Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Private Networks - First Implementation #3313

Closed
Kubuxu opened this issue Oct 17, 2016 · 21 comments
Closed

Private Networks - First Implementation #3313

Kubuxu opened this issue Oct 17, 2016 · 21 comments
Labels
topic/encryption Topic encryption topic/libp2p Topic libp2p

Comments

@Kubuxu
Copy link
Member

Kubuxu commented Oct 17, 2016

As private networks are adoption blockers for and few important cases were raised for them, I would like to describe to you our first take on Private Networks.

For the first implementation only Pre-shared Key functionality will be available, given the timeframe and complexity Public Key Infrastructure would be just too complex and needs more talk and preparation. PSK based approach will unblock some of the users and allow them to start using IPFS.

The key will be just one per instance of libp2p Swarm, and thus one per IPFS daemon. This clears up corner cases of "what if the node connects to private and public network at the same time".

We wanted to make it key-per-listen-address but it would be too complex.


The crypto was changed but it will be symmetric encryption.


The PSK will be stored inside swarm.key (if there is better place for it, please comment) file in repo with text based multicoded, occupying /key/swarm/psk/1.0.0/ as a name. Following it is a second text based multicodec defining base encoding of the following data, thus allowing the keys to be either typed easily manually (base16, base58), transferred over clipboard and shell without problems (base64) or can be also purely binary if you wish so.

Example:

 > cat $IPFS_PATH/swarm.key
/key/swarm/psk/1.0.0/
/b16/
FFFF

This is of course very weak key but it works as an example.


This feature is planned to be done at the end of the November, but it might be earlier. It is already in progress, testing it will take a while.

Part of: #1633
Resolves partially: ipfs/notes#146
Relates to: #1633

@Kubuxu Kubuxu added status/in-progress In progress topic/libp2p Topic libp2p topic/encryption Topic encryption labels Oct 17, 2016
@Kubuxu Kubuxu self-assigned this Oct 17, 2016
@Kubuxu
Copy link
Member Author

Kubuxu commented Oct 17, 2016

cc @whyrusleeping

@Kubuxu Kubuxu changed the title Private Networks - First Implemnetation Private Networks - First Implementation Oct 17, 2016
@whyrusleeping
Copy link
Member

cc @jbenet for review. This is the initial implementation that @Kubuxu and I have been discussing.

@cpacia
Copy link

cpacia commented Oct 18, 2016

but is secio specific, when we move away from it we will have to rethink it.

What is the plan to move away from secio?

@Kubuxu
Copy link
Member Author

Kubuxu commented Oct 18, 2016

@cpacia to keep things on topic in this issue I will link an issue from this comment when we have clean writeup about this.

@jbenet
Copy link
Member

jbenet commented Oct 18, 2016

@cpacia the gist is we'll support TLS 1.3 in the future.

@jbenet
Copy link
Member

jbenet commented Oct 19, 2016

@Kubuxu:

I don't think we should be doing this inside secio. We've discussed elsewhere that this feature should to be a wrapper around the entire connection, so that all bytes (starting from the first multistream) are encrypted, and so that it works around different other secure transports. We can adjust our viewpoint on this, but let's investigate other possibilities first.

Relevant here will be to measure the overhead of symmetric encryption (AES-CTR, AES-GCM, or ChaCha/Poly1305).


from previous discussions:

Requirements:

  • every byte should be encrypted with the key. transport should not show it is ipfs. (i.e. encrypt even the first multistream handshakes). This gives private networks a better chance through censored networks.
  • solve once, not per authenticated transport. we wont have the ability to modify all transports.
  • use symmetric keys, allow choice of AES or ChaCha
  • non-network nodes must not get stuck trying to dial us over and over (which could happen if the multistream handshake works but the auth channel fails inexplicably)
  • ideally 0 RTT - it should not add any RTTs
  • ideally no MAC overhead (non auth is ok in wrappers, as long as we auth in internal cipher)

Some constructions we've thrown around before: ipfs/notes#177

@Kubuxu
Copy link
Member Author

Kubuxu commented Oct 20, 2016

I have sent a new XSalsa20 based suggestion in the ipfs/notes#177.

@Kubuxu
Copy link
Member Author

Kubuxu commented Oct 20, 2016

I have benchmarked AES-CBC and XSalsa20 (including nonce change per round) and XSalsa20 is clear winner here:

On i7-6800k:
BenchmarkEncryptAesCbc-12           500000          3541 ns/op     406.57 MB/s
BenchmarkDescryptAesCbc-12          500000          3007 ns/op     478.76 MB/s
BenchmarkXSalsa20-12               1000000          1670 ns/op     854.37 MB/s

On RPi 3:
BenchmarkEncryptAesCbc-4           10000        203769 ns/op       7.07 MB/s
BenchmarkDescryptAesCbc-4          10000        202064 ns/op       7.13 MB/s
BenchmarkXSalsa20-4                10000        107729 ns/op      13.25 MB/s

The schema I described here, should fit all goals of this layer: high performance, nonce uniqueness (192bit), no re-keying, no per-packet overhead and it is 0-RTT.

@Kubuxu
Copy link
Member Author

Kubuxu commented Nov 28, 2016

This is right now blocked on @jbenet finishing review on pnet code.

@Kubuxu Kubuxu added status/blocked Unable to be worked further until needs are met status/ready Ready to be worked and removed status/in-progress In progress labels Nov 28, 2016
@Kubuxu Kubuxu assigned Kubuxu and unassigned Kubuxu Dec 5, 2016
@mbialon
Copy link

mbialon commented Feb 15, 2017

I've tried to build the feat/pnet branch but I got the following error.

installing package: go-libp2p-pnet-0.1.1
  - QmRicHyjxHoiB6bY8bT8k9GoiiDKUS2DU5J23g7DPcZsXb not found locally, fetching into /Users/marcin/go/src/gx/ipfs/QmRicHyjxHoiB6bY8bT8k9GoiiDKUS2DU5J23g7DPcZsXb
  - QmbyJsuKfxWmcCMfHEGvqofjV8U3QP8ZQxDeAy1GmY9dW1 not found locally, fetching into /Users/marcin/go/src/gx/ipfs/QmbyJsuKfxWmcCMfHEGvqofjV8U3QP8ZQxDeAy1GmY9dW1
  - QmP6H1kAKEHohE2U4GE4PiiRtXp37L5Bxfwi4EvxV7Jn5K not found locally, fetching into /Users/marcin/go/src/gx/ipfs/QmP6H1kAKEHohE2U4GE4PiiRtXp37L5Bxfwi4EvxV7Jn5K
  - fetching QmRicHyjxHoiB6bY8bT8k9GoiiDKUS2DU5J23g7DPcZsXb via ipfs api
  - fetching QmbyJsuKfxWmcCMfHEGvqofjV8U3QP8ZQxDeAy1GmY9dW1 via ipfs api
  - fetching QmP6H1kAKEHohE2U4GE4PiiRtXp37L5Bxfwi4EvxV7Jn5K via ipfs api
  - fetch finished in 1.517754009s
  - fetch QmbyJsuKfxWmcCMfHEGvqofjV8U3QP8ZQxDeAy1GmY9dW1 complete!
[1 / 5] fetched dep: go-libp2p-dummy-conn
  - fetch finished in 1.983279134s
  - fetch QmP6H1kAKEHohE2U4GE4PiiRtXp37L5Bxfwi4EvxV7Jn5K complete!
[2 / 5] fetched dep: go-multicodec


ipfs-shell: warning! unhandled response encoding: text/htmlERROR: from shell.Get(): &shell.Error{Command:"get", Message:"unknown ipfs-shell error encoding: \"text/html\" - \"<html>\\r\\n<head><title>504 Gateway Time-out</title></head>\\r\\n<body bgcolor=\\\"white\\\">\\r\\n<center><h1>504 Gateway Time-out</h1></center>\\r\\n<hr><center>nginx/1.10.1</center>\\r\\n</body>\\r\\n</html>\\r\\n\"", Code:0}
retrying fetch QmRicHyjxHoiB6bY8bT8k9GoiiDKUS2DU5J23g7DPcZsXb after a second...

Would it be possible to build and test the private networks feature?

@Kubuxu
Copy link
Member Author

Kubuxu commented Feb 15, 2017

I should have new version out this week.

@vivekar1234
Copy link

When can we get the latest one...please can you help as we have POC pending

@Kubuxu
Copy link
Member Author

Kubuxu commented Feb 28, 2017

#3697 build available at https://ci.ipfs.team/job/go-ipfs/job/PR-3697/

To generate swarm key use: https://github.com/Kubuxu/go-ipfs-swarm-key-gen

@Kubuxu Kubuxu closed this as completed Mar 2, 2017
@Kubuxu Kubuxu removed the status/ready Ready to be worked label Mar 2, 2017
@hmeine
Copy link

hmeine commented Jul 23, 2017

I would like to evaluate this preview version, but the above ci.ipfs.team-link is no longer valid. Can you provide a new link (and/or maybe two sentences on how one could find an up-to-date link from that site)? Thanks in advance!

@Kubuxu
Copy link
Member Author

Kubuxu commented Jul 23, 2017

It is already released, every version since 0.4.7 supports it and here is more about it: #3397 (comment)

@hmeine
Copy link

hmeine commented Jul 24, 2017

Wow! I missed that, although I watched multiple related issues. Thanks!

@hmeine
Copy link

hmeine commented Jul 24, 2017

OK, so you wanted to get feedback; I just found the first issue: I wanted to use the webui, but the browser would not load the page. At some point (maybe only when stopping the daemon) I got an error message "ipfs resolve -r /ipfs/QmPhnvn747LqwPYMJmQVorMaGbMSgA7mRRoyyZYz3DoZRQ/: Failed to get block for QmPhnvn747LqwPYMJmQVorMaGbMSgA7mRRoyyZYz3DoZRQ", which may be because the webui tries to load the globe(?), but I am not connected to the global swarm.

  • You might say this is by design, and one needs to make sure the data files are available in the local swarm. In that case, I would suggest to add a hint how to efficiently load these files into the local datastore to docs/experimental-features.md.
  • I wonder if it makes sense to add the possibility to specify a second daemon as fall-back for missing blocks? That could allow "read-only" access to the global swarm, while still preventing local files to be seeded to nodes without the PSK.

@Kubuxu
Copy link
Member Author

Kubuxu commented Jul 24, 2017

Yes, webui is mostly fetched on need basis, which means if you are in private network you won't be able to fetch it.

What you could do is start second fresh node, fetch the webui and then add it to private network.

wonder if it makes sense to add the possibility to specify a second daemon as fall-back for missing blocks?

This would just introduce complexity that would have to be supported in future.
I would prefer, instead of doing that, to move on the PKI based private networks with content policies/capabilities but I am afraid it is quite a ways off.

@Kubuxu Kubuxu removed their assignment Jul 24, 2017
@Kubuxu Kubuxu removed the status/blocked Unable to be worked further until needs are met label Jul 24, 2017
@kamaci
Copy link

kamaci commented Mar 7, 2018

@Kubuxu I have some questions on this feature.

  1. Why key generation is not a part of ipfs commands and can be generated via user i.e. https://github.com/Kubuxu/go-ipfs-swarm-key-gen

  2. Is there any solution to encrypt the data send over ipfs nodes to prevent man in the middle attacks?

@bonedaddy
Copy link
Contributor

@kamaci I believe the data is encrpyted via the PSK

@Kubuxu
Copy link
Member Author

Kubuxu commented Jul 9, 2018

@kamaci IPFS by default is using encryption that prevents MitM attacks, it continues to use this encryption when running Private Networks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
topic/encryption Topic encryption topic/libp2p Topic libp2p
Projects
None yet
Development

No branches or pull requests

9 participants