varun-r-mallya/py-libp2p
1
0
Fork 0
mirror of https://github.com/varun-r-mallya/py-libp2p.git synced 2026-02-12 16:10:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Apply PR feedback:

Browse Source 
check if signing key and ID match
This commit is contained in:
NIC619
2019-11-29 14:12:42 +08:00
parent 064c109b64
commit a262b94836
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libp2p/pubsub/pubsub.py
View File

@ -539,6 +539,12 @@ class Pubsub:
if msg.signature == b"": if msg.signature == b"":
logger.debug("Reject because no signature attached for msg: %s", msg) logger.debug("Reject because no signature attached for msg: %s", msg)
return return
# Validate if message sender matches message signer,
# i.e., check if `msg.key` matches `msg.from_id`
msg_pubkey = deserialize_public_key(msg.key)
if ID.from_pubkey(msg_pubkey) != msg.from_id:
logger.debug("Reject because signing key does not match sender ID for msg: %s", msg)
return
# Validate the signature of the message # Validate the signature of the message
# First, construct the original payload that's signed by 'msg.key' # First, construct the original payload that's signed by 'msg.key'
msg_without_key_sig = rpc_pb2.Message( msg_without_key_sig = rpc_pb2.Message(
@ -551,7 +557,7 @@ class Pubsub:
PUBSUB_SIGNING_PREFIX.encode() + msg_without_key_sig.SerializeToString() PUBSUB_SIGNING_PREFIX.encode() + msg_without_key_sig.SerializeToString()
) )
if not signature_validator( if not signature_validator(
deserialize_public_key(msg.key), payload, msg.signature msg_pubkey, payload, msg.signature
): ):
logger.debug("Signature validation failed for msg: %s", msg) logger.debug("Signature validation failed for msg: %s", msg)
return return