zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3040 Commits
183 Branches
291 MiB
Tree: cd15b677ec
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cd15b677ec'
${ noResults }
tendermint/p2p/docs/peer.md

105 lines
4.2 KiB
Raw Normal View History

p2p docs
7 years ago
 
  1. # Tendermint Peers

  2. 

  3. This document explains how Tendermint Peers are identified, how they connect to one another,
  4. and how other peers are found.
  5. 

  6. ## Peer Identity

  7. 

  8. Tendermint peers are expected to maintain long-term persistent identities in the form of a private key.
  9. Each peer has an ID defined as `peer.ID == peer.PrivKey.Address()`, where `Address` uses the scheme defined in go-crypto.
  10. 

  11. Peer ID's must come with some Proof-of-Work; that is,
  12. they must satisfy `peer.PrivKey.Address() < target` for some difficulty target.
  13. This ensures they are not too easy to generate.
  14. 

  15. A single peer ID can have multiple IP addresses associated with - for simplicity, we only keep track
  16. of the latest one.
  17. 

  18. When attempting to connect to a peer, we use the PeerURL: `<ID>@<IP>:<PORT>`.
  19. We will attempt to connect to the peer at IP:PORT, and verify,
  20. via authenticated encryption, that it is in possession of the private key
  21. corresponding to `<ID>`. This prevents man-in-the-middle attacks on the peer layer.
  22. 

  23. Peers can also be connected to without specifying an ID, ie. `<IP>:<PORT>`.
  24. In this case, the peer cannot be authenticated and other means, such as a VPN,
  25. must be used.
  26. 

  27. ## Connections

  28. 

  29. All p2p connections use TCP.
  30. Upon establishing a successful TCP connection with a peer,
  31. two handhsakes are performed: one for authenticated encryption, and one for Tendermint versioning.
  32. Both handshakes have configurable timeouts (they should complete quickly).
  33. 

  34. ### Authenticated Encryption Handshake

  35. 

  36. Tendermint implements the Station-to-Station protocol
  37. using ED25519 keys for Diffie-Helman key-exchange and NACL SecretBox for encryption.
  38. It goes as follows:
  39. - generate an emphemeral ED25519 keypair
  40. - send the ephemeral public key to the peer
  41. - wait to receive the peer's ephemeral public key
  42. - compute the Diffie-Hellman shared secret using the peers ephemeral public key and our ephemeral private key
  43. - generate nonces to use for encryption
  44.     - TODO
  45. - all communications from now on are encrypted using the shared secret
  46. - generate a common challenge to sign
  47. - sign the common challenge with our persistent private key
  48. - send the signed challenge and persistent public key to the peer
  49. - wait to receive the signed challenge and persistent public key from the peer
  50. - verify the signature in the signed challenge using the peers persistent public key
  51. 

  52. 

  53. If this is an outgoing connection (we dialed the peer) and we used a peer ID,
  54. then finally verify that the `peer.PubKey` corresponds to the peer ID we dialed,
  55. ie. `peer.PubKey.Address() == <ID>`.
  56. 

  57. The connection has now been authenticated. All traffic is encrypted.
  58. 

  59. Note that only the dialer can authenticate the identity of the peer,
  60. but this is what we care about since when we join the network we wish to
  61. ensure we have reached the intended peer (and are not being MITMd).
  62. 

  63. 

  64. ### Peer Filter

  65. 

  66. Before continuing, we check if the new peer has the same ID has ourselves or
  67. an existing peer. If so, we disconnect.
  68. 

  69. We also check the peer's address and public key against
  70. an optional whitelist which can be managed through the ABCI app -
  71. if the whitelist is enabled and the peer is not on it, the connection is
  72. terminated.
  73. 

  74. 

  75. ### Tendermint Version Handshake

  76. 

  77. The Tendermint Version Handshake allows the peers to exchange their NodeInfo, which contains:
  78. 

  79. ```
  80. type NodeInfo struct {
  81. 	PubKey     crypto.PubKey `json:"pub_key"`
  82. 	Moniker    string        `json:"moniker"`
  83. 	Network    string        `json:"network"`
  84. 	RemoteAddr string        `json:"remote_addr"`
  85. 	ListenAddr string        `json:"listen_addr"` // accepting in
  86. 	Version    string        `json:"version"` // major.minor.revision
  87.     Channels   []int8        `json:"channels"` // active reactor channels
  88. 	Other      []string      `json:"other"`   // other application specific data
  89. }
  90. ```
  91. 

  92. The connection is disconnected if:
  93. - `peer.NodeInfo.PubKey != peer.PubKey`
  94. - `peer.NodeInfo.Version` is not formatted as `X.X.X` where X are integers known as Major, Minor, and Revision
  95. - `peer.NodeInfo.Version` Major is not the same as ours
  96. - `peer.NodeInfo.Version` Minor is not the same as ours
  97. - `peer.NodeInfo.Network` is not the same as ours
  98. 

  99. 

  100. At this point, if we have not disconnected, the peer is valid and added to the switch,
  101. so it is added to all reactors.
  102. 

  103. 

  104. ### Connection Activity

  105.