-
Notifications
You must be signed in to change notification settings - Fork 985
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: verify expected PeerId
as part of security handshake
#4864
base: master
Are you sure you want to change the base?
Conversation
PeerId
as part of a protocol handshake.PeerId
during protocol handshake.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great start!
We'll need to implement the new trait for libp2p-tls
and libp2p-noise
.
Thanks for the suggestions! |
Introduce `Builder::authenticate2` as an alternative code path given the supplied upgrade implements `SecurityUpgrade` instead of `InboundConnectionUpgrade`/`OutboundConnectionUpgrade`. Inline `secure_inbound` and `secure_outound` functions into `secure`. Fix `PeerId` in the output of `SecurityUpgrade::upgrade_security`. Remove the unnecessary call to `panic`. Co-authored-by: Thomas Eizinger
Use an owned dynamically typed `Future` that is `Send` (i.e. `BoxFuture`).
Introduce `InboundSecurityUpgrade`/`OutboundSecurityUpgrade` instead.
Plus fix doc comments.
a6905ba
to
b686801
Compare
Implement the `InboundSecurityUpgrade`/`OutboundSecurityUpgrade` traits for the TLS transport verifying the expected peer ID on outgoing upgrades.
Implement the `InboundSecurityUpgrade`/`OutboundSecurityUpgrade` traits for the Noise transport verifying the expected peer ID on outgoing upgrades.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That looks great!
I've left some more comments. Can you also please use authenticate2
within the SwarmBuilder
in the libp2p
crate?
The optional `PeerId` parameter in a security upgrade is never known at this point for an inbound connection.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good progress! I've left a few more comments :)
PeerId
during protocol handshake.PeerId
as part of security handshake
Delegate the implementations of `InboundConnectionUpgrade`/`OutboundConnectionUpgrade` traits to `InboundSecurityUpgrade`/`OutboundSecurityUpgrade` for Noise and TLS.
The `PeerId` coming from the address is the remote `PeerId` and the one from the handshake is the actual `PeerId`.
Introduce the `with_remote_peer_id` constructor in `Config`.
c2bf72d
to
c386182
Compare
In addition to the above comments, this is also still an open item. So far, we are not using those APIs anywhere, meaning we don't actually get to benefit from the new handshake. You'll have to find the usage sites of the current Here is one of the usages sites: rust-libp2p/libp2p/src/builder/phase/tcp.rs Lines 84 to 86 in d851d1b
|
The `PeerId` coming from the address is the expected `PeerId` and the one from the handshake is the actual `PeerId`.
Thanks, I was already working on this. |
Explicitly call `make_server_config` and `make_client_config` as part of the upgrade.
Awesome! Let me know when you want another review! :) |
Description
During a handshake, certificates should be verified in order to allow the connection attempt to be aborted during the security handshake (by security protocols such as TLS or Noise). This requires being able to verify the peer ID after the handshake. Otherwise, we will have abnormal behaviors, such as aborting after completing the handshake and leaving the peer not knowing what went wrong.
Fixes: #2946.
Related: #4307.
Related: #4726.
Related: #882.
Tasks
InboundSecurityUpgrade
/OutboundSecurityUpgrade
traits that should be implemented by transports such as Noise or TLS.Builder::authenticate2
function to accept an upgrade that implements this traits.upgrade::secure
that calls theInboundSecurityUpgrade
/OutboundSecurityUpgrade
traits instead ofInboundConnectionUpgrade
/OutboundConnectionUpgrade
.InboundSecurityUpgrade
/OutboundSecurityUpgrade
traits for Noise and TLS transports, repectively.Notes & open questions