Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

libp2phttp: HTTP Peer ID Authentication #2854

Merged
merged 37 commits into from
Oct 8, 2024
Merged

Conversation

MarcoPolo
Copy link
Collaborator

This enables HTTP peers to authenticate each other's peer ID. This would allow users to use an http transport that has a peer id component (e.g. /dns/example.com/http/p2p/12Foo). I think it's nice to have this for completeness so that an http transport has the same semantics as a libp2p stream transport when doing HTTP with regard to Peer IDs.

There's more testing I want to do here, but I think this is more or less ready for a review.

For a high level overview of the authentication protocol refer to the overview in the spec: https://github.com/libp2p/specs/blob/45006f17d2fa0cede50b2db2311a55061011a3fc/http/peer-id-auth.md#mutual-client-and-server-peer-id-authentication-overview

@MarcoPolo

This comment was marked as outdated.

p2p/http/auth/client.go Outdated Show resolved Hide resolved
p2p/http/auth/client.go Outdated Show resolved Hide resolved
p2p/http/auth/client.go Outdated Show resolved Hide resolved
p2p/http/auth/auth.go Outdated Show resolved Hide resolved
p2p/http/auth/client.go Outdated Show resolved Hide resolved
p2p/http/auth/server.go Outdated Show resolved Hide resolved
p2p/http/auth/server.go Outdated Show resolved Hide resolved
p2p/http/auth/server.go Outdated Show resolved Hide resolved
p2p/http/auth/server.go Outdated Show resolved Hide resolved
p2p/http/auth/server.go Outdated Show resolved Hide resolved
@MarcoPolo
Copy link
Collaborator Author

MarcoPolo commented Aug 28, 2024

I've completely refactored this. The handshake logic is now neatly in internal/handshake. The Client API is simpler, and the Server API changed a little bit (in a way that makes it hopefully easier to use). The server uses HMAC to authenticate the opaque and the token. And it's also close to 10x faster (still could be improved, but this might be good enough for now).

The main missing thing is the test that generates the examples for the spec. I'll work on that next, but otherwise I think this is ready. Done.

when you get a chance, could I get a review here and in the spec libp2p/specs#564 @sukunrt .

p2p/http/auth/auth.go Outdated Show resolved Hide resolved
p2p/http/auth/client.go Outdated Show resolved Hide resolved
}
resp.Body.Close()

err = handshake.ParseHeader(resp.Header)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to set the status code first?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the client? Or do you mean assert the status code is 401?

p2p/http/auth/internal/handshake/client.go Outdated Show resolved Hide resolved
p2p/http/auth/client.go Outdated Show resolved Hide resolved
@sukunrt
Copy link
Member

sukunrt commented Sep 8, 2024

The new spec is much nicer! Thanks @MarcoPolo

p2p/http/auth/client.go Outdated Show resolved Hide resolved
@MarcoPolo MarcoPolo merged commit b198a51 into master Oct 8, 2024
11 checks passed
This was referenced Oct 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants