pezkuwichain/pezkuwi-subxt
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-subxt.git synced 2026-04-27 02:17:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Authentication of PeerIds in authority discovery records (#10317)

Browse Source 
* Consolidating test and production code

* Signing/verifying authority discovery records with PeerId

Unsigned records cannot be rejected yet, they just produce
a warning in the log.

* Upgrading to libp2p 0.40

* libp2p::identity and sp_core::crypto Ed25519 are compatible

* Rejecting authority records unsigned by peer id can be configured

* Fixes based on review comments

* No command-line argument needed

* info was still too much spam in the logs

* Added tests for both strict and loose validation

* Fixing based on review comments

* Pierre preferred a signing method

* Ooops, I need to slow down

* Update bin/node/cli/src/service.rs

* Reexport libp2p crypto used in sc-network

* Added proto3 compatibility tests. And import noise.

Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
This commit is contained in:
wigy
2021-12-05 20:17:14 +01:00
committed by GitHub
parent 4775f11edc
commit 5fd7fdcfcd
14 changed files with 637 additions and 200 deletions
Download Patch File Download Diff File Expand all files Collapse all files
substrate/client/network/src/service/signature.rs
+50
View File
@@ -0,0 +1,50 @@
// This file is part of Substrate.
//
// Copyright (C) 2017-2021 Parity Technologies (UK) Ltd.
// SPDX-License-Identifier: GPL-3.0-or-later WITH Classpath-exception-2.0
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
//
// If you read this, you are very thorough, congratulations.
use super::*;
/// A result of signing a message with a network identity. Since `PeerId` is potentially a hash of a
/// `PublicKey`, you need to reveal the `PublicKey` next to the signature, so the verifier can check
/// if the signature was made by the entity that controls a given `PeerId`.
pub struct Signature {
/// The public key derived from the network identity that signed the message.
pub public_key: PublicKey,
/// The actual signature made for the message signed.
pub bytes: Vec<u8>,
}
impl Signature {
/// Create a signature for a message with a given network identity.
pub fn sign_message(
message: impl AsRef<[u8]>,
keypair: &Keypair,
) -> Result<Self, SigningError> {
let public_key = keypair.public();
let bytes = keypair.sign(message.as_ref())?;
Ok(Self { public_key, bytes })
}
/// Verify whether the signature was made for the given message by the entity that controls the
/// given `PeerId`.
pub fn verify(&self, message: impl AsRef<[u8]>, peer_id: &PeerId) -> bool {
*peer_id == self.public_key.to_peer_id() &&
self.public_key.verify(message.as_ref(), &self.bytes)
}
}