File size: 1,244 Bytes
af26c53 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | import time
import base64
import hashlib
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import ed25519
from cryptography.exceptions import InvalidSignature
def derive_node_id(pub_pem: str) -> str:
"""Derive deterministic Node ID from Public Key PEM."""
sha = hashlib.sha256(pub_pem.encode('utf-8')).hexdigest()
return f"node_{sha[:12]}"
def verify_signature(pub_pem: str, payload_str: str, timestamp: str, signature_b64: str) -> bool:
"""Verify Ed25519 signature to prevent identity spoofing."""
try:
# Replay protection: Reject if timestamp is more than 5 minutes old
if abs(time.time() - float(timestamp)) > 300:
return False
public_key = serialization.load_pem_public_key(pub_pem.encode('utf-8'))
if not isinstance(public_key, ed25519.Ed25519PublicKey):
return False
signature = base64.b64decode(signature_b64)
message = f"{payload_str}{timestamp}".encode('utf-8')
public_key.verify(signature, message)
return True
except (InvalidSignature, ValueError, Exception) as e:
print(f"[Auth Error] {e}")
return False
|