From d2f7a664d2f748867eb0d1f7465419a4887c45cd Mon Sep 17 00:00:00 2001 From: vyzo Date: Sat, 25 Aug 2018 11:32:02 +0300 Subject: [PATCH 01/16] add signature and key fields to Message --- pb/rpc.pb.go | 207 +++++++++++++++++++++++++++++++++++++-------------- pb/rpc.proto | 2 + 2 files changed, 155 insertions(+), 54 deletions(-) diff --git a/pb/rpc.pb.go b/pb/rpc.pb.go index b4d7bcf1..d7161a39 100644 --- a/pb/rpc.pb.go +++ b/pb/rpc.pb.go @@ -56,7 +56,7 @@ func (x *TopicDescriptor_AuthOpts_AuthMode) UnmarshalJSON(data []byte) error { return nil } func (TopicDescriptor_AuthOpts_AuthMode) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_rpc_9f02422616139c62, []int{7, 0, 0} + return fileDescriptor_rpc_0c4744ec88cf773a, []int{7, 0, 0} } type TopicDescriptor_EncOpts_EncMode int32 @@ -95,7 +95,7 @@ func (x *TopicDescriptor_EncOpts_EncMode) UnmarshalJSON(data []byte) error { return nil } func (TopicDescriptor_EncOpts_EncMode) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_rpc_9f02422616139c62, []int{7, 1, 0} + return fileDescriptor_rpc_0c4744ec88cf773a, []int{7, 1, 0} } type RPC struct { @@ -111,7 +111,7 @@ func (m *RPC) Reset() { *m = RPC{} } func (m *RPC) String() string { return proto.CompactTextString(m) } func (*RPC) ProtoMessage() {} func (*RPC) Descriptor() ([]byte, []int) { - return fileDescriptor_rpc_9f02422616139c62, []int{0} + return fileDescriptor_rpc_0c4744ec88cf773a, []int{0} } func (m *RPC) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -173,7 +173,7 @@ func (m *RPC_SubOpts) Reset() { *m = RPC_SubOpts{} } func (m *RPC_SubOpts) String() string { return proto.CompactTextString(m) } func (*RPC_SubOpts) ProtoMessage() {} func (*RPC_SubOpts) Descriptor() ([]byte, []int) { - return fileDescriptor_rpc_9f02422616139c62, []int{0, 0} + return fileDescriptor_rpc_0c4744ec88cf773a, []int{0, 0} } func (m *RPC_SubOpts) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -221,6 +221,8 @@ type Message struct { Data []byte `protobuf:"bytes,2,opt,name=data" json:"data,omitempty"` Seqno []byte `protobuf:"bytes,3,opt,name=seqno" json:"seqno,omitempty"` TopicIDs []string `protobuf:"bytes,4,rep,name=topicIDs" json:"topicIDs,omitempty"` + Signature []byte `protobuf:"bytes,5,opt,name=signature" json:"signature,omitempty"` + Key []byte `protobuf:"bytes,6,opt,name=key" json:"key,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -230,7 +232,7 @@ func (m *Message) Reset() { *m = Message{} } func (m *Message) String() string { return proto.CompactTextString(m) } func (*Message) ProtoMessage() {} func (*Message) Descriptor() ([]byte, []int) { - return fileDescriptor_rpc_9f02422616139c62, []int{1} + return fileDescriptor_rpc_0c4744ec88cf773a, []int{1} } func (m *Message) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -287,6 +289,20 @@ func (m *Message) GetTopicIDs() []string { return nil } +func (m *Message) GetSignature() []byte { + if m != nil { + return m.Signature + } + return nil +} + +func (m *Message) GetKey() []byte { + if m != nil { + return m.Key + } + return nil +} + type ControlMessage struct { Ihave []*ControlIHave `protobuf:"bytes,1,rep,name=ihave" json:"ihave,omitempty"` Iwant []*ControlIWant `protobuf:"bytes,2,rep,name=iwant" json:"iwant,omitempty"` @@ -301,7 +317,7 @@ func (m *ControlMessage) Reset() { *m = ControlMessage{} } func (m *ControlMessage) String() string { return proto.CompactTextString(m) } func (*ControlMessage) ProtoMessage() {} func (*ControlMessage) Descriptor() ([]byte, []int) { - return fileDescriptor_rpc_9f02422616139c62, []int{2} + return fileDescriptor_rpc_0c4744ec88cf773a, []int{2} } func (m *ControlMessage) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -370,7 +386,7 @@ func (m *ControlIHave) Reset() { *m = ControlIHave{} } func (m *ControlIHave) String() string { return proto.CompactTextString(m) } func (*ControlIHave) ProtoMessage() {} func (*ControlIHave) Descriptor() ([]byte, []int) { - return fileDescriptor_rpc_9f02422616139c62, []int{3} + return fileDescriptor_rpc_0c4744ec88cf773a, []int{3} } func (m *ControlIHave) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -424,7 +440,7 @@ func (m *ControlIWant) Reset() { *m = ControlIWant{} } func (m *ControlIWant) String() string { return proto.CompactTextString(m) } func (*ControlIWant) ProtoMessage() {} func (*ControlIWant) Descriptor() ([]byte, []int) { - return fileDescriptor_rpc_9f02422616139c62, []int{4} + return fileDescriptor_rpc_0c4744ec88cf773a, []int{4} } func (m *ControlIWant) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -471,7 +487,7 @@ func (m *ControlGraft) Reset() { *m = ControlGraft{} } func (m *ControlGraft) String() string { return proto.CompactTextString(m) } func (*ControlGraft) ProtoMessage() {} func (*ControlGraft) Descriptor() ([]byte, []int) { - return fileDescriptor_rpc_9f02422616139c62, []int{5} + return fileDescriptor_rpc_0c4744ec88cf773a, []int{5} } func (m *ControlGraft) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -518,7 +534,7 @@ func (m *ControlPrune) Reset() { *m = ControlPrune{} } func (m *ControlPrune) String() string { return proto.CompactTextString(m) } func (*ControlPrune) ProtoMessage() {} func (*ControlPrune) Descriptor() ([]byte, []int) { - return fileDescriptor_rpc_9f02422616139c62, []int{6} + return fileDescriptor_rpc_0c4744ec88cf773a, []int{6} } func (m *ControlPrune) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -568,7 +584,7 @@ func (m *TopicDescriptor) Reset() { *m = TopicDescriptor{} } func (m *TopicDescriptor) String() string { return proto.CompactTextString(m) } func (*TopicDescriptor) ProtoMessage() {} func (*TopicDescriptor) Descriptor() ([]byte, []int) { - return fileDescriptor_rpc_9f02422616139c62, []int{7} + return fileDescriptor_rpc_0c4744ec88cf773a, []int{7} } func (m *TopicDescriptor) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -630,7 +646,7 @@ func (m *TopicDescriptor_AuthOpts) Reset() { *m = TopicDescriptor_AuthOp func (m *TopicDescriptor_AuthOpts) String() string { return proto.CompactTextString(m) } func (*TopicDescriptor_AuthOpts) ProtoMessage() {} func (*TopicDescriptor_AuthOpts) Descriptor() ([]byte, []int) { - return fileDescriptor_rpc_9f02422616139c62, []int{7, 0} + return fileDescriptor_rpc_0c4744ec88cf773a, []int{7, 0} } func (m *TopicDescriptor_AuthOpts) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -685,7 +701,7 @@ func (m *TopicDescriptor_EncOpts) Reset() { *m = TopicDescriptor_EncOpts func (m *TopicDescriptor_EncOpts) String() string { return proto.CompactTextString(m) } func (*TopicDescriptor_EncOpts) ProtoMessage() {} func (*TopicDescriptor_EncOpts) Descriptor() ([]byte, []int) { - return fileDescriptor_rpc_9f02422616139c62, []int{7, 1} + return fileDescriptor_rpc_0c4744ec88cf773a, []int{7, 1} } func (m *TopicDescriptor_EncOpts) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -883,6 +899,18 @@ func (m *Message) MarshalTo(dAtA []byte) (int, error) { i += copy(dAtA[i:], s) } } + if m.Signature != nil { + dAtA[i] = 0x2a + i++ + i = encodeVarintRpc(dAtA, i, uint64(len(m.Signature))) + i += copy(dAtA[i:], m.Signature) + } + if m.Key != nil { + dAtA[i] = 0x32 + i++ + i = encodeVarintRpc(dAtA, i, uint64(len(m.Key))) + i += copy(dAtA[i:], m.Key) + } if m.XXX_unrecognized != nil { i += copy(dAtA[i:], m.XXX_unrecognized) } @@ -1276,6 +1304,14 @@ func (m *Message) Size() (n int) { n += 1 + l + sovRpc(uint64(l)) } } + if m.Signature != nil { + l = len(m.Signature) + n += 1 + l + sovRpc(uint64(l)) + } + if m.Key != nil { + l = len(m.Key) + n += 1 + l + sovRpc(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -1844,6 +1880,68 @@ func (m *Message) Unmarshal(dAtA []byte) error { } m.TopicIDs = append(m.TopicIDs, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Signature", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRpc + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthRpc + } + postIndex := iNdEx + byteLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Signature = append(m.Signature[:0], dAtA[iNdEx:postIndex]...) + if m.Signature == nil { + m.Signature = []byte{} + } + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRpc + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthRpc + } + postIndex := iNdEx + byteLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Key = append(m.Key[:0], dAtA[iNdEx:postIndex]...) + if m.Key == nil { + m.Key = []byte{} + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipRpc(dAtA[iNdEx:]) @@ -2845,45 +2943,46 @@ var ( ErrIntOverflowRpc = fmt.Errorf("proto: integer overflow") ) -func init() { proto.RegisterFile("rpc.proto", fileDescriptor_rpc_9f02422616139c62) } - -var fileDescriptor_rpc_9f02422616139c62 = []byte{ - // 577 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x93, 0x4d, 0x6e, 0xd3, 0x40, - 0x14, 0xc7, 0x99, 0x38, 0x95, 0xe3, 0x17, 0xb7, 0x54, 0xa3, 0x2e, 0x4c, 0xa8, 0xa2, 0xc8, 0x02, - 0x64, 0x09, 0x64, 0xa4, 0x48, 0x20, 0xb1, 0x41, 0xb4, 0x4d, 0x44, 0x22, 0xd4, 0x26, 0x9a, 0x56, - 0xaa, 0x58, 0xda, 0xce, 0xa4, 0xb1, 0x9a, 0x78, 0x8c, 0x3f, 0x8a, 0x7a, 0x05, 0x0e, 0xc0, 0x71, - 0x58, 0xb3, 0x64, 0xc1, 0x01, 0x50, 0x2e, 0xc0, 0x15, 0xd0, 0xbc, 0x71, 0x3e, 0x1c, 0x9a, 0xaa, - 0xab, 0xbe, 0x99, 0xfe, 0x7e, 0x33, 0xff, 0xf7, 0x3c, 0x01, 0x23, 0x89, 0x03, 0x37, 0x4e, 0x44, - 0x26, 0x68, 0x7d, 0x3c, 0x15, 0x62, 0x94, 0xe6, 0xbe, 0x1b, 0xfb, 0xf6, 0x5f, 0x02, 0x1a, 0x1b, - 0x9e, 0xd0, 0xf7, 0xb0, 0x9b, 0xe6, 0x7e, 0x1a, 0x24, 0x61, 0x9c, 0x85, 0x22, 0x4a, 0x2d, 0xd2, - 0xd2, 0x9c, 0x7a, 0xdb, 0x72, 0xd7, 0x60, 0x97, 0x0d, 0x4f, 0xdc, 0xf3, 0xdc, 0x1f, 0xc4, 0x59, - 0xca, 0xca, 0x38, 0x75, 0x41, 0x8f, 0x73, 0x7f, 0x1a, 0xa6, 0x13, 0xab, 0x82, 0xe6, 0x41, 0xc9, - 0x3c, 0xe5, 0x69, 0xea, 0x5d, 0x71, 0xb6, 0x80, 0xe8, 0x1b, 0xd0, 0x03, 0x11, 0x65, 0x89, 0x98, - 0x5a, 0x5a, 0x8b, 0x38, 0xf5, 0xf6, 0xd3, 0x12, 0x7f, 0xa2, 0xfe, 0xb7, 0xd4, 0x0a, 0xb6, 0x71, - 0x04, 0x7a, 0x11, 0x80, 0x1e, 0x82, 0x51, 0x44, 0xf0, 0xb9, 0x45, 0x5a, 0xc4, 0xa9, 0xb1, 0xd5, - 0x06, 0xb5, 0x40, 0xcf, 0x44, 0x1c, 0x06, 0xe1, 0xc8, 0xaa, 0xb4, 0x88, 0x63, 0xb0, 0xc5, 0xd2, - 0x0e, 0x40, 0x2f, 0x8e, 0xa5, 0x14, 0xaa, 0xe3, 0x44, 0xcc, 0xd0, 0x36, 0x19, 0xd6, 0x72, 0x6f, - 0xe4, 0x65, 0x1e, 0x5a, 0x26, 0xc3, 0x9a, 0x1e, 0xc0, 0x4e, 0xca, 0xbf, 0x44, 0x02, 0xa3, 0x9a, - 0x4c, 0x2d, 0x68, 0x03, 0x6a, 0x78, 0x66, 0xbf, 0x93, 0x5a, 0xd5, 0x96, 0xe6, 0x18, 0x6c, 0xb9, - 0xb6, 0x7f, 0x13, 0xd8, 0x2b, 0xf7, 0x40, 0x5f, 0xc3, 0x4e, 0x38, 0xf1, 0x6e, 0x78, 0x31, 0xd9, - 0x27, 0x77, 0xf5, 0xdb, 0xef, 0x79, 0x37, 0x9c, 0x29, 0x0e, 0x85, 0xaf, 0x5e, 0x94, 0x15, 0x03, - 0xbd, 0x5b, 0xb8, 0xf4, 0xa2, 0x8c, 0x29, 0x4e, 0x0a, 0x57, 0x89, 0x37, 0xce, 0x2c, 0x6d, 0xbb, - 0xf0, 0x51, 0x02, 0x4c, 0x71, 0x52, 0x88, 0x93, 0x3c, 0xe2, 0x18, 0x7f, 0x8b, 0x30, 0x94, 0x00, - 0x53, 0x9c, 0xdd, 0x03, 0x73, 0x3d, 0xe9, 0x72, 0xca, 0xfd, 0x0e, 0xce, 0x70, 0x31, 0xe5, 0x7e, - 0x87, 0x36, 0x01, 0x66, 0xaa, 0x71, 0x39, 0x9e, 0x0a, 0x8e, 0x67, 0x6d, 0xc7, 0x76, 0x57, 0x27, - 0xc9, 0x16, 0x36, 0x78, 0xf2, 0x1f, 0xef, 0x2c, 0x79, 0xec, 0x60, 0xfb, 0xcd, 0x6b, 0x24, 0x46, - 0xbf, 0x87, 0xfc, 0xa1, 0xc1, 0xe3, 0x0b, 0x59, 0x77, 0xb8, 0x7a, 0xc9, 0x22, 0x91, 0x9f, 0x3f, - 0xf2, 0x66, 0xbc, 0x40, 0xb1, 0xa6, 0xef, 0xa0, 0xea, 0xe5, 0xd9, 0x04, 0x9f, 0x44, 0xbd, 0xfd, - 0xbc, 0x34, 0xa5, 0x0d, 0xdf, 0x3d, 0xca, 0xb3, 0x09, 0xfe, 0x3e, 0x50, 0xa1, 0x6f, 0x41, 0xe3, - 0x51, 0x50, 0x3c, 0xf1, 0x67, 0xf7, 0x9a, 0xdd, 0x28, 0x40, 0x51, 0x0a, 0x8d, 0x6f, 0x04, 0x6a, - 0x8b, 0xa3, 0xe8, 0x31, 0x54, 0x67, 0x62, 0xa4, 0x32, 0xed, 0xb5, 0xdd, 0x07, 0xdd, 0x8f, 0xc5, - 0xa9, 0x18, 0x71, 0x86, 0xae, 0xec, 0xeb, 0x9a, 0xdf, 0xaa, 0x2f, 0x61, 0x32, 0xac, 0xed, 0x17, - 0xea, 0x0e, 0x49, 0xd1, 0x1a, 0x54, 0xcf, 0x06, 0x67, 0xdd, 0xfd, 0x47, 0x54, 0x07, 0xed, 0x53, - 0xf7, 0xf3, 0x3e, 0x91, 0xc5, 0xe5, 0xe0, 0x62, 0xbf, 0xd2, 0xf8, 0x4e, 0x40, 0x2f, 0xd2, 0xd1, - 0x0f, 0xa5, 0x2c, 0xaf, 0x1e, 0xd2, 0x91, 0xfc, 0xbb, 0x96, 0xe4, 0x10, 0x8c, 0x6b, 0x7e, 0xdb, - 0xf3, 0xd2, 0x09, 0x5f, 0xc4, 0x59, 0x6d, 0xd8, 0x2f, 0xf1, 0xaa, 0x8d, 0x48, 0xbb, 0x60, 0x9c, - 0xf7, 0x8e, 0x58, 0xb7, 0x53, 0x0e, 0x76, 0x6c, 0xfe, 0x9c, 0x37, 0xc9, 0xaf, 0x79, 0x93, 0xfc, - 0x99, 0x37, 0xc9, 0xbf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x80, 0x05, 0xeb, 0x9d, 0xe3, 0x04, 0x00, - 0x00, +func init() { proto.RegisterFile("rpc.proto", fileDescriptor_rpc_0c4744ec88cf773a) } + +var fileDescriptor_rpc_0c4744ec88cf773a = []byte{ + // 602 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x93, 0xcd, 0x6e, 0xd3, 0x40, + 0x10, 0xc7, 0xd9, 0x38, 0xc5, 0xf1, 0xc4, 0x2d, 0xd1, 0xaa, 0x07, 0x13, 0xaa, 0x28, 0xb2, 0x00, + 0x59, 0x02, 0x19, 0x29, 0x12, 0x48, 0x5c, 0x10, 0x6d, 0x13, 0x91, 0x08, 0xf5, 0x43, 0xdb, 0x4a, + 0x15, 0xc7, 0xb5, 0xb3, 0x6d, 0xac, 0x36, 0x5e, 0x63, 0xaf, 0x8b, 0xfa, 0x0a, 0x5c, 0x91, 0x78, + 0x1c, 0xce, 0x1c, 0x39, 0xf0, 0x00, 0xa8, 0x2f, 0xc0, 0x2b, 0xa0, 0x1d, 0x3b, 0x1f, 0x2e, 0x4d, + 0xd5, 0x53, 0x66, 0x27, 0xff, 0xdf, 0xce, 0x7f, 0x66, 0xd6, 0x60, 0xa5, 0x49, 0xe8, 0x27, 0xa9, + 0x54, 0x92, 0x36, 0x4f, 0x2f, 0xa4, 0x1c, 0x67, 0x79, 0xe0, 0x27, 0x81, 0xfb, 0x97, 0x80, 0xc1, + 0x0e, 0x77, 0xe9, 0x3b, 0x58, 0xcf, 0xf2, 0x20, 0x0b, 0xd3, 0x28, 0x51, 0x91, 0x8c, 0x33, 0x87, + 0x74, 0x0d, 0xaf, 0xd9, 0x73, 0xfc, 0x25, 0xb1, 0xcf, 0x0e, 0x77, 0xfd, 0xa3, 0x3c, 0x38, 0x48, + 0x54, 0xc6, 0xaa, 0x72, 0xea, 0x83, 0x99, 0xe4, 0xc1, 0x45, 0x94, 0x4d, 0x9c, 0x1a, 0x92, 0x9b, + 0x15, 0x72, 0x4f, 0x64, 0x19, 0x3f, 0x13, 0x6c, 0x26, 0xa2, 0xaf, 0xc1, 0x0c, 0x65, 0xac, 0x52, + 0x79, 0xe1, 0x18, 0x5d, 0xe2, 0x35, 0x7b, 0x4f, 0x2a, 0xfa, 0xdd, 0xe2, 0xbf, 0x39, 0x56, 0x6a, + 0xdb, 0xdb, 0x60, 0x96, 0x06, 0xe8, 0x16, 0x58, 0xa5, 0x85, 0x40, 0x38, 0xa4, 0x4b, 0xbc, 0x06, + 0x5b, 0x24, 0xa8, 0x03, 0xa6, 0x92, 0x49, 0x14, 0x46, 0x63, 0xa7, 0xd6, 0x25, 0x9e, 0xc5, 0x66, + 0x47, 0xf7, 0x1b, 0x01, 0xb3, 0xbc, 0x97, 0x52, 0xa8, 0x9f, 0xa6, 0x72, 0x8a, 0xb8, 0xcd, 0x30, + 0xd6, 0xb9, 0x31, 0x57, 0x1c, 0x31, 0x9b, 0x61, 0x4c, 0x37, 0x61, 0x2d, 0x13, 0x9f, 0x63, 0x89, + 0x5e, 0x6d, 0x56, 0x1c, 0x68, 0x1b, 0x1a, 0x78, 0xe9, 0xa8, 0x9f, 0x39, 0xf5, 0xae, 0xe1, 0x59, + 0x6c, 0x7e, 0x46, 0x77, 0xd1, 0x59, 0xcc, 0x55, 0x9e, 0x0a, 0x67, 0x0d, 0xa9, 0x45, 0x82, 0xb6, + 0xc0, 0x38, 0x17, 0x57, 0xce, 0x43, 0xcc, 0xeb, 0xd0, 0xfd, 0x4d, 0x60, 0xa3, 0xda, 0x34, 0x7d, + 0x05, 0x6b, 0xd1, 0x84, 0x5f, 0x8a, 0x72, 0x15, 0x8f, 0x6f, 0x1b, 0xd0, 0x68, 0xc8, 0x2f, 0x05, + 0x2b, 0x74, 0x08, 0x7c, 0xe1, 0xb1, 0x2a, 0x37, 0x70, 0x3b, 0x70, 0xc2, 0x63, 0xc5, 0x0a, 0x9d, + 0x06, 0xce, 0x52, 0x7e, 0xaa, 0x1c, 0x63, 0x35, 0xf0, 0x41, 0x0b, 0x58, 0xa1, 0xd3, 0x40, 0x92, + 0xe6, 0xb1, 0xc0, 0x76, 0x57, 0x00, 0x87, 0x5a, 0xc0, 0x0a, 0x9d, 0x3b, 0x04, 0x7b, 0xd9, 0xe9, + 0x7c, 0x2d, 0xa3, 0x3e, 0xce, 0x7c, 0xb6, 0x96, 0x51, 0x9f, 0x76, 0x00, 0xa6, 0x45, 0xe3, 0x7a, + 0x9c, 0x35, 0x1c, 0xe7, 0x52, 0xc6, 0xf5, 0x17, 0x37, 0xe9, 0x16, 0x6e, 0xe8, 0xc9, 0x7f, 0x7a, + 0x6f, 0xae, 0xc7, 0x0e, 0x56, 0x57, 0x5e, 0x52, 0xa2, 0xf5, 0x3b, 0x94, 0x3f, 0x0c, 0x78, 0x74, + 0xac, 0xe3, 0xbe, 0x28, 0x9e, 0xbe, 0x4c, 0xf5, 0x73, 0x89, 0xf9, 0x54, 0x94, 0x52, 0x8c, 0xe9, + 0x5b, 0xa8, 0xf3, 0x5c, 0x4d, 0xf0, 0x09, 0x35, 0x7b, 0xcf, 0x2a, 0x53, 0xba, 0xc1, 0xfb, 0xdb, + 0xb9, 0x9a, 0xe0, 0x07, 0x85, 0x08, 0x7d, 0x03, 0x86, 0x88, 0xc3, 0xf2, 0x9b, 0x78, 0x7a, 0x27, + 0x39, 0x88, 0x43, 0x04, 0x35, 0xd0, 0xfe, 0x4a, 0xa0, 0x31, 0xbb, 0x8a, 0xee, 0x40, 0x7d, 0x2a, + 0xc7, 0x85, 0xa7, 0x8d, 0x9e, 0x7f, 0xaf, 0xfa, 0x18, 0xec, 0xc9, 0xb1, 0x60, 0xc8, 0xea, 0xbe, + 0xce, 0xc5, 0x55, 0xb1, 0x09, 0x9b, 0x61, 0xec, 0x3e, 0x2f, 0x6a, 0x68, 0x15, 0x6d, 0x40, 0x7d, + 0xff, 0x60, 0x7f, 0xd0, 0x7a, 0x40, 0x4d, 0x30, 0x3e, 0x0e, 0x3e, 0xb5, 0x88, 0x0e, 0x4e, 0x0e, + 0x8e, 0x5b, 0xb5, 0xf6, 0x77, 0x02, 0x66, 0xe9, 0x8e, 0xbe, 0xaf, 0x78, 0x79, 0x79, 0x9f, 0x8e, + 0xf4, 0xef, 0x92, 0x93, 0x2d, 0xb0, 0xce, 0xc5, 0xd5, 0x90, 0x67, 0x13, 0x31, 0xb3, 0xb3, 0x48, + 0xb8, 0x2f, 0xb0, 0xd4, 0x0d, 0x4b, 0xeb, 0x60, 0x1d, 0x0d, 0xb7, 0xd9, 0xa0, 0x5f, 0x35, 0xb6, + 0x63, 0xff, 0xbc, 0xee, 0x90, 0x5f, 0xd7, 0x1d, 0xf2, 0xe7, 0xba, 0x43, 0xfe, 0x05, 0x00, 0x00, + 0xff, 0xff, 0x6e, 0x39, 0x18, 0xab, 0x14, 0x05, 0x00, 0x00, } diff --git a/pb/rpc.proto b/pb/rpc.proto index 48030909..2cca4773 100644 --- a/pb/rpc.proto +++ b/pb/rpc.proto @@ -19,6 +19,8 @@ message Message { optional bytes data = 2; optional bytes seqno = 3; repeated string topicIDs = 4; + optional bytes signature = 5; + optional bytes key = 6; } message ControlMessage { From 64aab3485a3e751970a6a5c44f183a2f9ed525e9 Mon Sep 17 00:00:00 2001 From: vyzo Date: Sat, 25 Aug 2018 11:58:12 +0300 Subject: [PATCH 02/16] scaffolding for signature validation --- pubsub.go | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/pubsub.go b/pubsub.go index 4d5415ac..0292ab9a 100644 --- a/pubsub.go +++ b/pubsub.go @@ -452,7 +452,7 @@ func (p *PubSub) pushMsg(vals []*topicVal, src peer.ID, msg *Message) { } p.markSeen(id) - if len(vals) > 0 { + if len(vals) > 0 || msg.Signature != nil { // validation is asynchronous and globally throttled with the throttleValidate semaphore. // the purpose of the global throttle is to bound the goncurrency possible from incoming // network traffic; each validator also has an individual throttle to preclude @@ -474,6 +474,32 @@ func (p *PubSub) pushMsg(vals []*topicVal, src peer.ID, msg *Message) { // validate performs validation and only sends the message if all validators succeed func (p *PubSub) validate(vals []*topicVal, src peer.ID, msg *Message) { + if msg.Signature != nil { + if !p.validateSignature(msg) { + log.Warningf("message signature validation failed; dropping message from %s", src) + return + } + } + + if len(vals) > 0 { + if !p.validateTopic(vals, msg) { + log.Warningf("message validation failed; dropping message from %s", src) + return + } + } + + // all validators were successful, send the message + p.sendMsg <- &sendReq{ + from: src, + msg: msg, + } +} + +func (p *PubSub) validateSignature(msg *Message) bool { + return true +} + +func (p *PubSub) validateTopic(vals []*topicVal, msg *Message) bool { ctx, cancel := context.WithCancel(p.ctx) defer cancel() @@ -500,23 +526,17 @@ loop: } if throttle { - log.Warningf("message validation throttled; dropping message from %s", src) - return + return false } for i := 0; i < rcount; i++ { valid := <-rch if !valid { - log.Warningf("message validation failed; dropping message from %s", src) - return + return false } } - // all validators were successful, send the message - p.sendMsg <- &sendReq{ - from: src, - msg: msg, - } + return true } func (p *PubSub) publishMessage(from peer.ID, pmsg *pb.Message) { From 7c508b4fba3e383c8c846ca98ec3b303ef659069 Mon Sep 17 00:00:00 2001 From: vyzo Date: Sun, 26 Aug 2018 13:13:12 +0300 Subject: [PATCH 03/16] implement validateSignature --- pubsub.go | 6 ++++++ sign.go | 13 +++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 sign.go diff --git a/pubsub.go b/pubsub.go index 0292ab9a..e44c467b 100644 --- a/pubsub.go +++ b/pubsub.go @@ -496,6 +496,12 @@ func (p *PubSub) validate(vals []*topicVal, src peer.ID, msg *Message) { } func (p *PubSub) validateSignature(msg *Message) bool { + err := verifyMessageSignature(msg.Message) + if err != nil { + log.Debugf("signature verification error: %s", err.Error()) + return false + } + return true } diff --git a/sign.go b/sign.go new file mode 100644 index 00000000..14eb2cc5 --- /dev/null +++ b/sign.go @@ -0,0 +1,13 @@ +package floodsub + +import ( + pb "github.com/libp2p/go-floodsub/pb" +) + +func verifyMessageSignature(m *pb.Message) error { + return nil +} + +func signMessage(m *pb.Message) { + +} From 7c1012c247ece8735b6857ae853f95a67cc0365e Mon Sep 17 00:00:00 2001 From: vyzo Date: Sun, 26 Aug 2018 13:19:05 +0300 Subject: [PATCH 04/16] optimize fast path for single topic validator so that we don't do the goroutine dance for just a single validator, which ought to be the most common case. --- pubsub.go | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/pubsub.go b/pubsub.go index e44c467b..4ec5a3cc 100644 --- a/pubsub.go +++ b/pubsub.go @@ -506,6 +506,10 @@ func (p *PubSub) validateSignature(msg *Message) bool { } func (p *PubSub) validateTopic(vals []*topicVal, msg *Message) bool { + if len(vals) == 1 { + return p.validateSingleTopic(vals[0], msg) + } + ctx, cancel := context.WithCancel(p.ctx) defer cancel() @@ -545,6 +549,24 @@ loop: return true } +// fast path for single topic validation that avoids the extra goroutine +func (p *PubSub) validateSingleTopic(val *topicVal, msg *Message) bool { + select { + case val.validateThrottle <- struct{}{}: + ctx, cancel := context.WithCancel(p.ctx) + defer cancel() + + res := val.validateMsg(ctx, msg) + <-val.validateThrottle + + return res + + default: + log.Debugf("validation throttled for topic %s", val.topic) + return false + } +} + func (p *PubSub) publishMessage(from peer.ID, pmsg *pb.Message) { p.notifySubs(pmsg) p.rt.Publish(from, pmsg) From a6c349b6f091afdfb94220c051c790fdb812aabb Mon Sep 17 00:00:00 2001 From: vyzo Date: Sun, 26 Aug 2018 13:26:44 +0300 Subject: [PATCH 05/16] sign messages when a signing key is present --- package.json | 6 ++++++ pubsub.go | 20 +++++++++++++------- sign.go | 4 +++- 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index 395fd86a..58017424 100644 --- a/package.json +++ b/package.json @@ -65,6 +65,12 @@ "hash": "QmdxUuburamoF6zF9qjeQC4WYcWGbWuRmdLacMEsW8ioD8", "name": "gogo-protobuf", "version": "0.0.0" + }, + { + "author": "whyrusleeping", + "hash": "QmPvyPwuCgJ7pDmrKDxRtsScJgBaM5h4EpRL2qQJsmXf4n", + "name": "go-libp2p-crypto", + "version": "2.0.1" } ], "gxVersion": "0.9.0", diff --git a/pubsub.go b/pubsub.go index 4ec5a3cc..fd89dc92 100644 --- a/pubsub.go +++ b/pubsub.go @@ -11,6 +11,7 @@ import ( pb "github.com/libp2p/go-floodsub/pb" logging "github.com/ipfs/go-log" + crypto "github.com/libp2p/go-libp2p-crypto" host "github.com/libp2p/go-libp2p-host" inet "github.com/libp2p/go-libp2p-net" peer "github.com/libp2p/go-libp2p-peer" @@ -89,6 +90,9 @@ type PubSub struct { peers map[peer.ID]chan *RPC seenMessages *timecache.TimeCache + // key for signing messages; nil when signing is disabled (default for now) + signKey crypto.PrivKey + ctx context.Context } @@ -646,14 +650,16 @@ func (p *PubSub) GetTopics() []string { // Publish publishes data under the given topic func (p *PubSub) Publish(topic string, data []byte) error { seqno := p.nextSeqno() - p.publish <- &Message{ - &pb.Message{ - Data: data, - TopicIDs: []string{topic}, - From: []byte(p.host.ID()), - Seqno: seqno, - }, + m := &pb.Message{ + Data: data, + TopicIDs: []string{topic}, + From: []byte(p.host.ID()), + Seqno: seqno, + } + if p.signKey != nil { + signMessage(p.signKey, m) } + p.publish <- &Message{m} return nil } diff --git a/sign.go b/sign.go index 14eb2cc5..5b55aad1 100644 --- a/sign.go +++ b/sign.go @@ -2,12 +2,14 @@ package floodsub import ( pb "github.com/libp2p/go-floodsub/pb" + + crypto "github.com/libp2p/go-libp2p-crypto" ) func verifyMessageSignature(m *pb.Message) error { return nil } -func signMessage(m *pb.Message) { +func signMessage(key crypto.PrivKey, m *pb.Message) { } From 9d250aef37077a4ae17edcbf04048a182989fe16 Mon Sep 17 00:00:00 2001 From: vyzo Date: Sun, 26 Aug 2018 13:40:11 +0300 Subject: [PATCH 06/16] option to enable message signing --- pubsub.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pubsub.go b/pubsub.go index fd89dc92..c1e5cc49 100644 --- a/pubsub.go +++ b/pubsub.go @@ -190,6 +190,13 @@ func WithValidateThrottle(n int) Option { } } +func WithMessageSigning() Option { + return func(p *PubSub) error { + p.signKey = p.host.Peerstore().PrivKey(p.host.ID()) + return nil + } +} + // processLoop handles all inputs arriving on the channels func (p *PubSub) processLoop(ctx context.Context) { defer func() { From 60a06ce9616ac5ca4bac4c8f4c743d7cf1d592c8 Mon Sep 17 00:00:00 2001 From: vyzo Date: Sun, 26 Aug 2018 13:57:14 +0300 Subject: [PATCH 07/16] implement signMessage and verifyMessageSignature --- pubsub.go | 5 +++- sign.go | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 77 insertions(+), 2 deletions(-) diff --git a/pubsub.go b/pubsub.go index c1e5cc49..cd1291ac 100644 --- a/pubsub.go +++ b/pubsub.go @@ -664,7 +664,10 @@ func (p *PubSub) Publish(topic string, data []byte) error { Seqno: seqno, } if p.signKey != nil { - signMessage(p.signKey, m) + err := signMessage(p.signKey, m) + if err != nil { + return err + } } p.publish <- &Message{m} return nil diff --git a/sign.go b/sign.go index 5b55aad1..8dd9998f 100644 --- a/sign.go +++ b/sign.go @@ -1,15 +1,87 @@ package floodsub import ( + "fmt" + pb "github.com/libp2p/go-floodsub/pb" crypto "github.com/libp2p/go-libp2p-crypto" + peer "github.com/libp2p/go-libp2p-peer" ) func verifyMessageSignature(m *pb.Message) error { + var pubk crypto.PubKey + + pid, err := peer.IDFromBytes(m.From) + if err != nil { + return err + } + + if m.Key == nil { + // no attached key, it must be extractable from the source ID + pubk, err = pid.ExtractPublicKey() + if err != nil { + return err + } + } else { + pubk, err = crypto.UnmarshalPublicKey(m.Key) + if err != nil { + return err + } + + // verify that the source ID matches the attached key + xpid, err := peer.IDFromPublicKey(pubk) + if err != nil { + return err + } + + if pid != xpid { + return fmt.Errorf("bad signing key; source ID/key mismatch: %s %s", pid, xpid) + } + } + + xm := pb.Message{ + Data: m.Data, + TopicIDs: m.TopicIDs, + From: m.From, + Seqno: m.Seqno, + } + bytes, err := xm.Marshal() + if err != nil { + return err + } + + valid, err := pubk.Verify(bytes, m.Signature) + if err != nil { + return err + } + + if !valid { + return fmt.Errorf("invalid signature") + } + return nil } -func signMessage(key crypto.PrivKey, m *pb.Message) { +func signMessage(key crypto.PrivKey, m *pb.Message) error { + bytes, err := m.Marshal() + if err != nil { + return err + } + sig, err := key.Sign(bytes) + if err != nil { + return err + } + + m.Signature = sig + switch key.Type() { + case crypto.RSA: + pubk, err := key.GetPublic().Bytes() + if err != nil { + return err + } + m.Key = pubk + } + return nil } From 1ef82b2ceede665a670c0aaa5b7c06b35c65bf2a Mon Sep 17 00:00:00 2001 From: vyzo Date: Mon, 27 Aug 2018 10:53:52 +0300 Subject: [PATCH 08/16] test message signing --- sign_test.go | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 sign_test.go diff --git a/sign_test.go b/sign_test.go new file mode 100644 index 00000000..507a6c1e --- /dev/null +++ b/sign_test.go @@ -0,0 +1,42 @@ +package floodsub + +import ( + "testing" + + pb "github.com/libp2p/go-floodsub/pb" + + crypto "github.com/libp2p/go-libp2p-crypto" + peer "github.com/libp2p/go-libp2p-peer" +) + +func TestSigning(t *testing.T) { + privk, _, err := crypto.GenerateKeyPair(crypto.RSA, 2048) + if err != nil { + t.Fatal(err) + } + testSignVerify(t, privk) + + privk, _, err = crypto.GenerateKeyPair(crypto.Ed25519, 0) + if err != nil { + t.Fatal(err) + } + testSignVerify(t, privk) +} + +func testSignVerify(t *testing.T, privk crypto.PrivKey) { + id, err := peer.IDFromPublicKey(privk.GetPublic()) + if err != nil { + t.Fatal(err) + } + m := pb.Message{ + Data: []byte("abc"), + TopicIDs: []string{"foo"}, + From: []byte(id), + Seqno: []byte("123"), + } + signMessage(privk, &m) + err = verifyMessageSignature(&m) + if err != nil { + t.Fatal(err) + } +} From cd32e1772e177f2c2ccc104362db9eca2079ea78 Mon Sep 17 00:00:00 2001 From: vyzo Date: Mon, 27 Aug 2018 10:57:05 +0300 Subject: [PATCH 09/16] use MatchesPublicKey, don't rewrite it. --- sign.go | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/sign.go b/sign.go index 8dd9998f..d12bce5a 100644 --- a/sign.go +++ b/sign.go @@ -30,13 +30,8 @@ func verifyMessageSignature(m *pb.Message) error { } // verify that the source ID matches the attached key - xpid, err := peer.IDFromPublicKey(pubk) - if err != nil { - return err - } - - if pid != xpid { - return fmt.Errorf("bad signing key; source ID/key mismatch: %s %s", pid, xpid) + if !pid.MatchesPublicKey(pubk) { + return fmt.Errorf("bad signing key; source ID %s doesn't match key", pid) } } From 4addc898c14d6edd22cf168e1284114a7066b6a3 Mon Sep 17 00:00:00 2001 From: vyzo Date: Mon, 27 Aug 2018 11:11:41 +0300 Subject: [PATCH 10/16] test floodsub with message signing --- floodsub_test.go | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/floodsub_test.go b/floodsub_test.go index b0196ca0..9af2cac9 100644 --- a/floodsub_test.go +++ b/floodsub_test.go @@ -899,3 +899,39 @@ func assertPeerList(t *testing.T, peers []peer.ID, expected ...peer.ID) { } } } + +func TestWithSigning(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + hosts := getNetHosts(t, ctx, 2) + psubs := getPubsubs(ctx, hosts, WithMessageSigning()) + + connect(t, hosts[0], hosts[1]) + + topic := "foobar" + data := []byte("this is a message") + + sub, err := psubs[1].Subscribe(topic) + if err != nil { + t.Fatal(err) + } + + time.Sleep(time.Millisecond * 10) + + err = psubs[0].Publish(topic, data) + if err != nil { + t.Fatal(err) + } + + msg, err := sub.Next(ctx) + if err != nil { + t.Fatal(err) + } + if msg.Signature == nil { + t.Fatal("no signature in message") + } + if string(msg.Data) != string(data) { + t.Fatalf("unexpected data: %s", string(msg.Data)) + } +} From 777c68fe0e456559fda253b9b7ed7735babee241 Mon Sep 17 00:00:00 2001 From: vyzo Date: Tue, 28 Aug 2018 11:14:14 +0300 Subject: [PATCH 11/16] reify key extraction logic, with more context in error messages --- sign.go | 51 ++++++++++++++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/sign.go b/sign.go index d12bce5a..a234d499 100644 --- a/sign.go +++ b/sign.go @@ -10,31 +10,11 @@ import ( ) func verifyMessageSignature(m *pb.Message) error { - var pubk crypto.PubKey - - pid, err := peer.IDFromBytes(m.From) + pubk, err := messagePubKey(m) if err != nil { return err } - if m.Key == nil { - // no attached key, it must be extractable from the source ID - pubk, err = pid.ExtractPublicKey() - if err != nil { - return err - } - } else { - pubk, err = crypto.UnmarshalPublicKey(m.Key) - if err != nil { - return err - } - - // verify that the source ID matches the attached key - if !pid.MatchesPublicKey(pubk) { - return fmt.Errorf("bad signing key; source ID %s doesn't match key", pid) - } - } - xm := pb.Message{ Data: m.Data, TopicIDs: m.TopicIDs, @@ -58,6 +38,35 @@ func verifyMessageSignature(m *pb.Message) error { return nil } +func messagePubKey(m *pb.Message) (crypto.PubKey, error) { + var pubk crypto.PubKey + + pid, err := peer.IDFromBytes(m.From) + if err != nil { + return nil, err + } + + if m.Key == nil { + // no attached key, it must be extractable from the source ID + pubk, err = pid.ExtractPublicKey() + if err != nil { + return nil, fmt.Errorf("cannot extract signing key: %s", err.Error()) + } + } else { + pubk, err = crypto.UnmarshalPublicKey(m.Key) + if err != nil { + return nil, fmt.Errorf("cannot unmarshal signing key: %s", err.Error()) + } + + // verify that the source ID matches the attached key + if !pid.MatchesPublicKey(pubk) { + return nil, fmt.Errorf("bad signing key; source ID %s doesn't match key", pid) + } + } + + return pubk, nil +} + func signMessage(key crypto.PrivKey, m *pb.Message) error { bytes, err := m.Marshal() if err != nil { From 9fa8f64fd33d5562adece90a06aeb4341663fc1b Mon Sep 17 00:00:00 2001 From: vyzo Date: Tue, 28 Aug 2018 11:43:29 +0300 Subject: [PATCH 12/16] prefix signed data with libp2p-pubsub: --- sign.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/sign.go b/sign.go index a234d499..1bd04ab8 100644 --- a/sign.go +++ b/sign.go @@ -9,6 +9,8 @@ import ( peer "github.com/libp2p/go-libp2p-peer" ) +const SignPrefix = "libp2p-pubsub:" + func verifyMessageSignature(m *pb.Message) error { pubk, err := messagePubKey(m) if err != nil { @@ -26,6 +28,8 @@ func verifyMessageSignature(m *pb.Message) error { return err } + bytes = withSignPrefix(bytes) + valid, err := pubk.Verify(bytes, m.Signature) if err != nil { return err @@ -73,6 +77,8 @@ func signMessage(key crypto.PrivKey, m *pb.Message) error { return err } + bytes = withSignPrefix(bytes) + sig, err := key.Sign(bytes) if err != nil { return err @@ -89,3 +95,7 @@ func signMessage(key crypto.PrivKey, m *pb.Message) error { } return nil } + +func withSignPrefix(bytes []byte) []byte { + return append([]byte(SignPrefix), bytes...) +} From 3788f504a57873b7c6119d258dee2f1b02798e0c Mon Sep 17 00:00:00 2001 From: vyzo Date: Wed, 29 Aug 2018 17:19:34 +0300 Subject: [PATCH 13/16] strict mode for message signing --- floodsub_test.go | 2 +- pubsub.go | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/floodsub_test.go b/floodsub_test.go index 9af2cac9..e6713723 100644 --- a/floodsub_test.go +++ b/floodsub_test.go @@ -905,7 +905,7 @@ func TestWithSigning(t *testing.T) { defer cancel() hosts := getNetHosts(t, ctx, 2) - psubs := getPubsubs(ctx, hosts, WithMessageSigning()) + psubs := getPubsubs(ctx, hosts, WithMessageSigning(true)) connect(t, hosts[0], hosts[1]) diff --git a/pubsub.go b/pubsub.go index cd1291ac..091bbc2e 100644 --- a/pubsub.go +++ b/pubsub.go @@ -92,6 +92,8 @@ type PubSub struct { // key for signing messages; nil when signing is disabled (default for now) signKey crypto.PrivKey + // strict mode rejects all unsigned messages prior to validation + signStrict bool ctx context.Context } @@ -190,9 +192,10 @@ func WithValidateThrottle(n int) Option { } } -func WithMessageSigning() Option { +func WithMessageSigning(strict bool) Option { return func(p *PubSub) error { p.signKey = p.host.Peerstore().PrivKey(p.host.ID()) + p.signStrict = strict return nil } } @@ -457,6 +460,12 @@ func msgID(pmsg *pb.Message) string { // pushMsg pushes a message performing validation as necessary func (p *PubSub) pushMsg(vals []*topicVal, src peer.ID, msg *Message) { + // reject unsigned messages when strict before we even process the id + if p.signStrict && msg.Signature == nil { + log.Debugf("dropping unsigned message from %s", src) + return + } + id := msgID(msg.Message) if p.seenMessage(id) { return From b353ddca06e89cd50ab9f4f14c1d1e9349c7afd6 Mon Sep 17 00:00:00 2001 From: vyzo Date: Wed, 5 Sep 2018 20:48:44 +0300 Subject: [PATCH 14/16] more idiomatic message copying for signature purposes --- sign.go | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/sign.go b/sign.go index 1bd04ab8..7d261d94 100644 --- a/sign.go +++ b/sign.go @@ -17,12 +17,9 @@ func verifyMessageSignature(m *pb.Message) error { return err } - xm := pb.Message{ - Data: m.Data, - TopicIDs: m.TopicIDs, - From: m.From, - Seqno: m.Seqno, - } + xm := *m + xm.Signature = nil + xm.Key = nil bytes, err := xm.Marshal() if err != nil { return err From bd151835435f59014f254461aa26d05872071d77 Mon Sep 17 00:00:00 2001 From: vyzo Date: Thu, 6 Sep 2018 10:31:01 +0300 Subject: [PATCH 15/16] use the ID corresponding to signKey for published messages --- pubsub.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pubsub.go b/pubsub.go index 091bbc2e..4c0ed55c 100644 --- a/pubsub.go +++ b/pubsub.go @@ -92,6 +92,8 @@ type PubSub struct { // key for signing messages; nil when signing is disabled (default for now) signKey crypto.PrivKey + // source ID for signed messages; corresponds to signKey + signID peer.ID // strict mode rejects all unsigned messages prior to validation signStrict bool @@ -194,7 +196,8 @@ func WithValidateThrottle(n int) Option { func WithMessageSigning(strict bool) Option { return func(p *PubSub) error { - p.signKey = p.host.Peerstore().PrivKey(p.host.ID()) + p.signID = p.host.ID() + p.signKey = p.host.Peerstore().PrivKey(p.signID) p.signStrict = strict return nil } @@ -673,6 +676,7 @@ func (p *PubSub) Publish(topic string, data []byte) error { Seqno: seqno, } if p.signKey != nil { + m.From = []byte(p.signID) err := signMessage(p.signKey, m) if err != nil { return err From 4dc796359e228bdb640abd190eee8df5adfd42bb Mon Sep 17 00:00:00 2001 From: vyzo Date: Sun, 14 Oct 2018 02:16:41 +0300 Subject: [PATCH 16/16] try to extract the key in order to decide whether to attach the key --- pubsub.go | 2 +- sign.go | 8 +++++--- sign_test.go | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/pubsub.go b/pubsub.go index 4c0ed55c..0300cab2 100644 --- a/pubsub.go +++ b/pubsub.go @@ -677,7 +677,7 @@ func (p *PubSub) Publish(topic string, data []byte) error { } if p.signKey != nil { m.From = []byte(p.signID) - err := signMessage(p.signKey, m) + err := signMessage(p.signID, p.signKey, m) if err != nil { return err } diff --git a/sign.go b/sign.go index 7d261d94..bd01c33f 100644 --- a/sign.go +++ b/sign.go @@ -68,7 +68,7 @@ func messagePubKey(m *pb.Message) (crypto.PubKey, error) { return pubk, nil } -func signMessage(key crypto.PrivKey, m *pb.Message) error { +func signMessage(pid peer.ID, key crypto.PrivKey, m *pb.Message) error { bytes, err := m.Marshal() if err != nil { return err @@ -82,14 +82,16 @@ func signMessage(key crypto.PrivKey, m *pb.Message) error { } m.Signature = sig - switch key.Type() { - case crypto.RSA: + + pk, _ := pid.ExtractPublicKey() + if pk == nil { pubk, err := key.GetPublic().Bytes() if err != nil { return err } m.Key = pubk } + return nil } diff --git a/sign_test.go b/sign_test.go index 507a6c1e..d12cdcaa 100644 --- a/sign_test.go +++ b/sign_test.go @@ -34,7 +34,7 @@ func testSignVerify(t *testing.T, privk crypto.PrivKey) { From: []byte(id), Seqno: []byte("123"), } - signMessage(privk, &m) + signMessage(id, privk, &m) err = verifyMessageSignature(&m) if err != nil { t.Fatal(err)