go-libp2p-pubsub/sign.go

139 lines
3.4 KiB
Go

package pubsub
import (
"fmt"
pb "github.com/libp2p/go-libp2p-pubsub/pb"
"github.com/libp2p/go-libp2p-core/crypto"
"github.com/libp2p/go-libp2p-core/peer"
)
// MessageSignaturePolicy describes if signatures are produced, expected, and/or verified.
type MessageSignaturePolicy uint8
// LaxSign and LaxNoSign are deprecated. In the future msgSigning and msgVerification can be unified.
const (
// msgSigning is set when the locally produced messages must be signed
msgSigning MessageSignaturePolicy = 1 << iota
// msgVerification is set when external messages must be verfied
msgVerification
)
const (
// StrictSign produces signatures and expects and verifies incoming signatures
StrictSign = msgSigning | msgVerification
// StrictNoSign does not produce signatures and drops and penalises incoming messages that carry one
StrictNoSign = msgVerification
// LaxSign produces signatures and validates incoming signatures iff one is present
// Deprecated: it is recommend to either strictly enable, or strictly disable, signatures.
LaxSign = msgSigning
// LaxNoSign does not produce signatures and validates incoming signatures iff one is present
// Deprecated: it is recommend to either strictly enable, or strictly disable, signatures.
LaxNoSign = 0
)
// mustVerify is true when a message signature must be verified.
// If signatures are not expected, verification checks if the signature is absent.
func (policy MessageSignaturePolicy) mustVerify() bool {
return policy&msgVerification != 0
}
// mustSign is true when messages should be signed, and incoming messages are expected to have a signature.
func (policy MessageSignaturePolicy) mustSign() bool {
return policy&msgSigning != 0
}
const SignPrefix = "libp2p-pubsub:"
func verifyMessageSignature(m *pb.Message) error {
pubk, err := messagePubKey(m)
if err != nil {
return err
}
xm := *m
xm.Signature = nil
xm.Key = nil
bytes, err := xm.Marshal()
if err != nil {
return err
}
bytes = withSignPrefix(bytes)
valid, err := pubk.Verify(bytes, m.Signature)
if err != nil {
return err
}
if !valid {
return fmt.Errorf("invalid signature")
}
return nil
}
func messagePubKey(m *pb.Message) (crypto.PubKey, error) {
var pubk crypto.PubKey
pid, err := peer.IDFromBytes(m.From)
if err != nil {
return nil, err
}
if m.Key == nil {
// no attached key, it must be extractable from the source ID
pubk, err = pid.ExtractPublicKey()
if err != nil {
return nil, fmt.Errorf("cannot extract signing key: %s", err.Error())
}
if pubk == nil {
return nil, fmt.Errorf("cannot extract signing key")
}
} else {
pubk, err = crypto.UnmarshalPublicKey(m.Key)
if err != nil {
return nil, fmt.Errorf("cannot unmarshal signing key: %s", err.Error())
}
// verify that the source ID matches the attached key
if !pid.MatchesPublicKey(pubk) {
return nil, fmt.Errorf("bad signing key; source ID %s doesn't match key", pid)
}
}
return pubk, nil
}
func signMessage(pid peer.ID, key crypto.PrivKey, m *pb.Message) error {
bytes, err := m.Marshal()
if err != nil {
return err
}
bytes = withSignPrefix(bytes)
sig, err := key.Sign(bytes)
if err != nil {
return err
}
m.Signature = sig
pk, _ := pid.ExtractPublicKey()
if pk == nil {
pubk, err := key.GetPublic().Bytes()
if err != nil {
return err
}
m.Key = pubk
}
return nil
}
func withSignPrefix(bytes []byte) []byte {
return append([]byte(SignPrefix), bytes...)
}