feat(identify): implement signedPeerRecord

core/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 0.43.1
+
+- Add `libp2p::core::peer_record::PeerRecord::try_deserialize_signed_peer_record`
+  utility method for deserializing `SignedEnvelope` without creating an instance of
+  `PeerRecord`.
+  See [PR 5785](https://github.com/libp2p/rust-libp2p/pull/5785)
+
 ## 0.43.0
 
 - Added `libp2p::core::util::unreachable` that is a drop-in replacement of `void::unreachable`.

core/src/peer_record.rs

@@ -1,11 +1,11 @@
-use libp2p_identity::{Keypair, PeerId, SigningError};
+use libp2p_identity::{Keypair, PeerId, PublicKey, SigningError};
 use quick_protobuf::{BytesReader, Writer};
 use web_time::SystemTime;
 
 use crate::{proto, signed_envelope, signed_envelope::SignedEnvelope, DecodeError, Multiaddr};
 
-const PAYLOAD_TYPE: &str = "/libp2p/routing-state-record";
-const DOMAIN_SEP: &str = "libp2p-routing-state";
+pub const PAYLOAD_TYPE: &str = "/libp2p/routing-state-record";
+pub const DOMAIN_SEP: &str = "libp2p-routing-state";
 
 /// Represents a peer routing record.
 ///
@@ -30,26 +30,7 @@ impl PeerRecord {
     /// If this function succeeds, the [`SignedEnvelope`] contained a peer record with a valid
     /// signature and can hence be considered authenticated.
     pub fn from_signed_envelope(envelope: SignedEnvelope) -> Result<Self, FromEnvelopeError> {
-        use quick_protobuf::MessageRead;
-
-        let (payload, signing_key) =
-            envelope.payload_and_signing_key(String::from(DOMAIN_SEP), PAYLOAD_TYPE.as_bytes())?;
-        let mut reader = BytesReader::from_bytes(payload);
-        let record = proto::PeerRecord::from_reader(&mut reader, payload).map_err(DecodeError)?;
-
-        let peer_id = PeerId::from_bytes(&record.peer_id)?;
-
-        if peer_id != signing_key.to_peer_id() {
-            return Err(FromEnvelopeError::MismatchedSignature);
-        }
-
-        let seq = record.seq;
-        let addresses = record
-            .addresses
-            .into_iter()
-            .map(|a| a.multiaddr.to_vec().try_into())
-            .collect::<Result<Vec<_>, _>>()?;
-
+        let (_, peer_id, seq, addresses) = Self::try_deserialize_signed_envelope(&envelope)?;
         Ok(Self {
             peer_id,
             seq,
@@ -126,6 +107,37 @@ impl PeerRecord {
     pub fn addresses(&self) -> &[Multiaddr] {
         self.addresses.as_slice()
     }
+
+    /// Utility method for deserializing an [`SignedEnvelope`] using
+    /// [`PeerRecord`]-specific [domain separation](https://github.com/libp2p/specs/blob/master/RFC/0003-routing-records.md#signed-envelope-domain)
+    ///  and [payload type](https://github.com/libp2p/specs/blob/master/RFC/0003-routing-records.md#signed-envelope-payload-type).
+    /// Useful for extracting the address only.  
+    /// Returns `Ok((envelope_public_key, envelope_signer_id, sequence_number, signed_addresses))`
+    /// when the envelope is valid.
+    /// Will fail when the source of the addresses doesn't match signer of the envelope.
+    pub fn try_deserialize_signed_envelope(
+        envelope: &SignedEnvelope,
+    ) -> Result<(&PublicKey, PeerId, u64, Vec<Multiaddr>), FromEnvelopeError> {
+        use quick_protobuf::MessageRead;
+
+        let (payload, signing_key) =
+            envelope.payload_and_signing_key(String::from(DOMAIN_SEP), PAYLOAD_TYPE.as_bytes())?;
+        let mut reader = BytesReader::from_bytes(payload);
+        let record = proto::PeerRecord::from_reader(&mut reader, payload).map_err(DecodeError)?;
+
+        let peer_id = PeerId::from_bytes(&record.peer_id)?;
+
+        if peer_id != signing_key.to_peer_id() {
+            return Err(FromEnvelopeError::MismatchedSignature);
+        }
+
+        let addresses = record
+            .addresses
+            .into_iter()
+            .map(|a| a.multiaddr.to_vec().try_into())
+            .collect::<Result<Vec<_>, _>>()?;
+        Ok((signing_key, peer_id, record.seq, addresses))
+    }
 }
 
 #[derive(thiserror::Error, Debug)]

protocols/identify/CHANGELOG.md

@@ -1,3 +1,8 @@
+## 0.46.1 
+
+- Implement optional `signedPeerRecord` support for identify messages.
+  See [PR 5785](https://github.com/libp2p/rust-libp2p/pull/5785)
+
 ## 0.46.0
 
 - Add `hide_listen_addrs` option to prevent leaking (local) listen addresses.

protocols/identify/src/behaviour.rs

@@ -26,9 +26,11 @@ use std::{
 };
 
 use libp2p_core::{
-    multiaddr, multiaddr::Protocol, transport::PortUse, ConnectedPoint, Endpoint, Multiaddr,
+    multiaddr::{self, Protocol},
+    transport::PortUse,
+    ConnectedPoint, Endpoint, Multiaddr,
 };
-use libp2p_identity::{PeerId, PublicKey};
+use libp2p_identity::{Keypair, PeerId, PublicKey};
 use libp2p_swarm::{
     behaviour::{ConnectionClosed, ConnectionEstablished, DialFailure, FromSwarm},
     ConnectionDenied, ConnectionId, DialError, ExternalAddresses, ListenAddresses,
@@ -117,8 +119,10 @@ pub struct Config {
     /// Application-specific version of the protocol family used by the peer,
     /// e.g. `ipfs/1.0.0` or `polkadot/1.0.0`.
     protocol_version: String,
-    /// The public key of the local node. To report on the wire.
-    local_public_key: PublicKey,
+    /// The key of the local node. Only the public key will be report on the wire.  
+    /// The behaviour will not produce [`PeerRecord`](libp2p_core::PeerRecord) when
+    /// supplied with a public key.  
+    local_key: KeyType,
     /// Name and version of the local peer implementation, similar to the
     /// `User-Agent` header in the HTTP protocol.
     ///
@@ -156,12 +160,30 @@ pub struct Config {
 
 impl Config {
     /// Creates a new configuration for the identify [`Behaviour`] that
-    /// advertises the given protocol version and public key.
+    /// advertises the given protocol version and public key.  
+    /// Use [`new_with_signed_peer_record`](Config::new_with_signed_peer_record) for
+    /// `signedPeerRecord` support.
     pub fn new(protocol_version: String, local_public_key: PublicKey) -> Self {
         Self {
             protocol_version,
             agent_version: format!("rust-libp2p/{}", env!("CARGO_PKG_VERSION")),
-            local_public_key,
+            local_key: local_public_key.into(),
+            interval: Duration::from_secs(5 * 60),
+            push_listen_addr_updates: false,
+            cache_size: 100,
+            hide_listen_addrs: false,
+        }
+    }
+
+    /// Creates a new configuration for the identify [`Behaviour`] that
+    /// advertises the given protocol version and public key.  
+    /// The private key will be used to sign [`PeerRecord`](libp2p_core::PeerRecord)
+    /// for verifiable address advertisement.
+    pub fn new_with_signed_peer_record(protocol_version: String, local_keypair: &Keypair) -> Self {
+        Self {
+            protocol_version,
+            agent_version: format!("rust-libp2p/{}", env!("CARGO_PKG_VERSION")),
+            local_key: local_keypair.into(),
             interval: Duration::from_secs(5 * 60),
             push_listen_addr_updates: false,
             cache_size: 100,
@@ -209,7 +231,7 @@ impl Config {
 
     /// Get the local public key of the Config.
     pub fn local_public_key(&self) -> &PublicKey {
-        &self.local_public_key
+        self.local_key.public_key()
     }
 
     /// Get the agent version of the Config.
@@ -380,7 +402,7 @@ impl NetworkBehaviour for Behaviour {
         Ok(Handler::new(
             self.config.interval,
             peer,
-            self.config.local_public_key.clone(),
+            self.config.local_key.clone(),
             self.config.protocol_version.clone(),
             self.config.agent_version.clone(),
             remote_addr.clone(),
@@ -413,7 +435,7 @@ impl NetworkBehaviour for Behaviour {
         Ok(Handler::new(
             self.config.interval,
             peer,
-            self.config.local_public_key.clone(),
+            self.config.local_key.clone(),
             self.config.protocol_version.clone(),
             self.config.agent_version.clone(),
             // TODO: This is weird? That is the public address we dialed,
@@ -670,6 +692,39 @@ impl PeerCache {
     }
 }
 
+#[derive(Debug, Clone)]
+pub(crate) enum KeyType {
+    // With public key only the behaviour will not
+    // be able to produce a `SignedEnvelope`.
+    // Reduce enum size with heap allocated `Box<T>`
+    PublicKey(Box<PublicKey>),
+    Keypair {
+        keypair: Box<Keypair>,
+        public_key: Box<PublicKey>,
+    },
+}
+impl From<PublicKey> for KeyType {
+    fn from(value: PublicKey) -> Self {
+        Self::PublicKey(value.clone().into())
+    }
+}
+impl From<&Keypair> for KeyType {
+    fn from(value: &Keypair) -> Self {
+        Self::Keypair {
+            public_key: value.public().into(),
+            keypair: value.clone().into(),
+        }
+    }
+}
+impl KeyType {
+    pub(crate) fn public_key(&self) -> &PublicKey {
+        match &self {
+            KeyType::PublicKey(pubkey) => pubkey,
+            KeyType::Keypair { public_key, .. } => public_key,
+        }
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

protocols/identify/src/generated/structs.proto

@@ -24,4 +24,11 @@ message Identify {
   optional bytes observedAddr = 4;
 
   repeated string protocols = 3;
+
+  // signedPeerRecord contains a serialized SignedEnvelope containing a PeerRecord,
+  // signed by the sending node. It contains the same addresses as the listenAddrs field, but
+  // in a form that lets us share authenticated addrs with other peers.
+  // see github.com/libp2p/go-libp2p/core/record/pb/envelope.proto and
+  // github.com/libp2p/go-libp2p/core/peer/pb/peer_record.proto for message definitions.
+  optional bytes signedPeerRecord = 8;
 }

protocols/identify/src/generated/structs.rs

@@ -22,6 +22,7 @@ pub struct Identify {
     pub listenAddrs: Vec<Vec<u8>>,
     pub observedAddr: Option<Vec<u8>>,
     pub protocols: Vec<String>,
+    pub signedPeerRecord: Option<Vec<u8>>,
 }
 
 impl<'a> MessageRead<'a> for Identify {
@@ -35,6 +36,7 @@ impl<'a> MessageRead<'a> for Identify {
                 Ok(18) => msg.listenAddrs.push(r.read_bytes(bytes)?.to_owned()),
                 Ok(34) => msg.observedAddr = Some(r.read_bytes(bytes)?.to_owned()),
                 Ok(26) => msg.protocols.push(r.read_string(bytes)?.to_owned()),
+                Ok(66) => msg.signedPeerRecord = Some(r.read_bytes(bytes)?.to_owned()),
                 Ok(t) => { r.read_unknown(bytes, t)?; }
                 Err(e) => return Err(e),
             }
@@ -52,6 +54,7 @@ impl MessageWrite for Identify {
         + self.listenAddrs.iter().map(|s| 1 + sizeof_len((s).len())).sum::<usize>()
         + self.observedAddr.as_ref().map_or(0, |m| 1 + sizeof_len((m).len()))
         + self.protocols.iter().map(|s| 1 + sizeof_len((s).len())).sum::<usize>()
+        + self.signedPeerRecord.as_ref().map_or(0, |m| 1 + sizeof_len((m).len()))
     }
 
     fn write_message<W: WriterBackend>(&self, w: &mut Writer<W>) -> Result<()> {
@@ -61,6 +64,7 @@ impl MessageWrite for Identify {
         for s in &self.listenAddrs { w.write_with_tag(18, |w| w.write_bytes(&**s))?; }
         if let Some(ref s) = self.observedAddr { w.write_with_tag(34, |w| w.write_bytes(&**s))?; }
         for s in &self.protocols { w.write_with_tag(26, |w| w.write_string(&**s))?; }
+        if let Some(ref s) = self.signedPeerRecord { w.write_with_tag(66, |w| w.write_bytes(&**s))?; }
         Ok(())
     }
 }

protocols/identify/src/handler.rs

@@ -32,7 +32,7 @@ use libp2p_core::{
     upgrade::{ReadyUpgrade, SelectUpgrade},
     Multiaddr,
 };
-use libp2p_identity::{PeerId, PublicKey};
+use libp2p_identity::PeerId;
 use libp2p_swarm::{
     handler::{
         ConnectionEvent, DialUpgradeError, FullyNegotiatedInbound, FullyNegotiatedOutbound,
@@ -45,8 +45,8 @@ use smallvec::SmallVec;
 use tracing::Level;
 
 use crate::{
-    protocol,
-    protocol::{Info, PushInfo, UpgradeError},
+    behaviour::KeyType,
+    protocol::{self, Info, PushInfo, UpgradeError},
     PROTOCOL_NAME, PUSH_PROTOCOL_NAME,
 };
 
@@ -80,8 +80,8 @@ pub struct Handler {
     /// The interval of `trigger_next_identify`, i.e. the recurrent delay.
     interval: Duration,
 
-    /// The public key of the local peer.
-    public_key: PublicKey,
+    /// The key of the local peer.
+    local_key: KeyType,
 
     /// Application-specific version of the protocol family used by the peer,
     /// e.g. `ipfs/1.0.0` or `polkadot/1.0.0`.
@@ -125,10 +125,10 @@ pub enum Event {
 
 impl Handler {
     /// Creates a new `Handler`.
-    pub fn new(
+    pub(crate) fn new(
         interval: Duration,
         remote_peer_id: PeerId,
-        public_key: PublicKey,
+        local_key: KeyType,
         protocol_version: String,
         agent_version: String,
         observed_addr: Multiaddr,
@@ -144,7 +144,7 @@ impl Handler {
             trigger_next_identify: Delay::new(Duration::ZERO),
             exchanged_one_periodic_identify: false,
             interval,
-            public_key,
+            local_key,
             protocol_version,
             agent_version,
             observed_addr,
@@ -226,13 +226,23 @@ impl Handler {
     }
 
     fn build_info(&mut self) -> Info {
+        let signed_envelope = match &self.local_key {
+            KeyType::PublicKey(_) => None,
+            KeyType::Keypair { keypair, .. } => libp2p_core::PeerRecord::new(
+                keypair,
+                Vec::from_iter(self.external_addresses.iter().cloned()),
+            )
+            .ok()
+            .map(|r| r.into_signed_envelope()),
+        };
         Info {
-            public_key: self.public_key.clone(),
+            public_key: self.local_key.public_key().clone(),
             protocol_version: self.protocol_version.clone(),
             agent_version: self.agent_version.clone(),
             listen_addrs: Vec::from_iter(self.external_addresses.iter().cloned()),
             protocols: Vec::from_iter(self.local_supported_protocols.iter().cloned()),
             observed_addr: self.observed_addr.clone(),
+            signed_peer_record: signed_envelope,
         }
     }