monad-peer-discovery: added authenticated udp port to name record

Author: dshulyak

monad-debug-node/src/main.rs

@@ -176,6 +176,7 @@ fn main() -> Result<(), Error> {
                         secp256k1_pubkey: peer.pubkey,
                         name_record_sig: peer.signature,
                         record_seq_num: peer.record_seq_num,
+                        auth_port: peer.auth_port,
                     };
                     peer_configs.push(peer_config);
                 }

monad-executor-glue/src/lib.rs

@@ -269,17 +269,31 @@ pub struct PeerEntry<ST: CertificateSignatureRecoverable> {
 
     pub signature: ST,
     pub record_seq_num: u64,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub auth_port: Option<u16>,
 }
 
 impl<ST: CertificateSignatureRecoverable> Encodable for PeerEntry<ST> {
     fn encode(&self, out: &mut dyn alloy_rlp::BufMut) {
-        let enc: [&dyn Encodable; 4] = [
-            &self.pubkey,
-            &self.addr.to_string(),
-            &self.signature,
-            &self.record_seq_num,
-        ];
-        encode_list::<_, dyn Encodable>(&enc, out);
+        if let Some(auth_port) = self.auth_port {
+            let enc: [&dyn Encodable; 5] = [
+                &self.pubkey,
+                &self.addr.to_string(),
+                &self.signature,
+                &self.record_seq_num,
+                &auth_port,
+            ];
+            encode_list::<_, dyn Encodable>(&enc, out);
+        } else {
+            let enc: [&dyn Encodable; 4] = [
+                &self.pubkey,
+                &self.addr.to_string(),
+                &self.signature,
+                &self.record_seq_num,
+            ];
+            encode_list::<_, dyn Encodable>(&enc, out);
+        }
     }
 }
 
@@ -295,11 +309,18 @@ impl<ST: CertificateSignatureRecoverable> Decodable for PeerEntry<ST> {
         let signature = ST::decode(&mut payload)?;
         let record_seq_num = u64::decode(&mut payload)?;
 
+        let auth_port = if !payload.is_empty() {
+            Some(u16::decode(&mut payload)?)
+        } else {
+            None
+        };
+
         Ok(Self {
             pubkey,
             addr,
             signature,
             record_seq_num,
+            auth_port,
         })
     }
 }
@@ -2497,6 +2518,7 @@ mod tests {
             addr,
             signature,
             record_seq_num,
+            auth_port: None,
         };
         let encoded = alloy_rlp::encode(&entry);
         let decoded: PeerEntry<NopSignature> = alloy_rlp::decode_exact(&encoded).unwrap();

monad-node-config/src/bootstrap.rs

@@ -40,4 +40,7 @@ pub struct NodeBootstrapPeerConfig<ST: CertificateSignatureRecoverable> {
 
     #[serde(bound = "ST: CertificateSignatureRecoverable")]
     pub name_record_sig: ST,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub auth_port: Option<u16>,
 }

monad-node/src/main.rs

@@ -30,11 +30,8 @@ use monad_chain_config::ChainConfig;
 use monad_consensus_state::ConsensusConfig;
 use monad_consensus_types::{metrics::Metrics, validator_data::ValidatorSetDataWithEpoch};
 use monad_control_panel::ipc::ControlPanelIpcReceiver;
-use monad_crypto::{
-    certificate_signature::{
-        CertificateKeyPair, CertificateSignaturePubKey, CertificateSignatureRecoverable, PubKey,
-    },
-    signing_domain,
+use monad_crypto::certificate_signature::{
+    CertificateKeyPair, CertificateSignaturePubKey, CertificateSignatureRecoverable, PubKey,
 };
 use monad_dataplane::DataplaneBuilder;
 use monad_eth_block_policy::EthBlockPolicy;
@@ -591,22 +588,17 @@ where
                     return None;
                 }
             };
-            let name_record = NameRecord::new(*address.ip(), address.port(), peer.record_seq_num);
-
-            // verify signature of name record
-            let mut encoded = Vec::new();
-            name_record.encode(&mut encoded);
-            match peer
-                .name_record_sig
-                .verify::<signing_domain::NameRecord>(&encoded, &peer.secp256k1_pubkey)
-            {
-                Ok(_) => Some((
-                    node_id,
-                    MonadNameRecord {
-                        name_record,
-                        signature: peer.name_record_sig,
-                    },
-                )),
+
+            let peer_entry = monad_executor_glue::PeerEntry {
+                pubkey: peer.secp256k1_pubkey,
+                addr: address,
+                signature: peer.name_record_sig,
+                record_seq_num: peer.record_seq_num,
+                auth_port: peer.auth_port,
+            };
+
+            match MonadNameRecord::try_from(&peer_entry) {
+                Ok(monad_name_record) => Some((node_id, monad_name_record)),
                 Err(_) => {
                     warn!(?node_id, "invalid name record signature in config file");
                     None

monad-peer-disc-swarm/src/driver.rs

@@ -145,9 +145,9 @@ where
         let cmds = match event {
             PeerDiscoveryEvent::SendPing {
                 to,
-                socket_address,
+                name_record,
                 ping,
-            } => self.algo.send_ping(to, socket_address, ping),
+            } => self.algo.send_ping(to, name_record, ping),
             PeerDiscoveryEvent::PingRequest { from, ping } => self.algo.handle_ping(from, ping),
             PeerDiscoveryEvent::PongResponse { from, pong } => self.algo.handle_pong(from, pong),
             PeerDiscoveryEvent::PingTimeout { to, ping_id } => {
@@ -215,7 +215,7 @@ where
                 PeerDiscoveryCommand::RouterCommand { target, message }
                 | PeerDiscoveryCommand::PingPongCommand {
                     target,
-                    socket_address: _,
+                    name_record: _,
                     message,
                 } => router_cmds.push(RouterCommand::Publish {
                     target: RouterTarget::PointToPoint(target),

monad-peer-discovery/src/discovery.rs

@@ -424,7 +424,7 @@ impl<ST: CertificateSignatureRecoverable> PeerDiscovery<ST> {
         self.metrics[GAUGE_PEER_DISC_NUM_PENDING_PEERS] = self.pending_queue.len() as u64;
 
         // send ping to the peer, which will also insert the peer into pending queue
-        Ok(self.send_ping(peer_id, name_record.udp_address(), ping_msg))
+        Ok(self.send_ping(peer_id, name_record.name_record, ping_msg))
     }
 
     fn remove_peer_from_pending(
@@ -619,7 +619,7 @@ where
     fn send_ping(
         &mut self,
         to: NodeId<CertificateSignaturePubKey<ST>>,
-        socket_address: SocketAddrV4,
+        name_record: NameRecord,
         ping: Ping<ST>,
     ) -> Vec<PeerDiscoveryCommand<ST>> {
         debug!(?to, "sending ping request");
@@ -630,7 +630,7 @@ where
 
         cmds.push(PeerDiscoveryCommand::PingPongCommand {
             target: to,
-            socket_address,
+            name_record,
             message: PeerDiscoveryMessage::Ping(ping),
         });
 
@@ -711,7 +711,7 @@ where
         };
         cmds.push(PeerDiscoveryCommand::PingPongCommand {
             target: from,
-            socket_address: ping_msg.local_name_record.udp_address(),
+            name_record: ping_msg.local_name_record.name_record,
             message: PeerDiscoveryMessage::Pong(pong_msg),
         });
         self.metrics[GAUGE_PEER_DISC_SEND_PONG] += 1;
@@ -780,13 +780,13 @@ where
                 cmds.extend(self.remove_peer_from_pending(to));
             } else {
                 // retry ping
-                let socket_address = info.name_record.udp_address();
+                let name_record = info.name_record.name_record.clone();
                 let ping = Ping {
                     id: self.rng.next_u32(),
                     local_name_record: self.self_record.clone(),
                 };
                 info.last_ping = ping.clone();
-                cmds.extend(self.send_ping(to, socket_address, ping));
+                cmds.extend(self.send_ping(to, name_record, ping));
             }
         }
 
@@ -1538,6 +1538,13 @@ where
             .map(|(id, name_record)| (*id, name_record.clone()))
             .collect()
     }
+
+    fn get_name_record(
+        &self,
+        id: &NodeId<CertificateSignaturePubKey<ST>>,
+    ) -> Option<&MonadNameRecord<ST>> {
+        self.routing_info.get(id)
+    }
 }
 
 #[cfg(test)]
@@ -1666,7 +1673,7 @@ mod tests {
             .filter_map(|c| match c {
                 PeerDiscoveryCommand::PingPongCommand {
                     target,
-                    socket_address: _,
+                    name_record: _,
                     message: PeerDiscoveryMessage::Ping(ping),
                 } => Some((target, ping)),
                 _ => None,
@@ -1679,7 +1686,7 @@ mod tests {
             .filter_map(|c| match c {
                 PeerDiscoveryCommand::PingPongCommand {
                     target: _,
-                    socket_address: _,
+                    name_record: _,
                     message: PeerDiscoveryMessage::Pong(pong),
                 } => Some(pong),
                 _ => None,
@@ -1701,7 +1708,8 @@ mod tests {
             id: 12345,
             local_name_record: state.self_record.clone(),
         };
-        let cmds = state.send_ping(peer1_pubkey, DUMMY_ADDR, ping);
+        let peer1_name_record = generate_name_record(peer1, 1).name_record;
+        let cmds = state.send_ping(peer1_pubkey, peer1_name_record, ping);
 
         // should send a ping command and schedule a ping timeout
         assert_eq!(cmds.len(), 2);
@@ -1714,7 +1722,7 @@ mod tests {
         ));
         assert!(matches!(cmds[1], PeerDiscoveryCommand::PingPongCommand {
             target: _,
-            socket_address: _,
+            name_record: _,
             message: PeerDiscoveryMessage::Ping(_)
         }));
     }

monad-peer-discovery/src/driver.rs

@@ -15,7 +15,7 @@
 
 use std::{
     collections::{HashMap, VecDeque},
-    net::{SocketAddr, SocketAddrV4},
+    net::SocketAddr,
     task::{Context, Poll, Waker},
     time::Duration,
 };
@@ -40,7 +40,7 @@ pub enum PeerDiscoveryEmit<ST: CertificateSignatureRecoverable> {
     },
     PingPongCommand {
         target: NodeId<CertificateSignaturePubKey<ST>>,
-        socket_address: SocketAddrV4,
+        name_record: crate::NameRecord,
         message: PeerDiscoveryMessage<ST>,
     },
     MetricsCommand(ExecutorMetrics),
@@ -174,9 +174,9 @@ impl<PD: PeerDiscoveryAlgo> PeerDiscoveryDriver<PD> {
         let cmds = match event {
             PeerDiscoveryEvent::SendPing {
                 to,
-                socket_address,
+                name_record,
                 ping,
-            } => self.pd.send_ping(to, socket_address, ping),
+            } => self.pd.send_ping(to, name_record, ping),
             PeerDiscoveryEvent::PingRequest { from, ping } => self.pd.handle_ping(from, ping),
             PeerDiscoveryEvent::PongResponse { from, pong } => self.pd.handle_pong(from, pong),
             PeerDiscoveryEvent::PingTimeout { to, ping_id } => {
@@ -244,13 +244,13 @@ impl<PD: PeerDiscoveryAlgo> PeerDiscoveryDriver<PD> {
                 }
                 PeerDiscoveryCommand::PingPongCommand {
                     target,
-                    socket_address,
+                    name_record,
                     message,
                 } => {
                     self.pending_emits
                         .push_back(PeerDiscoveryEmit::PingPongCommand {
                             target,
-                            socket_address,
+                            name_record,
                             message,
                         });
 
@@ -309,6 +309,13 @@ impl<PD: PeerDiscoveryAlgo> PeerDiscoveryDriver<PD> {
         self.pd.get_name_records()
     }
 
+    pub fn get_name_record(
+        &self,
+        id: &NodeId<CertificateSignaturePubKey<PD::SignatureType>>,
+    ) -> Option<&MonadNameRecord<PD::SignatureType>> {
+        self.pd.get_name_record(id)
+    }
+
     pub fn metrics(&self) -> &ExecutorMetrics {
         self.pd.metrics()
     }