tony/CHORUS
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
17673c38a668f607d4f8b70f06be183fe7d1b9d2
CHORUS/vendor/github.com/libp2p/go-libp2p-pubsub/sign.go
anthonyrawlins 9bdcbe0447 Integrate BACKBEAT SDK and resolve KACHING license validation 
Major integrations and fixes:
- Added BACKBEAT SDK integration for P2P operation timing
- Implemented beat-aware status tracking for distributed operations
- Added Docker secrets support for secure license management
- Resolved KACHING license validation via HTTPS/TLS
- Updated docker-compose configuration for clean stack deployment
- Disabled rollback policies to prevent deployment failures
- Added license credential storage (CHORUS-DEV-MULTI-001)

Technical improvements:
- BACKBEAT P2P operation tracking with phase management
- Enhanced configuration system with file-based secrets
- Improved error handling for license validation
- Clean separation of KACHING and CHORUS deployment stacks

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-06 07:56:26 +10:00

139 lines
3.4 KiB
Go
Raw Blame History

package pubsub
import (
"fmt"
pb "github.com/libp2p/go-libp2p-pubsub/pb"
"github.com/libp2p/go-libp2p/core/crypto"
"github.com/libp2p/go-libp2p/core/peer"
)
// MessageSignaturePolicy describes if signatures are produced, expected, and/or verified.
type MessageSignaturePolicy uint8
// LaxSign and LaxNoSign are deprecated. In the future msgSigning and msgVerification can be unified.
const (
// msgSigning is set when the locally produced messages must be signed
msgSigning MessageSignaturePolicy = 1 << iota
// msgVerification is set when external messages must be verfied
msgVerification
)
const (
// StrictSign produces signatures and expects and verifies incoming signatures
StrictSign = msgSigning | msgVerification
// StrictNoSign does not produce signatures and drops and penalises incoming messages that carry one
StrictNoSign = msgVerification
// LaxSign produces signatures and validates incoming signatures iff one is present
// Deprecated: it is recommend to either strictly enable, or strictly disable, signatures.
LaxSign = msgSigning
// LaxNoSign does not produce signatures and validates incoming signatures iff one is present
// Deprecated: it is recommend to either strictly enable, or strictly disable, signatures.
LaxNoSign = 0
)
// mustVerify is true when a message signature must be verified.
// If signatures are not expected, verification checks if the signature is absent.
func (policy MessageSignaturePolicy) mustVerify() bool {
return policy&msgVerification != 0
}
// mustSign is true when messages should be signed, and incoming messages are expected to have a signature.
func (policy MessageSignaturePolicy) mustSign() bool {
return policy&msgSigning != 0
}
const SignPrefix = "libp2p-pubsub:"
func verifyMessageSignature(m *pb.Message) error {
pubk, err := messagePubKey(m)
if err != nil {
return err
}
xm := *m
xm.Signature = nil
xm.Key = nil
bytes, err := xm.Marshal()
if err != nil {
return err
}
bytes = withSignPrefix(bytes)
valid, err := pubk.Verify(bytes, m.Signature)
if err != nil {
return err
}
if !valid {
return fmt.Errorf("invalid signature")
}
return nil
}
func messagePubKey(m *pb.Message) (crypto.PubKey, error) {
var pubk crypto.PubKey
pid, err := peer.IDFromBytes(m.From)
if err != nil {
return nil, err
}
if m.Key == nil {
// no attached key, it must be extractable from the source ID
pubk, err = pid.ExtractPublicKey()
if err != nil {
return nil, fmt.Errorf("cannot extract signing key: %s", err.Error())
}
if pubk == nil {
return nil, fmt.Errorf("cannot extract signing key")
}
} else {
pubk, err = crypto.UnmarshalPublicKey(m.Key)
if err != nil {
return nil, fmt.Errorf("cannot unmarshal signing key: %s", err.Error())
}
// verify that the source ID matches the attached key
if !pid.MatchesPublicKey(pubk) {
return nil, fmt.Errorf("bad signing key; source ID %s doesn't match key", pid)
}
}
return pubk, nil
}
func signMessage(pid peer.ID, key crypto.PrivKey, m *pb.Message) error {
bytes, err := m.Marshal()
if err != nil {
return err
}
bytes = withSignPrefix(bytes)
sig, err := key.Sign(bytes)
if err != nil {
return err
}
m.Signature = sig
pk, _ := pid.ExtractPublicKey()
if pk == nil {
pubk, err := crypto.MarshalPublicKey(key.GetPublic())
if err != nil {
return err
}
m.Key = pubk
}
return nil
}
func withSignPrefix(bytes []byte) []byte {
return append([]byte(SignPrefix), bytes...)
}
Reference in New Issue View Git Blame Copy Permalink