mirrors/tendermint
1
0
Fork 0
mirror of https://github.com/tendermint/tendermint.git synced 2026-01-05 13:05:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1604047c397e220c14434daa32edb3eebca81559
tendermint/p2p
History
Zaki Manian 9174fb7892 p2p: make SecretConnection non-malleable (#3668) 
## Issue:

This is an approach to fixing secret connection that is more noise-ish than actually noise.

but it essentially fixes the problem that #3315 is trying to solve by making the secret connection handshake non-malleable. It's easy to understand and I think will be acceptable to @jaekwon

.. the formal reasoning is basically, if the "view" of the transcript between diverges between the sender and the receiver at any point in the protocol, the handshake would terminate.

The base protocol of Station to Station mistakenly assumes that if the sender and receiver arrive at shared secret they have the same view. This is only true for a DH on prime order groups.

This robustly solves the problem by having each cryptographic operation commit to operators view of the protocol.

Another nice thing about a transcript is it provides the basis for "secure" (barring cryptographic breakages, horrible design flaws, or implementation bugs) downgrades, where a backwards compatible handshake can be used to offer newer protocol features/extensions, peers agree to the common subset of what they support, and both sides have to agree on what the other offered for the transcript MAC to verify.

With something like Protos/Amino you already get "extensions" for free (TLS uses a simple TLV format https://tools.ietf.org/html/rfc8446#section-4.2 for extensions not too far off from Protos/Amino), so as long as you cryptographically commit to what they contain in the transcript, it should be possible to extend the protocol in a backwards-compatible manner.

## Commits:

* Minimal changes to remove malleability of secret connection removes the need to check for lower order points.

Breaks compatibility. Secret connections that have no been updated will fail

* Remove the redundant blacklist

* remove remainders of blacklist in tests to make the code compile again

Signed-off-by: Ismail Khoffi <Ismail.Khoffi@gmail.com>

* Apply suggestions from code review

Apply Ismail's error handling

Co-Authored-By: Ismail Khoffi <Ismail.Khoffi@gmail.com>

* fix error check for io.ReadFull

Signed-off-by: Ismail Khoffi <Ismail.Khoffi@gmail.com>

* Update p2p/conn/secret_connection.go

Co-Authored-By: Ismail Khoffi <Ismail.Khoffi@gmail.com>

* Update p2p/conn/secret_connection.go

Co-Authored-By: Bot from GolangCI <42910462+golangcibot@users.noreply.github.com>

* update changelog and format the code

* move hkdfInit closer to where it's used
2019-11-14 13:45:17 +04:00
..
conn
p2p: make SecretConnection non-malleable (#3668)
2019-11-14 13:45:17 +04:00
mock
node: allow registration of custom reactors while creating node (#3771)
2019-07-03 17:17:59 +04:00
pex
p2p: log as debug msg when address dialing is already connected (#4082)
2019-10-27 08:41:56 -07:00
trust
tm-cmn to tm-db (#3850)
2019-07-31 11:34:17 +02:00
upnp
Fix linter errors thrown by lll (#3970)
2019-10-17 10:42:28 +02:00
base_reactor.go
p2p: peer state init too late and pex message too soon (#3634)
2019-05-27 14:39:58 -04:00
codec.go
Renamed wire.go to codec.go (#3827)
2019-07-23 15:35:36 +02:00
conn_set.go
p2p: file descriptor leaks (#3150)
2019-01-22 13:23:18 -05:00
errors.go
p2p: seed mode refactoring (#3011)
2019-04-03 11:22:52 +02:00
fuzz.go
gocritic (2/2) (#3864)
2019-08-02 10:53:52 +04:00
key_test.go
fix import paths
2018-07-01 22:36:49 -04:00
key.go
remove unnecessary "crypto" import alias (#2940)
2018-11-28 23:53:04 +04:00
metrics.go
p2p: Per channel metrics (#3666) (#3677)
2019-06-05 11:22:00 +02:00
netaddress_test.go
Fix linter errors thrown by lll (#3970)
2019-10-17 10:42:28 +02:00
netaddress.go
gocritic (2/2) (#3864)
2019-08-02 10:53:52 +04:00
node_info_test.go
Fix linter errors thrown by lll (#3970)
2019-10-17 10:42:28 +02:00
node_info.go
Bring back NodeInfo NetAddress form the dead (#3545)
2019-04-12 12:31:02 +02:00
peer_set_test.go
Fixes tendermint/tendermint#3522
2019-04-01 19:59:57 -04:00
peer_set.go
p2p: fix peer count mismatch #2332 (#2969)
2018-12-05 07:32:27 -05:00
peer_test.go
replace errors.go with github.com/pkg/errors (2/2) (#3890)
2019-08-11 21:03:40 +04:00
peer.go
p2p: Per channel metrics (#3666) (#3677)
2019-06-05 11:22:00 +02:00
README.md
docs: fix p2p readme links (#3109)
2019-01-11 17:41:02 -05:00
switch_test.go
Fix linter errors thrown by lll (#3970)
2019-10-17 10:42:28 +02:00
switch.go
replace errors.go with github.com/pkg/errors (1/2) (#3888)
2019-08-08 14:31:13 +04:00
test_util.go
Fix linter errors thrown by lll (#3970)
2019-10-17 10:42:28 +02:00
transport_test.go
p2p: remove NewNetAddressStringWithOptionalID (#3711)
2019-06-05 17:39:28 +02:00
transport.go
p2p: only allow ed25519 pubkeys when connecting
2019-10-10 12:07:46 -05:00
types.go
Revert "delete everything" (includes everything non-go-crypto)
2018-06-20 17:35:30 -07:00

README.md

p2p

The p2p package provides an abstraction around peer-to-peer communication.

Docs:

  • Connection for details on how connections and multiplexing work
  • Peer for details on peer ID, handshakes, and peer exchange
  • Node for details about different types of nodes and how they should work
  • Pex for details on peer discovery and exchange
  • Config for details on some config option