[#1626] Fix secio handshake to properly fallback to alt ID generation

OpenBazaar currently uses hashed ID but intends to later switch to the default inline IDs. During this transition, this commit ensures that nodes of one type should always interop with the other.
OpenBazaar · Jun 21, 2019 · dd38112 · dd38112
1 parent 910261e
commit dd38112
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 19 deletions.
diff --git a/ipfs/identity.go b/ipfs/identity.go
@@ -17,7 +17,6 @@ func init() {
 }
 
 func IdentityFromKey(privkey []byte) (config.Identity, error) {
-
 	ident := config.Identity{}
 	sk, err := crypto.UnmarshalPrivateKey(privkey)
 	if err != nil {

diff --git a/vendor/gx/ipfs/QmSVaJe1aRjc78cZARTtf4pqvXERYwihyYhZWoVWceHnsK/go-libp2p-secio/protocol.go b/vendor/gx/ipfs/QmSVaJe1aRjc78cZARTtf4pqvXERYwihyYhZWoVWceHnsK/go-libp2p-secio/protocol.go
@@ -205,26 +205,18 @@ func (s *secureSession) runHandshakeSync() error {
 		// No peer set. We're accepting a remote connection.
 		s.remotePeer = actualRemotePeer
 	default:
-		// OpenBazaar: check that this peerID isn't the old style
-		// If it is then we're good. If not then we error.
-		// This code will be removed after enough OpenBazaar nodes
-		// upgrade to inline pubkeys.
-		pubkeyBytes, err := s.remote.permanentPubKey.Bytes()
+		// OpenBazaar: we are transitioning from hashed IDs to inline IDs, as a last
+		// resort, we should check that the peer isn't using the other variety. Both ID methods
+		// change their behavior based on peer.AdvancedEnableInlining but are written to
+		// operate opposite of each other. This will allow old nodes to successfully connect to
+		// new nodes, and vice versa.
+		altID, err := peer.AlternativeIDFromPublicKey(s.remote.permanentPubKey)
 		if err != nil {
 			return err
 		}
-		oldMultihash, err := mh.Sum(pubkeyBytes, mh.SHA2_256, 32)
-		if err != nil {
-			return err
-		}
-		oldStylePeer, err := peer.IDB58Decode(oldMultihash.B58String())
-		if err != nil {
-			return err
-		}
-		if s.remotePeer != oldStylePeer {
-			// Peer mismatch. Bail.
+		if s.remotePeer != altID {
 			s.insecure.Close()
-			log.Debugf("expected peer %s, got peer %s", s.remotePeer, actualRemotePeer)
+			log.Debugf("expected peer %s, but ID produced from pubkey doesn't match", s.remotePeer)
 			return ErrWrongPeer
 		}
 	}

diff --git a/vendor/gx/ipfs/QmYVXrKrKHDC9FobgmcmshCDyWwdrfwfanNQN4oxJ9Fk3h/go-libp2p-peer/peer.go b/vendor/gx/ipfs/QmYVXrKrKHDC9FobgmcmshCDyWwdrfwfanNQN4oxJ9Fk3h/go-libp2p-peer/peer.go
@@ -169,8 +169,21 @@ func IDFromPublicKey(pk ic.PubKey) (ID, error) {
 	return ID(hash), nil
 }
 
-// OpenBazaar: temporary helper function to remain forward compatible with
-// inline keys
+// HashedIDFromPublicKey will always return the SHA256 hash of
+// the pubkey bytes. OpenBazaar: temporary helper to isolate the
+// hash-producing ID behavior.
+func HashedIDFromPublicKey(pk ic.PubKey) (ID, error) {
+	b, err := pk.Bytes()
+	if err != nil {
+		return "", err
+	}
+	hash, _ := mh.Sum(b, mh.SHA2_256, -1)
+	return ID(hash), nil
+}
+
+// InlineIDFromPublicKey will always return the new inline ID format
+// of the pubkey bytes.  OpenBazaar: temporary helper function to
+// remain forward compatible with inline keys
 func InlineIDFromPublicKey(pk ic.PubKey) (ID, error) {
 	b, err := pk.Bytes()
 	if err != nil {
@@ -180,6 +193,16 @@ func InlineIDFromPublicKey(pk ic.PubKey) (ID, error) {
 	return ID(hash), nil
 }
 
+// AlternativeIDFromPublicKey returns SHA256 hash ID when AdvancedEnableInlining
+// is true, and returns new InlineID otherwise. This allows legacy IDs to be compared
+// after they are no longer available by the default IDFromPublicKey function.
+func AlternativeIDFromPublicKey(pubkey ic.PubKey) (ID, error) {
+	if AdvancedEnableInlining {
+		return HashedIDFromPublicKey(pubkey)
+	}
+	return InlineIDFromPublicKey(pubkey)
+}
+
 // IDFromPrivateKey returns the Peer ID corresponding to sk
 func IDFromPrivateKey(sk ic.PrivKey) (ID, error) {
 	return IDFromPublicKey(sk.GetPublic())