info
-          export COV_UUID=`cksum <<< "${{ matrix.test-program }} $NIM_OPTIONS" | cut -f 1 -d ' '`
-          genhtml coverage/coverage.f.info --output-directory coverage/$COV_UUID-output
-          echo ${{ matrix.test-program }} > coverage/$COV_UUID-nim_options.txt
-          echo $NIM_OPTIONS >> coverage/$COV_UUID-nim_options.txt
-          bash <(curl -s https://codecov.io/bash) -f coverage/coverage.f.info || echo "Codecov did not collect coverage reports"
-      - uses: actions/upload-artifact@master
-        with:
-          name: coverage
-          path: coverage
-
-  Filter:
-    runs-on: ubuntu-20.04
-    strategy:
-      matrix:
-        nim-options: [
-          "",
-          "-d:libp2p_pki_schemes=secp256k1",
-          "-d:libp2p_pki_schemes=secp256k1;ed25519",
-          "-d:libp2p_pki_schemes=secp256k1;ed25519;ecnist",
-        ]
-        test-program: [
-          "tests/testpkifilter",
-        ]
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      - name: Run
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y lcov build-essential git curl
-          mkdir coverage
-          curl -O -L -s -S https://raw.githubusercontent.com/status-im/nimbus-build-system/master/scripts/build_nim.sh
-          env MAKE="make -j${NPROC}" bash build_nim.sh Nim csources dist/nimble NimBinaries
-          export PATH="$PATH:$PWD/Nim/bin"
-          nimble install_pinned
-          export NIM_OPTIONS="--opt:speed -d:debug --verbosity:0 --hints:off --lineDir:on -d:chronicles_log_level=INFO --warning[CaseTransition]:off --warning[ObservableStores]:off --warning[LockLevel]:off --nimcache:nimcache --passC:-fprofile-arcs --passC:-ftest-coverage --passL:-fprofile-arcs --passL:-ftest-coverage ${{ matrix.nim-options }}"
-          nim c $NIM_OPTIONS -r ${{ matrix.test-program }}
-          cd nimcache; rm *.c; cd ..
-          lcov --capture --directory nimcache --output-file coverage/coverage.info
-          shopt -s globstar
-          ls `pwd`/libp2p/{*,**/*}.nim
-          lcov --extract coverage/coverage.info  `pwd`/libp2p/{*,**/*}.nim --output-file coverage/coverage.f.info
-          export COV_UUID=`cksum <<< "${{ matrix.test-program }} $NIM_OPTIONS" | cut -f 1 -d ' '`
-          genhtml coverage/coverage.f.info --output-directory coverage/$COV_UUID-output
-          echo ${{ matrix.test-program }} > coverage/$COV_UUID-nim_options.txt
-          echo $NIM_OPTIONS >> coverage/$COV_UUID-nim_options.txt
-          bash <(curl -s https://codecov.io/bash) -f coverage/coverage.f.info || echo "Codecov did not collect coverage reports"
-      - uses: actions/upload-artifact@master
-        with:
-          name: coverage
-          path: coverage
-
-
-

.github/workflows/coverage.yml

@@ -0,0 +1,70 @@
+name: Coverage
+
+on:
+  # On push to common branches, this computes the coverage that PRs will use for diff
+  push:
+    branches:
+      - master
+  pull_request:
+  merge_group:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  codecov:
+    name: Run coverage and upload to codecov
+    runs-on: ubuntu-22.04
+    env:
+      CICOV: YES
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Nim
+        uses: "./.github/actions/install_nim"
+        with:
+          os: linux
+          cpu: amd64
+          shell: bash
+
+      - name: Restore deps from cache
+        id: deps-cache
+        uses: actions/cache@v4
+        with:
+          path: nimbledeps
+          key: nimbledeps-${{ hashFiles('.pinned') }}
+
+      - name: Install deps
+        if: ${{ steps.deps-cache.outputs.cache-hit != 'true' }}
+        run: |
+          nimble install_pinned
+
+      - name: Setup coverage
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y lcov build-essential git curl
+          mkdir coverage
+
+      - name: Run test suite with coverage flags
+        run: |
+          export NIMFLAGS="--lineDir:on --passC:-fprofile-arcs --passC:-ftest-coverage --passL:-fprofile-arcs --passL:-ftest-coverage"
+          nimble testnative
+          nimble testpubsub
+          nimble testfilter
+
+      - name: Run coverage
+        run: |
+          find nimcache -name *.c -delete
+          lcov --capture --directory nimcache --output-file coverage/coverage.info
+          shopt -s globstar
+          ls `pwd`/libp2p/{*,**/*}.nim
+          lcov --extract coverage/coverage.info  `pwd`/libp2p/{*,**/*}.nim --output-file coverage/coverage.f.info
+          genhtml coverage/coverage.f.info --output-directory coverage/output
+
+      - name: Upload coverage to codecov
+        run: |
+          bash <(curl -s https://codecov.io/bash) -f coverage/coverage.f.info || echo "Codecov did not collect coverage reports"

.github/workflows/daily_amd64.yml

@@ -0,0 +1,42 @@
+name: Daily amd64
+
+on:
+  schedule:
+    - cron: "30 6 * * *"
+  workflow_dispatch:
+
+jobs:
+  test_amd64_latest:
+    name: Daily test amd64 (latest dependencies)
+    uses: ./.github/workflows/daily_common.yml
+    with:
+      nim: "[
+          {'ref': 'version-2-0', 'memory_management': 'refc'},
+          {'ref': 'version-2-2', 'memory_management': 'refc'},
+          {'ref': 'devel', 'memory_management': 'refc'},
+        ]"
+      cpu: "['amd64']"
+  test_amd64_pinned:
+    name: Daily test amd64 (pinned dependencies)
+    uses: ./.github/workflows/daily_common.yml
+    with:
+      pinned_deps: true
+      nim: "[
+          {'ref': 'version-2-0', 'memory_management': 'refc'},
+          {'ref': 'version-2-2', 'memory_management': 'refc'},
+          {'ref': 'devel', 'memory_management': 'refc'},
+        ]"
+      cpu: "['amd64']"
+  notify-on-failure:
+    name: Notify Discord on Failure
+    needs: [test_amd64_latest, test_amd64_pinned]
+    if: failure()
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Discord notification
+        uses: ./.github/actions/discord_notify
+        with:
+          webhook_url: ${{ secrets.DISCORD_WEBHOOK_URL }}

.github/workflows/daily_common.yml

@@ -0,0 +1,97 @@
+name: Daily Common
+# Serves as base workflow for daily tasks, it's not run by itself.
+
+on:
+  workflow_call:
+    inputs:
+      pinned_deps:
+        description: 'Should dependencies be installed from pinned file or use latest versions'
+        required: false
+        type: boolean
+        default: false
+      nim:
+        description: 'Nim Configuration'
+        required: true
+        type: string # Following this format: [{"ref": ..., "memory_management": ...}, ...]
+      cpu:
+        description: 'CPU'
+        required: true
+        type: string
+      exclude:
+        description: 'Exclude matrix configurations'
+        required: false
+        type: string
+        default: "[]"
+
+jobs:
+  delete_cache:
+    name: Delete github action's branch cache
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+      - uses: snnaplab/delete-branch-cache-action@v1
+
+  test:
+    needs: delete_cache
+    timeout-minutes: 40
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - os: linux
+            builder: ubuntu-22.04
+            shell: bash
+          - os: macos
+            builder: macos-13
+            shell: bash
+          - os: windows
+            builder: windows-2022
+            shell: msys2 {0}
+        nim: ${{ fromJSON(inputs.nim) }}
+        cpu: ${{ fromJSON(inputs.cpu) }}
+        exclude: ${{ fromJSON(inputs.exclude) }}
+
+    defaults:
+      run:
+        shell: ${{ matrix.platform.shell }}
+
+    name: '${{ matrix.platform.os }}-${{ matrix.cpu }} (Nim ${{ matrix.nim.ref }})'
+    runs-on: ${{ matrix.platform.builder }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Nim
+        uses: "./.github/actions/install_nim"
+        with:
+          os: ${{ matrix.platform.os }}
+          shell: ${{ matrix.platform.shell }}
+          nim_ref: ${{ matrix.nim.ref }}
+          cpu: ${{ matrix.cpu }}
+
+      - name: Install dependencies (pinned)
+        if: ${{ inputs.pinned_deps }}
+        run: |
+          nimble install_pinned
+
+      - name: Install dependencies (latest)
+        if: ${{ inputs.pinned_deps == false }}
+        run: |
+          nimble install -y --depsOnly
+
+      - name: Run tests
+        run: |
+          nim --version
+          nimble --version
+
+          export NIMFLAGS="${NIMFLAGS} --mm:${{ matrix.nim.memory_management }}"
+          nimble test
+
+      - name: Run integration tests
+        if: ${{ matrix.platform.os == 'linux' && matrix.cpu == 'amd64' }}
+        run: |
+          nim --version
+          nimble --version
+
+          export NIMFLAGS="${NIMFLAGS} --mm:${{ matrix.nim.memory_management }}"
+          nimble testintegration

.github/workflows/daily_i386.yml

@@ -0,0 +1,50 @@
+name: Daily i386
+
+on:
+  schedule:
+    - cron: "30 6 * * *"
+  workflow_dispatch:
+
+jobs:
+  test_i386_latest:
+    name: Daily i386 (latest dependencies)
+    uses: ./.github/workflows/daily_common.yml
+    with:
+      nim: "[
+          {'ref': 'version-2-0', 'memory_management': 'refc'},
+          {'ref': 'version-2-2', 'memory_management': 'refc'},
+          {'ref': 'devel', 'memory_management': 'refc'},
+        ]"
+      cpu: "['i386']"
+      exclude: "[
+          {'platform': {'os':'macos'}},
+          {'platform': {'os':'windows'}},
+        ]"
+  test_i386_pinned:
+    name: Daily i386 (pinned dependencies)
+    uses: ./.github/workflows/daily_common.yml
+    with:
+      pinned_deps: true
+      nim: "[
+          {'ref': 'version-2-0', 'memory_management': 'refc'},
+          {'ref': 'version-2-2', 'memory_management': 'refc'},
+          {'ref': 'devel', 'memory_management': 'refc'},
+        ]"
+      cpu: "['i386']"
+      exclude: "[
+          {'platform': {'os':'macos'}},
+          {'platform': {'os':'windows'}},
+        ]"
+  notify-on-failure:
+    name: Notify Discord on Failure
+    needs: [test_i386_latest, test_i386_pinned]
+    if: failure()
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Discord notification
+        uses: ./.github/actions/discord_notify
+        with:
+          webhook_url: ${{ secrets.DISCORD_WEBHOOK_URL }}

.github/workflows/daily_nimbus.yml

@@ -0,0 +1,39 @@
+name: Daily Nimbus
+
+on:
+  schedule:
+    - cron: "30 6 * * *"
+  workflow_dispatch:
+
+jobs:
+  compile_nimbus:
+    timeout-minutes: 80
+    name: 'Compile Nimbus (linux-amd64)'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Compile nimbus using nim-libp2p
+        run: |
+          git clone --branch unstable --single-branch https://github.com/status-im/nimbus-eth2.git
+          cd nimbus-eth2
+          git submodule set-branch --branch ${{ github.sha }} vendor/nim-libp2p
+
+          make -j"$(nproc)"
+          make -j"$(nproc)" nimbus_beacon_node
+
+  notify-on-failure:
+    name: Notify Discord on Failure
+    needs: compile_nimbus
+    if: failure()
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Discord notification
+        uses: ./.github/actions/discord_notify
+        with:
+          webhook_url: ${{ secrets.DISCORD_WEBHOOK_URL }}
+

.github/workflows/dependencies.yml

@@ -0,0 +1,65 @@
+name: Dependencies
+
+on:
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+
+jobs:
+  bumper:
+    # Pushes new refs to interested external repositories, so they can do early testing against libp2p's newer versions
+    runs-on: ubuntu-latest
+    name: Bump libp2p's version for ${{ matrix.target.repository }}:${{ matrix.target.ref }}
+    strategy:
+      fail-fast: false
+      matrix:
+        target:
+          - repository: status-im/nimbus-eth2
+            ref: unstable
+            secret: ACTIONS_GITHUB_TOKEN_NIMBUS_ETH2
+          - repository: waku-org/nwaku
+            ref: master
+            secret: ACTIONS_GITHUB_TOKEN_NWAKU
+          - repository: codex-storage/nim-codex
+            ref: master
+            secret: ACTIONS_GITHUB_TOKEN_NIM_CODEX
+    steps:
+      - name: Clone target repository
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ matrix.target.repository }}
+          ref: ${{ matrix.target.ref}}
+          path: nbc
+          fetch-depth: 0
+          token: ${{ secrets[matrix.target.secret] }}
+
+      - name: Checkout this ref in target repository
+        run: |
+          cd nbc
+          git submodule update --init vendor/nim-libp2p
+          cd vendor/nim-libp2p
+          git checkout $GITHUB_SHA
+
+      - name: Push this ref to target repository
+        run: |
+          cd nbc
+          git config --global user.email "${{ github.actor }}@users.noreply.github.com"
+          git config --global user.name = "${{ github.actor }}"
+          git commit --allow-empty -a -m "auto-bump nim-libp2p"
+          git branch -D nim-libp2p-auto-bump-${{ matrix.target.ref }} || true
+          git switch -c nim-libp2p-auto-bump-${{ matrix.target.ref }}
+          git push -f origin nim-libp2p-auto-bump-${{ matrix.target.ref }}
+  notify-on-failure:
+    name: Notify Discord on Failure
+    needs: [bumper]
+    if: failure()
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Discord notification
+        uses: ./.github/actions/discord_notify
+        with:
+          webhook_url: ${{ secrets.DISCORD_WEBHOOK_URL }}

.github/workflows/documentation.yml

@@ -1,25 +1,27 @@
-name: Docgen
+name: Documentation Generation And Publishing
+
 on:
   push:
+    branches:
+      - master
   workflow_dispatch:
 
-
 jobs:
   build:
     timeout-minutes: 20
 
     name: 'Generate & upload documentation'
-    runs-on: 'ubuntu-20.04'
+    runs-on: ubuntu-latest
     continue-on-error: true
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           submodules: true
 
       - uses: jiro4989/setup-nim-action@v1
         with:
-          nim-version: 'stable'
+          nim-version: '2.2.x'
 
       - name: Generate doc
         run: |
@@ -27,15 +29,15 @@ jobs:
           nimble --version
           nimble install_pinned
           # nim doc can "fail", but the doc is still generated
-          nim doc --git.url:https://github.com/status-im/nim-libp2p --git.commit:${GITHUB_REF##*/} --outdir:${GITHUB_REF##*/} --project libp2p || true
+          nim doc --git.url:https://github.com/vacp2p/nim-libp2p --git.commit:${GITHUB_REF##*/} --outdir:${GITHUB_REF##*/} --project libp2p || true
 
           # check that the folder exists
           ls ${GITHUB_REF##*/}
 
       - name: Clone the gh-pages branch
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
-          repository: status-im/nim-libp2p
+          repository: vacp2p/nim-libp2p
           ref: gh-pages
           path: subdoc
           submodules: true
@@ -45,9 +47,6 @@ jobs:
         run: |
           cd subdoc
 
-          # Delete merged branches doc's
-          for branch in $(git branch -vv | grep ': gone]' | awk '{print $1}'); do rm -rf $branch; done
-
           # Update / create this branch doc
           rm -rf ${GITHUB_REF##*/}
           mv ../${GITHUB_REF##*/} .
@@ -63,12 +62,11 @@ jobs:
           git push origin gh-pages
 
   update_site:
-    if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/docs'
     name: 'Rebuild website'
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - uses: actions/setup-python@v2
         with:
@@ -79,12 +77,12 @@ jobs:
           nim-version: 'stable'
 
       - name: Generate website
-        run: pip install mkdocs-material && nimble website
+        run: pip install mkdocs-material && nimble -y website
 
       - name: Clone the gh-pages branch
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
-          repository: status-im/nim-libp2p
+          repository: vacp2p/nim-libp2p
           ref: gh-pages
           path: subdoc
           fetch-depth: 0
@@ -93,11 +91,21 @@ jobs:
         run: |
           cd subdoc
 
+          # Ensure the latest changes are fetched and reset to the remote branch
+          git fetch origin gh-pages
+          git reset --hard origin/gh-pages
+
           rm -rf docs
           mv ../site docs
 
           git add .
-          git config --global user.email "${{ github.actor }}@users.noreply.github.com"
-          git config --global user.name = "${{ github.actor }}"
-          git commit -a -m "update website"
-          git push origin gh-pages
+ 
+          if git diff-index --quiet HEAD --; then
+            echo "No changes to commit"
+          else
+            git config --global user.email "${{ github.actor }}@users.noreply.github.com"
+            git config --global user.name "${{ github.actor }}"
+
+            git commit -m "update website"
+            git push origin gh-pages
+          fi

.github/workflows/examples.yml

@@ -0,0 +1,60 @@
+name: Examples
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+  merge_group:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  examples:
+    timeout-minutes: 30
+    strategy:
+      fail-fast: false
+
+    defaults:
+      run:
+        shell: bash
+
+    name: "Build Examples"
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      - name: Setup Nim
+        uses: "./.github/actions/install_nim"
+        with:
+          shell: bash
+          os: linux
+          cpu: amd64
+          nim_ref: version-2-2
+
+      - name: Restore deps from cache
+        id: deps-cache
+        uses: actions/cache@v3
+        with:
+          path: nimbledeps
+          key: nimbledeps-${{ hashFiles('.pinned') }}
+
+      - name: Install deps
+        if: ${{ steps.deps-cache.outputs.cache-hit != 'true' }}
+        run: |
+          nimble install_pinned
+
+      - name: Build and run examples
+        run: |
+          nim --version
+          nimble --version
+          gcc --version
+
+          NIMFLAGS="${NIMFLAGS} --mm:${{ matrix.nim.memory_management }}"
+          nimble examples

.github/workflows/interop.yml

@@ -0,0 +1,89 @@
+name: Interoperability Tests
+
+on:
+  pull_request:
+  merge_group:
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  run-transport-interop:
+    name: Run transport interoperability tests
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Free Disk Space
+        # For some reason we have space issues while running this action. Likely while building the image.
+        # This action will free up some space to avoid the issue.
+        uses: jlumbroso/free-disk-space@v1.3.1
+        with:
+          tool-cache: true
+
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - name: Build image
+        run: docker buildx build --load -t nim-libp2p-head -f interop/transport/Dockerfile .
+      - name: Run tests
+        uses: libp2p/test-plans/.github/actions/run-transport-interop-test@master
+        with:
+          test-filter: nim-libp2p-head
+          # without suffix action fails because "hole-punching-interop" artifacts have 
+          # the same name as "transport-interop" artifacts
+          test-results-suffix: transport-interop
+          extra-versions: ${{ github.workspace }}/interop/transport/version.json
+          s3-cache-bucket: ${{ vars.S3_LIBP2P_BUILD_CACHE_BUCKET_NAME }}
+          s3-access-key-id: ${{ vars.S3_LIBP2P_BUILD_CACHE_AWS_ACCESS_KEY_ID }}
+          s3-secret-access-key: ${{ secrets.S3_LIBP2P_BUILD_CACHE_AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ vars.S3_LIBP2P_BUILD_CACHE_AWS_REGION }}
+
+  # nim-libp2p#1367: hole punching tests are temporary disabled as they keep failing
+  # and issue does not seem to be on nim-libp2p side
+  # run-hole-punching-interop:
+  #   name: Run hole-punching interoperability tests
+  #   runs-on: ubuntu-22.04
+  #   steps:
+  #     - uses: actions/checkout@v4
+  #     - uses: docker/setup-buildx-action@v3
+  #     - name: Build image
+  #       run: docker buildx build --load -t nim-libp2p-head -f interop/hole-punching/Dockerfile .
+  #     - name: Run tests
+  #       uses: libp2p/test-plans/.github/actions/run-interop-hole-punch-test@master
+  #       with:
+  #         test-filter: nim-libp2p-head
+  #         extra-versions: ${{ github.workspace }}/interop/hole-punching/version.json
+  #         s3-cache-bucket: ${{ vars.S3_LIBP2P_BUILD_CACHE_BUCKET_NAME }}
+  #         s3-access-key-id: ${{ vars.S3_LIBP2P_BUILD_CACHE_AWS_ACCESS_KEY_ID }}
+  #         s3-secret-access-key: ${{ secrets.S3_LIBP2P_BUILD_CACHE_AWS_SECRET_ACCESS_KEY }}
+  #         aws-region: ${{ vars.S3_LIBP2P_BUILD_CACHE_AWS_REGION }}
+  run-autonatv2-interop:
+    name: Run AutoNATv2 interoperability tests
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.25"
+
+      - name: Set up Nim
+        uses: jiro4989/setup-nim-action@v1
+        with:
+          nim-version: "stable"
+
+      - name: Run Go and Nim together
+        run: |
+          nimble install
+          cd interop/autonatv2/go-peer
+          git clone https://github.com/libp2p/go-libp2p
+          cd go-libp2p
+          git apply ../disable-filtering-of-private-ip-addresses.patch
+          cd ..
+          go run testautonatv2.go &
+          cd ../nim-peer
+          nim r src/nim_peer.nim $(cat ../go-peer/peer.id)

.github/workflows/linters.yml

@@ -0,0 +1,27 @@
+name: Linters
+
+on:
+  pull_request:
+  merge_group:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  nph:
+    name: NPH
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # In PR, has extra merge commit: ^1 = PR, ^2 = base
+
+      - name: Check `nph` formatting
+        uses: arnetheduck/nph-action@v1
+        with:
+          version: 0.6.1
+          options: "examples libp2p tests interop tools *.nim*"
+          fail: true
+          suggest: true

.github/workflows/multi_nim.yml

@@ -1,171 +0,0 @@
-name: Daily
-on:
-  schedule:
-    - cron: "30 6 * * *"
-  workflow_dispatch:
-
-jobs:
-  build:
-    timeout-minutes: 120
-    strategy:
-      fail-fast: false
-      matrix:
-        target:
-          - os: linux
-            cpu: amd64
-          - os: linux
-            cpu: i386
-          - os: macos
-            cpu: amd64
-          - os: windows
-            cpu: amd64
-          #- os: windows
-            #cpu: i386
-        branch: [version-1-2, version-1-6, devel]
-        include:
-          - target:
-              os: linux
-            builder: ubuntu-20.04
-            shell: bash
-          - target:
-              os: macos
-            builder: macos-12
-            shell: bash
-          - target:
-              os: windows
-            builder: windows-2019
-            shell: msys2 {0}
-
-    defaults:
-      run:
-        shell: ${{ matrix.shell }}
-
-    name: '${{ matrix.target.os }}-${{ matrix.target.cpu }} (Nim ${{ matrix.branch }})'
-    runs-on: ${{ matrix.builder }}
-    continue-on-error: ${{ matrix.branch == 'version-1-6' || matrix.branch == 'devel' }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          ref: unstable
-          submodules: true
-
-      - name: Install build dependencies (Linux i386)
-        if: runner.os == 'Linux' && matrix.target.cpu == 'i386'
-        run: |
-          sudo dpkg --add-architecture i386
-          sudo apt-get update -qq
-          sudo DEBIAN_FRONTEND='noninteractive' apt-get install \
-            --no-install-recommends -yq gcc-multilib g++-multilib \
-            libssl-dev:i386
-          mkdir -p external/bin
-          cat << EOF > external/bin/gcc
-          #!/bin/bash
-          exec $(which gcc) -m32 "\$@"
-          EOF
-          cat << EOF > external/bin/g++
-          #!/bin/bash
-          exec $(which g++) -m32 "\$@"
-          EOF
-          chmod 755 external/bin/gcc external/bin/g++
-          echo '${{ github.workspace }}/external/bin' >> $GITHUB_PATH
-
-      - name: MSYS2 (Windows i386)
-        if: runner.os == 'Windows' && matrix.target.cpu == 'i386'
-        uses: msys2/setup-msys2@v2
-        with:
-          path-type: inherit
-          msystem: MINGW32
-          install: >-
-            base-devel
-            git
-            mingw-w64-i686-toolchain
-
-      - name: MSYS2 (Windows amd64)
-        if: runner.os == 'Windows' && matrix.target.cpu == 'amd64'
-        uses: msys2/setup-msys2@v2
-        with:
-          path-type: inherit
-          install: >-
-            base-devel
-            git
-            mingw-w64-x86_64-toolchain
-
-      - name: Restore Nim DLLs dependencies (Windows) from cache
-        if: runner.os == 'Windows'
-        id: windows-dlls-cache
-        uses: actions/cache@v2
-        with:
-          path: external/dlls
-          key: 'dlls'
-
-      - name: Install DLL dependencies (Windows)
-        if: >
-          steps.windows-dlls-cache.outputs.cache-hit != 'true' &&
-          runner.os == 'Windows'
-        run: |
-          mkdir external
-          curl -L "https://nim-lang.org/download/windeps.zip" -o external/windeps.zip
-          7z x external/windeps.zip -oexternal/dlls
-
-      - name: Path to cached dependencies (Windows)
-        if: >
-          runner.os == 'Windows'
-        run: |
-          echo '${{ github.workspace }}'"/external/dlls" >> $GITHUB_PATH
-
-      - name: Derive environment variables
-        run: |
-          if [[ '${{ matrix.target.cpu }}' == 'amd64' ]]; then
-            PLATFORM=x64
-          else
-            PLATFORM=x86
-          fi
-          echo "PLATFORM=$PLATFORM" >> $GITHUB_ENV
-
-          ncpu=
-          MAKE_CMD="make"
-          case '${{ runner.os }}' in
-          'Linux')
-            ncpu=$(nproc)
-            ;;
-          'macOS')
-            ncpu=$(sysctl -n hw.ncpu)
-            ;;
-          'Windows')
-            ncpu=$NUMBER_OF_PROCESSORS
-            MAKE_CMD="mingw32-make"
-            ;;
-          esac
-          [[ -z "$ncpu" || $ncpu -le 0 ]] && ncpu=1
-          echo "ncpu=$ncpu" >> $GITHUB_ENV
-          echo "MAKE_CMD=${MAKE_CMD}" >> $GITHUB_ENV
-
-      - name: Build Nim and Nimble
-        run: |
-          curl -O -L -s -S https://raw.githubusercontent.com/status-im/nimbus-build-system/master/scripts/build_nim.sh
-          env MAKE="${MAKE_CMD} -j${ncpu}" ARCH_OVERRIDE=${PLATFORM} NIM_COMMIT=${{ matrix.branch }} \
-            QUICK_AND_DIRTY_COMPILER=1 QUICK_AND_DIRTY_NIMBLE=1 CC=gcc \
-            bash build_nim.sh nim csources dist/nimble NimBinaries
-          echo '${{ github.workspace }}/nim/bin' >> $GITHUB_PATH
-
-      - name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: '~1.15.5'
-
-      - name: Install p2pd
-        run: |
-          V=1 bash scripts/build_p2pd.sh p2pdCache 124530a3
-
-      - name: Run tests
-        run: |
-          nim --version
-          nimble --version
-          nimble install -y --depsOnly
-          nimble test
-          if [[ "${{ matrix.branch }}" == "version-1-6" || "${{ matrix.branch }}" == "devel" ]]; then
-            echo -e "\nTesting with '--gc:orc':\n"
-            export NIMFLAGS="${NIMFLAGS} --gc:orc"
-            nimble test
-          fi

.github/workflows/performance.yml

@@ -0,0 +1,94 @@
+name: Performance
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+  merge_group:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  performance:
+    timeout-minutes: 20
+    strategy:
+      fail-fast: false
+
+    defaults:
+      run:
+        shell: bash
+
+    env:
+      VACP2P: "vacp2p"
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+      PR_NUMBER: ${{ github.event.number }}
+      BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
+      MARKER: "<!-- perf-summary-marker -->"
+      COMMENT_SUMMARY_PATH: "/tmp/perf-summary.md"
+      SHARED_VOLUME_PATH: "performance/output"
+      DOCKER_STATS_PREFIX: "docker_stats_"
+      PUBLISH_BRANCH_NAME: "performance_plots"
+      CHECKOUT_SUBFOLDER_SUBPLOTS: "subplots"
+      PUBLISH_DIR_PLOTS: "plots"
+      CHECKOUT_SUBFOLDER_HISTORY: "history"
+      PUBLISH_DIR_LATENCY_HISTORY: "latency_history"
+      LATENCY_HISTORY_PATH: "history/latency_history"
+      LATENCY_HISTORY_PREFIX: "pr"
+      LATENCY_HISTORY_PLOT_FILENAME: "latency_history_all_scenarios.png"
+
+    name: "Performance"
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Docker Image with cache
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: performance/Dockerfile
+          tags: test-node:latest
+          load: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Run
+        run: |
+          ./performance/runner.sh
+
+      - name: Process latency and docker stats
+        uses: ./.github/actions/process_stats
+
+      - name: Publish history
+        if: github.repository_owner == env.VACP2P
+        uses: ./.github/actions/publish_history
+
+      - name: Generate plots
+        if: github.repository_owner == env.VACP2P
+        uses: ./.github/actions/generate_plots
+
+      - name: Post/Update PR comment
+        if: github.event_name == 'pull_request'
+        uses: ./.github/actions/add_comment
+
+      - name: Upload performance artifacts
+        if: success() || failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: performance-artifacts
+          path: |
+            performance/output/pr*_latency.csv
+            performance/output/*.png
+            history/latency_history/*.png
+          if-no-files-found: ignore
+          retention-days: 7

.github/workflows/pr_lint.yml

@@ -0,0 +1,35 @@
+name: "Conventional Commits"
+
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - reopened
+      - synchronize
+jobs:
+  main:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        id: lint_pr_title
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - uses: marocchino/sticky-pull-request-comment@v2
+        # When the previous steps fails, the workflow would stop. By adding this
+        # condition you can continue the execution with the populated error message.
+        if: always() && (steps.lint_pr_title.outputs.error_message != null)
+        with:
+          header: pr-title-lint-error
+          message: |
+            Pull requests titles must follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/)
+
+      # Delete a previous comment when the issue has been resolved
+      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:   
+          header: pr-title-lint-error
+          delete: true

.gitignore

@@ -16,3 +16,12 @@ tests/pubsub/testgossipsub
 examples/*.md
 nimble.develop
 nimble.paths
+go-libp2p-daemon/
+
+# Ignore all test build files in tests folder (auto generated when running tests).
+# First rule (`tests/**/test*[^.]*`) will ignore all binaries: has prefix test +  does not have dot in name.
+# Second and third rules are here to un-ignores all files with extension and Docker file,
+# because it appears that vs code is skipping text search is some tests files without these rules.
+tests/**/test*[^.]* 
+!tests/**/*.*
+!tests/**/Dockerfile

.pinned

@@ -1,16 +1,21 @@
-bearssl;https://github.com/status-im/nim-bearssl@#f4c4233de453cb7eac0ce3f3ffad6496295f83ab
-chronicles;https://github.com/status-im/nim-chronicles@#32ac8679680ea699f7dbc046e8e0131cac97d41a
-chronos;https://github.com/status-im/nim-chronos@#266e2c0ed26b455872bccb3ddbd316815a283659
-dnsclient;https://github.com/ba0f3/dnsclient.nim@#fcd7443634b950eaea574e5eaa00a628ae029823
-faststreams;https://github.com/status-im/nim-faststreams@#6112432b3a81d9db116cd5d64c39648881cfff29
-httputils;https://github.com/status-im/nim-http-utils@#e88e231dfcef4585fe3b2fbd9b664dbd28a88040
-json_serialization;https://github.com/status-im/nim-json-serialization@#e5b18fb710c3d0167ec79f3b892f5a7a1bc6d1a4
-metrics;https://github.com/status-im/nim-metrics@#0a6477268e850d7bc98347b3875301524871765f
-nimcrypto;https://github.com/cheatfate/nimcrypto@#24e006df85927f64916e60511620583b11403178
-secp256k1;https://github.com/status-im/nim-secp256k1@#c7f1a37d9b0f17292649bfed8bf6cef83cf4221f
-serialization;https://github.com/status-im/nim-serialization@#493d18b8292fc03aa4f835fd825dea1183f97466
-stew;https://github.com/status-im/nim-stew@#23da07c9b59c0ba3d4efa7e4e6e2c4121ae5a156
-testutils;https://github.com/status-im/nim-testutils@#dfc4c1b39f9ded9baf6365014de2b4bfb4dafc34
-unittest2;https://github.com/status-im/nim-unittest2@#f180f596c88dfd266f746ed6f8dbebce39c824db
-websock;https://github.com/status-im/nim-websock@#acbe30e9ca1e51dcbbfe4c552ee6f16c7eede538
-zlib;https://github.com/status-im/nim-zlib@#6a6670afba6b97b29b920340e2641978c05ab4d8
+bearssl;https://github.com/status-im/nim-bearssl@#34d712933a4e0f91f5e66bc848594a581504a215
+chronicles;https://github.com/status-im/nim-chronicles@#61759a5e8df8f4d68bcd1b4b8c1adab3e72bbd8d
+chronos;https://github.com/status-im/nim-chronos@#b55e2816eb45f698ddaca8d8473e401502562db2
+dnsclient;https://github.com/ba0f3/dnsclient.nim@#23214235d4784d24aceed99bbfe153379ea557c8
+faststreams;https://github.com/status-im/nim-faststreams@#c51315d0ae5eb2594d0bf41181d0e1aca1b3c01d
+httputils;https://github.com/status-im/nim-http-utils@#79cbab1460f4c0cdde2084589d017c43a3d7b4f1
+json_serialization;https://github.com/status-im/nim-json-serialization@#2b1c5eb11df3647a2cee107cd4cce3593cbb8bcf
+metrics;https://github.com/status-im/nim-metrics@#6142e433fc8ea9b73379770a788017ac528d46ff
+ngtcp2;https://github.com/status-im/nim-ngtcp2@#9456daa178c655bccd4a3c78ad3b8cce1f0add73
+nimcrypto;https://github.com/cheatfate/nimcrypto@#19c41d6be4c00b4a2c8000583bd30cf8ceb5f4b1
+quic;https://github.com/vacp2p/nim-quic@#9370190ded18d78a5a9990f57aa8cbbf947f3891
+results;https://github.com/arnetheduck/nim-results@#df8113dda4c2d74d460a8fa98252b0b771bf1f27
+secp256k1;https://github.com/status-im/nim-secp256k1@#f808ed5e7a7bfc42204ec7830f14b7a42b63c284
+serialization;https://github.com/status-im/nim-serialization@#548d0adc9797a10b2db7f788b804330306293088
+stew;https://github.com/status-im/nim-stew@#0db179256cf98eb9ce9ee7b9bc939f219e621f77
+testutils;https://github.com/status-im/nim-testutils@#9e842bd58420d23044bc55e16088e8abbe93ce51
+unittest2;https://github.com/status-im/nim-unittest2@#8b51e99b4a57fcfb31689230e75595f024543024
+websock;https://github.com/status-im/nim-websock@#d5cd89062cd2d168ef35193c7d29d2102921d97e
+zlib;https://github.com/status-im/nim-zlib@#daa8723fd32299d4ca621c837430c29a5a11e19a
+jwt;https://github.com/vacp2p/nim-jwt@#18f8378de52b241f321c1f9ea905456e89b95c6f
+bearssl_pkey_decoder;https://github.com/vacp2p/bearssl_pkey_decoder@#21dd3710df9345ed2ad8bf8f882761e07863b8e0

README.md

@@ -2,11 +2,11 @@
   <a href="https://libp2p.io"><img width="250" src="./.assets/full-logo.svg?raw=true" alt="nim-libp2p logo" /></a>
 </h1>
 
-<h3 align="center">The Nim implementation of the libp2p Networking Stack.</h3>
+<h3 align="center">The <a href="https://nim-lang.org/">Nim</a> implementation of the <a href="https://libp2p.io/">libp2p</a> Networking Stack.</h3>
 
 <p align="center">
-<a href="https://github.com/status-im/nim-libp2p/actions"><img src="https://github.com/status-im/nim-libp2p/actions/workflows/ci.yml/badge.svg" /></a>
-<a href="https://codecov.io/gh/status-im/nim-libp2p"><img src="https://codecov.io/gh/status-im/nim-libp2p/branch/master/graph/badge.svg?token=UR5JRQ249W"/></a>
+<a href="https://github.com/vacp2p/nim-libp2p/actions"><img src="https://github.com/vacp2p/nim-libp2p/actions/workflows/ci.yml/badge.svg" /></a>
+<a href="https://codecov.io/gh/vacp2p/nim-libp2p"><img src="https://codecov.io/gh/vacp2p/nim-libp2p/branch/master/graph/badge.svg?token=UR5JRQ249W"/></a>
 
 </p>
 
@@ -16,113 +16,76 @@
 <img src="https://img.shields.io/badge/nim-%3E%3D1.2.0-orange.svg?style=flat-square" />
 </p>
 
-## Introduction
-
-An implementation of [libp2p](https://libp2p.io/) in [Nim](https://nim-lang.org/).
-
 # Table of Contents
 - [Background](#background)
 - [Install](#install)
 - [Getting Started](#getting-started)
-- [Modules](#modules)
-- [Users](#users)
 - [Development](#development)
   - [Contribute](#contribute)
-  - [Core Developers](#core-developers)
+  - [Contributors](#contributors)
+  - [Core Maintainers](#core-maintainers)
+- [Modules](#modules)
+- [Users](#users)
+- [Stability](#stability)
 - [License](#license)
 
 ## Background
-libp2p is a networking stack and library modularized out of [The IPFS Project](https://github.com/ipfs/ipfs), and bundled separately for other tools to use.
+libp2p is a [Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer) networking stack, with [implementations](https://github.com/libp2p/libp2p#implementations) in multiple languages derived from the same [specifications.](https://github.com/libp2p/specs)
 
-libp2p is the product of a long and arduous quest of understanding; a deep dive into the internet's network stack and the peer-to-peer protocols from the past. Building large scale peer-to-peer systems has been complex and difficult in the last 15 years and libp2p is a way to fix that. It is a "network stack", a suite of networking protocols that cleanly separates concerns and enables sophisticated applications to only use the protocols they absolutely need, without giving up interoperability and upgradeability.
+Building large scale peer-to-peer systems has been complex and difficult in the last 15 years and libp2p is a way to fix that. It strives to be a modular stack with secure defaults and useful protocols, while remaining open and extensible.
+This is a native Nim implementation, using [chronos](https://github.com/status-im/nim-chronos) for asynchronous execution. It's used in production by a few [projects](#users)
 
-libp2p grew out of IPFS, but it is built so that lots of people can use it, for lots of different projects.
-
-- Learn more about libp2p at [**libp2p.io**](https://libp2p.io) and follow our evolving documentation efforts at [**docs.libp2p.io**](https://docs.libp2p.io).
-- [Here](https://github.com/libp2p/libp2p#description) is an overview of libp2p and its implementations in other programming languages.
+Learn more about libp2p at [**libp2p.io**](https://libp2p.io) and follow libp2p's documentation [**docs.libp2p.io**](https://docs.libp2p.io).
 
 ## Install
-**Prerequisite**
-- [Nim](https://nim-lang.org/install.html)
+
+> The currently supported Nim versions are 2.0 and 2.2.
+
 ```
 nimble install libp2p
 ```
+You'll find the nim-libp2p documentation [here](https://vacp2p.github.io/nim-libp2p/docs/). See [examples](./examples) for simple usage patterns.
 
 ## Getting Started
-You'll find the documentation [here](https://status-im.github.io/nim-libp2p/docs/).
+Try out the chat example. Full code can be found [here](https://github.com/vacp2p/nim-libp2p/blob/master/examples/directchat.nim):
 
-**Go Daemon:**
-Please find the installation and usage intructions in [daemonapi.md](examples/go-daemon/daemonapi.md).
+```bash
+nim c -r --threads:on examples/directchat.nim
+```
 
-## Modules
+This will output a peer ID such as `QmbmHfVvouKammmQDJck4hz33WvVktNEe7pasxz2HgseRu` which you can use in another instance to connect to it.
 
-List of packages modules implemented in nim-libp2p:
+```bash
+./examples/directchat
+/connect QmbmHfVvouKammmQDJck4hz33WvVktNEe7pasxz2HgseRu # change this hash by the hash you were given
+```
 
-| Name                                                       | Description                                                                                                      |
-| ---------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- |
-| **Libp2p**                                                 |                                                                                                                  |
-| [libp2p](libp2p/switch.nim)                                | The core of the project                                                                                          |
-| [connmanager](libp2p/connmanager.nim)                      | Connection manager                                                                                               |
-| [identify / push identify](libp2p/protocols/identify.nim)  | [Identify](https://docs.libp2p.io/concepts/protocols/#identify) protocol                                         |
-| [ping](libp2p/protocols/ping.nim)                          | [Ping](https://docs.libp2p.io/concepts/protocols/#ping) protocol                                                 |
-| [libp2p-daemon-client](libp2p/daemon/daemonapi.nim)        | [go-daemon](https://github.com/libp2p/go-libp2p-daemon) nim wrapper                                              |
-| [interop-libp2p](tests/testinterop.nim)                    | Interop tests                                                                                                    |
-| **Transports**                                             |                                                                                                                  |
-| [libp2p-tcp](libp2p/transports/tcptransport.nim)           | TCP transport                                                                                                    |
-| [libp2p-ws](libp2p/transports/wstransport.nim)             | WebSocket & WebSocket Secure transport                                                                           |
-| **Secure Channels**                                        |                                                                                                                  |
-| [libp2p-secio](libp2p/protocols/secure/secio.nim)          | [Secio](https://docs.libp2p.io/concepts/protocols/#secio) secure channel                                         |
-| [libp2p-noise](libp2p/protocols/secure/noise.nim)          | [Noise](https://github.com/libp2p/specs/tree/master/noise) secure channel                                        |
-| [libp2p-plaintext](libp2p/protocols/secure/plaintext.nim)  | [Plain Text](https://github.com/libp2p/specs/tree/master/plaintext) for development purposes                     |
-| **Stream Multiplexers**                                    |                                                                                                                  |
-| [libp2p-mplex](libp2p/muxers/mplex/mplex.nim)              | [MPlex](https://github.com/libp2p/specs/tree/master/mplex) multiplexer                                           |
-| **Data Types**                                             |                                                                                                                  |
-| [peer-id](libp2p/peerid.nim)                               | [Cryptographic identifiers](https://docs.libp2p.io/concepts/peer-id/)                                            |
-| [peer-store](libp2p/peerstore.nim)                         | ["Phone book" of known peers](https://docs.libp2p.io/concepts/peer-id/#peerinfo)                                 |
-| [multiaddress](libp2p/multiaddress.nim)                    | [Composable network addresses](https://github.com/multiformats/multiaddr)                                        |
-| [signed envelope](libp2p/signed_envelope.nim)              | [Signed generic data container](https://github.com/libp2p/specs/blob/master/RFC/0002-signed-envelopes.md)        |
-| [routing record](libp2p/routing_record.nim)                | [Signed peer dialing informations](https://github.com/libp2p/specs/blob/master/RFC/0003-routing-records.md)      |
-| **Utilities**                                              |                                                                                                                  |
-| [libp2p-crypto](libp2p/crypto)                             | Cryptographic backend                                                                                            |
-| [libp2p-crypto-secp256k1](libp2p/crypto/secp.nim)          |                                                                                                                  |
-| **Pubsub**                                                 |                                                                                                                  |
-| [libp2p-pubsub](libp2p/protocols/pubsub/pubsub.nim)        | Pub-Sub generic interface                                                                                        |
-| [libp2p-floodsub](libp2p/protocols/pubsub/floodsub.nim)    | FloodSub implementation                                                                                          |
-| [libp2p-gossipsub](libp2p/protocols/pubsub/gossipsub.nim)  | [GossipSub](https://docs.libp2p.io/concepts/publish-subscribe/) implementation                                   |
+You can now chat between the instances!
 
-## Users
-
-nim-libp2p is used by:
-- [Nimbus](https://github.com/status-im/nimbus-eth2), an Ethereum client
-- [nwaku](https://github.com/status-im/nwaku), a decentralized messaging application
-- [nim-codex](https://github.com/status-im/nim-codex), a decentralized storage application
-- (open a pull request if you want to be included here)
-
-## Stability
-nim-libp2p has been used in production for over a year in high-stake scenarios, so its core is considered stable.
-Some modules are more recent and less stable.
-
-The versioning follows [semver](https://semver.org/), with some additions:
-- Some of libp2p procedures are marked as `.public.`, they will remain compatible during each `MAJOR` version
-- The rest of the procedures are considered internal, and can change at any `MINOR` version (but remain compatible for each new `PATCH`)
-
-We aim to be compatible at all time with at least 2 Nim `MINOR` versions, currently `1.2 & 1.6`
+![Chat example](https://imgur.com/caYRu8K.gif)
 
 ## Development
-Clone and Install dependencies:
+Clone the repository and install the dependencies:
 ```sh
-git clone https://github.com/status-im/nim-libp2p
+git clone https://github.com/vacp2p/nim-libp2p
 cd nim-libp2p
 nimble install -dy
 ```
+You can use `nix develop` to start a shell with Nim and Nimble.
 
+nimble 0.20.1 is required for running `testnative`. At time of writing, this is not available in nixpkgs: If using `nix develop`, follow up with `nimble install nimble`, and use that (typically `~/.nimble/bin/nimble`).
+
+### Testing
 Run unit tests:
 ```sh
 # run all the unit tests
 nimble test
 ```
-This requires the go daemon to be available. To only run native tests, use `nimble testnative`.
-Or use `nimble tasks` to show all available tasks.
+
+For a list of all available test suites, use:
+```
+nimble tasks
+```
 
 ### Contribute
 
@@ -130,14 +93,36 @@ The libp2p implementation in Nim is a work in progress. We welcome contributors
 - Go through the modules and **check out existing issues**. This would be especially useful for modules in active development. Some knowledge of IPFS/libp2p may be required, as well as the infrastructure behind it.
 - **Perform code reviews**. Feel free to let us know if you found anything that can a) speed up the project development b) ensure better quality and c) reduce possible future bugs.
 - **Add tests**. Help nim-libp2p to be more robust by adding more tests to the [tests folder](tests/).
+- **Small PRs**. Try to keep PRs atomic and digestible. This makes the review process and pinpointing bugs easier.
+- **Code format**. Code should be formatted with [nph](https://github.com/arnetheduck/nph) and follow the [Status Nim Style Guide](https://status-im.github.io/nim-style-guide/).
+- **Join the Conversation**. Connect with other contributors in our [community channel](https://discord.com/channels/1204447718093750272/1351621032263417946). Ask questions, share ideas, get support, and stay informed about the latest updates from the maintainers.
 
-The code follows the [Status Nim Style Guide](https://status-im.github.io/nim-style-guide/).
+### Contributors
+<a href="https://github.com/vacp2p/nim-libp2p/graphs/contributors"><img src="https://contrib.rocks/image?repo=vacp2p/nim-libp2p" alt="nim-libp2p contributors"></a>
 
-### Core Developers
-[@cheatfate](https://github.com/cheatfate), [Dmitriy Ryajov](https://github.com/dryajov), [Tanguy](https://github.com/Menduist), [Zahary Karadjov](https://github.com/zah)
+### Core Maintainers
+<table>
+  <tbody>
+    <tr>
+      <td align="center"><a href="https://github.com/richard-ramos"><img src="https://avatars.githubusercontent.com/u/1106587?v=4?s=100" width="100px;" alt="Richard"/><br /><sub><b>Richard</b></sub></a></td>
+      <td align="center"><a href="https://github.com/vladopajic"><img src="https://avatars.githubusercontent.com/u/4353513?v=4?s=100" width="100px;" alt="Vlado"/><br /><sub><b>Vlado</b></sub></a></td>
+      <td align="center"><a href="https://github.com/gmelodie"><img src="https://avatars.githubusercontent.com/u/8129788?v=4?s=100" width="100px;" alt="Gabe"/><br /><sub><b>Gabe</b></sub></a></td>
+    </tr>
+  </tbody>
+</table>
 
 ### Compile time flags
 
+Enable quic transport support
+```bash
+nim c -d:libp2p_quic_support some_file.nim
+```
+
+Enable autotls support
+```bash
+nim c -d:libp2p_autotls_support some_file.nim
+```
+
 Enable expensive metrics (ie, metrics with per-peer cardinality):
 ```bash
 nim c -d:libp2p_expensive_metrics some_file.nim
@@ -153,6 +138,62 @@ Specify gossipsub specific topics to measure in the metrics:
 nim c -d:KnownLibP2PTopics=topic1,topic2,topic3 some_file.nim
 ```
 
+
+## Modules
+List of packages modules implemented in nim-libp2p:
+
+| Name                                                       | Description                                                                                                      |
+| ---------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- |
+| **Libp2p**                                                 |                                                                                                                  |
+| [libp2p](libp2p/switch.nim)                                | The core of the project                                                                                          |
+| [connmanager](libp2p/connmanager.nim)                      | Connection manager                                                                                               |
+| [identify / push identify](libp2p/protocols/identify.nim)  | [Identify](https://docs.libp2p.io/concepts/fundamentals/protocols/#identify) protocol                            |
+| [ping](libp2p/protocols/ping.nim)                          | [Ping](https://docs.libp2p.io/concepts/fundamentals/protocols/#ping) protocol                                    |
+| **Transports**                                             |                                                                                                                  |
+| [libp2p-tcp](libp2p/transports/tcptransport.nim)           | TCP transport                                                                                                    |
+| [libp2p-ws](libp2p/transports/wstransport.nim)             | WebSocket & WebSocket Secure transport                                                                           |
+| [libp2p-tor](libp2p/transports/tortransport.nim)           | Tor Transport                                                                                                    |
+| [libp2p-quic](libp2p/transports/quictransport.nim)         | Quic Transport                                                                                                   |
+| [libp2p-memory](libp2p/transports/memorytransport.nim)     | Memory Transport                                                                                                 |
+| **Secure Channels**                                        |                                                                                                                  |
+| [libp2p-noise](libp2p/protocols/secure/noise.nim)          | [Noise](https://docs.libp2p.io/concepts/secure-comm/noise/) secure channel                                       |
+| [libp2p-plaintext](libp2p/protocols/secure/plaintext.nim)  | Plain Text for development purposes                                                                              |
+| **Stream Multiplexers**                                    |                                                                                                                  |
+| [libp2p-mplex](libp2p/muxers/mplex/mplex.nim)              | [MPlex](https://github.com/libp2p/specs/tree/master/mplex) multiplexer                                           |
+| [libp2p-yamux](libp2p/muxers/yamux/yamux.nim)              | [Yamux](https://docs.libp2p.io/concepts/multiplex/yamux/) multiplexer                                            |
+| **Data Types**                                             |                                                                                                                  |
+| [peer-id](libp2p/peerid.nim)                               | [Cryptographic identifiers](https://docs.libp2p.io/concepts/fundamentals/peers/#peer-id)                         |
+| [peer-store](libp2p/peerstore.nim)                         | [Address book of known peers](https://docs.libp2p.io/concepts/fundamentals/peers/#peer-store)                  |
+| [multiaddress](libp2p/multiaddress.nim)                    | [Composable network addresses](https://github.com/multiformats/multiaddr)                                        |
+| [signed-envelope](libp2p/signed_envelope.nim)              | [Signed generic data container](https://github.com/libp2p/specs/blob/master/RFC/0002-signed-envelopes.md)        |
+| [routing-record](libp2p/routing_record.nim)                | [Signed peer dialing informations](https://github.com/libp2p/specs/blob/master/RFC/0003-routing-records.md)      |
+| [discovery manager](libp2p/discovery/discoverymngr.nim)    | Discovery Manager                                                                                                |
+| **Utilities**                                              |                                                                                                                  |
+| [libp2p-crypto](libp2p/crypto)                             | Cryptographic backend                                                                                            |
+| [libp2p-crypto-secp256k1](libp2p/crypto/secp.nim)          |                                                                                                                  |
+| **Pubsub**                                                 |                                                                                                                  |
+| [libp2p-pubsub](libp2p/protocols/pubsub/pubsub.nim)        | Pub-Sub generic interface                                                                                        |
+| [libp2p-floodsub](libp2p/protocols/pubsub/floodsub.nim)    | FloodSub implementation                                                                                          |
+| [libp2p-gossipsub](libp2p/protocols/pubsub/gossipsub.nim)  | [GossipSub](https://docs.libp2p.io/concepts/publish-subscribe/) implementation                                   |
+
+## Users
+
+nim-libp2p is used by:
+- [Nimbus](https://github.com/status-im/nimbus-eth2), an Ethereum client
+- [nwaku](https://github.com/waku-org/nwaku), a decentralized messaging application
+- [nim-codex](https://github.com/codex-storage/nim-codex), a decentralized storage application
+- (open a pull request if you want to be included here)
+
+## Stability
+nim-libp2p has been used in production for over a year in high-stake scenarios, so its core is considered stable.
+Some modules are more recent and less stable.
+
+The versioning follows [semver](https://semver.org/), with some additions:
+- Some of libp2p procedures are marked as `.public.`, they will remain compatible during each `MAJOR` version
+- The rest of the procedures are considered internal, and can change at any `MINOR` version (but remain compatible for each new `PATCH`)
+
+We aim to be compatible at all time with at least 2 Nim `MINOR` versions, currently `2.0 & 2.2`
+
 ## License
 
 Licensed and distributed under either of

codecov.yml

@@ -1,14 +1,8 @@
 codecov:
   notify:
     require_ci_to_pass: true
-    # must be the number of coverage report builds
-    # notice that this number is for PRs;
-    # like this we disabled notify on pure branches report
-    # which is fine I guess
-    after_n_builds: 28
 comment:
   layout: "reach, diff, flags, files"
-  after_n_builds: 28 # must be the number of coverage report builds
 coverage:
   status:
     project:
@@ -16,4 +10,4 @@ coverage:
         # basic settings
         target: auto
         threshold: 5%
-        base: auto
+        base: auto

config.nims

@@ -1,23 +1,30 @@
 # to allow locking
 if dirExists("nimbledeps/pkgs"):
   switch("NimblePath", "nimbledeps/pkgs")
+if dirExists("nimbledeps/pkgs2"):
+  switch("NimblePath", "nimbledeps/pkgs2")
 
+switch("warningAsError", "UnusedImport:on")
+switch("warningAsError", "UseBase:on")
 switch("warning", "CaseTransition:off")
 switch("warning", "ObservableStores:off")
 switch("warning", "LockLevel:off")
---define:chronosStrictException
---styleCheck:usages
-if (NimMajor, NimMinor) < (1, 6):
-  --styleCheck:hint
-else:
-  --styleCheck:error
+
+--styleCheck:
+  usages
+--styleCheck:
+  error
+--mm:
+  refc
+  # reconsider when there's a version-2-2 branch worth testing with as we might switch to orc
 
 # Avoid some rare stack corruption while using exceptions with a SEH-enabled
 # toolchain: https://github.com/status-im/nimbus-eth2/issues/3121
 if defined(windows) and not defined(vcc):
-  --define:nimRawSetjmp
+  --define:
+    nimRawSetjmp
 
-# begin Nimble config (version 1)
-when fileExists("nimble.paths"):
+# begin Nimble config (version 2)
+when withDir(thisDir(), system.fileExists("nimble.paths")):
   include "nimble.paths"
 # end Nimble config

examples/README.md

@@ -1,6 +1,5 @@
-# nim-libp2p documentation
+# nim-libp2p examples
 
-Welcome to the nim-libp2p documentation!
+In this folder, you'll find the sources of the [nim-libp2p website](https://vacp2p.github.io/nim-libp2p/docs/)
 
-Here, you'll find [tutorials](tutorial_1_connect.md) to help you get started, as well as 
-the [full reference](https://status-im.github.io/nim-libp2p/master/libp2p.html).
+We recommand to follow the tutorials on the website, but feel free to grok the sources here!

examples/circuitrelay.nim

@@ -1,40 +1,48 @@
+{.used.}
 ## # Circuit Relay example
 ##
 ## Circuit Relay can be used when a node cannot reach another node
-## directly, but can reach it through a another node (the Relay).
+## directly, but can reach it through another node (the Relay).
 ##
 ## That may happen because of NAT, Firewalls, or incompatible transports.
 ##
 ## More informations [here](https://docs.libp2p.io/concepts/circuit-relay/).
 import chronos, stew/byteutils
-import libp2p,
-       libp2p/protocols/connectivity/relay/[relay, client]
+import libp2p, libp2p/protocols/connectivity/relay/[relay, client]
 
 # Helper to create a circuit relay node
 proc createCircuitRelaySwitch(r: Relay): Switch =
-  SwitchBuilder.new()
-    .withRng(newRng())
-    .withAddresses(@[ MultiAddress.init("/ip4/0.0.0.0/tcp/0").tryGet() ])
-    .withTcpTransport()
-    .withMplex()
-    .withNoise()
-    .withCircuitRelay(r)
-    .build()
+  SwitchBuilder
+  .new()
+  .withRng(newRng())
+  .withAddresses(@[MultiAddress.init("/ip4/0.0.0.0/tcp/0").tryGet()])
+  .withTcpTransport()
+  .withMplex()
+  .withNoise()
+  .withCircuitRelay(r)
+  .build()
 
 proc main() {.async.} =
   # Create a custom protocol
   let customProtoCodec = "/test"
   var proto = new LPProtocol
   proto.codec = customProtoCodec
-  proto.handler = proc(conn: Connection, proto: string) {.async.} =
-    var msg = string.fromBytes(await conn.readLp(1024))
-    echo "1 - Dst Received: ", msg
-    assert "test1" == msg
-    await conn.writeLp("test2")
-    msg = string.fromBytes(await conn.readLp(1024))
-    echo "2 - Dst Received: ", msg
-    assert "test3" == msg
-    await conn.writeLp("test4")
+  proto.handler = proc(
+      conn: Connection, proto: string
+  ) {.async: (raises: [CancelledError]).} =
+    try:
+      var msg = string.fromBytes(await conn.readLp(1024))
+      echo "1 - Dst Received: ", msg
+      assert "test1" == msg
+      await conn.writeLp("test2")
+      msg = string.fromBytes(await conn.readLp(1024))
+      echo "2 - Dst Received: ", msg
+      assert "test3" == msg
+      await conn.writeLp("test4")
+    except CancelledError as e:
+      raise e
+    except CatchableError as e:
+      echo "exception in handler", e.msg
 
   let
     relay = Relay.new()
@@ -56,9 +64,11 @@ proc main() {.async.} =
 
   let
     # Create a relay address to swDst using swRel as the relay
-    addrs = MultiAddress.init($swRel.peerInfo.addrs[0] & "/p2p/" &
-                              $swRel.peerInfo.peerId & "/p2p-circuit/p2p/" &
-                              $swDst.peerInfo.peerId).get()
+    addrs = MultiAddress
+      .init(
+        $swRel.peerInfo.addrs[0] & "/p2p/" & $swRel.peerInfo.peerId & "/p2p-circuit"
+      )
+      .get()
 
   # Connect Dst to the relay
   await swDst.connect(swRel.peerInfo.peerId, swRel.peerInfo.addrs)
@@ -67,7 +77,7 @@ proc main() {.async.} =
   let rsvp = await clDst.reserve(swRel.peerInfo.peerId, swRel.peerInfo.addrs)
 
   # Src dial Dst using the relay
-  let conn = await swSrc.dial(swDst.peerInfo.peerId, @[ addrs ], customProtoCodec)
+  let conn = await swSrc.dial(swDst.peerInfo.peerId, @[addrs], customProtoCodec)
 
   await conn.writeLp("test1")
   var msg = string.fromBytes(await conn.readLp(1024))

examples/directchat.nim

@@ -1,15 +1,13 @@
-when not(compileOption("threads")):
+{.used.}
+when not (compileOption("threads")):
   {.fatal: "Please, compile this program with the --threads:on option!".}
 
-import
-  strformat, strutils,
-  stew/byteutils,
-  chronos,
-  libp2p
+import strformat, strutils, stew/byteutils, chronos, libp2p
 
 const DefaultAddr = "/ip4/127.0.0.1/tcp/0"
 
-const Help = """
+const Help =
+  """
   Commands: /[?|help|connect|disconnect|exit]
   help: Prints this help
   connect: dials a remote peer
@@ -17,12 +15,11 @@ const Help = """
   exit: closes the chat
 """
 
-type
-  Chat = ref object
-    switch: Switch          # a single entry point for dialing and listening to peer
-    stdinReader: StreamTransport # transport streams between read & write file descriptor
-    conn: Connection        # connection to the other peer
-    connected: bool         # if the node is connected to another peer
+type Chat = ref object
+  switch: Switch # a single entry point for dialing and listening to peer
+  stdinReader: StreamTransport # transport streams between read & write file descriptor
+  conn: Connection # connection to the other peer
+  connected: bool # if the node is connected to another peer
 
 ##
 # Stdout helpers, to write the prompt
@@ -41,19 +38,23 @@ proc writeStdout(c: Chat, str: string) =
 ##
 const ChatCodec = "/nim-libp2p/chat/1.0.0"
 
-type
-  ChatProto = ref object of LPProtocol
+type ChatProto = ref object of LPProtocol
 
 proc new(T: typedesc[ChatProto], c: Chat): T =
   let chatproto = T()
 
   # create handler for incoming connection
-  proc handle(stream: Connection, proto: string) {.async.} =
-    if c.connected and not c.conn.closed:
-      c.writeStdout "a chat session is already in progress - refusing incoming peer!"
-      await stream.close()
-    else:
-      await c.handlePeer(stream)
+  proc handle(stream: Connection, proto: string) {.async: (raises: [CancelledError]).} =
+    try:
+      if c.connected and not c.conn.closed:
+        c.writeStdout "a chat session is already in progress - refusing incoming peer!"
+      else:
+        await c.handlePeer(stream)
+    except CancelledError as e:
+      raise e
+    except CatchableError as e:
+      echo "exception in handler", e.msg
+    finally:
       await stream.close()
 
   # assign the new handler
@@ -77,9 +78,9 @@ proc handlePeer(c: Chat, conn: Connection) {.async.} =
         strData = await conn.readLp(1024)
         str = string.fromBytes(strData)
       c.writeStdout $conn.peerId & ": " & $str
-
   except LPStreamEOFError:
-    defer: c.writeStdout $conn.peerId & " disconnected"
+    defer:
+      c.writeStdout $conn.peerId & " disconnected"
     await c.conn.close()
     c.connected = false
 
@@ -88,10 +89,7 @@ proc dialPeer(c: Chat, address: string) {.async.} =
   let
     multiAddr = MultiAddress.init(address).tryGet()
     # split the peerId part /p2p/...
-    peerIdBytes = multiAddr[multiCodec("p2p")]
-      .tryGet()
-      .protoAddress()
-      .tryGet()
+    peerIdBytes = multiAddr[multiCodec("p2p")].tryGet().protoAddress().tryGet()
     remotePeer = PeerId.init(peerIdBytes).tryGet()
     # split the wire address
     ip4Addr = multiAddr[multiCodec("ip4")].tryGet()
@@ -124,7 +122,6 @@ proc readLoop(c: Chat) {.async.} =
       let address = await c.stdinReader.readLine()
       if address.len > 0:
         await c.dialPeer(address)
-
     elif line.startsWith("/exit"):
       if c.connected and c.conn.closed.not:
         await c.conn.close()
@@ -171,16 +168,18 @@ proc main() {.async.} =
 
   var switch = SwitchBuilder
     .new()
-    .withRng(rng)       # Give the application RNG
+    .withRng(rng)
+    # Give the application RNG
     .withAddress(localAddress)
-    .withTcpTransport() # Use TCP as transport
-    .withMplex()        # Use Mplex as muxer
-    .withNoise()        # Use Noise as secure manager
+    .withTcpTransport()
+    # Use TCP as transport
+    .withMplex()
+    # Use Mplex as muxer
+    .withNoise()
+    # Use Noise as secure manager
     .build()
 
-  let chat = Chat(
-    switch: switch,
-    stdinReader: stdinReader)
+  let chat = Chat(switch: switch, stdinReader: stdinReader)
 
   switch.mount(ChatProto.new(chat))
 

examples/examples_build.nim

@@ -0,0 +1,3 @@
+{.used.}
+
+import directchat, tutorial_6_game

examples/examples_run.nim

@@ -0,0 +1,5 @@
+{.used.}
+
+import
+  helloworld, circuitrelay, tutorial_1_connect, tutorial_2_customproto,
+  tutorial_3_protobuf, tutorial_4_gossipsub, tutorial_5_discovery

examples/go-daemon/bootstrap.nim

@@ -1,55 +0,0 @@
-import chronos, nimcrypto, strutils
-import ../../libp2p/daemon/daemonapi
-import ../hexdump
-
-const
-  PubSubTopic = "test-net"
-
-proc dumpSubscribedPeers(api: DaemonAPI) {.async.} =
-  var peers = await api.pubsubListPeers(PubSubTopic)
-  echo "= List of connected and subscribed peers:"
-  for item in peers:
-    echo item.pretty()
-
-proc dumpAllPeers(api: DaemonAPI) {.async.} =
-  var peers = await api.listPeers()
-  echo "Current connected peers count = ", len(peers)
-  for item in peers:
-    echo item.peer.pretty()
-
-proc monitor(api: DaemonAPI) {.async.} =
-  while true:
-    echo "Dumping all peers"
-    await dumpAllPeers(api)
-    await sleepAsync(5000)
-
-proc main() {.async.} =
-  echo "= Starting P2P bootnode"
-  var api = await newDaemonApi({DHTFull, PSGossipSub})
-  var id = await api.identity()
-  echo "= P2P bootnode ", id.peer.pretty(), " started."
-  let mcip4 = multiCodec("ip4")
-  let mcip6 = multiCodec("ip6")
-  echo "= You can use one of this addresses to bootstrap your nodes:"
-  for item in id.addresses:
-    if item.protoCode() == mcip4 or item.protoCode() == mcip6:
-      echo $item & "/ipfs/" & id.peer.pretty()
-
-  asyncSpawn monitor(api)
-
-  proc pubsubLogger(api: DaemonAPI,
-                    ticket: PubsubTicket,
-                    message: PubSubMessage): Future[bool] {.async.} =
-    let msglen = len(message.data)
-    echo "= Recieved pubsub message with length ", msglen,
-         " bytes from peer ", message.peer.pretty()
-    echo dumpHex(message.data)
-    await api.dumpSubscribedPeers()
-    result = true
-
-  var ticket = await api.pubsubSubscribe(PubSubTopic, pubsubLogger)
-
-when isMainModule:
-  waitFor(main())
-  while true:
-    poll()

examples/go-daemon/chat.nim

@@ -1,134 +0,0 @@
-import chronos, nimcrypto, strutils
-import ../../libp2p/daemon/daemonapi
-
-## nim c -r --threads:on chat.nim
-when not(compileOption("threads")):
-  {.fatal: "Please, compile this program with the --threads:on option!".}
-
-const
-  ServerProtocols = @["/test-chat-stream"]
-
-type
-  CustomData = ref object
-    api: DaemonAPI
-    remotes: seq[StreamTransport]
-    consoleFd: AsyncFD
-    serveFut: Future[void]
-
-proc threadMain(wfd: AsyncFD) {.thread.} =
-  ## This procedure performs reading from `stdin` and sends data over
-  ## pipe to main thread.
-  var transp = fromPipe(wfd)
-
-  while true:
-    var line = stdin.readLine()
-    let res = waitFor transp.write(line & "\r\n")
-
-proc serveThread(udata: CustomData) {.async.} =
-  ## This procedure perform reading on pipe and sends data to remote clients.
-  var transp = fromPipe(udata.consoleFd)
-
-  proc remoteReader(transp: StreamTransport) {.async.} =
-    while true:
-      var line = await transp.readLine()
-      if len(line) == 0:
-        break
-      echo ">> ", line
-
-  while true:
-    try:
-      var line = await transp.readLine()
-      if line.startsWith("/connect"):
-        var parts = line.split(" ")
-        if len(parts) == 2:
-          var peerId = PeerId.init(parts[1])
-          var address = MultiAddress.init(multiCodec("p2p-circuit"))
-          address &= MultiAddress.init(multiCodec("p2p"), peerId)
-          echo "= Searching for peer ", peerId.pretty()
-          var id = await udata.api.dhtFindPeer(peerId)
-          echo "= Peer " & parts[1] & " found at addresses:"
-          for item in id.addresses:
-            echo $item
-          echo "= Connecting to peer ", $address
-          await udata.api.connect(peerId, @[address], 30)
-          echo "= Opening stream to peer chat ", parts[1]
-          var stream = await udata.api.openStream(peerId, ServerProtocols)
-          udata.remotes.add(stream.transp)
-          echo "= Connected to peer chat ", parts[1]
-          asyncSpawn remoteReader(stream.transp)
-      elif line.startsWith("/search"):
-        var parts = line.split(" ")
-        if len(parts) == 2:
-          var peerId = PeerId.init(parts[1])
-          echo "= Searching for peer ", peerId.pretty()
-          var id = await udata.api.dhtFindPeer(peerId)
-          echo "= Peer " & parts[1] & " found at addresses:"
-          for item in id.addresses:
-            echo $item
-      elif line.startsWith("/consearch"):
-        var parts = line.split(" ")
-        if len(parts) == 2:
-          var peerId = PeerId.init(parts[1])
-          echo "= Searching for peers connected to peer ", parts[1]
-          var peers = await udata.api.dhtFindPeersConnectedToPeer(peerId)
-          echo "= Found ", len(peers), " connected to peer ", parts[1]
-          for item in peers:
-            var peer = item.peer
-            var addresses = newSeq[string]()
-            var relay = false
-            for a in item.addresses:
-              addresses.add($a)
-              if a.protoName() == "/p2p-circuit":
-                relay = true
-                break
-            if relay:
-              echo peer.pretty(), " * ",  " [", addresses.join(", "), "]"
-            else:
-              echo peer.pretty(), " [", addresses.join(", "), "]"
-      elif line.startsWith("/exit"):
-        break
-      else:
-        var msg = line & "\r\n"
-        echo "<< ", line
-        var pending = newSeq[Future[int]]()
-        for item in udata.remotes:
-          pending.add(item.write(msg))
-        if len(pending) > 0:
-          var results = await all(pending)
-    except:
-      echo getCurrentException().msg
-
-proc main() {.async.} =
-  var data = new CustomData
-  data.remotes = newSeq[StreamTransport]()
-
-  var (rfd, wfd) = createAsyncPipe()
-  if rfd == asyncInvalidPipe or wfd == asyncInvalidPipe:
-    raise newException(ValueError, "Could not initialize pipe!")
-
-  data.consoleFd = rfd
-
-  data.serveFut = serveThread(data)
-  var thread: Thread[AsyncFD]
-  thread.createThread(threadMain, wfd)
-
-  echo "= Starting P2P node"
-  data.api = await newDaemonApi({DHTFull, Bootstrap})
-  await sleepAsync(3000)
-  var id = await data.api.identity()
-
-  proc streamHandler(api: DaemonAPI, stream: P2PStream) {.async.} =
-    echo "= Peer ", stream.peer.pretty(), " joined chat"
-    data.remotes.add(stream.transp)
-    while true:
-      var line = await stream.transp.readLine()
-      if len(line) == 0:
-        break
-      echo ">> ", line
-
-  await data.api.addHandler(ServerProtocols, streamHandler)
-  echo "= Your PeerId is ", id.peer.pretty()
-  await data.serveFut
-
-when isMainModule:
-  waitFor(main())

examples/go-daemon/daemonapi.md

@@ -1,56 +0,0 @@
-# Table of Contents
-- [Introduction](#introduction)
-- [Installation](#installation)
-- [Usage](#usage)
-  - [Example](#example)
-  - [Getting Started](#getting-started)
-
-# Introduction
-This is a libp2p-backed daemon wrapping the functionalities of go-libp2p for use in Nim. <br>
-For more information about the go daemon, check out [this repository](https://github.com/libp2p/go-libp2p-daemon).
-
-# Installation
-```sh
-# clone and install dependencies
-git clone https://github.com/status-im/nim-libp2p
-cd nim-libp2p
-nimble install
-
-# perform unit tests
-nimble test
-
-# update the git submodule to install the go daemon 
-git submodule update --init --recursive
-go version
-git clone https://github.com/libp2p/go-libp2p-daemon
-cd go-libp2p-daemon
-git checkout v0.0.1
-go install ./...
-cd ..
-```
-
-# Usage 
-
-## Example
-Examples can be found in the [examples folder](https://github.com/status-im/nim-libp2p/tree/readme/examples/go-daemon)
-
-## Getting Started
-Try out the chat example. Full code can be found [here](https://github.com/status-im/nim-libp2p/blob/master/examples/chat.nim):
-
-```bash
-nim c -r --threads:on examples/directchat.nim
-```
-
-This will output a peer ID such as `QmbmHfVvouKammmQDJck4hz33WvVktNEe7pasxz2HgseRu` which you can use in another instance to connect to it.
-
-```bash
-./examples/directchat
-/connect QmbmHfVvouKammmQDJck4hz33WvVktNEe7pasxz2HgseRu
-```
-
-You can now chat between the instances!
-
-![Chat example](https://imgur.com/caYRu8K.gif)
-
-
-

examples/go-daemon/node.nim

@@ -1,47 +0,0 @@
-import chronos, nimcrypto, strutils, os
-import ../../libp2p/daemon/daemonapi
-
-const
-  PubSubTopic = "test-net"
-
-proc main(bn: string) {.async.} =
-  echo "= Starting P2P node"
-  var bootnodes = bn.split(",")
-  var api = await newDaemonApi({DHTFull, PSGossipSub, WaitBootstrap},
-                               bootstrapNodes = bootnodes,
-                               peersRequired = 1)
-  var id = await api.identity()
-  echo "= P2P node ", id.peer.pretty(), " started:"
-  for item in id.addresses:
-    echo item
-
-  proc pubsubLogger(api: DaemonAPI,
-                    ticket: PubsubTicket,
-                    message: PubSubMessage): Future[bool] {.async.} =
-    let msglen = len(message.data)
-    echo "= Recieved pubsub message with length ", msglen,
-         " bytes from peer ", message.peer.pretty(), ": "
-    var strdata = cast[string](message.data)
-    echo strdata
-    result = true
-
-  var ticket = await api.pubsubSubscribe(PubSubTopic, pubsubLogger)
-
-  # Waiting for gossipsub interval
-  while true:
-    var peers = await api.pubsubListPeers(PubSubTopic)
-    if len(peers) > 0:
-      break
-    await sleepAsync(1000)
-
-  var data = "HELLO\r\n"
-  var msgData = cast[seq[byte]](data)
-  await api.pubsubPublish(PubSubTopic, msgData)
-
-when isMainModule:
-  if paramCount() != 1:
-    echo "Please supply bootnodes!"
-  else:
-    waitFor(main(paramStr(1)))
-    while true:
-      poll()

examples/helloworld.nim

@@ -1,5 +1,7 @@
-import chronos         # an efficient library for async
-import stew/byteutils  # various utils
+{.used.}
+
+import chronos # an efficient library for async
+import stew/byteutils # various utils
 import libp2p
 
 ##
@@ -7,20 +9,23 @@ import libp2p
 ##
 const TestCodec = "/test/proto/1.0.0" # custom protocol string identifier
 
-type
-  TestProto = ref object of LPProtocol # declare a custom protocol
+type TestProto = ref object of LPProtocol # declare a custom protocol
 
 proc new(T: typedesc[TestProto]): T =
-
   # every incoming connections will be in handled in this closure
-  proc handle(conn: Connection, proto: string) {.async, gcsafe.} =
-    echo "Got from remote - ", string.fromBytes(await conn.readLp(1024))
-    await conn.writeLp("Roger p2p!")
+  proc handle(conn: Connection, proto: string) {.async: (raises: [CancelledError]).} =
+    try:
+      echo "Got from remote - ", string.fromBytes(await conn.readLp(1024))
+      await conn.writeLp("Roger p2p!")
+    except CancelledError as e:
+      raise e
+    except CatchableError as e:
+      echo "exception in handler", e.msg
+    finally:
+      # We must close the connections ourselves when we're done with it
+      await conn.close()
 
-    # We must close the connections ourselves when we're done with it
-    await conn.close()
-
-  return T(codecs: @[TestCodec], handler: handle)
+  return T.new(codecs = @[TestCodec], handler = handle)
 
 ##
 # Helper to create a switch/node
@@ -28,11 +33,16 @@ proc new(T: typedesc[TestProto]): T =
 proc createSwitch(ma: MultiAddress, rng: ref HmacDrbgContext): Switch =
   var switch = SwitchBuilder
     .new()
-    .withRng(rng)       # Give the application RNG
-    .withAddress(ma)    # Our local address(es)
-    .withTcpTransport() # Use TCP as transport
-    .withMplex()        # Use Mplex as muxer
-    .withNoise()        # Use Noise as secure manager
+    .withRng(rng)
+    # Give the application RNG
+    .withAddress(ma)
+    # Our local address(es)
+    .withTcpTransport()
+    # Use TCP as transport
+    .withMplex()
+    # Use Mplex as muxer
+    .withNoise()
+    # Use Noise as secure manager
     .build()
 
   result = switch
@@ -40,7 +50,7 @@ proc createSwitch(ma: MultiAddress, rng: ref HmacDrbgContext): Switch =
 ##
 # The actual application
 ##
-proc main() {.async, gcsafe.} =
+proc main() {.async.} =
   let
     rng = newRng() # Single random number source for the whole application
     # port 0 will take a random available port
@@ -73,7 +83,8 @@ proc main() {.async, gcsafe.} =
   # use the second node to dial the first node
   # using the first node peerid and address
   # and specify our custom protocol codec
-  let conn = await switch2.dial(switch1.peerInfo.peerId, switch1.peerInfo.addrs, TestCodec)
+  let conn =
+    await switch2.dial(switch1.peerInfo.peerId, switch1.peerInfo.addrs, TestCodec)
 
   # conn is now a fully setup connection, we talk directly to the node1 custom protocol handler
   await conn.writeLp("Hello p2p!") # writeLp send a length prefixed buffer over the wire
@@ -84,6 +95,7 @@ proc main() {.async, gcsafe.} =
   # We must close the connection ourselves when we're done with it
   await conn.close()
 
-  await allFutures(switch1.stop(), switch2.stop()) # close connections and shutdown all transports
+  await allFutures(switch1.stop(), switch2.stop())
+    # close connections and shutdown all transports
 
 waitFor(main())

examples/hexdump.nim

@@ -35,26 +35,24 @@ proc dumpHex*(pbytes: pointer, nbytes: int, items = 1, ascii = true): string =
   var asciiText = ""
   while i < nbytes:
     if i %% 16 == 0:
-      result = result & toHex(cast[BiggestInt](slider),
-                              sizeof(BiggestInt) * 2) & ":  "
+      result = result & toHex(cast[BiggestInt](slider), sizeof(BiggestInt) * 2) & ":  "
     var k = 0
     while k < items:
       var ch = cast[ptr char](cast[uint](slider) + k.uint)[]
-      if ord(ch) > 31 and ord(ch) < 127: asciiText &= ch else: asciiText &= "."
+      if ord(ch) > 31 and ord(ch) < 127:
+        asciiText &= ch
+      else:
+        asciiText &= "."
       inc(k)
-    case items:
+    case items
     of 1:
-      result = result & toHex(cast[BiggestInt](cast[ptr uint8](slider)[]),
-                              hexSize)
+      result = result & toHex(cast[BiggestInt](cast[ptr uint8](slider)[]), hexSize)
     of 2:
-      result = result & toHex(cast[BiggestInt](cast[ptr uint16](slider)[]),
-                              hexSize)
+      result = result & toHex(cast[BiggestInt](cast[ptr uint16](slider)[]), hexSize)
     of 4:
-      result = result & toHex(cast[BiggestInt](cast[ptr uint32](slider)[]),
-                              hexSize)
+      result = result & toHex(cast[BiggestInt](cast[ptr uint32](slider)[]), hexSize)
     of 8:
-      result = result & toHex(cast[BiggestInt](cast[ptr uint64](slider)[]),
-                              hexSize)
+      result = result & toHex(cast[BiggestInt](cast[ptr uint64](slider)[]), hexSize)
     else:
       raise newException(ValueError, "Wrong items size!")
     result = result & " "

examples/index.md

@@ -0,0 +1,6 @@
+# nim-libp2p documentation
+
+Welcome to the nim-libp2p documentation!
+
+Here, you'll find [tutorials](tutorial_1_connect.md) to help you get started, as well as 
+the [full reference](https://vacp2p.github.io/nim-libp2p/master/libp2p.html).

examples/tutorial_1_connect.nim

@@ -1,3 +1,4 @@
+{.used.}
 ## # Simple ping tutorial
 ##
 ## Hi all, welcome to the first nim-libp2p tutorial!
@@ -34,15 +35,20 @@ import libp2p/protocols/ping
 
 ## [chronos](https://github.com/status-im/nim-chronos) the asynchronous framework used by `nim-libp2p`
 ##
-## Next, we'll create an helper procedure to create our switches. A switch needs a bit of configuration, and it will be easier to do this configuration only once:
+## Next, we'll create a helper procedure to create our switches. A switch needs a bit of configuration, and it will be easier to do this configuration only once:
 proc createSwitch(ma: MultiAddress, rng: ref HmacDrbgContext): Switch =
   var switch = SwitchBuilder
     .new()
-    .withRng(rng)       # Give the application RNG
-    .withAddress(ma)    # Our local address(es)
-    .withTcpTransport() # Use TCP as transport
-    .withMplex()        # Use Mplex as muxer
-    .withNoise()        # Use Noise as secure manager
+    .withRng(rng)
+    # Give the application RNG
+    .withAddress(ma)
+    # Our local address(es)
+    .withTcpTransport()
+    # Use TCP as transport
+    .withMplex()
+    # Use Mplex as muxer
+    .withNoise()
+    # Use Noise as secure manager
     .build()
 
   return switch
@@ -53,11 +59,11 @@ proc createSwitch(ma: MultiAddress, rng: ref HmacDrbgContext): Switch =
 ##
 ##
 ## Let's now start to create our main procedure:
-proc main() {.async, gcsafe.} =
+proc main() {.async.} =
   let
     rng = newRng()
     localAddress = MultiAddress.init("/ip4/0.0.0.0/tcp/0").tryGet()
-    pingProtocol = Ping.new(rng=rng)
+    pingProtocol = Ping.new(rng = rng)
   ## We created some variables that we'll need for the rest of the application: the global `rng` instance, our `localAddress`, and an instance of the `Ping` protocol.
   ## The address is in the [MultiAddress](https://github.com/multiformats/multiaddr) format. The port `0` means "take any port available".
   ##
@@ -77,8 +83,9 @@ proc main() {.async, gcsafe.} =
   ## Now that we've started the nodes, they are listening for incoming peers.
   ## We can find out which port was attributed, and the resulting local addresses, by using `switch1.peerInfo.addrs`.
   ##
-  ## We'll **dial** the first switch from the second one, by specifying it's **Peer ID**, it's **MultiAddress** and the **`Ping` protocol codec**:
-  let conn = await switch2.dial(switch1.peerInfo.peerId, switch1.peerInfo.addrs, PingCodec)
+  ## We'll **dial** the first switch from the second one, by specifying its **Peer ID**, its **MultiAddress** and the **`Ping` protocol codec**:
+  let conn =
+    await switch2.dial(switch1.peerInfo.peerId, switch1.peerInfo.addrs, PingCodec)
   ## We now have a `Ping` connection setup between the second and the first switch, we can use it to actually ping the node:
   # ping the other node and echo the ping duration
   echo "ping: ", await pingProtocol.ping(conn)
@@ -86,7 +93,8 @@ proc main() {.async, gcsafe.} =
   # We must close the connection ourselves when we're done with it
   await conn.close()
   ## And that's it! Just a little bit of cleanup: shutting down the switches, waiting for them to stop, and we'll call our `main` procedure:
-  await allFutures(switch1.stop(), switch2.stop()) # close connections and shutdown all transports
+  await allFutures(switch1.stop(), switch2.stop())
+    # close connections and shutdown all transports
 
 waitFor(main())
 

examples/tutorial_2_customproto.nim

@@ -1,3 +1,4 @@
+{.used.}
 ## # Custom protocol in libp2p
 ##
 ## In the [previous tutorial](tutorial_1_connect.md), we've looked at how to create a simple ping program using the `nim-libp2p`.
@@ -18,21 +19,26 @@ type TestProto = ref object of LPProtocol
 
 ## We've set a [protocol ID](https://docs.libp2p.io/concepts/protocols/#protocol-ids), and created a custom `LPProtocol`. In a more complex protocol, we could use this structure to store interesting variables.
 ##
-## A protocol generally has two part: and handling/server part, and a dialing/client part.
-## Theses two parts can be identical, but in our trivial protocol, the server will wait for a message from the client, and the client will send a message, so we have to handle the two cases separately.
+## A protocol generally has two parts: a handling/server part, and a dialing/client part.
+## These two parts can be identical, but in our trivial protocol, the server will wait for a message from the client, and the client will send a message, so we have to handle the two cases separately.
 ##
 ## Let's start with the server part:
 
 proc new(T: typedesc[TestProto]): T =
   # every incoming connections will in be handled in this closure
-  proc handle(conn: Connection, proto: string) {.async, gcsafe.} =
+  proc handle(conn: Connection, proto: string) {.async: (raises: [CancelledError]).} =
     # Read up to 1024 bytes from this connection, and transform them into
     # a string
-    echo "Got from remote - ", string.fromBytes(await conn.readLp(1024))
-    # We must close the connections ourselves when we're done with it
-    await conn.close()
+    try:
+      echo "Got from remote - ", string.fromBytes(await conn.readLp(1024))
+    except CancelledError as e:
+      raise e
+    except CatchableError as e:
+      echo "exception in handler", e.msg
+    finally:
+      await conn.close()
 
-  return T(codecs: @[TestCodec], handler: handle)
+  return T.new(codecs = @[TestCodec], handler = handle)
 
 ## This is a constructor for our `TestProto`, that will specify our `codecs` and a `handler`, which will be called for each incoming peer asking for this protocol.
 ## In our handle, we simply read a message from the connection and `echo` it.
@@ -41,29 +47,31 @@ proc new(T: typedesc[TestProto]): T =
 proc hello(p: TestProto, conn: Connection) {.async.} =
   await conn.writeLp("Hello p2p!")
 
-## Again, pretty straight-forward, we just send a message on the connection.
+## Again, pretty straightforward, we just send a message on the connection.
 ##
 ## We can now create our main procedure:
-proc main() {.async, gcsafe.} =
+proc main() {.async.} =
   let
     rng = newRng()
     testProto = TestProto.new()
-    switch1 = newStandardSwitch(rng=rng)
-    switch2 = newStandardSwitch(rng=rng)
+    switch1 = newStandardSwitch(rng = rng)
+    switch2 = newStandardSwitch(rng = rng)
 
   switch1.mount(testProto)
 
   await switch1.start()
   await switch2.start()
 
-  let conn = await switch2.dial(switch1.peerInfo.peerId, switch1.peerInfo.addrs, TestCodec)
+  let conn =
+    await switch2.dial(switch1.peerInfo.peerId, switch1.peerInfo.addrs, TestCodec)
 
   await testProto.hello(conn)
 
   # We must close the connection ourselves when we're done with it
   await conn.close()
 
-  await allFutures(switch1.stop(), switch2.stop()) # close connections and shutdown all transports
+  await allFutures(switch1.stop(), switch2.stop())
+    # close connections and shutdown all transports
 
 ## This is very similar to the first tutorial's `main`, the only noteworthy difference is that we use `newStandardSwitch`, which is similar to the `createSwitch` of the first tutorial, but is bundled directly in libp2p
 ##

examples/tutorial_3_protobuf.nim

@@ -1,3 +1,4 @@
+{.used.}
 ## # Protobuf usage
 ##
 ## In the [previous tutorial](tutorial_2_customproto.md), we created a simple "ping" protocol.
@@ -57,8 +58,8 @@ proc decode(_: type Metric, buf: seq[byte]): Result[Metric, ProtoError] =
   #
   # We are just checking the error, and ignoring whether the value
   # is present or not (default values are valid).
-  discard ? pb.getField(1, res.name)
-  discard ? pb.getField(2, res.value)
+  discard ?pb.getField(1, res.name)
+  discard ?pb.getField(2, res.value)
   ok(res)
 
 proc encode(m: MetricList): ProtoBuffer =
@@ -72,10 +73,10 @@ proc decode(_: type MetricList, buf: seq[byte]): Result[MetricList, ProtoError]
     res: MetricList
     metrics: seq[seq[byte]]
   let pb = initProtoBuffer(buf)
-  discard ? pb.getRepeatedField(1, metrics)
+  discard ?pb.getRepeatedField(1, metrics)
 
   for metric in metrics:
-    res.metrics &= ? Metric.decode(metric)
+    res.metrics &= ?Metric.decode(metric)
   ok(res)
 
 ## ## Results instead of exceptions
@@ -102,21 +103,27 @@ proc decode(_: type MetricList, buf: seq[byte]): Result[MetricList, ProtoError]
 ## ## Creating the protocol
 ## We'll next create a protocol, like in the last tutorial, to request these metrics from our host
 type
-  MetricCallback = proc: Future[MetricList] {.raises: [], gcsafe.}
+  MetricCallback = proc(): Future[MetricList] {.raises: [], gcsafe.}
   MetricProto = ref object of LPProtocol
     metricGetter: MetricCallback
 
 proc new(_: typedesc[MetricProto], cb: MetricCallback): MetricProto =
-  let res = MetricProto(metricGetter: cb)
-  proc handle(conn: Connection, proto: string) {.async, gcsafe.} =
-    let
-      metrics = await res.metricGetter()
-      asProtobuf = metrics.encode()
-    await conn.writeLp(asProtobuf.buffer)
-    await conn.close()
+  var res: MetricProto
+  proc handle(conn: Connection, proto: string) {.async: (raises: [CancelledError]).} =
+    try:
+      let
+        metrics = await res.metricGetter()
+        asProtobuf = metrics.encode()
+      await conn.writeLp(asProtobuf.buffer)
+    except CancelledError as e:
+      raise e
+    except CatchableError as e:
+      echo "exception in handler", e.msg
+    finally:
+      await conn.close()
 
-  res.codecs = @["/metric-getter/1.0.0"]
-  res.handler = handle
+  res = MetricProto.new(@["/metric-getter/1.0.0"], handle)
+  res.metricGetter = cb
   return res
 
 proc fetch(p: MetricProto, conn: Connection): Future[MetricList] {.async.} =
@@ -126,21 +133,21 @@ proc fetch(p: MetricProto, conn: Connection): Future[MetricList] {.async.} =
   return MetricList.decode(protobuf).tryGet()
 
 ## We can now create our main procedure:
-proc main() {.async, gcsafe.} =
+proc main() {.async.} =
   let rng = newRng()
-  proc randomMetricGenerator: Future[MetricList] {.async.} =
+  proc randomMetricGenerator(): Future[MetricList] {.async.} =
     let metricCount = rng[].generate(uint32) mod 16
     for i in 0 ..< metricCount + 1:
-      result.metrics.add(Metric(
-        name: "metric_" & $i,
-        value: float(rng[].generate(uint16)) / 1000.0
-      ))
+      result.metrics.add(
+        Metric(name: "metric_" & $i, value: float(rng[].generate(uint16)) / 1000.0)
+      )
     return result
+
   let
     metricProto1 = MetricProto.new(randomMetricGenerator)
     metricProto2 = MetricProto.new(randomMetricGenerator)
-    switch1 = newStandardSwitch(rng=rng)
-    switch2 = newStandardSwitch(rng=rng)
+    switch1 = newStandardSwitch(rng = rng)
+    switch2 = newStandardSwitch(rng = rng)
 
   switch1.mount(metricProto1)
 
@@ -148,14 +155,17 @@ proc main() {.async, gcsafe.} =
   await switch2.start()
 
   let
-    conn = await switch2.dial(switch1.peerInfo.peerId, switch1.peerInfo.addrs, metricProto2.codecs)
+    conn = await switch2.dial(
+      switch1.peerInfo.peerId, switch1.peerInfo.addrs, metricProto2.codecs
+    )
     metrics = await metricProto2.fetch(conn)
   await conn.close()
 
   for metric in metrics.metrics:
     echo metric.name, " = ", metric.value
 
-  await allFutures(switch1.stop(), switch2.stop()) # close connections and shutdown all transports
+  await allFutures(switch1.stop(), switch2.stop())
+    # close connections and shutdown all transports
 
 waitFor(main())
 

examples/tutorial_4_gossipsub.nim

@@ -1,3 +1,4 @@
+{.used.}
 ## # GossipSub
 ##
 ## In this tutorial, we'll build a simple GossipSub network
@@ -7,7 +8,7 @@
 ## and allows to balance between latency, bandwidth usage,
 ## privacy and attack resistance.
 ##
-## You'll find a good explanation on how GossipSub works
+## You'll find a good explanation of how GossipSub works
 ## [here.](https://docs.libp2p.io/concepts/publish-subscribe/) There are a lot
 ## of parameters you can tweak to adjust how GossipSub behaves but here we'll
 ## use the sane defaults shipped with libp2p.
@@ -40,8 +41,8 @@ proc encode(m: Metric): ProtoBuffer =
 proc decode(_: type Metric, buf: seq[byte]): Result[Metric, ProtoError] =
   var res: Metric
   let pb = initProtoBuffer(buf)
-  discard ? pb.getField(1, res.name)
-  discard ? pb.getField(2, res.value)
+  discard ?pb.getField(1, res.name)
+  discard ?pb.getField(2, res.value)
   ok(res)
 
 proc encode(m: MetricList): ProtoBuffer =
@@ -56,11 +57,11 @@ proc decode(_: type MetricList, buf: seq[byte]): Result[MetricList, ProtoError]
     res: MetricList
     metrics: seq[seq[byte]]
   let pb = initProtoBuffer(buf)
-  discard ? pb.getRepeatedField(1, metrics)
+  discard ?pb.getRepeatedField(1, metrics)
 
   for metric in metrics:
-    res.metrics &= ? Metric.decode(metric)
-  ? pb.getRequiredField(2, res.hostname)
+    res.metrics &= ?Metric.decode(metric)
+  ?pb.getRequiredField(2, res.hostname)
   ok(res)
 
 ## This is exactly like the previous structure, except that we added
@@ -73,11 +74,13 @@ type Node = tuple[switch: Switch, gossip: GossipSub, hostname: string]
 
 proc oneNode(node: Node, rng: ref HmacDrbgContext) {.async.} =
   # This procedure will handle one of the node of the network
-  node.gossip.addValidator(["metrics"],
+  node.gossip.addValidator(
+    ["metrics"],
     proc(topic: string, message: Message): Future[ValidationResult] {.async.} =
       let decoded = MetricList.decode(message.data)
-      if decoded.isErr: return ValidationResult.Reject
-      return ValidationResult.Accept
+      if decoded.isErr:
+        return ValidationResult.Reject
+      return ValidationResult.Accept,
   )
   # This "validator" will attach to the `metrics` topic and make sure
   # that every message in this topic is valid. This allows us to stop
@@ -87,23 +90,25 @@ proc oneNode(node: Node, rng: ref HmacDrbgContext) {.async.} =
   # `John` will be responsible to log the metrics, the rest of the nodes
   # will just forward them in the network
   if node.hostname == "John":
-    node.gossip.subscribe("metrics",
-      proc (topic: string, data: seq[byte]) {.async.} =
-        echo MetricList.decode(data).tryGet()
+    node.gossip.subscribe(
+      "metrics",
+      proc(topic: string, data: seq[byte]) {.async.} =
+        let m = MetricList.decode(data).expect("metric can be decoded")
+        echo m
+      ,
     )
   else:
     node.gossip.subscribe("metrics", nil)
 
   # Create random metrics 10 times and broadcast them
-  for _ in 0..<10:
+  for _ in 0 ..< 10:
     await sleepAsync(500.milliseconds)
     var metricList = MetricList(hostname: node.hostname)
     let metricCount = rng[].generate(uint32) mod 4
     for i in 0 ..< metricCount + 1:
-      metricList.metrics.add(Metric(
-        name: "metric_" & $i,
-        value: float(rng[].generate(uint16)) / 1000.0
-      ))
+      metricList.metrics.add(
+        Metric(name: "metric_" & $i, value: float(rng[].generate(uint16)) / 1000.0)
+      )
 
     discard await node.gossip.publish("metrics", encode(metricList).buffer)
   await node.switch.stop()
@@ -111,13 +116,13 @@ proc oneNode(node: Node, rng: ref HmacDrbgContext) {.async.} =
 ## For our main procedure, we'll create a few nodes, and connect them together.
 ## Note that they are not all interconnected, but GossipSub will take care of
 ## broadcasting to the full network nonetheless.
-proc main {.async.} =
+proc main() {.async.} =
   let rng = newRng()
   var nodes: seq[Node]
 
   for hostname in ["John", "Walter", "David", "Thuy", "Amy"]:
     let
-      switch = newStandardSwitch(rng=rng)
+      switch = newStandardSwitch(rng = rng)
       gossip = GossipSub.init(switch = switch, triggerSelf = true)
     switch.mount(gossip)
     await switch.start()
@@ -127,11 +132,12 @@ proc main {.async.} =
   for index, node in nodes:
     # Connect to a few neighbors
     for otherNodeIdx in index - 1 .. index + 2:
-      if otherNodeIdx notin 0 ..< nodes.len or otherNodeIdx == index: continue
+      if otherNodeIdx notin 0 ..< nodes.len or otherNodeIdx == index:
+        continue
       let otherNode = nodes[otherNodeIdx]
       await node.switch.connect(
-        otherNode.switch.peerInfo.peerId,
-        otherNode.switch.peerInfo.addrs)
+        otherNode.switch.peerInfo.peerId, otherNode.switch.peerInfo.addrs
+      )
 
   var allFuts: seq[Future[void]]
   for node in nodes:
@@ -153,8 +159,8 @@ waitFor(main())
 ## This is John receiving & logging everyone's metrics.
 ##
 ## ## Going further
-## Building efficient & safe GossipSub networks is a tricky subject. By tweaking the [gossip params](https://status-im.github.io/nim-libp2p/master/libp2p/protocols/pubsub/gossipsub/types.html#GossipSubParams)
-## and [topic params](https://status-im.github.io/nim-libp2p/master/libp2p/protocols/pubsub/gossipsub/types.html#TopicParams),
+## Building efficient & safe GossipSub networks is a tricky subject. By tweaking the [gossip params](https://vacp2p.github.io/nim-libp2p/master/libp2p/protocols/pubsub/gossipsub/types.html#GossipSubParams)
+## and [topic params](https://vacp2p.github.io/nim-libp2p/master/libp2p/protocols/pubsub/gossipsub/types.html#TopicParams),
 ## you can achieve very different properties.
 ##
 ## Also see reports for [GossipSub v1.1](https://gateway.ipfs.io/ipfs/QmRAFP5DBnvNjdYSbWhEhVRJJDFCLpPyvew5GwCCB4VxM4)

examples/tutorial_5_discovery.nim

@@ -1,8 +1,9 @@
+{.used.}
 ## # Discovery Manager
 ##
 ## In the [previous tutorial](tutorial_4_gossipsub.md), we built a custom protocol using [protobuf](https://developers.google.com/protocol-buffers) and
 ## spread informations (some metrics) on the network using gossipsub.
-## For this tutorial, on the other hand, we'll go back on a simple example
+## For this tutorial, on the other hand, we'll go back to a simple example
 ## we'll try to discover a specific peers to greet on the network.
 ##
 ## First, as usual, we import the dependencies:
@@ -20,23 +21,31 @@ import libp2p/discovery/discoverymngr
 ##
 ## Note that other discovery methods such as [Kademlia](https://github.com/libp2p/specs/blob/master/kad-dht/README.md) or [discv5](https://github.com/ethereum/devp2p/blob/master/discv5/discv5.md) exist.
 proc createSwitch(rdv: RendezVous = RendezVous.new()): Switch =
-  SwitchBuilder.new()
-    .withRng(newRng())
-    .withAddresses(@[ MultiAddress.init("/ip4/0.0.0.0/tcp/0").tryGet() ])
-    .withTcpTransport()
-    .withYamux()
-    .withNoise()
-    .withRendezVous(rdv)
-    .build()
+  SwitchBuilder
+  .new()
+  .withRng(newRng())
+  .withAddresses(@[MultiAddress.init("/ip4/0.0.0.0/tcp/0").tryGet()])
+  .withTcpTransport()
+  .withYamux()
+  .withNoise()
+  .withRendezVous(rdv)
+  .build()
 
 # Create a really simple protocol to log one message received then close the stream
 const DumbCodec = "/dumb/proto/1.0.0"
 type DumbProto = ref object of LPProtocol
 proc new(T: typedesc[DumbProto], nodeNumber: int): T =
-  proc handle(conn: Connection, proto: string) {.async, gcsafe.} =
-    echo "Node", nodeNumber, " received: ", string.fromBytes(await conn.readLp(1024))
-    await conn.close()
-  return T(codecs: @[DumbCodec], handler: handle)
+  proc handle(conn: Connection, proto: string) {.async: (raises: [CancelledError]).} =
+    try:
+      echo "Node", nodeNumber, " received: ", string.fromBytes(await conn.readLp(1024))
+    except CancelledError as e:
+      raise e
+    except CatchableError as e:
+      echo "exception in handler", e.msg
+    finally:
+      await conn.close()
+
+  return T.new(codecs = @[DumbCodec], handler = handle)
 
 ## ## Bootnodes
 ## The first time a p2p program is ran, he needs to know how to join
@@ -49,7 +58,7 @@ proc new(T: typedesc[DumbProto], nodeNumber: int): T =
 ## (rendezvous in this case) as a bootnode. For this example, we'll
 ## create a bootnode, and then every peer will advertise itself on the
 ## bootnode, and use it to find other peers
-proc main() {.async, gcsafe.} =
+proc main() {.async.} =
   let bootNode = createSwitch()
   await bootNode.start()
 
@@ -58,7 +67,7 @@ proc main() {.async, gcsafe.} =
     switches: seq[Switch] = @[]
     discManagers: seq[DiscoveryManager] = @[]
 
-  for i in 0..5:
+  for i in 0 .. 5:
     let rdv = RendezVous.new()
     # Create a remote future to await at the end of the program
     let switch = createSwitch(rdv)
@@ -93,7 +102,7 @@ proc main() {.async, gcsafe.} =
 
   # Use the discovery manager to find peers on the OddClub topic to greet them
   let queryOddClub = dm.request(RdvNamespace("OddClub"))
-  for _ in 0..2:
+  for _ in 0 .. 2:
     let
       # getPeer give you a PeerAttribute containing informations about the peer.
       res = await queryOddClub.getPeer()
@@ -109,7 +118,7 @@ proc main() {.async, gcsafe.} =
 
   # Maybe it was because he wanted to join the EvenGang
   let queryEvenGang = dm.request(RdvNamespace("EvenGang"))
-  for _ in 0..2:
+  for _ in 0 .. 2:
     let
       res = await queryEvenGang.getPeer()
       conn = await newcomer.dial(res[PeerId], res.getAll(MultiAddress), DumbCodec)

examples/tutorial_6_game.nim

@@ -1,3 +1,4 @@
+{.used.}
 ## # Tron example
 ##
 ## In this tutorial, we will create a video game based on libp2p, using
@@ -51,7 +52,7 @@ proc new(_: type[Game]): Game =
     tickTime: -3.0, # 3 seconds of "warm-up" time
     localPlayer: Player(x: 4, y: 16, currentDir: 3, nextDir: 3, color: 8),
     remotePlayer: Player(x: 27, y: 16, currentDir: 1, nextDir: 1, color: 12),
-    peerFound: newFuture[Connection]()
+    peerFound: newFuture[Connection](),
   )
   for pos in 0 .. result.gameMap.high:
     if pos mod mapSize in [0, mapSize - 1] or pos div mapSize in [0, mapSize - 1]:
@@ -81,7 +82,8 @@ proc update(g: Game, dt: float32) =
   # This is a hacky way to make this happen
   waitFor(sleepAsync(1.milliseconds))
   # Don't do anything if we are still waiting for an opponent
-  if not(g.peerFound.finished()) or isNil(g.tickFinished): return
+  if not (g.peerFound.finished()) or isNil(g.tickFinished):
+    return
   g.tickTime += dt
 
   # Update the wanted direction, making sure we can't go backward
@@ -98,7 +100,8 @@ proc tick(g: Game, p: Player) =
   # Move player and check if he lost
   p.x += directions[p.currentDir][1]
   p.y += directions[p.currentDir][2]
-  if g.gameMap[p.y * mapSize + p.x] != 0: p.lost = true
+  if g.gameMap[p.y * mapSize + p.x] != 0:
+    p.lost = true
   g.gameMap[p.y * mapSize + p.x] = p.color
 
 proc mainLoop(g: Game, peer: Connection) {.async.} =
@@ -123,16 +126,23 @@ proc draw(g: Game) =
   for pos, color in g.gameMap:
     setColor(color)
     boxFill(pos mod 32 * 4, pos div 32 * 4, 4, 4)
-  let text = if not(g.peerFound.finished()): "Matchmaking.."
-             elif g.tickTime < -1.5: "Welcome to Etron"
-             elif g.tickTime < 0.0: "- " & $(int(abs(g.tickTime) / 0.5) + 1) & " -"
-             elif g.remotePlayer.lost and g.localPlayer.lost: "DEUCE"
-             elif g.localPlayer.lost: "YOU LOOSE"
-             elif g.remotePlayer.lost: "YOU WON"
-             else: ""
+  let text =
+    if not (g.peerFound.finished()):
+      "Matchmaking.."
+    elif g.tickTime < -1.5:
+      "Welcome to Etron"
+    elif g.tickTime < 0.0:
+      "- " & $(int(abs(g.tickTime) / 0.5) + 1) & " -"
+    elif g.remotePlayer.lost and g.localPlayer.lost:
+      "DEUCE"
+    elif g.localPlayer.lost:
+      "YOU LOOSE"
+    elif g.remotePlayer.lost:
+      "YOU WON"
+    else:
+      ""
   printc(text, screenWidth div 2, screenHeight div 2)
 
-
 ## ## Matchmaking
 ## To find an opponent, we will broadcast our address on a
 ## GossipSub topic, and wait for someone to connect to us.
@@ -143,30 +153,38 @@ proc draw(g: Game) =
 ## peer know that we are available, check that he is also available,
 ## and launch the game.
 proc new(T: typedesc[GameProto], g: Game): T =
-  proc handle(conn: Connection, proto: string) {.async, gcsafe.} =
-    defer: await conn.closeWithEof()
-    if g.peerFound.finished or g.hasCandidate:
-      await conn.close()
-      return
-    g.hasCandidate = true
-    await conn.writeLp("ok")
-    if "ok" != string.fromBytes(await conn.readLp(1024)):
-      g.hasCandidate = false
-      return
-    g.peerFound.complete(conn)
-    # The handler of a protocol must wait for the stream to
-    # be finished before returning
-    await conn.join()
-  return T(codecs: @["/tron/1.0.0"], handler: handle)
+  proc handle(conn: Connection, proto: string) {.async: (raises: [CancelledError]).} =
+    defer:
+      await conn.closeWithEof()
+    try:
+      if g.peerFound.finished or g.hasCandidate:
+        await conn.close()
+        return
+      g.hasCandidate = true
+      await conn.writeLp("ok")
+      if "ok" != string.fromBytes(await conn.readLp(1024)):
+        g.hasCandidate = false
+        return
+      g.peerFound.complete(conn)
+      # The handler of a protocol must wait for the stream to
+      # be finished before returning
+      await conn.join()
+    except CancelledError as e:
+      raise e
+    except CatchableError as e:
+      echo "exception in handler", e.msg
+
+  return T.new(codecs = @["/tron/1.0.0"], handler = handle)
 
 proc networking(g: Game) {.async.} =
   # Create our switch, similar to the GossipSub example and
   # the Discovery examples combined
   let
     rdv = RendezVous.new()
-    switch = SwitchBuilder.new()
+    switch = SwitchBuilder
+      .new()
       .withRng(newRng())
-      .withAddresses(@[ MultiAddress.init("/ip4/0.0.0.0/tcp/0").tryGet() ])
+      .withAddresses(@[MultiAddress.init("/ip4/0.0.0.0/tcp/0").tryGet()])
       .withTcpTransport()
       .withYamux()
       .withNoise()
@@ -174,9 +192,7 @@ proc networking(g: Game) {.async.} =
       .build()
     dm = DiscoveryManager()
     gameProto = GameProto.new(g)
-    gossip = GossipSub.init(
-      switch = switch,
-      triggerSelf = false)
+    gossip = GossipSub.init(switch = switch, triggerSelf = false)
   dm.add(RendezVousInterface.new(rdv))
 
   switch.mount(gossip)
@@ -184,10 +200,11 @@ proc networking(g: Game) {.async.} =
 
   gossip.subscribe(
     "/tron/matchmaking",
-    proc (topic: string, data: seq[byte]) {.async.} =
+    proc(topic: string, data: seq[byte]) {.async.} =
       # If we are still looking for an opponent,
-      # try to match anyone broadcasting it's address
-      if g.peerFound.finished or g.hasCandidate: return
+      # try to match anyone broadcasting its address
+      if g.peerFound.finished or g.hasCandidate:
+        return
       g.hasCandidate = true
 
       try:
@@ -203,11 +220,12 @@ proc networking(g: Game) {.async.} =
         # We are "player 2"
         swap(g.localPlayer, g.remotePlayer)
       except CatchableError as exc:
-        discard
+        discard,
   )
 
   await switch.start()
-  defer: await switch.stop()
+  defer:
+    await switch.stop()
 
   # As explained in the last tutorial, we need a bootnode to be able
   # to find peers. We could use any libp2p running rendezvous (or any
@@ -243,7 +261,8 @@ proc networking(g: Game) {.async.} =
 
   # We now wait for someone to connect to us (or for us to connect to someone)
   let peerConn = await g.peerFound
-  defer: await peerConn.closeWithEof()
+  defer:
+    await peerConn.closeWithEof()
 
   await g.mainLoop(peerConn)
 
@@ -252,7 +271,14 @@ let
   netFut = networking(game)
 nico.init("Status", "Tron")
 nico.createWindow("Tron", mapSize * 4, mapSize * 4, 4, false)
-nico.run(proc = discard, proc(dt: float32) = game.update(dt), proc = game.draw())
+nico.run(
+  proc() =
+    discard,
+  proc(dt: float32) =
+    game.update(dt),
+  proc() =
+    game.draw(),
+)
 waitFor(netFut.cancelAndWait())
 
 ## And that's it! If you want to run this code locally, the simplest way is to use the

flake.lock

@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1752620740,
+        "narHash": "sha256-f3pO+9lg66mV7IMmmIqG4PL3223TYMlnlw+pnpelbss=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "32a4e87942101f1c9f9865e04dc3ddb175f5f32e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,34 @@
+{
+  description = "nim-libp2p dev shell flake";
+
+  nixConfig = {
+    extra-substituters = [ "https://nix-cache.status.im/" ];
+    extra-trusted-public-keys = [ "nix-cache.status.im-1:x/93lOfLU+duPplwMSBR+OlY4+mo+dCN7n0mr4oPwgY=" ];
+  };
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
+  };
+
+  outputs = { self, nixpkgs }:
+    let
+      stableSystems = [
+        "x86_64-linux" "aarch64-linux" "armv7a-linux"
+        "x86_64-darwin" "aarch64-darwin"
+        "x86_64-windows"
+      ];
+      forEach = nixpkgs.lib.genAttrs;
+      forAllSystems = forEach stableSystems;
+      pkgsFor = forEach stableSystems (
+        system: import nixpkgs { inherit system; }
+      );
+    in rec {
+      devShells = forAllSystems (system: {
+        default = pkgsFor.${system}.mkShell {
+          nativeBuildInputs = with pkgsFor.${system}; [
+            nim-2_2 nimble openssl.dev
+          ];
+        };
+      });
+    };
+}

funding.json

@@ -0,0 +1,5 @@
+{
+  "opRetro": {
+    "projectId": "0xc9561ba3e4eca5483b40f8b1a254a73c91fefe4f8aee32dc20c0d96dcf33fe80"
+  }
+}

interop/autonatv2/go-peer/disable-filtering-of-private-ip-addresses.patch

@@ -0,0 +1,76 @@
+From 29bac4cd8f28abfb9efb481d800b7c2e855d9b03 Mon Sep 17 00:00:00 2001
+From: Gabriel Cruz <gabe@gmelodie.com>
+Date: Wed, 17 Sep 2025 10:42:14 -0300
+Subject: [PATCH] disable filtering of private ip addresses
+
+---
+ p2p/protocol/autonatv2/autonat.go | 24 +-----------------------
+ p2p/protocol/autonatv2/server.go  |  9 ++++++---
+ 2 files changed, 7 insertions(+), 26 deletions(-)
+
+diff --git a/p2p/protocol/autonatv2/autonat.go b/p2p/protocol/autonatv2/autonat.go
+index 24883052..00a6211f 100644
+--- a/p2p/protocol/autonatv2/autonat.go
++++ b/p2p/protocol/autonatv2/autonat.go
+@@ -16,7 +16,6 @@ import (
+ 	"github.com/libp2p/go-libp2p/core/peer"
+ 	logging "github.com/libp2p/go-libp2p/gologshim"
+ 	ma "github.com/multiformats/go-multiaddr"
+-	manet "github.com/multiformats/go-multiaddr/net"
+ )
+ 
+ const (
+@@ -180,21 +179,7 @@ func (an *AutoNAT) Close() {
+ // GetReachability makes a single dial request for checking reachability for requested addresses
+ func (an *AutoNAT) GetReachability(ctx context.Context, reqs []Request) (Result, error) {
+ 	var filteredReqs []Request
+-	if !an.allowPrivateAddrs {
+-		filteredReqs = make([]Request, 0, len(reqs))
+-		for _, r := range reqs {
+-			if manet.IsPublicAddr(r.Addr) {
+-				filteredReqs = append(filteredReqs, r)
+-			} else {
+-				log.Error("private address in reachability check", "address", r.Addr)
+-			}
+-		}
+-		if len(filteredReqs) == 0 {
+-			return Result{}, ErrPrivateAddrs
+-		}
+-	} else {
+-		filteredReqs = reqs
+-	}
++	filteredReqs = reqs
+ 	an.mx.Lock()
+ 	now := time.Now()
+ 	var p peer.ID
+@@ -215,13 +200,6 @@ func (an *AutoNAT) GetReachability(ctx context.Context, reqs []Request) (Result,
+ 		log.Debug("reachability check failed", "peer", p, "err", err)
+ 		return res, fmt.Errorf("reachability check with %s failed: %w", p, err)
+ 	}
+-	// restore the correct index in case we'd filtered private addresses
+-	for i, r := range reqs {
+-		if r.Addr.Equal(res.Addr) {
+-			res.Idx = i
+-			break
+-		}
+-	}
+ 	log.Debug("reachability check successful", "peer", p)
+ 	return res, nil
+ }
+diff --git a/p2p/protocol/autonatv2/server.go b/p2p/protocol/autonatv2/server.go
+index 167d3d8e..e6d1e492 100644
+--- a/p2p/protocol/autonatv2/server.go
++++ b/p2p/protocol/autonatv2/server.go
+@@ -196,9 +197,6 @@ func (as *server) serveDialRequest(s network.Stream) EventDialRequestCompleted {
+ 		if err != nil {
+ 			continue
+ 		}
+-		if !as.allowPrivateAddrs && !manet.IsPublicAddr(a) {
+-			continue
+-		}
+ 		if !as.dialerHost.Network().CanDial(p, a) {
+ 			continue
+ 		}
+-- 
+2.51.0
+

interop/autonatv2/go-peer/go.mod

@@ -0,0 +1,97 @@
+module go-peer
+
+go 1.25.1
+
+require github.com/libp2p/go-libp2p v0.43.0
+replace github.com/libp2p/go-libp2p => ./go-libp2p
+
+require (
+	github.com/benbjohnson/clock v1.3.5 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
+	github.com/flynn/noise v1.1.0 // indirect
+	github.com/francoispqt/gojay v1.2.13 // indirect
+	github.com/google/gopacket v1.1.19 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/gorilla/websocket v1.5.3 // indirect
+	github.com/huin/goupnp v1.3.0 // indirect
+	github.com/ipfs/go-cid v0.5.0 // indirect
+	github.com/ipfs/go-log/v2 v2.6.0 // indirect
+	github.com/jackpal/go-nat-pmp v1.0.2 // indirect
+	github.com/jbenet/go-temp-err-catcher v0.1.0 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
+	github.com/koron/go-ssdp v0.0.6 // indirect
+	github.com/libp2p/go-buffer-pool v0.1.0 // indirect
+	github.com/libp2p/go-flow-metrics v0.2.0 // indirect
+	github.com/libp2p/go-libp2p-asn-util v0.4.1 // indirect
+	github.com/libp2p/go-msgio v0.3.0 // indirect
+	github.com/libp2p/go-netroute v0.2.2 // indirect
+	github.com/libp2p/go-reuseport v0.4.0 // indirect
+	github.com/libp2p/go-yamux/v5 v5.0.1 // indirect
+	github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/miekg/dns v1.1.66 // indirect
+	github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b // indirect
+	github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc // indirect
+	github.com/minio/sha256-simd v1.0.1 // indirect
+	github.com/mr-tron/base58 v1.2.0 // indirect
+	github.com/multiformats/go-base32 v0.1.0 // indirect
+	github.com/multiformats/go-base36 v0.2.0 // indirect
+	github.com/multiformats/go-multiaddr v0.16.0 // indirect
+	github.com/multiformats/go-multiaddr-dns v0.4.1 // indirect
+	github.com/multiformats/go-multiaddr-fmt v0.1.0 // indirect
+	github.com/multiformats/go-multibase v0.2.0 // indirect
+	github.com/multiformats/go-multicodec v0.9.1 // indirect
+	github.com/multiformats/go-multihash v0.2.3 // indirect
+	github.com/multiformats/go-multistream v0.6.1 // indirect
+	github.com/multiformats/go-varint v0.0.7 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect
+	github.com/pion/datachannel v1.5.10 // indirect
+	github.com/pion/dtls/v2 v2.2.12 // indirect
+	github.com/pion/dtls/v3 v3.0.6 // indirect
+	github.com/pion/ice/v4 v4.0.10 // indirect
+	github.com/pion/interceptor v0.1.40 // indirect
+	github.com/pion/logging v0.2.3 // indirect
+	github.com/pion/mdns/v2 v2.0.7 // indirect
+	github.com/pion/randutil v0.1.0 // indirect
+	github.com/pion/rtcp v1.2.15 // indirect
+	github.com/pion/rtp v1.8.19 // indirect
+	github.com/pion/sctp v1.8.39 // indirect
+	github.com/pion/sdp/v3 v3.0.13 // indirect
+	github.com/pion/srtp/v3 v3.0.6 // indirect
+	github.com/pion/stun v0.6.1 // indirect
+	github.com/pion/stun/v3 v3.0.0 // indirect
+	github.com/pion/transport/v2 v2.2.10 // indirect
+	github.com/pion/transport/v3 v3.0.7 // indirect
+	github.com/pion/turn/v4 v4.0.2 // indirect
+	github.com/pion/webrtc/v4 v4.1.2 // indirect
+	github.com/prometheus/client_golang v1.22.0 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
+	github.com/prometheus/common v0.64.0 // indirect
+	github.com/prometheus/procfs v0.16.1 // indirect
+	github.com/quic-go/qpack v0.5.1 // indirect
+	github.com/quic-go/quic-go v0.54.0 // indirect
+	github.com/quic-go/webtransport-go v0.9.0 // indirect
+	github.com/spaolacci/murmur3 v1.1.0 // indirect
+	github.com/wlynxg/anet v0.0.5 // indirect
+	go.uber.org/dig v1.19.0 // indirect
+	go.uber.org/fx v1.24.0 // indirect
+	go.uber.org/mock v0.5.2 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/crypto v0.39.0 // indirect
+	golang.org/x/exp v0.0.0-20250606033433-dcc06ee1d476 // indirect
+	golang.org/x/mod v0.25.0 // indirect
+	golang.org/x/net v0.41.0 // indirect
+	golang.org/x/sync v0.15.0 // indirect
+	golang.org/x/sys v0.33.0 // indirect
+	golang.org/x/text v0.26.0 // indirect
+	golang.org/x/time v0.12.0 // indirect
+	golang.org/x/tools v0.34.0 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
+	lukechampine.com/blake3 v1.4.1 // indirect
+)

interop/autonatv2/go-peer/go.sum

@@ -0,0 +1,441 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.37.0/go.mod h1:TS1dMSSfndXH133OKGwekG838Om/cQT0BUHV3HcBgoo=
+dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU=
+dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU=
+dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4=
+dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU=
+git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
+github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o=
+github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
+github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c h1:pFUpOrbxDR6AkioZ1ySsx5yxlDQZ8stG2b88gTPxgJU=
+github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c/go.mod h1:6UhI8N9EjYm1c2odKpFpAYeR8dsBeM7PtzQhRgxRr9U=
+github.com/decred/dcrd/crypto/blake256 v1.1.0 h1:zPMNGQCm0g4QTY27fOCorQW7EryeQ/U0x++OzVrdms8=
+github.com/decred/dcrd/crypto/blake256 v1.1.0/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 h1:NMZiJj8QnKe1LgsbDayM4UoHwbvwDRwnI3hwNaAHRnc=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0/go.mod h1:ZXNYxsqcloTdSy/rNShjYzMhyjf0LaoftYK0p+A3h40=
+github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
+github.com/flynn/noise v1.1.0 h1:KjPQoQCEFdZDiP03phOvGi11+SVVhBG2wOWAorLsstg=
+github.com/flynn/noise v1.1.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag=
+github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk=
+github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
+github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
+github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
+github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
+github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
+github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
+github.com/huin/goupnp v1.3.0 h1:UvLUlWDNpoUdYzb2TCn+MuTWtcjXKSza2n6CBdQ0xXc=
+github.com/huin/goupnp v1.3.0/go.mod h1:gnGPsThkYa7bFi/KWmEysQRf48l2dvR5bxr2OFckNX8=
+github.com/ipfs/go-cid v0.5.0 h1:goEKKhaGm0ul11IHA7I6p1GmKz8kEYniqFopaB5Otwg=
+github.com/ipfs/go-cid v0.5.0/go.mod h1:0L7vmeNXpQpUS9vt+yEARkJ8rOg43DF3iPgn4GIN0mk=
+github.com/ipfs/go-log/v2 v2.6.0 h1:2Nu1KKQQ2ayonKp4MPo6pXCjqw1ULc9iohRqWV5EYqg=
+github.com/ipfs/go-log/v2 v2.6.0/go.mod h1:p+Efr3qaY5YXpx9TX7MoLCSEZX5boSWj9wh86P5HJa8=
+github.com/jackpal/go-nat-pmp v1.0.2 h1:KzKSgb7qkJvOUTqYl9/Hg/me3pWgBmERKrTGD7BdWus=
+github.com/jackpal/go-nat-pmp v1.0.2/go.mod h1:QPH045xvCAeXUZOxsnwmrtiCoxIr9eob+4orBN1SBKc=
+github.com/jbenet/go-temp-err-catcher v0.1.0 h1:zpb3ZH6wIE8Shj2sKS+khgRvf7T7RABoLk/+KKHggpk=
+github.com/jbenet/go-temp-err-catcher v0.1.0/go.mod h1:0kJRvmDZXNMIiJirNPEYfhpPwbGVtZVWC34vc5WLsDk=
+github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
+github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
+github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/koron/go-ssdp v0.0.6 h1:Jb0h04599eq/CY7rB5YEqPS83HmRfHP2azkxMN2rFtU=
+github.com/koron/go-ssdp v0.0.6/go.mod h1:0R9LfRJGek1zWTjN3JUNlm5INCDYGpRDfAptnct63fI=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/libp2p/go-buffer-pool v0.1.0 h1:oK4mSFcQz7cTQIfqbe4MIj9gLW+mnanjyFtc6cdF0Y8=
+github.com/libp2p/go-buffer-pool v0.1.0/go.mod h1:N+vh8gMqimBzdKkSMVuydVDq+UV5QTWy5HSiZacSbPg=
+github.com/libp2p/go-flow-metrics v0.2.0 h1:EIZzjmeOE6c8Dav0sNv35vhZxATIXWZg6j/C08XmmDw=
+github.com/libp2p/go-flow-metrics v0.2.0/go.mod h1:st3qqfu8+pMfh+9Mzqb2GTiwrAGjIPszEjZmtksN8Jc=
+github.com/libp2p/go-libp2p v0.43.0 h1:b2bg2cRNmY4HpLK8VHYQXLX2d3iND95OjodLFymvqXU=
+github.com/libp2p/go-libp2p v0.43.0/go.mod h1:IiSqAXDyP2sWH+J2gs43pNmB/y4FOi2XQPbsb+8qvzc=
+github.com/libp2p/go-libp2p-asn-util v0.4.1 h1:xqL7++IKD9TBFMgnLPZR6/6iYhawHKHl950SO9L6n94=
+github.com/libp2p/go-libp2p-asn-util v0.4.1/go.mod h1:d/NI6XZ9qxw67b4e+NgpQexCIiFYJjErASrYW4PFDN8=
+github.com/libp2p/go-libp2p-testing v0.12.0 h1:EPvBb4kKMWO29qP4mZGyhVzUyR25dvfUIK5WDu6iPUA=
+github.com/libp2p/go-libp2p-testing v0.12.0/go.mod h1:KcGDRXyN7sQCllucn1cOOS+Dmm7ujhfEyXQL5lvkcPg=
+github.com/libp2p/go-msgio v0.3.0 h1:mf3Z8B1xcFN314sWX+2vOTShIE0Mmn2TXn3YCUQGNj0=
+github.com/libp2p/go-msgio v0.3.0/go.mod h1:nyRM819GmVaF9LX3l03RMh10QdOroF++NBbxAb0mmDM=
+github.com/libp2p/go-netroute v0.2.2 h1:Dejd8cQ47Qx2kRABg6lPwknU7+nBnFRpko45/fFPuZ8=
+github.com/libp2p/go-netroute v0.2.2/go.mod h1:Rntq6jUAH0l9Gg17w5bFGhcC9a+vk4KNXs6s7IljKYE=
+github.com/libp2p/go-reuseport v0.4.0 h1:nR5KU7hD0WxXCJbmw7r2rhRYruNRl2koHw8fQscQm2s=
+github.com/libp2p/go-reuseport v0.4.0/go.mod h1:ZtI03j/wO5hZVDFo2jKywN6bYKWLOy8Se6DrI2E1cLU=
+github.com/libp2p/go-yamux/v5 v5.0.1 h1:f0WoX/bEF2E8SbE4c/k1Mo+/9z0O4oC/hWEA+nfYRSg=
+github.com/libp2p/go-yamux/v5 v5.0.1/go.mod h1:en+3cdX51U0ZslwRdRLrvQsdayFt3TSUKvBGErzpWbU=
+github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
+github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd h1:br0buuQ854V8u83wA0rVZ8ttrq5CpaPZdvrK0LP2lOk=
+github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd/go.mod h1:QuCEs1Nt24+FYQEqAAncTDPJIuGs+LxK1MCiFL25pMU=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
+github.com/miekg/dns v1.1.66 h1:FeZXOS3VCVsKnEAd+wBkjMC3D2K+ww66Cq3VnCINuJE=
+github.com/miekg/dns v1.1.66/go.mod h1:jGFzBsSNbJw6z1HYut1RKBKHA9PBdxeHrZG8J+gC2WE=
+github.com/mikioh/tcp v0.0.0-20190314235350-803a9b46060c h1:bzE/A84HN25pxAuk9Eej1Kz9OUelF97nAc82bDquQI8=
+github.com/mikioh/tcp v0.0.0-20190314235350-803a9b46060c/go.mod h1:0SQS9kMwD2VsyFEB++InYyBJroV/FRmBgcydeSUcJms=
+github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b h1:z78hV3sbSMAUoyUMM0I83AUIT6Hu17AWfgjzIbtrYFc=
+github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b/go.mod h1:lxPUiZwKoFL8DUUmalo2yJJUCxbPKtm8OKfqr2/FTNU=
+github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc h1:PTfri+PuQmWDqERdnNMiD9ZejrlswWrCpBEZgWOiTrc=
+github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc/go.mod h1:cGKTAVKx4SxOuR/czcZ/E2RSJ3sfHs8FpHhQ5CWMf9s=
+github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1/go.mod h1:pD8RvIylQ358TN4wwqatJ8rNavkEINozVn9DtGI3dfQ=
+github.com/minio/sha256-simd v0.1.1-0.20190913151208-6de447530771/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM=
+github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM=
+github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/mr-tron/base58 v1.1.2/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
+github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o=
+github.com/mr-tron/base58 v1.2.0/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
+github.com/multiformats/go-base32 v0.1.0 h1:pVx9xoSPqEIQG8o+UbAe7DNi51oej1NtK+aGkbLYxPE=
+github.com/multiformats/go-base32 v0.1.0/go.mod h1:Kj3tFY6zNr+ABYMqeUNeGvkIC/UYgtWibDcT0rExnbI=
+github.com/multiformats/go-base36 v0.2.0 h1:lFsAbNOGeKtuKozrtBsAkSVhv1p9D0/qedU9rQyccr0=
+github.com/multiformats/go-base36 v0.2.0/go.mod h1:qvnKE++v+2MWCfePClUEjE78Z7P2a1UV0xHgWc0hkp4=
+github.com/multiformats/go-multiaddr v0.1.1/go.mod h1:aMKBKNEYmzmDmxfX88/vz+J5IU55txyt0p4aiWVohjo=
+github.com/multiformats/go-multiaddr v0.16.0 h1:oGWEVKioVQcdIOBlYM8BH1rZDWOGJSqr9/BKl6zQ4qc=
+github.com/multiformats/go-multiaddr v0.16.0/go.mod h1:JSVUmXDjsVFiW7RjIFMP7+Ev+h1DTbiJgVeTV/tcmP0=
+github.com/multiformats/go-multiaddr-dns v0.4.1 h1:whi/uCLbDS3mSEUMb1MsoT4uzUeZB0N32yzufqS0i5M=
+github.com/multiformats/go-multiaddr-dns v0.4.1/go.mod h1:7hfthtB4E4pQwirrz+J0CcDUfbWzTqEzVyYKKIKpgkc=
+github.com/multiformats/go-multiaddr-fmt v0.1.0 h1:WLEFClPycPkp4fnIzoFoV9FVd49/eQsuaL3/CWe167E=
+github.com/multiformats/go-multiaddr-fmt v0.1.0/go.mod h1:hGtDIW4PU4BqJ50gW2quDuPVjyWNZxToGUh/HwTZYJo=
+github.com/multiformats/go-multibase v0.2.0 h1:isdYCVLvksgWlMW9OZRYJEa9pZETFivncJHmHnnd87g=
+github.com/multiformats/go-multibase v0.2.0/go.mod h1:bFBZX4lKCA/2lyOFSAoKH5SS6oPyjtnzK/XTFDPkNuk=
+github.com/multiformats/go-multicodec v0.9.1 h1:x/Fuxr7ZuR4jJV4Os5g444F7xC4XmyUaT/FWtE+9Zjo=
+github.com/multiformats/go-multicodec v0.9.1/go.mod h1:LLWNMtyV5ithSBUo3vFIMaeDy+h3EbkMTek1m+Fybbo=
+github.com/multiformats/go-multihash v0.0.8/go.mod h1:YSLudS+Pi8NHE7o6tb3D8vrpKa63epEDmG8nTduyAew=
+github.com/multiformats/go-multihash v0.2.3 h1:7Lyc8XfX/IY2jWb/gI7JP+o7JEq9hOa7BFvVU9RSh+U=
+github.com/multiformats/go-multihash v0.2.3/go.mod h1:dXgKXCXjBzdscBLk9JkjINiEsCKRVch90MdaGiKsvSM=
+github.com/multiformats/go-multistream v0.6.1 h1:4aoX5v6T+yWmc2raBHsTvzmFhOI8WVOer28DeBBEYdQ=
+github.com/multiformats/go-multistream v0.6.1/go.mod h1:ksQf6kqHAb6zIsyw7Zm+gAuVo57Qbq84E27YlYqavqw=
+github.com/multiformats/go-varint v0.0.7 h1:sWSGR+f/eu5ABZA2ZpYKBILXTTs9JWpdEM/nEGOHFS8=
+github.com/multiformats/go-varint v0.0.7/go.mod h1:r8PUYw/fD/SjBCiKOoDlGF6QawOELpZAu9eioSos/OU=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
+github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM=
+github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
+github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 h1:onHthvaw9LFnH4t2DcNVpwGmV9E1BkGknEliJkfwQj0=
+github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58/go.mod h1:DXv8WO4yhMYhSNPKjeNKa5WY9YCIEBRbNzFFPJbWO6Y=
+github.com/pion/datachannel v1.5.10 h1:ly0Q26K1i6ZkGf42W7D4hQYR90pZwzFOjTq5AuCKk4o=
+github.com/pion/datachannel v1.5.10/go.mod h1:p/jJfC9arb29W7WrxyKbepTU20CFgyx5oLo8Rs4Py/M=
+github.com/pion/dtls/v2 v2.2.7/go.mod h1:8WiMkebSHFD0T+dIU+UeBaoV7kDhOW5oDCzZ7WZ/F9s=
+github.com/pion/dtls/v2 v2.2.12 h1:KP7H5/c1EiVAAKUmXyCzPiQe5+bCJrpOeKg/L05dunk=
+github.com/pion/dtls/v2 v2.2.12/go.mod h1:d9SYc9fch0CqK90mRk1dC7AkzzpwJj6u2GU3u+9pqFE=
+github.com/pion/dtls/v3 v3.0.6 h1:7Hkd8WhAJNbRgq9RgdNh1aaWlZlGpYTzdqjy9x9sK2E=
+github.com/pion/dtls/v3 v3.0.6/go.mod h1:iJxNQ3Uhn1NZWOMWlLxEEHAN5yX7GyPvvKw04v9bzYU=
+github.com/pion/ice/v4 v4.0.10 h1:P59w1iauC/wPk9PdY8Vjl4fOFL5B+USq1+xbDcN6gT4=
+github.com/pion/ice/v4 v4.0.10/go.mod h1:y3M18aPhIxLlcO/4dn9X8LzLLSma84cx6emMSu14FGw=
+github.com/pion/interceptor v0.1.40 h1:e0BjnPcGpr2CFQgKhrQisBU7V3GXK6wrfYrGYaU6Jq4=
+github.com/pion/interceptor v0.1.40/go.mod h1:Z6kqH7M/FYirg3frjGJ21VLSRJGBXB/KqaTIrdqnOic=
+github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
+github.com/pion/logging v0.2.3 h1:gHuf0zpoh1GW67Nr6Gj4cv5Z9ZscU7g/EaoC/Ke/igI=
+github.com/pion/logging v0.2.3/go.mod h1:z8YfknkquMe1csOrxK5kc+5/ZPAzMxbKLX5aXpbpC90=
+github.com/pion/mdns/v2 v2.0.7 h1:c9kM8ewCgjslaAmicYMFQIde2H9/lrZpjBkN8VwoVtM=
+github.com/pion/mdns/v2 v2.0.7/go.mod h1:vAdSYNAT0Jy3Ru0zl2YiW3Rm/fJCwIeM0nToenfOJKA=
+github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA=
+github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8=
+github.com/pion/rtcp v1.2.15 h1:LZQi2JbdipLOj4eBjK4wlVoQWfrZbh3Q6eHtWtJBZBo=
+github.com/pion/rtcp v1.2.15/go.mod h1:jlGuAjHMEXwMUHK78RgX0UmEJFV4zUKOFHR7OP+D3D0=
+github.com/pion/rtp v1.8.19 h1:jhdO/3XhL/aKm/wARFVmvTfq0lC/CvN1xwYKmduly3c=
+github.com/pion/rtp v1.8.19/go.mod h1:bAu2UFKScgzyFqvUKmbvzSdPr+NGbZtv6UB2hesqXBk=
+github.com/pion/sctp v1.8.39 h1:PJma40vRHa3UTO3C4MyeJDQ+KIobVYRZQZ0Nt7SjQnE=
+github.com/pion/sctp v1.8.39/go.mod h1:cNiLdchXra8fHQwmIoqw0MbLLMs+f7uQ+dGMG2gWebE=
+github.com/pion/sdp/v3 v3.0.13 h1:uN3SS2b+QDZnWXgdr69SM8KB4EbcnPnPf2Laxhty/l4=
+github.com/pion/sdp/v3 v3.0.13/go.mod h1:88GMahN5xnScv1hIMTqLdu/cOcUkj6a9ytbncwMCq2E=
+github.com/pion/srtp/v3 v3.0.6 h1:E2gyj1f5X10sB/qILUGIkL4C2CqK269Xq167PbGCc/4=
+github.com/pion/srtp/v3 v3.0.6/go.mod h1:BxvziG3v/armJHAaJ87euvkhHqWe9I7iiOy50K2QkhY=
+github.com/pion/stun v0.6.1 h1:8lp6YejULeHBF8NmV8e2787BogQhduZugh5PdhDyyN4=
+github.com/pion/stun v0.6.1/go.mod h1:/hO7APkX4hZKu/D0f2lHzNyvdkTGtIy3NDmLR7kSz/8=
+github.com/pion/stun/v3 v3.0.0 h1:4h1gwhWLWuZWOJIJR9s2ferRO+W3zA/b6ijOI6mKzUw=
+github.com/pion/stun/v3 v3.0.0/go.mod h1:HvCN8txt8mwi4FBvS3EmDghW6aQJ24T+y+1TKjB5jyU=
+github.com/pion/transport/v2 v2.2.1/go.mod h1:cXXWavvCnFF6McHTft3DWS9iic2Mftcz1Aq29pGcU5g=
+github.com/pion/transport/v2 v2.2.4/go.mod h1:q2U/tf9FEfnSBGSW6w5Qp5PFWRLRj3NjLhCCgpRK4p0=
+github.com/pion/transport/v2 v2.2.10 h1:ucLBLE8nuxiHfvkFKnkDQRYWYfp8ejf4YBOPfaQpw6Q=
+github.com/pion/transport/v2 v2.2.10/go.mod h1:sq1kSLWs+cHW9E+2fJP95QudkzbK7wscs8yYgQToO5E=
+github.com/pion/transport/v3 v3.0.7 h1:iRbMH05BzSNwhILHoBoAPxoB9xQgOaJk+591KC9P1o0=
+github.com/pion/transport/v3 v3.0.7/go.mod h1:YleKiTZ4vqNxVwh77Z0zytYi7rXHl7j6uPLGhhz9rwo=
+github.com/pion/turn/v4 v4.0.2 h1:ZqgQ3+MjP32ug30xAbD6Mn+/K4Sxi3SdNOTFf+7mpps=
+github.com/pion/turn/v4 v4.0.2/go.mod h1:pMMKP/ieNAG/fN5cZiN4SDuyKsXtNTr0ccN7IToA1zs=
+github.com/pion/webrtc/v4 v4.1.2 h1:mpuUo/EJ1zMNKGE79fAdYNFZBX790KE7kQQpLMjjR54=
+github.com/pion/webrtc/v4 v4.1.2/go.mod h1:xsCXiNAmMEjIdFxAYU0MbB3RwRieJsegSB2JZsGN+8U=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
+github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
+github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
+github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.64.0 h1:pdZeA+g617P7oGv1CzdTzyeShxAGrTBsolKNOLQPGO4=
+github.com/prometheus/common v0.64.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=
+github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg=
+github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is=
+github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
+github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
+github.com/quic-go/quic-go v0.54.0 h1:6s1YB9QotYI6Ospeiguknbp2Znb/jZYjZLRXn9kMQBg=
+github.com/quic-go/quic-go v0.54.0/go.mod h1:e68ZEaCdyviluZmy44P6Iey98v/Wfz6HCjQEm+l8zTY=
+github.com/quic-go/webtransport-go v0.9.0 h1:jgys+7/wm6JarGDrW+lD/r9BGqBAmqY/ssklE09bA70=
+github.com/quic-go/webtransport-go v0.9.0/go.mod h1:4FUYIiUc75XSsF6HShcLeXXYZJ9AGwo/xh3L8M/P1ao=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
+github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
+github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY=
+github.com/shurcooL/events v0.0.0-20181021180414-410e4ca65f48/go.mod h1:5u70Mqkb5O5cxEA8nxTsgrgLehJeAw6Oc4Ab1c/P1HM=
+github.com/shurcooL/github_flavored_markdown v0.0.0-20181002035957-2122de532470/go.mod h1:2dOwnU2uBioM+SGy2aZoq1f/Sd1l9OkAeAUvjSyvgU0=
+github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
+github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
+github.com/shurcooL/gofontwoff v0.0.0-20180329035133-29b52fc0a18d/go.mod h1:05UtEgK5zq39gLST6uB0cf3NEHjETfB4Fgr3Gx5R9Vw=
+github.com/shurcooL/gopherjslib v0.0.0-20160914041154-feb6d3990c2c/go.mod h1:8d3azKNyqcHP1GaQE/c6dDgjkgSx2BZ4IoEi4F1reUI=
+github.com/shurcooL/highlight_diff v0.0.0-20170515013008-09bb4053de1b/go.mod h1:ZpfEhSmds4ytuByIcDnOLkTHGUI6KNqRNPDLHDk+mUU=
+github.com/shurcooL/highlight_go v0.0.0-20181028180052-98c3abbbae20/go.mod h1:UDKB5a1T23gOMUJrI+uSuH0VRDStOiUVSjBTRDVBVag=
+github.com/shurcooL/home v0.0.0-20181020052607-80b7ffcb30f9/go.mod h1:+rgNQw2P9ARFAs37qieuu7ohDNQ3gds9msbT2yn85sg=
+github.com/shurcooL/htmlg v0.0.0-20170918183704-d01228ac9e50/go.mod h1:zPn1wHpTIePGnXSHpsVPWEktKXHr6+SS6x/IKRb7cpw=
+github.com/shurcooL/httperror v0.0.0-20170206035902-86b7830d14cc/go.mod h1:aYMfkZ6DWSJPJ6c4Wwz3QtW22G7mf/PEgaB9k/ik5+Y=
+github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
+github.com/shurcooL/httpgzip v0.0.0-20180522190206-b1c53ac65af9/go.mod h1:919LwcH0M7/W4fcZ0/jy0qGght1GIhqyS/EgWGH2j5Q=
+github.com/shurcooL/issues v0.0.0-20181008053335-6292fdc1e191/go.mod h1:e2qWDig5bLteJ4fwvDAc2NHzqFEthkqn7aOZAOpj+PQ=
+github.com/shurcooL/issuesapp v0.0.0-20180602232740-048589ce2241/go.mod h1:NPpHK2TI7iSaM0buivtFUc9offApnI0Alt/K8hcHy0I=
+github.com/shurcooL/notifications v0.0.0-20181007000457-627ab5aea122/go.mod h1:b5uSkrEVM1jQUspwbixRBhaIjIzL2xazXp6kntxYle0=
+github.com/shurcooL/octicon v0.0.0-20181028054416-fa4f57f9efb2/go.mod h1:eWdoE5JD4R5UVWDucdOPg1g2fqQRq78IQa9zlOV1vpQ=
+github.com/shurcooL/reactions v0.0.0-20181006231557-f2e0b4ca5b82/go.mod h1:TCR1lToEk4d2s07G3XGfz2QrgHXg4RJBvjrOozvoWfk=
+github.com/shurcooL/sanitized_anchor_name v0.0.0-20170918181015-86672fcb3f95/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/shurcooL/users v0.0.0-20180125191416-49c67e49c537/go.mod h1:QJTqeLYEDaXHZDBsXlPCDqdhQuJkuw4NOtaxYe3xii4=
+github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5kWdCj2z2KEozexVbfEZIWiTjhE0+UjmZgPqehw=
+github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE=
+github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA=
+github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
+github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA=
+github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
+github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
+github.com/wlynxg/anet v0.0.3/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA=
+github.com/wlynxg/anet v0.0.5 h1:J3VJGi1gvo0JwZ/P1/Yc/8p63SoW98B5dHkYDmpgvvU=
+github.com/wlynxg/anet v0.0.5/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
+go.uber.org/dig v1.19.0 h1:BACLhebsYdpQ7IROQ1AGPjrXcP5dF80U3gKoFzbaq/4=
+go.uber.org/dig v1.19.0/go.mod h1:Us0rSJiThwCv2GteUN0Q7OKvU7n5J4dxZ9JKUXozFdE=
+go.uber.org/fx v1.24.0 h1:wE8mruvpg2kiiL1Vqd0CC+tr0/24XIB10Iwp2lLWzkg=
+go.uber.org/fx v1.24.0/go.mod h1:AmDeGyS+ZARGKM4tlH4FY2Jr63VjbEDJHtqXTGP5hbo=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
+go.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
+golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw=
+golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200602180216-279210d13fed/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
+golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
+golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20250606033433-dcc06ee1d476 h1:bsqhLWFR6G6xiQcb+JoGqdKdRU6WzPWmK8E0jxTjzo4=
+golang.org/x/exp v0.0.0-20250606033433-dcc06ee1d476/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8=
+golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
+golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw=
+golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
+golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
+golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
+golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
+golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
+golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
+golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
+golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
+google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
+google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg=
+google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
+google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
+google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
+google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o=
+honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+lukechampine.com/blake3 v1.4.1 h1:I3Smz7gso8w4/TunLKec6K2fn+kyKtDxr/xcQEN84Wg=
+lukechampine.com/blake3 v1.4.1/go.mod h1:QFosUxmjB8mnrWFSNwKmvxHpfY72bmD2tQ0kBMM3kwo=
+sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck=
+sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0=

interop/autonatv2/go-peer/peer.id

@@ -0,0 +1 @@
+12D3KooWSnUDxXeeEnerD1Wf35R5b8bjTMzdAz838aDUUY8GJPGa

interop/autonatv2/go-peer/peer.key

@@ -0,0 +1,2 @@
+
@i
+(>%ËÁø‡®PM”ܘXE~§|#	õ“ýºØ®ü\íÇجåsqzïÔDSݺvöLË(±Úð…•(×

interop/autonatv2/go-peer/testautonatv2.go

@@ -0,0 +1,97 @@
+package main
+
+import (
+	"crypto/rand"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"os"
+
+	libp2p "github.com/libp2p/go-libp2p"
+	crypto "github.com/libp2p/go-libp2p/core/crypto"
+	peer "github.com/libp2p/go-libp2p/core/peer"
+)
+
+const (
+	privKeyFile = "peer.key"
+	peerIDFile  = "peer.id"
+)
+
+func loadOrCreateIdentity() (crypto.PrivKey, peer.ID, error) {
+	if _, err := os.Stat(privKeyFile); err == nil {
+		// Load private key
+		data, err := ioutil.ReadFile(privKeyFile)
+		if err != nil {
+			return nil, "", fmt.Errorf("failed to read private key: %w", err)
+		}
+		priv, err := crypto.UnmarshalPrivateKey(data)
+		if err != nil {
+			return nil, "", fmt.Errorf("failed to unmarshal private key: %w", err)
+		}
+
+		// Load peer ID as string
+		peerData, err := ioutil.ReadFile(peerIDFile)
+		if err != nil {
+			return nil, "", fmt.Errorf("failed to read peer ID: %w", err)
+		}
+		pid, err := peer.Decode(string(peerData))
+		if err != nil {
+			return nil, "", fmt.Errorf("failed to decode peer ID: %w", err)
+		}
+
+		return priv, pid, nil
+	}
+
+	// Create new keypair
+	priv, pub, err := crypto.GenerateEd25519Key(rand.Reader)
+	if err != nil {
+		return nil, "", fmt.Errorf("failed to generate keypair: %w", err)
+	}
+	pid, err := peer.IDFromPublicKey(pub)
+	if err != nil {
+		return nil, "", fmt.Errorf("failed to derive peer ID: %w", err)
+	}
+
+	// Save private key
+	privBytes, err := crypto.MarshalPrivateKey(priv)
+	if err != nil {
+		return nil, "", fmt.Errorf("failed to marshal private key: %w", err)
+	}
+	if err := ioutil.WriteFile(privKeyFile, privBytes, 0600); err != nil {
+		return nil, "", fmt.Errorf("failed to write private key: %w", err)
+	}
+
+	// Save peer ID in canonical string form
+	if err := ioutil.WriteFile(peerIDFile, []byte(pid.String()), 0644); err != nil {
+		return nil, "", fmt.Errorf("failed to write peer ID: %w", err)
+	}
+
+	return priv, pid, nil
+}
+
+func main() {
+	priv, pid, err := loadOrCreateIdentity()
+	if err != nil {
+		log.Fatalf("Identity setup failed: %v", err)
+	}
+
+	h, err := libp2p.New(
+		libp2p.Identity(priv),
+		libp2p.EnableAutoNATv2(),
+		libp2p.ListenAddrStrings(
+			"/ip4/0.0.0.0/tcp/4040",
+			"/ip6/::/tcp/4040",
+		),
+	)
+	if err != nil {
+		log.Fatalf("Failed to create host: %v", err)
+	}
+	defer h.Close()
+
+	fmt.Println("Peer ID:", pid.String())
+	fmt.Println("Listen addresses:", h.Addrs())
+	fmt.Println("AutoNATv2 client started.")
+
+	select {}
+}
+

interop/autonatv2/nim-peer/config.nims

@@ -0,0 +1,4 @@
+# begin Nimble config (version 2)
+when withDir(thisDir(), system.fileExists("nimble.paths")):
+  include "nimble.paths"
+# end Nimble config

interop/autonatv2/nim-peer/nim_peer.nimble

@@ -0,0 +1,10 @@
+version = "0.1.0"
+author = "Status Research & Development Gmb"
+description = "AutoNATv2 peer for interop testing"
+license = "MIT"
+srcDir = "src"
+bin = @["nim_peer"]
+
+# Dependencies
+
+requires "nim >= 2.3.1", "libp2p"

interop/autonatv2/nim-peer/src/nim_peer.nim

@@ -0,0 +1,64 @@
+import net, os, chronos, libp2p
+import libp2p/protocols/connectivity/autonatv2/service
+import libp2p/protocols/connectivity/autonatv2/types
+
+proc waitForService(
+    host: string, port: Port, retries: int = 20, delay: Duration = 500.milliseconds
+): Future[bool] {.async.} =
+  for i in 0 ..< retries:
+    try:
+      var s = newSocket()
+      s.connect(host, port)
+      s.close()
+      return true
+    except OSError:
+      discard
+    await sleepAsync(delay)
+  return false
+
+proc main() {.async.} =
+  if paramCount() != 1:
+    quit("Usage: nim r src/nim_peer.nim <peerid>", 1)
+
+  # ensure go peer is started
+  await sleepAsync(3.seconds)
+
+  let dstPeerId = PeerId.init(paramStr(1)).get()
+
+  var src = SwitchBuilder
+    .new()
+    .withRng(newRng())
+    .withAddresses(@[MultiAddress.init("/ip4/0.0.0.0/tcp/3030").tryGet()])
+    .withAutonatV2Server()
+    .withAutonatV2(
+      serviceConfig = AutonatV2ServiceConfig.new(scheduleInterval = Opt.some(1.seconds))
+    )
+    .withTcpTransport()
+    .withYamux()
+    .withNoise()
+    .build()
+
+  let awaiter = newFuture[void]()
+
+  proc statusAndConfidenceHandler(
+      networkReachability: NetworkReachability, confidence: Opt[float]
+  ) {.async: (raises: [CancelledError]).} =
+    if networkReachability != NetworkReachability.Unknown and confidence.isSome() and
+        confidence.get() >= 0.3:
+      if not awaiter.finished:
+        awaiter.complete()
+
+  let service = cast[AutonatV2Service](src.services[1])
+  service.setStatusAndConfidenceHandler(statusAndConfidenceHandler)
+
+  await src.start()
+  await src.connect(dstPeerId, @[MultiAddress.init("/ip4/127.0.0.1/tcp/4040").get()])
+
+  await awaiter
+  echo service.networkReachability
+
+when isMainModule:
+  if waitFor(waitForService("127.0.0.1", Port(4040))):
+    waitFor(main())
+  else:
+    quit("timeout waiting for service", 1)

interop/hole-punching/Dockerfile

@@ -0,0 +1,19 @@
+# syntax=docker/dockerfile:1.5-labs
+FROM nimlang/nim:latest as builder
+
+WORKDIR /workspace
+
+COPY .pinned libp2p.nimble nim-libp2p/
+
+RUN --mount=type=cache,target=/var/cache/apt apt-get update && apt-get install -y libssl-dev
+
+RUN cd nim-libp2p && nimble install_pinned && nimble install redis -y
+
+COPY . nim-libp2p/
+
+RUN cd nim-libp2p && nim c --skipParentCfg --NimblePath:./nimbledeps/pkgs2 --mm:refc -d:chronicles_log_level=DEBUG -d:chronicles_default_output_device=stderr -d:release --threads:off --skipProjCfg -o:hole-punching-tests ./interop/hole-punching/hole_punching.nim
+
+FROM --platform=linux/amd64 debian:bullseye-slim
+RUN --mount=type=cache,target=/var/cache/apt apt-get update && apt-get install -y dnsutils jq curl tcpdump iproute2 libssl-dev
+COPY --from=builder /workspace/nim-libp2p/hole-punching-tests /usr/bin/hole-punch-client
+ENV RUST_BACKTRACE=1

interop/hole-punching/hole_punching.nim

@@ -0,0 +1,138 @@
+import std/[os, options, strformat, sequtils]
+import redis
+import chronos, chronicles
+import
+  ../../libp2p/[
+    builders,
+    switch,
+    multicodec,
+    observedaddrmanager,
+    services/hpservice,
+    services/autorelayservice,
+    protocols/connectivity/autonat/client as aclient,
+    protocols/connectivity/relay/client as rclient,
+    protocols/connectivity/relay/relay,
+    protocols/connectivity/autonat/service,
+    protocols/ping,
+  ]
+import ../../tests/[stubs/autonatclientstub, errorhelpers]
+
+logScope:
+  topics = "hp interop node"
+
+proc createSwitch(r: Relay = nil, hpService: Service = nil): Switch =
+  let rng = newRng()
+  var builder = SwitchBuilder
+    .new()
+    .withRng(rng)
+    .withAddresses(@[MultiAddress.init("/ip4/0.0.0.0/tcp/0").tryGet()])
+    .withObservedAddrManager(ObservedAddrManager.new(maxSize = 1, minCount = 1))
+    .withTcpTransport({ServerFlags.TcpNoDelay})
+    .withYamux()
+    .withAutonat()
+    .withNoise()
+
+  if hpService != nil:
+    builder = builder.withServices(@[hpService])
+
+  if r != nil:
+    builder = builder.withCircuitRelay(r)
+
+  let s = builder.build()
+  s.mount(Ping.new(rng = rng))
+  return s
+
+proc main() {.async.} =
+  let relayClient = RelayClient.new()
+  let autoRelayService = AutoRelayService.new(1, relayClient, nil, newRng())
+  let autonatClientStub = AutonatClientStub.new(expectedDials = 1)
+  autonatClientStub.answer = NotReachable
+  let autonatService = AutonatService.new(autonatClientStub, newRng(), maxQueueSize = 1)
+  let hpservice = HPService.new(autonatService, autoRelayService)
+
+  let
+    isListener = getEnv("MODE") == "listen"
+    switch = createSwitch(relayClient, hpservice)
+    auxSwitch = createSwitch()
+    redisClient = open("redis", 6379.Port)
+
+  debug "Connected to redis"
+
+  await switch.start()
+  await auxSwitch.start()
+
+  let relayAddr =
+    try:
+      redisClient.bLPop(@["RELAY_TCP_ADDRESS"], 0)
+    except Exception as e:
+      raise newException(CatchableError, e.msg)
+
+  debug "All relay addresses", relayAddr
+
+  # This is necessary to make the autonat service work. It will ask this peer for our reachability which the autonat
+  # client stub will answer NotReachable.
+  await switch.connect(auxSwitch.peerInfo.peerId, auxSwitch.peerInfo.addrs)
+
+  # Wait for autonat to be NotReachable
+  while autonatService.networkReachability != NetworkReachability.NotReachable:
+    await sleepAsync(100.milliseconds)
+
+  # This will trigger the autonat relay service to make a reservation.
+  let relayMA = MultiAddress.init(relayAddr[1]).tryGet()
+
+  try:
+    debug "Dialing relay...", relayMA
+    let relayId = await switch.connect(relayMA).wait(30.seconds)
+    debug "Connected to relay", relayId
+  except AsyncTimeoutError as e:
+    raise newException(CatchableError, "Connection to relay timed out: " & e.msg, e)
+
+  # Wait for our relay address to be published
+  while not switch.peerInfo.addrs.anyIt(it.contains(multiCodec("p2p-circuit")).tryGet()):
+    await sleepAsync(100.milliseconds)
+
+  if isListener:
+    let listenerPeerId = switch.peerInfo.peerId
+    discard redisClient.rPush("LISTEN_CLIENT_PEER_ID", $listenerPeerId)
+    debug "Pushed listener client peer id to redis", listenerPeerId
+
+    # Nothing to do anymore, wait to be killed
+    await sleepAsync(2.minutes)
+  else:
+    let listenerId =
+      try:
+        PeerId.init(redisClient.bLPop(@["LISTEN_CLIENT_PEER_ID"], 0)[1]).tryGet()
+      except Exception as e:
+        raise newException(CatchableError, "Exception init peer: " & e.msg, e)
+
+    debug "Got listener peer id", listenerId
+    let listenerRelayAddr = MultiAddress.init($relayMA & "/p2p-circuit").tryGet()
+
+    debug "Dialing listener relay address", listenerRelayAddr
+    await switch.connect(listenerId, @[listenerRelayAddr])
+
+    # wait for hole-punching to complete in the background
+    await sleepAsync(5000.milliseconds)
+
+    let conn = switch.connManager.selectMuxer(listenerId).connection
+    let channel = await switch.dial(listenerId, @[listenerRelayAddr], PingCodec)
+    let delay = await Ping.new().ping(channel)
+    await allFuturesThrowing(
+      channel.close(), conn.close(), switch.stop(), auxSwitch.stop()
+    )
+    echo &"""{{"rtt_to_holepunched_peer_millis":{delay.millis}}}"""
+
+try:
+  proc mainAsync(): Future[string] {.async.} =
+    # mainAsync wraps main and returns some value, as otherwise
+    # 'waitFor(fut)' has no type (or is ambiguous)
+    await main()
+    return "done"
+
+  discard waitFor(mainAsync().wait(4.minutes))
+except AsyncTimeoutError as e:
+  error "Program execution timed out", description = e.msg
+  quit(-1)
+except CatchableError as e:
+  error "Unexpected error", description = e.msg
+  quit(-1)

interop/hole-punching/version.json

@@ -0,0 +1,7 @@
+{
+  "id": "nim-libp2p-head",
+  "containerImageID": "nim-libp2p-head",
+  "transports": [
+    "tcp"
+  ]
+}

interop/transport/Dockerfile

@@ -0,0 +1,18 @@
+# syntax=docker/dockerfile:1.5-labs
+FROM nimlang/nim:latest as builder
+
+WORKDIR /app
+
+COPY .pinned libp2p.nimble nim-libp2p/
+
+RUN --mount=type=cache,target=/var/cache/apt apt-get update && apt-get install -y libssl-dev
+
+RUN cd nim-libp2p && nimble install_pinned && nimble install redis -y
+
+COPY . nim-libp2p/
+
+RUN \
+  cd nim-libp2p && \
+  nim c --skipProjCfg --skipParentCfg --NimblePath:./nimbledeps/pkgs2 -p:nim-libp2p --mm:refc -d:libp2p_quic_support -d:chronicles_log_level=WARN -d:chronicles_default_output_device=stderr --threads:off ./interop/transport/main.nim
+
+ENTRYPOINT ["/app/nim-libp2p/interop/transport/main"]

interop/transport/main.nim

@@ -0,0 +1,113 @@
+import std/[os, strutils, sequtils], chronos, redis, serialization, json_serialization
+import ../../libp2p/[builders, protocols/ping, transports/wstransport]
+
+type ResultJson = object
+  handshakePlusOneRTTMillis: float
+  pingRTTMilllis: float
+
+let testTimeout =
+  try:
+    seconds(parseInt(getEnv("test_timeout_seconds")))
+  except CatchableError:
+    3.minutes
+
+proc main() {.async.} =
+  let
+    transport = getEnv("transport")
+    muxer = getEnv("muxer")
+    secureChannel = getEnv("security")
+    isDialer = getEnv("is_dialer") == "true"
+    envIp = getEnv("ip", "0.0.0.0")
+    ip =
+      # nim-libp2p doesn't do snazzy ip expansion
+      if envIp == "0.0.0.0":
+        block:
+          let addresses =
+            getInterfaces().filterIt(it.name == "eth0").mapIt(it.addresses)
+          if addresses.len < 1 or addresses[0].len < 1:
+            quit "Can't find local ip!"
+          ($addresses[0][0].host).split(":")[0]
+      else:
+        envIp
+    redisAddr = getEnv("redis_addr", "redis:6379").split(":")
+
+    # using synchronous redis because async redis is based on
+    # asyncdispatch instead of chronos
+    redisClient = open(redisAddr[0], Port(parseInt(redisAddr[1])))
+
+    switchBuilder = SwitchBuilder.new()
+
+  case transport
+  of "tcp":
+    discard switchBuilder.withTcpTransport().withAddress(
+        MultiAddress.init("/ip4/" & ip & "/tcp/0").tryGet()
+      )
+  of "quic-v1":
+    discard switchBuilder.withQuicTransport().withAddress(
+        MultiAddress.init("/ip4/" & ip & "/udp/0/quic-v1").tryGet()
+      )
+  of "ws":
+    discard switchBuilder.withWsTransport().withAddress(
+        MultiAddress.init("/ip4/" & ip & "/tcp/0/ws").tryGet()
+      )
+  else:
+    doAssert false
+
+  case secureChannel
+  of "noise":
+    discard switchBuilder.withNoise()
+
+  case muxer
+  of "yamux":
+    discard switchBuilder.withYamux()
+  of "mplex":
+    discard switchBuilder.withMplex()
+
+  let
+    rng = newRng()
+    switch = switchBuilder.withRng(rng).build()
+    pingProtocol = Ping.new(rng = rng)
+  switch.mount(pingProtocol)
+  await switch.start()
+  defer:
+    await switch.stop()
+
+  if not isDialer:
+    discard redisClient.rPush("listenerAddr", $switch.peerInfo.fullAddrs.tryGet()[0])
+    await sleepAsync(100.hours) # will get cancelled
+  else:
+    let listenerAddr =
+      try:
+        redisClient.bLPop(@["listenerAddr"], testTimeout.seconds.int)[1]
+      except Exception as e:
+        raise newException(CatchableError, "Exception calling bLPop: " & e.msg, e)
+    let
+      remoteAddr = MultiAddress.init(listenerAddr).tryGet()
+      dialingStart = Moment.now()
+      remotePeerId = await switch.connect(remoteAddr)
+      stream = await switch.dial(remotePeerId, PingCodec)
+      pingDelay = await pingProtocol.ping(stream)
+      totalDelay = Moment.now() - dialingStart
+    await stream.close()
+
+    echo Json.encode(
+      ResultJson(
+        handshakePlusOneRTTMillis: float(totalDelay.milliseconds),
+        pingRTTMilllis: float(pingDelay.milliseconds),
+      )
+    )
+
+try:
+  proc mainAsync(): Future[string] {.async.} =
+    # mainAsync wraps main and returns some value, as otherwise
+    # 'waitFor(fut)' has no type (or is ambiguous)
+    await main()
+    return "done"
+
+  discard waitFor(mainAsync().wait(testTimeout))
+except AsyncTimeoutError as e:
+  error "Program execution timed out", description = e.msg
+  quit(-1)
+except CatchableError as e:
+  error "Unexpected error", description = e.msg
+  quit(-1)

interop/transport/version.json

@@ -0,0 +1,16 @@
+{
+  "id": "nim-libp2p-head",
+  "containerImageID": "nim-libp2p-head",
+  "transports": [
+    "tcp",
+    "ws",
+    "quic-v1"
+  ],
+  "secureChannels": [
+    "noise"
+  ],
+  "muxers": [
+    "mplex",
+    "yamux"
+  ]
+}

libp2p.nim

@@ -1,5 +1,5 @@
 # Nim-LibP2P
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -17,11 +17,12 @@ when defined(nimdoc):
   ## stay backward compatible during the Major version, whereas private ones can
   ## change at each new Minor version.
   ##
-  ## If you're new to nim-libp2p, you can find a tutorial `here<https://status-im.github.io/nim-libp2p/docs/tutorial_1_connect/>`_
+  ## If you're new to nim-libp2p, you can find a tutorial `here<https://vacp2p.github.io/nim-libp2p/docs/tutorial_1_connect/>`_
   ## that can help you get started.
 
   # Import stuff for doc
-  import libp2p/[
+  import
+    libp2p/[
       protobuf/minprotobuf,
       switch,
       stream/lpstream,
@@ -33,40 +34,43 @@ when defined(nimdoc):
       peerid,
       peerinfo,
       peerstore,
-      multiaddress]
+      multiaddress,
+    ]
 
   proc dummyPrivateProc*() =
     ## A private proc example
     discard
+
 else:
   import
-    libp2p/[protobuf/minprotobuf,
-            muxers/muxer,
-            muxers/mplex/mplex,
-            stream/lpstream,
-            stream/bufferstream,
-            stream/connection,
-            transports/transport,
-            transports/tcptransport,
-            transports/wstransport,
-            protocols/secure/noise,
-            protocols/ping,
-            cid,
-            multihash,
-            multibase,
-            multicodec,
-            errors,
-            switch,
-            peerid,
-            peerinfo,
-            multiaddress,
-            builders,
-            crypto/crypto,
-            protocols/pubsub]
+    libp2p/[
+      protobuf/minprotobuf,
+      muxers/muxer,
+      muxers/mplex/mplex,
+      stream/lpstream,
+      stream/bufferstream,
+      stream/connection,
+      transports/transport,
+      transports/tcptransport,
+      protocols/secure/noise,
+      cid,
+      multihash,
+      multicodec,
+      errors,
+      switch,
+      peerid,
+      peerinfo,
+      multiaddress,
+      builders,
+      crypto/crypto,
+      protocols/pubsub,
+    ]
 
   export
-    minprotobuf, switch, peerid, peerinfo,
-    connection, multiaddress, crypto, lpstream,
-    bufferstream, muxer, mplex, transport,
-    tcptransport, noise, errors, cid, multihash,
+    minprotobuf, switch, peerid, peerinfo, connection, multiaddress, crypto, lpstream,
+    bufferstream, muxer, mplex, transport, tcptransport, noise, errors, cid, multihash,
     multicodec, builders, pubsub
+
+  when defined(libp2p_quic_support):
+    import libp2p/transports/quictransport
+    export quictransport

libp2p.nimble

@@ -1,38 +1,40 @@
 mode = ScriptMode.Verbose
 
-packageName   = "libp2p"
-version       = "1.0.0"
-author        = "Status Research & Development GmbH"
-description   = "LibP2P implementation"
-license       = "MIT"
-skipDirs      = @["tests", "examples", "Nim", "tools", "scripts", "docs"]
+packageName = "libp2p"
+version = "1.13.0"
+author = "Status Research & Development GmbH"
+description = "LibP2P implementation"
+license = "MIT"
+skipDirs = @["tests", "examples", "Nim", "tools", "scripts", "docs"]
 
-requires "nim >= 1.2.0",
-         "nimcrypto >= 0.4.1",
-         "dnsclient >= 0.3.0 & < 0.4.0",
-         "bearssl >= 0.1.4",
-         "chronicles >= 0.10.2",
-         "chronos >= 3.0.6",
-         "metrics",
-         "secp256k1",
-         "stew#head",
-         "websock"
+requires "nim >= 2.0.0",
+  "nimcrypto >= 0.6.0 & < 0.7.0", "dnsclient >= 0.3.0 & < 0.4.0", "bearssl >= 0.2.5",
+  "chronicles >= 0.11.0 & < 0.12.0", "chronos >= 4.0.4", "metrics", "secp256k1",
+  "stew >= 0.4.0", "websock >= 0.2.0", "unittest2", "results", "quic >= 0.2.16",
+  "https://github.com/vacp2p/nim-jwt.git#18f8378de52b241f321c1f9ea905456e89b95c6f"
 
-proc runTest(filename: string, verify: bool = true, sign: bool = true,
-             moreoptions: string = "") =
-  var excstr = "nim c --skipParentCfg --opt:speed -d:debug -d:libp2p_agents_metrics -d:libp2p_protobuf_metrics -d:libp2p_network_protocols_metrics -d:libp2p_mplex_metrics "
-  excstr.add(" -d:chronicles_sinks=textlines[stdout],json[dynamic] -d:chronicles_log_level=TRACE ")
-  excstr.add(" -d:chronicles_runtime_filtering=TRUE ")
-  excstr.add(" " & getEnv("NIMFLAGS") & " ")
-  excstr.add(" --verbosity:0 --hints:off ")
-  excstr.add(" -d:libp2p_pubsub_sign=" & $sign)
-  excstr.add(" -d:libp2p_pubsub_verify=" & $verify)
+let nimc = getEnv("NIMC", "nim") # Which nim compiler to use
+let lang = getEnv("NIMLANG", "c") # Which backend (c/cpp/js)
+let flags = getEnv("NIMFLAGS", "") # Extra flags for the compiler
+let verbose = getEnv("V", "") notin ["", "0"]
+
+let cfg =
+  " --styleCheck:usages --styleCheck:error" &
+  (if verbose: "" else: " --verbosity:0 --hints:off") & " --skipUserCfg -f" &
+  " --threads:on --opt:speed"
+
+import hashes, strutils
+
+proc runTest(filename: string, moreoptions: string = "") =
+  var excstr = nimc & " " & lang & " -d:debug " & cfg & " " & flags
   excstr.add(" " & moreoptions & " ")
-  exec excstr & " -r " & " tests/" & filename
+  if getEnv("CICOV").len > 0:
+    excstr &= " --nimcache:nimcache/" & filename & "-" & $excstr.hash
+  exec excstr & " -r -d:libp2p_quic_support -d:libp2p_autotls_support tests/" & filename
   rmFile "tests/" & filename.toExe
 
 proc buildSample(filename: string, run = false, extraFlags = "") =
-  var excstr = "nim c --opt:speed --threads:on -d:debug --verbosity:0 --hints:off -p:. " & extraFlags
+  var excstr = nimc & " " & lang & " " & cfg & " " & flags & " -p:. " & extraFlags
   excstr.add(" examples/" & filename)
   exec excstr
   if run:
@@ -40,51 +42,26 @@ proc buildSample(filename: string, run = false, extraFlags = "") =
   rmFile "examples/" & filename.toExe
 
 proc tutorialToMd(filename: string) =
-  let markdown = gorge "cat " & filename & " | nim c -r --verbosity:0 --hints:off tools/markdown_builder.nim "
+  let markdown = gorge "cat " & filename & " | " & nimc & " " & lang &
+    " -r --verbosity:0 --hints:off tools/markdown_builder.nim "
   writeFile(filename.replace(".nim", ".md"), markdown)
 
 task testnative, "Runs libp2p native tests":
   runTest("testnative")
 
-task testdaemon, "Runs daemon tests":
-  runTest("testdaemon")
-
-task testinterop, "Runs interop tests":
-  runTest("testinterop")
-
 task testpubsub, "Runs pubsub tests":
-  runTest("pubsub/testgossipinternal", sign = false, verify = false, moreoptions = "-d:pubsub_internal_testing")
-  runTest("pubsub/testpubsub")
-  runTest("pubsub/testpubsub", sign = false, verify = false)
-  runTest("pubsub/testpubsub", sign = false, verify = false, moreoptions = "-d:libp2p_pubsub_anonymize=true")
-
-task testpubsub_slim, "Runs pubsub tests":
-  runTest("pubsub/testgossipinternal", sign = false, verify = false, moreoptions = "-d:pubsub_internal_testing")
-  runTest("pubsub/testpubsub")
+  runTest("pubsub/testpubsub", "-d:libp2p_gossipsub_1_4")
 
 task testfilter, "Run PKI filter test":
-  runTest("testpkifilter",
-           moreoptions = "-d:libp2p_pki_schemes=\"secp256k1\"")
-  runTest("testpkifilter",
-           moreoptions = "-d:libp2p_pki_schemes=\"secp256k1;ed25519\"")
-  runTest("testpkifilter",
-           moreoptions = "-d:libp2p_pki_schemes=\"secp256k1;ed25519;ecnist\"")
-  runTest("testpkifilter",
-           moreoptions = "-d:libp2p_pki_schemes=")
+  runTest("testpkifilter")
+  runTest("testpkifilter", moreoptions = "-d:libp2p_pki_schemes=")
+
+task testintegration, "Runs integraion tests":
+  runTest("testintegration")
 
 task test, "Runs the test suite":
-  exec "nimble testnative"
-  exec "nimble testpubsub"
-  exec "nimble testdaemon"
-  exec "nimble testinterop"
+  runTest("testall")
   exec "nimble testfilter"
-  exec "nimble examples_build"
-
-task test_slim, "Runs the (slimmed down) test suite":
-  exec "nimble testnative"
-  exec "nimble testpubsub_slim"
-  exec "nimble testfilter"
-  exec "nimble examples_build"
 
 task website, "Build the website":
   tutorialToMd("examples/tutorial_1_connect.nim")
@@ -96,20 +73,12 @@ task website, "Build the website":
   tutorialToMd("examples/circuitrelay.nim")
   exec "mkdocs build"
 
-task examples_build, "Build the samples":
-  buildSample("directchat")
-  buildSample("helloworld", true)
-  buildSample("circuitrelay", true)
-  buildSample("tutorial_1_connect", true)
-  buildSample("tutorial_2_customproto", true)
-  if (NimMajor, NimMinor) > (1, 2):
-    # These tutorials relies on post 1.4 exception tracking
-    buildSample("tutorial_3_protobuf", true)
-    buildSample("tutorial_4_gossipsub", true)
-    buildSample("tutorial_5_discovery", true)
-    # Nico doesn't work in 1.2
-    exec "nimble install -y nico"
-    buildSample("tutorial_6_game", false, "--styleCheck:off")
+task examples, "Build and run examples":
+  exec "nimble install -y nimpng"
+  exec "nimble install -y nico --passNim=--skipParentCfg"
+  buildSample("examples_build", false, "--styleCheck:off") # build only
+
+  buildSample("examples_run", true)
 
 # pin system
 # while nimble lockfile
@@ -120,12 +89,14 @@ task pin, "Create a lockfile":
   # pinner.nim was originally here
   # but you can't read output from
   # a command in a nimscript
-  exec "nim c -r tools/pinner.nim"
+  exec nimc & " c -r tools/pinner.nim"
 
 import sequtils
 import os
 task install_pinned, "Reads the lockfile":
-  let toInstall = readFile(PinFile).splitWhitespace().mapIt((it.split(";", 1)[0], it.split(";", 1)[1]))
+  let toInstall = readFile(PinFile).splitWhitespace().mapIt(
+      (it.split(";", 1)[0], it.split(";", 1)[1])
+    )
   # [('packageName', 'packageFullUri')]
 
   rmDir("nimbledeps")
@@ -134,9 +105,20 @@ task install_pinned, "Reads the lockfile":
 
   # Remove the automatically installed deps
   # (inefficient you say?)
-  let allowedDirectories = toInstall.mapIt(it[0] & "-" & it[1].split('@')[1])
-  for dependency in listDirs("nimbledeps/pkgs"):
-    if dependency.extractFilename notin allowedDirectories:
+  let nimblePkgs =
+    if system.dirExists("nimbledeps/pkgs"): "nimbledeps/pkgs" else: "nimbledeps/pkgs2"
+  for dependency in listDirs(nimblePkgs):
+    let
+      fileName = dependency.extractFilename
+      fileContent = readFile(dependency & "/nimblemeta.json")
+      packageName = fileName.split('-')[0]
+
+    if toInstall.anyIt(
+      it[0] == packageName and (
+        it[1].split('#')[^1] in fileContent or # nimble for nim 2.X
+        fileName.endsWith(it[1].split('#')[^1]) # nimble for nim 1.X
+      )
+    ) == false or fileName.split('-')[^1].len < 20: # safegard for nimble for nim 1.X
       rmDir(dependency)
 
 task unpin, "Restore global package use":

libp2p/autotls/acme/api.nim

@@ -0,0 +1,533 @@
+import json, uri
+from times import DateTime, parse
+import chronos/apps/http/httpclient, results, chronicles
+
+import ./utils
+import ../../crypto/crypto
+import ../../crypto/rsa
+
+export ACMEError
+
+logScope:
+  topics = "libp2p acme api"
+
+const
+  LetsEncryptURL* = "https://acme-v02.api.letsencrypt.org"
+  LetsEncryptURLStaging* = "https://acme-staging-v02.api.letsencrypt.org"
+  Alg = "RS256"
+  DefaultChalCompletedRetries = 10
+  DefaultChalCompletedRetryTime = 1.seconds
+  DefaultFinalizeRetries = 10
+  DefaultFinalizeRetryTime = 1.seconds
+  DefaultRandStringSize = 256
+  ACMEHttpHeaders = [("Content-Type", "application/jose+json")]
+
+type Authorization* = string
+type Domain* = string
+type Kid* = string
+type Nonce* = string
+
+type ACMEDirectory* = object
+  newNonce*: string
+  newOrder*: string
+  newAccount*: string
+
+type ACMEApi* = ref object of RootObj
+  directory: Opt[ACMEDirectory]
+  session: HttpSessionRef
+  acmeServerURL*: Uri
+
+type HTTPResponse* = object
+  body*: JsonNode
+  headers*: HttpTable
+
+type JWK = object
+  kty: string
+  n: string
+  e: string
+
+# whether the request uses Kid or not
+type ACMERequestType = enum
+  ACMEJwkRequest
+  ACMEKidRequest
+
+type ACMERequestHeader = object
+  alg: string
+  typ: string
+  nonce: Nonce
+  url: string
+  case kind: ACMERequestType
+  of ACMEJwkRequest:
+    jwk: JWK
+  of ACMEKidRequest:
+    kid: Kid
+
+type Email = string
+
+type ACMERegisterRequest* = object
+  termsOfServiceAgreed: bool
+  contact: seq[Email]
+
+type ACMEAccountStatus = enum
+  valid = "valid"
+  deactivated = "deactivated"
+  revoked = "revoked"
+
+type ACMERegisterResponseBody = object
+  status*: ACMEAccountStatus
+
+type ACMERegisterResponse* = object
+  kid*: Kid
+  status*: ACMEAccountStatus
+
+type ACMEChallengeStatus* {.pure.} = enum
+  PENDING = "pending"
+  PROCESSING = "processing"
+  VALID = "valid"
+  INVALID = "invalid"
+
+type ACMEOrderStatus* {.pure.} = enum
+  PENDING = "pending"
+  READY = "ready"
+  PROCESSING = "processing"
+  VALID = "valid"
+  INVALID = "invalid"
+
+type ACMEChallengeType* {.pure.} = enum
+  DNS01 = "dns-01"
+  HTTP01 = "http-01"
+  TLSALPN01 = "tls-alpn-01"
+
+type ACMEChallengeToken* = string
+
+type ACMEChallenge* = object
+  url*: string
+  `type`*: ACMEChallengeType
+  status*: ACMEChallengeStatus
+  token*: ACMEChallengeToken
+
+type ACMEChallengeIdentifier = object
+  `type`: string
+  value: string
+
+type ACMEChallengeRequest = object
+  identifiers: seq[ACMEChallengeIdentifier]
+
+type ACMEChallengeResponseBody = object
+  status: ACMEOrderStatus
+  authorizations: seq[Authorization]
+  finalize: string
+
+type ACMEChallengeResponse* = object
+  status*: ACMEOrderStatus
+  authorizations*: seq[Authorization]
+  finalize*: string
+  order*: string
+
+type ACMEChallengeResponseWrapper* = object
+  finalize*: string
+  order*: string
+  dns01*: ACMEChallenge
+
+type ACMEAuthorizationsResponse* = object
+  challenges*: seq[ACMEChallenge]
+
+type ACMECompletedResponse* = object
+  url: string
+
+type ACMECheckKind* = enum
+  ACMEOrderCheck
+  ACMEChallengeCheck
+
+type ACMECheckResponse* = object
+  case kind: ACMECheckKind
+  of ACMEOrderCheck:
+    orderStatus: ACMEOrderStatus
+  of ACMEChallengeCheck:
+    chalStatus: ACMEChallengeStatus
+  retryAfter: Duration
+
+type ACMEFinalizeResponse* = object
+  status: ACMEOrderStatus
+
+type ACMEOrderResponse* = object
+  certificate: string
+  expires: string
+
+type ACMECertificateResponse* = object
+  rawCertificate*: string
+  certificateExpiry*: DateTime
+
+type ACMECertificate* = object
+  rawCertificate*: string
+  certificateExpiry*: DateTime
+  certKeyPair*: KeyPair
+
+when defined(libp2p_autotls_support):
+  import options, sequtils, strutils, jwt, bearssl/pem
+
+  template handleError*(msg: string, body: untyped): untyped =
+    try:
+      body
+    except ACMEError as exc:
+      raise exc
+    except CancelledError as exc:
+      raise exc
+    except JsonKindError as exc:
+      raise newException(ACMEError, msg & ": Failed to decode JSON", exc)
+    except ValueError as exc:
+      raise newException(ACMEError, msg & ": Failed to decode JSON", exc)
+    except HttpError as exc:
+      raise newException(ACMEError, msg & ": Failed to connect to ACME server", exc)
+    except CatchableError as exc:
+      raise newException(ACMEError, msg & ": Unexpected error", exc)
+
+  method post*(
+    self: ACMEApi, uri: Uri, payload: string
+  ): Future[HTTPResponse] {.
+    async: (raises: [ACMEError, HttpError, CancelledError]), base
+  .}
+
+  method get*(
+    self: ACMEApi, uri: Uri
+  ): Future[HTTPResponse] {.
+    async: (raises: [ACMEError, HttpError, CancelledError]), base
+  .}
+
+  proc new*(
+      T: typedesc[ACMEApi], acmeServerURL: Uri = parseUri(LetsEncryptURL)
+  ): ACMEApi =
+    let session = HttpSessionRef.new()
+
+    ACMEApi(
+      session: session, directory: Opt.none(ACMEDirectory), acmeServerURL: acmeServerURL
+    )
+
+  proc getDirectory(
+      self: ACMEApi
+  ): Future[ACMEDirectory] {.async: (raises: [ACMEError, CancelledError]).} =
+    handleError("getDirectory"):
+      self.directory.valueOr:
+        let acmeResponse = await self.get(self.acmeServerURL / "directory")
+        let directory = acmeResponse.body.to(ACMEDirectory)
+        self.directory = Opt.some(directory)
+        directory
+
+  method requestNonce*(
+      self: ACMEApi
+  ): Future[Nonce] {.async: (raises: [ACMEError, CancelledError]), base.} =
+    handleError("requestNonce"):
+      let acmeResponse = await self.get(parseUri((await self.getDirectory()).newNonce))
+      Nonce(acmeResponse.headers.keyOrError("Replay-Nonce"))
+
+  # TODO: save n and e in account so we don't have to recalculate every time
+  proc acmeHeader(
+      self: ACMEApi, uri: Uri, key: KeyPair, needsJwk: bool, kid: Opt[Kid]
+  ): Future[ACMERequestHeader] {.async: (raises: [ACMEError, CancelledError]).} =
+    if not needsJwk and kid.isNone():
+      raise newException(ACMEError, "kid not set")
+
+    if key.pubkey.scheme != PKScheme.RSA or key.seckey.scheme != PKScheme.RSA:
+      raise newException(ACMEError, "Unsupported signing key type")
+
+    let newNonce = await self.requestNonce()
+    if needsJwk:
+      let pubkey = key.pubkey.rsakey
+      let nArray = @(getArray(pubkey.buffer, pubkey.key.n, pubkey.key.nlen))
+      let eArray = @(getArray(pubkey.buffer, pubkey.key.e, pubkey.key.elen))
+      ACMERequestHeader(
+        kind: ACMEJwkRequest,
+        alg: Alg,
+        typ: "JWT",
+        nonce: newNonce,
+        url: $uri,
+        jwk: JWK(kty: "RSA", n: base64UrlEncode(nArray), e: base64UrlEncode(eArray)),
+      )
+    else:
+      ACMERequestHeader(
+        kind: ACMEKidRequest,
+        alg: Alg,
+        typ: "JWT",
+        nonce: newNonce,
+        url: $uri,
+        kid: kid.get(),
+      )
+
+  method post*(
+      self: ACMEApi, uri: Uri, payload: string
+  ): Future[HTTPResponse] {.
+      async: (raises: [ACMEError, HttpError, CancelledError]), base
+  .} =
+    let rawResponse = await HttpClientRequestRef
+    .post(self.session, $uri, body = payload, headers = ACMEHttpHeaders)
+    .get()
+    .send()
+    let body = await rawResponse.getResponseBody()
+    HTTPResponse(body: body, headers: rawResponse.headers)
+
+  method get*(
+      self: ACMEApi, uri: Uri
+  ): Future[HTTPResponse] {.
+      async: (raises: [ACMEError, HttpError, CancelledError]), base
+  .} =
+    let rawResponse = await HttpClientRequestRef.get(self.session, $uri).get().send()
+    let body = await rawResponse.getResponseBody()
+    HTTPResponse(body: body, headers: rawResponse.headers)
+
+  proc createSignedAcmeRequest(
+      self: ACMEApi,
+      uri: Uri,
+      payload: auto,
+      key: KeyPair,
+      needsJwk: bool = false,
+      kid: Opt[Kid] = Opt.none(Kid),
+  ): Future[string] {.async: (raises: [ACMEError, CancelledError]).} =
+    if key.pubkey.scheme != PKScheme.RSA or key.seckey.scheme != PKScheme.RSA:
+      raise newException(ACMEError, "Unsupported signing key type")
+
+    let acmeHeader = await self.acmeHeader(uri, key, needsJwk, kid)
+    handleError("createSignedAcmeRequest"):
+      var token = toJWT(%*{"header": acmeHeader, "claims": payload})
+      let derPrivKey = key.seckey.rsakey.getBytes.get
+      let pemPrivKey: string = pemEncode(derPrivKey, "PRIVATE KEY")
+      token.sign(pemPrivKey)
+      $token.toFlattenedJson()
+
+  proc requestRegister*(
+      self: ACMEApi, key: KeyPair
+  ): Future[ACMERegisterResponse] {.async: (raises: [ACMEError, CancelledError]).} =
+    let registerRequest = ACMERegisterRequest(termsOfServiceAgreed: true)
+    handleError("acmeRegister"):
+      let payload = await self.createSignedAcmeRequest(
+        parseUri((await self.getDirectory()).newAccount),
+        registerRequest,
+        key,
+        needsJwk = true,
+      )
+      let acmeResponse =
+        await self.post(parseUri((await self.getDirectory()).newAccount), payload)
+      let acmeResponseBody = acmeResponse.body.to(ACMERegisterResponseBody)
+
+      ACMERegisterResponse(
+        status: acmeResponseBody.status,
+        kid: acmeResponse.headers.keyOrError("location"),
+      )
+
+  proc requestNewOrder*(
+      self: ACMEApi, domains: seq[Domain], key: KeyPair, kid: Kid
+  ): Future[ACMEChallengeResponse] {.async: (raises: [ACMEError, CancelledError]).} =
+    # request challenge from ACME server
+    let orderRequest = ACMEChallengeRequest(
+      identifiers: domains.mapIt(ACMEChallengeIdentifier(`type`: "dns", value: it))
+    )
+    handleError("requestNewOrder"):
+      let payload = await self.createSignedAcmeRequest(
+        parseUri((await self.getDirectory()).newOrder),
+        orderRequest,
+        key,
+        kid = Opt.some(kid),
+      )
+      let acmeResponse =
+        await self.post(parseUri((await self.getDirectory()).newOrder), payload)
+      let challengeResponseBody = acmeResponse.body.to(ACMEChallengeResponseBody)
+      if challengeResponseBody.authorizations.len == 0:
+        raise newException(ACMEError, "Authorizations field is empty")
+      ACMEChallengeResponse(
+        status: challengeResponseBody.status,
+        authorizations: challengeResponseBody.authorizations,
+        finalize: challengeResponseBody.finalize,
+        order: acmeResponse.headers.keyOrError("location"),
+      )
+
+  proc requestAuthorizations*(
+      self: ACMEApi, authorizations: seq[Authorization], key: KeyPair, kid: Kid
+  ): Future[ACMEAuthorizationsResponse] {.async: (raises: [ACMEError, CancelledError]).} =
+    handleError("requestAuthorizations"):
+      doAssert authorizations.len > 0
+      let acmeResponse = await self.get(parseUri(authorizations[0]))
+      acmeResponse.body.to(ACMEAuthorizationsResponse)
+
+  proc requestChallenge*(
+      self: ACMEApi, domains: seq[Domain], key: KeyPair, kid: Kid
+  ): Future[ACMEChallengeResponseWrapper] {.
+      async: (raises: [ACMEError, CancelledError])
+  .} =
+    let orderResponse = await self.requestNewOrder(domains, key, kid)
+    if orderResponse.status != ACMEOrderStatus.PENDING and
+        orderResponse.status != ACMEOrderStatus.READY:
+      # ready is a valid status when renewing certs before expiry
+      raise
+        newException(ACMEError, "Invalid new order status: " & $orderResponse.status)
+
+    let authorizationsResponse =
+      await self.requestAuthorizations(orderResponse.authorizations, key, kid)
+    if authorizationsResponse.challenges.len == 0:
+      raise newException(ACMEError, "No challenges received")
+
+    return ACMEChallengeResponseWrapper(
+      finalize: orderResponse.finalize,
+      order: orderResponse.order,
+      dns01: authorizationsResponse.challenges.filterIt(
+        it.`type` == ACMEChallengeType.DNS01
+      )[0],
+        # getting the first element is safe since we checked that authorizationsResponse.challenges.len != 0
+    )
+
+  proc requestCheck*(
+      self: ACMEApi, checkURL: Uri, checkKind: ACMECheckKind, key: KeyPair, kid: Kid
+  ): Future[ACMECheckResponse] {.async: (raises: [ACMEError, CancelledError]).} =
+    handleError("requestCheck"):
+      let acmeResponse = await self.get(checkURL)
+      let retryAfter =
+        try:
+          parseInt(acmeResponse.headers.keyOrError("Retry-After")).seconds
+        except ValueError:
+          DefaultChalCompletedRetryTime
+
+      case checkKind
+      of ACMEOrderCheck:
+        try:
+          ACMECheckResponse(
+            kind: checkKind,
+            orderStatus: parseEnum[ACMEOrderStatus](acmeResponse.body["status"].getStr),
+            retryAfter: retryAfter,
+          )
+        except ValueError:
+          raise newException(
+            ACMEError, "Invalid order status: " & acmeResponse.body["status"].getStr
+          )
+      of ACMEChallengeCheck:
+        try:
+          ACMECheckResponse(
+            kind: checkKind,
+            chalStatus:
+              parseEnum[ACMEChallengeStatus](acmeResponse.body["status"].getStr),
+            retryAfter: retryAfter,
+          )
+        except ValueError:
+          raise newException(
+            ACMEError, "Invalid order status: " & acmeResponse.body["status"].getStr
+          )
+
+  proc sendChallengeCompleted*(
+      self: ACMEApi, chalURL: Uri, key: KeyPair, kid: Kid
+  ): Future[ACMECompletedResponse] {.async: (raises: [ACMEError, CancelledError]).} =
+    handleError("sendChallengeCompleted"):
+      let payload =
+        await self.createSignedAcmeRequest(chalURL, %*{}, key, kid = Opt.some(kid))
+      let acmeResponse = await self.post(chalURL, payload)
+      acmeResponse.body.to(ACMECompletedResponse)
+
+  proc checkChallengeCompleted*(
+      self: ACMEApi,
+      checkURL: Uri,
+      key: KeyPair,
+      kid: Kid,
+      retries: int = DefaultChalCompletedRetries,
+  ): Future[bool] {.async: (raises: [ACMEError, CancelledError]).} =
+    for i in 0 .. retries:
+      let checkResponse =
+        await self.requestCheck(checkURL, ACMEChallengeCheck, key, kid)
+      case checkResponse.chalStatus
+      of ACMEChallengeStatus.PENDING:
+        await sleepAsync(checkResponse.retryAfter) # try again after some delay
+      of ACMEChallengeStatus.VALID:
+        return true
+      else:
+        raise newException(
+          ACMEError,
+          "Failed challenge completion: expected 'valid', got '" &
+            $checkResponse.chalStatus & "'",
+        )
+    return false
+
+  proc completeChallenge*(
+      self: ACMEApi,
+      chalURL: Uri,
+      key: KeyPair,
+      kid: Kid,
+      retries: int = DefaultChalCompletedRetries,
+  ): Future[bool] {.async: (raises: [ACMEError, CancelledError]).} =
+    let completedResponse = await self.sendChallengeCompleted(chalURL, key, kid)
+    # check until acme server is done (poll validation)
+    return await self.checkChallengeCompleted(chalURL, key, kid, retries = retries)
+
+  proc requestFinalize*(
+      self: ACMEApi,
+      domain: Domain,
+      finalize: Uri,
+      certKeyPair: KeyPair,
+      key: KeyPair,
+      kid: Kid,
+  ): Future[ACMEFinalizeResponse] {.async: (raises: [ACMEError, CancelledError]).} =
+    handleError("requestFinalize"):
+      let payload = await self.createSignedAcmeRequest(
+        finalize, %*{"csr": createCSR(domain, certKeyPair)}, key, kid = Opt.some(kid)
+      )
+      let acmeResponse = await self.post(finalize, payload)
+      # server responds with updated order response
+      acmeResponse.body.to(ACMEFinalizeResponse)
+
+  proc checkCertFinalized*(
+      self: ACMEApi,
+      order: Uri,
+      key: KeyPair,
+      kid: Kid,
+      retries: int = DefaultChalCompletedRetries,
+  ): Future[bool] {.async: (raises: [ACMEError, CancelledError]).} =
+    for i in 0 .. retries:
+      let checkResponse = await self.requestCheck(order, ACMEOrderCheck, key, kid)
+      case checkResponse.orderStatus
+      of ACMEOrderStatus.VALID:
+        return true
+      of ACMEOrderStatus.PROCESSING:
+        await sleepAsync(checkResponse.retryAfter) # try again after some delay
+      else:
+        error "Failed certificate finalization",
+          description = "expected 'valid', got '" & $checkResponse.orderStatus & "'"
+        return false # do not try again
+
+    return false
+
+  proc certificateFinalized*(
+      self: ACMEApi,
+      domain: Domain,
+      finalize: Uri,
+      order: Uri,
+      certKeyPair: KeyPair,
+      key: KeyPair,
+      kid: Kid,
+      retries: int = DefaultFinalizeRetries,
+  ): Future[bool] {.async: (raises: [ACMEError, CancelledError]).} =
+    let finalizeResponse =
+      await self.requestFinalize(domain, finalize, certKeyPair, key, kid)
+    # keep checking order until cert is valid (done)
+    return await self.checkCertFinalized(order, key, kid, retries = retries)
+
+  proc requestGetOrder*(
+      self: ACMEApi, order: Uri
+  ): Future[ACMEOrderResponse] {.async: (raises: [ACMEError, CancelledError]).} =
+    handleError("requestGetOrder"):
+      let acmeResponse = await self.get(order)
+      acmeResponse.body.to(ACMEOrderResponse)
+
+  proc downloadCertificate*(
+      self: ACMEApi, order: Uri
+  ): Future[ACMECertificateResponse] {.async: (raises: [ACMEError, CancelledError]).} =
+    let orderResponse = await self.requestGetOrder(order)
+
+    handleError("downloadCertificate"):
+      let rawResponse = await HttpClientRequestRef
+      .get(self.session, orderResponse.certificate)
+      .get()
+      .send()
+      ACMECertificateResponse(
+        rawCertificate: bytesToString(await rawResponse.getBodyBytes()),
+        certificateExpiry: parse(orderResponse.expires, "yyyy-MM-dd'T'HH:mm:ss'Z'"),
+      )
+
+  proc close*(self: ACMEApi) {.async: (raises: [CancelledError]).} =
+    await self.session.closeWait()
+
+else:
+  {.hint: "autotls disabled. Use -d:libp2p_autotls_support".}

libp2p/autotls/acme/client.nim

@@ -0,0 +1,98 @@
+# Nim-Libp2p
+# Copyright (c) 2025 Status Research & Development GmbH
+# Licensed under either of
+#  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
+#  * MIT license ([LICENSE-MIT](LICENSE-MIT))
+# at your option.
+# This file may not be copied, modified, or distributed except according to
+# those terms.
+
+{.push raises: [].}
+
+import chronicles
+import ../../crypto/crypto
+import ./api
+
+export api
+
+type KeyAuthorization* = string
+
+type ACMEClient* = ref object
+  api: ACMEApi
+  key*: KeyPair
+  kid*: Kid
+
+logScope:
+  topics = "libp2p acme client"
+
+when defined(libp2p_autotls_support):
+  import uri
+  import chronos, results, stew/byteutils
+  import ../../crypto/rsa
+  import ./utils
+
+  proc new*(
+      T: typedesc[ACMEClient],
+      rng: ref HmacDrbgContext = newRng(),
+      api: ACMEApi = ACMEApi.new(acmeServerURL = parseUri(LetsEncryptURL)),
+      key: Opt[KeyPair] = Opt.none(KeyPair),
+      kid: Kid = Kid(""),
+  ): T {.raises: [].} =
+    let key = key.valueOr:
+      KeyPair.random(PKScheme.RSA, rng[]).get()
+    T(api: api, key: key, kid: kid)
+
+  proc getOrInitKid*(
+      self: ACMEClient
+  ): Future[Kid] {.async: (raises: [ACMEError, CancelledError]).} =
+    if self.kid.len == 0:
+      let registerResponse = await self.api.requestRegister(self.key)
+      self.kid = registerResponse.kid
+    return self.kid
+
+  proc genKeyAuthorization*(self: ACMEClient, token: string): KeyAuthorization =
+    base64UrlEncode(@(sha256.digest((token & "." & thumbprint(self.key)).toBytes).data))
+
+  proc getChallenge*(
+      self: ACMEClient, domains: seq[api.Domain]
+  ): Future[ACMEChallengeResponseWrapper] {.
+      async: (raises: [ACMEError, CancelledError])
+  .} =
+    await self.api.requestChallenge(domains, self.key, await self.getOrInitKid())
+
+  proc getCertificate*(
+      self: ACMEClient,
+      domain: api.Domain,
+      certKeyPair: KeyPair,
+      challenge: ACMEChallengeResponseWrapper,
+  ): Future[ACMECertificateResponse] {.async: (raises: [ACMEError, CancelledError]).} =
+    let chalURL = parseUri(challenge.dns01.url)
+    let orderURL = parseUri(challenge.order)
+    let finalizeURL = parseUri(challenge.finalize)
+    trace "Sending challenge completed notification"
+    discard await self.api.sendChallengeCompleted(
+      chalURL, self.key, await self.getOrInitKid()
+    )
+
+    trace "Checking for completed challenge"
+    let completed = await self.api.checkChallengeCompleted(
+      chalURL, self.key, await self.getOrInitKid()
+    )
+    if not completed:
+      raise newException(
+        ACMEError, "Failed to signal ACME server about challenge completion"
+      )
+
+    trace "Waiting for certificate to be finalized"
+    let finalized = await self.api.certificateFinalized(
+      domain, finalizeURL, orderURL, certKeyPair, self.key, await self.getOrInitKid()
+    )
+    if not finalized:
+      raise
+        newException(ACMEError, "Failed to finalize certificate for domain " & domain)
+
+    trace "Downloading certificate"
+    await self.api.downloadCertificate(orderURL)
+
+  proc close*(self: ACMEClient) {.async: (raises: [CancelledError]).} =
+    await self.api.close()

libp2p/autotls/acme/mockapi.nim

@@ -0,0 +1,40 @@
+import uri
+import chronos, chronos/apps/http/httpclient, json
+import ./api, ./utils
+
+export api
+
+type MockACMEApi* = ref object of ACMEApi
+  mockedResponses*: seq[HTTPResponse]
+
+proc new*(
+    T: typedesc[MockACMEApi]
+): Future[T] {.async: (raises: [ACMEError, CancelledError]).} =
+  let directory = ACMEDirectory(
+    newNonce: LetsEncryptURL & "/new-nonce",
+    newOrder: LetsEncryptURL & "/new-order",
+    newAccount: LetsEncryptURL & "/new-account",
+  )
+  MockACMEApi(
+    session: HttpSessionRef.new(),
+    directory: Opt.some(directory),
+    acmeServerURL: parseUri(LetsEncryptURL),
+  )
+
+when defined(libp2p_autotls_support):
+  method requestNonce*(
+      self: MockACMEApi
+  ): Future[Nonce] {.async: (raises: [ACMEError, CancelledError]).} =
+    return $self.acmeServerURL & "/acme/1234"
+
+  method post*(
+      self: MockACMEApi, uri: Uri, payload: string
+  ): Future[HTTPResponse] {.async: (raises: [ACMEError, HttpError, CancelledError]).} =
+    result = self.mockedResponses[0]
+    self.mockedResponses.delete(0)
+
+  method get*(
+      self: MockACMEApi, uri: Uri
+  ): Future[HTTPResponse] {.async: (raises: [ACMEError, HttpError, CancelledError]).} =
+    result = self.mockedResponses[0]
+    self.mockedResponses.delete(0)

libp2p/autotls/acme/utils.nim

@@ -0,0 +1,73 @@
+import ../../errors
+
+type ACMEError* = object of LPError
+
+when defined(libp2p_autotls_support):
+  import base64, strutils, chronos/apps/http/httpclient, json
+  import ../../transports/tls/certificate_ffi
+  import ../../transports/tls/certificate
+  import ../../crypto/crypto
+  import ../../crypto/rsa
+
+  proc keyOrError*(table: HttpTable, key: string): string {.raises: [ValueError].} =
+    if not table.contains(key):
+      raise newException(ValueError, "key " & key & " not present in headers")
+    table.getString(key)
+
+  proc base64UrlEncode*(data: seq[byte]): string =
+    ## Encodes data using base64url (RFC 4648 §5) — no padding, URL-safe
+    var encoded = base64.encode(data, safe = true)
+    encoded.removeSuffix("=")
+    encoded.removeSuffix("=")
+    return encoded
+
+  proc thumbprint*(key: KeyPair): string =
+    doAssert key.seckey.scheme == PKScheme.RSA, "unsupported keytype"
+    let pubkey = key.pubkey.rsakey
+    let nArray = @(getArray(pubkey.buffer, pubkey.key.n, pubkey.key.nlen))
+    let eArray = @(getArray(pubkey.buffer, pubkey.key.e, pubkey.key.elen))
+
+    let n = base64UrlEncode(nArray)
+    let e = base64UrlEncode(eArray)
+    let keyJson = %*{"e": e, "kty": "RSA", "n": n}
+    let digest = sha256.digest($keyJson)
+    return base64UrlEncode(@(digest.data))
+
+  proc getResponseBody*(
+      response: HttpClientResponseRef
+  ): Future[JsonNode] {.async: (raises: [ACMEError, CancelledError]).} =
+    try:
+      let bodyBytes = await response.getBodyBytes()
+      if bodyBytes.len > 0:
+        return bytesToString(bodyBytes).parseJson()
+      return %*{} # empty body
+    except CancelledError as exc:
+      raise exc
+    except CatchableError as exc:
+      raise newException(
+        ACMEError, "Unexpected error occurred while getting body bytes", exc
+      )
+    except Exception as exc: # this is required for nim 1.6
+      raise newException(
+        ACMEError, "Unexpected error occurred while getting body bytes", exc
+      )
+
+  proc createCSR*(
+      domain: string, certKeyPair: KeyPair
+  ): string {.raises: [ACMEError].} =
+    var certKey: cert_key_t
+    var certCtx: cert_context_t
+    var derCSR: ptr cert_buffer = nil
+
+    # convert KeyPair to cert_key_t
+    let rawSeckey: seq[byte] = certKeyPair.seckey.getRawBytes.valueOr:
+      raise newException(ACMEError, "Failed to get seckey raw bytes (DER)")
+    let seckeyBuffer = rawSeckey.toCertBuffer()
+    if cert_new_key_t(seckeyBuffer.unsafeAddr, certKey.addr) != CERT_SUCCESS:
+      raise newException(ACMEError, "Failed to convert key pair to cert_key_t")
+
+    # create CSR
+    if cert_signing_req(domain.cstring, certKey, derCSR.addr) != CERT_SUCCESS:
+      raise newException(ACMEError, "Failed to create CSR")
+
+    base64.encode(derCSR.toSeq, safe = true)

libp2p/autotls/mockservice.nim

@@ -0,0 +1,33 @@
+when defined(libp2p_autotls_support):
+  import ./service, ./acme/client, ../peeridauth/client
+
+  import ../crypto/crypto, ../crypto/rsa, websock/websock
+
+  type MockAutotlsService* = ref object of AutotlsService
+    mockedCert*: TLSCertificate
+    mockedKey*: TLSPrivateKey
+
+  proc new*(
+      T: typedesc[MockAutotlsService],
+      rng: ref HmacDrbgContext = newRng(),
+      config: AutotlsConfig = AutotlsConfig.new(),
+  ): T =
+    T(
+      acmeClient:
+        ACMEClient.new(api = ACMEApi.new(acmeServerURL = config.acmeServerURL)),
+      brokerClient: PeerIDAuthClient.new(),
+      bearer: Opt.none(BearerToken),
+      cert: Opt.none(AutotlsCert),
+      certReady: newAsyncEvent(),
+      running: newAsyncEvent(),
+      config: config,
+      rng: rng,
+    )
+
+  method getCertWhenReady*(
+      self: MockAutotlsService
+  ): Future[AutotlsCert] {.async: (raises: [AutoTLSError, CancelledError]).} =
+    AutotlsCert.new(self.mockedCert, self.mockedKey, Moment.now)
+
+  method setup*(self: MockAutotlsService) {.base, async.} =
+    self.running.fire()

libp2p/autotls/service.nim

@@ -0,0 +1,295 @@
+# Nim-Libp2p
+# Copyright (c) 2025 Status Research & Development GmbH
+# Licensed under either of
+#  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
+#  * MIT license ([LICENSE-MIT](LICENSE-MIT))
+# at your option.
+# This file may not be copied, modified, or distributed except according to
+# those terms.
+
+{.push raises: [].}
+{.push public.}
+
+import chronos, chronicles, net, results
+import chronos/apps/http/httpclient, bearssl/rand
+
+import
+  ./acme/client,
+  ./utils,
+  ../crypto/crypto,
+  ../nameresolving/nameresolver,
+  ../peeridauth/client,
+  ../switch,
+  ../peerinfo,
+  ../wire
+
+logScope:
+  topics = "libp2p autotls"
+
+export LetsEncryptURL, AutoTLSError
+
+const
+  DefaultDnsServers* =
+    @[
+      initTAddress("1.1.1.1:53"),
+      initTAddress("1.0.0.1:53"),
+      initTAddress("[2606:4700:4700::1111]:53"),
+    ]
+  DefaultRenewCheckTime* = 1.hours
+  DefaultRenewBufferTime = 1.hours
+
+  DefaultIssueRetries = 3
+  DefaultIssueRetryTime = 1.seconds
+
+  AutoTLSBroker* = "registration.libp2p.direct"
+  AutoTLSDNSServer* = "libp2p.direct"
+  HttpOk* = 200
+  HttpCreated* = 201
+  # NoneIp is needed because nim 1.6.16 can't do proper generic inference
+  NoneIp = Opt.none(IpAddress)
+
+type SigParam = object
+  k: string
+  v: seq[byte]
+
+type AutotlsCert* = ref object
+  cert*: TLSCertificate
+  privkey*: TLSPrivateKey
+  expiry*: Moment
+
+type AutotlsConfig* = ref object
+  acmeServerURL*: Uri
+  nameResolver*: NameResolver
+  ipAddress: Opt[IpAddress]
+  renewCheckTime*: Duration
+  renewBufferTime*: Duration
+  issueRetries*: int
+  issueRetryTime*: Duration
+
+type AutotlsService* = ref object of Service
+  acmeClient*: ACMEClient
+  brokerClient*: PeerIDAuthClient
+  bearer*: Opt[BearerToken]
+  cert*: Opt[AutotlsCert]
+  certReady*: AsyncEvent
+  running*: AsyncEvent
+  config*: AutotlsConfig
+  managerFut: Future[void]
+  peerInfo: PeerInfo
+  rng*: ref HmacDrbgContext
+
+when defined(libp2p_autotls_support):
+  import json, sequtils, bearssl/pem
+
+  import
+    ../crypto/rsa,
+    ../utils/heartbeat,
+    ../transports/transport,
+    ../utils/ipaddr,
+    ../transports/tcptransport,
+    ../nameresolving/dnsresolver
+
+  proc new*(
+      T: typedesc[AutotlsCert],
+      cert: TLSCertificate,
+      privkey: TLSPrivateKey,
+      expiry: Moment,
+  ): T =
+    T(cert: cert, privkey: privkey, expiry: expiry)
+
+  method getCertWhenReady*(
+      self: AutotlsService
+  ): Future[AutotlsCert] {.base, async: (raises: [AutoTLSError, CancelledError]).} =
+    await self.certReady.wait()
+    return self.cert.get
+
+  proc new*(
+      T: typedesc[AutotlsConfig],
+      ipAddress: Opt[IpAddress] = NoneIp,
+      nameServers: seq[TransportAddress] = DefaultDnsServers,
+      acmeServerURL: Uri = parseUri(LetsEncryptURL),
+      renewCheckTime: Duration = DefaultRenewCheckTime,
+      renewBufferTime: Duration = DefaultRenewBufferTime,
+      issueRetries: int = DefaultIssueRetries,
+      issueRetryTime: Duration = DefaultIssueRetryTime,
+  ): T =
+    T(
+      nameResolver: DnsResolver.new(nameServers),
+      acmeServerURL: acmeServerURL,
+      ipAddress: ipAddress,
+      renewCheckTime: renewCheckTime,
+      renewBufferTime: renewBufferTime,
+      issueRetries: issueRetries,
+      issueRetryTime: issueRetryTime,
+    )
+
+  proc new*(
+      T: typedesc[AutotlsService],
+      rng: ref HmacDrbgContext = newRng(),
+      config: AutotlsConfig = AutotlsConfig.new(),
+  ): T =
+    T(
+      acmeClient:
+        ACMEClient.new(api = ACMEApi.new(acmeServerURL = config.acmeServerURL)),
+      brokerClient: PeerIDAuthClient.new(),
+      bearer: Opt.none(BearerToken),
+      cert: Opt.none(AutotlsCert),
+      certReady: newAsyncEvent(),
+      running: newAsyncEvent(),
+      config: config,
+      managerFut: nil,
+      peerInfo: nil,
+      rng: rng,
+    )
+
+  method setup*(
+      self: AutotlsService, switch: Switch
+  ): Future[bool] {.async: (raises: [CancelledError]).} =
+    trace "Setting up AutotlsService"
+    let hasBeenSetup = await procCall Service(self).setup(switch)
+    if hasBeenSetup:
+      if self.config.ipAddress.isNone():
+        try:
+          self.config.ipAddress = Opt.some(getPublicIPAddress())
+        except ValueError as exc:
+          error "Failed to get public IP address", err = exc.msg
+          return false
+        except OSError as exc:
+          error "Failed to get public IP address", err = exc.msg
+          return false
+      self.managerFut = self.run(switch)
+    return hasBeenSetup
+
+  method issueCertificate(
+      self: AutotlsService
+  ): Future[bool] {.
+      base, async: (raises: [AutoTLSError, ACMEError, PeerIDAuthError, CancelledError])
+  .} =
+    trace "Issuing certificate"
+
+    if self.peerInfo.isNil():
+      error "Cannot issue new certificate: peerInfo not set"
+      return false
+
+    # generate autotls domain string: "*.{peerID}.libp2p.direct"
+    let baseDomain =
+      api.Domain(encodePeerId(self.peerInfo.peerId) & "." & AutoTLSDNSServer)
+    let domain = api.Domain("*." & baseDomain)
+
+    let acmeClient = self.acmeClient
+
+    trace "Requesting ACME challenge"
+    let dns01Challenge = await acmeClient.getChallenge(@[domain])
+    trace "Generating key authorization"
+    let keyAuth = acmeClient.genKeyAuthorization(dns01Challenge.dns01.token)
+
+    let addrs = await self.peerInfo.expandAddrs()
+    if addrs.len == 0:
+      error "Unable to authenticate with broker: no addresses"
+      return false
+
+    let strMultiaddresses: seq[string] = addrs.mapIt($it)
+    let payload = %*{"value": keyAuth, "addresses": strMultiaddresses}
+    let registrationURL = parseUri("https://" & AutoTLSBroker & "/v1/_acme-challenge")
+
+    trace "Sending challenge to AutoTLS broker"
+    let (bearer, response) =
+      await self.brokerClient.send(registrationURL, self.peerInfo, payload, self.bearer)
+    if self.bearer.isNone():
+      # save bearer token for future
+      self.bearer = Opt.some(bearer)
+    if response.status != HttpOk:
+      error "Failed to authenticate with AutoTLS Broker at " & AutoTLSBroker
+      debug "Broker message",
+        body = bytesToString(response.body), peerinfo = self.peerInfo
+      return false
+
+    let dashedIpAddr = ($self.config.ipAddress.get()).replace(".", "-")
+    let acmeChalDomain = api.Domain("_acme-challenge." & baseDomain)
+    let ip4Domain = api.Domain(dashedIpAddr & "." & baseDomain)
+    debug "Waiting for DNS record to be set", ip = ip4Domain, acme = acmeChalDomain
+    let dnsSet = await checkDNSRecords(
+      self.config.nameResolver, self.config.ipAddress.get(), baseDomain, keyAuth
+    )
+    if not dnsSet:
+      error "DNS records not set"
+      return false
+
+    trace "Notifying challenge completion to ACME and downloading cert"
+    let certKeyPair = KeyPair.random(PKScheme.RSA, self.rng[]).get()
+
+    let certificate =
+      await acmeClient.getCertificate(domain, certKeyPair, dns01Challenge)
+
+    let derPrivKey = certKeyPair.seckey.rsakey.getBytes.valueOr:
+      raise newException(AutoTLSError, "Unable to get TLS private key")
+    let pemPrivKey: string = derPrivKey.pemEncode("PRIVATE KEY")
+    debug "autotls cert", pemPrivKey = pemPrivKey, cert = certificate.rawCertificate
+
+    trace "Installing certificate"
+    let newCert =
+      try:
+        AutotlsCert.new(
+          TLSCertificate.init(certificate.rawCertificate),
+          TLSPrivateKey.init(pemPrivKey),
+          asMoment(certificate.certificateExpiry),
+        )
+      except TLSStreamProtocolError:
+        error "Could not parse downloaded certificates"
+        return false
+    self.cert = Opt.some(newCert)
+    self.certReady.fire()
+    trace "Certificate installed"
+    true
+
+  proc hasTcpStarted(switch: Switch): bool =
+    switch.transports.filterIt(it of TcpTransport and it.running).len == 0
+
+  proc tryIssueCertificate(self: AutotlsService) {.async: (raises: [CancelledError]).} =
+    for _ in 0 ..< self.config.issueRetries:
+      try:
+        if await self.issueCertificate():
+          return
+      except CancelledError as exc:
+        raise exc
+      except CatchableError as exc:
+        error "Failed to issue certificate", err = exc.msg
+      await sleepAsync(self.config.issueRetryTime)
+    error "Failed to issue certificate"
+
+  method run*(
+      self: AutotlsService, switch: Switch
+  ) {.async: (raises: [CancelledError]).} =
+    trace "Starting Autotls management"
+    self.running.fire()
+    self.peerInfo = switch.peerInfo
+
+    # ensure that there's at least one TcpTransport running
+    # for communicating with autotls broker
+    if switch.hasTcpStarted():
+      error "Could not find a running TcpTransport in switch"
+      return
+
+    heartbeat "Certificate Management", self.config.renewCheckTime:
+      if self.cert.isNone():
+        await self.tryIssueCertificate()
+
+      # AutotlsService will renew the cert 1h before it expires
+      let cert = self.cert.get
+      let waitTime = cert.expiry - Moment.now - self.config.renewBufferTime
+      if waitTime <= self.config.renewBufferTime:
+        await self.tryIssueCertificate()
+
+  method stop*(
+      self: AutotlsService, switch: Switch
+  ): Future[bool] {.async: (raises: [CancelledError]).} =
+    let hasBeenStopped = await procCall Service(self).stop(switch)
+    if hasBeenStopped:
+      if not self.acmeClient.isNil():
+        await self.acmeClient.close()
+      if not self.brokerClient.isNil():
+        await self.brokerClient.close()
+      if not self.managerFut.isNil():
+        await self.managerFut.cancelAndWait()
+        self.managerFut = nil
+    return hasBeenStopped

libp2p/autotls/utils.nim

@@ -0,0 +1,82 @@
+# Nim-Libp2p
+# Copyright (c) 2025 Status Research & Development GmbH
+# Licensed under either of
+#  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
+#  * MIT license ([LICENSE-MIT](LICENSE-MIT))
+# at your option.
+# This file may not be copied, modified, or distributed except according to
+# those terms.
+{.push raises: [].}
+{.push public.}
+
+import chronos, chronicles
+import ../errors
+
+logScope:
+  topics = "libp2p utils"
+
+const
+  DefaultDnsRetries = 3
+  DefaultDnsRetryTime = 1.seconds
+
+type AutoTLSError* = object of LPError
+
+when defined(libp2p_autotls_support):
+  import strutils
+  from times import DateTime, toTime, toUnix
+  import stew/base36
+  import
+    ../peerid,
+    ../multihash,
+    ../cid,
+    ../multicodec,
+    ../nameresolving/nameresolver,
+    ./acme/client
+
+  proc asMoment*(dt: DateTime): Moment =
+    let unixTime: int64 = dt.toTime.toUnix
+    return Moment.init(unixTime, Second)
+
+  proc encodePeerId*(peerId: PeerId): string {.raises: [AutoTLSError].} =
+    var mh: MultiHash
+    let decodeResult = MultiHash.decode(peerId.data, mh)
+    if decodeResult.isErr() or decodeResult.get() == -1:
+      raise
+        newException(AutoTLSError, "Failed to decode PeerId: invalid multihash format")
+
+    let cidResult = Cid.init(CIDv1, multiCodec("libp2p-key"), mh)
+    if cidResult.isErr():
+      raise newException(AutoTLSError, "Failed to initialize CID from multihash")
+
+    return Base36.encode(cidResult.get().data.buffer)
+
+  proc checkDNSRecords*(
+      nameResolver: NameResolver,
+      ipAddress: IpAddress,
+      baseDomain: api.Domain,
+      keyAuth: KeyAuthorization,
+      retries: int = DefaultDnsRetries,
+  ): Future[bool] {.async: (raises: [AutoTLSError, CancelledError]).} =
+    # if my ip address is 100.10.10.3 then the ip4Domain will be:
+    #     100-10-10-3.{peerIdBase36}.libp2p.direct
+    # and acme challenge TXT domain will be:
+    #     _acme-challenge.{peerIdBase36}.libp2p.direct
+    let dashedIpAddr = ($ipAddress).replace(".", "-")
+    let acmeChalDomain = api.Domain("_acme-challenge." & baseDomain)
+    let ip4Domain = api.Domain(dashedIpAddr & "." & baseDomain)
+
+    var txt: seq[string]
+    var ip4: seq[TransportAddress]
+    for _ in 0 .. retries:
+      txt = await nameResolver.resolveTxt(acmeChalDomain)
+      try:
+        ip4 = await nameResolver.resolveIp(ip4Domain, 0.Port)
+      except CancelledError as exc:
+        raise exc
+      except CatchableError as exc:
+        error "Failed to resolve IP", description = exc.msg # retry
+    if txt.len > 0 and txt[0] == keyAuth and ip4.len > 0:
+      return true
+    await sleepAsync(DefaultDnsRetryTime)
+
+    return false

libp2p/builders.nim

@@ -1,5 +1,5 @@
 # Nim-Libp2p
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -9,45 +9,68 @@
 
 ## This module contains a Switch Building helper.
 runnableExamples:
-  let switch =
-   SwitchBuilder.new()
-   .withRng(rng)
-   .withAddresses(multiaddress)
-   # etc
-   .build()
+  let switch = SwitchBuilder.new().withRng(rng).withAddresses(multiaddress)
+    # etc
+    .build()
 
-when (NimMajor, NimMinor) < (1, 4):
-  {.push raises: [Defect].}
-else:
-  {.push raises: [].}
+{.push raises: [].}
 
+import options, tables, chronos, chronicles, sequtils
 import
-  options, tables, chronos, chronicles, sequtils,
-  switch, peerid, peerinfo, stream/connection, multiaddress,
-  crypto/crypto, transports/[transport, tcptransport],
+  switch,
+  peerid,
+  peerinfo,
+  stream/connection,
+  multiaddress,
+  crypto/crypto,
+  transports/[transport, tcptransport, wstransport, memorytransport],
   muxers/[muxer, mplex/mplex, yamux/yamux],
   protocols/[identify, secure/secure, secure/noise, rendezvous],
-  protocols/connectivity/[autonat, relay/relay, relay/client, relay/rtransport],
-  connmanager, upgrademngrs/muxedupgrade,
+  protocols/connectivity/[
+    autonat/server,
+    autonatv2/server,
+    autonatv2/service,
+    autonatv2/client,
+    relay/relay,
+    relay/client,
+    relay/rtransport,
+  ],
+  connmanager,
+  upgrademngrs/muxedupgrade,
+  observedaddrmanager,
+  autotls/service,
   nameresolving/nameresolver,
-  errors, utility
+  errors,
+  utility
+import services/wildcardresolverservice
 
 export
-  switch, peerid, peerinfo, connection, multiaddress, crypto, errors
+  switch, peerid, peerinfo, connection, multiaddress, crypto, errors, TLSPrivateKey,
+  TLSCertificate, TLSFlags, ServerFlags
+
+const MemoryAutoAddress* = memorytransport.MemoryAutoAddress
 
 type
-  TransportProvider* {.public.} = proc(upgr: Upgrade): Transport {.gcsafe, raises: [Defect].}
+  TransportProvider* {.deprecated: "Use TransportBuilder instead".} =
+    proc(upgr: Upgrade, privateKey: PrivateKey): Transport {.gcsafe, raises: [].}
+
+  TransportBuilder* {.public.} =
+    proc(config: TransportConfig): Transport {.gcsafe, raises: [].}
+
+  TransportConfig* = ref object
+    upgr*: Upgrade
+    privateKey*: PrivateKey
+    autotls*: AutotlsService
 
   SecureProtocol* {.pure.} = enum
-    Noise,
-    Secio {.deprecated.}
+    Noise
 
   SwitchBuilder* = ref object
     privKey: Option[PrivateKey]
     addresses: seq[MultiAddress]
     secureManagers: seq[SecureProtocol]
     muxers: seq[MuxerProvider]
-    transports: seq[TransportProvider]
+    transports: seq[TransportBuilder]
     rng: ref HmacDrbgContext
     maxConnections: int
     maxIn: int
@@ -57,17 +80,23 @@ type
     protoVersion: string
     agentVersion: string
     nameResolver: NameResolver
-    peerStoreCapacity: Option[int]
+    peerStoreCapacity: Opt[int]
     autonat: bool
+    autonatV2ServerConfig: Opt[AutonatV2Config]
+    autonatV2Client: AutonatV2Client
+    autonatV2ServiceConfig: AutonatV2ServiceConfig
+    autotls: AutotlsService
     circuitRelay: Relay
     rdv: RendezVous
+    services: seq[Service]
+    observedAddrManager: ObservedAddrManager
+    enableWildcardResolver: bool
 
 proc new*(T: type[SwitchBuilder]): T {.public.} =
   ## Creates a SwitchBuilder
 
-  let address = MultiAddress
-  .init("/ip4/127.0.0.1/tcp/0")
-  .expect("Should initialize to default")
+  let address =
+    MultiAddress.init("/ip4/127.0.0.1/tcp/0").expect("Should initialize to default")
 
   SwitchBuilder(
     privKey: none(PrivateKey),
@@ -78,53 +107,59 @@ proc new*(T: type[SwitchBuilder]): T {.public.} =
     maxOut: -1,
     maxConnsPerPeer: MaxConnectionsPerPeer,
     protoVersion: ProtoVersion,
-    agentVersion: AgentVersion)
+    agentVersion: AgentVersion,
+    enableWildcardResolver: true,
+  )
 
-proc withPrivateKey*(b: SwitchBuilder, privateKey: PrivateKey): SwitchBuilder {.public.} =
+proc withPrivateKey*(
+    b: SwitchBuilder, privateKey: PrivateKey
+): SwitchBuilder {.public.} =
   ## Set the private key of the switch. Will be used to
   ## generate a PeerId
 
   b.privKey = some(privateKey)
   b
 
-proc withAddress*(b: SwitchBuilder, address: MultiAddress): SwitchBuilder {.public.} =
-  ## | Set the listening address of the switch
-  ## | Calling it multiple time will override the value
-
-  b.addresses = @[address]
-  b
-
-proc withAddresses*(b: SwitchBuilder, addresses: seq[MultiAddress]): SwitchBuilder {.public.} =
+proc withAddresses*(
+    b: SwitchBuilder, addresses: seq[MultiAddress], enableWildcardResolver: bool = true
+): SwitchBuilder {.public.} =
   ## | Set the listening addresses of the switch
   ## | Calling it multiple time will override the value
-
   b.addresses = addresses
+  b.enableWildcardResolver = enableWildcardResolver
   b
 
+proc withAddress*(
+    b: SwitchBuilder, address: MultiAddress, enableWildcardResolver: bool = true
+): SwitchBuilder {.public.} =
+  ## | Set the listening address of the switch
+  ## | Calling it multiple time will override the value
+  b.withAddresses(@[address], enableWildcardResolver)
+
 proc withSignedPeerRecord*(b: SwitchBuilder, sendIt = true): SwitchBuilder {.public.} =
   b.sendSignedPeerRecord = sendIt
   b
 
 proc withMplex*(
-    b: SwitchBuilder,
-    inTimeout = 5.minutes,
-    outTimeout = 5.minutes,
-    maxChannCount = 200): SwitchBuilder {.public.} =
+    b: SwitchBuilder, inTimeout = 5.minutes, outTimeout = 5.minutes, maxChannCount = 200
+): SwitchBuilder {.public.} =
   ## | Uses `Mplex <https://docs.libp2p.io/concepts/stream-multiplexing/#mplex>`_ as a multiplexer
   ## | `Timeout` is the duration after which a inactive connection will be closed
   proc newMuxer(conn: Connection): Muxer =
-    Mplex.new(
-      conn,
-      inTimeout,
-      outTimeout,
-      maxChannCount)
+    Mplex.new(conn, inTimeout, outTimeout, maxChannCount)
 
   assert b.muxers.countIt(it.codec == MplexCodec) == 0, "Mplex build multiple times"
   b.muxers.add(MuxerProvider.new(newMuxer, MplexCodec))
   b
 
-proc withYamux*(b: SwitchBuilder): SwitchBuilder =
-  proc newMuxer(conn: Connection): Muxer = Yamux.new(conn)
+proc withYamux*(
+    b: SwitchBuilder,
+    windowSize: int = YamuxDefaultWindowSize,
+    inTimeout: Duration = 5.minutes,
+    outTimeout: Duration = 5.minutes,
+): SwitchBuilder =
+  proc newMuxer(conn: Connection): Muxer =
+    Yamux.new(conn, windowSize, inTimeout = inTimeout, outTimeout = outTimeout)
 
   assert b.muxers.countIt(it.codec == YamuxCodec) == 0, "Yamux build multiple times"
   b.muxers.add(MuxerProvider.new(newMuxer, YamuxCodec))
@@ -134,24 +169,81 @@ proc withNoise*(b: SwitchBuilder): SwitchBuilder {.public.} =
   b.secureManagers.add(SecureProtocol.Noise)
   b
 
-proc withTransport*(b: SwitchBuilder, prov: TransportProvider): SwitchBuilder {.public.} =
+proc withTransport*(
+    b: SwitchBuilder, prov: TransportBuilder
+): SwitchBuilder {.public.} =
   ## Use a custom transport
   runnableExamples:
-    let switch =
-      SwitchBuilder.new()
-      .withTransport(proc(upgr: Upgrade): Transport = TcpTransport.new(flags, upgr))
+    let switch = SwitchBuilder
+      .new()
+      .withTransport(
+        proc(config: TransportConfig): Transport =
+          TcpTransport.new(flags, config.upgr)
+      )
       .build()
   b.transports.add(prov)
   b
 
-proc withTcpTransport*(b: SwitchBuilder, flags: set[ServerFlags] = {}): SwitchBuilder {.public.} =
-  b.withTransport(proc(upgr: Upgrade): Transport = TcpTransport.new(flags, upgr))
+proc withTransport*(
+    b: SwitchBuilder, prov: TransportProvider
+): SwitchBuilder {.deprecated: "Use TransportBuilder instead".} =
+  ## Use a custom transport
+  runnableExamples:
+    let switch = SwitchBuilder
+      .new()
+      .withTransport(
+        proc(upgr: Upgrade, privateKey: PrivateKey): Transport =
+          TcpTransport.new(flags, upgr)
+      )
+      .build()
+  let tBuilder: TransportBuilder = proc(config: TransportConfig): Transport =
+    prov(config.upgr, config.privateKey)
+  b.withTransport(tBuilder)
+
+proc withTcpTransport*(
+    b: SwitchBuilder, flags: set[ServerFlags] = {}
+): SwitchBuilder {.public.} =
+  b.withTransport(
+    proc(config: TransportConfig): Transport =
+      TcpTransport.new(flags, config.upgr)
+  )
+
+proc withWsTransport*(
+    b: SwitchBuilder,
+    tlsPrivateKey: TLSPrivateKey = nil,
+    tlsCertificate: TLSCertificate = nil,
+    tlsFlags: set[TLSFlags] = {},
+    flags: set[ServerFlags] = {},
+): SwitchBuilder =
+  b.withTransport(
+    proc(config: TransportConfig): Transport =
+      WsTransport.new(
+        config.upgr, tlsPrivateKey, tlsCertificate, config.autotls, tlsFlags, flags
+      )
+  )
+
+when defined(libp2p_quic_support):
+  import transports/quictransport
+
+  proc withQuicTransport*(b: SwitchBuilder): SwitchBuilder {.public.} =
+    b.withTransport(
+      proc(config: TransportConfig): Transport =
+        QuicTransport.new(config.upgr, config.privateKey)
+    )
+
+proc withMemoryTransport*(b: SwitchBuilder): SwitchBuilder {.public.} =
+  b.withTransport(
+    proc(config: TransportConfig): Transport =
+      MemoryTransport.new(config.upgr)
+  )
 
 proc withRng*(b: SwitchBuilder, rng: ref HmacDrbgContext): SwitchBuilder {.public.} =
   b.rng = rng
   b
 
-proc withMaxConnections*(b: SwitchBuilder, maxConnections: int): SwitchBuilder {.public.} =
+proc withMaxConnections*(
+    b: SwitchBuilder, maxConnections: int
+): SwitchBuilder {.public.} =
   ## Maximum concurrent connections of the switch. You should either use this, or
   ## `withMaxIn <#withMaxIn,SwitchBuilder,int>`_ & `withMaxOut<#withMaxOut,SwitchBuilder,int>`_
   b.maxConnections = maxConnections
@@ -167,23 +259,31 @@ proc withMaxOut*(b: SwitchBuilder, maxOut: int): SwitchBuilder {.public.} =
   b.maxOut = maxOut
   b
 
-proc withMaxConnsPerPeer*(b: SwitchBuilder, maxConnsPerPeer: int): SwitchBuilder {.public.} =
+proc withMaxConnsPerPeer*(
+    b: SwitchBuilder, maxConnsPerPeer: int
+): SwitchBuilder {.public.} =
   b.maxConnsPerPeer = maxConnsPerPeer
   b
 
 proc withPeerStore*(b: SwitchBuilder, capacity: int): SwitchBuilder {.public.} =
-  b.peerStoreCapacity = some(capacity)
+  b.peerStoreCapacity = Opt.some(capacity)
   b
 
-proc withProtoVersion*(b: SwitchBuilder, protoVersion: string): SwitchBuilder {.public.} =
+proc withProtoVersion*(
+    b: SwitchBuilder, protoVersion: string
+): SwitchBuilder {.public.} =
   b.protoVersion = protoVersion
   b
 
-proc withAgentVersion*(b: SwitchBuilder, agentVersion: string): SwitchBuilder {.public.} =
+proc withAgentVersion*(
+    b: SwitchBuilder, agentVersion: string
+): SwitchBuilder {.public.} =
   b.agentVersion = agentVersion
   b
 
-proc withNameResolver*(b: SwitchBuilder, nameResolver: NameResolver): SwitchBuilder {.public.} =
+proc withNameResolver*(
+    b: SwitchBuilder, nameResolver: NameResolver
+): SwitchBuilder {.public.} =
   b.nameResolver = nameResolver
   b
 
@@ -191,48 +291,89 @@ proc withAutonat*(b: SwitchBuilder): SwitchBuilder =
   b.autonat = true
   b
 
+proc withAutonatV2Server*(
+    b: SwitchBuilder, config: AutonatV2Config = AutonatV2Config.new()
+): SwitchBuilder =
+  b.autonatV2ServerConfig = Opt.some(config)
+  b
+
+proc withAutonatV2*(
+    b: SwitchBuilder, serviceConfig = AutonatV2ServiceConfig.new()
+): SwitchBuilder =
+  b.autonatV2Client = AutonatV2Client.new(b.rng)
+  b.autonatV2ServiceConfig = serviceConfig
+  b
+
+when defined(libp2p_autotls_support):
+  proc withAutotls*(
+      b: SwitchBuilder, config: AutotlsConfig = AutotlsConfig.new()
+  ): SwitchBuilder {.public.} =
+    b.autotls = AutotlsService.new(config = config)
+    b
+
 proc withCircuitRelay*(b: SwitchBuilder, r: Relay = Relay.new()): SwitchBuilder =
   b.circuitRelay = r
   b
 
-proc withRendezVous*(b: SwitchBuilder, rdv: RendezVous = RendezVous.new()): SwitchBuilder =
+proc withRendezVous*(
+    b: SwitchBuilder, rdv: RendezVous = RendezVous.new()
+): SwitchBuilder =
   b.rdv = rdv
   b
 
-proc build*(b: SwitchBuilder): Switch
-  {.raises: [Defect, LPError], public.} =
+proc withServices*(b: SwitchBuilder, services: seq[Service]): SwitchBuilder =
+  b.services = services
+  b
 
+proc withObservedAddrManager*(
+    b: SwitchBuilder, observedAddrManager: ObservedAddrManager
+): SwitchBuilder =
+  b.observedAddrManager = observedAddrManager
+  b
+
+proc build*(b: SwitchBuilder): Switch {.raises: [LPError], public.} =
   if b.rng == nil: # newRng could fail
     raise newException(Defect, "Cannot initialize RNG")
 
   let pkRes = PrivateKey.random(b.rng[])
-  let
-    seckey = b.privKey.get(otherwise = pkRes.expect("Expected default Private Key"))
+  let seckey = b.privKey.get(otherwise = pkRes.expect("Expected default Private Key"))
 
-  var
-    secureManagerInstances: seq[Secure]
+  if b.secureManagers.len == 0:
+    debug "no secure managers defined. Adding noise by default"
+    b.secureManagers.add(SecureProtocol.Noise)
+
+  var secureManagerInstances: seq[Secure]
   if SecureProtocol.Noise in b.secureManagers:
     secureManagerInstances.add(Noise.new(b.rng, seckey).Secure)
 
-  let
-    peerInfo = PeerInfo.new(
-      seckey,
-      b.addresses,
-      protoVersion = b.protoVersion,
-      agentVersion = b.agentVersion)
+  let peerInfo = PeerInfo.new(
+    seckey, b.addresses, protoVersion = b.protoVersion, agentVersion = b.agentVersion
+  )
+
+  let identify =
+    if b.observedAddrManager != nil:
+      Identify.new(peerInfo, b.sendSignedPeerRecord, b.observedAddrManager)
+    else:
+      Identify.new(peerInfo, b.sendSignedPeerRecord)
 
   let
-    identify = Identify.new(peerInfo, b.sendSignedPeerRecord)
-    connManager = ConnManager.new(b.maxConnsPerPeer, b.maxConnections, b.maxIn, b.maxOut)
+    connManager =
+      ConnManager.new(b.maxConnsPerPeer, b.maxConnections, b.maxIn, b.maxOut)
     ms = MultistreamSelect.new()
-    muxedUpgrade = MuxedUpgrade.new(identify, b.muxers, secureManagerInstances, connManager, ms)
+    muxedUpgrade = MuxedUpgrade.new(b.muxers, secureManagerInstances, ms)
 
-  let
-    transports = block:
-      var transports: seq[Transport]
-      for tProvider in b.transports:
-        transports.add(tProvider(muxedUpgrade))
-      transports
+  if not b.autotls.isNil():
+    b.services.insert(b.autotls, 0)
+
+  let transports = block:
+    var transports: seq[Transport]
+    for tProvider in b.transports:
+      transports.add(
+        tProvider(
+          TransportConfig(upgr: muxedUpgrade, privateKey: seckey, autotls: b.autotls)
+        )
+      )
+    transports
 
   if b.secureManagers.len == 0:
     b.secureManagers &= SecureProtocol.Noise
@@ -240,25 +381,44 @@ proc build*(b: SwitchBuilder): Switch
   if isNil(b.rng):
     b.rng = newRng()
 
-  let peerStore =
-    if isSome(b.peerStoreCapacity):
-      PeerStore.new(b.peerStoreCapacity.get())
+  let peerStore = block:
+    b.peerStoreCapacity.withValue(capacity):
+      PeerStore.new(identify, capacity)
     else:
-      PeerStore.new()
+      PeerStore.new(identify)
+
+  if b.enableWildcardResolver:
+    b.services.insert(WildcardAddressResolverService.new(), 0)
+
+  if not isNil(b.autonatV2Client):
+    b.services.add(
+      AutonatV2Service.new(
+        b.rng, client = b.autonatV2Client, config = b.autonatV2ServiceConfig
+      )
+    )
 
   let switch = newSwitch(
     peerInfo = peerInfo,
     transports = transports,
-    identity = identify,
     secureManagers = secureManagerInstances,
     connManager = connManager,
     ms = ms,
     nameResolver = b.nameResolver,
-    peerStore = peerStore)
+    peerStore = peerStore,
+    services = b.services,
+  )
+
+  switch.mount(identify)
+
+  if not isNil(b.autonatV2Client):
+    b.autonatV2Client.setup(switch)
+    switch.mount(b.autonatV2Client)
+
+  b.autonatV2ServerConfig.withValue(config):
+    switch.mount(AutonatV2.new(switch, config = config))
 
   if b.autonat:
-    let autonat = Autonat.new(switch)
-    switch.mount(autonat)
+    switch.mount(Autonat.new(switch))
 
   if not isNil(b.circuitRelay):
     if b.circuitRelay of RelayClient:
@@ -272,46 +432,103 @@ proc build*(b: SwitchBuilder): Switch
 
   return switch
 
-proc newStandardSwitch*(
-  privKey = none(PrivateKey),
-  addrs: MultiAddress | seq[MultiAddress] = MultiAddress.init("/ip4/127.0.0.1/tcp/0").tryGet(),
-  secureManagers: openArray[SecureProtocol] = [
-      SecureProtocol.Noise,
-    ],
-  transportFlags: set[ServerFlags] = {},
-  rng = newRng(),
-  inTimeout: Duration = 5.minutes,
-  outTimeout: Duration = 5.minutes,
-  maxConnections = MaxConnections,
-  maxIn = -1,
-  maxOut = -1,
-  maxConnsPerPeer = MaxConnectionsPerPeer,
-  nameResolver: NameResolver = nil,
-  sendSignedPeerRecord = false,
-  peerStoreCapacity = 1000): Switch
-  {.raises: [Defect, LPError], public.} =
+type TransportType* {.pure.} = enum
+  QUIC
+  TCP
+  Memory
+
+proc newStandardSwitchBuilder*(
+    privKey = none(PrivateKey),
+    addrs: MultiAddress | seq[MultiAddress] = newSeq[MultiAddress](),
+    transport: TransportType = TransportType.TCP,
+    transportFlags: set[ServerFlags] = {},
+    rng = newRng(),
+    secureManagers: openArray[SecureProtocol] = [SecureProtocol.Noise],
+    inTimeout: Duration = 5.minutes,
+    outTimeout: Duration = 5.minutes,
+    maxConnections = MaxConnections,
+    maxIn = -1,
+    maxOut = -1,
+    maxConnsPerPeer = MaxConnectionsPerPeer,
+    nameResolver: NameResolver = nil,
+    sendSignedPeerRecord = false,
+    peerStoreCapacity = 1000,
+): SwitchBuilder {.raises: [LPError], public.} =
   ## Helper for common switch configurations.
-
-  if SecureProtocol.Secio in secureManagers:
-      quit("Secio is deprecated!") # use of secio is unsafe
-
-  let addrs = when addrs is MultiAddress: @[addrs] else: addrs
   var b = SwitchBuilder
     .new()
-    .withAddresses(addrs)
     .withRng(rng)
     .withSignedPeerRecord(sendSignedPeerRecord)
     .withMaxConnections(maxConnections)
     .withMaxIn(maxIn)
     .withMaxOut(maxOut)
     .withMaxConnsPerPeer(maxConnsPerPeer)
-    .withPeerStore(capacity=peerStoreCapacity)
-    .withMplex(inTimeout, outTimeout)
-    .withTcpTransport(transportFlags)
+    .withPeerStore(capacity = peerStoreCapacity)
     .withNameResolver(nameResolver)
     .withNoise()
 
-  if privKey.isSome():
-    b = b.withPrivateKey(privKey.get())
+  var addrs =
+    when addrs is MultiAddress:
+      @[addrs]
+    else:
+      addrs
 
-  b.build()
+  case transport
+  of TransportType.QUIC:
+    when defined(libp2p_quic_support):
+      if addrs.len == 0:
+        addrs = @[MultiAddress.init("/ip4/0.0.0.0/udp/0/quic-v1").tryGet()]
+      b = b.withQuicTransport().withAddresses(addrs)
+    else:
+      raiseAssert "QUIC not supported in this build"
+  of TransportType.TCP:
+    if addrs.len == 0:
+      addrs = @[MultiAddress.init("/ip4/127.0.0.1/tcp/0").tryGet()]
+    b = b.withTcpTransport(transportFlags).withAddresses(addrs).withMplex(
+        inTimeout, outTimeout
+      )
+  of TransportType.Memory:
+    if addrs.len == 0:
+      addrs = @[MultiAddress.init(MemoryAutoAddress).tryGet()]
+    b = b.withMemoryTransport().withAddresses(addrs).withMplex(inTimeout, outTimeout)
+
+  privKey.withValue(pkey):
+    b = b.withPrivateKey(pkey)
+
+  b
+
+proc newStandardSwitch*(
+    privKey = none(PrivateKey),
+    addrs: MultiAddress | seq[MultiAddress] = newSeq[MultiAddress](),
+    transport: TransportType = TransportType.TCP,
+    transportFlags: set[ServerFlags] = {},
+    rng = newRng(),
+    secureManagers: openArray[SecureProtocol] = [SecureProtocol.Noise],
+    inTimeout: Duration = 5.minutes,
+    outTimeout: Duration = 5.minutes,
+    maxConnections = MaxConnections,
+    maxIn = -1,
+    maxOut = -1,
+    maxConnsPerPeer = MaxConnectionsPerPeer,
+    nameResolver: NameResolver = nil,
+    sendSignedPeerRecord = false,
+    peerStoreCapacity = 1000,
+): Switch {.raises: [LPError], public.} =
+  newStandardSwitchBuilder(
+    privKey = privKey,
+    addrs = addrs,
+    transport = transport,
+    transportFlags = transportFlags,
+    rng = rng,
+    secureManagers = secureManagers,
+    inTimeout = inTimeout,
+    outTimeout = outTimeout,
+    maxConnections = maxConnections,
+    maxIn = maxIn,
+    maxOut = maxOut,
+    maxConnsPerPeer = maxConnsPerPeer,
+    nameResolver = nameResolver,
+    sendSignedPeerRecord = sendSignedPeerRecord,
+    peerStoreCapacity = peerStoreCapacity,
+  )
+  .build()

libp2p/cid.nim

@@ -1,5 +1,5 @@
 # Nim-LibP2P
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023-2024 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -9,23 +9,28 @@
 
 ## This module implementes CID (Content IDentifier).
 
-when (NimMajor, NimMinor) < (1, 4):
-  {.push raises: [Defect].}
-else:
-  {.push raises: [].}
+{.push raises: [].}
+{.used.}
 
 import tables, hashes
-import multibase, multicodec, multihash, vbuffer, varint
-import stew/[base58, results]
+import multibase, multicodec, multihash, vbuffer, varint, results
+import stew/base58
+import ./utils/sequninit
 
 export results
 
 type
   CidError* {.pure.} = enum
-    Error, Incorrect, Unsupported, Overrun
+    Error
+    Incorrect
+    Unsupported
+    Overrun
 
   CidVersion* = enum
-    CIDvIncorrect, CIDv0, CIDv1, CIDvReserved
+    CIDvIncorrect
+    CIDv0
+    CIDv1
+    CIDvReserved
 
   Cid* = object
     cidver*: CidVersion
@@ -33,54 +38,52 @@ type
     hpos*: int
     data*: VBuffer
 
-const
-  ContentIdsList = [
-    multiCodec("raw"),
-    multiCodec("dag-pb"),
-    multiCodec("dag-cbor"),
-    multiCodec("dag-json"),
-    multiCodec("git-raw"),
-    multiCodec("eth-block"),
-    multiCodec("eth-block-list"),
-    multiCodec("eth-tx-trie"),
-    multiCodec("eth-tx"),
-    multiCodec("eth-tx-receipt-trie"),
-    multiCodec("eth-tx-receipt"),
-    multiCodec("eth-state-trie"),
-    multiCodec("eth-account-snapshot"),
-    multiCodec("eth-storage-trie"),
-    multiCodec("bitcoin-block"),
-    multiCodec("bitcoin-tx"),
-    multiCodec("zcash-block"),
-    multiCodec("zcash-tx"),
-    multiCodec("stellar-block"),
-    multiCodec("stellar-tx"),
-    multiCodec("decred-block"),
-    multiCodec("decred-tx"),
-    multiCodec("dash-block"),
-    multiCodec("dash-tx"),
-    multiCodec("torrent-info"),
-    multiCodec("torrent-file"),
-    multiCodec("ed25519-pub")
-  ]
+const ContentIdsList = [
+  multiCodec("raw"),
+  multiCodec("dag-pb"),
+  multiCodec("dag-cbor"),
+  multiCodec("dag-json"),
+  multiCodec("libp2p-key"),
+  multiCodec("git-raw"),
+  multiCodec("eth-block"),
+  multiCodec("eth-block-list"),
+  multiCodec("eth-tx-trie"),
+  multiCodec("eth-tx"),
+  multiCodec("eth-tx-receipt-trie"),
+  multiCodec("eth-tx-receipt"),
+  multiCodec("eth-state-trie"),
+  multiCodec("eth-account-snapshot"),
+  multiCodec("eth-storage-trie"),
+  multiCodec("bitcoin-block"),
+  multiCodec("bitcoin-tx"),
+  multiCodec("zcash-block"),
+  multiCodec("zcash-tx"),
+  multiCodec("stellar-block"),
+  multiCodec("stellar-tx"),
+  multiCodec("decred-block"),
+  multiCodec("decred-tx"),
+  multiCodec("dash-block"),
+  multiCodec("dash-tx"),
+  multiCodec("torrent-info"),
+  multiCodec("torrent-file"),
+  multiCodec("ed25519-pub"),
+]
 
 proc initCidCodeTable(): Table[int, MultiCodec] {.compileTime.} =
   for item in ContentIdsList:
     result[int(item)] = item
 
-const
-  CodeContentIds = initCidCodeTable()
+const CodeContentIds = initCidCodeTable()
 
 template orError*(exp: untyped, err: untyped): untyped =
-  (exp.mapErr do (_: auto) -> auto: err)
+  exp.mapErr do(_: auto) -> auto:
+    err
 
 proc decode(data: openArray[byte]): Result[Cid, CidError] =
   if len(data) == 34 and data[0] == 0x12'u8 and data[1] == 0x20'u8:
-    ok(Cid(
-        cidver: CIDv0,
-        mcodec: multiCodec("dag-pb"),
-        hpos: 0,
-        data: initVBuffer(data)))
+    ok(
+      Cid(cidver: CIDv0, mcodec: multiCodec("dag-pb"), hpos: 0, data: initVBuffer(data))
+    )
   else:
     var version, codec: uint64
     var res, offset: int
@@ -101,21 +104,18 @@ proc decode(data: openArray[byte]): Result[Cid, CidError] =
             err(CidError.Incorrect)
           else:
             offset += res
-            var mcodec = CodeContentIds.getOrDefault(cast[int](codec),
-                                                    InvalidMultiCodec)
+            var mcodec =
+              CodeContentIds.getOrDefault(cast[int](codec), InvalidMultiCodec)
             if mcodec == InvalidMultiCodec:
               err(CidError.Incorrect)
             else:
-              if not MultiHash.validate(vb.buffer.toOpenArray(vb.offset,
-                                                              vb.buffer.high)):
+              if not MultiHash.validate(
+                vb.buffer.toOpenArray(vb.offset, vb.buffer.high)
+              ):
                 err(CidError.Incorrect)
               else:
                 vb.finish()
-                ok(Cid(
-                    cidver: CIDv1,
-                    mcodec: mcodec,
-                    hpos: offset,
-                    data: vb))
+                ok(Cid(cidver: CIDv1, mcodec: mcodec, hpos: offset, data: vb))
 
 proc decode(data: openArray[char]): Result[Cid, CidError] =
   var buffer: seq[byte]
@@ -124,7 +124,7 @@ proc decode(data: openArray[char]): Result[Cid, CidError] =
     return err(CidError.Incorrect)
   if len(data) == 46:
     if data[0] == 'Q' and data[1] == 'm':
-      buffer = newSeq[byte](BTCBase58.decodedLength(len(data)))
+      buffer = newSeqUninit[byte](BTCBase58.decodedLength(len(data)))
       if BTCBase58.decode(data, buffer, plen) != Base58Status.Success:
         return err(CidError.Incorrect)
       buffer.setLen(plen)
@@ -132,7 +132,7 @@ proc decode(data: openArray[char]): Result[Cid, CidError] =
     let length = MultiBase.decodedLength(data[0], len(data))
     if length == -1:
       return err(CidError.Incorrect)
-    buffer = newSeq[byte](length)
+    buffer = newSeqUninit[byte](length)
     if MultiBase.decode(data, buffer, plen) != MultiBaseStatus.Success:
       return err(CidError.Incorrect)
     buffer.setLen(plen)
@@ -175,7 +175,9 @@ proc mhash*(cid: Cid): Result[MultiHash, CidError] =
   if cid.cidver notin {CIDv0, CIDv1}:
     err(CidError.Incorrect)
   else:
-    MultiHash.init(cid.data.buffer.toOpenArray(cid.hpos, cid.data.high)).orError(CidError.Incorrect)
+    MultiHash.init(cid.data.buffer.toOpenArray(cid.hpos, cid.data.high)).orError(
+      CidError.Incorrect
+    )
 
 proc contentType*(cid: Cid): Result[MultiCodec, CidError] =
   ## Returns content type part of CID
@@ -188,12 +190,15 @@ proc version*(cid: Cid): CidVersion =
   ## Returns CID version
   result = cid.cidver
 
-proc init*[T: char|byte](ctype: typedesc[Cid], data: openArray[T]): Result[Cid, CidError] =
+proc init*[T: char | byte](
+    ctype: typedesc[Cid], data: openArray[T]
+): Result[Cid, CidError] =
   ## Create new content identifier using array of bytes or string ``data``.
   decode(data)
 
-proc init*(ctype: typedesc[Cid], version: CidVersion, content: MultiCodec,
-           hash: MultiHash): Result[Cid, CidError] =
+proc init*(
+    ctype: typedesc[Cid], version: CidVersion, content: MultiCodec, hash: MultiHash
+): Result[Cid, CidError] =
   ## Create new content identifier using content type ``content`` and
   ## MultiHash ``hash`` using version ``version``.
   ##
@@ -216,8 +221,7 @@ proc init*(ctype: typedesc[Cid], version: CidVersion, content: MultiCodec,
     res.data.finish()
     return ok(res)
   elif version == CIDv1:
-    let mcodec = CodeContentIds.getOrDefault(cast[int](content),
-                                             InvalidMultiCodec)
+    let mcodec = CodeContentIds.getOrDefault(cast[int](content), InvalidMultiCodec)
     if mcodec == InvalidMultiCodec:
       return err(CidError.Incorrect)
     res.mcodec = mcodec
@@ -236,11 +240,9 @@ proc `==`*(a: Cid, b: Cid): bool =
   ## are equal, ``false`` otherwise.
   if a.mcodec == b.mcodec:
     var ah, bh: MultiHash
-    if MultiHash.decode(
-      a.data.buffer.toOpenArray(a.hpos, a.data.high), ah).isErr:
+    if MultiHash.decode(a.data.buffer.toOpenArray(a.hpos, a.data.high), ah).isErr:
       return false
-    if MultiHash.decode(
-      b.data.buffer.toOpenArray(b.hpos, b.data.high), bh).isErr:
+    if MultiHash.decode(b.data.buffer.toOpenArray(b.hpos, b.data.high), bh).isErr:
       return false
     result = (ah == bh)
 
@@ -264,12 +266,6 @@ proc write*(vb: var VBuffer, cid: Cid) {.inline.} =
   ## Write CID value ``cid`` to buffer ``vb``.
   vb.writeArray(cid.data.buffer)
 
-proc encode*(mbtype: typedesc[MultiBase], encoding: string,
-             cid: Cid): string {.inline.} =
-  ## Get MultiBase encoded representation of ``cid`` using encoding
-  ## ``encoding``.
-  result = MultiBase.encode(encoding, cid.data.buffer).tryGet()
-
 proc hash*(cid: Cid): Hash {.inline.} =
   hash(cid.data.buffer)
 
@@ -279,9 +275,6 @@ proc `$`*(cid: Cid): string =
     BTCBase58.encode(cid.data.buffer)
   elif cid.cidver == CIDv1:
     let res = MultiBase.encode("base58btc", cid.data.buffer)
-    if res.isOk():
-      res.get()
-    else:
-      ""
+    res.get("")
   else:
     ""

libp2p/connmanager.nim

@@ -1,5 +1,5 @@
 # Nim-LibP2P
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -7,19 +7,11 @@
 # This file may not be copied, modified, or distributed except according to
 # those terms.
 
-when (NimMajor, NimMinor) < (1, 4):
-  {.push raises: [Defect].}
-else:
-  {.push raises: [].}
+{.push raises: [].}
 
-import std/[options, tables, sequtils, sets]
+import std/[tables, sequtils, sets]
 import pkg/[chronos, chronicles, metrics]
-import peerinfo,
-       peerstore,
-       stream/connection,
-       muxers/muxer,
-       utils/semaphore,
-       errors
+import peerinfo, peerstore, stream/connection, muxers/muxer, utils/semaphore, errors
 
 logScope:
   topics = "libp2p connmanager"
@@ -32,14 +24,16 @@ const
 
 type
   TooManyConnectionsError* = object of LPError
+  AlreadyExpectingConnectionError* = object of LPError
 
   ConnEventKind* {.pure.} = enum
-    Connected,    # A connection was made and securely upgraded - there may be
-                  # more than one concurrent connection thus more than one upgrade
-                  # event per peer.
-
-    Disconnected  # Peer disconnected - this event is fired once per upgrade
-                  # when the associated connection is terminated.
+    Connected
+      # A connection was made and securely upgraded - there may be
+      # more than one concurrent connection thus more than one upgrade
+      # event per peer.
+    Disconnected
+      # Peer disconnected - this event is fired once per upgrade
+      # when the associated connection is terminated.
 
   ConnEvent* = object
     case kind*: ConnEventKind
@@ -48,37 +42,34 @@ type
     else:
       discard
 
-  ConnEventHandler* =
-    proc(peerId: PeerId, event: ConnEvent): Future[void]
-      {.gcsafe, raises: [Defect].}
+  ConnEventHandler* = proc(peerId: PeerId, event: ConnEvent): Future[void] {.
+    gcsafe, async: (raises: [CancelledError])
+  .}
 
   PeerEventKind* {.pure.} = enum
-    Left,
-    Identified,
+    Left
     Joined
+    Identified
 
   PeerEvent* = object
     case kind*: PeerEventKind
-      of PeerEventKind.Joined:
-        initiator*: bool
-      else:
-        discard
+    of PeerEventKind.Joined, PeerEventKind.Identified:
+      initiator*: bool
+    else:
+      discard
 
-  PeerEventHandler* =
-    proc(peerId: PeerId, event: PeerEvent): Future[void] {.gcsafe, raises: [Defect].}
-
-  MuxerHolder = object
-    muxer: Muxer
-    handle: Future[void]
+  PeerEventHandler* = proc(peerId: PeerId, event: PeerEvent): Future[void] {.
+    gcsafe, async: (raises: [CancelledError])
+  .}
 
   ConnManager* = ref object of RootObj
     maxConnsPerPeer: int
     inSema*: AsyncSemaphore
     outSema*: AsyncSemaphore
-    conns: Table[PeerId, HashSet[Connection]]
-    muxed: Table[Connection, MuxerHolder]
+    muxed: Table[PeerId, seq[Muxer]]
     connEvents: array[ConnEventKind, OrderedSet[ConnEventHandler]]
     peerEvents: array[PeerEventKind, OrderedSet[PeerEventHandler]]
+    expectedConnectionsOverLimit*: Table[(PeerId, Direction), Future[Muxer]]
     peerStore*: PeerStore
 
   ConnectionSlot* = object
@@ -88,11 +79,13 @@ type
 proc newTooManyConnectionsError(): ref TooManyConnectionsError {.inline.} =
   result = newException(TooManyConnectionsError, "Too many connections")
 
-proc new*(C: type ConnManager,
-           maxConnsPerPeer = MaxConnectionsPerPeer,
-           maxConnections = MaxConnections,
-           maxIn = -1,
-           maxOut = -1): ConnManager =
+proc new*(
+    C: type ConnManager,
+    maxConnsPerPeer = MaxConnectionsPerPeer,
+    maxConnections = MaxConnections,
+    maxIn = -1,
+    maxOut = -1,
+): ConnManager =
   var inSema, outSema: AsyncSemaphore
   if maxIn > 0 or maxOut > 0:
     inSema = newAsyncSemaphore(maxIn)
@@ -103,44 +96,38 @@ proc new*(C: type ConnManager,
   else:
     raiseAssert "Invalid connection counts!"
 
-  C(maxConnsPerPeer: maxConnsPerPeer,
-    inSema: inSema,
-    outSema: outSema)
+  C(maxConnsPerPeer: maxConnsPerPeer, inSema: inSema, outSema: outSema)
 
 proc connCount*(c: ConnManager, peerId: PeerId): int =
-  c.conns.getOrDefault(peerId).len
+  c.muxed.getOrDefault(peerId).len
 
-proc addConnEventHandler*(c: ConnManager,
-                          handler: ConnEventHandler,
-                          kind: ConnEventKind) =
+proc connectedPeers*(c: ConnManager, dir: Direction): seq[PeerId] =
+  var peers = newSeq[PeerId]()
+  for peerId, mux in c.muxed:
+    if mux.anyIt(it.connection.dir == dir):
+      peers.add(peerId)
+  return peers
+
+proc getConnections*(c: ConnManager): Table[PeerId, seq[Muxer]] =
+  return c.muxed
+
+proc addConnEventHandler*(
+    c: ConnManager, handler: ConnEventHandler, kind: ConnEventKind
+) =
   ## Add peer event handler - handlers must not raise exceptions!
   ##
+  if isNil(handler):
+    return
+  c.connEvents[kind].incl(handler)
 
-  try:
-    if isNil(handler): return
-    c.connEvents[kind].incl(handler)
-  except Exception as exc:
-    # TODO: there is an Exception being raised
-    # somewhere in the depths of the std.
-    # Might be related to https://github.com/nim-lang/Nim/issues/17382
+proc removeConnEventHandler*(
+    c: ConnManager, handler: ConnEventHandler, kind: ConnEventKind
+) =
+  c.connEvents[kind].excl(handler)
 
-    raiseAssert exc.msg
-
-proc removeConnEventHandler*(c: ConnManager,
-                             handler: ConnEventHandler,
-                             kind: ConnEventKind) =
-  try:
-    c.connEvents[kind].excl(handler)
-  except Exception as exc:
-    # TODO: there is an Exception being raised
-    # somewhere in the depths of the std.
-    # Might be related to https://github.com/nim-lang/Nim/issues/17382
-
-    raiseAssert exc.msg
-
-proc triggerConnEvent*(c: ConnManager,
-                       peerId: PeerId,
-                       event: ConnEvent) {.async, gcsafe.} =
+proc triggerConnEvent*(
+    c: ConnManager, peerId: PeerId, event: ConnEvent
+) {.async: (raises: [CancelledError]).} =
   try:
     trace "About to trigger connection events", peer = peerId
     if c.connEvents[event.kind].len() > 0:
@@ -153,54 +140,32 @@ proc triggerConnEvent*(c: ConnManager,
   except CancelledError as exc:
     raise exc
   except CatchableError as exc:
-    warn "Exception in triggerConnEvents",
-      msg = exc.msg, peer = peerId, event = $event
+    warn "Exception in triggerConnEvent",
+      description = exc.msg, peer = peerId, event = $event
 
-proc addPeerEventHandler*(c: ConnManager,
-                          handler: PeerEventHandler,
-                          kind: PeerEventKind) =
+proc addPeerEventHandler*(
+    c: ConnManager, handler: PeerEventHandler, kind: PeerEventKind
+) =
   ## Add peer event handler - handlers must not raise exceptions!
   ##
 
-  if isNil(handler): return
-  try:
-    c.peerEvents[kind].incl(handler)
-  except Exception as exc:
-    # TODO: there is an Exception being raised
-    # somewhere in the depths of the std.
-    # Might be related to https://github.com/nim-lang/Nim/issues/17382
+  if isNil(handler):
+    return
+  c.peerEvents[kind].incl(handler)
 
-    raiseAssert exc.msg
-
-proc removePeerEventHandler*(c: ConnManager,
-                             handler: PeerEventHandler,
-                             kind: PeerEventKind) =
-  try:
-    c.peerEvents[kind].excl(handler)
-  except Exception as exc:
-    # TODO: there is an Exception being raised
-    # somewhere in the depths of the std.
-    # Might be related to https://github.com/nim-lang/Nim/issues/17382
-
-    raiseAssert exc.msg
-
-proc triggerPeerEvents*(c: ConnManager,
-                        peerId: PeerId,
-                        event: PeerEvent) {.async, gcsafe.} =
+proc removePeerEventHandler*(
+    c: ConnManager, handler: PeerEventHandler, kind: PeerEventKind
+) =
+  c.peerEvents[kind].excl(handler)
 
+proc triggerPeerEvents*(
+    c: ConnManager, peerId: PeerId, event: PeerEvent
+) {.async: (raises: [CancelledError]).} =
   trace "About to trigger peer events", peer = peerId
   if c.peerEvents[event.kind].len == 0:
     return
 
   try:
-    let count = c.connCount(peerId)
-    if event.kind == PeerEventKind.Joined and count != 1:
-      trace "peer already joined", peer = peerId, event = $event
-      return
-    elif event.kind == PeerEventKind.Left and count != 0:
-      trace "peer still connected or already left", peer = peerId, event = $event
-      return
-
     trace "triggering peer events", peer = peerId, event = $event
 
     var peerEvents: seq[Future[void]]
@@ -211,20 +176,29 @@ proc triggerPeerEvents*(c: ConnManager,
   except CancelledError as exc:
     raise exc
   except CatchableError as exc: # handlers should not raise!
-    warn "Exception in triggerPeerEvents", exc = exc.msg, peer = peerId
+    warn "Exception in triggerPeerEvents", description = exc.msg, peer = peerId
 
-proc contains*(c: ConnManager, conn: Connection): bool =
-  ## checks if a connection is being tracked by the
-  ## connection manager
-  ##
+proc expectConnection*(
+    c: ConnManager, p: PeerId, dir: Direction
+): Future[Muxer] {.async: (raises: [AlreadyExpectingConnectionError, CancelledError]).} =
+  ## Wait for a peer to connect to us. This will bypass the `MaxConnectionsPerPeer`
+  let key = (p, dir)
+  if key in c.expectedConnectionsOverLimit:
+    raise newException(
+      AlreadyExpectingConnectionError,
+      "Already expecting an incoming connection from that peer: " & shortLog(p),
+    )
 
-  if isNil(conn):
-    return
+  let future = Future[Muxer].Raising([CancelledError]).init()
+  c.expectedConnectionsOverLimit[key] = future
 
-  return conn in c.conns.getOrDefault(conn.peerId)
+  try:
+    return await future
+  finally:
+    c.expectedConnectionsOverLimit.del(key)
 
 proc contains*(c: ConnManager, peerId: PeerId): bool =
-  peerId in c.conns
+  peerId in c.muxed
 
 proc contains*(c: ConnManager, muxer: Muxer): bool =
   ## checks if a muxer is being tracked by the connection
@@ -232,308 +206,230 @@ proc contains*(c: ConnManager, muxer: Muxer): bool =
   ##
 
   if isNil(muxer):
-    return
+    return false
 
   let conn = muxer.connection
-  if conn notin c:
-    return
+  return muxer in c.muxed.getOrDefault(conn.peerId)
 
-  if conn notin c.muxed:
-    return
+proc closeMuxer(muxer: Muxer) {.async: (raises: [CancelledError]).} =
+  trace "Cleaning up muxer", m = muxer
 
-  return muxer == c.muxed.getOrDefault(conn).muxer
-
-proc closeMuxerHolder(muxerHolder: MuxerHolder) {.async.} =
-  trace "Cleaning up muxer", m = muxerHolder.muxer
-
-  await muxerHolder.muxer.close()
-  if not(isNil(muxerHolder.handle)):
+  await muxer.close()
+  if not (isNil(muxer.handler)):
     try:
-      await muxerHolder.handle # TODO noraises?
+      await muxer.handler
     except CatchableError as exc:
-      trace "Exception in close muxer handler", exc = exc.msg
-  trace "Cleaned up muxer", m = muxerHolder.muxer
-
-proc delConn(c: ConnManager, conn: Connection) =
-  let peerId = conn.peerId
-  c.conns.withValue(peerId, peerConns):
-    peerConns[].excl(conn)
-
-    if peerConns[].len == 0:
-      c.conns.del(peerId) # invalidates `peerConns`
-
-    libp2p_peers.set(c.conns.len.int64)
-    trace "Removed connection", conn
-
-proc cleanupConn(c: ConnManager, conn: Connection) {.async.} =
-  ## clean connection's resources such as muxers and streams
-
-  if isNil(conn):
-    trace "Wont cleanup a nil connection"
-    return
-
-  # Remove connection from all tables without async breaks
-  var muxer = some(MuxerHolder())
-  if not c.muxed.pop(conn, muxer.get()):
-    muxer = none(MuxerHolder)
-
-  delConn(c, conn)
+      trace "Exception in close muxer handler", description = exc.msg
+  trace "Cleaned up muxer", m = muxer
 
+proc muxCleanup(c: ConnManager, mux: Muxer) {.async: (raises: []).} =
   try:
-    if muxer.isSome:
-      await closeMuxerHolder(muxer.get())
-  finally:
-    await conn.close()
+    trace "Triggering disconnect events", mux
+    let peerId = mux.connection.peerId
 
-  trace "Connection cleaned up", conn
+    let muxers = c.muxed.getOrDefault(peerId).filterIt(it != mux)
+    if muxers.len > 0:
+      c.muxed[peerId] = muxers
+    else:
+      c.muxed.del(peerId)
+      libp2p_peers.set(c.muxed.len.int64)
+      await c.triggerPeerEvents(peerId, PeerEvent(kind: PeerEventKind.Left))
 
-proc onConnUpgraded(c: ConnManager, conn: Connection) {.async.} =
-  try:
-    trace "Triggering connect events", conn
-    conn.upgrade()
+      if not (c.peerStore.isNil):
+        c.peerStore.cleanup(peerId)
 
-    let peerId = conn.peerId
-    await c.triggerPeerEvents(
-      peerId, PeerEvent(kind: PeerEventKind.Joined, initiator: conn.dir == Direction.Out))
-
-    await c.triggerConnEvent(
-      peerId, ConnEvent(kind: ConnEventKind.Connected, incoming: conn.dir == Direction.In))
+    await c.triggerConnEvent(peerId, ConnEvent(kind: ConnEventKind.Disconnected))
   except CatchableError as exc:
     # This is top-level procedure which will work as separate task, so it
     # do not need to propagate CancelledError and should handle other errors
-    warn "Unexpected exception in switch peer connection cleanup",
-      conn, msg = exc.msg
+    warn "Unexpected exception peer cleanup handler", mux, description = exc.msg
 
-proc peerCleanup(c: ConnManager, conn: Connection) {.async.} =
-  try:
-    trace "Triggering disconnect events", conn
-    let peerId = conn.peerId
-    await c.triggerConnEvent(
-      peerId, ConnEvent(kind: ConnEventKind.Disconnected))
-    await c.triggerPeerEvents(peerId, PeerEvent(kind: PeerEventKind.Left))
-
-    if not(c.peerStore.isNil):
-      c.peerStore.cleanup(peerId)
-  except CatchableError as exc:
-    # This is top-level procedure which will work as separate task, so it
-    # do not need to propagate CancelledError and should handle other errors
-    warn "Unexpected exception peer cleanup handler",
-      conn, msg = exc.msg
-
-proc onClose(c: ConnManager, conn: Connection) {.async.} =
+proc onClose(c: ConnManager, mux: Muxer) {.async: (raises: []).} =
   ## connection close even handler
   ##
   ## triggers the connections resource cleanup
   ##
   try:
-    await conn.join()
-    trace "Connection closed, cleaning up", conn
-    await c.cleanupConn(conn)
-  except CancelledError:
-    # This is top-level procedure which will work as separate task, so it
-    # do not need to propagate CancelledError.
-    debug "Unexpected cancellation in connection manager's cleanup", conn
+    await mux.connection.join()
+    trace "Connection closed, cleaning up", mux
   except CatchableError as exc:
     debug "Unexpected exception in connection manager's cleanup",
-          errMsg = exc.msg, conn
+      description = exc.msg, mux
   finally:
-    trace "Triggering peerCleanup", conn
-    asyncSpawn c.peerCleanup(conn)
+    await c.muxCleanup(mux)
 
-proc selectConn*(c: ConnManager,
-                peerId: PeerId,
-                dir: Direction): Connection =
+proc selectMuxer*(c: ConnManager, peerId: PeerId, dir: Direction): Muxer =
   ## Select a connection for the provided peer and direction
   ##
-  let conns = toSeq(
-    c.conns.getOrDefault(peerId))
-    .filterIt( it.dir == dir )
+  let conns = toSeq(c.muxed.getOrDefault(peerId)).filterIt(it.connection.dir == dir)
 
   if conns.len > 0:
     return conns[0]
 
-proc selectConn*(c: ConnManager, peerId: PeerId): Connection =
+proc selectMuxer*(c: ConnManager, peerId: PeerId): Muxer =
   ## Select a connection for the provided giving priority
   ## to outgoing connections
   ##
 
-  var conn = c.selectConn(peerId, Direction.Out)
-  if isNil(conn):
-    conn = c.selectConn(peerId, Direction.In)
-  if isNil(conn):
+  var mux = c.selectMuxer(peerId, Direction.Out)
+  if isNil(mux):
+    mux = c.selectMuxer(peerId, Direction.In)
+  if isNil(mux):
     trace "connection not found", peerId
+  return mux
 
-  return conn
-
-proc selectMuxer*(c: ConnManager, conn: Connection): Muxer =
-  ## select the muxer for the provided connection
+proc storeMuxer*(c: ConnManager, muxer: Muxer) {.raises: [LPError].} =
+  ## store the connection and muxer
   ##
 
-  if isNil(conn):
-    return
+  if isNil(muxer):
+    raise newException(LPError, "muxer cannot be nil")
 
-  if conn in c.muxed:
-    return c.muxed.getOrDefault(conn).muxer
-  else:
-    debug "no muxer for connection", conn
+  if isNil(muxer.connection):
+    raise newException(LPError, "muxer's connection cannot be nil")
 
-proc storeConn*(c: ConnManager, conn: Connection)
-  {.raises: [Defect, LPError].} =
-  ## store a connection
-  ##
-
-  if isNil(conn):
-    raise newException(LPError, "Connection cannot be nil")
-
-  if conn.closed or conn.atEof:
+  if muxer.connection.closed or muxer.connection.atEof:
     raise newException(LPError, "Connection closed or EOF")
 
-  let peerId = conn.peerId
-  if c.conns.getOrDefault(peerId).len > c.maxConnsPerPeer:
-    debug "Too many connections for peer",
-      conn, conns = c.conns.getOrDefault(peerId).len
+  let
+    peerId = muxer.connection.peerId
+    dir = muxer.connection.dir
 
-    raise newTooManyConnectionsError()
+  # we use getOrDefault in the if below instead of [] to avoid the KeyError
+  if c.muxed.getOrDefault(peerId).len > c.maxConnsPerPeer:
+    let key = (peerId, dir)
+    let expectedConn = c.expectedConnectionsOverLimit.getOrDefault(key)
+    if expectedConn != nil and not expectedConn.finished:
+      expectedConn.complete(muxer)
+    else:
+      debug "Too many connections for peer",
+        conns = c.muxed.getOrDefault(peerId).len, peerId, dir
 
-  c.conns.mgetOrPut(peerId, HashSet[Connection]()).incl(conn)
-  libp2p_peers.set(c.conns.len.int64)
+      raise newTooManyConnectionsError()
 
-  # Launch on close listener
-  # All the errors are handled inside `onClose()` procedure.
-  asyncSpawn c.onClose(conn)
+  var newPeer = false
+  c.muxed.withValue(peerId, muxers):
+    doAssert muxers[].len > 0
+    doAssert muxer notin muxers[]
+    muxers[].add(muxer)
+  do:
+    c.muxed[peerId] = @[muxer]
+    newPeer = true
+  libp2p_peers.set(c.muxed.len.int64)
 
-  trace "Stored connection",
-    conn, direction = $conn.dir, connections = c.conns.len
+  asyncSpawn c.triggerConnEvent(
+    peerId, ConnEvent(kind: ConnEventKind.Connected, incoming: dir == Direction.In)
+  )
 
-proc getIncomingSlot*(c: ConnManager): Future[ConnectionSlot] {.async.} =
+  if newPeer:
+    asyncSpawn c.triggerPeerEvents(
+      peerId, PeerEvent(kind: PeerEventKind.Joined, initiator: dir == Direction.Out)
+    )
+
+  asyncSpawn c.onClose(muxer)
+
+  trace "Stored muxer", muxer, direction = $muxer.connection.dir, peers = c.muxed.len
+
+proc getIncomingSlot*(
+    c: ConnManager
+): Future[ConnectionSlot] {.async: (raises: [CancelledError]).} =
   await c.inSema.acquire()
   return ConnectionSlot(connManager: c, direction: In)
 
-proc getOutgoingSlot*(c: ConnManager, forceDial = false): Future[ConnectionSlot] {.async.} =
+proc getOutgoingSlot*(
+    c: ConnManager, forceDial = false
+): ConnectionSlot {.raises: [TooManyConnectionsError].} =
   if forceDial:
     c.outSema.forceAcquire()
   elif not c.outSema.tryAcquire():
-    trace "Too many outgoing connections!", count = c.outSema.count,
-                                            max = c.outSema.size
+    trace "Too many outgoing connections!",
+      available = c.outSema.count, max = c.outSema.size
     raise newTooManyConnectionsError()
   return ConnectionSlot(connManager: c, direction: Out)
 
+func semaphore(c: ConnManager, dir: Direction): AsyncSemaphore {.inline.} =
+  return if dir == In: c.inSema else: c.outSema
+
+proc slotsAvailable*(c: ConnManager, dir: Direction): int =
+  return semaphore(c, dir).count
+
 proc release*(cs: ConnectionSlot) =
-  if cs.direction == In:
-    cs.connManager.inSema.release()
-  else:
-    cs.connManager.outSema.release()
+  semaphore(cs.connManager, cs.direction).release()
 
 proc trackConnection*(cs: ConnectionSlot, conn: Connection) =
   if isNil(conn):
     cs.release()
     return
 
-  proc semaphoreMonitor() {.async.} =
+  proc semaphoreMonitor() {.async: (raises: [CancelledError]).} =
     try:
       await conn.join()
     except CatchableError as exc:
-      trace "Exception in semaphore monitor, ignoring", exc = exc.msg
+      trace "Exception in semaphore monitor, ignoring", description = exc.msg
 
     cs.release()
 
   asyncSpawn semaphoreMonitor()
 
-proc storeMuxer*(c: ConnManager,
-                 muxer: Muxer,
-                 handle: Future[void] = nil)
-                 {.raises: [Defect, CatchableError].} =
-  ## store the connection and muxer
+proc trackMuxer*(cs: ConnectionSlot, mux: Muxer) =
+  if isNil(mux):
+    cs.release()
+    return
+  cs.trackConnection(mux.connection)
+
+proc getStream*(
+    c: ConnManager, muxer: Muxer
+): Future[Connection] {.async: (raises: [LPStreamError, MuxerError, CancelledError]).} =
+  ## get a muxed stream for the passed muxer
   ##
 
-  if isNil(muxer):
-    raise newException(CatchableError, "muxer cannot be nil")
-
-  if isNil(muxer.connection):
-    raise newException(CatchableError, "muxer's connection cannot be nil")
-
-  if muxer.connection notin c:
-    raise newException(CatchableError, "cant add muxer for untracked connection")
-
-  c.muxed[muxer.connection] = MuxerHolder(
-    muxer: muxer,
-    handle: handle)
-
-  trace "Stored muxer",
-    muxer, handle = not handle.isNil, connections = c.conns.len
-
-  asyncSpawn c.onConnUpgraded(muxer.connection)
-
-proc getStream*(c: ConnManager,
-                peerId: PeerId,
-                dir: Direction): Future[Connection] {.async, gcsafe.} =
-  ## get a muxed stream for the provided peer
-  ## with the given direction
-  ##
-
-  let muxer = c.selectMuxer(c.selectConn(peerId, dir))
-  if not(isNil(muxer)):
+  if not (isNil(muxer)):
     return await muxer.newStream()
 
-proc getStream*(c: ConnManager,
-                peerId: PeerId): Future[Connection] {.async, gcsafe.} =
+proc getStream*(
+    c: ConnManager, peerId: PeerId
+): Future[Connection] {.async: (raises: [LPStreamError, MuxerError, CancelledError]).} =
   ## get a muxed stream for the passed peer from any connection
   ##
 
-  let muxer = c.selectMuxer(c.selectConn(peerId))
-  if not(isNil(muxer)):
-    return await muxer.newStream()
+  return await c.getStream(c.selectMuxer(peerId))
 
-proc getStream*(c: ConnManager,
-                conn: Connection): Future[Connection] {.async, gcsafe.} =
-  ## get a muxed stream for the passed connection
+proc getStream*(
+    c: ConnManager, peerId: PeerId, dir: Direction
+): Future[Connection] {.async: (raises: [LPStreamError, MuxerError, CancelledError]).} =
+  ## get a muxed stream for the passed peer from a connection with `dir`
   ##
 
-  let muxer = c.selectMuxer(conn)
-  if not(isNil(muxer)):
-    return await muxer.newStream()
+  return await c.getStream(c.selectMuxer(peerId, dir))
 
-proc dropPeer*(c: ConnManager, peerId: PeerId) {.async.} =
+proc dropPeer*(c: ConnManager, peerId: PeerId) {.async: (raises: [CancelledError]).} =
   ## drop connections and cleanup resources for peer
   ##
   trace "Dropping peer", peerId
-  let conns = c.conns.getOrDefault(peerId)
-  for conn in conns:
-    trace  "Removing connection", conn
-    delConn(c, conn)
-
-  var muxers: seq[MuxerHolder]
-  for conn in conns:
-    if conn in c.muxed:
-      muxers.add c.muxed[conn]
-      c.muxed.del(conn)
+  let muxers = c.muxed.getOrDefault(peerId)
 
   for muxer in muxers:
-    await closeMuxerHolder(muxer)
-
-  for conn in conns:
-    await conn.close()
-    trace "Dropped peer", peerId
+    await closeMuxer(muxer)
 
   trace "Peer dropped", peerId
 
-proc close*(c: ConnManager) {.async.} =
+proc close*(c: ConnManager) {.async: (raises: [CancelledError]).} =
   ## cleanup resources for the connection
   ## manager
   ##
 
   trace "Closing ConnManager"
-  let conns = c.conns
-  c.conns.clear()
-
   let muxed = c.muxed
   c.muxed.clear()
 
-  for _, muxer in muxed:
-    await closeMuxerHolder(muxer)
+  let expected = c.expectedConnectionsOverLimit
+  c.expectedConnectionsOverLimit.clear()
 
-  for _, conns2 in conns:
-    for conn in conns2:
-      await conn.close()
+  for _, fut in expected:
+    await fut.cancelAndWait()
+
+  for _, muxers in muxed:
+    for mux in muxers:
+      await closeMuxer(mux)
 
   trace "Closed ConnManager"

libp2p/crypto/chacha20poly1305.nim

@@ -1,5 +1,5 @@
 # Nim-Libp2p
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -15,14 +15,11 @@
 
 # RFC @ https://tools.ietf.org/html/rfc7539
 
-when (NimMajor, NimMinor) < (1, 4):
-  {.push raises: [Defect].}
-else:
-  {.push raises: [].}
+{.push raises: [].}
 
 import bearssl/blockx
 from stew/assign2 import assign
-from stew/ranges/ptr_arith import baseAddr
+from stew/ptrops import baseAddr
 
 const
   ChaChaPolyKeySize = 32
@@ -51,17 +48,19 @@ proc intoChaChaPolyTag*(s: openArray[byte]): ChaChaPolyTag =
 # this is reconciled at runtime
 # we do this in the global scope / module init
 
-proc encrypt*(_: type[ChaChaPoly],
-                 key: ChaChaPolyKey,
-                 nonce: ChaChaPolyNonce,
-                 tag: var ChaChaPolyTag,
-                 data: var openArray[byte],
-                 aad: openArray[byte]) =
-  let
-    ad = if aad.len > 0:
-           unsafeAddr aad[0]
-         else:
-           nil
+proc encrypt*(
+    _: type[ChaChaPoly],
+    key: ChaChaPolyKey,
+    nonce: ChaChaPolyNonce,
+    tag: var ChaChaPolyTag,
+    data: var openArray[byte],
+    aad: openArray[byte],
+) =
+  let ad =
+    if aad.len > 0:
+      unsafeAddr aad[0]
+    else:
+      nil
 
   poly1305CtmulRun(
     unsafeAddr key[0],
@@ -72,20 +71,23 @@ proc encrypt*(_: type[ChaChaPoly],
     uint(aad.len),
     baseAddr(tag),
     # cast is required to workaround https://github.com/nim-lang/Nim/issues/13905
-    cast[Chacha20Run](chacha20CtRun),
-    #[encrypt]# 1.cint)
+    cast[Chacha20Run](chacha20CtRun), #[encrypt]#
+    1.cint,
+  )
 
-proc decrypt*(_: type[ChaChaPoly],
-                 key: ChaChaPolyKey,
-                 nonce: ChaChaPolyNonce,
-                 tag: var ChaChaPolyTag,
-                 data: var openArray[byte],
-                 aad: openArray[byte]) =
-  let
-    ad = if aad.len > 0:
-          unsafeAddr aad[0]
-         else:
-           nil
+proc decrypt*(
+    _: type[ChaChaPoly],
+    key: ChaChaPolyKey,
+    nonce: ChaChaPolyNonce,
+    tag: var ChaChaPolyTag,
+    data: var openArray[byte],
+    aad: openArray[byte],
+) =
+  let ad =
+    if aad.len > 0:
+      unsafeAddr aad[0]
+    else:
+      nil
 
   poly1305CtmulRun(
     unsafeAddr key[0],
@@ -96,5 +98,6 @@ proc decrypt*(_: type[ChaChaPoly],
     uint(aad.len),
     baseAddr(tag),
     # cast is required to workaround https://github.com/nim-lang/Nim/issues/13905
-    cast[Chacha20Run](chacha20CtRun),
-    #[decrypt]# 0.cint)
+    cast[Chacha20Run](chacha20CtRun), #[decrypt]#
+    0.cint,
+  )

libp2p/crypto/crypto.nim

@@ -1,5 +1,5 @@
 # Nim-Libp2p
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -8,21 +8,18 @@
 # those terms.
 
 ## This module implements Public Key and Private Key interface for libp2p.
-when (NimMajor, NimMinor) < (1, 4):
-  {.push raises: [Defect].}
-else:
-  {.push raises: [].}
+{.push raises: [].}
 
 from strutils import split, strip, cmpIgnoreCase
+import ../utils/sequninit
 
 const libp2p_pki_schemes* {.strdefine.} = "rsa,ed25519,secp256k1,ecnist"
 
-type
-  PKScheme* = enum
-    RSA = 0,
-    Ed25519,
-    Secp256k1,
-    ECDSA
+type PKScheme* = enum
+  RSA = 0
+  Ed25519
+  Secp256k1
+  ECDSA
 
 proc initSupportedSchemes(list: static string): set[PKScheme] =
   var res: set[PKScheme]
@@ -68,17 +65,19 @@ when supported(PKScheme.Ed25519):
   import ed25519/ed25519
 when supported(PKScheme.Secp256k1):
   import secp
+when supported(PKScheme.ECDSA):
+  import ecnist
 
-# We are still importing `ecnist` because, it is used for SECIO handshake,
-# but it will be impossible to create ECNIST keys or import ECNIST keys.
+  # These used to be declared in `crypto` itself
+  export ecnist.ephemeral, ecnist.ECDHEScheme
 
-import ecnist, bearssl/rand, bearssl/hash as bhash
+import bearssl/rand, bearssl/hash as bhash
 import ../protobuf/minprotobuf, ../vbuffer, ../multihash, ../multicodec
 import nimcrypto/[rijndael, twofish, sha2, hash, hmac]
 # We use `ncrutils` for constant-time hexadecimal encoding/decoding procedures.
 import nimcrypto/utils as ncrutils
 import ../utility
-import stew/results
+import results
 export results, utility
 
 # This is workaround for Nim's `import` bug
@@ -86,11 +85,9 @@ export rijndael, twofish, sha2, hash, hmac, ncrutils, rand
 
 type
   DigestSheme* = enum
-    Sha256,
+    Sha256
     Sha512
 
-  ECDHEScheme* = EcCurveKind
-
   PublicKey* = object
     case scheme*: PKScheme
     of PKScheme.RSA:
@@ -151,15 +148,16 @@ type
     data*: seq[byte]
 
   CryptoError* = enum
-    KeyError,
-    SigError,
-    HashError,
+    KeyError
+    SigError
+    HashError
     SchemeError
 
   CryptoResult*[T] = Result[T, CryptoError]
 
 template orError*(exp: untyped, err: untyped): untyped =
-  (exp.mapErr do (_: auto) -> auto: err)
+  exp.mapErr do(_: auto) -> auto:
+    err
 
 proc newRng*(): ref HmacDrbgContext =
   # You should only create one instance of the RNG per application / library
@@ -175,13 +173,11 @@ proc newRng*(): ref HmacDrbgContext =
     return nil
   rng
 
-proc shuffle*[T](
-  rng: ref HmacDrbgContext,
-  x: var openArray[T]) =
+proc shuffle*[T](rng: ref HmacDrbgContext, x: var openArray[T]) =
+  if x.len == 0:
+    return
 
-  if x.len == 0: return
-
-  var randValues = newSeqUninitialized[byte](len(x) * 2)
+  var randValues = newSeqUninit[byte](len(x) * 2)
   hmacDrbgGenerate(rng[], randValues)
 
   for i in countdown(x.high, 1):
@@ -190,9 +186,12 @@ proc shuffle*[T](
       y = rand mod i
     swap(x[i], x[y])
 
-proc random*(T: typedesc[PrivateKey], scheme: PKScheme,
-             rng: var HmacDrbgContext,
-             bits = RsaDefaultKeySize): CryptoResult[PrivateKey] =
+proc random*(
+    T: typedesc[PrivateKey],
+    scheme: PKScheme,
+    rng: var HmacDrbgContext,
+    bits = RsaDefaultKeySize,
+): CryptoResult[PrivateKey] =
   ## Generate random private key for scheme ``scheme``.
   ##
   ## ``bits`` is number of bits for RSA key, ``bits`` value must be in
@@ -200,7 +199,7 @@ proc random*(T: typedesc[PrivateKey], scheme: PKScheme,
   case scheme
   of PKScheme.RSA:
     when supported(PKScheme.RSA):
-      let rsakey = ? RsaPrivateKey.random(rng, bits).orError(KeyError)
+      let rsakey = ?RsaPrivateKey.random(rng, bits).orError(CryptoError.KeyError)
       ok(PrivateKey(scheme: scheme, rsakey: rsakey))
     else:
       err(SchemeError)
@@ -212,7 +211,8 @@ proc random*(T: typedesc[PrivateKey], scheme: PKScheme,
       err(SchemeError)
   of PKScheme.ECDSA:
     when supported(PKScheme.ECDSA):
-      let eckey = ? ecnist.EcPrivateKey.random(Secp256r1, rng).orError(KeyError)
+      let eckey =
+        ?ecnist.EcPrivateKey.random(Secp256r1, rng).orError(CryptoError.KeyError)
       ok(PrivateKey(scheme: scheme, eckey: eckey))
     else:
       err(SchemeError)
@@ -223,8 +223,9 @@ proc random*(T: typedesc[PrivateKey], scheme: PKScheme,
     else:
       err(SchemeError)
 
-proc random*(T: typedesc[PrivateKey], rng: var HmacDrbgContext,
-             bits = RsaDefaultKeySize): CryptoResult[PrivateKey] =
+proc random*(
+    T: typedesc[PrivateKey], rng: var HmacDrbgContext, bits = RsaDefaultKeySize
+): CryptoResult[PrivateKey] =
   ## Generate random private key using default public-key cryptography scheme.
   ##
   ## Default public-key cryptography schemes are following order:
@@ -238,17 +239,21 @@ proc random*(T: typedesc[PrivateKey], rng: var HmacDrbgContext,
     let skkey = SkPrivateKey.random(rng)
     ok(PrivateKey(scheme: PKScheme.Secp256k1, skkey: skkey))
   elif supported(PKScheme.RSA):
-    let rsakey = ? RsaPrivateKey.random(rng, bits).orError(KeyError)
+    let rsakey = ?RsaPrivateKey.random(rng, bits).orError(CryptoError.KeyError)
     ok(PrivateKey(scheme: PKScheme.RSA, rsakey: rsakey))
   elif supported(PKScheme.ECDSA):
-    let eckey = ? ecnist.EcPrivateKey.random(Secp256r1, rng).orError(KeyError)
+    let eckey =
+      ?ecnist.EcPrivateKey.random(Secp256r1, rng).orError(CryptoError.KeyError)
     ok(PrivateKey(scheme: PKScheme.ECDSA, eckey: eckey))
   else:
     err(SchemeError)
 
-proc random*(T: typedesc[KeyPair], scheme: PKScheme,
-             rng: var HmacDrbgContext,
-             bits = RsaDefaultKeySize): CryptoResult[KeyPair] =
+proc random*(
+    T: typedesc[KeyPair],
+    scheme: PKScheme,
+    rng: var HmacDrbgContext,
+    bits = RsaDefaultKeySize,
+): CryptoResult[KeyPair] =
   ## Generate random key pair for scheme ``scheme``.
   ##
   ## ``bits`` is number of bits for RSA key, ``bits`` value must be in
@@ -256,39 +261,52 @@ proc random*(T: typedesc[KeyPair], scheme: PKScheme,
   case scheme
   of PKScheme.RSA:
     when supported(PKScheme.RSA):
-      let pair = ? RsaKeyPair.random(rng, bits).orError(KeyError)
-      ok(KeyPair(
-        seckey: PrivateKey(scheme: scheme, rsakey: pair.seckey),
-        pubkey: PublicKey(scheme: scheme, rsakey: pair.pubkey)))
+      let pair = ?RsaKeyPair.random(rng, bits).orError(CryptoError.KeyError)
+      ok(
+        KeyPair(
+          seckey: PrivateKey(scheme: scheme, rsakey: pair.seckey),
+          pubkey: PublicKey(scheme: scheme, rsakey: pair.pubkey),
+        )
+      )
     else:
       err(SchemeError)
   of PKScheme.Ed25519:
     when supported(PKScheme.Ed25519):
       let pair = EdKeyPair.random(rng)
-      ok(KeyPair(
-        seckey: PrivateKey(scheme: scheme, edkey: pair.seckey),
-        pubkey: PublicKey(scheme: scheme, edkey: pair.pubkey)))
+      ok(
+        KeyPair(
+          seckey: PrivateKey(scheme: scheme, edkey: pair.seckey),
+          pubkey: PublicKey(scheme: scheme, edkey: pair.pubkey),
+        )
+      )
     else:
       err(SchemeError)
   of PKScheme.ECDSA:
     when supported(PKScheme.ECDSA):
-      let pair = ? EcKeyPair.random(Secp256r1, rng).orError(KeyError)
-      ok(KeyPair(
-        seckey: PrivateKey(scheme: scheme, eckey: pair.seckey),
-        pubkey: PublicKey(scheme: scheme, eckey: pair.pubkey)))
+      let pair = ?EcKeyPair.random(Secp256r1, rng).orError(CryptoError.KeyError)
+      ok(
+        KeyPair(
+          seckey: PrivateKey(scheme: scheme, eckey: pair.seckey),
+          pubkey: PublicKey(scheme: scheme, eckey: pair.pubkey),
+        )
+      )
     else:
       err(SchemeError)
   of PKScheme.Secp256k1:
     when supported(PKScheme.Secp256k1):
       let pair = SkKeyPair.random(rng)
-      ok(KeyPair(
-        seckey: PrivateKey(scheme: scheme, skkey: pair.seckey),
-        pubkey: PublicKey(scheme: scheme, skkey: pair.pubkey)))
+      ok(
+        KeyPair(
+          seckey: PrivateKey(scheme: scheme, skkey: pair.seckey),
+          pubkey: PublicKey(scheme: scheme, skkey: pair.pubkey),
+        )
+      )
     else:
       err(SchemeError)
 
-proc random*(T: typedesc[KeyPair], rng: var HmacDrbgContext,
-             bits = RsaDefaultKeySize): CryptoResult[KeyPair] =
+proc random*(
+    T: typedesc[KeyPair], rng: var HmacDrbgContext, bits = RsaDefaultKeySize
+): CryptoResult[KeyPair] =
   ## Generate random private pair of keys using default public-key cryptography
   ## scheme.
   ##
@@ -298,24 +316,36 @@ proc random*(T: typedesc[KeyPair], rng: var HmacDrbgContext,
   ## So will be used first available (supported) method.
   when supported(PKScheme.Ed25519):
     let pair = EdKeyPair.random(rng)
-    ok(KeyPair(
-      seckey: PrivateKey(scheme: PKScheme.Ed25519, edkey: pair.seckey),
-      pubkey: PublicKey(scheme: PKScheme.Ed25519, edkey: pair.pubkey)))
+    ok(
+      KeyPair(
+        seckey: PrivateKey(scheme: PKScheme.Ed25519, edkey: pair.seckey),
+        pubkey: PublicKey(scheme: PKScheme.Ed25519, edkey: pair.pubkey),
+      )
+    )
   elif supported(PKScheme.Secp256k1):
     let pair = SkKeyPair.random(rng)
-    ok(KeyPair(
-      seckey: PrivateKey(scheme: PKScheme.Secp256k1, skkey: pair.seckey),
-      pubkey: PublicKey(scheme: PKScheme.Secp256k1, skkey: pair.pubkey)))
+    ok(
+      KeyPair(
+        seckey: PrivateKey(scheme: PKScheme.Secp256k1, skkey: pair.seckey),
+        pubkey: PublicKey(scheme: PKScheme.Secp256k1, skkey: pair.pubkey),
+      )
+    )
   elif supported(PKScheme.RSA):
-    let pair = ? RsaKeyPair.random(rng, bits).orError(KeyError)
-    ok(KeyPair(
-      seckey: PrivateKey(scheme: PKScheme.RSA, rsakey: pair.seckey),
-      pubkey: PublicKey(scheme: PKScheme.RSA, rsakey: pair.pubkey)))
+    let pair = ?RsaKeyPair.random(rng, bits).orError(KeyError)
+    ok(
+      KeyPair(
+        seckey: PrivateKey(scheme: PKScheme.RSA, rsakey: pair.seckey),
+        pubkey: PublicKey(scheme: PKScheme.RSA, rsakey: pair.pubkey),
+      )
+    )
   elif supported(PKScheme.ECDSA):
-    let pair = ? EcKeyPair.random(Secp256r1, rng).orError(KeyError)
-    ok(KeyPair(
-      seckey: PrivateKey(scheme: PKScheme.ECDSA, eckey: pair.seckey),
-      pubkey: PublicKey(scheme: PKScheme.ECDSA, eckey: pair.pubkey)))
+    let pair = ?EcKeyPair.random(Secp256r1, rng).orError(KeyError)
+    ok(
+      KeyPair(
+        seckey: PrivateKey(scheme: PKScheme.ECDSA, eckey: pair.seckey),
+        pubkey: PublicKey(scheme: PKScheme.ECDSA, eckey: pair.pubkey),
+      )
+    )
   else:
     err(SchemeError)
 
@@ -336,7 +366,7 @@ proc getPublicKey*(key: PrivateKey): CryptoResult[PublicKey] =
       err(SchemeError)
   of PKScheme.ECDSA:
     when supported(PKScheme.ECDSA):
-      let eckey = ? key.eckey.getPublicKey().orError(KeyError)
+      let eckey = ?key.eckey.getPublicKey().orError(KeyError)
       ok(PublicKey(scheme: ECDSA, eckey: eckey))
     else:
       err(SchemeError)
@@ -347,8 +377,9 @@ proc getPublicKey*(key: PrivateKey): CryptoResult[PublicKey] =
     else:
       err(SchemeError)
 
-proc toRawBytes*(key: PrivateKey | PublicKey,
-                 data: var openArray[byte]): CryptoResult[int] =
+proc toRawBytes*(
+    key: PrivateKey | PublicKey, data: var openArray[byte]
+): CryptoResult[int] =
   ## Serialize private key ``key`` (using scheme's own serialization) and store
   ## it to ``data``.
   ##
@@ -407,7 +438,7 @@ proc toBytes*(key: PrivateKey, data: var openArray[byte]): CryptoResult[int] =
   ## Returns number of bytes (octets) needed to store private key ``key``.
   var msg = initProtoBuffer()
   msg.write(1, uint64(key.scheme))
-  msg.write(2, ? key.getRawBytes())
+  msg.write(2, ?key.getRawBytes())
   msg.finish()
   var blen = len(msg.buffer)
   if len(data) >= blen:
@@ -421,7 +452,7 @@ proc toBytes*(key: PublicKey, data: var openArray[byte]): CryptoResult[int] =
   ## Returns number of bytes (octets) needed to store public key ``key``.
   var msg = initProtoBuffer()
   msg.write(1, uint64(key.scheme))
-  msg.write(2, ? key.getRawBytes())
+  msg.write(2, ?key.getRawBytes())
   msg.finish()
   var blen = len(msg.buffer)
   if len(data) >= blen and blen > 0:
@@ -441,7 +472,7 @@ proc getBytes*(key: PrivateKey): CryptoResult[seq[byte]] =
   ## serialization).
   var msg = initProtoBuffer()
   msg.write(1, uint64(key.scheme))
-  msg.write(2, ? key.getRawBytes())
+  msg.write(2, ?key.getRawBytes())
   msg.finish()
   ok(msg.buffer)
 
@@ -450,7 +481,7 @@ proc getBytes*(key: PublicKey): CryptoResult[seq[byte]] =
   ## serialization).
   var msg = initProtoBuffer()
   msg.write(1, uint64(key.scheme))
-  msg.write(2, ? key.getRawBytes())
+  msg.write(2, ?key.getRawBytes())
   msg.finish()
   ok(msg.buffer)
 
@@ -458,7 +489,7 @@ proc getBytes*(sig: Signature): seq[byte] =
   ## Return signature ``sig`` in binary form.
   result = sig.data
 
-proc init*[T: PrivateKey|PublicKey](key: var T, data: openArray[byte]): bool =
+template initImpl[T: PrivateKey | PublicKey](key: var T, data: openArray[byte]): bool =
   ## Initialize private key ``key`` from libp2p's protobuf serialized raw
   ## binary form.
   ##
@@ -471,7 +502,7 @@ proc init*[T: PrivateKey|PublicKey](key: var T, data: openArray[byte]): bool =
     var pb = initProtoBuffer(@data)
     let r1 = pb.getField(1, id)
     let r2 = pb.getField(2, buffer)
-    if not(r1.isOk() and r1.get() and r2.isOk() and r2.get()):
+    if not (r1.get(false) and r2.get(false)):
       false
     else:
       if cast[int8](id) notin SupportedSchemesInt or len(buffer) <= 0:
@@ -482,7 +513,7 @@ proc init*[T: PrivateKey|PublicKey](key: var T, data: openArray[byte]): bool =
           var nkey = PrivateKey(scheme: scheme)
         else:
           var nkey = PublicKey(scheme: scheme)
-        case scheme:
+        case scheme
         of PKScheme.RSA:
           when supported(PKScheme.RSA):
             if init(nkey.rsakey, buffer).isOk:
@@ -520,6 +551,15 @@ proc init*[T: PrivateKey|PublicKey](key: var T, data: openArray[byte]): bool =
           else:
             false
 
+{.push warning[ProveField]: off.} # https://github.com/nim-lang/Nim/issues/22060
+proc init*(key: var PrivateKey, data: openArray[byte]): bool =
+  initImpl(key, data)
+
+proc init*(key: var PublicKey, data: openArray[byte]): bool =
+  initImpl(key, data)
+
+{.pop.}
+
 proc init*(sig: var Signature, data: openArray[byte]): bool =
   ## Initialize signature ``sig`` from raw binary form.
   ##
@@ -528,7 +568,7 @@ proc init*(sig: var Signature, data: openArray[byte]): bool =
     sig.data = @data
     result = true
 
-proc init*[T: PrivateKey|PublicKey](key: var T, data: string): bool =
+proc init*[T: PrivateKey | PublicKey](key: var T, data: string): bool =
   ## Initialize private/public key ``key`` from libp2p's protobuf serialized
   ## hexadecimal string representation.
   ##
@@ -542,26 +582,23 @@ proc init*(sig: var Signature, data: string): bool =
   ## Returns ``true`` on success.
   sig.init(ncrutils.fromHex(data))
 
-proc init*(t: typedesc[PrivateKey],
-           data: openArray[byte]): CryptoResult[PrivateKey] =
+proc init*(t: typedesc[PrivateKey], data: openArray[byte]): CryptoResult[PrivateKey] =
   ## Create new private key from libp2p's protobuf serialized binary form.
   var res: t
   if not res.init(data):
-    err(KeyError)
+    err(CryptoError.KeyError)
   else:
     ok(res)
 
-proc init*(t: typedesc[PublicKey],
-           data: openArray[byte]): CryptoResult[PublicKey] =
+proc init*(t: typedesc[PublicKey], data: openArray[byte]): CryptoResult[PublicKey] =
   ## Create new public key from libp2p's protobuf serialized binary form.
   var res: t
   if not res.init(data):
-    err(KeyError)
+    err(CryptoError.KeyError)
   else:
     ok(res)
 
-proc init*(t: typedesc[Signature],
-           data: openArray[byte]): CryptoResult[Signature] =
+proc init*(t: typedesc[Signature], data: openArray[byte]): CryptoResult[Signature] =
   ## Create new public key from libp2p's protobuf serialized binary form.
   var res: t
   if not res.init(data):
@@ -577,24 +614,28 @@ proc init*(t: typedesc[PrivateKey], data: string): CryptoResult[PrivateKey] =
 when supported(PKScheme.RSA):
   proc init*(t: typedesc[PrivateKey], key: rsa.RsaPrivateKey): PrivateKey =
     PrivateKey(scheme: RSA, rsakey: key)
+
   proc init*(t: typedesc[PublicKey], key: rsa.RsaPublicKey): PublicKey =
     PublicKey(scheme: RSA, rsakey: key)
 
 when supported(PKScheme.Ed25519):
   proc init*(t: typedesc[PrivateKey], key: EdPrivateKey): PrivateKey =
     PrivateKey(scheme: Ed25519, edkey: key)
+
   proc init*(t: typedesc[PublicKey], key: EdPublicKey): PublicKey =
     PublicKey(scheme: Ed25519, edkey: key)
 
 when supported(PKScheme.Secp256k1):
   proc init*(t: typedesc[PrivateKey], key: SkPrivateKey): PrivateKey =
     PrivateKey(scheme: Secp256k1, skkey: key)
+
   proc init*(t: typedesc[PublicKey], key: SkPublicKey): PublicKey =
     PublicKey(scheme: Secp256k1, skkey: key)
 
 when supported(PKScheme.ECDSA):
   proc init*(t: typedesc[PrivateKey], key: ecnist.EcPrivateKey): PrivateKey =
     PrivateKey(scheme: ECDSA, eckey: key)
+
   proc init*(t: typedesc[PublicKey], key: ecnist.EcPublicKey): PublicKey =
     PublicKey(scheme: ECDSA, eckey: key)
 
@@ -663,9 +704,9 @@ proc `==`*(key1, key2: PrivateKey): bool =
   else:
     false
 
-proc `$`*(key: PrivateKey|PublicKey): string =
+proc `$`*(key: PrivateKey | PublicKey): string =
   ## Get string representation of private/public key ``key``.
-  case key.scheme:
+  case key.scheme
   of PKScheme.RSA:
     when supported(PKScheme.RSA):
       $(key.rsakey)
@@ -687,9 +728,9 @@ proc `$`*(key: PrivateKey|PublicKey): string =
     else:
       "unsupported secp256k1 key"
 
-func shortLog*(key: PrivateKey|PublicKey): string =
+func shortLog*(key: PrivateKey | PublicKey): string =
   ## Get short string representation of private/public key ``key``.
-  case key.scheme:
+  case key.scheme
   of PKScheme.RSA:
     when supported(PKScheme.RSA):
       ($key.rsakey).shortLog
@@ -715,16 +756,15 @@ proc `$`*(sig: Signature): string =
   ## Get string representation of signature ``sig``.
   result = ncrutils.toHex(sig.data)
 
-proc sign*(key: PrivateKey,
-           data: openArray[byte]): CryptoResult[Signature] {.gcsafe.} =
+proc sign*(key: PrivateKey, data: openArray[byte]): CryptoResult[Signature] {.gcsafe.} =
   ## Sign message ``data`` using private key ``key`` and return generated
   ## signature in raw binary form.
   var res: Signature
-  case key.scheme:
+  case key.scheme
   of PKScheme.RSA:
     when supported(PKScheme.RSA):
-      let sig = ? key.rsakey.sign(data).orError(SigError)
-      res.data = ? sig.getBytes().orError(SigError)
+      let sig = ?key.rsakey.sign(data).orError(SigError)
+      res.data = ?sig.getBytes().orError(SigError)
       ok(res)
     else:
       err(SchemeError)
@@ -737,8 +777,8 @@ proc sign*(key: PrivateKey,
       err(SchemeError)
   of PKScheme.ECDSA:
     when supported(PKScheme.ECDSA):
-      let sig = ? key.eckey.sign(data).orError(SigError)
-      res.data = ? sig.getBytes().orError(SigError)
+      let sig = ?key.eckey.sign(data).orError(SigError)
+      res.data = ?sig.getBytes().orError(SigError)
       ok(res)
     else:
       err(SchemeError)
@@ -753,7 +793,7 @@ proc sign*(key: PrivateKey,
 proc verify*(sig: Signature, message: openArray[byte], key: PublicKey): bool =
   ## Verify signature ``sig`` using message ``message`` and public key ``key``.
   ## Return ``true`` if message signature is valid.
-  case key.scheme:
+  case key.scheme
   of PKScheme.RSA:
     when supported(PKScheme.RSA):
       var signature: RsaSignature
@@ -791,12 +831,12 @@ proc verify*(sig: Signature, message: openArray[byte], key: PublicKey): bool =
     else:
       false
 
-template makeSecret(buffer, hmactype, secret, seed: untyped) {.dirty.}=
+template makeSecret(buffer, hmactype, secret, seed: untyped) {.dirty.} =
   var ctx: hmactype
   var j = 0
   # We need to strip leading zeros, because Go bigint serialization do it.
   var offset = 0
-  for i in 0..<len(secret):
+  for i in 0 ..< len(secret):
     if secret[i] != 0x00'u8:
       break
     inc(offset)
@@ -817,8 +857,9 @@ template makeSecret(buffer, hmactype, secret, seed: untyped) {.dirty.}=
     ctx.update(a.data)
     a = ctx.finish()
 
-proc stretchKeys*(cipherType: string, hashType: string,
-                  sharedSecret: seq[byte]): Secret =
+proc stretchKeys*(
+    cipherType: string, hashType: string, sharedSecret: seq[byte]
+): Secret =
   ## Expand shared secret to cryptographic keys.
   if cipherType == "AES-128":
     result.ivsize = aes128.sizeBlock
@@ -833,7 +874,7 @@ proc stretchKeys*(cipherType: string, hashType: string,
   var seed = "key expansion"
   result.macsize = 20
   let length = result.ivsize + result.keysize + result.macsize
-  result.data = newSeq[byte](2 * length)
+  result.data = newSeqUninit[byte](2 * length)
 
   if hashType == "SHA256":
     makeSecret(result.data, HMAC[sha256], sharedSecret, seed)
@@ -844,65 +885,57 @@ template goffset*(secret, id, o: untyped): untyped =
   id * (len(secret.data) shr 1) + o
 
 template ivOpenArray*(secret: Secret, id: int): untyped =
-  toOpenArray(secret.data, goffset(secret, id, 0),
-              goffset(secret, id, secret.ivsize - 1))
+  toOpenArray(
+    secret.data, goffset(secret, id, 0), goffset(secret, id, secret.ivsize - 1)
+  )
 
 template keyOpenArray*(secret: Secret, id: int): untyped =
-  toOpenArray(secret.data, goffset(secret, id, secret.ivsize),
-              goffset(secret, id, secret.ivsize + secret.keysize - 1))
+  toOpenArray(
+    secret.data,
+    goffset(secret, id, secret.ivsize),
+    goffset(secret, id, secret.ivsize + secret.keysize - 1),
+  )
 
 template macOpenArray*(secret: Secret, id: int): untyped =
-  toOpenArray(secret.data, goffset(secret, id, secret.ivsize + secret.keysize),
-       goffset(secret, id, secret.ivsize + secret.keysize + secret.macsize - 1))
+  toOpenArray(
+    secret.data,
+    goffset(secret, id, secret.ivsize + secret.keysize),
+    goffset(secret, id, secret.ivsize + secret.keysize + secret.macsize - 1),
+  )
 
 proc iv*(secret: Secret, id: int): seq[byte] {.inline.} =
   ## Get array of bytes with with initial vector.
-  result = newSeq[byte](secret.ivsize)
-  var offset = if id == 0: 0 else: (len(secret.data) div 2)
+  result = newSeqUninit[byte](secret.ivsize)
+  var offset =
+    if id == 0:
+      0
+    else:
+      (len(secret.data) div 2)
   copyMem(addr result[0], unsafeAddr secret.data[offset], secret.ivsize)
 
 proc key*(secret: Secret, id: int): seq[byte] {.inline.} =
-  result = newSeq[byte](secret.keysize)
-  var offset = if id == 0: 0 else: (len(secret.data) div 2)
+  result = newSeqUninit[byte](secret.keysize)
+  var offset =
+    if id == 0:
+      0
+    else:
+      (len(secret.data) div 2)
   offset += secret.ivsize
   copyMem(addr result[0], unsafeAddr secret.data[offset], secret.keysize)
 
 proc mac*(secret: Secret, id: int): seq[byte] {.inline.} =
-  result = newSeq[byte](secret.macsize)
-  var offset = if id == 0: 0 else: (len(secret.data) div 2)
+  result = newSeqUninit[byte](secret.macsize)
+  var offset =
+    if id == 0:
+      0
+    else:
+      (len(secret.data) div 2)
   offset += secret.ivsize + secret.keysize
   copyMem(addr result[0], unsafeAddr secret.data[offset], secret.macsize)
 
-proc ephemeral*(
-    scheme: ECDHEScheme,
-    rng: var HmacDrbgContext): CryptoResult[EcKeyPair] =
-  ## Generate ephemeral keys used to perform ECDHE.
-  var keypair: EcKeyPair
-  if scheme == Secp256r1:
-    keypair = ? EcKeyPair.random(Secp256r1, rng).orError(KeyError)
-  elif scheme == Secp384r1:
-    keypair = ? EcKeyPair.random(Secp384r1, rng).orError(KeyError)
-  elif scheme == Secp521r1:
-    keypair = ? EcKeyPair.random(Secp521r1, rng).orError(KeyError)
-  ok(keypair)
-
-proc ephemeral*(
-    scheme: string, rng: var HmacDrbgContext): CryptoResult[EcKeyPair] =
-  ## Generate ephemeral keys used to perform ECDHE using string encoding.
-  ##
-  ## Currently supported encoding strings are P-256, P-384, P-521, if encoding
-  ## string is not supported P-521 key will be generated.
-  if scheme == "P-256":
-    ephemeral(Secp256r1, rng)
-  elif scheme == "P-384":
-    ephemeral(Secp384r1, rng)
-  elif scheme == "P-521":
-    ephemeral(Secp521r1, rng)
-  else:
-    ephemeral(Secp521r1, rng)
-
-proc getOrder*(remotePubkey, localNonce: openArray[byte],
-               localPubkey, remoteNonce: openArray[byte]): CryptoResult[int] =
+proc getOrder*(
+    remotePubkey, localNonce: openArray[byte], localPubkey, remoteNonce: openArray[byte]
+): CryptoResult[int] =
   ## Compare values and calculate `order` parameter.
   var ctx: sha256
   ctx.init()
@@ -913,9 +946,9 @@ proc getOrder*(remotePubkey, localNonce: openArray[byte],
   ctx.update(localPubkey)
   ctx.update(remoteNonce)
   var digest2 = ctx.finish()
-  var mh1 = ? MultiHash.init(multiCodec("sha2-256"), digest1).orError(HashError)
-  var mh2 = ? MultiHash.init(multiCodec("sha2-256"), digest2).orError(HashError)
-  var res = 0;
+  var mh1 = ?MultiHash.init(multiCodec("sha2-256"), digest1).orError(HashError)
+  var mh2 = ?MultiHash.init(multiCodec("sha2-256"), digest2).orError(HashError)
+  var res = 0
   for i in 0 ..< len(mh1.data.buffer):
     res = int(mh1.data.buffer[i]) - int(mh2.data.buffer[i])
     if res != 0:
@@ -946,96 +979,45 @@ proc selectBest*(order: int, p1, p2: string): string =
       if felement == selement:
         return felement
 
-proc createProposal*(nonce, pubkey: openArray[byte],
-                     exchanges, ciphers, hashes: string): seq[byte] =
-  ## Create SecIO proposal message using random ``nonce``, local public key
-  ## ``pubkey``, comma-delimieted list of supported exchange schemes
-  ## ``exchanges``, comma-delimeted list of supported ciphers ``ciphers`` and
-  ## comma-delimeted list of supported hashes ``hashes``.
-  var msg = initProtoBuffer({WithUint32BeLength})
-  msg.write(1, nonce)
-  msg.write(2, pubkey)
-  msg.write(3, exchanges)
-  msg.write(4, ciphers)
-  msg.write(5, hashes)
-  msg.finish()
-  msg.buffer
-
-proc decodeProposal*(message: seq[byte], nonce, pubkey: var seq[byte],
-                     exchanges, ciphers, hashes: var string): bool =
-  ## Parse incoming proposal message and decode remote random nonce ``nonce``,
-  ## remote public key ``pubkey``, comma-delimieted list of supported exchange
-  ## schemes ``exchanges``, comma-delimeted list of supported ciphers
-  ## ``ciphers`` and comma-delimeted list of supported hashes ``hashes``.
-  ##
-  ## Procedure returns ``true`` on success and ``false`` on error.
-  var pb = initProtoBuffer(message)
-  let r1 = pb.getField(1, nonce)
-  let r2 = pb.getField(2, pubkey)
-  let r3 = pb.getField(3, exchanges)
-  let r4 = pb.getField(4, ciphers)
-  let r5 = pb.getField(5, hashes)
-
-  r1.isOk() and r1.get() and r2.isOk() and r2.get() and
-  r3.isOk() and r3.get() and r4.isOk() and r4.get() and
-  r5.isOk() and r5.get()
-
-proc createExchange*(epubkey, signature: openArray[byte]): seq[byte] =
-  ## Create SecIO exchange message using ephemeral public key ``epubkey`` and
-  ## signature of proposal blocks ``signature``.
-  var msg = initProtoBuffer({WithUint32BeLength})
-  msg.write(1, epubkey)
-  msg.write(2, signature)
-  msg.finish()
-  msg.buffer
-
-proc decodeExchange*(message: seq[byte],
-                     pubkey, signature: var seq[byte]): bool =
-  ## Parse incoming exchange message and decode remote ephemeral public key
-  ## ``pubkey`` and signature ``signature``.
-  ##
-  ## Procedure returns ``true`` on success and ``false`` on error.
-  var pb = initProtoBuffer(message)
-  let r1 = pb.getField(1, pubkey)
-  let r2 = pb.getField(2, signature)
-  r1.isOk() and r1.get() and r2.isOk() and r2.get()
-
 ## Serialization/Deserialization helpers
 
-proc write*(vb: var VBuffer, pubkey: PublicKey) {.
-     inline, raises: [Defect, ResultError[CryptoError]].} =
+proc write*(
+    vb: var VBuffer, pubkey: PublicKey
+) {.inline, raises: [ResultError[CryptoError]].} =
   ## Write PublicKey value ``pubkey`` to buffer ``vb``.
   vb.writeSeq(pubkey.getBytes().tryGet())
 
-proc write*(vb: var VBuffer, seckey: PrivateKey) {.
-     inline, raises: [Defect, ResultError[CryptoError]].} =
+proc write*(
+    vb: var VBuffer, seckey: PrivateKey
+) {.inline, raises: [ResultError[CryptoError]].} =
   ## Write PrivateKey value ``seckey`` to buffer ``vb``.
   vb.writeSeq(seckey.getBytes().tryGet())
 
-proc write*(vb: var VBuffer, sig: PrivateKey) {.
-     inline, raises: [Defect, ResultError[CryptoError]].} =
+proc write*(
+    vb: var VBuffer, sig: PrivateKey
+) {.inline, raises: [ResultError[CryptoError]].} =
   ## Write Signature value ``sig`` to buffer ``vb``.
   vb.writeSeq(sig.getBytes().tryGet())
 
-proc write*[T: PublicKey|PrivateKey](pb: var ProtoBuffer, field: int,
-                                     key: T) {.
-     inline, raises: [Defect, ResultError[CryptoError]].} =
+proc write*[T: PublicKey | PrivateKey](
+    pb: var ProtoBuffer, field: int, key: T
+) {.inline, raises: [ResultError[CryptoError]].} =
   write(pb, field, key.getBytes().tryGet())
 
-proc write*(pb: var ProtoBuffer, field: int, sig: Signature) {.
-     inline, raises: [Defect].} =
+proc write*(pb: var ProtoBuffer, field: int, sig: Signature) {.inline, raises: [].} =
   write(pb, field, sig.getBytes())
 
-proc getField*[T: PublicKey|PrivateKey](pb: ProtoBuffer, field: int,
-                                        value: var T): ProtoResult[bool] =
+proc getField*[T: PublicKey | PrivateKey](
+    pb: ProtoBuffer, field: int, value: var T
+): ProtoResult[bool] =
   ## Deserialize public/private key from protobuf's message ``pb`` using field
   ## index ``field``.
   ##
   ## On success deserialized key will be stored in ``value``.
   var buffer: seq[byte]
   var key: T
-  let res = ? pb.getField(field, buffer)
-  if not(res):
+  let res = ?pb.getField(field, buffer)
+  if not (res):
     ok(false)
   else:
     if key.init(buffer):
@@ -1044,16 +1026,15 @@ proc getField*[T: PublicKey|PrivateKey](pb: ProtoBuffer, field: int,
     else:
       err(ProtoError.IncorrectBlob)
 
-proc getField*(pb: ProtoBuffer, field: int,
-               value: var Signature): ProtoResult[bool] =
+proc getField*(pb: ProtoBuffer, field: int, value: var Signature): ProtoResult[bool] =
   ## Deserialize signature from protobuf's message ``pb`` using field index
   ## ``field``.
   ##
   ## On success deserialized signature will be stored in ``value``.
   var buffer: seq[byte]
   var sig: Signature
-  let res = ? pb.getField(field, buffer)
-  if not(res):
+  let res = ?pb.getField(field, buffer)
+  if not (res):
     ok(false)
   else:
     if sig.init(buffer):

libp2p/crypto/curve25519.nim

@@ -1,5 +1,5 @@
 # Nim-Libp2p
-# Copyright (c) 2022-2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -15,18 +15,14 @@
 
 # RFC @ https://tools.ietf.org/html/rfc7748
 
-when (NimMajor, NimMinor) < (1, 4):
-  {.push raises: [Defect].}
-else:
-  {.push raises: [].}
+{.push raises: [].}
 
-import bearssl/[ec, rand, hash]
-import stew/results
+import bearssl/[ec, rand]
+import results
 from stew/assign2 import assign
 export results
 
-const
-  Curve25519KeySize* = 32
+const Curve25519KeySize* = 32
 
 type
   Curve25519* = object
@@ -38,12 +34,12 @@ proc intoCurve25519Key*(s: openArray[byte]): Curve25519Key =
   assert s.len == Curve25519KeySize
   assign(result, s)
 
-proc getBytes*(key: Curve25519Key): seq[byte] = @key
+proc getBytes*(key: Curve25519Key): seq[byte] =
+  @key
 
 proc byteswap(buf: var Curve25519Key) {.inline.} =
-  for i in 0..<16:
-    let
-      x = buf[i]
+  for i in 0 ..< 16:
+    let x = buf[i]
     buf[i] = buf[31 - i]
     buf[31 - i] = x
 
@@ -51,31 +47,25 @@ proc mul*(_: type[Curve25519], point: var Curve25519Key, multiplier: Curve25519K
   let defaultBrEc = ecGetDefault()
 
   # multiplier needs to be big-endian
-  var
-    multiplierBs = multiplier
+  var multiplierBs = multiplier
   multiplierBs.byteswap()
-  let
-    res = defaultBrEc.mul(
-      addr point[0],
-      Curve25519KeySize,
-      addr multiplierBs[0],
-      Curve25519KeySize,
-      EC_curve25519)
+  let res = defaultBrEc.mul(
+    addr point[0],
+    Curve25519KeySize,
+    addr multiplierBs[0],
+    Curve25519KeySize,
+    EC_curve25519,
+  )
   assert res == 1
 
 proc mulgen(_: type[Curve25519], dst: var Curve25519Key, point: Curve25519Key) =
   let defaultBrEc = ecGetDefault()
 
-  var
-    rpoint = point
+  var rpoint = point
   rpoint.byteswap()
 
-  let
-    size = defaultBrEc.mulgen(
-      addr dst[0],
-      addr rpoint[0],
-      Curve25519KeySize,
-      EC_curve25519)
+  let size =
+    defaultBrEc.mulgen(addr dst[0], addr rpoint[0], Curve25519KeySize, EC_curve25519)
 
   assert size == Curve25519KeySize
 
@@ -86,7 +76,8 @@ proc random*(_: type[Curve25519Key], rng: var HmacDrbgContext): Curve25519Key =
   var res: Curve25519Key
   let defaultBrEc = ecGetDefault()
   let len = ecKeygen(
-    addr rng.vtable, defaultBrEc, nil, addr res[0], EC_curve25519)
+    PrngClassPointerConst(addr rng.vtable), defaultBrEc, nil, addr res[0], EC_curve25519
+  )
   # Per bearssl documentation, the keygen only fails if the curve is
   # unrecognised -
   doAssert len == Curve25519KeySize, "Could not generate curve"

libp2p/crypto/ecnist.nim

@@ -1,5 +1,5 @@
 # Nim-Libp2p
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -14,17 +14,19 @@
 ## BearSSL library <https://bearssl.org/>
 ## Copyright(C) 2018 Thomas Pornin <pornin@bolet.org>.
 
-when (NimMajor, NimMinor) < (1, 4):
-  {.push raises: [Defect].}
-else:
-  {.push raises: [].}
+{.push raises: [].}
 
 import bearssl/[ec, rand, hash]
 # We use `ncrutils` for constant-time hexadecimal encoding/decoding procedures.
 import nimcrypto/utils as ncrutils
 import minasn1
 export minasn1.Asn1Error
-import stew/[results, ctops]
+import stew/ctops
+import results
+import ../utils/sequninit
+
+import ../utility
+
 export results
 
 const
@@ -58,23 +60,22 @@ type
     buffer*: seq[byte]
 
   EcCurveKind* = enum
-    Secp256r1 = EC_secp256r1,
-    Secp384r1 = EC_secp384r1,
+    Secp256r1 = EC_secp256r1
+    Secp384r1 = EC_secp384r1
     Secp521r1 = EC_secp521r1
 
   EcPKI* = EcPrivateKey | EcPublicKey | EcSignature
 
   EcError* = enum
-    EcRngError,
-    EcKeyGenError,
-    EcPublicKeyError,
-    EcKeyIncorrectError,
+    EcRngError
+    EcKeyGenError
+    EcPublicKeyError
+    EcKeyIncorrectError
     EcSignatureError
 
   EcResult*[T] = Result[T, EcError]
 
-const
-  EcSupportedCurvesCint* = {cint(Secp256r1), cint(Secp384r1), cint(Secp521r1)}
+const EcSupportedCurvesCint* = @[cint(Secp256r1), cint(Secp384r1), cint(Secp521r1)]
 
 proc `-`(x: uint32): uint32 {.inline.} =
   result = (0xFFFF_FFFF'u32 - x) + 1'u32
@@ -88,7 +89,7 @@ proc CMP(x, y: uint32): int32 {.inline.} =
 
 proc EQ0(x: int32): uint32 {.inline.} =
   var q = cast[uint32](x)
-  result = not(q or -q) shr 31
+  result = not (q or -q) shr 31
 
 proc NEQ(x, y: uint32): uint32 {.inline.} =
   var q = cast[uint32](x xor y)
@@ -113,7 +114,7 @@ proc checkScalar(scalar: openArray[byte], curve: cint): uint32 =
   for u in scalar:
     z = z or u
   if len(scalar) == int(orderlen):
-    for i in 0..<len(scalar):
+    for i in 0 ..< len(scalar):
       c = c or (-(cast[int32](EQ0(c))) and CMP(scalar[i], order[i]))
   else:
     c = -1
@@ -126,8 +127,7 @@ proc checkPublic(key: openArray[byte], curve: cint): uint32 =
   var impl = ecGetDefault()
   var orderlen: uint = 0
   discard impl.order(curve, orderlen)
-  result = impl.mul(unsafeAddr ckey[0], uint(len(ckey)),
-                    addr x[0], uint(len(x)), curve)
+  result = impl.mul(unsafeAddr ckey[0], uint(len(ckey)), addr x[0], uint(len(x)), curve)
 
 proc getOffset(pubkey: EcPublicKey): int {.inline.} =
   let o = cast[uint](pubkey.key.q) - cast[uint](unsafeAddr pubkey.buffer[0])
@@ -145,21 +145,15 @@ proc getOffset(seckey: EcPrivateKey): int {.inline.} =
 
 template getPublicKeyLength*(curve: EcCurveKind): int =
   case curve
-  of Secp256r1:
-    PubKey256Length
-  of Secp384r1:
-    PubKey384Length
-  of Secp521r1:
-    PubKey521Length
+  of Secp256r1: PubKey256Length
+  of Secp384r1: PubKey384Length
+  of Secp521r1: PubKey521Length
 
 template getPrivateKeyLength*(curve: EcCurveKind): int =
   case curve
-  of Secp256r1:
-    SecKey256Length
-  of Secp384r1:
-    SecKey384Length
-  of Secp521r1:
-    SecKey521Length
+  of Secp256r1: SecKey256Length
+  of Secp384r1: SecKey384Length
+  of Secp521r1: SecKey521Length
 
 proc copy*[T: EcPKI](dst: var T, src: T): bool =
   ## Copy EC `private key`, `public key` or `signature` ``src`` to ``dst``.
@@ -201,7 +195,7 @@ proc copy*[T: EcPKI](src: T): T {.inline.} =
   if not copy(result, src):
     raise newException(EcKeyIncorrectError, "Incorrect key or signature")
 
-proc clear*[T: EcPKI|EcKeyPair](pki: var T) =
+proc clear*[T: EcPKI | EcKeyPair](pki: var T) =
   ## Wipe and clear EC `private key`, `public key` or `signature` object.
   doAssert(not isNil(pki))
   when T is EcPrivateKey:
@@ -232,8 +226,8 @@ proc clear*[T: EcPKI|EcKeyPair](pki: var T) =
     pki.pubkey.key.curve = 0
 
 proc random*(
-    T: typedesc[EcPrivateKey], kind: EcCurveKind,
-    rng: var HmacDrbgContext): EcResult[EcPrivateKey] =
+    T: typedesc[EcPrivateKey], kind: EcCurveKind, rng: var HmacDrbgContext
+): EcResult[EcPrivateKey] =
   ## Generate new random EC private key using BearSSL's HMAC-SHA256-DRBG
   ## algorithm.
   ##
@@ -241,9 +235,13 @@ proc random*(
   ## secp521r1).
   var ecimp = ecGetDefault()
   var res = new EcPrivateKey
-  if ecKeygen(addr rng.vtable, ecimp,
-                addr res.key, addr res.buffer[0],
-                cast[cint](kind)) == 0:
+  if ecKeygen(
+    PrngClassPointerConst(addr rng.vtable),
+    ecimp,
+    addr res.key,
+    addr res.buffer[0],
+    safeConvert[cint](kind),
+  ) == 0:
     err(EcKeyGenError)
   else:
     ok(res)
@@ -257,8 +255,7 @@ proc getPublicKey*(seckey: EcPrivateKey): EcResult[EcPublicKey] =
   if seckey.key.curve in EcSupportedCurvesCint:
     var res = new EcPublicKey
     assert res.buffer.len > getPublicKeyLength(cast[EcCurveKind](seckey.key.curve))
-    if ecComputePub(ecimp, addr res.key,
-                    addr res.buffer[0], unsafeAddr seckey.key) == 0:
+    if ecComputePub(ecimp, addr res.key, addr res.buffer[0], unsafeAddr seckey.key) == 0:
       err(EcKeyIncorrectError)
     else:
       ok(res)
@@ -266,23 +263,23 @@ proc getPublicKey*(seckey: EcPrivateKey): EcResult[EcPublicKey] =
     err(EcKeyIncorrectError)
 
 proc random*(
-    T: typedesc[EcKeyPair], kind: EcCurveKind,
-    rng: var HmacDrbgContext): EcResult[T] =
+    T: typedesc[EcKeyPair], kind: EcCurveKind, rng: var HmacDrbgContext
+): EcResult[T] =
   ## Generate new random EC private and public keypair using BearSSL's
   ## HMAC-SHA256-DRBG algorithm.
   ##
   ## ``kind`` elliptic curve kind of your choice (secp256r1, secp384r1 or
   ## secp521r1).
   let
-    seckey = ? EcPrivateKey.random(kind, rng)
-    pubkey = ? seckey.getPublicKey()
+    seckey = ?EcPrivateKey.random(kind, rng)
+    pubkey = ?seckey.getPublicKey()
     key = EcKeyPair(seckey: seckey, pubkey: pubkey)
   ok(key)
 
 proc `$`*(seckey: EcPrivateKey): string =
   ## Return string representation of EC private key.
   if isNil(seckey) or seckey.key.curve == 0 or seckey.key.xlen == 0 or
-     len(seckey.buffer) == 0:
+      len(seckey.buffer) == 0:
     result = "Empty or uninitialized ECNIST key"
   else:
     if seckey.key.curve notin EcSupportedCurvesCint:
@@ -298,7 +295,7 @@ proc `$`*(seckey: EcPrivateKey): string =
 proc `$`*(pubkey: EcPublicKey): string =
   ## Return string representation of EC public key.
   if isNil(pubkey) or pubkey.key.curve == 0 or pubkey.key.qlen == 0 or
-     len(pubkey.buffer) == 0:
+      len(pubkey.buffer) == 0:
     result = "Empty or uninitialized ECNIST key"
   else:
     if pubkey.key.curve notin EcSupportedCurvesCint:
@@ -371,7 +368,7 @@ proc toBytes*(seckey: EcPrivateKey, data: var openArray[byte]): EcResult[int] =
     return err(EcKeyIncorrectError)
   if seckey.key.curve in EcSupportedCurvesCint:
     var offset, length: int
-    var pubkey = ? seckey.getPublicKey()
+    var pubkey = ?seckey.getPublicKey()
     var b = Asn1Buffer.init()
     var p = Asn1Composite.init(Asn1Tag.Sequence)
     var c0 = Asn1Composite.init(0)
@@ -387,16 +384,14 @@ proc toBytes*(seckey: EcPrivateKey, data: var openArray[byte]): EcResult[int] =
     if offset < 0:
       return err(EcKeyIncorrectError)
     length = int(pubkey.key.qlen)
-    c1.write(Asn1Tag.BitString,
-             pubkey.buffer.toOpenArray(offset, offset + length - 1))
+    c1.write(Asn1Tag.BitString, pubkey.buffer.toOpenArray(offset, offset + length - 1))
     c1.finish()
     offset = seckey.getOffset()
     if offset < 0:
       return err(EcKeyIncorrectError)
     length = int(seckey.key.xlen)
     p.write(1'u64)
-    p.write(Asn1Tag.OctetString,
-            seckey.buffer.toOpenArray(offset, offset + length - 1))
+    p.write(Asn1Tag.OctetString, seckey.buffer.toOpenArray(offset, offset + length - 1))
     p.write(c0)
     p.write(c1)
     p.finish()
@@ -410,7 +405,6 @@ proc toBytes*(seckey: EcPrivateKey, data: var openArray[byte]): EcResult[int] =
   else:
     err(EcKeyIncorrectError)
 
-
 proc toBytes*(pubkey: EcPublicKey, data: var openArray[byte]): EcResult[int] =
   ## Serialize EC public key ``pubkey`` to ASN.1 DER binary form and store it
   ## to ``data``.
@@ -436,8 +430,7 @@ proc toBytes*(pubkey: EcPublicKey, data: var openArray[byte]): EcResult[int] =
     if offset < 0:
       return err(EcKeyIncorrectError)
     let length = int(pubkey.key.qlen)
-    p.write(Asn1Tag.BitString,
-            pubkey.buffer.toOpenArray(offset, offset + length - 1))
+    p.write(Asn1Tag.BitString, pubkey.buffer.toOpenArray(offset, offset + length - 1))
     p.finish()
     b.write(p)
     b.finish()
@@ -466,10 +459,10 @@ proc getBytes*(seckey: EcPrivateKey): EcResult[seq[byte]] =
   if isNil(seckey):
     return err(EcKeyIncorrectError)
   if seckey.key.curve in EcSupportedCurvesCint:
-    var res = newSeq[byte]()
-    let length = ? seckey.toBytes(res)
+    var res = newSeqUninit[byte](0)
+    let length = ?seckey.toBytes(res)
     res.setLen(length)
-    discard ? seckey.toBytes(res)
+    discard ?seckey.toBytes(res)
     ok(res)
   else:
     err(EcKeyIncorrectError)
@@ -479,10 +472,10 @@ proc getBytes*(pubkey: EcPublicKey): EcResult[seq[byte]] =
   if isNil(pubkey):
     return err(EcKeyIncorrectError)
   if pubkey.key.curve in EcSupportedCurvesCint:
-    var res = newSeq[byte]()
-    let length = ? pubkey.toBytes(res)
+    var res = newSeqUninit[byte](0)
+    let length = ?pubkey.toBytes(res)
     res.setLen(length)
-    discard ? pubkey.toBytes(res)
+    discard ?pubkey.toBytes(res)
     ok(res)
   else:
     err(EcKeyIncorrectError)
@@ -491,10 +484,10 @@ proc getBytes*(sig: EcSignature): EcResult[seq[byte]] =
   ## Serialize EC signature ``sig`` to ASN.1 DER binary form and return it.
   if isNil(sig):
     return err(EcSignatureError)
-  var res = newSeq[byte]()
-  let length = ? sig.toBytes(res)
+  var res = newSeqUninit[byte](0)
+  let length = ?sig.toBytes(res)
   res.setLen(length)
-  discard ? sig.toBytes(res)
+  discard ?sig.toBytes(res)
   ok(res)
 
 proc getRawBytes*(seckey: EcPrivateKey): EcResult[seq[byte]] =
@@ -502,10 +495,10 @@ proc getRawBytes*(seckey: EcPrivateKey): EcResult[seq[byte]] =
   if isNil(seckey):
     return err(EcKeyIncorrectError)
   if seckey.key.curve in EcSupportedCurvesCint:
-    var res = newSeq[byte]()
-    let length = ? seckey.toRawBytes(res)
+    var res = newSeqUninit[byte](0)
+    let length = ?seckey.toRawBytes(res)
     res.setLen(length)
-    discard ? seckey.toRawBytes(res)
+    discard ?seckey.toRawBytes(res)
     ok(res)
   else:
     err(EcKeyIncorrectError)
@@ -515,10 +508,10 @@ proc getRawBytes*(pubkey: EcPublicKey): EcResult[seq[byte]] =
   if isNil(pubkey):
     return err(EcKeyIncorrectError)
   if pubkey.key.curve in EcSupportedCurvesCint:
-    var res = newSeq[byte]()
-    let length = ? pubkey.toRawBytes(res)
+    var res = newSeqUninit[byte](0)
+    let length = ?pubkey.toRawBytes(res)
     res.setLen(length)
-    discard ? pubkey.toRawBytes(res)
+    discard ?pubkey.toRawBytes(res)
     return ok(res)
   else:
     return err(EcKeyIncorrectError)
@@ -527,10 +520,10 @@ proc getRawBytes*(sig: EcSignature): EcResult[seq[byte]] =
   ## Serialize EC signature ``sig`` to raw binary form and return it.
   if isNil(sig):
     return err(EcSignatureError)
-  var res = newSeq[byte]()
-  let length = ? sig.toBytes(res)
+  var res = newSeqUninit[byte](0)
+  let length = ?sig.toBytes(res)
   res.setLen(length)
-  discard ? sig.toBytes(res)
+  discard ?sig.toBytes(res)
   ok(res)
 
 proc `==`*(pubkey1, pubkey2: EcPublicKey): bool =
@@ -550,8 +543,10 @@ proc `==`*(pubkey1, pubkey2: EcPublicKey): bool =
     let op2 = pubkey2.getOffset()
     if op1 == -1 or op2 == -1:
       return false
-    return CT.isEqual(pubkey1.buffer.toOpenArray(op1, pubkey1.key.qlen - 1),
-                      pubkey2.buffer.toOpenArray(op2, pubkey2.key.qlen - 1))
+    return CT.isEqual(
+      pubkey1.buffer.toOpenArray(op1, pubkey1.key.qlen - 1),
+      pubkey2.buffer.toOpenArray(op2, pubkey2.key.qlen - 1),
+    )
 
 proc `==`*(seckey1, seckey2: EcPrivateKey): bool =
   ## Returns ``true`` if both keys ``seckey1`` and ``seckey2`` are equal.
@@ -570,8 +565,10 @@ proc `==`*(seckey1, seckey2: EcPrivateKey): bool =
     let op2 = seckey2.getOffset()
     if op1 == -1 or op2 == -1:
       return false
-    return CT.isEqual(seckey1.buffer.toOpenArray(op1, seckey1.key.xlen - 1),
-                      seckey2.buffer.toOpenArray(op2, seckey2.key.xlen - 1))
+    return CT.isEqual(
+      seckey1.buffer.toOpenArray(op1, seckey1.key.xlen - 1),
+      seckey2.buffer.toOpenArray(op2, seckey2.key.xlen - 1),
+    )
 
 proc `==`*(a, b: EcSignature): bool =
   ## Return ``true`` if both signatures ``sig1`` and ``sig2`` are equal.
@@ -605,36 +602,36 @@ proc init*(key: var EcPrivateKey, data: openArray[byte]): Result[void, Asn1Error
 
   var ab = Asn1Buffer.init(data)
 
-  field = ? ab.read()
+  field = ?ab.read()
 
   if field.kind != Asn1Tag.Sequence:
     return err(Asn1Error.Incorrect)
 
   var ib = field.getBuffer()
 
-  field = ? ib.read()
+  field = ?ib.read()
 
   if field.kind != Asn1Tag.Integer:
     return err(Asn1Error.Incorrect)
   if field.vint != 1'u64:
     return err(Asn1Error.Incorrect)
 
-  raw = ? ib.read()
+  raw = ?ib.read()
 
   if raw.kind != Asn1Tag.OctetString:
     return err(Asn1Error.Incorrect)
 
-  oid = ? ib.read()
+  oid = ?ib.read()
 
   if oid.kind != Asn1Tag.Oid:
     return err(Asn1Error.Incorrect)
 
   if oid == Asn1OidSecp256r1:
-    curve = cast[cint](Secp256r1)
+    curve = safeConvert[cint](Secp256r1)
   elif oid == Asn1OidSecp384r1:
-    curve = cast[cint](Secp384r1)
+    curve = safeConvert[cint](Secp384r1)
   elif oid == Asn1OidSecp521r1:
-    curve = cast[cint](Secp521r1)
+    curve = safeConvert[cint](Secp521r1)
   else:
     return err(Asn1Error.Incorrect)
 
@@ -658,19 +655,19 @@ proc init*(pubkey: var EcPublicKey, data: openArray[byte]): Result[void, Asn1Err
 
   var ab = Asn1Buffer.init(data)
 
-  field = ? ab.read()
+  field = ?ab.read()
 
   if field.kind != Asn1Tag.Sequence:
     return err(Asn1Error.Incorrect)
 
   var ib = field.getBuffer()
-  field = ? ib.read()
+  field = ?ib.read()
 
   if field.kind != Asn1Tag.Sequence:
     return err(Asn1Error.Incorrect)
 
   var ob = field.getBuffer()
-  oid = ? ob.read()
+  oid = ?ob.read()
 
   if oid.kind != Asn1Tag.Oid:
     return err(Asn1Error.Incorrect)
@@ -678,21 +675,21 @@ proc init*(pubkey: var EcPublicKey, data: openArray[byte]): Result[void, Asn1Err
   if oid != Asn1OidEcPublicKey:
     return err(Asn1Error.Incorrect)
 
-  oid = ? ob.read()
+  oid = ?ob.read()
 
   if oid.kind != Asn1Tag.Oid:
     return err(Asn1Error.Incorrect)
 
   if oid == Asn1OidSecp256r1:
-    curve = cast[cint](Secp256r1)
+    curve = safeConvert[cint](Secp256r1)
   elif oid == Asn1OidSecp384r1:
-    curve = cast[cint](Secp384r1)
+    curve = safeConvert[cint](Secp384r1)
   elif oid == Asn1OidSecp521r1:
-    curve = cast[cint](Secp521r1)
+    curve = safeConvert[cint](Secp521r1)
   else:
     return err(Asn1Error.Incorrect)
 
-  raw = ? ib.read()
+  raw = ?ib.read()
 
   if raw.kind != Asn1Tag.BitString:
     return err(Asn1Error.Incorrect)
@@ -718,16 +715,14 @@ proc init*(sig: var EcSignature, data: openArray[byte]): Result[void, Asn1Error]
   else:
     err(Asn1Error.Incorrect)
 
-proc init*[T: EcPKI](sospk: var T,
-                     data: string): Result[void, Asn1Error] {.inline.} =
+proc init*[T: EcPKI](sospk: var T, data: string): Result[void, Asn1Error] {.inline.} =
   ## Initialize EC `private key`, `public key` or `signature` ``sospk`` from
   ## ASN.1 DER hexadecimal string representation ``data``.
   ##
   ## Procedure returns ``Asn1Status``.
   sospk.init(ncrutils.fromHex(data))
 
-proc init*(t: typedesc[EcPrivateKey],
-           data: openArray[byte]): EcResult[EcPrivateKey] =
+proc init*(t: typedesc[EcPrivateKey], data: openArray[byte]): EcResult[EcPrivateKey] =
   ## Initialize EC private key from ASN.1 DER binary representation ``data`` and
   ## return constructed object.
   var key: EcPrivateKey
@@ -737,8 +732,7 @@ proc init*(t: typedesc[EcPrivateKey],
   else:
     ok(key)
 
-proc init*(t: typedesc[EcPublicKey],
-           data: openArray[byte]): EcResult[EcPublicKey] =
+proc init*(t: typedesc[EcPublicKey], data: openArray[byte]): EcResult[EcPublicKey] =
   ## Initialize EC public key from ASN.1 DER binary representation ``data`` and
   ## return constructed object.
   var key: EcPublicKey
@@ -748,8 +742,7 @@ proc init*(t: typedesc[EcPublicKey],
   else:
     ok(key)
 
-proc init*(t: typedesc[EcSignature],
-           data: openArray[byte]): EcResult[EcSignature] =
+proc init*(t: typedesc[EcSignature], data: openArray[byte]): EcResult[EcSignature] =
   ## Initialize EC signature from raw binary representation ``data`` and
   ## return constructed object.
   var sig: EcSignature
@@ -774,13 +767,13 @@ proc initRaw*(key: var EcPrivateKey, data: openArray[byte]): bool =
   ## Procedure returns ``true`` on success, ``false`` otherwise.
   var curve: cint
   if len(data) == SecKey256Length:
-    curve = cast[cint](Secp256r1)
+    curve = safeConvert[cint](Secp256r1)
     result = true
   elif len(data) == SecKey384Length:
-    curve = cast[cint](Secp384r1)
+    curve = safeConvert[cint](Secp384r1)
     result = true
   elif len(data) == SecKey521Length:
-    curve = cast[cint](Secp521r1)
+    curve = safeConvert[cint](Secp521r1)
     result = true
   if result:
     result = false
@@ -805,13 +798,13 @@ proc initRaw*(pubkey: var EcPublicKey, data: openArray[byte]): bool =
   if len(data) > 0:
     if data[0] == 0x04'u8:
       if len(data) == PubKey256Length:
-        curve = cast[cint](Secp256r1)
+        curve = safeConvert[cint](Secp256r1)
         result = true
       elif len(data) == PubKey384Length:
-        curve = cast[cint](Secp384r1)
+        curve = safeConvert[cint](Secp384r1)
         result = true
       elif len(data) == PubKey521Length:
-        curve = cast[cint](Secp521r1)
+        curve = safeConvert[cint](Secp521r1)
         result = true
   if result:
     result = false
@@ -832,8 +825,7 @@ proc initRaw*(sig: var EcSignature, data: openArray[byte]): bool =
   ##
   ## Procedure returns ``true`` on success, ``false`` otherwise.
   let length = len(data)
-  if (length == Sig256Length) or (length == Sig384Length) or
-     (length == Sig521Length):
+  if (length == Sig256Length) or (length == Sig384Length) or (length == Sig521Length):
     result = true
   if result:
     sig = new EcSignature
@@ -846,8 +838,9 @@ proc initRaw*[T: EcPKI](sospk: var T, data: string): bool {.inline.} =
   ## Procedure returns ``true`` on success, ``false`` otherwise.
   result = sospk.initRaw(ncrutils.fromHex(data))
 
-proc initRaw*(t: typedesc[EcPrivateKey],
-              data: openArray[byte]): EcResult[EcPrivateKey] =
+proc initRaw*(
+    t: typedesc[EcPrivateKey], data: openArray[byte]
+): EcResult[EcPrivateKey] =
   ## Initialize EC private key from raw binary representation ``data`` and
   ## return constructed object.
   var res: EcPrivateKey
@@ -856,8 +849,7 @@ proc initRaw*(t: typedesc[EcPrivateKey],
   else:
     ok(res)
 
-proc initRaw*(t: typedesc[EcPublicKey],
-              data: openArray[byte]): EcResult[EcPublicKey] =
+proc initRaw*(t: typedesc[EcPublicKey], data: openArray[byte]): EcResult[EcPublicKey] =
   ## Initialize EC public key from raw binary representation ``data`` and
   ## return constructed object.
   var res: EcPublicKey
@@ -866,8 +858,7 @@ proc initRaw*(t: typedesc[EcPublicKey],
   else:
     ok(res)
 
-proc initRaw*(t: typedesc[EcSignature],
-              data: openArray[byte]): EcResult[EcSignature] =
+proc initRaw*(t: typedesc[EcSignature], data: openArray[byte]): EcResult[EcSignature] =
   ## Initialize EC signature from raw binary representation ``data`` and
   ## return constructed object.
   var res: EcSignature
@@ -894,16 +885,19 @@ proc scalarMul*(pub: EcPublicKey, sec: EcPrivateKey): EcPublicKey =
         let poffset = key.getOffset()
         let soffset = sec.getOffset()
         if poffset >= 0 and soffset >= 0:
-          let res = impl.mul(addr key.buffer[poffset],
-                             key.key.qlen,
-                             unsafeAddr sec.buffer[soffset],
-                             sec.key.xlen,
-                             key.key.curve)
+          let res = impl.mul(
+            addr key.buffer[poffset],
+            key.key.qlen,
+            unsafeAddr sec.buffer[soffset],
+            sec.key.xlen,
+            key.key.curve,
+          )
           if res != 0:
             result = key
 
-proc toSecret*(pubkey: EcPublicKey, seckey: EcPrivateKey,
-               data: var openArray[byte]): int =
+proc toSecret*(
+    pubkey: EcPublicKey, seckey: EcPrivateKey, data: var openArray[byte]
+): int =
   ## Calculate ECDHE shared secret using Go's elliptic/curve approach, using
   ## remote public key ``pubkey`` and local private key ``seckey`` and store
   ## shared secret to ``data``.
@@ -936,11 +930,12 @@ proc getSecret*(pubkey: EcPublicKey, seckey: EcPrivateKey): seq[byte] =
   var data: array[Secret521Length, byte]
   let res = toSecret(pubkey, seckey, data)
   if res > 0:
-    result = newSeq[byte](res)
+    result = newSeqUninit[byte](res)
     copyMem(addr result[0], addr data[0], res)
 
-proc sign*[T: byte|char](seckey: EcPrivateKey,
-                      message: openArray[T]): EcResult[EcSignature] {.gcsafe.} =
+proc sign*[T: byte | char](
+    seckey: EcPrivateKey, message: openArray[T]
+): EcResult[EcSignature] {.gcsafe.} =
   ## Get ECDSA signature of data ``message`` using private key ``seckey``.
   if isNil(seckey):
     return err(EcKeyIncorrectError)
@@ -949,7 +944,7 @@ proc sign*[T: byte|char](seckey: EcPrivateKey,
   var impl = ecGetDefault()
   if seckey.key.curve in EcSupportedCurvesCint:
     var sig = new EcSignature
-    sig.buffer = newSeq[byte](256)
+    sig.buffer = newSeqUninit[byte](256)
     var kv = addr sha256Vtable
     kv.init(addr hc.vtable)
     if len(message) > 0:
@@ -957,8 +952,8 @@ proc sign*[T: byte|char](seckey: EcPrivateKey,
     else:
       kv.update(addr hc.vtable, nil, 0)
     kv.out(addr hc.vtable, addr hash[0])
-    let res = ecdsaI31SignAsn1(impl, kv, addr hash[0], addr seckey.key,
-                              addr sig.buffer[0])
+    let res =
+      ecdsaI31SignAsn1(impl, kv, addr hash[0], addr seckey.key, addr sig.buffer[0])
     # Clear context with initial value
     kv.init(addr hc.vtable)
     if res != 0:
@@ -969,8 +964,9 @@ proc sign*[T: byte|char](seckey: EcPrivateKey,
   else:
     err(EcKeyIncorrectError)
 
-proc verify*[T: byte|char](sig: EcSignature, message: openArray[T],
-                           pubkey: EcPublicKey): bool {.inline.} =
+proc verify*[T: byte | char](
+    sig: EcSignature, message: openArray[T], pubkey: EcPublicKey
+): bool {.inline.} =
   ## Verify ECDSA signature ``sig`` using public key ``pubkey`` and data
   ## ``message``.
   ##
@@ -988,9 +984,41 @@ proc verify*[T: byte|char](sig: EcSignature, message: openArray[T],
     else:
       kv.update(addr hc.vtable, nil, 0)
     kv.out(addr hc.vtable, addr hash[0])
-    let res = ecdsaI31VrfyAsn1(impl, addr hash[0], uint(len(hash)),
-                               unsafeAddr pubkey.key,
-                               addr sig.buffer[0], uint(len(sig.buffer)))
+    let res = ecdsaI31VrfyAsn1(
+      impl,
+      addr hash[0],
+      uint(len(hash)),
+      unsafeAddr pubkey.key,
+      addr sig.buffer[0],
+      uint(len(sig.buffer)),
+    )
     # Clear context with initial value
     kv.init(addr hc.vtable)
     result = (res == 1)
+
+type ECDHEScheme* = EcCurveKind
+
+proc ephemeral*(scheme: ECDHEScheme, rng: var HmacDrbgContext): EcResult[EcKeyPair] =
+  ## Generate ephemeral keys used to perform ECDHE.
+  var keypair: EcKeyPair
+  if scheme == Secp256r1:
+    keypair = ?EcKeyPair.random(Secp256r1, rng)
+  elif scheme == Secp384r1:
+    keypair = ?EcKeyPair.random(Secp384r1, rng)
+  elif scheme == Secp521r1:
+    keypair = ?EcKeyPair.random(Secp521r1, rng)
+  ok(keypair)
+
+proc ephemeral*(scheme: string, rng: var HmacDrbgContext): EcResult[EcKeyPair] =
+  ## Generate ephemeral keys used to perform ECDHE using string encoding.
+  ##
+  ## Currently supported encoding strings are P-256, P-384, P-521, if encoding
+  ## string is not supported P-521 key will be generated.
+  if scheme == "P-256":
+    ephemeral(Secp256r1, rng)
+  elif scheme == "P-384":
+    ephemeral(Secp384r1, rng)
+  elif scheme == "P-521":
+    ephemeral(Secp521r1, rng)
+  else:
+    ephemeral(Secp521r1, rng)

libp2p/crypto/hkdf.nim

@@ -1,5 +1,5 @@
 # Nim-LibP2P
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -9,28 +9,45 @@
 
 # https://tools.ietf.org/html/rfc5869
 
-when (NimMajor, NimMinor) < (1, 4):
-  {.push raises: [Defect].}
-else:
-  {.push raises: [].}
+{.push raises: [].}
 
 import nimcrypto
-import bearssl/[kdf, rand, hash]
+import bearssl/[kdf, hash]
 
 type HkdfResult*[len: static int] = array[len, byte]
 
-proc hkdf*[T: sha256; len: static int](_: type[T]; salt, ikm, info: openArray[byte]; outputs: var openArray[HkdfResult[len]]) =
-  var
-    ctx: HkdfContext
+proc hkdf*[T: sha256, len: static int](
+    _: type[T],
+    salt, ikm, info: openArray[byte],
+    outputs: var openArray[HkdfResult[len]],
+) =
+  var ctx: HkdfContext
   hkdfInit(
-    ctx, addr sha256Vtable,
-    if salt.len > 0: unsafeAddr salt[0] else: nil, csize_t(salt.len))
+    ctx,
+    addr sha256Vtable,
+    if salt.len > 0:
+      unsafeAddr salt[0]
+    else:
+      nil,
+    csize_t(salt.len),
+  )
   hkdfInject(
-    ctx, if ikm.len > 0: unsafeAddr ikm[0] else: nil, csize_t(ikm.len))
+    ctx,
+    if ikm.len > 0:
+      unsafeAddr ikm[0]
+    else:
+      nil,
+    csize_t(ikm.len),
+  )
   hkdfFlip(ctx)
-  for i in 0..outputs.high:
+  for i in 0 .. outputs.high:
     discard hkdfProduce(
       ctx,
-      if info.len > 0: unsafeAddr info[0]
-      else: nil, csize_t(info.len),
-      addr outputs[i][0], csize_t(outputs[i].len))
+      if info.len > 0:
+        unsafeAddr info[0]
+      else:
+        nil,
+      csize_t(info.len),
+      addr outputs[i][0],
+      csize_t(outputs[i].len),
+    )

libp2p/crypto/minasn1.nim

@@ -1,5 +1,5 @@
 # Nim-Libp2p
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -9,47 +9,46 @@
 
 ## This module implements minimal ASN.1 encoding/decoding primitives.
 
-when (NimMajor, NimMinor) < (1, 4):
-  {.push raises: [Defect].}
-else:
-  {.push raises: [].}
+{.push raises: [].}
 
-import stew/[endians2, results, ctops]
+import stew/[endians2, ctops]
+import results
 export results
 # We use `ncrutils` for constant-time hexadecimal encoding/decoding procedures.
 import nimcrypto/utils as ncrutils
+import ../utility
+import ../utils/sequninit
 
 type
   Asn1Error* {.pure.} = enum
-    Overflow,
-    Incomplete,
-    Indefinite,
-    Incorrect,
-    NoSupport,
+    Overflow
+    Incomplete
+    Indefinite
+    Incorrect
+    NoSupport
     Overrun
 
   Asn1Result*[T] = Result[T, Asn1Error]
 
   Asn1Class* {.pure.} = enum
-    Universal = 0x00,
+    Universal = 0x00
     Application = 0x01
     ContextSpecific = 0x02
     Private = 0x03
 
   Asn1Tag* {.pure.} = enum
     ## Protobuf's field types enum
-    NoSupport,
-    Boolean,
-    Integer,
-    BitString,
-    OctetString,
-    Null,
-    Oid,
-    Sequence,
+    NoSupport
+    Boolean
+    Integer
+    BitString
+    OctetString
+    Null
+    Oid
+    Sequence
     Context
 
-  Asn1Buffer* = object of RootObj
-    ## ASN.1's message representation object
+  Asn1Buffer* = object of RootObj ## ASN.1's message representation object
     buffer*: seq[byte]
     offset*: int
     length*: int
@@ -75,37 +74,23 @@ type
     idx*: int
 
 const
-  Asn1OidSecp256r1* = [
-    0x2A'u8, 0x86'u8, 0x48'u8, 0xCE'u8, 0x3D'u8, 0x03'u8, 0x01'u8, 0x07'u8
-  ]
+  Asn1OidSecp256r1* =
+    [0x2A'u8, 0x86'u8, 0x48'u8, 0xCE'u8, 0x3D'u8, 0x03'u8, 0x01'u8, 0x07'u8]
     ## Encoded OID for `secp256r1` curve (1.2.840.10045.3.1.7)
-  Asn1OidSecp384r1* = [
-    0x2B'u8, 0x81'u8, 0x04'u8, 0x00'u8, 0x22'u8
-  ]
+  Asn1OidSecp384r1* = [0x2B'u8, 0x81'u8, 0x04'u8, 0x00'u8, 0x22'u8]
     ## Encoded OID for `secp384r1` curve (1.3.132.0.34)
-  Asn1OidSecp521r1* = [
-    0x2B'u8, 0x81'u8, 0x04'u8, 0x00'u8, 0x23'u8
-  ]
+  Asn1OidSecp521r1* = [0x2B'u8, 0x81'u8, 0x04'u8, 0x00'u8, 0x23'u8]
     ## Encoded OID for `secp521r1` curve (1.3.132.0.35)
-  Asn1OidSecp256k1* = [
-    0x2B'u8, 0x81'u8, 0x04'u8, 0x00'u8, 0x0A'u8
-  ]
+  Asn1OidSecp256k1* = [0x2B'u8, 0x81'u8, 0x04'u8, 0x00'u8, 0x0A'u8]
     ## Encoded OID for `secp256k1` curve (1.3.132.0.10)
-  Asn1OidEcPublicKey* = [
-    0x2A'u8, 0x86'u8, 0x48'u8, 0xCE'u8, 0x3D'u8, 0x02'u8, 0x01'u8
-  ]
+  Asn1OidEcPublicKey* = [0x2A'u8, 0x86'u8, 0x48'u8, 0xCE'u8, 0x3D'u8, 0x02'u8, 0x01'u8]
     ## Encoded OID for Elliptic Curve Public Key (1.2.840.10045.2.1)
-  Asn1OidRsaEncryption* = [
-    0x2A'u8, 0x86'u8, 0x48'u8, 0x86'u8, 0xF7'u8, 0x0D'u8, 0x01'u8,
-    0x01'u8, 0x01'u8
-  ]
+  Asn1OidRsaEncryption* =
+    [0x2A'u8, 0x86'u8, 0x48'u8, 0x86'u8, 0xF7'u8, 0x0D'u8, 0x01'u8, 0x01'u8, 0x01'u8]
     ## Encoded OID for RSA Encryption (1.2.840.113549.1.1.1)
-  Asn1True* = [0x01'u8, 0x01'u8, 0xFF'u8]
-    ## Encoded boolean ``TRUE``.
-  Asn1False* = [0x01'u8, 0x01'u8, 0x00'u8]
-    ## Encoded boolean ``FALSE``.
-  Asn1Null* = [0x05'u8, 0x00'u8]
-    ## Encoded ``NULL`` value.
+  Asn1True* = [0x01'u8, 0x01'u8, 0xFF'u8] ## Encoded boolean ``TRUE``.
+  Asn1False* = [0x01'u8, 0x01'u8, 0x00'u8] ## Encoded boolean ``FALSE``.
+  Asn1Null* = [0x05'u8, 0x00'u8] ## Encoded ``NULL`` value.
 
 template toOpenArray*(ab: Asn1Buffer): untyped =
   toOpenArray(ab.buffer, ab.offset, ab.buffer.high)
@@ -119,10 +104,10 @@ template toOpenArray*(af: Asn1Field): untyped =
 template isEmpty*(ab: Asn1Buffer): bool =
   ab.offset >= len(ab.buffer)
 
-template isEnough*(ab: Asn1Buffer, length: int): bool =
+template isEnough*(ab: Asn1Buffer, length: int64): bool =
   len(ab.buffer) >= ab.offset + length
 
-proc len*[T: Asn1Buffer|Asn1Composite](abc: T): int {.inline.} =
+proc len*[T: Asn1Buffer | Asn1Composite](abc: T): int {.inline.} =
   len(abc.buffer) - abc.offset
 
 proc len*(field: Asn1Field): int {.inline.} =
@@ -131,31 +116,22 @@ proc len*(field: Asn1Field): int {.inline.} =
 template getPtr*(field: untyped): pointer =
   cast[pointer](unsafeAddr field.buffer[field.offset])
 
-proc extend*[T: Asn1Buffer|Asn1Composite](abc: var T, length: int) {.inline.} =
+proc extend*[T: Asn1Buffer | Asn1Composite](abc: var T, length: int) {.inline.} =
   ## Extend buffer or composite's internal buffer by ``length`` octets.
   abc.buffer.setLen(len(abc.buffer) + length)
 
 proc code*(tag: Asn1Tag): byte {.inline.} =
   ## Converts Nim ``tag`` enum to ASN.1 tag code.
-  case tag:
-  of Asn1Tag.NoSupport:
-    0x00'u8
-  of Asn1Tag.Boolean:
-    0x01'u8
-  of Asn1Tag.Integer:
-    0x02'u8
-  of Asn1Tag.BitString:
-    0x03'u8
-  of Asn1Tag.OctetString:
-    0x04'u8
-  of Asn1Tag.Null:
-    0x05'u8
-  of Asn1Tag.Oid:
-    0x06'u8
-  of Asn1Tag.Sequence:
-    0x30'u8
-  of Asn1Tag.Context:
-    0xA0'u8
+  case tag
+  of Asn1Tag.NoSupport: 0x00'u8
+  of Asn1Tag.Boolean: 0x01'u8
+  of Asn1Tag.Integer: 0x02'u8
+  of Asn1Tag.BitString: 0x03'u8
+  of Asn1Tag.OctetString: 0x04'u8
+  of Asn1Tag.Null: 0x05'u8
+  of Asn1Tag.Oid: 0x06'u8
+  of Asn1Tag.Sequence: 0x30'u8
+  of Asn1Tag.Context: 0xA0'u8
 
 proc asn1EncodeLength*(dest: var openArray[byte], length: uint64): int =
   ## Encode ASN.1 DER length part of TLV triple and return number of bytes
@@ -184,8 +160,7 @@ proc asn1EncodeLength*(dest: var openArray[byte], length: uint64): int =
     # then 9, so it is safe to convert it to `int`.
     int(res)
 
-proc asn1EncodeInteger*(dest: var openArray[byte],
-                        value: openArray[byte]): int =
+proc asn1EncodeInteger*(dest: var openArray[byte], value: openArray[byte]): int =
   ## Encode big-endian binary representation of integer as ASN.1 DER `INTEGER`
   ## and return number of bytes (octets) used.
   ##
@@ -195,17 +170,16 @@ proc asn1EncodeInteger*(dest: var openArray[byte],
   var buffer: array[16, byte]
   var lenlen = 0
 
-  let offset =
-    block:
-      var o = 0
-      for i in 0 ..< len(value):
-        if value[o] != 0x00:
-          break
-        inc(o)
-      if o < len(value):
-        o
-      else:
-        o - 1
+  let offset = block:
+    var o = 0
+    for i in 0 ..< len(value):
+      if value[o] != 0x00:
+        break
+      inc(o)
+    if o < len(value):
+      o
+    else:
+      o - 1
 
   let destlen =
     if len(value) > 0:
@@ -227,12 +201,10 @@ proc asn1EncodeInteger*(dest: var openArray[byte],
       if value[offset] >= 0x80'u8:
         dest[1 + lenlen] = 0x00'u8
         shift = 2
-      copyMem(addr dest[shift + lenlen], unsafeAddr value[offset],
-              len(value) - offset)
+      copyMem(addr dest[shift + lenlen], unsafeAddr value[offset], len(value) - offset)
   destlen
 
-proc asn1EncodeInteger*[T: SomeUnsignedInt](dest: var openArray[byte],
-                                            value: T): int =
+proc asn1EncodeInteger*[T: SomeUnsignedInt](dest: var openArray[byte], value: T): int =
   ## Encode Nim's unsigned integer as ASN.1 DER `INTEGER` and return number of
   ## bytes (octets) used.
   ##
@@ -267,8 +239,7 @@ proc asn1EncodeNull*(dest: var openArray[byte]): int =
     dest[1] = 0x00'u8
   res
 
-proc asn1EncodeOctetString*(dest: var openArray[byte],
-                            value: openArray[byte]): int =
+proc asn1EncodeOctetString*(dest: var openArray[byte], value: openArray[byte]): int =
   ## Encode array of bytes as ASN.1 DER `OCTET STRING` and return number of
   ## bytes (octets) used.
   ##
@@ -285,8 +256,9 @@ proc asn1EncodeOctetString*(dest: var openArray[byte],
       copyMem(addr dest[1 + lenlen], unsafeAddr value[0], len(value))
   res
 
-proc asn1EncodeBitString*(dest: var openArray[byte],
-                          value: openArray[byte], bits = 0): int =
+proc asn1EncodeBitString*(
+    dest: var openArray[byte], value: openArray[byte], bits = 0
+): int =
   ## Encode array of bytes as ASN.1 DER `BIT STRING` and return number of bytes
   ## (octets) used.
   ##
@@ -307,7 +279,7 @@ proc asn1EncodeBitString*(dest: var openArray[byte],
   let bytelen = (bitlen + 7) shr 3
   # Number of unused bits
   let unused = (8 - (bitlen and 7)) and 7
-  let mask = not((1'u8 shl unused) - 1'u8)
+  let mask = not ((1'u8 shl unused) - 1'u8)
   var lenlen = asn1EncodeLength(buffer, uint64(bytelen + 1))
   let res = 1 + lenlen + 1 + len(value)
   if len(dest) >= res:
@@ -321,55 +293,6 @@ proc asn1EncodeBitString*(dest: var openArray[byte],
       dest[2 + lenlen + bytelen - 1] = lastbyte and mask
   res
 
-proc asn1EncodeTag[T: SomeUnsignedInt](dest: var openArray[byte],
-                                       value: T): int =
-  var v = value
-  if value <= cast[T](0x7F):
-    if len(dest) >= 1:
-      dest[0] = cast[byte](value)
-    1
-  else:
-    var s = 0
-    var res = 0
-    while v != 0:
-      v = v shr 7
-      s += 7
-      inc(res)
-    if len(dest) >= res:
-      var k = 0
-      while s != 0:
-        s -= 7
-        dest[k] = cast[byte](((value shr s) and cast[T](0x7F)) or cast[T](0x80))
-        inc(k)
-      dest[k - 1] = dest[k - 1] and 0x7F'u8
-    res
-
-proc asn1EncodeOid*(dest: var openArray[byte], value: openArray[int]): int =
-  ## Encode array of integers ``value`` as ASN.1 DER `OBJECT IDENTIFIER` and
-  ## return number of bytes (octets) used.
-  ##
-  ## If length of ``dest`` is less then number of required bytes to encode
-  ## ``value``, then result of encoding will not be stored in ``dest``
-  ## but number of bytes (octets) required will be returned.
-  var buffer: array[16, byte]
-  var res = 1
-  var oidlen = 1
-  for i in 2..<len(value):
-    oidlen += asn1EncodeTag(buffer, cast[uint64](value[i]))
-  res += asn1EncodeLength(buffer, uint64(oidlen))
-  res += oidlen
-  if len(dest) >= res:
-    let last = dest.high
-    var offset = 1
-    dest[0] = Asn1Tag.Oid.code()
-    offset += asn1EncodeLength(dest.toOpenArray(offset, last), uint64(oidlen))
-    dest[offset] = cast[byte](value[0] * 40 + value[1])
-    offset += 1
-    for i in 2..<len(value):
-      offset += asn1EncodeTag(dest.toOpenArray(offset, last),
-                              cast[uint64](value[i]))
-  res
-
 proc asn1EncodeOid*(dest: var openArray[byte], value: openArray[byte]): int =
   ## Encode array of bytes ``value`` as ASN.1 DER `OBJECT IDENTIFIER` and return
   ## number of bytes (octets) used.
@@ -389,8 +312,7 @@ proc asn1EncodeOid*(dest: var openArray[byte], value: openArray[byte]): int =
     copyMem(addr dest[1 + lenlen], unsafeAddr value[0], len(value))
   res
 
-proc asn1EncodeSequence*(dest: var openArray[byte],
-                         value: openArray[byte]): int =
+proc asn1EncodeSequence*(dest: var openArray[byte], value: openArray[byte]): int =
   ## Encode ``value`` as ASN.1 DER `SEQUENCE` and return number of bytes
   ## (octets) used.
   ##
@@ -406,8 +328,7 @@ proc asn1EncodeSequence*(dest: var openArray[byte],
     copyMem(addr dest[1 + lenlen], unsafeAddr value[0], len(value))
   res
 
-proc asn1EncodeComposite*(dest: var openArray[byte],
-                          value: Asn1Composite): int =
+proc asn1EncodeComposite*(dest: var openArray[byte], value: Asn1Composite): int =
   ## Encode composite value and return number of bytes (octets) used.
   ##
   ## If length of ``dest`` is less then number of required bytes to encode
@@ -419,12 +340,12 @@ proc asn1EncodeComposite*(dest: var openArray[byte],
   if len(dest) >= res:
     dest[0] = value.tag.code()
     copyMem(addr dest[1], addr buffer[0], lenlen)
-    copyMem(addr dest[1 + lenlen], unsafeAddr value.buffer[0],
-            len(value.buffer))
+    copyMem(addr dest[1 + lenlen], unsafeAddr value.buffer[0], len(value.buffer))
   res
 
-proc asn1EncodeContextTag*(dest: var openArray[byte], value: openArray[byte],
-                           tag: int): int =
+proc asn1EncodeContextTag*(
+    dest: var openArray[byte], value: openArray[byte], tag: int
+): int =
   ## Encode ASN.1 DER `CONTEXT SPECIFIC TAG` ``tag`` for value ``value`` and
   ## return number of bytes (octets) used.
   ##
@@ -443,26 +364,29 @@ proc asn1EncodeContextTag*(dest: var openArray[byte], value: openArray[byte],
     copyMem(addr dest[1 + lenlen], unsafeAddr value[0], len(value))
   res
 
-proc getLength(ab: var Asn1Buffer): Asn1Result[uint64] =
+proc getLength(ab: var Asn1Buffer): Asn1Result[int] =
   ## Decode length part of ASN.1 TLV triplet.
   if not ab.isEmpty():
     let b = ab.buffer[ab.offset]
     if (b and 0x80'u8) == 0x00'u8:
-      let length = cast[uint64](b)
+      let length = safeConvert[int](b)
       ab.offset += 1
       return ok(length)
     if b == 0x80'u8:
       return err(Asn1Error.Indefinite)
     if b == 0xFF'u8:
       return err(Asn1Error.Incorrect)
-    let octets = cast[uint64](b and 0x7F'u8)
-    if octets > 8'u64:
+    let octets = safeConvert[int](b and 0x7F'u8)
+    if octets > 8:
       return err(Asn1Error.Overflow)
-    if ab.isEnough(int(octets)):
-      var length: uint64 = 0
-      for i in 0..<int(octets):
-        length = (length shl 8) or cast[uint64](ab.buffer[ab.offset + i + 1])
-      ab.offset = ab.offset + int(octets) + 1
+    if ab.isEnough(octets):
+      var lengthU: uint64 = 0
+      for i in 0 ..< octets:
+        lengthU = (lengthU shl 8) or safeConvert[uint64](ab.buffer[ab.offset + i + 1])
+      if lengthU > uint64(int64.high):
+        return err(Asn1Error.Overflow)
+      let length = int(lengthU)
+      ab.offset = ab.offset + octets + 1
       return ok(length)
     else:
       return err(Asn1Error.Incomplete)
@@ -474,8 +398,8 @@ proc getTag(ab: var Asn1Buffer, tag: var int): Asn1Result[Asn1Class] =
   if not ab.isEmpty():
     let
       b = ab.buffer[ab.offset]
-      c = int((b and 0xC0'u8) shr 6)
-    tag = int(b and 0x3F)
+      c = safeConvert[int]((b and 0xC0'u8) shr 6)
+    tag = safeConvert[int](b and 0x3F)
     ab.offset += 1
     if c >= 0 and c < 4:
       ok(cast[Asn1Class](c))
@@ -489,14 +413,14 @@ proc read*(ab: var Asn1Buffer): Asn1Result[Asn1Field] =
   var
     field: Asn1Field
     tag, ttag, offset: int
-    length, tlength: uint64
+    length, tlength: int
     aclass: Asn1Class
     inclass: bool
 
   inclass = false
   while true:
     offset = ab.offset
-    aclass = ? ab.getTag(tag)
+    aclass = ?ab.getTag(tag)
 
     case aclass
     of Asn1Class.ContextSpecific:
@@ -505,9 +429,9 @@ proc read*(ab: var Asn1Buffer): Asn1Result[Asn1Field] =
       else:
         inclass = true
         ttag = tag
-        tlength = ? ab.getLength()
+        tlength = ?ab.getLength()
     of Asn1Class.Universal:
-      length = ? ab.getLength()
+      length = ?ab.getLength()
 
       if inclass:
         if length >= tlength:
@@ -519,31 +443,35 @@ proc read*(ab: var Asn1Buffer): Asn1Result[Asn1Field] =
         if length != 1:
           return err(Asn1Error.Incorrect)
 
-        if not ab.isEnough(int(length)):
+        if not ab.isEnough(length):
           return err(Asn1Error.Incomplete)
 
         let b = ab.buffer[ab.offset]
         if b != 0xFF'u8 and b != 0x00'u8:
-           return err(Asn1Error.Incorrect)
+          return err(Asn1Error.Incorrect)
 
-        field = Asn1Field(kind: Asn1Tag.Boolean, klass: aclass,
-                          index: ttag, offset: int(ab.offset),
-                          length: 1, buffer: ab.buffer)
+        field = Asn1Field(
+          kind: Asn1Tag.Boolean,
+          klass: aclass,
+          index: ttag,
+          offset: ab.offset,
+          length: 1,
+          buffer: ab.buffer,
+        )
         field.vbool = (b == 0xFF'u8)
         ab.offset += 1
         return ok(field)
-
       of Asn1Tag.Integer.code():
         # INTEGER
         if length == 0:
           return err(Asn1Error.Incorrect)
 
-        if not ab.isEnough(int(length)):
-         return err(Asn1Error.Incomplete)
+        if not ab.isEnough(length):
+          return err(Asn1Error.Incomplete)
 
         # Count number of leading zeroes
         var zc = 0
-        while (zc < int(length)) and (ab.buffer[ab.offset + zc] == 0x00'u8):
+        while (zc < length) and (ab.buffer[ab.offset + zc] == 0x00'u8):
           inc(zc)
 
         if zc > 1:
@@ -551,68 +479,87 @@ proc read*(ab: var Asn1Buffer): Asn1Result[Asn1Field] =
 
         if zc == 0:
           # Negative or Positive integer
-          field = Asn1Field(kind: Asn1Tag.Integer, klass: aclass,
-                            index: ttag, offset: int(ab.offset),
-                            length: int(length), buffer: ab.buffer)
+          field = Asn1Field(
+            kind: Asn1Tag.Integer,
+            klass: aclass,
+            index: ttag,
+            offset: ab.offset,
+            length: length,
+            buffer: ab.buffer,
+          )
           if (ab.buffer[ab.offset] and 0x80'u8) == 0x80'u8:
             # Negative integer
             if length <= 8:
               # We need this transformation because our field.vint is uint64.
               for i in 0 ..< 8:
-                if i < 8 - int(length):
+                if i < 8 - length:
                   field.vint = (field.vint shl 8) or 0xFF'u64
                 else:
-                  let offset = ab.offset + i - (8 - int(length))
-                  field.vint = (field.vint shl 8) or uint64(ab.buffer[offset])
+                  let offset = ab.offset + i - (8 - length)
+                  field.vint =
+                    (field.vint shl 8) or safeConvert[uint64](ab.buffer[offset])
           else:
             # Positive integer
             if length <= 8:
-              for i in 0 ..< int(length):
-                field.vint = (field.vint shl 8) or
-                              uint64(ab.buffer[ab.offset + i])
-          ab.offset += int(length)
+              for i in 0 ..< length:
+                field.vint =
+                  (field.vint shl 8) or safeConvert[uint64](ab.buffer[ab.offset + i])
+          ab.offset += length
           return ok(field)
         else:
           if length == 1:
             # Zero value integer
-            field = Asn1Field(kind: Asn1Tag.Integer, klass: aclass,
-                              index: ttag, offset: int(ab.offset),
-                              length: int(length), vint: 0'u64,
-                              buffer: ab.buffer)
-            ab.offset += int(length)
+            field = Asn1Field(
+              kind: Asn1Tag.Integer,
+              klass: aclass,
+              index: ttag,
+              offset: ab.offset,
+              length: length,
+              vint: 0'u64,
+              buffer: ab.buffer,
+            )
+            ab.offset += length
             return ok(field)
           else:
             # Positive integer with leading zero
-            field = Asn1Field(kind: Asn1Tag.Integer, klass: aclass,
-                              index: ttag, offset: int(ab.offset) + 1,
-                              length: int(length) - 1, buffer: ab.buffer)
+            field = Asn1Field(
+              kind: Asn1Tag.Integer,
+              klass: aclass,
+              index: ttag,
+              offset: ab.offset + 1,
+              length: length - 1,
+              buffer: ab.buffer,
+            )
             if length <= 9:
-              for i in 1 ..< int(length):
-                field.vint = (field.vint shl 8) or
-                              uint64(ab.buffer[ab.offset + i])
-            ab.offset += int(length)
+              for i in 1 ..< length:
+                field.vint =
+                  (field.vint shl 8) or safeConvert[uint64](ab.buffer[ab.offset + i])
+            ab.offset += length
             return ok(field)
-
       of Asn1Tag.BitString.code():
         # BIT STRING
         if length == 0:
           # BIT STRING should include `unused` bits field, so length should be
           # bigger then 1.
           return err(Asn1Error.Incorrect)
-
         elif length == 1:
           if ab.buffer[ab.offset] != 0x00'u8:
             return err(Asn1Error.Incorrect)
           else:
             # Zero-length BIT STRING.
-            field = Asn1Field(kind: Asn1Tag.BitString, klass: aclass,
-                              index: ttag, offset: int(ab.offset + 1),
-                              length: 0, ubits: 0, buffer: ab.buffer)
-            ab.offset += int(length)
+            field = Asn1Field(
+              kind: Asn1Tag.BitString,
+              klass: aclass,
+              index: ttag,
+              offset: ab.offset + 1,
+              length: 0,
+              ubits: 0,
+              buffer: ab.buffer,
+            )
+            ab.offset += length
             return ok(field)
-
         else:
-          if not ab.isEnough(int(length)):
+          if not ab.isEnough(length):
             return err(Asn1Error.Incomplete)
 
           let unused = ab.buffer[ab.offset]
@@ -620,66 +567,84 @@ proc read*(ab: var Asn1Buffer): Asn1Result[Asn1Field] =
             # Number of unused bits should not be bigger then `7`.
             return err(Asn1Error.Incorrect)
 
-          let mask = (1'u8 shl int(unused)) - 1'u8
-          if (ab.buffer[ab.offset + int(length) - 1] and mask) != 0x00'u8:
+          let mask = (1'u8 shl safeConvert[int](unused)) - 1'u8
+          if (ab.buffer[ab.offset + length - 1] and mask) != 0x00'u8:
             ## All unused bits should be set to `0`.
             return err(Asn1Error.Incorrect)
 
-          field = Asn1Field(kind: Asn1Tag.BitString, klass: aclass,
-                            index: ttag, offset: int(ab.offset + 1),
-                            length: int(length - 1), ubits: int(unused),
-                            buffer: ab.buffer)
-          ab.offset += int(length)
+          field = Asn1Field(
+            kind: Asn1Tag.BitString,
+            klass: aclass,
+            index: ttag,
+            offset: ab.offset + 1,
+            length: length - 1,
+            ubits: safeConvert[int](unused),
+            buffer: ab.buffer,
+          )
+          ab.offset += length
           return ok(field)
-
       of Asn1Tag.OctetString.code():
         # OCTET STRING
-        if not ab.isEnough(int(length)):
+        if not ab.isEnough(length):
           return err(Asn1Error.Incomplete)
 
-        field = Asn1Field(kind: Asn1Tag.OctetString, klass: aclass,
-                          index: ttag, offset: int(ab.offset),
-                          length: int(length), buffer: ab.buffer)
-        ab.offset += int(length)
+        field = Asn1Field(
+          kind: Asn1Tag.OctetString,
+          klass: aclass,
+          index: ttag,
+          offset: ab.offset,
+          length: length,
+          buffer: ab.buffer,
+        )
+        ab.offset += length
         return ok(field)
-
       of Asn1Tag.Null.code():
         # NULL
         if length != 0:
           return err(Asn1Error.Incorrect)
 
-        field = Asn1Field(kind: Asn1Tag.Null, klass: aclass, index: ttag,
-                          offset: int(ab.offset), length: 0, buffer: ab.buffer)
-        ab.offset += int(length)
+        field = Asn1Field(
+          kind: Asn1Tag.Null,
+          klass: aclass,
+          index: ttag,
+          offset: ab.offset,
+          length: 0,
+          buffer: ab.buffer,
+        )
+        ab.offset += length
         return ok(field)
-
       of Asn1Tag.Oid.code():
         # OID
-        if not ab.isEnough(int(length)):
+        if not ab.isEnough(length):
           return err(Asn1Error.Incomplete)
 
-        field = Asn1Field(kind: Asn1Tag.Oid, klass: aclass,
-                          index: ttag, offset: int(ab.offset),
-                          length: int(length), buffer: ab.buffer)
-        ab.offset += int(length)
+        field = Asn1Field(
+          kind: Asn1Tag.Oid,
+          klass: aclass,
+          index: ttag,
+          offset: ab.offset,
+          length: length,
+          buffer: ab.buffer,
+        )
+        ab.offset += length
         return ok(field)
-
       of Asn1Tag.Sequence.code():
         # SEQUENCE
-        if not ab.isEnough(int(length)):
+        if not ab.isEnough(length):
           return err(Asn1Error.Incomplete)
 
-        field = Asn1Field(kind: Asn1Tag.Sequence, klass: aclass,
-                          index: ttag, offset: int(ab.offset),
-                          length: int(length), buffer: ab.buffer)
-        ab.offset += int(length)
+        field = Asn1Field(
+          kind: Asn1Tag.Sequence,
+          klass: aclass,
+          index: ttag,
+          offset: ab.offset,
+          length: length,
+          buffer: ab.buffer,
+        )
+        ab.offset += length
         return ok(field)
-
       else:
         return err(Asn1Error.NoSupport)
-
-      inclass = false
-      ttag = 0
     else:
       return err(Asn1Error.NoSupport)
 
@@ -697,9 +662,9 @@ proc `==`*(field: Asn1Field, data: openArray[byte]): bool =
     if length > 0:
       if field.length == len(data):
         CT.isEqual(
-          field.buffer.toOpenArray(field.offset,
-                                   field.offset + field.length - 1),
-          data.toOpenArray(0, field.length - 1))
+          field.buffer.toOpenArray(field.offset, field.offset + field.length - 1),
+          data.toOpenArray(0, field.length - 1),
+        )
       else:
         false
     else:
@@ -715,15 +680,15 @@ proc init*(t: typedesc[Asn1Buffer], data: string): Asn1Buffer =
 
 proc init*(t: typedesc[Asn1Buffer]): Asn1Buffer =
   ## Initialize empty ``Asn1Buffer``.
-  Asn1Buffer(buffer: newSeq[byte]())
+  Asn1Buffer(buffer: newSeqUninit[byte](0))
 
 proc init*(t: typedesc[Asn1Composite], tag: Asn1Tag): Asn1Composite =
   ## Initialize ``Asn1Composite`` with tag ``tag``.
-  Asn1Composite(tag: tag, buffer: newSeq[byte]())
+  Asn1Composite(tag: tag, buffer: newSeqUninit[byte](0))
 
 proc init*(t: typedesc[Asn1Composite], idx: int): Asn1Composite =
   ## Initialize ``Asn1Composite`` with tag context-specific id ``id``.
-  Asn1Composite(tag: Asn1Tag.Context, idx: idx, buffer: newSeq[byte]())
+  Asn1Composite(tag: Asn1Tag.Context, idx: idx, buffer: newSeqUninit[byte](0))
 
 proc `$`*(buffer: Asn1Buffer): string =
   ## Return string representation of ``buffer``.
@@ -777,13 +742,14 @@ proc `$`*(field: Asn1Field): string =
     res.add(ncrutils.toHex(field.toOpenArray()))
     res
 
-proc write*[T: Asn1Buffer|Asn1Composite](abc: var T, tag: Asn1Tag) =
+proc write*[T: Asn1Buffer | Asn1Composite](abc: var T, tag: Asn1Tag) =
   ## Write empty value to buffer or composite with ``tag``.
   ##
   ## This procedure must be used to write `NULL`, `0` or empty `BIT STRING`,
   ## `OCTET STRING` types.
-  doAssert(tag in {Asn1Tag.Null, Asn1Tag.Integer, Asn1Tag.BitString,
-                   Asn1Tag.OctetString})
+  doAssert(
+    tag in {Asn1Tag.Null, Asn1Tag.Integer, Asn1Tag.BitString, Asn1Tag.OctetString}
+  )
   var length: int
   if tag == Asn1Tag.Null:
     length = asn1EncodeNull(abc.toOpenArray())
@@ -805,22 +771,23 @@ proc write*[T: Asn1Buffer|Asn1Composite](abc: var T, tag: Asn1Tag) =
     discard asn1EncodeOctetString(abc.toOpenArray(), tmp.toOpenArray(0, -1))
   abc.offset += length
 
-proc write*[T: Asn1Buffer|Asn1Composite](abc: var T, value: uint64) =
+proc write*[T: Asn1Buffer | Asn1Composite](abc: var T, value: uint64) =
   ## Write uint64 ``value`` to buffer or composite as ASN.1 `INTEGER`.
   let length = asn1EncodeInteger(abc.toOpenArray(), value)
   abc.extend(length)
   discard asn1EncodeInteger(abc.toOpenArray(), value)
   abc.offset += length
 
-proc write*[T: Asn1Buffer|Asn1Composite](abc: var T, value: bool) =
+proc write*[T: Asn1Buffer | Asn1Composite](abc: var T, value: bool) =
   ## Write bool ``value`` to buffer or composite as ASN.1 `BOOLEAN`.
   let length = asn1EncodeBoolean(abc.toOpenArray(), value)
   abc.extend(length)
   discard asn1EncodeBoolean(abc.toOpenArray(), value)
   abc.offset += length
 
-proc write*[T: Asn1Buffer|Asn1Composite](abc: var T, tag: Asn1Tag,
-                                         value: openArray[byte], bits = 0) =
+proc write*[T: Asn1Buffer | Asn1Composite](
+    abc: var T, tag: Asn1Tag, value: openArray[byte], bits = 0
+) =
   ## Write array ``value`` using ``tag``.
   ##
   ## This procedure is used to write ASN.1 `INTEGER`, `OCTET STRING`,
@@ -828,8 +795,9 @@ proc write*[T: Asn1Buffer|Asn1Composite](abc: var T, tag: Asn1Tag,
   ##
   ## For `BIT STRING` you can use ``bits`` argument to specify number of used
   ## bits.
-  doAssert(tag in {Asn1Tag.Integer, Asn1Tag.OctetString, Asn1Tag.BitString,
-                 Asn1Tag.Oid})
+  doAssert(
+    tag in {Asn1Tag.Integer, Asn1Tag.OctetString, Asn1Tag.BitString, Asn1Tag.Oid}
+  )
   var length: int
   if tag == Asn1Tag.Integer:
     length = asn1EncodeInteger(abc.toOpenArray(), value)
@@ -849,7 +817,7 @@ proc write*[T: Asn1Buffer|Asn1Composite](abc: var T, tag: Asn1Tag,
     discard asn1EncodeOid(abc.toOpenArray(), value)
   abc.offset += length
 
-proc write*[T: Asn1Buffer|Asn1Composite](abc: var T, value: Asn1Composite) =
+proc write*[T: Asn1Buffer | Asn1Composite](abc: var T, value: Asn1Composite) =
   doAssert(len(value) > 0, "Composite value not finished")
   var length: int
   if value.tag == Asn1Tag.Sequence:
@@ -866,6 +834,6 @@ proc write*[T: Asn1Buffer|Asn1Composite](abc: var T, value: Asn1Composite) =
     discard asn1EncodeContextTag(abc.toOpenArray(), value.buffer, value.idx)
   abc.offset += length
 
-proc finish*[T: Asn1Buffer|Asn1Composite](abc: var T) {.inline.} =
+proc finish*[T: Asn1Buffer | Asn1Composite](abc: var T) {.inline.} =
   ## Finishes buffer or composite and prepares it for writing.
   abc.offset = 0

libp2p/crypto/rsa.nim

@@ -1,5 +1,5 @@
 # Nim-Libp2p
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -13,16 +13,15 @@
 ## BearSSL library <https://bearssl.org/>
 ## Copyright(C) 2018 Thomas Pornin <pornin@bolet.org>.
 
-when (NimMajor, NimMinor) < (1, 4):
-  {.push raises: [Defect].}
-else:
-  {.push raises: [].}
+{.push raises: [].}
 
 import bearssl/[rsa, rand, hash]
 import minasn1
-import stew/[results, ctops]
+import results
+import stew/ctops
 # We use `ncrutils` for constant-time hexadecimal encoding/decoding procedures.
 import nimcrypto/utils as ncrutils
+import ../utils/sequninit
 
 export Asn1Error, results
 
@@ -33,32 +32,17 @@ const
   MinKeySize* = 2048
     ## Minimal allowed RSA key size in bits.
     ## https://github.com/libp2p/go-libp2p-core/blob/master/crypto/rsa_common.go#L13
-  DefaultKeySize* = 3072
-    ## Default RSA key size in bits.
+  DefaultKeySize* = 3072 ## Default RSA key size in bits.
 
-  RsaOidSha1* = [
-    byte 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
-  ]
+  RsaOidSha1* = [byte 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A]
     ## RSA PKCS#1.5 SHA-1 hash object identifier.
-  RsaOidSha224* = [
-    byte 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
-    0x02, 0x04
-  ]
+  RsaOidSha224* = [byte 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04]
     ## RSA PKCS#1.5 SHA-224 hash object identifier.
-  RsaOidSha256* = [
-    byte 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
-    0x02, 0x01
-  ]
+  RsaOidSha256* = [byte 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01]
     ## RSA PKCS#1.5 SHA-256 hash object identifier.
-  RsaOidSha384* = [
-    byte 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
-    0x02, 0x02
-  ]
+  RsaOidSha384* = [byte 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02]
     ## RSA PKCS#1.5 SHA-384 hash object identifier.
-  RsaOidSha512* = [
-    byte 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
-    0x02, 0x03
-  ]
+  RsaOidSha512* = [byte 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03]
     ## RSA PKCS#1.5 SHA-512 hash object identifier.
 
 type
@@ -82,9 +66,9 @@ type
   RsaKP* = RsaPrivateKey | RsaKeyPair
 
   RsaError* = enum
-    RsaGenError,
-    RsaKeyIncorrectError,
-    RsaSignatureError,
+    RsaGenError
+    RsaKeyIncorrectError
+    RsaSignatureError
     RsaLowSecurityError
 
   RsaResult*[T] = Result[T, RsaError]
@@ -112,15 +96,18 @@ template getArray*(bs, os, ls: untyped): untyped =
 
 template trimZeroes(b: seq[byte], pt, ptlen: untyped) =
   var length = ptlen
-  for i in 0..<length:
+  for i in 0 ..< length:
     if pt[] != byte(0x00):
       break
     pt = cast[ptr byte](cast[uint](pt) + 1)
     ptlen -= 1
 
-proc random*[T: RsaKP](t: typedesc[T], rng: var HmacDrbgContext,
-                       bits = DefaultKeySize,
-                       pubexp = DefaultPublicExponent): RsaResult[T] =
+proc random*[T: RsaKP](
+    t: typedesc[T],
+    rng: var HmacDrbgContext,
+    bits = DefaultKeySize,
+    pubexp = DefaultPublicExponent,
+): RsaResult[T] =
   ## Generate new random RSA private key using BearSSL's HMAC-SHA256-DRBG
   ## algorithm.
   ##
@@ -138,14 +125,19 @@ proc random*[T: RsaKP](t: typedesc[T], rng: var HmacDrbgContext,
     length = eko + ((bits + 7) shr 3)
 
   let res = new T
-  res.buffer = newSeq[byte](length)
+  res.buffer = newSeqUninit[byte](length)
 
   var keygen = rsaKeygenGetDefault()
 
-  if keygen(addr rng.vtable,
-            addr res.seck, addr res.buffer[sko],
-            addr res.pubk, addr res.buffer[pko],
-            cuint(bits), pubexp) == 0:
+  if keygen(
+    addr rng.vtable,
+    addr res.seck,
+    addr res.buffer[sko],
+    addr res.pubk,
+    addr res.buffer[pko],
+    cuint(bits),
+    pubexp,
+  ) == 0:
     return err(RsaGenError)
 
   let
@@ -173,11 +165,12 @@ proc copy*[T: RsaPKI](key: T): T =
   doAssert(not isNil(key))
   when T is RsaPrivateKey:
     if len(key.buffer) > 0:
-      let length = key.seck.plen.uint + key.seck.qlen.uint + key.seck.dplen.uint +
-                   key.seck.dqlen.uint + key.seck.iqlen.uint + key.pubk.nlen.uint +
-                   key.pubk.elen.uint + key.pexplen.uint
+      let length =
+        key.seck.plen.uint + key.seck.qlen.uint + key.seck.dplen.uint +
+        key.seck.dqlen.uint + key.seck.iqlen.uint + key.pubk.nlen.uint +
+        key.pubk.elen.uint + key.pexplen.uint
       result = new RsaPrivateKey
-      result.buffer = newSeq[byte](length)
+      result.buffer = newSeqUninit[byte](length)
       let po: uint = 0
       let qo = po + key.seck.plen
       let dpo = qo + key.seck.qlen
@@ -215,7 +208,7 @@ proc copy*[T: RsaPKI](key: T): T =
     if len(key.buffer) > 0:
       let length = key.key.nlen + key.key.elen
       result = new RsaPublicKey
-      result.buffer = newSeq[byte](length)
+      result.buffer = newSeqUninit[byte](length)
       let no = 0
       let eo = no + key.key.nlen
       copyMem(addr result.buffer[no], key.key.n, key.key.nlen)
@@ -234,12 +227,11 @@ proc getPublicKey*(key: RsaPrivateKey): RsaPublicKey =
   doAssert(not isNil(key))
   let length = key.pubk.nlen + key.pubk.elen
   result = new RsaPublicKey
-  result.buffer = newSeq[byte](length)
+  result.buffer = newSeqUninit[byte](length)
   result.key.n = addr result.buffer[0]
   result.key.e = addr result.buffer[key.pubk.nlen]
   copyMem(addr result.buffer[0], cast[pointer](key.pubk.n), key.pubk.nlen)
-  copyMem(addr result.buffer[key.pubk.nlen], cast[pointer](key.pubk.e),
-          key.pubk.elen)
+  copyMem(addr result.buffer[key.pubk.nlen], cast[pointer](key.pubk.e), key.pubk.elen)
   result.key.nlen = key.pubk.nlen
   result.key.elen = key.pubk.elen
 
@@ -251,7 +243,7 @@ proc pubkey*(pair: RsaKeyPair): RsaPublicKey {.inline.} =
   ## Get RSA public key from pair ``pair``.
   result = cast[RsaPrivateKey](pair).getPublicKey()
 
-proc clear*[T: RsaPKI|RsaKeyPair](pki: var T) =
+proc clear*[T: RsaPKI | RsaKeyPair](pki: var T) =
   ## Wipe and clear EC private key, public key or scalar object.
   doAssert(not isNil(pki))
   when T is RsaPrivateKey:
@@ -295,21 +287,14 @@ proc toBytes*(key: RsaPrivateKey, data: var openArray[byte]): RsaResult[int] =
     var b = Asn1Buffer.init()
     var p = Asn1Composite.init(Asn1Tag.Sequence)
     p.write(0'u64)
-    p.write(Asn1Tag.Integer, getArray(key.buffer, key.pubk.n,
-                                      key.pubk.nlen))
-    p.write(Asn1Tag.Integer, getArray(key.buffer, key.pubk.e,
-                                      key.pubk.elen))
+    p.write(Asn1Tag.Integer, getArray(key.buffer, key.pubk.n, key.pubk.nlen))
+    p.write(Asn1Tag.Integer, getArray(key.buffer, key.pubk.e, key.pubk.elen))
     p.write(Asn1Tag.Integer, getArray(key.buffer, key.pexp, key.pexplen))
-    p.write(Asn1Tag.Integer, getArray(key.buffer, key.seck.p,
-                                      key.seck.plen))
-    p.write(Asn1Tag.Integer, getArray(key.buffer, key.seck.q,
-                                      key.seck.qlen))
-    p.write(Asn1Tag.Integer, getArray(key.buffer, key.seck.dp,
-                                      key.seck.dplen))
-    p.write(Asn1Tag.Integer, getArray(key.buffer, key.seck.dq,
-                                      key.seck.dqlen))
-    p.write(Asn1Tag.Integer, getArray(key.buffer, key.seck.iq,
-                                      key.seck.iqlen))
+    p.write(Asn1Tag.Integer, getArray(key.buffer, key.seck.p, key.seck.plen))
+    p.write(Asn1Tag.Integer, getArray(key.buffer, key.seck.q, key.seck.qlen))
+    p.write(Asn1Tag.Integer, getArray(key.buffer, key.seck.dp, key.seck.dplen))
+    p.write(Asn1Tag.Integer, getArray(key.buffer, key.seck.dq, key.seck.dqlen))
+    p.write(Asn1Tag.Integer, getArray(key.buffer, key.seck.iq, key.seck.iqlen))
     p.finish()
     b.write(p)
     b.finish()
@@ -373,8 +358,8 @@ proc getBytes*(key: RsaPrivateKey): RsaResult[seq[byte]] =
   ## return it.
   if isNil(key):
     return err(RsaKeyIncorrectError)
-  var res = newSeq[byte](4096)
-  let length = ? key.toBytes(res)
+  var res = newSeqUninit[byte](4096)
+  let length = ?key.toBytes(res)
   if length > 0:
     res.setLen(length)
     ok(res)
@@ -386,8 +371,8 @@ proc getBytes*(key: RsaPublicKey): RsaResult[seq[byte]] =
   ## return it.
   if isNil(key):
     return err(RsaKeyIncorrectError)
-  var res = newSeq[byte](4096)
-  let length = ? key.toBytes(res)
+  var res = newSeqUninit[byte](4096)
+  let length = ?key.toBytes(res)
   if length > 0:
     res.setLen(length)
     ok(res)
@@ -398,8 +383,8 @@ proc getBytes*(sig: RsaSignature): RsaResult[seq[byte]] =
   ## Serialize RSA signature ``sig`` to raw binary form and return it.
   if isNil(sig):
     return err(RsaSignatureError)
-  var res = newSeq[byte](4096)
-  let length = ? sig.toBytes(res)
+  var res = newSeqUninit[byte](4096)
+  let length = ?sig.toBytes(res)
   if length > 0:
     res.setLen(length)
     ok(res)
@@ -411,20 +396,19 @@ proc init*(key: var RsaPrivateKey, data: openArray[byte]): Result[void, Asn1Erro
   ## ``data``.
   ##
   ## Procedure returns ``Asn1Status``.
-  var
-    field, rawn, rawpube, rawprie, rawp, rawq, rawdp, rawdq, rawiq: Asn1Field
+  var field, rawn, rawpube, rawprie, rawp, rawq, rawdp, rawdq, rawiq: Asn1Field
 
   # Asn1Field is not trivial so avoid too much Result
 
   var ab = Asn1Buffer.init(data)
-  field = ? ab.read()
+  field = ?ab.read()
 
   if field.kind != Asn1Tag.Sequence:
     return err(Asn1Error.Incorrect)
 
   var ib = field.getBuffer()
 
-  field = ? ib.read()
+  field = ?ib.read()
 
   if field.kind != Asn1Tag.Integer:
     return err(Asn1Error.Incorrect)
@@ -432,48 +416,48 @@ proc init*(key: var RsaPrivateKey, data: openArray[byte]): Result[void, Asn1Erro
   if field.vint != 0'u64:
     return err(Asn1Error.Incorrect)
 
-  rawn = ? ib.read()
+  rawn = ?ib.read()
 
   if rawn.kind != Asn1Tag.Integer:
     return err(Asn1Error.Incorrect)
 
-  rawpube = ? ib.read()
+  rawpube = ?ib.read()
 
   if rawpube.kind != Asn1Tag.Integer:
     return err(Asn1Error.Incorrect)
 
-  rawprie = ? ib.read()
+  rawprie = ?ib.read()
 
   if rawprie.kind != Asn1Tag.Integer:
     return err(Asn1Error.Incorrect)
 
-  rawp = ? ib.read()
+  rawp = ?ib.read()
 
   if rawp.kind != Asn1Tag.Integer:
     return err(Asn1Error.Incorrect)
 
-  rawq = ? ib.read()
+  rawq = ?ib.read()
 
   if rawq.kind != Asn1Tag.Integer:
     return err(Asn1Error.Incorrect)
 
-  rawdp = ? ib.read()
+  rawdp = ?ib.read()
 
   if rawdp.kind != Asn1Tag.Integer:
     return err(Asn1Error.Incorrect)
 
-  rawdq = ? ib.read()
+  rawdq = ?ib.read()
 
   if rawdq.kind != Asn1Tag.Integer:
     return err(Asn1Error.Incorrect)
 
-  rawiq = ? ib.read()
+  rawiq = ?ib.read()
 
   if rawiq.kind != Asn1Tag.Integer:
     return err(Asn1Error.Incorrect)
 
   if len(rawn) >= (MinKeySize shr 3) and len(rawp) > 0 and len(rawq) > 0 and
-     len(rawdp) > 0 and len(rawdq) > 0 and len(rawiq) > 0:
+      len(rawdp) > 0 and len(rawdq) > 0 and len(rawiq) > 0:
     key = new RsaPrivateKey
     key.buffer = @data
     key.pubk.n = addr key.buffer[rawn.offset]
@@ -505,52 +489,52 @@ proc init*(key: var RsaPublicKey, data: openArray[byte]): Result[void, Asn1Error
   var field, rawn, rawe: Asn1Field
   var ab = Asn1Buffer.init(data)
 
-  field = ? ab.read()
+  field = ?ab.read()
 
   if field.kind != Asn1Tag.Sequence:
     return err(Asn1Error.Incorrect)
 
   var ib = field.getBuffer()
 
-  field = ? ib.read()
+  field = ?ib.read()
 
   if field.kind != Asn1Tag.Sequence:
     return err(Asn1Error.Incorrect)
 
   var ob = field.getBuffer()
 
-  field = ? ob.read()
+  field = ?ob.read()
 
   if field.kind != Asn1Tag.Oid:
     return err(Asn1Error.Incorrect)
   elif field != Asn1OidRsaEncryption:
     return err(Asn1Error.Incorrect)
 
-  field = ? ob.read()
+  field = ?ob.read()
 
   if field.kind != Asn1Tag.Null:
     return err(Asn1Error.Incorrect)
 
-  field = ? ib.read()
+  field = ?ib.read()
 
   if field.kind != Asn1Tag.BitString:
     return err(Asn1Error.Incorrect)
 
   var vb = field.getBuffer()
 
-  field = ? vb.read()
+  field = ?vb.read()
 
   if field.kind != Asn1Tag.Sequence:
     return err(Asn1Error.Incorrect)
 
   var sb = field.getBuffer()
 
-  rawn = ? sb.read()
+  rawn = ?sb.read()
 
   if rawn.kind != Asn1Tag.Integer:
     return err(Asn1Error.Incorrect)
 
-  rawe = ? sb.read()
+  rawe = ?sb.read()
 
   if rawe.kind != Asn1Tag.Integer:
     return err(Asn1Error.Incorrect)
@@ -578,16 +562,16 @@ proc init*(sig: var RsaSignature, data: openArray[byte]): Result[void, Asn1Error
   else:
     err(Asn1Error.Incorrect)
 
-proc init*[T: RsaPKI](sospk: var T,
-                      data: string): Result[void, Asn1Error] {.inline.} =
+proc init*[T: RsaPKI](sospk: var T, data: string): Result[void, Asn1Error] {.inline.} =
   ## Initialize EC `private key`, `public key` or `scalar` ``sospk`` from
   ## hexadecimal string representation ``data``.
   ##
   ## Procedure returns ``Result[void, Asn1Status]``.
   sospk.init(ncrutils.fromHex(data))
 
-proc init*(t: typedesc[RsaPrivateKey],
-           data: openArray[byte]): RsaResult[RsaPrivateKey] =
+proc init*(
+    t: typedesc[RsaPrivateKey], data: openArray[byte]
+): RsaResult[RsaPrivateKey] =
   ## Initialize RSA private key from ASN.1 DER binary representation ``data``
   ## and return constructed object.
   var res: RsaPrivateKey
@@ -596,8 +580,7 @@ proc init*(t: typedesc[RsaPrivateKey],
   else:
     ok(res)
 
-proc init*(t: typedesc[RsaPublicKey],
-           data: openArray[byte]): RsaResult[RsaPublicKey] =
+proc init*(t: typedesc[RsaPublicKey], data: openArray[byte]): RsaResult[RsaPublicKey] =
   ## Initialize RSA public key from ASN.1 DER binary representation ``data``
   ## and return constructed object.
   var res: RsaPublicKey
@@ -606,8 +589,7 @@ proc init*(t: typedesc[RsaPublicKey],
   else:
     ok(res)
 
-proc init*(t: typedesc[RsaSignature],
-           data: openArray[byte]): RsaResult[RsaSignature] =
+proc init*(t: typedesc[RsaSignature], data: openArray[byte]): RsaResult[RsaSignature] =
   ## Initialize RSA signature from raw binary representation ``data`` and
   ## return constructed object.
   var res: RsaSignature
@@ -634,14 +616,11 @@ proc `$`*(key: RsaPrivateKey): string =
     result.add("\nq   = ")
     result.add(ncrutils.toHex(getArray(key.buffer, key.seck.q, key.seck.qlen)))
     result.add("\ndp  = ")
-    result.add(ncrutils.toHex(getArray(key.buffer, key.seck.dp,
-                                       key.seck.dplen)))
+    result.add(ncrutils.toHex(getArray(key.buffer, key.seck.dp, key.seck.dplen)))
     result.add("\ndq  = ")
-    result.add(ncrutils.toHex(getArray(key.buffer, key.seck.dq,
-                                       key.seck.dqlen)))
+    result.add(ncrutils.toHex(getArray(key.buffer, key.seck.dq, key.seck.dqlen)))
     result.add("\niq  = ")
-    result.add(ncrutils.toHex(getArray(key.buffer, key.seck.iq,
-                                       key.seck.iqlen)))
+    result.add(ncrutils.toHex(getArray(key.buffer, key.seck.iq, key.seck.iqlen)))
     result.add("\npre = ")
     result.add(ncrutils.toHex(getArray(key.buffer, key.pexp, key.pexplen)))
     result.add("\nm   = ")
@@ -686,23 +665,38 @@ proc `==`*(a, b: RsaPrivateKey): bool =
     false
   else:
     if a.seck.nBitlen == b.seck.nBitlen:
-      if cast[int](a.seck.nBitlen) > 0:
-        let r1 = CT.isEqual(getArray(a.buffer, a.seck.p, a.seck.plen),
-                            getArray(b.buffer, b.seck.p, b.seck.plen))
-        let r2 = CT.isEqual(getArray(a.buffer, a.seck.q, a.seck.qlen),
-                            getArray(b.buffer, b.seck.q, b.seck.qlen))
-        let r3 = CT.isEqual(getArray(a.buffer, a.seck.dp, a.seck.dplen),
-                            getArray(b.buffer, b.seck.dp, b.seck.dplen))
-        let r4 = CT.isEqual(getArray(a.buffer, a.seck.dq, a.seck.dqlen),
-                            getArray(b.buffer, b.seck.dq, b.seck.dqlen))
-        let r5 = CT.isEqual(getArray(a.buffer, a.seck.iq, a.seck.iqlen),
-                            getArray(b.buffer, b.seck.iq, b.seck.iqlen))
-        let r6 = CT.isEqual(getArray(a.buffer, a.pexp, a.pexplen),
-                            getArray(b.buffer, b.pexp, b.pexplen))
-        let r7 = CT.isEqual(getArray(a.buffer, a.pubk.n, a.pubk.nlen),
-                            getArray(b.buffer, b.pubk.n, b.pubk.nlen))
-        let r8 = CT.isEqual(getArray(a.buffer, a.pubk.e, a.pubk.elen),
-                            getArray(b.buffer, b.pubk.e, b.pubk.elen))
+      if a.seck.nBitlen > 0'u:
+        let r1 = CT.isEqual(
+          getArray(a.buffer, a.seck.p, a.seck.plen),
+          getArray(b.buffer, b.seck.p, b.seck.plen),
+        )
+        let r2 = CT.isEqual(
+          getArray(a.buffer, a.seck.q, a.seck.qlen),
+          getArray(b.buffer, b.seck.q, b.seck.qlen),
+        )
+        let r3 = CT.isEqual(
+          getArray(a.buffer, a.seck.dp, a.seck.dplen),
+          getArray(b.buffer, b.seck.dp, b.seck.dplen),
+        )
+        let r4 = CT.isEqual(
+          getArray(a.buffer, a.seck.dq, a.seck.dqlen),
+          getArray(b.buffer, b.seck.dq, b.seck.dqlen),
+        )
+        let r5 = CT.isEqual(
+          getArray(a.buffer, a.seck.iq, a.seck.iqlen),
+          getArray(b.buffer, b.seck.iq, b.seck.iqlen),
+        )
+        let r6 = CT.isEqual(
+          getArray(a.buffer, a.pexp, a.pexplen), getArray(b.buffer, b.pexp, b.pexplen)
+        )
+        let r7 = CT.isEqual(
+          getArray(a.buffer, a.pubk.n, a.pubk.nlen),
+          getArray(b.buffer, b.pubk.n, b.pubk.nlen),
+        )
+        let r8 = CT.isEqual(
+          getArray(a.buffer, a.pubk.e, a.pubk.elen),
+          getArray(b.buffer, b.pubk.e, b.pubk.elen),
+        )
         r1 and r2 and r3 and r4 and r5 and r6 and r7 and r8
       else:
         true
@@ -740,14 +734,17 @@ proc `==`*(a, b: RsaPublicKey): bool =
   elif isNil(b) and (not isNil(a)):
     false
   else:
-    let r1 = CT.isEqual(getArray(a.buffer, a.key.n, a.key.nlen),
-                        getArray(b.buffer, b.key.n, b.key.nlen))
-    let r2 = CT.isEqual(getArray(a.buffer, a.key.e, a.key.elen),
-                        getArray(b.buffer, b.key.e, b.key.elen))
+    let r1 = CT.isEqual(
+      getArray(a.buffer, a.key.n, a.key.nlen), getArray(b.buffer, b.key.n, b.key.nlen)
+    )
+    let r2 = CT.isEqual(
+      getArray(a.buffer, a.key.e, a.key.elen), getArray(b.buffer, b.key.e, b.key.elen)
+    )
     (r1 and r2)
 
-proc sign*[T: byte|char](key: RsaPrivateKey,
-                         message: openArray[T]): RsaResult[RsaSignature] {.gcsafe.} =
+proc sign*[T: byte | char](
+    key: RsaPrivateKey, message: openArray[T]
+): RsaResult[RsaSignature] {.gcsafe.} =
   ## Get RSA PKCS1.5 signature of data ``message`` using SHA256 and private
   ## key ``key``.
   if isNil(key):
@@ -757,7 +754,7 @@ proc sign*[T: byte|char](key: RsaPrivateKey,
   var hash: array[32, byte]
   let impl = rsaPkcs1SignGetDefault()
   var res = new RsaSignature
-  res.buffer = newSeq[byte]((key.seck.nBitlen + 7) shr 3)
+  res.buffer = newSeqUninit[byte]((key.seck.nBitlen + 7) shr 3)
   var kv = addr sha256Vtable
   kv.init(addr hc.vtable)
   if len(message) > 0:
@@ -766,16 +763,16 @@ proc sign*[T: byte|char](key: RsaPrivateKey,
     kv.update(addr hc.vtable, nil, 0)
   kv.out(addr hc.vtable, addr hash[0])
   var oid = RsaOidSha256
-  let implRes = impl(addr oid[0],
-                 addr hash[0], uint(len(hash)),
-                 addr key.seck, addr res.buffer[0])
+  let implRes =
+    impl(addr oid[0], addr hash[0], uint(len(hash)), addr key.seck, addr res.buffer[0])
   if implRes == 0:
     err(RsaSignatureError)
   else:
     ok(res)
 
-proc verify*[T: byte|char](sig: RsaSignature, message: openArray[T],
-                           pubkey: RsaPublicKey): bool {.inline.} =
+proc verify*[T: byte | char](
+    sig: RsaSignature, message: openArray[T], pubkey: RsaPublicKey
+): bool {.inline.} =
   ## Verify RSA signature ``sig`` using public key ``pubkey`` and data
   ## ``message``.
   ##
@@ -795,8 +792,13 @@ proc verify*[T: byte|char](sig: RsaSignature, message: openArray[T],
       kv.update(addr hc.vtable, nil, 0)
     kv.out(addr hc.vtable, addr hash[0])
     var oid = RsaOidSha256
-    let res = impl(addr sig.buffer[0], uint(len(sig.buffer)),
-                   addr oid[0],
-                   uint(len(check)), addr pubkey.key, addr check[0])
+    let res = impl(
+      addr sig.buffer[0],
+      uint(len(sig.buffer)),
+      addr oid[0],
+      uint(len(check)),
+      addr pubkey.key,
+      addr check[0],
+    )
     if res == 1:
       result = equalMem(addr check[0], addr hash[0], len(hash))

libp2p/crypto/secp.nim

@@ -1,5 +1,5 @@
 # Nim-Libp2p
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -7,26 +7,19 @@
 # This file may not be copied, modified, or distributed except according to
 # those terms.
 
-when (NimMajor, NimMinor) < (1, 4):
-  {.push raises: [Defect].}
-else:
-  {.push raises: [].}
+{.push raises: [].}
 
 import bearssl/rand
-import
-  secp256k1,
-  stew/[byteutils, results],
-  nimcrypto/[hash, sha2]
+import secp256k1, results, stew/byteutils, nimcrypto/[hash, sha2]
+import ../utils/sequninit
 
 export sha2, results, rand
 
 const
-  SkRawPrivateKeySize* = 256 div 8
-    ## Size of private key in octets (bytes)
+  SkRawPrivateKeySize* = 256 div 8 ## Size of private key in octets (bytes)
   SkRawSignatureSize* = SkRawPrivateKeySize * 2 + 1
     ## Size of signature in octets (bytes)
-  SkRawPublicKeySize* = SkRawPrivateKeySize + 1
-    ## Size of public key in octets (bytes)
+  SkRawPublicKeySize* = SkRawPrivateKeySize + 1 ## Size of public key in octets (bytes)
 
 # This is extremely confusing but it's to avoid.. confusion between Eth standard and Secp standard
 type
@@ -35,9 +28,6 @@ type
   SkSignature* = distinct secp256k1.SkSignature
   SkKeyPair* = distinct secp256k1.SkKeyPair
 
-template pubkey*(v: SkKeyPair): SkPublicKey = SkPublicKey(secp256k1.SkKeyPair(v).pubkey)
-template seckey*(v: SkKeyPair): SkPrivateKey = SkPrivateKey(secp256k1.SkKeyPair(v).seckey)
-
 proc random*(t: typedesc[SkPrivateKey], rng: var HmacDrbgContext): SkPrivateKey =
   #TODO is there a better way?
   var rngPtr = addr rng
@@ -62,31 +52,31 @@ template pubkey*(v: SkKeyPair): SkPublicKey =
 proc init*(key: var SkPrivateKey, data: openArray[byte]): SkResult[void] =
   ## Initialize Secp256k1 `private key` ``key`` from raw binary
   ## representation ``data``.
-  key = SkPrivateKey(? secp256k1.SkSecretKey.fromRaw(data))
+  key = SkPrivateKey(?secp256k1.SkSecretKey.fromRaw(data))
   ok()
 
 proc init*(key: var SkPrivateKey, data: string): SkResult[void] =
   ## Initialize Secp256k1 `private key` ``key`` from hexadecimal string
   ## representation ``data``.
-  key = SkPrivateKey(? secp256k1.SkSecretKey.fromHex(data))
+  key = SkPrivateKey(?secp256k1.SkSecretKey.fromHex(data))
   ok()
 
 proc init*(key: var SkPublicKey, data: openArray[byte]): SkResult[void] =
   ## Initialize Secp256k1 `public key` ``key`` from raw binary
   ## representation ``data``.
-  key = SkPublicKey(? secp256k1.SkPublicKey.fromRaw(data))
+  key = SkPublicKey(?secp256k1.SkPublicKey.fromRaw(data))
   ok()
 
 proc init*(key: var SkPublicKey, data: string): SkResult[void] =
   ## Initialize Secp256k1 `public key` ``key`` from hexadecimal string
   ## representation ``data``.
-  key = SkPublicKey(? secp256k1.SkPublicKey.fromHex(data))
+  key = SkPublicKey(?secp256k1.SkPublicKey.fromHex(data))
   ok()
 
 proc init*(sig: var SkSignature, data: openArray[byte]): SkResult[void] =
   ## Initialize Secp256k1 `signature` ``sig`` from raw binary
   ## representation ``data``.
-  sig = SkSignature(? secp256k1.SkSignature.fromDer(data))
+  sig = SkSignature(?secp256k1.SkSignature.fromDer(data))
   ok()
 
 proc init*(sig: var SkSignature, data: string): SkResult[void] =
@@ -96,8 +86,9 @@ proc init*(sig: var SkSignature, data: string): SkResult[void] =
   var buffer: seq[byte]
   try:
     buffer = hexToSeqByte(data)
-  except ValueError:
-    return err("secp: Hex to bytes failed")
+  except ValueError as e:
+    let errMsg = "secp: Hex to bytes failed: " & e.msg
+    return err(errMsg.cstring)
   init(sig, buffer)
 
 proc init*(t: typedesc[SkPrivateKey], data: openArray[byte]): SkResult[SkPrivateKey] =
@@ -157,7 +148,7 @@ proc toBytes*(key: SkPrivateKey, data: var openArray[byte]): SkResult[int] =
   ## Procedure returns number of bytes (octets) needed to store
   ## Secp256k1 private key.
   if len(data) >= SkRawPrivateKeySize:
-    data[0..<SkRawPrivateKeySize] = SkSecretKey(key).toRaw()
+    data[0 ..< SkRawPrivateKeySize] = SkSecretKey(key).toRaw()
     ok(SkRawPrivateKeySize)
   else:
     err("secp: Not enough bytes")
@@ -169,7 +160,7 @@ proc toBytes*(key: SkPublicKey, data: var openArray[byte]): SkResult[int] =
   ## Procedure returns number of bytes (octets) needed to store
   ## Secp256k1 public key.
   if len(data) >= SkRawPublicKeySize:
-    data[0..<SkRawPublicKeySize] = secp256k1.SkPublicKey(key).toRawCompressed()
+    data[0 ..< SkRawPublicKeySize] = secp256k1.SkPublicKey(key).toRawCompressed()
     ok(SkRawPublicKeySize)
   else:
     err("secp: Not enough bytes")
@@ -192,26 +183,32 @@ proc getBytes*(key: SkPublicKey): seq[byte] {.inline.} =
 
 proc getBytes*(sig: SkSignature): seq[byte] {.inline.} =
   ## Serialize Secp256k1 `signature` and return it.
-  result = newSeq[byte](72)
+  result = newSeqUninit[byte](72)
   let length = toBytes(sig, result)
   result.setLen(length)
 
-proc sign*[T: byte|char](key: SkPrivateKey, msg: openArray[T]): SkSignature =
+proc sign*[T: byte | char](key: SkPrivateKey, msg: openArray[T]): SkSignature =
   ## Sign message `msg` using private key `key` and return signature object.
   let h = sha256.digest(msg)
   SkSignature(sign(SkSecretKey(key), SkMessage(h.data)))
 
-proc verify*[T: byte|char](sig: SkSignature, msg: openArray[T],
-                           key: SkPublicKey): bool =
+proc verify*[T: byte | char](
+    sig: SkSignature, msg: openArray[T], key: SkPublicKey
+): bool =
   let h = sha256.digest(msg)
   verify(secp256k1.SkSignature(sig), SkMessage(h.data), secp256k1.SkPublicKey(key))
 
-func clear*(key: var SkPrivateKey) = clear(secp256k1.SkSecretKey(key))
+func clear*(key: var SkPrivateKey) =
+  clear(secp256k1.SkSecretKey(key))
 
-func `$`*(key: SkPrivateKey): string = $secp256k1.SkSecretKey(key)
-func `$`*(key: SkPublicKey): string = $secp256k1.SkPublicKey(key)
-func `$`*(key: SkSignature): string = $secp256k1.SkSignature(key)
-func `$`*(key: SkKeyPair): string = $secp256k1.SkKeyPair(key)
+func `$`*(key: SkPrivateKey): string =
+  $secp256k1.SkSecretKey(key)
+func `$`*(key: SkPublicKey): string =
+  $secp256k1.SkPublicKey(key)
+func `$`*(key: SkSignature): string =
+  $secp256k1.SkSignature(key)
+func `$`*(key: SkKeyPair): string =
+  $secp256k1.SkKeyPair(key)
 
 func `==`*(a, b: SkPrivateKey): bool =
   secp256k1.SkSecretKey(a) == secp256k1.SkSecretKey(b)

libp2p/daemon/transpool.nim

@@ -1,147 +0,0 @@
-# Nim-Libp2p
-# Copyright (c) 2022 Status Research & Development GmbH
-# Licensed under either of
-#  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
-#  * MIT license ([LICENSE-MIT](LICENSE-MIT))
-# at your option.
-# This file may not be copied, modified, or distributed except according to
-# those terms.
-
-when (NimMajor, NimMinor) < (1, 4):
-  {.push raises: [Defect].}
-else:
-  {.push raises: [].}
-
-## This module implements Pool of StreamTransport.
-import chronos
-
-const
-  DefaultPoolSize* = 8
-    ## Default pool size
-
-type
-  ConnectionFlags = enum
-    None, Busy
-
-  PoolItem = object
-    transp*: StreamTransport
-    flags*: set[ConnectionFlags]
-
-  PoolState = enum
-    Connecting, Connected, Closing, Closed
-
-  TransportPool* = ref object
-    ## Transports pool object
-    transports: seq[PoolItem]
-    busyCount: int
-    state: PoolState
-    bufferSize: int
-    event: AsyncEvent
-
-  TransportPoolError* = object of AsyncError
-
-proc waitAll[T](futs: seq[Future[T]]): Future[void] =
-  ## Performs waiting for all Future[T].
-  var counter = len(futs)
-  var retFuture = newFuture[void]("connpool.waitAllConnections")
-  proc cb(udata: pointer) =
-    dec(counter)
-    if counter == 0:
-      retFuture.complete()
-  for fut in futs:
-    fut.addCallback(cb)
-  return retFuture
-
-proc newPool*(address: TransportAddress, poolsize: int = DefaultPoolSize,
-              bufferSize = DefaultStreamBufferSize,
-             ): Future[TransportPool] {.async.} =
-  ## Establish pool of connections to address ``address`` with size
-  ## ``poolsize``.
-  var pool = new TransportPool
-  pool.bufferSize = bufferSize
-  pool.transports = newSeq[PoolItem](poolsize)
-  var conns = newSeq[Future[StreamTransport]](poolsize)
-  pool.state = Connecting
-  for i in 0..<poolsize:
-    conns[i] = connect(address, bufferSize)
-  # Waiting for all connections to be established.
-  await waitAll(conns)
-  # Checking connections and preparing pool.
-  for i in 0..<poolsize:
-    if conns[i].failed:
-      raise conns[i].error
-    else:
-      let transp = conns[i].read()
-      let item = PoolItem(transp: transp)
-      pool.transports[i] = item
-  # Setup available connections event
-  pool.event = newAsyncEvent()
-  pool.state = Connected
-  result = pool
-
-proc acquire*(pool: TransportPool): Future[StreamTransport] {.async.} =
-  ## Acquire non-busy connection from pool ``pool``.
-  var transp: StreamTransport
-  if pool.state in {Connected}:
-    while true:
-      if pool.busyCount < len(pool.transports):
-        for conn in pool.transports.mitems():
-          if Busy notin conn.flags:
-            conn.flags.incl(Busy)
-            inc(pool.busyCount)
-            transp = conn.transp
-            break
-      else:
-        await pool.event.wait()
-        pool.event.clear()
-
-      if not isNil(transp):
-        break
-  else:
-    raise newException(TransportPoolError, "Pool is not ready!")
-  result = transp
-
-proc release*(pool: TransportPool, transp: StreamTransport) =
-  ## Release connection ``transp`` back to pool ``pool``.
-  if pool.state in {Connected, Closing}:
-    var found = false
-    for conn in pool.transports.mitems():
-      if conn.transp == transp:
-        conn.flags.excl(Busy)
-        dec(pool.busyCount)
-        pool.event.fire()
-        found = true
-        break
-    if not found:
-      raise newException(TransportPoolError, "Transport not bound to pool!")
-  else:
-    raise newException(TransportPoolError, "Pool is not ready!")
-
-proc join*(pool: TransportPool) {.async.} =
-  ## Waiting for all connection to become available.
-  if pool.state in {Connected, Closing}:
-    while true:
-      if pool.busyCount == 0:
-        break
-      else:
-        await pool.event.wait()
-        pool.event.clear()
-  elif pool.state == Connecting:
-    raise newException(TransportPoolError, "Pool is not ready!")
-
-proc close*(pool: TransportPool) {.async.} =
-  ## Closes transports pool ``pool`` and release all resources.
-  if pool.state == Connected:
-    pool.state = Closing
-    # Waiting for all transports to become available.
-    await pool.join()
-    # Closing all transports
-    var pending = newSeq[Future[void]](len(pool.transports))
-    for i in 0..<len(pool.transports):
-      let transp = pool.transports[i].transp
-      transp.close()
-      pending[i] = transp.join()
-    # Waiting for all transports to be closed
-    await waitAll(pending)
-    # Mark pool as `Closed`.
-    pool.state = Closed

libp2p/debugutils.nim

@@ -1,5 +1,5 @@
 # Nim-LibP2P
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -25,34 +25,40 @@
 ##   5. LocalAddress: optional bytes
 ##   6. RemoteAddress: optional bytes
 ##   7. Message: required bytes
-import os, options
+import os
 import nimcrypto/utils, stew/endians2
-import protobuf/minprotobuf, stream/connection, protocols/secure/secure,
-       multiaddress, peerid, varint, muxers/mplex/coder
+import
+  protobuf/minprotobuf,
+  stream/connection,
+  protocols/secure/secure,
+  multiaddress,
+  peerid,
+  varint,
+  muxers/mplex/coder
 
-from times import getTime, toUnix, fromUnix, nanosecond, format, Time,
-                  NanosecondRange, initTime
+from times import
+  getTime, toUnix, fromUnix, nanosecond, format, Time, NanosecondRange, initTime
 from strutils import toHex, repeat
-export peerid, options, multiaddress
+export peerid, multiaddress
 
 type
   FlowDirection* = enum
-    Outgoing, Incoming
+    Outgoing
+    Incoming
 
   ProtoMessage* = object
     timestamp*: uint64
     direction*: FlowDirection
     message*: seq[byte]
-    seqID*: Option[uint64]
-    mtype*: Option[uint64]
-    local*: Option[MultiAddress]
-    remote*: Option[MultiAddress]
+    seqID*: Opt[uint64]
+    mtype*: Opt[uint64]
+    local*: Opt[MultiAddress]
+    remote*: Opt[MultiAddress]
 
-const
-  libp2p_dump_dir* {.strdefine.} = "nim-libp2p"
-    ## default directory where all the dumps will be stored, if the path
-    ## relative it will be created in home directory. You can overload this path
-    ## using ``-d:libp2p_dump_dir=<otherpath>``.
+const libp2p_dump_dir* {.strdefine.} = "nim-libp2p"
+  ## default directory where all the dumps will be stored, if the path
+  ## relative it will be created in home directory. You can overload this path
+  ## using ``-d:libp2p_dump_dir=<otherpath>``.
 
 proc getTimestamp(): uint64 =
   ## This procedure is present because `stdlib.times` missing it.
@@ -65,14 +71,14 @@ proc getTimedate(value: uint64): string =
   let time = initTime(int64(value div 1_000_000_000), value mod 1_000_000_000)
   time.format("yyyy-MM-dd HH:mm:ss'.'fffzzz")
 
-proc dumpMessage*(conn: SecureConn, direction: FlowDirection,
-                  data: openArray[byte]) =
+proc dumpMessage*(conn: SecureConn, direction: FlowDirection, data: openArray[byte]) =
   ## Store unencrypted message ``data`` to dump file, all the metadata will be
   ## extracted from ``conn`` instance.
   var pb = initProtoBuffer(options = {WithVarintLength})
   pb.write(2, getTimestamp())
   pb.write(4, uint64(direction))
-  pb.write(6, conn.observedAddr)
+  conn.observedAddr.withValue(oaddr):
+    pb.write(6, oaddr)
   pb.write(7, data)
   pb.finish()
 
@@ -86,7 +92,7 @@ proc dumpMessage*(conn: SecureConn, direction: FlowDirection,
 
   # This is debugging procedure so it should not generate any exceptions,
   # and we going to return at every possible OS error.
-  if not(dirExists(dirName)):
+  if not (dirExists(dirName)):
     try:
       createDir(dirName)
     except CatchableError:
@@ -100,7 +106,7 @@ proc dumpMessage*(conn: SecureConn, direction: FlowDirection,
   finally:
     close(handle)
 
-proc decodeDumpMessage*(data: openArray[byte]): Option[ProtoMessage] =
+proc decodeDumpMessage*(data: openArray[byte]): Opt[ProtoMessage] =
   ## Decode protobuf's message ProtoMessage from array of bytes ``data``.
   var
     pb = initProtoBuffer(data)
@@ -108,13 +114,12 @@ proc decodeDumpMessage*(data: openArray[byte]): Option[ProtoMessage] =
     ma1, ma2: MultiAddress
     pmsg: ProtoMessage
 
-  let res2 = pb.getField(2, pmsg.timestamp)
-  if res2.isErr() or not(res2.get()):
-    return none[ProtoMessage]()
-
-  let res4 = pb.getField(4, value)
-  if res4.isErr() or not(res4.get()):
-    return none[ProtoMessage]()
+  let
+    r2 = pb.getField(2, pmsg.timestamp)
+    r4 = pb.getField(4, value)
+    r7 = pb.getField(7, pmsg.message)
+  if not r2.get(false) or not r4.get(false) or not r7.get(false):
+    return Opt.none(ProtoMessage)
 
   # `case` statement could not work here with an error "selector must be of an
   # ordinal type, float or string"
@@ -124,30 +129,27 @@ proc decodeDumpMessage*(data: openArray[byte]): Option[ProtoMessage] =
     elif value == uint64(Incoming):
       Incoming
     else:
-      return none[ProtoMessage]()
+      return Opt.none(ProtoMessage)
 
-  let res7 = pb.getField(7, pmsg.message)
-  if res7.isErr() or not(res7.get()):
-    return none[ProtoMessage]()
+  let r1 = pb.getField(1, value)
+  if r1.get(false):
+    pmsg.seqID = Opt.some(value)
 
-  value = 0'u64
-  let res1 = pb.getField(1, value)
-  if res1.isOk() and res1.get():
-    pmsg.seqID = some(value)
-  value = 0'u64
-  let res3 = pb.getField(3, value)
-  if res3.isOk() and res3.get():
-    pmsg.mtype = some(value)
-  let res5 = pb.getField(5, ma1)
-  if res5.isOk() and res5.get():
-    pmsg.local = some(ma1)
-  let res6 = pb.getField(6, ma2)
-  if res6.isOk() and res6.get():
-    pmsg.remote = some(ma2)
+  let r3 = pb.getField(3, value)
+  if r3.get(false):
+    pmsg.mtype = Opt.some(value)
 
-  some(pmsg)
+  let
+    r5 = pb.getField(5, ma1)
+    r6 = pb.getField(6, ma2)
+  if r5.get(false):
+    pmsg.local = Opt.some(ma1)
+  if r6.get(false):
+    pmsg.remote = Opt.some(ma2)
 
-iterator messages*(data: seq[byte]): Option[ProtoMessage] =
+  Opt.some(pmsg)
+
+iterator messages*(data: seq[byte]): Opt[ProtoMessage] =
   ## Iterate over sequence of bytes and decode all the ``ProtoMessage``
   ## messages we found.
   var value: uint64
@@ -156,13 +158,11 @@ iterator messages*(data: seq[byte]): Option[ProtoMessage] =
   while offset < len(data):
     value = 0
     size = 0
-    let res = PB.getUVarint(data.toOpenArray(offset, len(data) - 1),
-                            size, value)
+    let res = PB.getUVarint(data.toOpenArray(offset, len(data) - 1), size, value)
     if res.isOk():
       if (value > 0'u64) and (value < uint64(len(data) - offset)):
         offset += size
-        yield decodeDumpMessage(data.toOpenArray(offset,
-                                                 offset + int(value) - 1))
+        yield decodeDumpMessage(data.toOpenArray(offset, offset + int(value) - 1))
         # value is previously checked to be less then len(data) which is `int`.
         offset += int(value)
       else:
@@ -182,10 +182,15 @@ proc dumpHex*(pbytes: openArray[byte], groupBy = 1, ascii = true): string =
 
     for k in 0 ..< groupBy:
       let ch = pbytes[offset + k]
-      ascii.add(if ord(ch) > 31 and ord(ch) < 127: char(ch) else: '.')
+      ascii.add(
+        if ord(ch) > 31 and ord(ch) < 127:
+          char(ch)
+        else:
+          '.'
+      )
 
     let item =
-      case groupBy:
+      case groupBy
       of 1:
         toHex(pbytes[offset])
       of 2:
@@ -207,8 +212,7 @@ proc dumpHex*(pbytes: openArray[byte], groupBy = 1, ascii = true): string =
       res.add("\p")
 
   if (offset mod 16) != 0:
-    let spacesCount = ((16 - (offset mod 16)) div groupBy) *
-                        (groupBy * 2 + 1) + 1
+    let spacesCount = ((16 - (offset mod 16)) div groupBy) * (groupBy * 2 + 1) + 1
     res = res & repeat(' ', spacesCount)
     res = res & ascii
 
@@ -236,31 +240,28 @@ proc toString*(msg: ProtoMessage, dump = true): string =
   var res = getTimedate(msg.timestamp)
   let direction =
     case msg.direction
-    of Incoming:
-      " << "
-    of Outgoing:
-      " >> "
-  let address =
-    block:
-      let local =
-        if msg.local.isSome():
-          "[" & $(msg.local.get()) & "]"
-        else:
-          "[LOCAL]"
-      let remote =
-        if msg.remote.isSome():
-          "[" & $(msg.remote.get()) & "]"
-        else:
-          "[REMOTE]"
-      local & direction & remote
-  let seqid =
-    if msg.seqID.isSome():
-      "seqID = " & $(msg.seqID.get()) & " "
+    of Incoming: " << "
+    of Outgoing: " >> "
+  let address = block:
+    let local = block:
+      msg.local.withValue(loc):
+        "[" & $loc & "]"
+      else:
+        "[LOCAL]"
+    let remote = block:
+      msg.remote.withValue(rem):
+        "[" & $rem & "]"
+      else:
+        "[REMOTE]"
+    local & direction & remote
+  let seqid = block:
+    msg.seqID.withValue(seqid):
+      "seqID = " & $seqid & " "
     else:
       ""
-  let mtype =
-    if msg.mtype.isSome():
-      "type = " & $(msg.mtype.get()) & " "
+  let mtype = block:
+    msg.mtype.withValue(typ):
+      "type = " & $typ & " "
     else:
       ""
   res.add(" ")

libp2p/dial.nim

@@ -1,5 +1,5 @@
 # Nim-LibP2P
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -7,70 +7,88 @@
 # This file may not be copied, modified, or distributed except according to
 # those terms.
 
-when (NimMajor, NimMinor) < (1, 4):
-  {.push raises: [Defect].}
-else:
-  {.push raises: [].}
+{.push raises: [].}
 
 import chronos
-import stew/results
-import peerid,
-       stream/connection,
-       transports/transport
+import results
+import peerid, stream/connection, transports/transport, muxers/muxer
 
 export results
 
 type
   Dial* = ref object of RootObj
+  DialFailedError* = object of LPError
 
 method connect*(
-  self: Dial,
-  peerId: PeerId,
-  addrs: seq[MultiAddress],
-  forceDial = false) {.async, base.} =
+    self: Dial,
+    peerId: PeerId,
+    addrs: seq[MultiAddress],
+    forceDial = false,
+    reuseConnection = true,
+    dir = Direction.Out,
+) {.base, async: (raises: [DialFailedError, CancelledError]).} =
   ## connect remote peer without negotiating
   ## a protocol
   ##
 
-  doAssert(false, "Not implemented!")
+  doAssert(false, "[Dial.connect] abstract method not implemented!")
 
 method connect*(
-  self: Dial,
-  addrs: seq[MultiAddress]): Future[PeerId] {.async, base.} =
+    self: Dial, address: MultiAddress, allowUnknownPeerId = false
+): Future[PeerId] {.base, async: (raises: [DialFailedError, CancelledError]).} =
   ## Connects to a peer and retrieve its PeerId
 
-  doAssert(false, "Not implemented!")
+  doAssert(false, "[Dial.connect] abstract method not implemented!")
 
 method dial*(
-  self: Dial,
-  peerId: PeerId,
-  protos: seq[string],
-  ): Future[Connection] {.async, base.} =
+    self: Dial, peerId: PeerId, protos: seq[string]
+): Future[Connection] {.base, async: (raises: [DialFailedError, CancelledError]).} =
   ## create a protocol stream over an
   ## existing connection
   ##
 
-  doAssert(false, "Not implemented!")
+  doAssert(false, "[Dial.dial] abstract method not implemented!")
+
+method dialAndUpgrade*(
+    self: Dial,
+    peerId: Opt[PeerId],
+    hostname: string,
+    addrs: MultiAddress,
+    dir = Direction.Out,
+): Future[Muxer] {.base, async: (raises: [CancelledError]).} =
+  doAssert(false, "[Dial.dialAndUpgrade] abstract method not implemented!")
+
+method dialAndUpgrade*(
+    self: Dial, peerId: Opt[PeerId], addrs: seq[MultiAddress], dir = Direction.Out
+): Future[Muxer] {.
+    base, async: (raises: [CancelledError, MaError, TransportAddressError, LPError])
+.} =
+  doAssert(false, "[Dial.dialAndUpgrade] abstract method not implemented!")
 
 method dial*(
-  self: Dial,
-  peerId: PeerId,
-  addrs: seq[MultiAddress],
-  protos: seq[string],
-  forceDial = false): Future[Connection] {.async, base.} =
+    self: Dial,
+    peerId: PeerId,
+    addrs: seq[MultiAddress],
+    protos: seq[string],
+    forceDial = false,
+): Future[Connection] {.base, async: (raises: [DialFailedError, CancelledError]).} =
   ## create a protocol stream and establish
   ## a connection if one doesn't exist already
   ##
 
-  doAssert(false, "Not implemented!")
+  doAssert(false, "[Dial.dial] abstract method not implemented!")
 
-method addTransport*(
-  self: Dial,
-  transport: Transport) {.base.} =
-  doAssert(false, "Not implemented!")
+method addTransport*(self: Dial, transport: Transport) {.base.} =
+  doAssert(false, "[Dial.addTransport] abstract method not implemented!")
+
+method negotiateStream*(
+    self: Dial, conn: Connection, protos: seq[string]
+): Future[Connection] {.base, async: (raises: [CatchableError]).} =
+  doAssert(false, "[Dial.negotiateStream] abstract method not implemented!")
 
 method tryDial*(
-  self: Dial,
-  peerId: PeerId,
-  addrs: seq[MultiAddress]): Future[Opt[MultiAddress]] {.async, base.} =
-  doAssert(false, "Not implemented!")
+    self: Dial, peerId: PeerId, addrs: seq[MultiAddress]
+): Future[Opt[MultiAddress]] {.
+    base, async: (raises: [DialFailedError, CancelledError])
+.} =
+  doAssert(false, "[Dial.tryDial] abstract method not implemented!")

libp2p/dialer.nim

@@ -1,5 +1,5 @@
 # Nim-LibP2P
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -7,24 +7,24 @@
 # This file may not be copied, modified, or distributed except according to
 # those terms.
 
-import std/[sugar, tables, sequtils]
+import std/tables
 
-import stew/results
-import pkg/[chronos,
-            chronicles,
-            metrics]
+import pkg/[chronos, chronicles, metrics, results]
 
-import dial,
-       peerid,
-       peerinfo,
-       multicodec,
-       multistream,
-       connmanager,
-       stream/connection,
-       transports/transport,
-       nameresolving/nameresolver,
-       upgrademngrs/upgrade,
-       errors
+import
+  dial,
+  peerid,
+  peerinfo,
+  peerstore,
+  multicodec,
+  muxers/muxer,
+  multistream,
+  connmanager,
+  stream/connection,
+  transports/transport,
+  nameresolving/nameresolver,
+  upgrademngrs/upgrade,
+  errors
 
 export dial, errors, results
 
@@ -34,213 +34,269 @@ logScope:
 declareCounter(libp2p_total_dial_attempts, "total attempted dials")
 declareCounter(libp2p_successful_dials, "dialed successful peers")
 declareCounter(libp2p_failed_dials, "failed dials")
-declareCounter(libp2p_failed_upgrades_outgoing, "outgoing connections failed upgrades")
 
-type
-  DialFailedError* = object of LPError
-
-  Dialer* = ref object of Dial
-    localPeerId*: PeerId
-    ms: MultistreamSelect
-    connManager: ConnManager
-    dialLock: Table[PeerId, AsyncLock]
-    transports: seq[Transport]
-    nameResolver: NameResolver
-
-proc dialAndUpgrade(
-  self: Dialer,
-  peerId: Opt[PeerId],
-  hostname: string,
-  address: MultiAddress):
-  Future[Connection] {.async.} =
+type Dialer* = ref object of Dial
+  localPeerId*: PeerId
+  connManager: ConnManager
+  dialLock: Table[PeerId, AsyncLock]
+  transports: seq[Transport]
+  peerStore: PeerStore
+  nameResolver: NameResolver
 
+method dialAndUpgrade*(
+    self: Dialer,
+    peerId: Opt[PeerId],
+    hostname: string,
+    addrs: MultiAddress,
+    dir = Direction.Out,
+): Future[Muxer] {.async: (raises: [CancelledError]).} =
   for transport in self.transports: # for each transport
-    if transport.handles(address):   # check if it can dial it
-      trace "Dialing address", address, peerId, hostname
+    if transport.handles(addrs): # check if it can dial it
+      trace "Dialing address", addrs, peerId = peerId.get(default(PeerId)), hostname
       let dialed =
         try:
           libp2p_total_dial_attempts.inc()
-          await transport.dial(hostname, address)
+          await transport.dial(hostname, addrs, peerId)
         except CancelledError as exc:
-          debug "Dialing canceled", msg = exc.msg, peerId
+          trace "Dialing canceled",
+            description = exc.msg, peerId = peerId.get(default(PeerId))
           raise exc
         except CatchableError as exc:
-          debug "Dialing failed", msg = exc.msg, peerId
+          debug "Dialing failed",
+            description = exc.msg, peerId = peerId.get(default(PeerId))
           libp2p_failed_dials.inc()
           return nil # Try the next address
 
-      # also keep track of the connection's bottom unsafe transport direction
-      # required by gossipsub scoring
-      dialed.transportDir = Direction.Out
-
       libp2p_successful_dials.inc()
 
-      let conn =
+      let mux =
         try:
-          await transport.upgradeOutgoing(dialed, peerId)
+          # This is for the very specific case of a simultaneous dial during DCUtR. In this case, both sides will have
+          # an Outbound direction at the transport level. Therefore we update the DCUtR initiator transport direction to Inbound.
+          # The if below is more general and might handle other use cases in the future.
+          if dialed.dir != dir:
+            dialed.dir = dir
+          await transport.upgrade(dialed, peerId)
+        except CancelledError as exc:
+          await dialed.close()
+          raise exc
         except CatchableError as exc:
           # If we failed to establish the connection through one transport,
           # we won't succeeded through another - no use in trying again
           await dialed.close()
-          debug "Upgrade failed", msg = exc.msg, peerId
-          if exc isnot CancelledError:
+          debug "Connection upgrade failed",
+            description = exc.msg, peerId = peerId.get(default(PeerId))
+          if dialed.dir == Direction.Out:
             libp2p_failed_upgrades_outgoing.inc()
+          else:
+            libp2p_failed_upgrades_incoming.inc()
 
           # Try other address
           return nil
 
-      doAssert not isNil(conn), "connection died after upgradeOutgoing"
-      debug "Dial successful", conn, peerId = conn.peerId
-      return conn
+      doAssert not isNil(mux), "connection died after upgrade " & $dialed.dir
+      debug "Dial successful", peerId = mux.connection.peerId
+      return mux
   return nil
 
 proc expandDnsAddr(
-  self: Dialer,
-  peerId: Opt[PeerId],
-  address: MultiAddress): Future[seq[(MultiAddress, Opt[PeerId])]] {.async.} =
-
-  if not DNSADDR.matchPartial(address): return @[(address, peerId)]
+    self: Dialer, peerId: Opt[PeerId], address: MultiAddress
+): Future[seq[(MultiAddress, Opt[PeerId])]] {.
+    async: (raises: [CancelledError, MaError, TransportAddressError, LPError])
+.} =
+  if not DNS.matchPartial(address):
+    return @[(address, peerId)]
   if isNil(self.nameResolver):
-    info "Can't resolve DNSADDR without NameResolver", ma=address
+    info "Can't resolve DNSADDR without NameResolver", ma = address
     return @[]
 
+  trace "Start trying to resolve addresses"
   let
     toResolve =
       if peerId.isSome:
-        address & MultiAddress.init(multiCodec("p2p"), peerId.tryGet()).tryGet()
+        try:
+          address & MultiAddress.init(multiCodec("p2p"), peerId.tryGet()).tryGet()
+        except ResultError[void]:
+          raiseAssert "checked with if"
       else:
         address
     resolved = await self.nameResolver.resolveDnsAddr(toResolve)
 
+  debug "resolved addresses",
+    originalAddresses = toResolve, resolvedAddresses = resolved
+
   for resolvedAddress in resolved:
     let lastPart = resolvedAddress[^1].tryGet()
     if lastPart.protoCode == Result[MultiCodec, string].ok(multiCodec("p2p")):
-      let
+      var peerIdBytes: seq[byte]
+      try:
         peerIdBytes = lastPart.protoArgument().tryGet()
-        addrPeerId = PeerId.init(peerIdBytes).tryGet()
-      result.add((resolvedAddress[0..^2].tryGet(), Opt.some(addrPeerId)))
+      except ResultError[string] as e:
+        raiseAssert "expandDnsAddr failed in expandDnsAddr protoArgument: " & e.msg
+
+      let addrPeerId = PeerId.init(peerIdBytes).tryGet()
+      result.add((resolvedAddress[0 ..^ 2].tryGet(), Opt.some(addrPeerId)))
     else:
       result.add((resolvedAddress, peerId))
 
-proc dialAndUpgrade(
-  self: Dialer,
-  peerId: Opt[PeerId],
-  addrs: seq[MultiAddress]):
-  Future[Connection] {.async.} =
-
-  debug "Dialing peer", peerId
+method dialAndUpgrade*(
+    self: Dialer, peerId: Opt[PeerId], addrs: seq[MultiAddress], dir = Direction.Out
+): Future[Muxer] {.
+    async: (raises: [CancelledError, MaError, TransportAddressError, LPError])
+.} =
+  debug "Dialing peer", peerId = peerId.get(default(PeerId)), addrs
 
   for rawAddress in addrs:
     # resolve potential dnsaddr
     let addresses = await self.expandDnsAddr(peerId, rawAddress)
-
     for (expandedAddress, addrPeerId) in addresses:
       # DNS resolution
       let
         hostname = expandedAddress.getHostname()
         resolvedAddresses =
-          if isNil(self.nameResolver): @[expandedAddress]
-          else: await self.nameResolver.resolveMAddress(expandedAddress)
+          if isNil(self.nameResolver):
+            @[expandedAddress]
+          else:
+            await self.nameResolver.resolveMAddress(expandedAddress)
+
+      debug "Expanded address and hostname",
+        expandedAddress = expandedAddress,
+        hostname = hostname,
+        resolvedAddresses = resolvedAddresses
 
       for resolvedAddress in resolvedAddresses:
-        result = await self.dialAndUpgrade(addrPeerId, hostname, resolvedAddress)
+        result = await self.dialAndUpgrade(addrPeerId, hostname, resolvedAddress, dir)
         if not isNil(result):
           return result
 
+proc tryReusingConnection(self: Dialer, peerId: PeerId): Opt[Muxer] =
+  let muxer = self.connManager.selectMuxer(peerId)
+  if muxer == nil:
+    return Opt.none(Muxer)
+
+  trace "Reusing existing connection", muxer, direction = $muxer.connection.dir
+  return Opt.some(muxer)
+
 proc internalConnect(
-  self: Dialer,
-  peerId: Opt[PeerId],
-  addrs: seq[MultiAddress],
-  forceDial: bool):
-  Future[Connection] {.async.} =
+    self: Dialer,
+    peerId: Opt[PeerId],
+    addrs: seq[MultiAddress],
+    forceDial: bool,
+    reuseConnection = true,
+    dir = Direction.Out,
+): Future[Muxer] {.async: (raises: [DialFailedError, CancelledError]).} =
   if Opt.some(self.localPeerId) == peerId:
-    raise newException(CatchableError, "can't dial self!")
+    raise newException(DialFailedError, "internalConnect can't dial self!")
 
   # Ensure there's only one in-flight attempt per peer
   let lock = self.dialLock.mgetOrPut(peerId.get(default(PeerId)), newAsyncLock())
-  try:
-    await lock.acquire()
-
-    # Check if we have a connection already and try to reuse it
-    var conn =
-      if peerId.isSome: self.connManager.selectConn(peerId.get())
-      else: nil
-    if conn != nil:
-      if conn.atEof or conn.closed:
-        # This connection should already have been removed from the connection
-        # manager - it's essentially a bug that we end up here - we'll fail
-        # for now, hoping that this will clean themselves up later...
-        warn "dead connection in connection manager", conn
-        await conn.close()
-        raise newException(DialFailedError, "Zombie connection encountered")
-
-      trace "Reusing existing connection", conn, direction = $conn.dir
-      return conn
-
-    let slot = await self.connManager.getOutgoingSlot(forceDial)
-    conn =
-      try:
-        await self.dialAndUpgrade(peerId, addrs)
-      except CatchableError as exc:
-        slot.release()
-        raise exc
-    slot.trackConnection(conn)
-    if isNil(conn): # None of the addresses connected
-      raise newException(DialFailedError, "Unable to establish outgoing link")
-
-    # A disconnect could have happened right after
-    # we've added the connection so we check again
-    # to prevent races due to that.
-    if conn.closed() or conn.atEof():
-      # This can happen when the other ends drops us
-      # before we get a chance to return the connection
-      # back to the dialer.
-      trace "Connection dead on arrival", conn
-      raise newLPStreamClosedError()
-
-    return conn
-  finally:
-    if lock.locked():
+  await lock.acquire()
+  defer:
+    try:
       lock.release()
+    except AsyncLockError as e:
+      raiseAssert "lock must have been acquired in line above: " & e.msg
+
+  if reuseConnection:
+    peerId.withValue(peerId):
+      self.tryReusingConnection(peerId).withValue(mux):
+        return mux
+
+  let slot =
+    try:
+      self.connManager.getOutgoingSlot(forceDial)
+    except TooManyConnectionsError as exc:
+      raise newException(
+        DialFailedError, "failed getOutgoingSlot in internalConnect: " & exc.msg, exc
+      )
+
+  let muxed =
+    try:
+      await self.dialAndUpgrade(peerId, addrs, dir)
+    except CancelledError as exc:
+      slot.release()
+      raise exc
+    except CatchableError as exc:
+      slot.release()
+      raise newException(
+        DialFailedError, "failed dialAndUpgrade in internalConnect: " & exc.msg, exc
+      )
+
+  slot.trackMuxer(muxed)
+  if isNil(muxed): # None of the addresses connected
+    raise newException(
+      DialFailedError, "Unable to establish outgoing link in internalConnect"
+    )
+
+  try:
+    self.connManager.storeMuxer(muxed)
+    await self.peerStore.identify(muxed)
+    await self.connManager.triggerPeerEvents(
+      muxed.connection.peerId,
+      PeerEvent(kind: PeerEventKind.Identified, initiator: true),
+    )
+    return muxed
+  except CancelledError as exc:
+    await muxed.close()
+    raise exc
+  except CatchableError as exc:
+    trace "Failed to finish outgoing upgrade", description = exc.msg
+    await muxed.close()
+    raise newException(
+      DialFailedError,
+      "Failed to finish outgoing upgrade in internalConnect: " & exc.msg,
+      exc,
+    )
 
 method connect*(
-  self: Dialer,
-  peerId: PeerId,
-  addrs: seq[MultiAddress],
-  forceDial = false) {.async.} =
+    self: Dialer,
+    peerId: PeerId,
+    addrs: seq[MultiAddress],
+    forceDial = false,
+    reuseConnection = true,
+    dir = Direction.Out,
+) {.async: (raises: [DialFailedError, CancelledError]).} =
   ## connect remote peer without negotiating
   ## a protocol
   ##
 
-  if self.connManager.connCount(peerId) > 0:
+  if self.connManager.connCount(peerId) > 0 and reuseConnection:
     return
 
-  discard await self.internalConnect(Opt.some(peerId), addrs, forceDial)
+  discard
+    await self.internalConnect(Opt.some(peerId), addrs, forceDial, reuseConnection, dir)
 
 method connect*(
-  self: Dialer,
-  addrs: seq[MultiAddress],
-  ): Future[PeerId] {.async.} =
+    self: Dialer, address: MultiAddress, allowUnknownPeerId = false
+): Future[PeerId] {.async: (raises: [DialFailedError, CancelledError]).} =
   ## Connects to a peer and retrieve its PeerId
 
-  return (await self.internalConnect(Opt.none(PeerId), addrs, false)).peerId
+  parseFullAddress(address).toOpt().withValue(fullAddress):
+    return (
+      await self.internalConnect(Opt.some(fullAddress[0]), @[fullAddress[1]], false)
+    ).connection.peerId
 
-proc negotiateStream(
-  self: Dialer,
-  conn: Connection,
-  protos: seq[string]): Future[Connection] {.async.} =
+  if allowUnknownPeerId == false:
+    raise newException(
+      DialFailedError, "Address without PeerID and unknown peer id disabled in connect"
+    )
+
+  return
+    (await self.internalConnect(Opt.none(PeerId), @[address], false)).connection.peerId
+
+method negotiateStream*(
+    self: Dialer, conn: Connection, protos: seq[string]
+): Future[Connection] {.async: (raises: [CatchableError]).} =
   trace "Negotiating stream", conn, protos
-  let selected = await self.ms.select(conn, protos)
+  let selected = await MultistreamSelect.select(conn, protos)
   if not protos.contains(selected):
     await conn.closeWithEOF()
-    raise newException(DialFailedError, "Unable to select sub-protocol " & $protos)
-
+    raise newException(DialFailedError, "Unable to select sub-protocol: " & $protos)
   return conn
 
 method tryDial*(
-  self: Dialer,
-  peerId: PeerId,
-  addrs: seq[MultiAddress]): Future[Opt[MultiAddress]] {.async.} =
+    self: Dialer, peerId: PeerId, addrs: seq[MultiAddress]
+): Future[Opt[MultiAddress]] {.async: (raises: [DialFailedError, CancelledError]).} =
   ## Create a protocol stream in order to check
   ## if a connection is possible.
   ## Doesn't use the Connection Manager to save it.
@@ -248,50 +304,60 @@ method tryDial*(
 
   trace "Check if it can dial", peerId, addrs
   try:
-    let conn = await self.dialAndUpgrade(Opt.some(peerId), addrs)
-    if conn.isNil():
-      raise newException(DialFailedError, "No valid multiaddress")
-    await conn.close()
-    return conn.observedAddr
+    let mux = await self.dialAndUpgrade(Opt.some(peerId), addrs)
+    if mux.isNil():
+      raise newException(DialFailedError, "No valid multiaddress in tryDial")
+    await mux.close()
+    return mux.connection.observedAddr
   except CancelledError as exc:
     raise exc
   except CatchableError as exc:
-    raise newException(DialFailedError, exc.msg)
+    raise newException(DialFailedError, "tryDial failed: " & exc.msg, exc)
 
 method dial*(
-  self: Dialer,
-  peerId: PeerId,
-  protos: seq[string]): Future[Connection] {.async.} =
+    self: Dialer, peerId: PeerId, protos: seq[string]
+): Future[Connection] {.async: (raises: [DialFailedError, CancelledError]).} =
   ## create a protocol stream over an
   ## existing connection
   ##
 
   trace "Dialing (existing)", peerId, protos
-  let stream = await self.connManager.getStream(peerId)
-  if stream.isNil:
-    raise newException(DialFailedError, "Couldn't get muxed stream")
 
-  return await self.negotiateStream(stream, protos)
+  try:
+    let stream = await self.connManager.getStream(peerId)
+    if stream.isNil:
+      raise newException(
+        DialFailedError,
+        "Couldn't get muxed stream in dial for peer_id: " & shortLog(peerId),
+      )
+    return await self.negotiateStream(stream, protos)
+  except CancelledError as exc:
+    trace "Dial canceled", description = exc.msg
+    raise exc
+  except CatchableError as exc:
+    trace "Error dialing", description = exc.msg
+    raise newException(DialFailedError, "failed dial existing: " & exc.msg)
 
 method dial*(
-  self: Dialer,
-  peerId: PeerId,
-  addrs: seq[MultiAddress],
-  protos: seq[string],
-  forceDial = false): Future[Connection] {.async.} =
+    self: Dialer,
+    peerId: PeerId,
+    addrs: seq[MultiAddress],
+    protos: seq[string],
+    forceDial = false,
+): Future[Connection] {.async: (raises: [DialFailedError, CancelledError]).} =
   ## create a protocol stream and establish
   ## a connection if one doesn't exist already
   ##
 
   var
-    conn: Connection
+    conn: Muxer
     stream: Connection
 
-  proc cleanup() {.async.} =
-    if not(isNil(stream)):
+  proc cleanup() {.async: (raises: []).} =
+    if not (isNil(stream)):
       await stream.closeWithEOF()
 
-    if not(isNil(conn)):
+    if not (isNil(conn)):
       await conn.close()
 
   try:
@@ -301,32 +367,36 @@ method dial*(
     stream = await self.connManager.getStream(conn)
 
     if isNil(stream):
-      raise newException(DialFailedError,
-        "Couldn't get muxed stream")
+      raise newException(
+        DialFailedError,
+        "Couldn't get muxed stream in new dial for remote_peer_id: " & shortLog(peerId),
+      )
 
     return await self.negotiateStream(stream, protos)
   except CancelledError as exc:
-    trace "Dial canceled", conn
+    trace "Dial canceled", conn, description = exc.msg
     await cleanup()
     raise exc
   except CatchableError as exc:
-    debug "Error dialing", conn, msg = exc.msg
+    debug "Error dialing", conn, description = exc.msg
     await cleanup()
-    raise exc
+    raise newException(DialFailedError, "failed new dial: " & exc.msg, exc)
 
 method addTransport*(self: Dialer, t: Transport) =
   self.transports &= t
 
 proc new*(
-  T: type Dialer,
-  localPeerId: PeerId,
-  connManager: ConnManager,
-  transports: seq[Transport],
-  ms: MultistreamSelect,
-  nameResolver: NameResolver = nil): Dialer =
-
-  T(localPeerId: localPeerId,
+    T: type Dialer,
+    localPeerId: PeerId,
+    connManager: ConnManager,
+    peerStore: PeerStore,
+    transports: seq[Transport],
+    nameResolver: NameResolver = nil,
+): Dialer =
+  T(
+    localPeerId: localPeerId,
     connManager: connManager,
     transports: transports,
-    ms: ms,
-    nameResolver: nameResolver)
+    peerStore: peerStore,
+    nameResolver: nameResolver,
+  )

libp2p/discovery/discoverymngr.nim

@@ -1,5 +1,5 @@
 # Nim-LibP2P
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -7,18 +7,15 @@
 # This file may not be copied, modified, or distributed except according to
 # those terms.
 
-when (NimMajor, NimMinor) < (1, 4):
-  {.push raises: [Defect].}
-else:
-  {.push raises: [].}
+{.push raises: [].}
 
 import std/sequtils
-import chronos, chronicles, stew/results
+import chronos, chronicles, results
 import ../errors
 
 type
   BaseAttr = ref object of RootObj
-    comparator: proc(f, c: BaseAttr): bool {.gcsafe, raises: [Defect].}
+    comparator: proc(f, c: BaseAttr): bool {.gcsafe, raises: [].}
 
   Attribute[T] = ref object of BaseAttr
     value: T
@@ -36,12 +33,12 @@ proc ofType*[T](f: BaseAttr, _: type[T]): bool =
 proc to*[T](f: BaseAttr, _: type[T]): T =
   Attribute[T](f).value
 
-proc add*[T](pa: var PeerAttributes,
-             value: T) =
-  pa.attributes.add(Attribute[T](
+proc add*[T](pa: var PeerAttributes, value: T) =
+  pa.attributes.add(
+    Attribute[T](
       value: value,
       comparator: proc(f: BaseAttr, c: BaseAttr): bool =
-        f.ofType(T) and c.ofType(T) and f.to(T) == c.to(T)
+        f.ofType(T) and c.ofType(T) and f.to(T) == c.to(T),
     )
   )
 
@@ -60,8 +57,9 @@ proc `{}`*[T](pa: PeerAttributes, t: typedesc[T]): Opt[T] =
       return Opt.some(f.to(T))
   Opt.none(T)
 
-proc `[]`*[T](pa: PeerAttributes, t: typedesc[T]): T {.raises: [Defect, KeyError].} =
-  pa{T}.valueOr: raise newException(KeyError, "Attritute not found")
+proc `[]`*[T](pa: PeerAttributes, t: typedesc[T]): T {.raises: [KeyError].} =
+  pa{T}.valueOr:
+    raise newException(KeyError, "Attribute not found")
 
 proc match*(pa, candidate: PeerAttributes): bool =
   for f in pa.attributes:
@@ -73,7 +71,7 @@ proc match*(pa, candidate: PeerAttributes): bool =
   return true
 
 type
-  PeerFoundCallback* = proc(pa: PeerAttributes) {.raises: [Defect], gcsafe.}
+  PeerFoundCallback* = proc(pa: PeerAttributes) {.raises: [], gcsafe.}
 
   DiscoveryInterface* = ref object of RootObj
     onPeerFound*: PeerFoundCallback
@@ -81,16 +79,21 @@ type
     advertisementUpdated*: AsyncEvent
     advertiseLoop*: Future[void]
 
-method request*(self: DiscoveryInterface, pa: PeerAttributes) {.async, base.} =
-  doAssert(false, "Not implemented!")
-
-method advertise*(self: DiscoveryInterface) {.async, base.} =
-  doAssert(false, "Not implemented!")
-
-type
   DiscoveryError* = object of LPError
   DiscoveryFinished* = object of LPError
+  AdvertiseError* = object of DiscoveryError
 
+method request*(
+    self: DiscoveryInterface, pa: PeerAttributes
+) {.base, async: (raises: [DiscoveryError, CancelledError]).} =
+  doAssert(false, "[DiscoveryInterface.request] abstract method not implemented!")
+
+method advertise*(
+    self: DiscoveryInterface
+) {.base, async: (raises: [CancelledError, AdvertiseError]).} =
+  doAssert(false, "[DiscoveryInterface.advertise] abstract method not implemented!")
+
+type
   DiscoveryQuery* = ref object
     attr: PeerAttributes
     peers: AsyncQueue[PeerAttributes]
@@ -104,13 +107,13 @@ type
 proc add*(dm: DiscoveryManager, di: DiscoveryInterface) =
   dm.interfaces &= di
 
-  di.onPeerFound = proc (pa: PeerAttributes) =
+  di.onPeerFound = proc(pa: PeerAttributes) =
     for query in dm.queries:
       if query.attr.match(pa):
         try:
           query.peers.putNoWait(pa)
         except AsyncQueueFullError as exc:
-          debug "Cannot push discovered peer to queue"
+          debug "Cannot push discovered peer to queue", description = exc.msg
 
 proc request*(dm: DiscoveryManager, pa: PeerAttributes): DiscoveryQuery =
   var query = DiscoveryQuery(attr: pa, peers: newAsyncQueue[PeerAttributes]())
@@ -125,30 +128,29 @@ proc request*[T](dm: DiscoveryManager, value: T): DiscoveryQuery =
   pa.add(value)
   return dm.request(pa)
 
-proc advertise*(dm: DiscoveryManager, pa: PeerAttributes) =
+proc advertise*[T](dm: DiscoveryManager, value: T) =
   for i in dm.interfaces:
-    i.toAdvertise = pa
+    i.toAdvertise.add(value)
     if i.advertiseLoop.isNil:
       i.advertisementUpdated = newAsyncEvent()
       i.advertiseLoop = i.advertise()
     else:
       i.advertisementUpdated.fire()
 
-proc advertise*[T](dm: DiscoveryManager, value: T) =
-  var pa: PeerAttributes
-  pa.add(value)
-  dm.advertise(pa)
-
 template forEach*(query: DiscoveryQuery, code: untyped) =
   ## Will execute `code` for each discovered peer. The
   ## peer attritubtes are available through the variable
   ## `peer`
 
-  proc forEachInternal(q: DiscoveryQuery) {.async.} =
+  proc forEachInternal(
+      q: DiscoveryQuery
+  ) {.async: (raises: [CancelledError, DiscoveryError]).} =
     while true:
       let peer {.inject.} =
-        try: await q.getPeer()
-        except DiscoveryFinished: return
+        try:
+          await q.getPeer()
+        except DiscoveryFinished:
+          return
       code
 
   asyncSpawn forEachInternal(query)
@@ -156,22 +158,28 @@ template forEach*(query: DiscoveryQuery, code: untyped) =
 proc stop*(query: DiscoveryQuery) =
   query.finished = true
   for r in query.futs:
-    if not r.finished(): r.cancel()
+    if not r.finished():
+      r.cancelSoon()
 
 proc stop*(dm: DiscoveryManager) =
   for q in dm.queries:
     q.stop()
   for i in dm.interfaces:
-    if isNil(i.advertiseLoop): continue
-    i.advertiseLoop.cancel()
+    if isNil(i.advertiseLoop):
+      continue
+    i.advertiseLoop.cancelSoon()
 
-proc getPeer*(query: DiscoveryQuery): Future[PeerAttributes] {.async.} =
+proc getPeer*(
+    query: DiscoveryQuery
+): Future[PeerAttributes] {.
+    async: (raises: [CancelledError, DiscoveryError, DiscoveryFinished])
+.} =
   let getter = query.peers.popFirst()
 
   try:
     await getter or allFinished(query.futs)
   except CancelledError as exc:
-    getter.cancel()
+    getter.cancelSoon()
     raise exc
 
   if not finished(getter):

libp2p/discovery/rendezvousinterface.nim

@@ -1,5 +1,5 @@
 # Nim-LibP2P
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -7,36 +7,33 @@
 # This file may not be copied, modified, or distributed except according to
 # those terms.
 
-when (NimMajor, NimMinor) < (1, 4):
-  {.push raises: [Defect].}
-else:
-  {.push raises: [].}
+{.push raises: [].}
 
-import sequtils
 import chronos
-import ./discoverymngr,
-       ../protocols/rendezvous,
-       ../peerid
+import ./discoverymngr, ../protocols/rendezvous, ../peerid
 
 type
   RendezVousInterface* = ref object of DiscoveryInterface
     rdv*: RendezVous
     timeToRequest: Duration
     timeToAdvertise: Duration
+    ttl: Duration
 
   RdvNamespace* = distinct string
 
 proc `==`*(a, b: RdvNamespace): bool {.borrow.}
 
-method request*(self: RendezVousInterface, pa: PeerAttributes) {.async.} =
-  var namespace = ""
+method request*(
+    self: RendezVousInterface, pa: PeerAttributes
+) {.async: (raises: [DiscoveryError, CancelledError]).} =
+  var namespace = Opt.none(string)
   for attr in pa:
     if attr.ofType(RdvNamespace):
-      namespace = string attr.to(RdvNamespace)
+      namespace = Opt.some(string attr.to(RdvNamespace))
     elif attr.ofType(DiscoveryService):
-      namespace = string attr.to(DiscoveryService)
+      namespace = Opt.some(string attr.to(DiscoveryService))
     elif attr.ofType(PeerId):
-      namespace = $attr.to(PeerId)
+      namespace = Opt.some($attr.to(PeerId))
     else:
       # unhandled type
       return
@@ -47,13 +44,15 @@ method request*(self: RendezVousInterface, pa: PeerAttributes) {.async.} =
       for address in pr.addresses:
         peer.add(address.address)
 
-      peer.add(DiscoveryService(namespace))
-      peer.add(RdvNamespace(namespace))
+      peer.add(DiscoveryService(namespace.get()))
+      peer.add(RdvNamespace(namespace.get()))
       self.onPeerFound(peer)
 
     await sleepAsync(self.timeToRequest)
 
-method advertise*(self: RendezVousInterface) {.async.} =
+method advertise*(
+    self: RendezVousInterface
+) {.async: (raises: [CancelledError, AdvertiseError]).} =
   while true:
     var toAdvertise: seq[string]
     for attr in self.toAdvertise:
@@ -66,12 +65,18 @@ method advertise*(self: RendezVousInterface) {.async.} =
 
     self.advertisementUpdated.clear()
     for toAdv in toAdvertise:
-      await self.rdv.advertise(toAdv, self.timeToAdvertise)
+      try:
+        await self.rdv.advertise(toAdv, self.ttl)
+      except CatchableError as error:
+        debug "RendezVous advertise error: ", description = error.msg
 
     await sleepAsync(self.timeToAdvertise) or self.advertisementUpdated.wait()
 
-proc new*(T: typedesc[RendezVousInterface],
-          rdv: RendezVous,
-          ttr: Duration = 1.minutes,
-          tta: Duration = MinimumDuration): RendezVousInterface =
-  T(rdv: rdv, timeToRequest: ttr, timeToAdvertise: tta)
+proc new*(
+    T: typedesc[RendezVousInterface],
+    rdv: RendezVous,
+    ttr: Duration = 1.minutes,
+    tta: Duration = 1.minutes,
+    ttl: Duration = MinimumDuration,
+): RendezVousInterface =
+  T(rdv: rdv, timeToRequest: ttr, timeToAdvertise: tta, ttl: ttl)

libp2p/errors.nim

@@ -19,58 +19,30 @@ func toException*(e: string): ref LPError =
 # sadly nim needs more love for hygienic templates
 # so here goes the macro, its based on the proc/template version
 # and uses quote do so it's quite readable
-macro checkFutures*[T](futs: seq[Future[T]], exclude: untyped = []): untyped =
+# TODO https://github.com/nim-lang/Nim/issues/22936
+macro checkFutures*[F](futs: seq[F], exclude: untyped = []): untyped =
   let nexclude = exclude.len
   case nexclude
   of 0:
-    quote do:
+    quote:
       for res in `futs`:
         if res.failed:
-          let exc = res.readError()
+          let exc = res.error
           # We still don't abort but warn
-          debug "A future has failed, enable trace logging for details", error = exc.name
-          trace "Exception message", msg= exc.msg, stack = getStackTrace()
+          debug "A future has failed, enable trace logging for details",
+            error = exc.name
+          trace "Exception message", description = exc.msg, stack = getStackTrace()
   else:
-    quote do:
+    quote:
       for res in `futs`:
         block check:
           if res.failed:
-            let exc = res.readError()
-            for i in 0..<`nexclude`:
+            let exc = res.error
+            for i in 0 ..< `nexclude`:
               if exc of `exclude`[i]:
-                trace "A future has failed", error=exc.name, msg=exc.msg
+                trace "A future has failed", error = exc.name, description = exc.msg
                 break check
             # We still don't abort but warn
-            debug "A future has failed, enable trace logging for details", error=exc.name
-            trace "Exception details", msg=exc.msg
-
-proc allFuturesThrowing*[T](args: varargs[Future[T]]): Future[void] =
-  var futs: seq[Future[T]]
-  for fut in args:
-    futs &= fut
-  proc call() {.async.} =
-    var first: ref CatchableError = nil
-    futs = await allFinished(futs)
-    for fut in futs:
-      if fut.failed:
-        let err = fut.readError()
-        if err of Defect:
-          raise err
-        else:
-          if err of CancelledError:
-            raise err
-          if isNil(first):
-            first = err
-    if not isNil(first):
-      raise first
-
-  return call()
-
-template tryAndWarn*(message: static[string]; body: untyped): untyped =
-  try:
-    body
-  except CancelledError as exc:
-    raise exc
-  except CatchableError as exc:
-    debug "An exception has ocurred, enable trace logging for details", name = exc.name, msg = message
-    trace "Exception details", exc = exc.msg
+            debug "A future has failed, enable trace logging for details",
+              error = exc.name
+            trace "Exception details", description = exc.msg

libp2p/multibase.nim

@@ -1,5 +1,5 @@
 # Nim-Libp2p
-# Copyright (c) 2022 Status Research & Development GmbH
+# Copyright (c) 2023 Status Research & Development GmbH
 # Licensed under either of
 #  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 #  * MIT license ([LICENSE-MIT](LICENSE-MIT))
@@ -13,36 +13,41 @@
 ## 1. base32z
 ##
 
-when (NimMajor, NimMinor) < (1, 4):
-  {.push raises: [Defect].}
-else:
-  {.push raises: [].}
+{.push raises: [].}
 
 import tables
-import stew/[base32, base58, base64, results]
+import results
+import stew/[base32, base58, base64]
+import ./utils/sequninit
 
 type
   MultiBaseStatus* {.pure.} = enum
-    Error, Success, Overrun, Incorrect, BadCodec, NotSupported
+    Error
+    Success
+    Overrun
+    Incorrect
+    BadCodec
+    NotSupported
 
   MultiBase* = object
 
-  MBCodeSize = proc(length: int): int {.nimcall, gcsafe, noSideEffect, raises: [Defect].}
+  MBCodeSize = proc(length: int): int {.nimcall, gcsafe, noSideEffect, raises: [].}
 
   MBCodec = object
     code: char
     name: string
-    encr: proc(inbytes: openArray[byte],
-               outbytes: var openArray[char],
-               outlen: var int): MultiBaseStatus {.nimcall, gcsafe, noSideEffect, raises: [Defect].}
-    decr: proc(inbytes: openArray[char],
-               outbytes: var openArray[byte],
-               outlen: var int): MultiBaseStatus {.nimcall, gcsafe, noSideEffect, raises: [Defect].}
+    encr: proc(
+      inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+    ): MultiBaseStatus {.nimcall, gcsafe, noSideEffect, raises: [].}
+    decr: proc(
+      inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+    ): MultiBaseStatus {.nimcall, gcsafe, noSideEffect, raises: [].}
     encl: MBCodeSize
     decl: MBCodeSize
 
-proc idd(inbytes: openArray[char], outbytes: var openArray[byte],
-         outlen: var int): MultiBaseStatus =
+proc idd(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   let length = len(inbytes)
   if length > len(outbytes):
     outlen = length
@@ -52,9 +57,9 @@ proc idd(inbytes: openArray[char], outbytes: var openArray[byte],
     outlen = length
     result = MultiBaseStatus.Success
 
-proc ide(inbytes: openArray[byte],
-         outbytes: var openArray[char],
-         outlen: var int): MultiBaseStatus =
+proc ide(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   let length = len(inbytes)
   if length > len(outbytes):
     outlen = length
@@ -64,31 +69,37 @@ proc ide(inbytes: openArray[byte],
     outlen = length
     result = MultiBaseStatus.Success
 
-proc idel(length: int): int = length
-proc iddl(length: int): int = length
+proc idel(length: int): int =
+  length
 
-proc b16d(inbytes: openArray[char],
-          outbytes: var openArray[byte],
-          outlen: var int): MultiBaseStatus =
+proc iddl(length: int): int =
+  length
+
+proc b16d(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   discard
 
-proc b16e(inbytes: openArray[byte],
-          outbytes: var openArray[char],
-          outlen: var int): MultiBaseStatus =
+proc b16e(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   discard
 
-proc b16ud(inbytes: openArray[char],
-           outbytes: var openArray[byte],
-           outlen: var int): MultiBaseStatus =
+proc b16ud(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   discard
 
-proc b16ue(inbytes: openArray[byte],
-           outbytes: var openArray[char],
-           outlen: var int): MultiBaseStatus =
+proc b16ue(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   discard
 
-proc b16el(length: int): int = length shl 1
-proc b16dl(length: int): int = (length + 1) div 2
+proc b16el(length: int): int =
+  length shl 1
+
+proc b16dl(length: int): int =
+  (length + 1) div 2
 
 proc b32ce(r: Base32Status): MultiBaseStatus {.inline.} =
   result = MultiBaseStatus.Error
@@ -117,218 +128,253 @@ proc b64ce(r: Base64Status): MultiBaseStatus {.inline.} =
   elif r == Base64Status.Success:
     result = MultiBaseStatus.Success
 
-proc b32hd(inbytes: openArray[char],
-           outbytes: var openArray[byte],
-           outlen: var int): MultiBaseStatus =
+proc b32hd(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   result = b32ce(HexBase32Lower.decode(inbytes, outbytes, outlen))
 
-proc b32he(inbytes: openArray[byte],
-           outbytes: var openArray[char],
-           outlen: var int): MultiBaseStatus =
+proc b32he(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   result = b32ce(HexBase32Lower.encode(inbytes, outbytes, outlen))
 
-proc b32hud(inbytes: openArray[char],
-            outbytes: var openArray[byte],
-            outlen: var int): MultiBaseStatus =
+proc b32hud(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   result = b32ce(HexBase32Upper.decode(inbytes, outbytes, outlen))
 
-proc b32hue(inbytes: openArray[byte],
-            outbytes: var openArray[char],
-            outlen: var int): MultiBaseStatus =
+proc b32hue(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   result = b32ce(HexBase32Upper.encode(inbytes, outbytes, outlen))
 
-proc b32hpd(inbytes: openArray[char],
-            outbytes: var openArray[byte],
-            outlen: var int): MultiBaseStatus =
+proc b32hpd(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   result = b32ce(HexBase32LowerPad.decode(inbytes, outbytes, outlen))
 
-proc b32hpe(inbytes: openArray[byte],
-            outbytes: var openArray[char],
-            outlen: var int): MultiBaseStatus =
+proc b32hpe(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   result = b32ce(HexBase32LowerPad.encode(inbytes, outbytes, outlen))
 
-proc b32hpud(inbytes: openArray[char],
-             outbytes: var openArray[byte],
-             outlen: var int): MultiBaseStatus =
+proc b32hpud(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   result = b32ce(HexBase32UpperPad.decode(inbytes, outbytes, outlen))
 
-proc b32hpue(inbytes: openArray[byte],
-             outbytes: var openArray[char],
-             outlen: var int): MultiBaseStatus =
+proc b32hpue(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   result = b32ce(HexBase32UpperPad.encode(inbytes, outbytes, outlen))
 
-proc b32d(inbytes: openArray[char],
-          outbytes: var openArray[byte],
-          outlen: var int): MultiBaseStatus =
+proc b32d(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   result = b32ce(Base32Lower.decode(inbytes, outbytes, outlen))
 
-proc b32e(inbytes: openArray[byte],
-          outbytes: var openArray[char],
-          outlen: var int): MultiBaseStatus =
+proc b32e(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   result = b32ce(Base32Lower.encode(inbytes, outbytes, outlen))
 
-proc b32ud(inbytes: openArray[char],
-           outbytes: var openArray[byte],
-           outlen: var int): MultiBaseStatus =
+proc b32ud(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   result = b32ce(Base32Upper.decode(inbytes, outbytes, outlen))
 
-proc b32ue(inbytes: openArray[byte],
-           outbytes: var openArray[char],
-           outlen: var int): MultiBaseStatus =
+proc b32ue(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   result = b32ce(Base32Upper.encode(inbytes, outbytes, outlen))
 
-proc b32pd(inbytes: openArray[char],
-           outbytes: var openArray[byte],
-           outlen: var int): MultiBaseStatus =
+proc b32pd(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   result = b32ce(Base32LowerPad.decode(inbytes, outbytes, outlen))
 
-proc b32pe(inbytes: openArray[byte],
-           outbytes: var openArray[char],
-           outlen: var int): MultiBaseStatus =
+proc b32pe(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   result = b32ce(Base32LowerPad.encode(inbytes, outbytes, outlen))
 
-proc b32pud(inbytes: openArray[char],
-            outbytes: var openArray[byte],
-            outlen: var int): MultiBaseStatus =
+proc b32pud(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   result = b32ce(Base32UpperPad.decode(inbytes, outbytes, outlen))
 
-proc b32pue(inbytes: openArray[byte],
-            outbytes: var openArray[char],
-            outlen: var int): MultiBaseStatus =
+proc b32pue(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   result = b32ce(Base32UpperPad.encode(inbytes, outbytes, outlen))
 
-proc b32el(length: int): int = Base32Lower.encodedLength(length)
-proc b32dl(length: int): int = Base32Lower.decodedLength(length)
-proc b32pel(length: int): int = Base32LowerPad.encodedLength(length)
-proc b32pdl(length: int): int = Base32LowerPad.decodedLength(length)
+proc b32el(length: int): int =
+  Base32Lower.encodedLength(length)
 
-proc b58fd(inbytes: openArray[char],
-           outbytes: var openArray[byte],
-           outlen: var int): MultiBaseStatus =
+proc b32dl(length: int): int =
+  Base32Lower.decodedLength(length)
+
+proc b32pel(length: int): int =
+  Base32LowerPad.encodedLength(length)
+
+proc b32pdl(length: int): int =
+  Base32LowerPad.decodedLength(length)
+
+proc b58fd(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   result = b58ce(FLCBase58.decode(inbytes, outbytes, outlen))
 
-proc b58fe(inbytes: openArray[byte],
-           outbytes: var openArray[char],
-           outlen: var int): MultiBaseStatus =
+proc b58fe(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   result = b58ce(FLCBase58.encode(inbytes, outbytes, outlen))
 
-proc b58bd(inbytes: openArray[char],
-           outbytes: var openArray[byte],
-           outlen: var int): MultiBaseStatus =
+proc b58bd(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   result = b58ce(BTCBase58.decode(inbytes, outbytes, outlen))
 
-proc b58be(inbytes: openArray[byte],
-           outbytes: var openArray[char],
-           outlen: var int): MultiBaseStatus =
+proc b58be(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   result = b58ce(BTCBase58.encode(inbytes, outbytes, outlen))
 
-proc b58el(length: int): int = Base58.encodedLength(length)
-proc b58dl(length: int): int = Base58.decodedLength(length)
+proc b58el(length: int): int =
+  Base58.encodedLength(length)
 
-proc b64el(length: int): int = Base64.encodedLength(length)
-proc b64dl(length: int): int = Base64.decodedLength(length)
-proc b64pel(length: int): int = Base64Pad.encodedLength(length)
-proc b64pdl(length: int): int = Base64Pad.decodedLength(length)
+proc b58dl(length: int): int =
+  Base58.decodedLength(length)
 
-proc b64e(inbytes: openArray[byte],
-          outbytes: var openArray[char],
-          outlen: var int): MultiBaseStatus =
+proc b64el(length: int): int =
+  Base64.encodedLength(length)
+
+proc b64dl(length: int): int =
+  Base64.decodedLength(length)
+
+proc b64pel(length: int): int =
+  Base64Pad.encodedLength(length)
+
+proc b64pdl(length: int): int =
+  Base64Pad.decodedLength(length)
+
+proc b64e(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   result = b64ce(Base64.encode(inbytes, outbytes, outlen))
 
-proc b64d(inbytes: openArray[char],
-          outbytes: var openArray[byte],
-          outlen: var int): MultiBaseStatus =
+proc b64d(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   result = b64ce(Base64.decode(inbytes, outbytes, outlen))
 
-proc b64pe(inbytes: openArray[byte],
-           outbytes: var openArray[char],
-           outlen: var int): MultiBaseStatus =
+proc b64pe(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   result = b64ce(Base64Pad.encode(inbytes, outbytes, outlen))
 
-proc b64pd(inbytes: openArray[char],
-           outbytes: var openArray[byte],
-           outlen: var int): MultiBaseStatus =
+proc b64pd(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   result = b64ce(Base64Pad.decode(inbytes, outbytes, outlen))
 
-proc b64ue(inbytes: openArray[byte],
-           outbytes: var openArray[char],
-           outlen: var int): MultiBaseStatus =
+proc b64ue(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   result = b64ce(Base64Url.encode(inbytes, outbytes, outlen))
 
-proc b64ud(inbytes: openArray[char],
-           outbytes: var openArray[byte],
-           outlen: var int): MultiBaseStatus =
+proc b64ud(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   result = b64ce(Base64Url.decode(inbytes, outbytes, outlen))
 
-proc b64upe(inbytes: openArray[byte],
-          outbytes: var openArray[char],
-          outlen: var int): MultiBaseStatus =
+proc b64upe(
+    inbytes: openArray[byte], outbytes: var openArray[char], outlen: var int
+): MultiBaseStatus =
   result = b64ce(Base64UrlPad.encode(inbytes, outbytes, outlen))
 
-proc b64upd(inbytes: openArray[char],
-            outbytes: var openArray[byte],
-            outlen: var int): MultiBaseStatus =
+proc b64upd(
+    inbytes: openArray[char], outbytes: var openArray[byte], outlen: var int
+): MultiBaseStatus =
   result = b64ce(Base64UrlPad.decode(inbytes, outbytes, outlen))
 
-const
-  MultiBaseCodecs = [
-    MBCodec(name: "identity", code: chr(0x00),
-      decr: idd, encr: ide, decl: iddl, encl: idel
-    ),
-    MBCodec(name: "base1", code: '1'),
-    MBCodec(name: "base2", code: '0'),
-    MBCodec(name: "base8", code: '7'),
-    MBCodec(name: "base10", code: '9'),
-    MBCodec(name: "base16", code: 'f',
-      decr: b16d, encr: b16e, decl: b16dl, encl: b16el
-    ),
-    MBCodec(name: "base16upper", code: 'F',
-      decr: b16ud, encr: b16ue, decl: b16dl, encl: b16el
-    ),
-    MBCodec(name: "base32hex", code: 'v',
-      decr: b32hd, encr: b32he, decl: b32dl, encl: b32el
-    ),
-    MBCodec(name: "base32hexupper", code: 'V',
-      decr: b32hud, encr: b32hue, decl: b32dl, encl: b32el
-    ),
-    MBCodec(name: "base32hexpad", code: 't',
-      decr: b32hpd, encr: b32hpe, decl: b32pdl, encl: b32pel
-    ),
-    MBCodec(name: "base32hexpadupper", code: 'T',
-      decr: b32hpud, encr: b32hpue, decl: b32pdl, encl: b32pel
-    ),
-    MBCodec(name: "base32", code: 'b',
-      decr: b32d, encr: b32e, decl: b32dl, encl: b32el
-    ),
-    MBCodec(name: "base32upper", code: 'B',
-      decr: b32ud, encr: b32ue, decl: b32dl, encl: b32el
-    ),
-    MBCodec(name: "base32pad", code: 'c',
-      decr: b32pd, encr: b32pe, decl: b32pdl, encl: b32pel
-    ),
-    MBCodec(name: "base32padupper", code: 'C',
-      decr: b32pud, encr: b32pue, decl: b32pdl, encl: b32pel
-    ),
-    MBCodec(name: "base32z", code: 'h'),
-    MBCodec(name: "base58flickr", code: 'Z',
-      decr: b58fd, encr: b58fe, decl: b58dl, encl: b58el
-    ),
-    MBCodec(name: "base58btc", code: 'z',
-      decr: b58bd, encr: b58be, decl: b58dl, encl: b58el
-    ),
-    MBCodec(name: "base64", code: 'm',
-      decr: b64d, encr: b64e, decl: b64dl, encl: b64el
-    ),
-    MBCodec(name: "base64pad", code: 'M',
-      decr: b64pd, encr: b64pe, decl: b64pdl, encl: b64pel
-    ),
-    MBCodec(name: "base64url", code: 'u',
-      decr: b64ud, encr: b64ue, decl: b64dl, encl: b64el
-    ),
-    MBCodec(name: "base64urlpad", code: 'U',
-      decr: b64upd, encr: b64upe, decl: b64pdl, encl: b64pel
-    )
-  ]
+const MultiBaseCodecs = [
+  MBCodec(
+    name: "identity", code: chr(0x00), decr: idd, encr: ide, decl: iddl, encl: idel
+  ),
+  MBCodec(name: "base1", code: '1'),
+  MBCodec(name: "base2", code: '0'),
+  MBCodec(name: "base8", code: '7'),
+  MBCodec(name: "base10", code: '9'),
+  MBCodec(name: "base16", code: 'f', decr: b16d, encr: b16e, decl: b16dl, encl: b16el),
+  MBCodec(
+    name: "base16upper", code: 'F', decr: b16ud, encr: b16ue, decl: b16dl, encl: b16el
+  ),
+  MBCodec(
+    name: "base32hex", code: 'v', decr: b32hd, encr: b32he, decl: b32dl, encl: b32el
+  ),
+  MBCodec(
+    name: "base32hexupper",
+    code: 'V',
+    decr: b32hud,
+    encr: b32hue,
+    decl: b32dl,
+    encl: b32el,
+  ),
+  MBCodec(
+    name: "base32hexpad",
+    code: 't',
+    decr: b32hpd,
+    encr: b32hpe,
+    decl: b32pdl,
+    encl: b32pel,
+  ),
+  MBCodec(
+    name: "base32hexpadupper",
+    code: 'T',
+    decr: b32hpud,
+    encr: b32hpue,
+    decl: b32pdl,
+    encl: b32pel,
+  ),
+  MBCodec(name: "base32", code: 'b', decr: b32d, encr: b32e, decl: b32dl, encl: b32el),
+  MBCodec(
+    name: "base32upper", code: 'B', decr: b32ud, encr: b32ue, decl: b32dl, encl: b32el
+  ),
+  MBCodec(
+    name: "base32pad", code: 'c', decr: b32pd, encr: b32pe, decl: b32pdl, encl: b32pel
+  ),
+  MBCodec(
+    name: "base32padupper",
+    code: 'C',
+    decr: b32pud,
+    encr: b32pue,
+    decl: b32pdl,
+    encl: b32pel,
+  ),
+  MBCodec(name: "base32z", code: 'h'),
+  MBCodec(
+    name: "base58flickr", code: 'Z', decr: b58fd, encr: b58fe, decl: b58dl, encl: b58el
+  ),
+  MBCodec(
+    name: "base58btc", code: 'z', decr: b58bd, encr: b58be, decl: b58dl, encl: b58el
+  ),
+  MBCodec(name: "base64", code: 'm', decr: b64d, encr: b64e, decl: b64dl, encl: b64el),
+  MBCodec(
+    name: "base64pad", code: 'M', decr: b64pd, encr: b64pe, decl: b64pdl, encl: b64pel
+  ),
+  MBCodec(
+    name: "base64url", code: 'u', decr: b64ud, encr: b64ue, decl: b64dl, encl: b64el
+  ),
+  MBCodec(
+    name: "base64urlpad",
+    code: 'U',
+    decr: b64upd,
+    encr: b64upe,
+    decl: b64pdl,
+    encl: b64pel,
+  ),
+]
 
 proc initMultiBaseCodeTable(): Table[char, MBCodec] {.compileTime.} =
   for item in MultiBaseCodecs:
@@ -342,8 +388,7 @@ const
   CodeMultiBases = initMultiBaseCodeTable()
   NameMultiBases = initMultiBaseNameTable()
 
-proc encodedLength*(mbtype: typedesc[MultiBase], encoding: string,
-                    length: int): int =
+proc encodedLength*(mbtype: typedesc[MultiBase], encoding: string, length: int): int =
   ## Return estimated size of buffer to store MultiBase encoded value with
   ## encoding ``encoding`` of length ``length``.
   ##
@@ -358,8 +403,7 @@ proc encodedLength*(mbtype: typedesc[MultiBase], encoding: string,
     else:
       result = mb.encl(length) + 1
 
-proc decodedLength*(mbtype: typedesc[MultiBase], encoding: char,
-                    length: int): int =
+proc decodedLength*(mbtype: typedesc[MultiBase], encoding: char, length: int): int =
   ## Return estimated size of buffer to store MultiBase decoded value with
   ## encoding character ``encoding`` of length ``length``.
   let mb = CodeMultiBases.getOrDefault(encoding)
@@ -371,9 +415,13 @@ proc decodedLength*(mbtype: typedesc[MultiBase], encoding: char,
     else:
       result = mb.decl(length - 1)
 
-proc encode*(mbtype: typedesc[MultiBase], encoding: string,
-             inbytes: openArray[byte], outbytes: var openArray[char],
-             outlen: var int): MultiBaseStatus =
+proc encode*(
+    mbtype: typedesc[MultiBase],
+    encoding: string,
+    inbytes: openArray[byte],
+    outbytes: var openArray[char],
+    outlen: var int,
+): MultiBaseStatus =
   ## Encode array ``inbytes`` using MultiBase encoding scheme ``encoding`` and
   ## store encoded value to ``outbytes``.
   ##
@@ -395,8 +443,7 @@ proc encode*(mbtype: typedesc[MultiBase], encoding: string,
   if isNil(mb.encr) or isNil(mb.encl):
     return MultiBaseStatus.NotSupported
   if len(outbytes) > 1:
-    result = mb.encr(inbytes, outbytes.toOpenArray(1, outbytes.high),
-                     outlen)
+    result = mb.encr(inbytes, outbytes.toOpenArray(1, outbytes.high), outlen)
     if result == MultiBaseStatus.Overrun:
       outlen += 1
     elif result == MultiBaseStatus.Success:
@@ -411,8 +458,12 @@ proc encode*(mbtype: typedesc[MultiBase], encoding: string,
       result = MultiBaseStatus.Overrun
       outlen = mb.encl(len(inbytes)) + 1
 
-proc decode*(mbtype: typedesc[MultiBase], inbytes: openArray[char],
-             outbytes: var openArray[byte], outlen: var int): MultiBaseStatus =
+proc decode*(
+    mbtype: typedesc[MultiBase],
+    inbytes: openArray[char],
+    outbytes: var openArray[byte],
+    outlen: var int,
+): MultiBaseStatus =
   ## Decode array ``inbytes`` using MultiBase encoding and store decoded value
   ## to ``outbytes``.
   ##
@@ -441,8 +492,9 @@ proc decode*(mbtype: typedesc[MultiBase], inbytes: openArray[char],
   else:
     result = mb.decr(inbytes.toOpenArray(1, length - 1), outbytes, outlen)
 
-proc encode*(mbtype: typedesc[MultiBase], encoding: string,
-             inbytes: openArray[byte]): Result[string, string] =
+proc encode*(
+    mbtype: typedesc[MultiBase], encoding: string, inbytes: openArray[byte]
+): Result[string, string] =
   ## Encode array ``inbytes`` using MultiBase encoding scheme ``encoding`` and
   ## return encoded string.
   let length = len(inbytes)
@@ -465,7 +517,9 @@ proc encode*(mbtype: typedesc[MultiBase], encoding: string,
     buffer[0] = mb.code
   ok(buffer)
 
-proc decode*(mbtype: typedesc[MultiBase], inbytes: openArray[char]): Result[seq[byte], string] =
+proc decode*(
+    mbtype: typedesc[MultiBase], inbytes: openArray[char]
+): Result[seq[byte], string] =
   ## Decode MultiBase encoded array ``inbytes`` and return decoded sequence of
   ## bytes.
   let length = len(inbytes)
@@ -480,10 +534,9 @@ proc decode*(mbtype: typedesc[MultiBase], inbytes: openArray[char]): Result[seq[
     let empty: seq[byte] = @[]
     ok(empty) # empty
   else:
-    var buffer = newSeq[byte](mb.decl(length - 1))
+    var buffer = newSeqUninit[byte](mb.decl(length - 1))
     var outlen = 0
-    let res = mb.decr(inbytes.toOpenArray(1, length - 1),
-                      buffer, outlen)
+    let res = mb.decr(inbytes.toOpenArray(1, length - 1), buffer, outlen)
     if res != MultiBaseStatus.Success:
       err("multibase: Decoding error [" & $res & "]")
     else: