make signing dht put records optional

core/commands/dht.go

@@ -508,7 +508,7 @@ PutValue will store the given key value pair in the dht.
 
 		go func() {
 			defer close(events)
-			err := dht.PutValue(ctx, key, []byte(data))
+			err := dht.PutValue(ctx, key, []byte(data), true)
 			if err != nil {
 				notif.PublishQueryEvent(ctx, &notif.QueryEvent{
 					Type:  notif.QueryError,

namesys/publisher.go

@@ -62,7 +62,7 @@ func (p *ipnsPublisher) Publish(ctx context.Context, k ci.PrivKey, value u.Key)
 	log.Debugf("Storing pubkey at: %s", namekey)
 	// Store associated public key
 	timectx, _ := context.WithDeadline(ctx, time.Now().Add(time.Second*10))
-	err = p.routing.PutValue(timectx, namekey, pkbytes)
+	err = p.routing.PutValue(timectx, namekey, pkbytes, false)
 	if err != nil {
 		return err
 	}
@@ -72,7 +72,7 @@ func (p *ipnsPublisher) Publish(ctx context.Context, k ci.PrivKey, value u.Key)
 	log.Debugf("Storing ipns entry at: %s", ipnskey)
 	// Store ipns entry at "/ipns/"+b58(h(pubkey))
 	timectx, _ = context.WithDeadline(ctx, time.Now().Add(time.Second*10))
-	err = p.routing.PutValue(timectx, ipnskey, data)
+	err = p.routing.PutValue(timectx, ipnskey, data, true)
 	if err != nil {
 		return err
 	}

routing/dht/dht.go

@@ -254,16 +254,7 @@ func (dht *IpfsDHT) getOwnPrivateKey() (ci.PrivKey, error) {
 }
 
 // putLocal stores the key value pair in the datastore
-func (dht *IpfsDHT) putLocal(key u.Key, value []byte) error {
-	sk, err := dht.getOwnPrivateKey()
-	if err != nil {
-		return err
-	}
-
-	rec, err := record.MakePutRecord(sk, key, value)
-	if err != nil {
-		return err
-	}
+func (dht *IpfsDHT) putLocal(key u.Key, rec *pb.Record) error {
 	data, err := proto.Marshal(rec)
 	if err != nil {
 		return err

routing/dht/dht_test.go

@@ -17,6 +17,7 @@ import (
 	peer "github.com/jbenet/go-ipfs/p2p/peer"
 	netutil "github.com/jbenet/go-ipfs/p2p/test/util"
 	routing "github.com/jbenet/go-ipfs/routing"
+	record "github.com/jbenet/go-ipfs/routing/record"
 	u "github.com/jbenet/go-ipfs/util"
 
 	ci "github.com/jbenet/go-ipfs/util/testutil/ci"
@@ -147,7 +148,7 @@ func TestValueGetSet(t *testing.T) {
 	connect(t, ctx, dhtA, dhtB)
 
 	ctxT, _ := context.WithTimeout(ctx, time.Second)
-	dhtA.PutValue(ctxT, "/v/hello", []byte("world"))
+	dhtA.PutValue(ctxT, "/v/hello", []byte("world"), false)
 
 	ctxT, _ = context.WithTimeout(ctx, time.Second*2)
 	val, err := dhtA.GetValue(ctxT, "/v/hello")
@@ -188,7 +189,13 @@ func TestProvides(t *testing.T) {
 
 	for k, v := range testCaseValues {
 		log.Debugf("adding local values for %s = %s", k, v)
-		err := dhts[3].putLocal(k, v)
+		sk := dhts[3].peerstore.PrivKey(dhts[3].self)
+		rec, err := record.MakePutRecord(sk, k, v, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = dhts[3].putLocal(k, rec)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -456,7 +463,12 @@ func TestProvidesMany(t *testing.T) {
 		providers[k] = dht.self
 
 		t.Logf("adding local values for %s = %s (on %s)", k, v, dht.self)
-		err := dht.putLocal(k, v)
+		rec, err := record.MakePutRecord(nil, k, v, false)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = dht.putLocal(k, rec)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -543,13 +555,21 @@ func TestProvidesAsync(t *testing.T) {
 	connect(t, ctx, dhts[1], dhts[2])
 	connect(t, ctx, dhts[1], dhts[3])
 
-	err := dhts[3].putLocal(u.Key("hello"), []byte("world"))
+	k := u.Key("hello")
+	val := []byte("world")
+	sk := dhts[3].peerstore.PrivKey(dhts[3].self)
+	rec, err := record.MakePutRecord(sk, k, val, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = dhts[3].putLocal(k, rec)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	bits, err := dhts[3].getLocal(u.Key("hello"))
-	if err != nil && bytes.Equal(bits, []byte("world")) {
+	bits, err := dhts[3].getLocal(k)
+	if err != nil && bytes.Equal(bits, val) {
 		t.Fatal(err)
 	}
 

routing/dht/ext_test.go

@@ -111,7 +111,7 @@ func TestGetFailures(t *testing.T) {
 			t.Fatal(err)
 		}
 
-		rec, err := record.MakePutRecord(sk, u.Key(str), []byte("blah"))
+		rec, err := record.MakePutRecord(sk, u.Key(str), []byte("blah"), true)
 		if err != nil {
 			t.Fatal(err)
 		}

routing/dht/records.go

@@ -7,6 +7,7 @@ import (
 	ci "github.com/jbenet/go-ipfs/p2p/crypto"
 	peer "github.com/jbenet/go-ipfs/p2p/peer"
 	pb "github.com/jbenet/go-ipfs/routing/dht/pb"
+	record "github.com/jbenet/go-ipfs/routing/record"
 	u "github.com/jbenet/go-ipfs/util"
 	ctxutil "github.com/jbenet/go-ipfs/util/ctx"
 )
@@ -99,14 +100,20 @@ func (dht *IpfsDHT) getPublicKeyFromNode(ctx context.Context, p peer.ID) (ci.Pub
 // key, we fail. we do not search the dht.
 func (dht *IpfsDHT) verifyRecordLocally(r *pb.Record) error {
 
-	// First, validate the signature
-	p := peer.ID(r.GetAuthor())
-	pk := dht.peerstore.PubKey(p)
-	if pk == nil {
-		return fmt.Errorf("do not have public key for %s", p)
+	if len(r.Signature) > 0 {
+		// First, validate the signature
+		p := peer.ID(r.GetAuthor())
+		pk := dht.peerstore.PubKey(p)
+		if pk == nil {
+			return fmt.Errorf("do not have public key for %s", p)
+		}
+
+		if err := record.CheckRecordSig(r, pk); err != nil {
+			return err
+		}
 	}
 
-	return dht.Validator.VerifyRecord(r, pk)
+	return dht.Validator.VerifyRecord(r)
 }
 
 // verifyRecordOnline verifies a record, searching the DHT for the public key
@@ -116,12 +123,19 @@ func (dht *IpfsDHT) verifyRecordLocally(r *pb.Record) error {
 // massive amplification attack on the dht. Use with care.
 func (dht *IpfsDHT) verifyRecordOnline(ctx context.Context, r *pb.Record) error {
 
-	// get the public key, search for it if necessary.
-	p := peer.ID(r.GetAuthor())
-	pk, err := dht.getPublicKeyOnline(ctx, p)
-	if err != nil {
-		return err
+	if len(r.Signature) > 0 {
+		// get the public key, search for it if necessary.
+		p := peer.ID(r.GetAuthor())
+		pk, err := dht.getPublicKeyOnline(ctx, p)
+		if err != nil {
+			return err
+		}
+
+		err = record.CheckRecordSig(r, pk)
+		if err != nil {
+			return err
+		}
 	}
 
-	return dht.Validator.VerifyRecord(r, pk)
+	return dht.Validator.VerifyRecord(r)
 }

routing/dht/routing.go

@@ -29,21 +29,21 @@ var asyncQueryBuffer = 10
 
 // PutValue adds value corresponding to given Key.
 // This is the top level "Store" operation of the DHT
-func (dht *IpfsDHT) PutValue(ctx context.Context, key u.Key, value []byte) error {
+func (dht *IpfsDHT) PutValue(ctx context.Context, key u.Key, value []byte, sign bool) error {
 	log.Debugf("PutValue %s", key)
-	err := dht.putLocal(key, value)
+	sk, err := dht.getOwnPrivateKey()
 	if err != nil {
 		return err
 	}
 
-	sk, err := dht.getOwnPrivateKey()
+	rec, err := record.MakePutRecord(sk, key, value, sign)
 	if err != nil {
+		log.Debug("Creation of record failed!")
 		return err
 	}
 
-	rec, err := record.MakePutRecord(sk, key, value)
+	err = dht.putLocal(key, rec)
 	if err != nil {
-		log.Debug("Creation of record failed!")
 		return err
 	}
 

routing/mock/centralized_client.go

@@ -22,7 +22,7 @@ type client struct {
 }
 
 // FIXME(brian): is this method meant to simulate putting a value into the network?
-func (c *client) PutValue(ctx context.Context, key u.Key, val []byte) error {
+func (c *client) PutValue(ctx context.Context, key u.Key, val []byte, sign bool) error {
 	log.Debugf("PutValue: %s", key)
 	return c.datastore.Put(key.DsKey(), val)
 }

routing/offline/offline.go

@@ -35,8 +35,8 @@ type offlineRouting struct {
 	sk        ci.PrivKey
 }
 
-func (c *offlineRouting) PutValue(ctx context.Context, key u.Key, val []byte) error {
-	rec, err := record.MakePutRecord(c.sk, key, val)
+func (c *offlineRouting) PutValue(ctx context.Context, key u.Key, val []byte, sign bool) error {
+	rec, err := record.MakePutRecord(c.sk, key, val, sign)
 	if err != nil {
 		return err
 	}
@@ -89,7 +89,7 @@ func (c *offlineRouting) Ping(ctx context.Context, p peer.ID) (time.Duration, er
 	return 0, ErrOffline
 }
 
-func (c *offlineRouting) Bootstrap(context.Context) (error) {
+func (c *offlineRouting) Bootstrap(context.Context) error {
 	return nil
 }
 

routing/record/record.go

@@ -14,7 +14,7 @@ import (
 var log = eventlog.Logger("routing/record")
 
 // MakePutRecord creates and signs a dht record for the given key/value pair
-func MakePutRecord(sk ci.PrivKey, key u.Key, value []byte) (*pb.Record, error) {
+func MakePutRecord(sk ci.PrivKey, key u.Key, value []byte, sign bool) (*pb.Record, error) {
 	record := new(pb.Record)
 
 	record.Key = proto.String(string(key))
@@ -26,14 +26,16 @@ func MakePutRecord(sk ci.PrivKey, key u.Key, value []byte) (*pb.Record, error) {
 	}
 
 	record.Author = proto.String(string(pkh))
-	blob := RecordBlobForSig(record)
+	if sign {
+		blob := RecordBlobForSig(record)
 
-	sig, err := sk.Sign(blob)
-	if err != nil {
-		return nil, err
-	}
+		sig, err := sk.Sign(blob)
+		if err != nil {
+			return nil, err
+		}
 
-	record.Signature = sig
+		record.Signature = sig
+	}
 	return record, nil
 }
 

routing/record/validation.go

@@ -29,19 +29,7 @@ type Validator map[string]ValidatorFunc
 
 // VerifyRecord checks a record and ensures it is still valid.
 // It runs needed validators
-func (v Validator) VerifyRecord(r *pb.Record, pk ci.PubKey) error {
-	// First, validate the signature
-	blob := RecordBlobForSig(r)
-	ok, err := pk.Verify(blob, r.GetSignature())
-	if err != nil {
-		log.Info("Signature verify failed. (ignored)")
-		return err
-	}
-	if !ok {
-		log.Info("dht found a forged record! (ignored)")
-		return ErrBadRecord
-	}
-
+func (v Validator) VerifyRecord(r *pb.Record) error {
 	// Now, check validity func
 	parts := strings.Split(r.GetKey(), "/")
 	if len(parts) < 3 {
@@ -73,3 +61,15 @@ func ValidatePublicKeyRecord(k u.Key, val []byte) error {
 	}
 	return nil
 }
+
+func CheckRecordSig(r *pb.Record, pk ci.PubKey) error {
+	blob := RecordBlobForSig(r)
+	good, err := pk.Verify(blob, r.Signature)
+	if err != nil {
+		return nil
+	}
+	if !good {
+		return errors.New("invalid record signature")
+	}
+	return nil
+}

routing/routing.go

@@ -21,7 +21,7 @@ type IpfsRouting interface {
 	// Basic Put/Get
 
 	// PutValue adds value corresponding to given Key.
-	PutValue(context.Context, u.Key, []byte) error
+	PutValue(context.Context, u.Key, []byte, bool) error
 
 	// GetValue searches for the value corresponding to given Key.
 	GetValue(context.Context, u.Key) ([]byte, error)

routing/supernode/client.go

@@ -59,7 +59,7 @@ func (c *Client) FindProvidersAsync(ctx context.Context, k u.Key, max int) <-cha
 	return ch
 }
 
-func (c *Client) PutValue(ctx context.Context, k u.Key, v []byte) error {
+func (c *Client) PutValue(ctx context.Context, k u.Key, v []byte, sign bool) error {
 	defer log.EventBegin(ctx, "putValue", &k).Done()
 	r, err := makeRecord(c.peerstore, c.local, k, v)
 	if err != nil {

routing/supernode/server.go

@@ -210,7 +210,10 @@ func verify(ps peer.Peerstore, r *dhtpb.Record) error {
 	if pk == nil {
 		return fmt.Errorf("do not have public key for %s", p)
 	}
-	if err := v.VerifyRecord(r, pk); err != nil {
+	if err := record.CheckRecordSig(r, pk); err != nil {
+		return err
+	}
+	if err := v.VerifyRecord(r); err != nil {
 		return err
 	}
 	return nil

test/integration/grandcentral_test.go

@@ -168,7 +168,7 @@ func RunSupernodePutRecordGetRecord(conf testutil.LatencyConfig) error {
 	k := util.Key("key")
 	note := []byte("a note from putter")
 
-	if err := putter.Routing.PutValue(ctx, k, note); err != nil {
+	if err := putter.Routing.PutValue(ctx, k, note, false); err != nil {
 		return fmt.Errorf("failed to put value: %s", err)
 	}