Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

get mutable value: onreply rely on salt, but its not defined in bep #167

Closed
mh-cbon opened this issue Jul 5, 2017 · 2 comments
Closed

get mutable value: onreply rely on salt, but its not defined in bep #167

mh-cbon opened this issue Jul 5, 2017 · 2 comments

Comments

@mh-cbon
Copy link

mh-cbon commented Jul 5, 2017
edited
Loading

hi,

in DHT.get method https://github.com/webtorrent/bittorrent-dht/blob/master/client.js#L223 when handling the reply, it calls for encodesigdata https://github.com/webtorrent/bittorrent-dht/blob/master/client.js#L261, defined at https://github.com/webtorrent/bittorrent-dht/blob/master/client.js#L649

ensodeSigData rely on the presence of the salt value in the reply packet to reproduce the bencoded value, but the bep44 does not define the salt field in the mutable get reply,

{
    "r":
    {
        "id": <20 byte id of sending node (string)>,
        "k": <ed25519 public key (32 bytes string)>,
        "nodes": <IPv4 nodes close to 'target'>,
        "nodes6": <IPv6 nodes close to 'target'>,
        "seq": <monotonically increasing sequence number (integer)>,
        "sig": <ed25519 signature (64 bytes string)>,
        "token": <write-token (string)>,
        "v": <any bencoded type, whose encoded size <= 1000>
    },
    "t": <transaction-id (string)>,
    "y": "r",
}

the salt value in this case must be provided by the person who initiates the get query, with the pbkey.

I had to change a little bit the module, such as,

setTimeout(function(){
  dht.get("3212924042a669733a6204b0f087797d72f715d6", {verify:ed.verify, salt:"foobar2"}, function(err, res){
    console.log("got",err)
    console.log("got",res)
  })
}, 2500)

In the onreply of get method, if (!verify(r.sig, encodeSigDataSalt(r, opts.salt), r.k)) return true

finally added,

function encodeSigDataSalt (msg, salt) {
  var ref = { seq: msg.seq || 0, v: msg.v }
  if (salt) ref.salt = salt
  return bencode.encode(ref).slice(1, -1)
}

I also changed the hash test equality to if (equals(hash(opts.salt ? Buffer.concat([r.k, Buffer.from(opts.salt, 'utf-8')]) : r.k), key)) { because salt is string.

BTW, can we improve the doc for mutable message usage with the module ?

thanks.

Note that the salt is not returned in the response to a get request. This is intentional. When issuing a get request for an item is expected to know what the salt is (because it is part of what the target ID that is being looked up is derived from). There is no need to repeat it back for bystanders to see.

When looking up a mutable item, the target field MUST be the SHA-1 hash of this key concatenated with the salt, if present.

So yes there are more changes to apply because in case of mutable items, the target is derived from those two data: pbk + salt
the current implementation assume it receives the target directly.
chr15m added a commit to chr15m/bittorrent-dht that referenced this issue Nov 2, 2017
@chr15m
Use opts.salt during get if present. webtorrent#167
cd832d7
chr15m added a commit to chr15m/bittorrent-dht that referenced this issue Nov 2, 2017
@chr15m
Comply with BEP44 spec, do not return salt. webtorrent#167
d125daf
chr15m added a commit to chr15m/bittorrent-dht that referenced this issue Nov 2, 2017
@chr15m
Updated documentation with notes about salt. webtorrent#167
2a4f16f
This was referenced Nov 2, 2017
Closed
Closed
chr15m added a commit to chr15m/bittorrent-dht that referenced this issue Feb 17, 2018
@chr15m
Allow user to specify mutable get salt in opts. webtorrent#167
3d83ddb
chr15m added a commit to chr15m/bittorrent-dht that referenced this issue Feb 17, 2018
@chr15m
Updated documentation with notes about salt. webtorrent#167
9daba5a
@chr15m chr15m mentioned this issue Feb 17, 2018
Merged
@chr15m
Copy link
Contributor

chr15m commented Feb 19, 2018

Code to replicate and demonstrate this bug in action: https://github.com/chr15m/bittorrent-dht-salt-bug

chr15m added a commit to chr15m/bittorrent-dht that referenced this issue Feb 19, 2018
@chr15m
Allow user to specify mutable get salt in opts. webtorrent#167
aa8d06b
chr15m added a commit to chr15m/bittorrent-dht that referenced this issue Feb 19, 2018
@chr15m
Do not send salt in mutable get response. webtorrent#167
a203881
chr15m added a commit to chr15m/bittorrent-dht that referenced this issue Feb 19, 2018
@chr15m
Updated documentation with notes about salt. webtorrent#167
b9f711c
@mh-cbon
Copy link
Author

mh-cbon commented Apr 8, 2018

thanks @chr15m

@mh-cbon mh-cbon closed this as completed Apr 8, 2018
chr15m added a commit to chr15m/bittorrent-dht that referenced this issue May 17, 2018
@chr15m
Allow user to specify mutable get salt in opts. webtorrent#167
9fa9710
chr15m added a commit to chr15m/bittorrent-dht that referenced this issue May 17, 2018
@chr15m
Do not send salt in mutable get response. webtorrent#167
c21a13e
chr15m added a commit to chr15m/bittorrent-dht that referenced this issue May 17, 2018
@chr15m
Updated documentation with notes about salt. webtorrent#167
667dca9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chr15m @mh-cbon