feat(identify): implement signedPeerRecord

Cargo.toml

@@ -81,7 +81,7 @@ libp2p-dcutr = { version = "0.13.0", path = "protocols/dcutr" }
 libp2p-dns = { version = "0.43.0", path = "transports/dns" }
 libp2p-floodsub = { version = "0.46.1", path = "protocols/floodsub" }
 libp2p-gossipsub = { version = "0.48.1", path = "protocols/gossipsub" }
-libp2p-identify = { version = "0.46.0", path = "protocols/identify" }
+libp2p-identify = { version = "0.47.0", path = "protocols/identify" }
 libp2p-identity = { version = "0.2.10" }
 libp2p-kad = { version = "0.47.0", path = "protocols/kad" }
 libp2p-mdns = { version = "0.47.0", path = "protocols/mdns" }

protocols/identify/CHANGELOG.md

@@ -1,3 +1,8 @@
+## 0.47.0
+
+- Implement optional `signedPeerRecord` support for identify messages.
+  See [PR 5785](https://github.com/libp2p/rust-libp2p/pull/5785)
+
 ## 0.46.0
 
 - Add `hide_listen_addrs` option to prevent leaking (local) listen addresses.

protocols/identify/Cargo.toml

@@ -3,7 +3,7 @@ name = "libp2p-identify"
 edition = "2021"
 rust-version = { workspace = true }
 description = "Nodes identification protocol for libp2p"
-version = "0.46.0"
+version = "0.47.0"
 authors = ["Parity Technologies <[email protected]>"]
 license = "MIT"
 repository = "https://github.com/libp2p/rust-libp2p"

protocols/identify/src/behaviour.rs

@@ -21,14 +21,17 @@
 use std::{
     collections::{hash_map::Entry, HashMap, HashSet, VecDeque},
     num::NonZeroUsize,
+    sync::Arc,
     task::{Context, Poll},
     time::Duration,
 };
 
 use libp2p_core::{
-    multiaddr, multiaddr::Protocol, transport::PortUse, ConnectedPoint, Endpoint, Multiaddr,
+    multiaddr::{self, Protocol},
+    transport::PortUse,
+    ConnectedPoint, Endpoint, Multiaddr,
 };
-use libp2p_identity::{PeerId, PublicKey};
+use libp2p_identity::{Keypair, PeerId, PublicKey};
 use libp2p_swarm::{
     behaviour::{ConnectionClosed, ConnectionEstablished, DialFailure, FromSwarm},
     ConnectionDenied, ConnectionId, DialError, ExternalAddresses, ListenAddresses,
@@ -117,8 +120,10 @@ pub struct Config {
     /// Application-specific version of the protocol family used by the peer,
     /// e.g. `ipfs/1.0.0` or `polkadot/1.0.0`.
     protocol_version: String,
-    /// The public key of the local node. To report on the wire.
-    local_public_key: PublicKey,
+    /// The key of the local node. Only the public key will be report on the wire.  
+    /// The behaviour will send signed [`PeerRecord`](libp2p_core::PeerRecord) in
+    /// its identify message only when supplied with a keypair.  
+    local_key: Arc<KeyType>,
     /// Name and version of the local peer implementation, similar to the
     /// `User-Agent` header in the HTTP protocol.
     ///
@@ -156,12 +161,26 @@ pub struct Config {
 
 impl Config {
     /// Creates a new configuration for the identify [`Behaviour`] that
-    /// advertises the given protocol version and public key.
+    /// advertises the given protocol version and public key.  
+    /// Use [`new_with_signed_peer_record`](Config::new_with_signed_peer_record) for
+    /// `signedPeerRecord` support.
     pub fn new(protocol_version: String, local_public_key: PublicKey) -> Self {
+        Self::new_with_key(protocol_version, local_public_key)
+    }
+
+    /// Creates a new configuration for the identify [`Behaviour`] that
+    /// advertises the given protocol version and public key.  
+    /// The private key will be used to sign [`PeerRecord`](libp2p_core::PeerRecord)
+    /// for verifiable address advertisement.
+    pub fn new_with_signed_peer_record(protocol_version: String, local_keypair: &Keypair) -> Self {
+        Self::new_with_key(protocol_version, local_keypair)
+    }
+
+    fn new_with_key(protocol_version: String, key: impl Into<KeyType>) -> Self {
         Self {
             protocol_version,
             agent_version: format!("rust-libp2p/{}", env!("CARGO_PKG_VERSION")),
-            local_public_key,
+            local_key: Arc::new(key.into()),
             interval: Duration::from_secs(5 * 60),
             push_listen_addr_updates: false,
             cache_size: 100,
@@ -209,7 +228,7 @@ impl Config {
 
     /// Get the local public key of the Config.
     pub fn local_public_key(&self) -> &PublicKey {
-        &self.local_public_key
+        self.local_key.public_key()
     }
 
     /// Get the agent version of the Config.
@@ -380,7 +399,7 @@ impl NetworkBehaviour for Behaviour {
         Ok(Handler::new(
             self.config.interval,
             peer,
-            self.config.local_public_key.clone(),
+            self.config.local_key.clone(),
             self.config.protocol_version.clone(),
             self.config.agent_version.clone(),
             remote_addr.clone(),
@@ -413,7 +432,7 @@ impl NetworkBehaviour for Behaviour {
         Ok(Handler::new(
             self.config.interval,
             peer,
-            self.config.local_public_key.clone(),
+            self.config.local_key.clone(),
             self.config.protocol_version.clone(),
             self.config.agent_version.clone(),
             // TODO: This is weird? That is the public address we dialed,
@@ -670,6 +689,37 @@ impl PeerCache {
     }
 }
 
+#[derive(Debug, Clone)]
+#[allow(clippy::large_enum_variant)]
+pub(crate) enum KeyType {
+    PublicKey(PublicKey),
+    Keypair {
+        keypair: Keypair,
+        public_key: PublicKey,
+    },
+}
+impl From<PublicKey> for KeyType {
+    fn from(value: PublicKey) -> Self {
+        Self::PublicKey(value)
+    }
+}
+impl From<&Keypair> for KeyType {
+    fn from(value: &Keypair) -> Self {
+        Self::Keypair {
+            public_key: value.public(),
+            keypair: value.clone(),
+        }
+    }
+}
+impl KeyType {
+    pub(crate) fn public_key(&self) -> &PublicKey {
+        match &self {
+            KeyType::PublicKey(pubkey) => pubkey,
+            KeyType::Keypair { public_key, .. } => public_key,
+        }
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

protocols/identify/src/generated/structs.proto

@@ -24,4 +24,12 @@ message Identify {
   optional bytes observedAddr = 4;
 
   repeated string protocols = 3;
+
+  // signedPeerRecord contains a serialized SignedEnvelope containing a PeerRecord,
+  // signed by the sending node. It contains the same addresses as the listenAddrs field, but
+  // in a form that lets us share authenticated addrs with other peers.
+  // see https://github.com/libp2p/rust-libp2p/blob/8ac5b5aac5f5c25a85f1065e292deeaf58290189/core/src/generated/envelope.proto#L12 
+  // and https://github.com/libp2p/rust-libp2p/blob/8ac5b5aac5f5c25a85f1065e292deeaf58290189/core/src/generated/peer_record.proto#L11 
+  // for message definitions.
+  optional bytes signedPeerRecord = 8;
 }

protocols/identify/src/generated/structs.rs

@@ -22,6 +22,7 @@ pub struct Identify {
     pub listenAddrs: Vec<Vec<u8>>,
     pub observedAddr: Option<Vec<u8>>,
     pub protocols: Vec<String>,
+    pub signedPeerRecord: Option<Vec<u8>>,
 }
 
 impl<'a> MessageRead<'a> for Identify {
@@ -35,6 +36,7 @@ impl<'a> MessageRead<'a> for Identify {
                 Ok(18) => msg.listenAddrs.push(r.read_bytes(bytes)?.to_owned()),
                 Ok(34) => msg.observedAddr = Some(r.read_bytes(bytes)?.to_owned()),
                 Ok(26) => msg.protocols.push(r.read_string(bytes)?.to_owned()),
+                Ok(66) => msg.signedPeerRecord = Some(r.read_bytes(bytes)?.to_owned()),
                 Ok(t) => { r.read_unknown(bytes, t)?; }
                 Err(e) => return Err(e),
             }
@@ -52,6 +54,7 @@ impl MessageWrite for Identify {
         + self.listenAddrs.iter().map(|s| 1 + sizeof_len((s).len())).sum::<usize>()
         + self.observedAddr.as_ref().map_or(0, |m| 1 + sizeof_len((m).len()))
         + self.protocols.iter().map(|s| 1 + sizeof_len((s).len())).sum::<usize>()
+        + self.signedPeerRecord.as_ref().map_or(0, |m| 1 + sizeof_len((m).len()))
     }
 
     fn write_message<W: WriterBackend>(&self, w: &mut Writer<W>) -> Result<()> {
@@ -61,6 +64,7 @@ impl MessageWrite for Identify {
         for s in &self.listenAddrs { w.write_with_tag(18, |w| w.write_bytes(&**s))?; }
         if let Some(ref s) = self.observedAddr { w.write_with_tag(34, |w| w.write_bytes(&**s))?; }
         for s in &self.protocols { w.write_with_tag(26, |w| w.write_string(&**s))?; }
+        if let Some(ref s) = self.signedPeerRecord { w.write_with_tag(66, |w| w.write_bytes(&**s))?; }
         Ok(())
     }
 }

protocols/identify/src/handler.rs

@@ -20,6 +20,7 @@
 
 use std::{
     collections::HashSet,
+    sync::Arc,
     task::{Context, Poll},
     time::Duration,
 };
@@ -32,7 +33,7 @@ use libp2p_core::{
     upgrade::{ReadyUpgrade, SelectUpgrade},
     Multiaddr,
 };
-use libp2p_identity::{PeerId, PublicKey};
+use libp2p_identity::PeerId;
 use libp2p_swarm::{
     handler::{
         ConnectionEvent, DialUpgradeError, FullyNegotiatedInbound, FullyNegotiatedOutbound,
@@ -45,8 +46,8 @@ use smallvec::SmallVec;
 use tracing::Level;
 
 use crate::{
-    protocol,
-    protocol::{Info, PushInfo, UpgradeError},
+    behaviour::KeyType,
+    protocol::{self, Info, PushInfo, UpgradeError},
     PROTOCOL_NAME, PUSH_PROTOCOL_NAME,
 };
 
@@ -80,8 +81,8 @@ pub struct Handler {
     /// The interval of `trigger_next_identify`, i.e. the recurrent delay.
     interval: Duration,
 
-    /// The public key of the local peer.
-    public_key: PublicKey,
+    /// The key of the local peer.
+    local_key: Arc<KeyType>,
 
     /// Application-specific version of the protocol family used by the peer,
     /// e.g. `ipfs/1.0.0` or `polkadot/1.0.0`.
@@ -125,10 +126,10 @@ pub enum Event {
 
 impl Handler {
     /// Creates a new `Handler`.
-    pub fn new(
+    pub(crate) fn new(
         interval: Duration,
         remote_peer_id: PeerId,
-        public_key: PublicKey,
+        local_key: Arc<KeyType>,
         protocol_version: String,
         agent_version: String,
         observed_addr: Multiaddr,
@@ -144,7 +145,7 @@ impl Handler {
             trigger_next_identify: Delay::new(Duration::ZERO),
             exchanged_one_periodic_identify: false,
             interval,
-            public_key,
+            local_key,
             protocol_version,
             agent_version,
             observed_addr,
@@ -226,13 +227,23 @@ impl Handler {
     }
 
     fn build_info(&mut self) -> Info {
+        let signed_envelope = match self.local_key.as_ref() {
+            KeyType::PublicKey(_) => None,
+            KeyType::Keypair { keypair, .. } => libp2p_core::PeerRecord::new(
+                keypair,
+                Vec::from_iter(self.external_addresses.iter().cloned()),
+            )
+            .ok()
+            .map(|r| r.into_signed_envelope()),
+        };
         Info {
-            public_key: self.public_key.clone(),
+            public_key: self.local_key.public_key().clone(),
             protocol_version: self.protocol_version.clone(),
             agent_version: self.agent_version.clone(),
             listen_addrs: Vec::from_iter(self.external_addresses.iter().cloned()),
             protocols: Vec::from_iter(self.local_supported_protocols.iter().cloned()),
             observed_addr: self.observed_addr.clone(),
+            signed_peer_record: signed_envelope,
         }
     }