* feat: harden encoding/decoding functions against panics
Part of https://github.com/libp2p/go-libp2p/issues/1389
These kinds of functions:
1. Handle user input.
2. Often have out-of-bounds, null pointer, etc bugs.
3. Have completely isolated logic where local panics are unlikely to
cause memory corruption elsewhere.
* test: add a panic catcher test
The mappings in go-cid were maintained by hand and are invalid.
More details in https://github.com/ipfs/go-cid/pull/137
This is switching to go-multicodec which has correct mappings
that are generated, not written by hand.
Co-authored-by: Daniel Martí <mvdan@mvdan.cc>
Specifically, move them _here_ from the peerstore. That way
packages (like the DHT) that currently directly rely on the peerstore,
can just use go-libp2p-core.
Moved from f7f22569f7/peerstore.go (L79-L93)
With some small modifications.
* fix: make timestamps strictly increasing
On Linux, this is almost always the case. Windows, however, doesn't have
nanosecond accuracy.
We make the timestamp sequence numbers strictly increasing by returning
the last timestamp + 1 where necessary.
* apply code review
Co-authored-by: Marten Seemann <martenseemann@gmail.com>
* use a lock
Co-authored-by: Marten Seemann <martenseemann@gmail.com>
* run go mod tidy
* omit receiver name if unused
* remove unused type testkey in tests
* fix duplicate import of go-multiaddr
* fix use of deprecated peer.IDB58{Encode,Decode}
* use bytes.Equal instead of bytes.Compare
* fix unnecessary assigments to blank identifier
* use time.Until instead of t.Sub(time.Now())
* fix use of deprecated go-multihash.ID
* add missing error check in envelope test
* fix error check in tests
* add a helper function to go directly from a string to an AddrInfo
* Update peer/addrinfo.go
Co-authored-by: Will <will.scott@protocol.ai>
Co-authored-by: Will <will.scott@protocol.ai>
* add SignedEnvelope type
* use struct for SignedEnvelope instead of exposing protobuf directly
* doc comments for envelopes
* tests for SignedEnvelopes
* add helpers to make routing records for Host
* fix doc comment
* go fmt
* add method to peerstore to retrieve signed routing records
* update to match spec changes
* just use nanoseconds
* use proto3 & rename fields to match spec changes
* use proto3 for routing records
* make envelope fields private & validate on unmarshal
* use buffer pool for envelope signatures
* tests for RoutingState
* go fmt
* rename Equals -> Equal, add some comments
* use test helpers
* get rid of unsigned RoutingState struct, only expose SignedRoutingState
* rm batching SignedRoutingStates accessor in peerstore
the datastore peerstore implementation doesn't support batched reads, so
it's no more efficient to get a bunch of states at once than it
is to call SignedRoutingState multiple times.
* whitespace
* expose struct fields & remove accessors
* use camelCase in protos for consistency
* use multiformats uvarint for length-prefixes
* remove payloadType check when unmarhaling
* rm stray ref to golang/protobuf
* define CertifiedAddrBook to avoid breaking API change
* add events for updated addresses and routing state
* remove SignedRoutingStateFromHost helper
moving this to go-libp2p
* add routing state records, extend peerstore API
* fix: rebuild protos with new gogofaster generator
* filter private addrs from signed routing records
* envelope: use byte slices from pool; adjust interface.
* move envelope to record package.
* move protobuf files; adjust imports everywhere.
* rename RoutingStateRecord -> PeerRecord
also removes embedded reference to Envelope from the record,
as that was confusing.
as a result, the CertifiedAddrBook now accepts/returns
record.SignedEnvelope instead of a specialized type.
* hoist Seq from PeerRecord to SignedEnvelope
* test that PeerRecords can't be signed by wrong key
* commit go.sum
* add Seq field to envelope signature
* fix proto_path in Makefile
* fix import ordering
* comments for PeerRecord proto message
also removes the seq field from PeerMessage proto,
since it was moved to the SignedEnvelope
* use Record type for envelope payloads
* rename SignedEnvelope -> Envelope, unmarshal payload in ConsumeEnvelope
* return buffer to pool before early return
* doc comments
* rename CertifiedAddrBook methods, update comments
* cache unmarshalled Record payload inside Envelope
* doc comments
* store reflect.Type when registering Record
* Revert "return buffer to pool before early return"
8d8da386f2
misread this - unsigned will be nil if there's an
error, so it was right the way it was
* use a DefaultRecord for unregistered PayloadTypes
instead of returning an error if we don't have a registered
Record for a given PayloadType, we can have a catch-all
DefaultRecord type that just preserves the original payload
as a []byte
* cleanup DefaultRecord code a bit
- removes unused error return from blankRecordForPayloadType
- just references instead of copying in DefaultRecord.UnmarshalRecord
I figure this is likely safe, since we'll be unmarshalling from the
payload of an Envelope, which shouldn't get altered after it's
created.
* use explicit payloadType in MakeEnvelopeWithRecord
* Revert DefaultRecord commits
ae3bc7bdfba26c845a76
* doc comments
* move Seq field back to PeerRecord
* make diffs optional in EvtLocalAddressesUpdated
* more envelope tests
* replace MakeEnvelope with record.Seal
also:
- add Domain and Codec fields to Record interface
* fix import
* add interface check
* rename ProcessPeerRecord -> ConsumePeerRecord
also, adds bool `accepted` return value
* rename event field, add doc comment
* peer record protobuf: fix field casing.
* record protobuf: add docs and fix casing.
* cleanup: group imports.
* nit: split test/utils.go => test/{addrs,errors}.go.
Co-authored-by: Raúl Kripalani <raul.kripalani@gmail.com>
This PR is a non-substantive change with the goal of making this method
`ExtractPublicKey` from a `peer.ID` clearer to the reader. This goal is
accomplished by using the full name of the identity hash code `IDENTITY` instead
of the deprecated `ID` code. This change makes its clearer to the reader that
there is a trivial way to compute the public key given the digest. Without this
change it is easy to confuse `ID` with a concept relating to peer IDs (and thus
implying this function somehow computes a hash pre-image to get the
corrresponding public key.
* SplitAddr is a simpler way to split an address into a multiaddr and an ID.
* AddrInfosFromP2pAddrs converts a set of multiaddrs into a set of AddrInfos.