Skip to content

libp2phttp: HTTP Peer ID Authentication#2854

Merged
MarcoPolo merged 37 commits intomasterfrom
marco/http-peer-id-auth
Oct 8, 2024
Merged

libp2phttp: HTTP Peer ID Authentication#2854
MarcoPolo merged 37 commits intomasterfrom
marco/http-peer-id-auth

Conversation

@MarcoPolo
Copy link
Collaborator

@MarcoPolo MarcoPolo commented Jun 29, 2024

This enables HTTP peers to authenticate each other's peer ID. This would allow users to use an http transport that has a peer id component (e.g. /dns/example.com/http/p2p/12Foo). I think it's nice to have this for completeness so that an http transport has the same semantics as a libp2p stream transport when doing HTTP with regard to Peer IDs.

There's more testing I want to do here, but I think this is more or less ready for a review.

For a high level overview of the authentication protocol refer to the overview in the spec: https://github.com/libp2p/specs/blob/45006f17d2fa0cede50b2db2311a55061011a3fc/http/peer-id-auth.md#mutual-client-and-server-peer-id-authentication-overview

@MarcoPolo

This comment was marked as outdated.

Sign in to view
sukunrt
sukunrt reviewed Jul 9, 2024
View reviewed changes
@MarcoPolo MarcoPolo force-pushed the marco/http-peer-id-auth branch from c2d12e7 to 2a55ceb Compare August 28, 2024 00:45
@MarcoPolo
Copy link
Collaborator Author

MarcoPolo commented Aug 28, 2024
edited
Loading

I've completely refactored this. The handshake logic is now neatly in internal/handshake. The Client API is simpler, and the Server API changed a little bit (in a way that makes it hopefully easier to use). The server uses HMAC to authenticate the opaque and the token. And it's also close to 10x faster (still could be improved, but this might be good enough for now).

The main missing thing is the test that generates the examples for the spec. I'll work on that next, but otherwise I think this is ready. Done.

when you get a chance, could I get a review here and in the spec libp2p/specs#564 @sukunrt .

@MarcoPolo MarcoPolo mentioned this pull request Aug 30, 2024
Merged
@MarcoPolo MarcoPolo force-pushed the marco/http-peer-id-auth branch from fccc2d5 to fbcede2 Compare September 3, 2024 22:50
sukunrt
sukunrt approved these changes Sep 8, 2024
View reviewed changes
p2p/http/auth/client.go Outdated
}
resp.Body.Close()

err = handshake.ParseHeader(resp.Header)
Copy link
Member

@sukunrt sukunrt Sep 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to set the status code first?

Copy link
Collaborator Author

@MarcoPolo MarcoPolo Sep 10, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the client? Or do you mean assert the status code is 401?

@sukunrt
Copy link
Member

sukunrt commented Sep 8, 2024

The new spec is much nicer! Thanks @MarcoPolo

aschmahmann
aschmahmann reviewed Sep 9, 2024
View reviewed changes
@lidel lidel mentioned this pull request Sep 18, 2024
Merged
12 tasks
@MarcoPolo MarcoPolo force-pushed the marco/http-peer-id-auth branch from dbd59dc to 37cb110 Compare October 8, 2024 00:27
@MarcoPolo MarcoPolo merged commit b198a51 into master Oct 8, 2024
This was referenced Oct 8, 2024
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aschmahmann aschmahmann aschmahmann left review comments

@sukunrt sukunrt sukunrt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MarcoPolo @sukunrt @aschmahmann