diff options
Diffstat (limited to 'p2p/enr')
| -rw-r--r-- | p2p/enr/enr.go | 168 | ||||
| -rw-r--r-- | p2p/enr/enr_test.go | 124 | ||||
| -rw-r--r-- | p2p/enr/entries.go | 26 | ||||
| -rw-r--r-- | p2p/enr/idscheme.go | 114 | ||||
| -rw-r--r-- | p2p/enr/idscheme_test.go | 36 |
5 files changed, 140 insertions, 328 deletions
diff --git a/p2p/enr/enr.go b/p2p/enr/enr.go index 48683471d..251caf458 100644 --- a/p2p/enr/enr.go +++ b/p2p/enr/enr.go @@ -15,14 +15,20 @@ // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. // Package enr implements Ethereum Node Records as defined in EIP-778. A node record holds -// arbitrary information about a node on the peer-to-peer network. -// -// Records contain named keys. To store and retrieve key/values in a record, use the Entry +// arbitrary information about a node on the peer-to-peer network. Node information is +// stored in key/value pairs. To store and retrieve key/values in a record, use the Entry // interface. // -// Records must be signed before transmitting them to another node. Decoding a record verifies -// its signature. When creating a record, set the entries you want, then call Sign to add the -// signature. Modifying a record invalidates the signature. +// Signature Handling +// +// Records must be signed before transmitting them to another node. +// +// Decoding a record doesn't check its signature. Code working with records from an +// untrusted source must always verify two things: that the record uses an identity scheme +// deemed secure, and that the signature is valid according to the declared scheme. +// +// When creating a record, set the entries you want and use a signing function provided by +// the identity scheme to add the signature. Modifying a record invalidates the signature. // // Package enr supports the "secp256k1-keccak" identity scheme. package enr @@ -40,8 +46,7 @@ import ( const SizeLimit = 300 // maximum encoded size of a node record in bytes var ( - errNoID = errors.New("unknown or unspecified identity scheme") - errInvalidSig = errors.New("invalid signature") + ErrInvalidSig = errors.New("invalid signature on node record") errNotSorted = errors.New("record key/value pairs are not sorted by key") errDuplicateKey = errors.New("record contains duplicate key") errIncompletePair = errors.New("record contains incomplete k/v pair") @@ -50,6 +55,32 @@ var ( errNotFound = errors.New("no such key in record") ) +// An IdentityScheme is capable of verifying record signatures and +// deriving node addresses. +type IdentityScheme interface { + Verify(r *Record, sig []byte) error + NodeAddr(r *Record) []byte +} + +// SchemeMap is a registry of named identity schemes. +type SchemeMap map[string]IdentityScheme + +func (m SchemeMap) Verify(r *Record, sig []byte) error { + s := m[r.IdentityScheme()] + if s == nil { + return ErrInvalidSig + } + return s.Verify(r, sig) +} + +func (m SchemeMap) NodeAddr(r *Record) []byte { + s := m[r.IdentityScheme()] + if s == nil { + return nil + } + return s.NodeAddr(r) +} + // Record represents a node record. The zero value is an empty record. type Record struct { seq uint64 // sequence number @@ -64,11 +95,6 @@ type pair struct { v rlp.RawValue } -// Signed reports whether the record has a valid signature. -func (r *Record) Signed() bool { - return r.signature != nil -} - // Seq returns the sequence number. func (r *Record) Seq() uint64 { return r.seq @@ -140,7 +166,7 @@ func (r *Record) invalidate() { // EncodeRLP implements rlp.Encoder. Encoding fails if // the record is unsigned. func (r Record) EncodeRLP(w io.Writer) error { - if !r.Signed() { + if r.signature == nil { return errEncodeUnsigned } _, err := w.Write(r.raw) @@ -149,25 +175,34 @@ func (r Record) EncodeRLP(w io.Writer) error { // DecodeRLP implements rlp.Decoder. Decoding verifies the signature. func (r *Record) DecodeRLP(s *rlp.Stream) error { - raw, err := s.Raw() + dec, raw, err := decodeRecord(s) if err != nil { return err } + *r = dec + r.raw = raw + return nil +} + +func decodeRecord(s *rlp.Stream) (dec Record, raw []byte, err error) { + raw, err = s.Raw() + if err != nil { + return dec, raw, err + } if len(raw) > SizeLimit { - return errTooBig + return dec, raw, errTooBig } // Decode the RLP container. - dec := Record{raw: raw} s = rlp.NewStream(bytes.NewReader(raw), 0) if _, err := s.List(); err != nil { - return err + return dec, raw, err } if err = s.Decode(&dec.signature); err != nil { - return err + return dec, raw, err } if err = s.Decode(&dec.seq); err != nil { - return err + return dec, raw, err } // The rest of the record contains sorted k/v pairs. var prevkey string @@ -177,73 +212,68 @@ func (r *Record) DecodeRLP(s *rlp.Stream) error { if err == rlp.EOL { break } - return err + return dec, raw, err } if err := s.Decode(&kv.v); err != nil { if err == rlp.EOL { - return errIncompletePair + return dec, raw, errIncompletePair } - return err + return dec, raw, err } if i > 0 { if kv.k == prevkey { - return errDuplicateKey + return dec, raw, errDuplicateKey } if kv.k < prevkey { - return errNotSorted + return dec, raw, errNotSorted } } dec.pairs = append(dec.pairs, kv) prevkey = kv.k } - if err := s.ListEnd(); err != nil { - return err - } + return dec, raw, s.ListEnd() +} - _, scheme := dec.idScheme() - if scheme == nil { - return errNoID - } - if err := scheme.Verify(&dec, dec.signature); err != nil { - return err - } - *r = dec - return nil +// IdentityScheme returns the name of the identity scheme in the record. +func (r *Record) IdentityScheme() string { + var id ID + r.Load(&id) + return string(id) } -// NodeAddr returns the node address. The return value will be nil if the record is -// unsigned or uses an unknown identity scheme. -func (r *Record) NodeAddr() []byte { - _, scheme := r.idScheme() - if scheme == nil { - return nil - } - return scheme.NodeAddr(r) +// VerifySignature checks whether the record is signed using the given identity scheme. +func (r *Record) VerifySignature(s IdentityScheme) error { + return s.Verify(r, r.signature) } // SetSig sets the record signature. It returns an error if the encoded record is larger // than the size limit or if the signature is invalid according to the passed scheme. -func (r *Record) SetSig(idscheme string, sig []byte) error { - // Check that "id" is set and matches the given scheme. This panics because - // inconsitencies here are always implementation bugs in the signing function calling - // this method. - id, s := r.idScheme() - if s == nil { - panic(errNoID) - } - if id != idscheme { - panic(fmt.Errorf("identity scheme mismatch in Sign: record has %s, want %s", id, idscheme)) - } - - // Verify against the scheme. - if err := s.Verify(r, sig); err != nil { - return err - } - raw, err := r.encode(sig) - if err != nil { - return err +// +// You can also use SetSig to remove the signature explicitly by passing a nil scheme +// and signature. +// +// SetSig panics when either the scheme or the signature (but not both) are nil. +func (r *Record) SetSig(s IdentityScheme, sig []byte) error { + switch { + // Prevent storing invalid data. + case s == nil && sig != nil: + panic("enr: invalid call to SetSig with non-nil signature but nil scheme") + case s != nil && sig == nil: + panic("enr: invalid call to SetSig with nil signature but non-nil scheme") + // Verify if we have a scheme. + case s != nil: + if err := s.Verify(r, sig); err != nil { + return err + } + raw, err := r.encode(sig) + if err != nil { + return err + } + r.signature, r.raw = sig, raw + // Reset otherwise. + default: + r.signature, r.raw = nil, nil } - r.signature, r.raw = sig, raw return nil } @@ -268,11 +298,3 @@ func (r *Record) encode(sig []byte) (raw []byte, err error) { } return raw, nil } - -func (r *Record) idScheme() (string, IdentityScheme) { - var id ID - if err := r.Load(&id); err != nil { - return "", nil - } - return string(id), FindIdentityScheme(string(id)) -} diff --git a/p2p/enr/enr_test.go b/p2p/enr/enr_test.go index d1d088756..9bf22478d 100644 --- a/p2p/enr/enr_test.go +++ b/p2p/enr/enr_test.go @@ -18,23 +18,17 @@ package enr import ( "bytes" - "encoding/hex" + "encoding/binary" "fmt" "math/rand" "testing" "time" - "github.com/ethereum/go-ethereum/crypto" "github.com/ethereum/go-ethereum/rlp" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) -var ( - privkey, _ = crypto.HexToECDSA("b71c71a67e1177ad4e901695e1b4b9ee17ae16c6668d313eac2f96dbcda3f291") - pubkey = &privkey.PublicKey -) - var rnd = rand.New(rand.NewSource(time.Now().UnixNano())) func randomString(strlen int) string { @@ -87,18 +81,6 @@ func TestGetSetUDP(t *testing.T) { assert.Equal(t, port, port2) } -// TestGetSetSecp256k1 tests encoding/decoding and setting/getting of the Secp256k1 key. -func TestGetSetSecp256k1(t *testing.T) { - var r Record - if err := SignV4(&r, privkey); err != nil { - t.Fatal(err) - } - - var pk Secp256k1 - require.NoError(t, r.Load(&pk)) - assert.EqualValues(t, pubkey, &pk) -} - func TestLoadErrors(t *testing.T) { var r Record ip4 := IP{127, 0, 0, 1} @@ -167,23 +149,20 @@ func TestSortedGetAndSet(t *testing.T) { func TestDirty(t *testing.T) { var r Record - if r.Signed() { - t.Error("Signed returned true for zero record") - } if _, err := rlp.EncodeToBytes(r); err != errEncodeUnsigned { t.Errorf("expected errEncodeUnsigned, got %#v", err) } - require.NoError(t, SignV4(&r, privkey)) - if !r.Signed() { - t.Error("Signed return false for signed record") + require.NoError(t, signTest([]byte{5}, &r)) + if len(r.signature) == 0 { + t.Error("record is not signed") } _, err := rlp.EncodeToBytes(r) assert.NoError(t, err) r.SetSeq(3) - if r.Signed() { - t.Error("Signed returned true for modified record") + if len(r.signature) != 0 { + t.Error("signature still set after modification") } if _, err := rlp.EncodeToBytes(r); err != errEncodeUnsigned { t.Errorf("expected errEncodeUnsigned, got %#v", err) @@ -210,7 +189,7 @@ func TestSignEncodeAndDecode(t *testing.T) { var r Record r.Set(UDP(30303)) r.Set(IP{127, 0, 0, 1}) - require.NoError(t, SignV4(&r, privkey)) + require.NoError(t, signTest([]byte{5}, &r)) blob, err := rlp.EncodeToBytes(r) require.NoError(t, err) @@ -224,48 +203,6 @@ func TestSignEncodeAndDecode(t *testing.T) { assert.Equal(t, blob, blob2) } -func TestNodeAddr(t *testing.T) { - var r Record - if addr := r.NodeAddr(); addr != nil { - t.Errorf("wrong address on empty record: got %v, want %v", addr, nil) - } - - require.NoError(t, SignV4(&r, privkey)) - expected := "a448f24c6d18e575453db13171562b71999873db5b286df957af199ec94617f7" - assert.Equal(t, expected, hex.EncodeToString(r.NodeAddr())) -} - -var pyRecord, _ = hex.DecodeString("f884b8407098ad865b00a582051940cb9cf36836572411a47278783077011599ed5cd16b76f2635f4e234738f30813a89eb9137e3e3df5266e3a1f11df72ecf1145ccb9c01826964827634826970847f00000189736563703235366b31a103ca634cae0d49acb401d8a4c6b6fe8c55b70d115bf400769cc1400f3258cd31388375647082765f") - -// TestPythonInterop checks that we can decode and verify a record produced by the Python -// implementation. -func TestPythonInterop(t *testing.T) { - var r Record - if err := rlp.DecodeBytes(pyRecord, &r); err != nil { - t.Fatalf("can't decode: %v", err) - } - - var ( - wantAddr, _ = hex.DecodeString("a448f24c6d18e575453db13171562b71999873db5b286df957af199ec94617f7") - wantSeq = uint64(1) - wantIP = IP{127, 0, 0, 1} - wantUDP = UDP(30303) - ) - if r.Seq() != wantSeq { - t.Errorf("wrong seq: got %d, want %d", r.Seq(), wantSeq) - } - if addr := r.NodeAddr(); !bytes.Equal(addr, wantAddr) { - t.Errorf("wrong addr: got %x, want %x", addr, wantAddr) - } - want := map[Entry]interface{}{new(IP): &wantIP, new(UDP): &wantUDP} - for k, v := range want { - desc := fmt.Sprintf("loading key %q", k.ENRKey()) - if assert.NoError(t, r.Load(k), desc) { - assert.Equal(t, k, v, desc) - } - } -} - // TestRecordTooBig tests that records bigger than SizeLimit bytes cannot be signed. func TestRecordTooBig(t *testing.T) { var r Record @@ -273,13 +210,13 @@ func TestRecordTooBig(t *testing.T) { // set a big value for random key, expect error r.Set(WithEntry(key, randomString(SizeLimit))) - if err := SignV4(&r, privkey); err != errTooBig { + if err := signTest([]byte{5}, &r); err != errTooBig { t.Fatalf("expected to get errTooBig, got %#v", err) } // set an acceptable value for random key, expect no error r.Set(WithEntry(key, randomString(100))) - require.NoError(t, SignV4(&r, privkey)) + require.NoError(t, signTest([]byte{5}, &r)) } // TestSignEncodeAndDecodeRandom tests encoding/decoding of records containing random key/value pairs. @@ -295,7 +232,7 @@ func TestSignEncodeAndDecodeRandom(t *testing.T) { r.Set(WithEntry(key, &value)) } - require.NoError(t, SignV4(&r, privkey)) + require.NoError(t, signTest([]byte{5}, &r)) _, err := rlp.EncodeToBytes(r) require.NoError(t, err) @@ -308,11 +245,40 @@ func TestSignEncodeAndDecodeRandom(t *testing.T) { } } -func BenchmarkDecode(b *testing.B) { - var r Record - for i := 0; i < b.N; i++ { - rlp.DecodeBytes(pyRecord, &r) +type testSig struct{} + +type testID []byte + +func (id testID) ENRKey() string { return "testid" } + +func signTest(id []byte, r *Record) error { + r.Set(ID("test")) + r.Set(testID(id)) + return r.SetSig(testSig{}, makeTestSig(id, r.Seq())) +} + +func makeTestSig(id []byte, seq uint64) []byte { + sig := make([]byte, 8, len(id)+8) + binary.BigEndian.PutUint64(sig[:8], seq) + sig = append(sig, id...) + return sig +} + +func (testSig) Verify(r *Record, sig []byte) error { + var id []byte + if err := r.Load((*testID)(&id)); err != nil { + return err + } + if !bytes.Equal(sig, makeTestSig(id, r.Seq())) { + return ErrInvalidSig + } + return nil +} + +func (testSig) NodeAddr(r *Record) []byte { + var id []byte + if err := r.Load((*testID)(&id)); err != nil { + return nil } - b.StopTimer() - r.NodeAddr() + return id } diff --git a/p2p/enr/entries.go b/p2p/enr/entries.go index 71c7653a2..347990ab6 100644 --- a/p2p/enr/entries.go +++ b/p2p/enr/entries.go @@ -17,12 +17,10 @@ package enr import ( - "crypto/ecdsa" "fmt" "io" "net" - "github.com/ethereum/go-ethereum/crypto" "github.com/ethereum/go-ethereum/rlp" ) @@ -98,30 +96,6 @@ func (v *IP) DecodeRLP(s *rlp.Stream) error { return nil } -// Secp256k1 is the "secp256k1" key, which holds a public key. -type Secp256k1 ecdsa.PublicKey - -func (v Secp256k1) ENRKey() string { return "secp256k1" } - -// EncodeRLP implements rlp.Encoder. -func (v Secp256k1) EncodeRLP(w io.Writer) error { - return rlp.Encode(w, crypto.CompressPubkey((*ecdsa.PublicKey)(&v))) -} - -// DecodeRLP implements rlp.Decoder. -func (v *Secp256k1) DecodeRLP(s *rlp.Stream) error { - buf, err := s.Bytes() - if err != nil { - return err - } - pk, err := crypto.DecompressPubkey(buf) - if err != nil { - return err - } - *v = (Secp256k1)(*pk) - return nil -} - // KeyError is an error related to a key. type KeyError struct { Key string diff --git a/p2p/enr/idscheme.go b/p2p/enr/idscheme.go deleted file mode 100644 index efaf68041..000000000 --- a/p2p/enr/idscheme.go +++ /dev/null @@ -1,114 +0,0 @@ -// Copyright 2018 The go-ethereum Authors -// This file is part of the go-ethereum library. -// -// The go-ethereum library is free software: you can redistribute it and/or modify -// it under the terms of the GNU Lesser General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// The go-ethereum library is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU Lesser General Public License for more details. -// -// You should have received a copy of the GNU Lesser General Public License -// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. - -package enr - -import ( - "crypto/ecdsa" - "fmt" - "sync" - - "github.com/ethereum/go-ethereum/common/math" - "github.com/ethereum/go-ethereum/crypto" - "github.com/ethereum/go-ethereum/crypto/sha3" - "github.com/ethereum/go-ethereum/rlp" -) - -// Registry of known identity schemes. -var schemes sync.Map - -// An IdentityScheme is capable of verifying record signatures and -// deriving node addresses. -type IdentityScheme interface { - Verify(r *Record, sig []byte) error - NodeAddr(r *Record) []byte -} - -// RegisterIdentityScheme adds an identity scheme to the global registry. -func RegisterIdentityScheme(name string, scheme IdentityScheme) { - if _, loaded := schemes.LoadOrStore(name, scheme); loaded { - panic("identity scheme " + name + " already registered") - } -} - -// FindIdentityScheme resolves name to an identity scheme in the global registry. -func FindIdentityScheme(name string) IdentityScheme { - s, ok := schemes.Load(name) - if !ok { - return nil - } - return s.(IdentityScheme) -} - -// v4ID is the "v4" identity scheme. -type v4ID struct{} - -func init() { - RegisterIdentityScheme("v4", v4ID{}) -} - -// SignV4 signs a record using the v4 scheme. -func SignV4(r *Record, privkey *ecdsa.PrivateKey) error { - // Copy r to avoid modifying it if signing fails. - cpy := *r - cpy.Set(ID("v4")) - cpy.Set(Secp256k1(privkey.PublicKey)) - - h := sha3.NewKeccak256() - rlp.Encode(h, cpy.AppendElements(nil)) - sig, err := crypto.Sign(h.Sum(nil), privkey) - if err != nil { - return err - } - sig = sig[:len(sig)-1] // remove v - if err = cpy.SetSig("v4", sig); err == nil { - *r = cpy - } - return err -} - -// s256raw is an unparsed secp256k1 public key entry. -type s256raw []byte - -func (s256raw) ENRKey() string { return "secp256k1" } - -func (v4ID) Verify(r *Record, sig []byte) error { - var entry s256raw - if err := r.Load(&entry); err != nil { - return err - } else if len(entry) != 33 { - return fmt.Errorf("invalid public key") - } - - h := sha3.NewKeccak256() - rlp.Encode(h, r.AppendElements(nil)) - if !crypto.VerifySignature(entry, h.Sum(nil), sig) { - return errInvalidSig - } - return nil -} - -func (v4ID) NodeAddr(r *Record) []byte { - var pubkey Secp256k1 - err := r.Load(&pubkey) - if err != nil { - return nil - } - buf := make([]byte, 64) - math.ReadBits(pubkey.X, buf[:32]) - math.ReadBits(pubkey.Y, buf[32:]) - return crypto.Keccak256(buf) -} diff --git a/p2p/enr/idscheme_test.go b/p2p/enr/idscheme_test.go deleted file mode 100644 index d790e12f1..000000000 --- a/p2p/enr/idscheme_test.go +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright 2018 The go-ethereum Authors -// This file is part of the go-ethereum library. -// -// The go-ethereum library is free software: you can redistribute it and/or modify -// it under the terms of the GNU Lesser General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// The go-ethereum library is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU Lesser General Public License for more details. -// -// You should have received a copy of the GNU Lesser General Public License -// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. - -package enr - -import ( - "crypto/ecdsa" - "math/big" - "testing" -) - -// Checks that failure to sign leaves the record unmodified. -func TestSignError(t *testing.T) { - invalidKey := &ecdsa.PrivateKey{D: new(big.Int), PublicKey: *pubkey} - - var r Record - if err := SignV4(&r, invalidKey); err == nil { - t.Fatal("expected error from SignV4") - } - if len(r.pairs) > 0 { - t.Fatal("expected empty record, have", r.pairs) - } -} |