-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
double hashing implementation #1
base: master
Are you sure you want to change the base?
Changes from 14 commits
cb28c01
f2f6a0f
2e84c51
d855a34
fc6bce6
77e94b5
7af690d
c88d1b4
3c15441
27545ee
da599fc
c970ed2
2ecb972
ebc521e
c0be529
8a6cbed
96cc75d
4313318
8e3db8e
d0b0d88
f954b6b
b39aef1
83e8253
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -777,10 +777,14 @@ func (dht *FullRT) Provide(ctx context.Context, key cid.Cid, brdcst bool) (err e | |
return fmt.Errorf("invalid cid: undefined") | ||
} | ||
keyMH := key.Hash() | ||
logger.Debugw("providing", "cid", key, "mh", internal.LoggableProviderRecordBytes(keyMH)) | ||
mhHash := internal.Sha256Multihash(keyMH) | ||
logger.Debugw("providing", "cid", key, "mh", internal.LoggableProviderRecordBytes(keyMH), "mhHash", mhHash) | ||
|
||
// add self locally | ||
dht.ProviderManager.AddProvider(ctx, keyMH, peer.AddrInfo{ID: dht.h.ID()}) | ||
err = dht.ProviderManager.AddProvider(ctx, keyMH, peer.AddrInfo{ID: dht.h.ID()}) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Shouldn't it be There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. yep, updated! |
||
if err != nil { | ||
return err | ||
} | ||
if !brdcst { | ||
return nil | ||
} | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
package internal | ||
|
||
import ( | ||
"crypto/sha256" | ||
|
||
"github.com/multiformats/go-multihash" | ||
) | ||
|
||
type Hash [32]byte | ||
|
||
func Sha256Multihash(mh multihash.Multihash) Hash { | ||
return sha256.Sum256(mh) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This should be a derived hash, so e.g. add a custom prefix like There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. updated! |
||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -11,7 +11,7 @@ import ( | |
kb "github.com/libp2p/go-libp2p-kbucket" | ||
) | ||
|
||
// GetClosestPeers is a Kademlia 'node lookup' operation. Returns a channel of | ||
// GetClosestPeers is a Kademlia 'node lookup' operation. Returns a list of | ||
// the K closest peers to the given key. | ||
// | ||
// If the context is canceled, this function will return the context error along | ||
|
@@ -20,8 +20,11 @@ func (dht *IpfsDHT) GetClosestPeers(ctx context.Context, key string) ([]peer.ID, | |
if key == "" { | ||
return nil, fmt.Errorf("can't lookup empty key") | ||
} | ||
// TODO: I can break the interface! return []peer.ID | ||
lookupRes, err := dht.runLookupWithFollowup(ctx, key, | ||
|
||
const isHashed = false | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. How can the host determine whether the requested key is hashed or not? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. the recipient of the query will receive There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. will we add a check to see if it's hashed later on? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. yeah, it's checked in There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. actually, this got removed since the double hash is now a |
||
|
||
//TODO: I can break the interface! return []peer.ID | ||
lookupRes, err := dht.runLookupWithFollowup(ctx, key, isHashed, | ||
func(ctx context.Context, p peer.ID) ([]*peer.AddrInfo, error) { | ||
// For DHT query command | ||
routing.PublishQueryEvent(ctx, &routing.QueryEvent{ | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do you think it might be a good idea to add a salt for this hash? this way there's another layer of protection that could be used from the provider?
but i can see the other side where if we want to make this easily reproducible, it would be better to leave out the additional step (-:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If required, we could add a constant salt (e.g to specify the purpose of the hash).
However, the secret to access the content is already the CID, adding a random salt means that knowledge of both the CID and the salt is required to find the content. If we add a random salt here, it would have to be shared along with the CID, thus it wouldn't add much security. (in other words, it would only make the secret longer)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should consider adding a constant salt (or prefix) to the spec and here - so that the derived hashes are in a known specific domain that doesn't easily have collisions with other things.