Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement message signing #97

Merged
merged 16 commits into from
Oct 13, 2018
Merged

Implement message signing #97

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
d2f7a66
add signature and key fields to Message
vyzo Aug 25, 2018
64aab34
scaffolding for signature validation
vyzo Aug 25, 2018
7c508b4
implement validateSignature
vyzo Aug 26, 2018
7c1012c
optimize fast path for single topic validator
vyzo Aug 26, 2018
a6c349b
sign messages when a signing key is present
vyzo Aug 26, 2018
9d250ae
option to enable message signing
vyzo Aug 26, 2018
60a06ce
implement signMessage and verifyMessageSignature
vyzo Aug 26, 2018
1ef82b2
test message signing
vyzo Aug 27, 2018
cd32e17
use MatchesPublicKey, don't rewrite it.
vyzo Aug 27, 2018
4addc89
test floodsub with message signing
vyzo Aug 27, 2018
777c68f
reify key extraction logic, with more context in error messages
vyzo Aug 28, 2018
9fa8f64
prefix signed data with libp2p-pubsub:
vyzo Aug 28, 2018
3788f50
strict mode for message signing
vyzo Aug 29, 2018
b353ddc
more idiomatic message copying for signature purposes
vyzo Sep 5, 2018
bd15183
use the ID corresponding to signKey for published messages
vyzo Sep 6, 2018
4dc7963
try to extract the key in order to decide whether to attach the key
vyzo Oct 13, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions floodsub_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -899,3 +899,39 @@ func assertPeerList(t *testing.T, peers []peer.ID, expected ...peer.ID) {
}
}
}

func TestWithSigning(t *testing.T) {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()

hosts := getNetHosts(t, ctx, 2)
psubs := getPubsubs(ctx, hosts, WithMessageSigning(true))

connect(t, hosts[0], hosts[1])

topic := "foobar"
data := []byte("this is a message")

sub, err := psubs[1].Subscribe(topic)
if err != nil {
t.Fatal(err)
}

time.Sleep(time.Millisecond * 10)

err = psubs[0].Publish(topic, data)
if err != nil {
t.Fatal(err)
}

msg, err := sub.Next(ctx)
if err != nil {
t.Fatal(err)
}
if msg.Signature == nil {
t.Fatal("no signature in message")
}
if string(msg.Data) != string(data) {
t.Fatalf("unexpected data: %s", string(msg.Data))
}
}
6 changes: 6 additions & 0 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,12 @@
"hash": "QmdxUuburamoF6zF9qjeQC4WYcWGbWuRmdLacMEsW8ioD8",
"name": "gogo-protobuf",
"version": "0.0.0"
},
{
"author": "whyrusleeping",
"hash": "QmPvyPwuCgJ7pDmrKDxRtsScJgBaM5h4EpRL2qQJsmXf4n",
"name": "go-libp2p-crypto",
"version": "2.0.1"
}
],
"gxVersion": "0.9.0",
Expand Down
207 changes: 153 additions & 54 deletions pb/rpc.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions pb/rpc.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ message Message {
optional bytes data = 2;
optional bytes seqno = 3;
repeated string topicIDs = 4;
optional bytes signature = 5;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in light of my other comment, how about we make key come before signature, and space them out a bit (instead of 5 and 6, use 50 and 51) so future additions to the protocol don't have to come after it.

cc @Stebalien @warpfork to tell me "no, you cant just slice protobufs like that"

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the key is not included in the signature, so it can stay where it is.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure I can say "you can't" but I probably "wouldn't" if I could help it. I'd be a lot more comfortable if an envelope type {content, sig} was added.

I feel like holistically, even across wildly different formats, people tend to rue the day they made in-band signatures. For (distant, but again, holistically comparable) example, android putting sigs on apks inside the filesystem has been no end of comedic problems over the years.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I guess one way to do this would be to have in the top level protobuf both the existing regular unsigned messages, and a new field for signed messages.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that also kind of disrupts the chronology of the development of the protobuf. i think we'd probably be best off keeping it as is

optional bytes key = 6;
}

message ControlMessage {
Expand Down
Loading