You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

114 lines
4.7 KiB

7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
  1. # Tendermint Peers
  2. This document explains how Tendermint Peers are identified and how they connect to one another.
  3. For details on peer discovery, see the [peer exchange (PEX) reactor doc](pex.md).
  4. ## Peer Identity
  5. Tendermint peers are expected to maintain long-term persistent identities in the form of a public key.
  6. Each peer has an ID defined as `peer.ID == peer.PubKey.Address()`, where `Address` uses the scheme defined in go-crypto.
  7. A single peer ID can have multiple IP addresses associated with it.
  8. TODO: define how to deal with this.
  9. When attempting to connect to a peer, we use the PeerURL: `<ID>@<IP>:<PORT>`.
  10. We will attempt to connect to the peer at IP:PORT, and verify,
  11. via authenticated encryption, that it is in possession of the private key
  12. corresponding to `<ID>`. This prevents man-in-the-middle attacks on the peer layer.
  13. Peers can also be connected to without specifying an ID, ie. just `<IP>:<PORT>`.
  14. In this case, the peer must be authenticated out-of-band of Tendermint,
  15. for instance via VPN.
  16. ## Connections
  17. All p2p connections use TCP.
  18. Upon establishing a successful TCP connection with a peer,
  19. two handhsakes are performed: one for authenticated encryption, and one for Tendermint versioning.
  20. Both handshakes have configurable timeouts (they should complete quickly).
  21. ### Authenticated Encryption Handshake
  22. Tendermint implements the Station-to-Station protocol
  23. using ED25519 keys for Diffie-Helman key-exchange and NACL SecretBox for encryption.
  24. It goes as follows:
  25. - generate an emphemeral ED25519 keypair
  26. - send the ephemeral public key to the peer
  27. - wait to receive the peer's ephemeral public key
  28. - compute the Diffie-Hellman shared secret using the peers ephemeral public key and our ephemeral private key
  29. - generate two nonces to use for encryption (sending and receiving) as follows:
  30. - sort the ephemeral public keys in ascending order and concatenate them
  31. - RIPEMD160 the result
  32. - append 4 empty bytes (extending the hash to 24-bytes)
  33. - the result is nonce1
  34. - flip the last bit of nonce1 to get nonce2
  35. - if we had the smaller ephemeral pubkey, use nonce1 for receiving, nonce2 for sending;
  36. else the opposite
  37. - all communications from now on are encrypted using the shared secret and the nonces, where each nonce
  38. increments by 2 every time it is used
  39. - we now have an encrypted channel, but still need to authenticate
  40. - generate a common challenge to sign:
  41. - SHA256 of the sorted (lowest first) and concatenated ephemeral pub keys
  42. - sign the common challenge with our persistent private key
  43. - send the go-wire encoded persistent pubkey and signature to the peer
  44. - wait to receive the persistent public key and signature from the peer
  45. - verify the signature on the challenge using the peer's persistent public key
  46. If this is an outgoing connection (we dialed the peer) and we used a peer ID,
  47. then finally verify that the peer's persistent public key corresponds to the peer ID we dialed,
  48. ie. `peer.PubKey.Address() == <ID>`.
  49. The connection has now been authenticated. All traffic is encrypted.
  50. Note: only the dialer can authenticate the identity of the peer,
  51. but this is what we care about since when we join the network we wish to
  52. ensure we have reached the intended peer (and are not being MITMd).
  53. ### Peer Filter
  54. Before continuing, we check if the new peer has the same ID as ourselves or
  55. an existing peer. If so, we disconnect.
  56. We also check the peer's address and public key against
  57. an optional whitelist which can be managed through the ABCI app -
  58. if the whitelist is enabled and the peer does not qualify, the connection is
  59. terminated.
  60. ### Tendermint Version Handshake
  61. The Tendermint Version Handshake allows the peers to exchange their NodeInfo:
  62. ```golang
  63. type NodeInfo struct {
  64. PubKey crypto.PubKey
  65. Moniker string
  66. Network string
  67. RemoteAddr string
  68. ListenAddr string
  69. Version string
  70. Channels []int8
  71. Other []string
  72. }
  73. ```
  74. The connection is disconnected if:
  75. - `peer.NodeInfo.PubKey != peer.PubKey`
  76. - `peer.NodeInfo.Version` is not formatted as `X.X.X` where X are integers known as Major, Minor, and Revision
  77. - `peer.NodeInfo.Version` Major is not the same as ours
  78. - `peer.NodeInfo.Version` Minor is not the same as ours
  79. - `peer.NodeInfo.Network` is not the same as ours
  80. - `peer.Channels` does not intersect with our known Channels.
  81. At this point, if we have not disconnected, the peer is valid.
  82. It is added to the switch and hence all reactors via the `AddPeer` method.
  83. Note that each reactor may handle multiple channels.
  84. ## Connection Activity
  85. Once a peer is added, incoming messages for a given reactor are handled through
  86. that reactor's `Receive` method, and output messages are sent directly by the Reactors
  87. on each peer. A typical reactor maintains per-peer go-routine(s) that handle this.