make signing dht put records optional

2025-09-10 11:52:21 +08:00 · 2015-02-23 00:25:20 -08:00
parent b2b3aa859a
commit 049b5ad945
15 changed files with 97 additions and 67 deletions
--- a/core/commands/dht.go
+++ b/core/commands/dht.go
@ -508,7 +508,7 @@ PutValue will store the given key value pair in the dht.
 		go func() {
 			defer close(events)
-			err := dht.PutValue(ctx, key, []byte(data))
+			err := dht.PutValue(ctx, key, []byte(data), true)
 			if err != nil {
 				notif.PublishQueryEvent(ctx, &notif.QueryEvent{
 					Type:  notif.QueryError,
--- a/namesys/publisher.go
+++ b/namesys/publisher.go
@ -62,7 +62,7 @@ func (p *ipnsPublisher) Publish(ctx context.Context, k ci.PrivKey, value u.Key)
 	log.Debugf("Storing pubkey at: %s", namekey)
 	// Store associated public key
 	timectx, _ := context.WithDeadline(ctx, time.Now().Add(time.Second*10))
-	err = p.routing.PutValue(timectx, namekey, pkbytes)
+	err = p.routing.PutValue(timectx, namekey, pkbytes, false)
 	if err != nil {
 		return err
 	}
@ -72,7 +72,7 @@ func (p *ipnsPublisher) Publish(ctx context.Context, k ci.PrivKey, value u.Key)
 	log.Debugf("Storing ipns entry at: %s", ipnskey)
 	// Store ipns entry at "/ipns/"+b58(h(pubkey))
 	timectx, _ = context.WithDeadline(ctx, time.Now().Add(time.Second*10))
-	err = p.routing.PutValue(timectx, ipnskey, data)
+	err = p.routing.PutValue(timectx, ipnskey, data, true)
 	if err != nil {
 		return err
 	}
--- a/routing/dht/dht.go
+++ b/routing/dht/dht.go
@ -254,16 +254,7 @@ func (dht *IpfsDHT) getOwnPrivateKey() (ci.PrivKey, error) {
 }
 // putLocal stores the key value pair in the datastore
-func (dht *IpfsDHT) putLocal(key u.Key, value []byte) error {
+func (dht *IpfsDHT) putLocal(key u.Key, rec *pb.Record) error {
 	sk, err := dht.getOwnPrivateKey()
 	if err != nil {
 		return err
 	}
 	rec, err := record.MakePutRecord(sk, key, value)
 	if err != nil {
 		return err
 	}
 	data, err := proto.Marshal(rec)
 	if err != nil {
 		return err
--- a/routing/dht/dht_test.go
+++ b/routing/dht/dht_test.go
@ -17,6 +17,7 @@ import (
 	peer "github.com/jbenet/go-ipfs/p2p/peer"
 	netutil "github.com/jbenet/go-ipfs/p2p/test/util"
 	routing "github.com/jbenet/go-ipfs/routing"
 	record "github.com/jbenet/go-ipfs/routing/record"
 	u "github.com/jbenet/go-ipfs/util"
 	ci "github.com/jbenet/go-ipfs/util/testutil/ci"
@ -147,7 +148,7 @@ func TestValueGetSet(t *testing.T) {
 	connect(t, ctx, dhtA, dhtB)
 	ctxT, _ := context.WithTimeout(ctx, time.Second)
-	dhtA.PutValue(ctxT, "/v/hello", []byte("world"))
+	dhtA.PutValue(ctxT, "/v/hello", []byte("world"), false)
 	ctxT, _ = context.WithTimeout(ctx, time.Second*2)
 	val, err := dhtA.GetValue(ctxT, "/v/hello")
@ -188,7 +189,13 @@ func TestProvides(t *testing.T) {
 	for k, v := range testCaseValues {
 		log.Debugf("adding local values for %s = %s", k, v)
-		err := dhts[3].putLocal(k, v)
+		sk := dhts[3].peerstore.PrivKey(dhts[3].self)
 		rec, err := record.MakePutRecord(sk, k, v, false)
 		if err != nil {
 			t.Fatal(err)
 		}
 		err = dhts[3].putLocal(k, rec)
 		if err != nil {
 			t.Fatal(err)
 		}
@ -456,7 +463,12 @@ func TestProvidesMany(t *testing.T) {
 		providers[k] = dht.self
 		t.Logf("adding local values for %s = %s (on %s)", k, v, dht.self)
-		err := dht.putLocal(k, v)
+		rec, err := record.MakePutRecord(nil, k, v, false)
 		if err != nil {
 			t.Fatal(err)
 		}
 		err = dht.putLocal(k, rec)
 		if err != nil {
 			t.Fatal(err)
 		}
@ -543,13 +555,21 @@ func TestProvidesAsync(t *testing.T) {
 	connect(t, ctx, dhts[1], dhts[2])
 	connect(t, ctx, dhts[1], dhts[3])
-	err := dhts[3].putLocal(u.Key("hello"), []byte("world"))
+	k := u.Key("hello")
 	val := []byte("world")
 	sk := dhts[3].peerstore.PrivKey(dhts[3].self)
 	rec, err := record.MakePutRecord(sk, k, val, false)
 	if err != nil {
 		t.Fatal(err)
 	}
-	bits, err := dhts[3].getLocal(u.Key("hello"))
+	err = dhts[3].putLocal(k, rec)
-	if err != nil && bytes.Equal(bits, []byte("world")) {
+	if err != nil {
 		t.Fatal(err)
 	}
 	bits, err := dhts[3].getLocal(k)
 	if err != nil && bytes.Equal(bits, val) {
 		t.Fatal(err)
 	}
--- a/routing/dht/ext_test.go
+++ b/routing/dht/ext_test.go
@ -111,7 +111,7 @@ func TestGetFailures(t *testing.T) {
 			t.Fatal(err)
 		}
-		rec, err := record.MakePutRecord(sk, u.Key(str), []byte("blah"))
+		rec, err := record.MakePutRecord(sk, u.Key(str), []byte("blah"), true)
 		if err != nil {
 			t.Fatal(err)
 		}
--- a/routing/dht/records.go
+++ b/routing/dht/records.go
@ -7,6 +7,7 @@ import (
 	ci "github.com/jbenet/go-ipfs/p2p/crypto"
 	peer "github.com/jbenet/go-ipfs/p2p/peer"
 	pb "github.com/jbenet/go-ipfs/routing/dht/pb"
 	record "github.com/jbenet/go-ipfs/routing/record"
 	u "github.com/jbenet/go-ipfs/util"
 	ctxutil "github.com/jbenet/go-ipfs/util/ctx"
 )
@ -99,14 +100,20 @@ func (dht *IpfsDHT) getPublicKeyFromNode(ctx context.Context, p peer.ID) (ci.Pub
 // key, we fail. we do not search the dht.
 func (dht *IpfsDHT) verifyRecordLocally(r *pb.Record) error {
-	// First, validate the signature
+	if len(r.Signature) > 0 {
-	p := peer.ID(r.GetAuthor())
+		// First, validate the signature
-	pk := dht.peerstore.PubKey(p)
+		p := peer.ID(r.GetAuthor())
-	if pk == nil {
+		pk := dht.peerstore.PubKey(p)
-		return fmt.Errorf("do not have public key for %s", p)
+		if pk == nil {
 			return fmt.Errorf("do not have public key for %s", p)
 		}
 		if err := record.CheckRecordSig(r, pk); err != nil {
 			return err
 		}
 	}
-	return dht.Validator.VerifyRecord(r, pk)
+	return dht.Validator.VerifyRecord(r)
 }
 // verifyRecordOnline verifies a record, searching the DHT for the public key
@ -116,12 +123,19 @@ func (dht *IpfsDHT) verifyRecordLocally(r *pb.Record) error {
 // massive amplification attack on the dht. Use with care.
 func (dht *IpfsDHT) verifyRecordOnline(ctx context.Context, r *pb.Record) error {
-	// get the public key, search for it if necessary.
+	if len(r.Signature) > 0 {
-	p := peer.ID(r.GetAuthor())
+		// get the public key, search for it if necessary.
-	pk, err := dht.getPublicKeyOnline(ctx, p)
+		p := peer.ID(r.GetAuthor())
-	if err != nil {
+		pk, err := dht.getPublicKeyOnline(ctx, p)
-		return err
+		if err != nil {
 			return err
 		}
 		err = record.CheckRecordSig(r, pk)
 		if err != nil {
 			return err
 		}
 	}
-	return dht.Validator.VerifyRecord(r, pk)
+	return dht.Validator.VerifyRecord(r)
 }
--- a/routing/dht/routing.go
+++ b/routing/dht/routing.go
@ -29,24 +29,24 @@ var asyncQueryBuffer = 10
 // PutValue adds value corresponding to given Key.
 // This is the top level "Store" operation of the DHT
-func (dht *IpfsDHT) PutValue(ctx context.Context, key u.Key, value []byte) error {
+func (dht *IpfsDHT) PutValue(ctx context.Context, key u.Key, value []byte, sign bool) error {
 	log.Debugf("PutValue %s", key)
 	err := dht.putLocal(key, value)
 	if err != nil {
 		return err
 	}
 	sk, err := dht.getOwnPrivateKey()
 	if err != nil {
 		return err
 	}
-	rec, err := record.MakePutRecord(sk, key, value)
+	rec, err := record.MakePutRecord(sk, key, value, sign)
 	if err != nil {
 		log.Debug("Creation of record failed!")
 		return err
 	}
 	err = dht.putLocal(key, rec)
 	if err != nil {
 		return err
 	}
 	pchan, err := dht.GetClosestPeers(ctx, key)
 	if err != nil {
 		return err
--- a/routing/mock/centralized_client.go
+++ b/routing/mock/centralized_client.go
@ -22,7 +22,7 @@ type client struct {
 }
 // FIXME(brian): is this method meant to simulate putting a value into the network?
-func (c *client) PutValue(ctx context.Context, key u.Key, val []byte) error {
+func (c *client) PutValue(ctx context.Context, key u.Key, val []byte, sign bool) error {
 	log.Debugf("PutValue: %s", key)
 	return c.datastore.Put(key.DsKey(), val)
 }
--- a/routing/offline/offline.go
+++ b/routing/offline/offline.go
@ -35,8 +35,8 @@ type offlineRouting struct {
 	sk        ci.PrivKey
 }
-func (c *offlineRouting) PutValue(ctx context.Context, key u.Key, val []byte) error {
+func (c *offlineRouting) PutValue(ctx context.Context, key u.Key, val []byte, sign bool) error {
-	rec, err := record.MakePutRecord(c.sk, key, val)
+	rec, err := record.MakePutRecord(c.sk, key, val, sign)
 	if err != nil {
 		return err
 	}
@ -89,7 +89,7 @@ func (c *offlineRouting) Ping(ctx context.Context, p peer.ID) (time.Duration, er
 	return 0, ErrOffline
 }
-func (c *offlineRouting) Bootstrap(context.Context) (error) {
+func (c *offlineRouting) Bootstrap(context.Context) error {
 	return nil
 }
--- a/routing/record/record.go
+++ b/routing/record/record.go
@ -14,7 +14,7 @@ import (
 var log = eventlog.Logger("routing/record")
 // MakePutRecord creates and signs a dht record for the given key/value pair
-func MakePutRecord(sk ci.PrivKey, key u.Key, value []byte) (*pb.Record, error) {
+func MakePutRecord(sk ci.PrivKey, key u.Key, value []byte, sign bool) (*pb.Record, error) {
 	record := new(pb.Record)
 	record.Key = proto.String(string(key))
@ -26,14 +26,16 @@ func MakePutRecord(sk ci.PrivKey, key u.Key, value []byte) (*pb.Record, error) {
 	}
 	record.Author = proto.String(string(pkh))
-	blob := RecordBlobForSig(record)
+	if sign {
 		blob := RecordBlobForSig(record)
-	sig, err := sk.Sign(blob)
+		sig, err := sk.Sign(blob)
-	if err != nil {
+		if err != nil {
-		return nil, err
+			return nil, err
 		}
 		record.Signature = sig
 	}
 	record.Signature = sig
 	return record, nil
 }
--- a/routing/record/validation.go
+++ b/routing/record/validation.go
@ -29,19 +29,7 @@ type Validator map[string]ValidatorFunc
 // VerifyRecord checks a record and ensures it is still valid.
 // It runs needed validators
-func (v Validator) VerifyRecord(r *pb.Record, pk ci.PubKey) error {
+func (v Validator) VerifyRecord(r *pb.Record) error {
 	// First, validate the signature
 	blob := RecordBlobForSig(r)
 	ok, err := pk.Verify(blob, r.GetSignature())
 	if err != nil {
 		log.Info("Signature verify failed. (ignored)")
 		return err
 	}
 	if !ok {
 		log.Info("dht found a forged record! (ignored)")
 		return ErrBadRecord
 	}
 	// Now, check validity func
 	parts := strings.Split(r.GetKey(), "/")
 	if len(parts) < 3 {
@ -73,3 +61,15 @@ func ValidatePublicKeyRecord(k u.Key, val []byte) error {
 	}
 	return nil
 }
 func CheckRecordSig(r *pb.Record, pk ci.PubKey) error {
 	blob := RecordBlobForSig(r)
 	good, err := pk.Verify(blob, r.Signature)
 	if err != nil {
 		return nil
 	}
 	if !good {
 		return errors.New("invalid record signature")
 	}
 	return nil
 }
--- a/routing/routing.go
+++ b/routing/routing.go
@ -21,7 +21,7 @@ type IpfsRouting interface {
 	// Basic Put/Get
 	// PutValue adds value corresponding to given Key.
-	PutValue(context.Context, u.Key, []byte) error
+	PutValue(context.Context, u.Key, []byte, bool) error
 	// GetValue searches for the value corresponding to given Key.
 	GetValue(context.Context, u.Key) ([]byte, error)
--- a/routing/supernode/client.go
+++ b/routing/supernode/client.go
@ -59,7 +59,7 @@ func (c *Client) FindProvidersAsync(ctx context.Context, k u.Key, max int) <-cha
 	return ch
 }
-func (c *Client) PutValue(ctx context.Context, k u.Key, v []byte) error {
+func (c *Client) PutValue(ctx context.Context, k u.Key, v []byte, sign bool) error {
 	defer log.EventBegin(ctx, "putValue", &k).Done()
 	r, err := makeRecord(c.peerstore, c.local, k, v)
 	if err != nil {
--- a/routing/supernode/server.go
+++ b/routing/supernode/server.go
@ -210,7 +210,10 @@ func verify(ps peer.Peerstore, r *dhtpb.Record) error {
 	if pk == nil {
 		return fmt.Errorf("do not have public key for %s", p)
 	}
-	if err := v.VerifyRecord(r, pk); err != nil {
+	if err := record.CheckRecordSig(r, pk); err != nil {
 		return err
 	}
 	if err := v.VerifyRecord(r); err != nil {
 		return err
 	}
 	return nil
--- a/test/integration/grandcentral_test.go
+++ b/test/integration/grandcentral_test.go
@ -168,7 +168,7 @@ func RunSupernodePutRecordGetRecord(conf testutil.LatencyConfig) error {
 	k := util.Key("key")
 	note := []byte("a note from putter")
-	if err := putter.Routing.PutValue(ctx, k, note); err != nil {
+	if err := putter.Routing.PutValue(ctx, k, note, false); err != nil {
 		return fmt.Errorf("failed to put value: %s", err)
 	}