provider record encryption

dht.go

@@ -356,7 +356,7 @@ func makeDHT(ctx context.Context, h host.Host, cfg dhtcfg.Config) (*IpfsDHT, err
 	if cfg.ProviderStore != nil {
 		dht.providerStore = cfg.ProviderStore
 	} else {
-		dht.providerStore, err = providers.NewProviderManager(dht.ctx, h.ID(), h.Peerstore(), cfg.Datastore)
+		dht.providerStore, err = providers.NewProviderManager(dht.ctx, h.ID(), cfg.Datastore)
 		if err != nil {
 			return nil, fmt.Errorf("initializing default provider manager (%v)", err)
 		}

dht_test.go

@@ -518,7 +518,7 @@ func TestValueGetInvalid(t *testing.T) {
 	testSetGet("valid", "newer", nil)
 }
 
-func TestProvides(t *testing.T) {
+func TestProvides_Small(t *testing.T) {
 	// t.Skip("skipping test to debug another")
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
@@ -919,7 +919,7 @@ func TestProvidesMany(t *testing.T) {
 	}
 
 	// what is this timeout for? was 60ms before.
-	time.Sleep(time.Millisecond * 6)
+	time.Sleep(time.Second)
 
 	errchan := make(chan error)
 
@@ -1037,13 +1037,14 @@ func TestProvides_PrefixLookup(t *testing.T) {
 		}
 	}
 
-	time.Sleep(time.Millisecond * 6)
+	time.Sleep(time.Second)
 
 	n := 0
-	for _, c := range testCaseCids {
+	for i, c := range testCaseCids {
+		t.Log("searching for cid", c, i)
 		n = (n + 1) % 3
 
-		logger.Debugf("getting providers for %s from %d", c, n)
+		t.Logf("getting providers for %s from %d", c, n)
 		ctxT, cancel := context.WithTimeout(ctx, time.Second)
 		defer cancel()
 		dhts[n].prefixLength = 16 // half the hashed CID for now
@@ -1349,7 +1350,7 @@ func TestClientModeConnect(t *testing.T) {
 	c := testCaseCids[0]
 	p := peer.ID("TestPeer")
 	mhHash, _ := internal.Sha256Multihash(c.Hash())
-	err := a.ProviderStore().AddProvider(ctx, mhHash[:], peer.AddrInfo{ID: p})
+	err := a.ProviderStore().AddProvider(ctx, mhHash[:], p)
 	if err != nil {
 		t.Fatal(err)
 	}

encrypt.go

@@ -0,0 +1,74 @@
+package dht
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"crypto/sha256"
+	"errors"
+
+	"github.com/multiformats/go-multihash"
+)
+
+const (
+	keySize               = 32
+	encryptedPeerIDLength = 66
+)
+
+var errInvalidKeySize = errors.New("key size must be 32 bytes")
+
+func encryptAES(plaintext, key []byte) ([]byte, error) {
+	aesgcm, err := newAESGCM(key)
+	if err != nil {
+		return nil, err
+	}
+
+	nonce := make([]byte, aesgcm.NonceSize())
+	_, err = rand.Read(nonce)
+	if err != nil {
+		return nil, err
+	}
+
+	ct := aesgcm.Seal(nil, nonce, plaintext, nil)
+	return append(nonce, ct...), nil
+}
+
+func decryptAES(nonceAndCT, key []byte) ([]byte, error) {
+	aesgcm, err := newAESGCM(key)
+	if err != nil {
+		return nil, err
+	}
+
+	nonce := nonceAndCT[:aesgcm.NonceSize()]
+	ciphertext := nonceAndCT[aesgcm.NonceSize():]
+	plaintext, err := aesgcm.Open(nil, nonce, ciphertext, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return plaintext, nil
+}
+
+func newAESGCM(key []byte) (cipher.AEAD, error) {
+	if len(key) != keySize {
+		return nil, errInvalidKeySize
+	}
+
+	block, err := aes.NewCipher(key[:])
+	if err != nil {
+		return nil, err
+	}
+
+	aesgcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, err
+	}
+
+	return aesgcm, nil
+}
+
+func multihashToKey(mh multihash.Multihash) []byte {
+	const prefix = "AESGCM"
+	h := sha256.Sum256(append([]byte(prefix), mh...))
+	return h[:]
+}

encrypt_test.go

@@ -0,0 +1,18 @@
+package dht
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+var testKey = []byte("AES256Key-32Characters1234567890")
+
+func TestAES(t *testing.T) {
+	plaintext := []byte("nootwashere")
+	ciphertext, err := encryptAES(plaintext, testKey)
+	require.NoError(t, err)
+	plaintextRes, err := decryptAES(ciphertext, testKey)
+	require.NoError(t, err)
+	require.Equal(t, plaintext, plaintextRes)
+}

ext_test.go

@@ -267,14 +267,13 @@ func TestNotFound(t *testing.T) {
 				case pb.Message_GET_VALUE:
 					resp := &pb.Message{Type: pmes.Type}
 
-					ps := []peer.AddrInfo{}
+					ps := []peer.ID{}
 					for i := 0; i < 7; i++ {
 						p := hosts[rand.Intn(len(hosts))].ID()
-						pi := host.Peerstore().PeerInfo(p)
-						ps = append(ps, pi)
+						ps = append(ps, p)
 					}
 
-					resp.CloserPeers = pb.PeerInfosToPBPeers(d.host.Network(), ps)
+					resp.CloserPeers = pb.PeerIDsToPBPeers(d.host.Network(), host.Peerstore(), ps)
 					if err := pbw.WriteMsg(resp); err != nil {
 						return
 					}
@@ -362,10 +361,9 @@ func TestLessThanKResponses(t *testing.T) {
 
 				switch pmes.GetType() {
 				case pb.Message_GET_VALUE:
-					pi := host.Peerstore().PeerInfo(hosts[1].ID())
 					resp := &pb.Message{
 						Type:        pmes.Type,
-						CloserPeers: pb.PeerInfosToPBPeers(d.host.Network(), []peer.AddrInfo{pi}),
+						CloserPeers: pb.PeerIDsToPBPeers(d.host.Network(), host.Peerstore(), []peer.ID{hosts[1].ID()}),
 					}
 
 					if err := pbw.WriteMsg(resp); err != nil {
@@ -432,10 +430,9 @@ func TestMultipleQueries(t *testing.T) {
 
 			switch pmes.GetType() {
 			case pb.Message_GET_VALUE:
-				pi := hosts[1].Peerstore().PeerInfo(hosts[0].ID())
 				resp := &pb.Message{
 					Type:        pmes.Type,
-					CloserPeers: pb.PeerInfosToPBPeers(d.host.Network(), []peer.AddrInfo{pi}),
+					CloserPeers: pb.PeerIDsToPBPeers(d.host.Network(), hosts[1].Peerstore(), []peer.ID{hosts[0].ID()}),
 				}
 
 				if err := pbw.WriteMsg(resp); err != nil {

fullrt/dht.go

@@ -143,7 +143,7 @@ func NewFullRT(h host.Host, protocolPrefix protocol.ID, options ...Option) (*Ful
 
 	ctx, cancel := context.WithCancel(context.Background())
 
-	pm, err := providers.NewProviderManager(ctx, h.ID(), h.Peerstore(), dhtcfg.Datastore)
+	pm, err := providers.NewProviderManager(ctx, h.ID(), dhtcfg.Datastore)
 	if err != nil {
 		cancel()
 		return nil, err
@@ -781,7 +781,7 @@ func (dht *FullRT) Provide(ctx context.Context, key cid.Cid, brdcst bool) (err e
 	logger.Debugw("providing", "cid", key, "mh", internal.LoggableProviderRecordBytes(keyMH), "mhHash", mhHash)
 
 	// add self locally
-	err = dht.ProviderManager.AddProvider(ctx, mhHash, peer.AddrInfo{ID: dht.h.ID()})
+	err = dht.ProviderManager.AddProvider(ctx, mhHash, dht.h.ID())
 	if err != nil {
 		return err
 	}
@@ -827,7 +827,7 @@ func (dht *FullRT) Provide(ctx context.Context, key cid.Cid, brdcst bool) (err e
 	}
 
 	successes := dht.execOnMany(ctx, func(ctx context.Context, p peer.ID) error {
-		err := dht.protoMessenger.PutProvider(ctx, p, keyMH, dht.h)
+		err := dht.protoMessenger.PutProvider(ctx, p, keyMH, dht.h, []byte(dht.h.ID()))
 		return err
 	}, peers, true)
 
@@ -1251,9 +1251,10 @@ func (dht *FullRT) findProvidersAsyncRoutine(ctx context.Context, key multihash.
 	}
 	for _, p := range provs {
 		// NOTE: Assuming that this list of peers is unique
-		if psTryAdd(p.ID) {
+		addrInfo := dht.h.Peerstore().PeerInfo(p)
+		if psTryAdd(p) {
 			select {
-			case peerOut <- p:
+			case peerOut <- addrInfo:
 			case <-ctx.Done():
 				return
 			}

handlers.go

@@ -7,8 +7,8 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/libp2p/go-libp2p/core/crypto"
 	"github.com/libp2p/go-libp2p/core/peer"
-	pstore "github.com/libp2p/go-libp2p/p2p/host/peerstore"
 
 	"github.com/gogo/protobuf/proto"
 	ds "github.com/ipfs/go-datastore"
@@ -70,20 +70,7 @@ func (dht *IpfsDHT) handleGetValue(ctx context.Context, p peer.ID, pmes *pb.Mess
 	// Find closest peer on given cluster to desired key and reply with that info
 	closer := dht.betterPeersToQuery(pmes, p, dht.bucketSize)
 	if len(closer) > 0 {
-		// TODO: pstore.PeerInfos should move to core (=> peerstore.AddrInfos).
-		closerinfos := pstore.PeerInfos(dht.peerstore, closer)
-		for _, pi := range closerinfos {
-			logger.Debugf("handleGetValue returning closer peer: '%s'", pi.ID)
-			if len(pi.Addrs) < 1 {
-				logger.Warnw("no addresses on peer being sent",
-					"local", dht.self,
-					"to", p,
-					"sending", pi.ID,
-				)
-			}
-		}
-
-		resp.CloserPeers = pb.PeerInfosToPBPeers(dht.host.Network(), closerinfos)
+		resp.CloserPeers = pb.PeerIDsToPBPeers(dht.host.Network(), dht.peerstore, closer)
 	}
 
 	return resp, nil
@@ -294,16 +281,13 @@ func (dht *IpfsDHT) handleFindPeer(ctx context.Context, from peer.ID, pmes *pb.M
 		return resp, nil
 	}
 
-	// TODO: pstore.PeerInfos should move to core (=> peerstore.AddrInfos).
-	closestinfos := pstore.PeerInfos(dht.peerstore, closest)
-	// possibly an over-allocation but this array is temporary anyways.
-	withAddresses := make([]peer.AddrInfo, 0, len(closestinfos))
-	for _, pi := range closestinfos {
-		if len(pi.Addrs) > 0 {
-			withAddresses = append(withAddresses, pi)
+	withAddresses := make([]peer.AddrInfo, 0, len(closest))
+	for _, p := range closest {
+		addrInfo := dht.peerstore.PeerInfo(p)
+		if len(addrInfo.Addrs) > 0 {
+			withAddresses = append(withAddresses, addrInfo)
 		}
 	}
-
 	resp.CloserPeers = pb.PeerInfosToPBPeers(dht.host.Network(), withAddresses)
 	return resp, nil
 }
@@ -335,15 +319,14 @@ func (dht *IpfsDHT) handleGetProviders(ctx context.Context, p peer.ID, pmes *pb.
 		if err != nil {
 			return nil, err
 		}
-		resp.ProviderPeers = pb.PeersToPeersWithKey(pb.PeerInfosToPBPeers(dht.host.Network(), providers))
+
+		resp.ProviderPeers = pb.PeersToPeersWithKey(pb.PeerIDsToPBPeers(dht.host.Network(), dht.peerstore, providers))
 	}
 
 	// Also send closer peers.
 	closer := dht.betterPeersToQuery(pmes, p, dht.bucketSize)
 	if closer != nil {
-		// TODO: pstore.PeerInfos should move to core (=> peerstore.AddrInfos).
-		infos := pstore.PeerInfos(dht.peerstore, closer)
-		resp.CloserPeers = pb.PeerInfosToPBPeers(dht.host.Network(), infos)
+		resp.CloserPeers = pb.PeerIDsToPBPeers(dht.host.Network(), dht.peerstore, closer)
 	}
 
 	return resp, nil
@@ -360,24 +343,50 @@ func (dht *IpfsDHT) handleAddProvider(ctx context.Context, p peer.ID, pmes *pb.M
 	logger.Debugw("adding provider", "from", p, "key", internal.LoggableProviderRecordBytes(key))
 
 	// add provider should use the address given in the message
-	pinfos := pb.PBPeersToAddrInfos(pmes.GetProviderPeers())
-	for _, pi := range pinfos {
-		if pi.ID != p {
-			// we should ignore this provider record! not from originator.
-			// (we should sign them and check signature later...)
-			logger.Debugw("received provider from wrong peer", "from", p, "peer", pi.ID)
+	provs := pmes.GetProviderPeers()
+	pinfos := pb.PBPeersToAddrInfos(provs)
+	for i, pi := range pinfos {
+		if len(pi.Addrs) < 1 {
+			logger.Debugw("no valid addresses for provider", "from", p)
 			continue
 		}
 
-		if len(pi.Addrs) < 1 {
-			logger.Debugw("no valid addresses for provider", "from", p)
+		sig := provs[i].Signature
+		pub, err := crypto.PublicKeyFromProto(provs[i].PublicKey)
+		if err != nil {
+			logger.Debugw("failed to unmarshal public key", "from", p, "peer", pi.ID, "error", err)
 			continue
 		}
 
-		err := dht.providerStore.AddProvider(ctx, key, peer.AddrInfo{ID: p})
+		// verify that public key corresponds to sender peer ID
+		id, err := peer.IDFromPublicKey(pub)
+		if err != nil {
+			logger.Debugw("failed to derive peer ID from public key", "from", p, "peer", pi.ID, "error", err)
+			continue
+		}
+
+		if id != p {
+			logger.Debugw("remote peer ID does not match public key's peer ID", "from", p, "peer", pi.ID, "error", err)
+			continue
+		}
+
+		ok, err := pub.Verify(append(key, pi.ID...), sig)
+		if err != nil {
+			logger.Debugw("failed to verify signature", "from", p, "peer", pi.ID, "error", err)
+			continue
+		}
+
+		if !ok {
+			logger.Debugw("failed to verify signature", "from", p, "peer", pi.ID)
+			continue
+		}
+
+		err = dht.providerStore.AddProvider(ctx, key, pi.ID)
 		if err != nil {
 			return nil, err
 		}
+
+		logger.Infof("added provider %x for %x", pi.ID, key)
 	}
 
 	return nil, nil

pb/Makefile

@@ -10,5 +10,4 @@ build:
 		protoc --proto_path=$(GOPATH)/src:. --gogofast_out=. $<
 
 clean:
-		rm -f *.pb.go
-		rm -f *.go
+		rm -f *.pb.go