pezkuwichain/pezkuwi-subxt
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-subxt.git synced 2026-04-27 11:38:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Authentication of PeerIds in authority discovery records (#10317)

Browse Source 
* Consolidating test and production code

* Signing/verifying authority discovery records with PeerId

Unsigned records cannot be rejected yet, they just produce
a warning in the log.

* Upgrading to libp2p 0.40

* libp2p::identity and sp_core::crypto Ed25519 are compatible

* Rejecting authority records unsigned by peer id can be configured

* Fixes based on review comments

* No command-line argument needed

* info was still too much spam in the logs

* Added tests for both strict and loose validation

* Fixing based on review comments

* Pierre preferred a signing method

* Ooops, I need to slow down

* Update bin/node/cli/src/service.rs

* Reexport libp2p crypto used in sc-network

* Added proto3 compatibility tests. And import noise.

Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
This commit is contained in:
wigy
2021-12-05 20:17:14 +01:00
committed by GitHub
parent 4775f11edc
commit 5fd7fdcfcd
14 changed files with 637 additions and 200 deletions
Download Patch File Download Diff File Expand all files Collapse all files
substrate/client/network/src/service.rs
+26 -6
View File
@@ -54,7 +54,6 @@ use libp2p::{
either::EitherError,
upgrade, ConnectedPoint, Executor,
},
kad::record,
multiaddr,
ping::Failure as PingFailure,
swarm::{
@@ -93,9 +92,19 @@ pub use behaviour::{
mod metrics;
mod out_events;
mod signature;
#[cfg(test)]
mod tests;
pub use libp2p::{
identity::{
error::{DecodingError, SigningError},
Keypair, PublicKey,
},
kad::record::Key as KademliaKey,
};
pub use signature::*;
/// Substrate network service. Handles network IO and manages connectivity.
pub struct NetworkService<B: BlockT + 'static, H: ExHashT> {
/// Number of peers we're connected to.
@@ -106,6 +115,8 @@ pub struct NetworkService<B: BlockT + 'static, H: ExHashT> {
is_major_syncing: Arc<AtomicBool>,
/// Local copy of the `PeerId` of the local node.
local_peer_id: PeerId,
/// The `KeyPair` that defines the `PeerId` of the local node.
local_identity: Keypair,
/// Bandwidth logging system. Can be queried to know the average bandwidth consumed.
bandwidth: Arc<transport::BandwidthSinks>,
/// Peerset manager (PSM); manages the reputation of nodes and indicates the network which
@@ -318,7 +329,7 @@ impl<B: BlockT + 'static, H: ExHashT> NetworkWorker<B, H> {
};
transport::build_transport(
local_identity,
local_identity.clone(),
config_mem,
params.network_config.yamux_window_size,
yamux_maximum_buffer_size,
@@ -406,6 +417,7 @@ impl<B: BlockT + 'static, H: ExHashT> NetworkWorker<B, H> {
is_major_syncing: is_major_syncing.clone(),
peerset: peerset_handle,
local_peer_id,
local_identity,
to_worker,
peers_notifications_sinks: peers_notifications_sinks.clone(),
notifications_sizes_metric: metrics
@@ -667,6 +679,14 @@ impl<B: BlockT + 'static, H: ExHashT> NetworkService<B, H> {
&self.local_peer_id
}
/// Signs the message with the `KeyPair` that defined the local `PeerId`.
pub fn sign_with_local_identity(
&self,
msg: impl AsRef<[u8]>,
) -> Result<Signature, SigningError> {
Signature::sign_message(msg.as_ref(), &self.local_identity)
}
/// Set authorized peers.
///
/// Need a better solution to manage authorized peers, but now just use reserved peers for
@@ -1024,7 +1044,7 @@ impl<B: BlockT + 'static, H: ExHashT> NetworkService<B, H> {
///
/// This will generate either a `ValueFound` or a `ValueNotFound` event and pass it as an
/// item on the [`NetworkWorker`] stream.
pub fn get_value(&self, key: &record::Key) {
pub fn get_value(&self, key: &KademliaKey) {
let _ = self.to_worker.unbounded_send(ServiceToWorkerMsg::GetValue(key.clone()));
}
@@ -1032,7 +1052,7 @@ impl<B: BlockT + 'static, H: ExHashT> NetworkService<B, H> {
///
/// This will generate either a `ValuePut` or a `ValuePutFailed` event and pass it as an
/// item on the [`NetworkWorker`] stream.
pub fn put_value(&self, key: record::Key, value: Vec<u8>) {
pub fn put_value(&self, key: KademliaKey, value: Vec<u8>) {
let _ = self.to_worker.unbounded_send(ServiceToWorkerMsg::PutValue(key, value));
}
@@ -1393,8 +1413,8 @@ enum ServiceToWorkerMsg<B: BlockT, H: ExHashT> {
RequestJustification(B::Hash, NumberFor<B>),
ClearJustificationRequests,
AnnounceBlock(B::Hash, Option<Vec<u8>>),
GetValue(record::Key),
PutValue(record::Key, Vec<u8>),
GetValue(KademliaKey),
PutValue(KademliaKey, Vec<u8>),
AddKnownAddress(PeerId, Multiaddr),
SetReservedOnly(bool),
AddReserved(PeerId),