feat(identify): implement signedPeerRecord

core/src/peer_record.rs

@@ -1,11 +1,11 @@
-use libp2p_identity::{Keypair, PeerId, SigningError};
+use libp2p_identity::{Keypair, PeerId, PublicKey, SigningError};
 use quick_protobuf::{BytesReader, Writer};
 use web_time::SystemTime;
 
 use crate::{proto, signed_envelope, signed_envelope::SignedEnvelope, DecodeError, Multiaddr};
 
-const PAYLOAD_TYPE: &str = "/libp2p/routing-state-record";
-const DOMAIN_SEP: &str = "libp2p-routing-state";
+pub const PAYLOAD_TYPE: &str = "/libp2p/routing-state-record";
+pub const DOMAIN_SEP: &str = "libp2p-routing-state";
 
 /// Represents a peer routing record.
 ///
@@ -30,26 +30,7 @@ impl PeerRecord {
     /// If this function succeeds, the [`SignedEnvelope`] contained a peer record with a valid
     /// signature and can hence be considered authenticated.
     pub fn from_signed_envelope(envelope: SignedEnvelope) -> Result<Self, FromEnvelopeError> {
-        use quick_protobuf::MessageRead;
-
-        let (payload, signing_key) =
-            envelope.payload_and_signing_key(String::from(DOMAIN_SEP), PAYLOAD_TYPE.as_bytes())?;
-        let mut reader = BytesReader::from_bytes(payload);
-        let record = proto::PeerRecord::from_reader(&mut reader, payload).map_err(DecodeError)?;
-
-        let peer_id = PeerId::from_bytes(&record.peer_id)?;
-
-        if peer_id != signing_key.to_peer_id() {
-            return Err(FromEnvelopeError::MismatchedSignature);
-        }
-
-        let seq = record.seq;
-        let addresses = record
-            .addresses
-            .into_iter()
-            .map(|a| a.multiaddr.to_vec().try_into())
-            .collect::<Result<Vec<_>, _>>()?;
-
+        let (_, peer_id, seq, addresses) = Self::try_deserialize_signed_envelope(&envelope)?;
         Ok(Self {
             peer_id,
             seq,
@@ -126,6 +107,30 @@ impl PeerRecord {
     pub fn addresses(&self) -> &[Multiaddr] {
         self.addresses.as_slice()
     }
+
+    pub fn try_deserialize_signed_envelope(
+        envelope: &SignedEnvelope,
+    ) -> Result<(&PublicKey, PeerId, u64, Vec<Multiaddr>), FromEnvelopeError> {
+        use quick_protobuf::MessageRead;
+
+        let (payload, signing_key) =
+            envelope.payload_and_signing_key(String::from(DOMAIN_SEP), PAYLOAD_TYPE.as_bytes())?;
+        let mut reader = BytesReader::from_bytes(payload);
+        let record = proto::PeerRecord::from_reader(&mut reader, payload).map_err(DecodeError)?;
+
+        let peer_id = PeerId::from_bytes(&record.peer_id)?;
+
+        if peer_id != signing_key.to_peer_id() {
+            return Err(FromEnvelopeError::MismatchedSignature);
+        }
+
+        let addresses = record
+            .addresses
+            .into_iter()
+            .map(|a| a.multiaddr.to_vec().try_into())
+            .collect::<Result<Vec<_>, _>>()?;
+        Ok((signing_key, peer_id, record.seq, addresses))
+    }
 }
 
 #[derive(thiserror::Error, Debug)]

protocols/identify/src/protocol.rs

@@ -22,7 +22,7 @@
 
 use asynchronous_codec::{FramedRead, FramedWrite};
 use futures::prelude::*;
-use libp2p_core::{multiaddr, Multiaddr, SignedEnvelope};
+use libp2p_core::{multiaddr, Multiaddr, PeerRecord, SignedEnvelope};
 use libp2p_identity as identity;
 use libp2p_identity::PublicKey;
 use libp2p_swarm::StreamProtocol;
@@ -226,16 +226,29 @@
             }
         };
 
+        let signed_peer_record = msg
+            .signedPeerRecord
+            .and_then(|b| SignedEnvelope::from_protobuf_encoding(b.as_ref()).ok());
+
+        // When signedPeerRecord contains valid addresses, ignore addresses in listenAddrs.  
+        // When signedPeerRecord is invalid or signed by others, ignore the signedPeerRecord(set to `None`).  
+        let (signed_peer_record, listen_addrs) = signed_peer_record
+            .as_ref()
+            .and_then(|envelope| PeerRecord::try_deserialize_signed_envelope(&envelope).ok())
+            .and_then(|(envelope_public_key, _, _, addresses)| {
+                (*envelope_public_key == public_key).then_some(addresses)
+            })
+            .map(|addrs| (signed_peer_record, addrs))
+            .unwrap_or_else(|| (None, parse_listen_addrs(msg.listenAddrs)));
+
         let info = Info {
             public_key,
             protocol_version: msg.protocolVersion.unwrap_or_default(),
             agent_version: msg.agentVersion.unwrap_or_default(),
-            listen_addrs: parse_listen_addrs(msg.listenAddrs),
+            listen_addrs,
             protocols: parse_protocols(msg.protocols),
             observed_addr: parse_observed_addr(msg.observedAddr).unwrap_or(Multiaddr::empty()),
-            signed_peer_record: msg
-                .signedPeerRecord
-                .and_then(|b| SignedEnvelope::from_protobuf_encoding(b.as_ref()).ok()),
+            signed_peer_record,
         };
 
         Ok(info)