koi-net 1.0.0b19__py3-none-any.whl → 1.1.0b1__py3-none-any.whl

koi_net/protocol/errors.py

@@ -0,0 +1,23 @@
+from enum import StrEnum
+
+
+class ErrorTypes(StrEnum):
+    UnknownNode = "unknown_node"
+    InvalidKey = "invalid_key"
+    InvalidSignature = "invalid_signature"
+    InvalidTarget = "invalid_target"
+
+class ProtocolError(Exception):
+    error_type: ErrorTypes
+    
+class UnknownNodeError(ProtocolError):
+    error_type = ErrorTypes.UnknownNode
+    
+class InvalidKeyError(ProtocolError):
+    error_type = ErrorTypes.InvalidKey
+    
+class InvalidSignatureError(ProtocolError):
+    error_type = ErrorTypes.InvalidSignature
+
+class InvalidTargetError(ProtocolError):
+    error_type = ErrorTypes.InvalidTarget

koi_net/protocol/node.py

@@ -14,4 +14,5 @@ class NodeProvides(BaseModel):
 class NodeProfile(BaseModel):
     base_url: str | None = None
     node_type: NodeType
-    provides: NodeProvides = NodeProvides()
+    provides: NodeProvides = NodeProvides()
+    public_key: str | None = None

koi_net/protocol/secure.py

@@ -0,0 +1,106 @@
+import logging
+from base64 import urlsafe_b64decode, urlsafe_b64encode
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.asymmetric import ec
+from cryptography.hazmat.primitives import serialization
+from rid_lib.ext.utils import sha256_hash
+
+logger = logging.getLogger(__name__)
+
+
+class PrivateKey:
+    priv_key: ec.EllipticCurvePrivateKey
+    
+    def __init__(self, priv_key):
+        self.priv_key = priv_key
+        
+    @classmethod
+    def generate(cls):
+        return cls(priv_key=ec.generate_private_key(ec.SECP192R1()))
+
+    def public_key(self) -> "PublicKey":
+        return PublicKey(self.priv_key.public_key())
+    
+    @classmethod
+    def from_pem(cls, priv_key_pem: str, password: str):
+        return cls(
+            priv_key=serialization.load_pem_private_key(
+                data=priv_key_pem.encode(),
+                password=password.encode()
+            )
+        )
+
+    def to_pem(self, password: str) -> str:
+        return self.priv_key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.PKCS8,
+            encryption_algorithm=serialization.BestAvailableEncryption(password.encode())
+        ).decode()
+        
+    def sign(self, message: bytes) -> str:
+        hashed_message = sha256_hash(message.decode())
+        
+        signature = urlsafe_b64encode(
+            self.priv_key.sign(
+                data=message,
+                signature_algorithm=ec.ECDSA(hashes.SHA256())
+            )
+        ).decode()
+        
+        logger.debug(f"Signing message with [{self.public_key().to_der()}]")
+        logger.debug(f"hash: {hashed_message}")
+        logger.debug(f"signature: {signature}")
+        
+        return signature
+                
+
+class PublicKey:
+    pub_key: ec.EllipticCurvePublicKey
+    
+    def __init__(self, pub_key):
+        self.pub_key = pub_key
+    
+    @classmethod
+    def from_pem(cls, pub_key_pem: str):
+        return cls(
+            pub_key=serialization.load_pem_public_key(
+                data=pub_key_pem.encode()
+            )
+        )
+        
+    def to_pem(self) -> str:
+        return self.pub_key.public_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PublicFormat.SubjectPublicKeyInfo
+        ).decode()
+        
+    @classmethod
+    def from_der(cls, pub_key_der: str):        
+        return cls(
+            pub_key=serialization.load_der_public_key(
+                data=urlsafe_b64decode(pub_key_der)
+            )
+        )
+    
+    def to_der(self) -> str:
+        return urlsafe_b64encode(
+            self.pub_key.public_bytes(
+                encoding=serialization.Encoding.DER,
+                format=serialization.PublicFormat.SubjectPublicKeyInfo
+            )
+        ).decode()
+        
+    def verify(self, signature: str, message: bytes) -> bool:
+        hashed_message = sha256_hash(message.decode())
+
+        logger.debug(f"Verifying message with [{self.to_der()}]")
+        logger.debug(f"hash: {hashed_message}")
+        logger.debug(f"signature: {signature}")
+        
+        # NOTE: throws cryptography.exceptions.InvalidSignature on failure
+        
+        self.pub_key.verify(
+            signature=urlsafe_b64decode(signature),
+            data=message,
+            signature_algorithm=ec.ECDSA(hashes.SHA256())
+        )

koi_net/secure.py

@@ -0,0 +1,117 @@
+import logging
+from functools import wraps
+
+import cryptography.exceptions
+from rid_lib.ext import Bundle
+from rid_lib.ext.utils import sha256_hash
+from .identity import NodeIdentity
+from .protocol.envelope import UnsignedEnvelope, SignedEnvelope
+from .protocol.secure import PublicKey
+from .protocol.api_models import EventsPayload
+from .protocol.event import EventType
+from .protocol.node import NodeProfile
+from .protocol.secure import PrivateKey
+from .protocol.errors import (
+    UnknownNodeError,
+    InvalidKeyError,
+    InvalidSignatureError,
+    InvalidTargetError
+)
+from .effector import Effector
+from .config import NodeConfig
+
+logger = logging.getLogger(__name__)
+
+
+class Secure:
+    identity: NodeIdentity
+    effector: Effector
+    config: NodeConfig
+    priv_key: PrivateKey
+    
+    def __init__(
+        self, 
+        identity: NodeIdentity, 
+        effector: Effector,
+        config: NodeConfig
+    ):
+        self.identity = identity
+        self.effector = effector
+        self.config = config
+
+        self.priv_key = self._load_priv_key()
+        
+    def _load_priv_key(self) -> PrivateKey:
+        with open(self.config.koi_net.private_key_pem_path, "r") as f:
+            priv_key_pem = f.read()
+        
+        return PrivateKey.from_pem(
+            priv_key_pem=priv_key_pem,
+            password=self.config.env.priv_key_password
+        )
+        
+    def _handle_unknown_node(self, envelope: SignedEnvelope) -> Bundle | None:
+        if type(envelope.payload) != EventsPayload:
+            return None
+            
+        for event in envelope.payload.events:
+            # must be NEW event for bundle of source node's profile
+            if event.rid != envelope.source_node:
+                continue
+            if event.event_type != EventType.NEW:
+                continue            
+            
+            return event.bundle
+        return None
+        
+    def create_envelope(self, payload, target) -> SignedEnvelope:
+        return UnsignedEnvelope(
+            payload=payload,
+            source_node=self.identity.rid,
+            target_node=target
+        ).sign_with(self.priv_key)
+        
+    def validate_envelope(self, envelope: SignedEnvelope):
+        node_bundle = (
+            self.effector.deref(envelope.source_node) or
+            self._handle_unknown_node(envelope)
+        )
+        
+        if not node_bundle:
+            raise UnknownNodeError(f"Couldn't resolve {envelope.source_node}")
+        
+        node_profile = node_bundle.validate_contents(NodeProfile)
+        
+        # check that public key matches source node RID
+        if envelope.source_node.hash != sha256_hash(node_profile.public_key):
+            raise InvalidKeyError("Invalid public key on new node!")
+        
+        # check envelope signed by validated public key
+        pub_key = PublicKey.from_der(node_profile.public_key)
+        try:
+            envelope.verify_with(pub_key)
+        except cryptography.exceptions.InvalidSignature as err:
+            raise InvalidSignatureError(f"Signature {envelope.signature} is invalid.")
+        
+        # check that this node is the target of the envelope
+        if envelope.target_node != self.identity.rid:
+            raise InvalidTargetError(f"Envelope target {envelope.target_node!r} is not me")
+        
+    def envelope_handler(self, func):
+        @wraps(func)
+        async def wrapper(req: SignedEnvelope, *args, **kwargs) -> SignedEnvelope | None:
+            logger.info("Validating envelope")
+            
+            self.validate_envelope(req)            
+            logger.info("Calling endpoint handler")
+            
+            result = await func(req, *args, **kwargs)            
+            
+            if result is not None:
+                logger.info("Creating response envelope")
+                return self.create_envelope(
+                    payload=result,
+                    target=req.source_node
+                )
+        return wrapper
+

{koi_net-1.0.0b19.dist-info → koi_net-1.1.0b1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: koi-net
-Version: 1.0.0b19
+Version: 1.1.0b1
 Summary: Implementation of KOI-net protocol in Python
 Project-URL: Homepage, https://github.com/BlockScience/koi-net/
 Author-email: Luke Miller <luke@block.science>
@@ -27,11 +27,12 @@ License: MIT License
         SOFTWARE.
 License-File: LICENSE
 Requires-Python: >=3.10
+Requires-Dist: cryptography>=45.0.3
 Requires-Dist: httpx>=0.28.1
 Requires-Dist: networkx>=3.4.2
 Requires-Dist: pydantic>=2.10.6
 Requires-Dist: python-dotenv>=1.1.0
-Requires-Dist: rid-lib>=3.2.3
+Requires-Dist: rid-lib>=3.2.7
 Requires-Dist: ruamel-yaml>=0.18.10
 Provides-Extra: dev
 Requires-Dist: build; extra == 'dev'

koi_net-1.1.0b1.dist-info/RECORD

@@ -0,0 +1,35 @@
+koi_net/__init__.py,sha256=b0Ze0pZmJAuygpWUFHM6Kvqo3DkU_uzmkptv1EpAArw,31
+koi_net/config.py,sha256=Zu6iVPQ1yar9OMZQp-Ez0eYRIoCeDq69eTQyYplQqQc,4057
+koi_net/context.py,sha256=JmbpCzusXFq_NCXiUp5Z56N6vpBdYMUK8eOs7ogO68A,1428
+koi_net/core.py,sha256=QIYRlvi5BFxaQKYrbI8CGs2yZxf-U6PeJlYBaG6HsLQ,6474
+koi_net/default_actions.py,sha256=TkQR9oj9CpO37Gb5bZLmFNl-Q8n3OxGiX4dvxQR7SaA,421
+koi_net/effector.py,sha256=gSyZgRxQ91X04UL261e2pXWUfBHnQTGtjSHpc2JufxA,4097
+koi_net/identity.py,sha256=FvIWksGTqwM7HCevIwmo_6l-t-2tnYkaaR4CanZatL4,569
+koi_net/secure.py,sha256=cGNF2assqCaYq0i0fhQBm7aREoAdpY-XVypDsE1ALaU,3970
+koi_net/network/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+koi_net/network/behavior.py,sha256=NZLvWlrxR0uWriE3ZzCXmocUVccQthy7Xx8E_8KBwsg,1208
+koi_net/network/error_handler.py,sha256=CrmCpBY2oj4nl7uXrIYusUHDKxPZ1HDuQAtiBSZarRI,1623
+koi_net/network/event_queue.py,sha256=QV1dLOe-H85fNJVkc-e0ZRsUpHTkFcMLMbp3WU5gRNg,7225
+koi_net/network/graph.py,sha256=NLstBsPa9By0luxcTjThnqVd3hxfQdFwn8tWgJ6u4l4,4144
+koi_net/network/request_handler.py,sha256=77SHLO92gVHTusUXWo89KgjRnxU9vLG_Qi8HxTFtFBg,6376
+koi_net/network/resolver.py,sha256=coIp4M6k0-8sUfAy4h2NMx_7zCNroWlCHKOj3AXZVhc,5412
+koi_net/network/response_handler.py,sha256=tEfzSZWXKCRwUlXhM8Qp3Y6BKTQ4abfi-MrSaatlITI,1980
+koi_net/processor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+koi_net/processor/default_handlers.py,sha256=SX1eP740W9LeG-IEoBOmsNrKJfOEDDuEQUSwnJEG_8w,8954
+koi_net/processor/handler.py,sha256=_loaHjgVGVUxtCQdvAY9dQ0iqiq5co7wB2tK-usuv3Y,2355
+koi_net/processor/interface.py,sha256=ebDwqggznFRfp2PT8-UJPUAvCwX8nZaaQ68FUeWQvmw,3682
+koi_net/processor/knowledge_object.py,sha256=avQnsaeqqiJxy40P1VGljuQMtAGmJB-TBa4pmBXTaIs,3863
+koi_net/processor/knowledge_pipeline.py,sha256=i7FpCFl0UIOwCI5zhP1i8M4PX4A48VN28iV9jruvN5k,9486
+koi_net/protocol/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+koi_net/protocol/api_models.py,sha256=bHhbLeq8I7nVBuW-AXgKfb1O58_mLogHRG8A_LZt2IE,1188
+koi_net/protocol/consts.py,sha256=bisbVEojPIHlLhkLafBzfIhH25TjNfvTORF1g6YXzIM,243
+koi_net/protocol/edge.py,sha256=dQKtI0_eX2E6tD7kMExv6DeJMkqNo2cY-LxJMJbiK0E,963
+koi_net/protocol/envelope.py,sha256=W-K3rjwqwAL9wCXb2_gpAUwnc2xOVdZ1UWMoDlLrqJY,1690
+koi_net/protocol/errors.py,sha256=A83QiYe_fJdxW2lsNsLCujWxDr5sk1UmYYd3TGbSNJA,601
+koi_net/protocol/event.py,sha256=eGgihEj1gliLoQRk8pVB2q_was0AGo-PbT3Hqnpn3oU,1379
+koi_net/protocol/node.py,sha256=7GQzHORFr9cP4BqJgir6EGSWCskL-yqmvJksIiLfcWU,409
+koi_net/protocol/secure.py,sha256=Reem9Z4le4uWXM9uczNOdmgVBg8p4YQav-7_c3pZ1CQ,3366
+koi_net-1.1.0b1.dist-info/METADATA,sha256=pHwaqM6wXoQpOUINUBlLlmCnSv3nEHF-EbL5x42jf3s,37142
+koi_net-1.1.0b1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+koi_net-1.1.0b1.dist-info/licenses/LICENSE,sha256=03mgCL5qth2aD9C3F3qNVs4sFJSpK9kjtYCyOwdSp7s,1069
+koi_net-1.1.0b1.dist-info/RECORD,,

koi_net/protocol/helpers.py

@@ -1,25 +0,0 @@
-from rid_lib.core import RIDType
-from rid_lib.ext.bundle import Bundle
-from rid_lib.types import KoiNetEdge
-from rid_lib.types.koi_net_node import KoiNetNode
-from .edge import EdgeProfile, EdgeStatus, EdgeType
-
-def generate_edge_bundle(
-    source: KoiNetNode,
-    target: KoiNetNode,
-    rid_types: list[RIDType],
-    edge_type: EdgeType
-) -> Bundle:
-    edge_rid = KoiNetEdge.generate(source, target)
-    edge_profile = EdgeProfile(
-        source=source,
-        target=target,
-        rid_types=rid_types,
-        edge_type=edge_type,
-        status=EdgeStatus.PROPOSED
-    )
-    edge_bundle = Bundle.generate(
-        edge_rid,
-        edge_profile.model_dump()
-    )
-    return edge_bundle

koi_net-1.0.0b19.dist-info/RECORD

@@ -1,25 +0,0 @@
-koi_net/__init__.py,sha256=b0Ze0pZmJAuygpWUFHM6Kvqo3DkU_uzmkptv1EpAArw,31
-koi_net/config.py,sha256=TIKb1kFTcEysqwdHp6yCNpcXeS84dlprcb-f0z2jF0Y,3160
-koi_net/core.py,sha256=IO8kqiNMYVeuNzilq7eHBA7IulsxRjrCbWnIAx6_abA,4406
-koi_net/identity.py,sha256=muc5vuQ8zUOebhwAB3-ql6W2pgQETiYXXQAFBv8bLyg,1288
-koi_net/network/__init__.py,sha256=r_RN-q_mDYC-2RAkN-lJoMUX76TXyfEUc_MVKW87z0g,39
-koi_net/network/graph.py,sha256=dsfPuHUTkCzlj0QeL0e7dgp7-FR5_AGP7eE8EpBPhC0,4710
-koi_net/network/interface.py,sha256=icpl0rzpC5yV86BQBAbjAjK7AWhgCFoyFLm_Fjf1mCI,10451
-koi_net/network/request_handler.py,sha256=66gjX2x4UnBWZYwKLjp_3WkhL-ekhR3VAyfGviHTcUs,4790
-koi_net/network/response_handler.py,sha256=CAwici2Etj9ESndERXdtYkMlc4gWHz_xc7jHgY2Qjcg,1830
-koi_net/processor/__init__.py,sha256=x4fAY0hvQEDcpfdTB3POIzxBQjYAtn0qQazPo1Xm0m4,41
-koi_net/processor/default_handlers.py,sha256=dP64lEJ64BJ7H8PhFK-GZI1pv51tVVINV4jAgcOtOhc,8669
-koi_net/processor/handler.py,sha256=7X6M6PP8m6-xdtsP1y4QO83g_MN5VSszNNikprITK80,2523
-koi_net/processor/interface.py,sha256=Kyw4SQos_1WdcPJJe-j2w4xDIfwtmpF4mfGlkRVRqUI,12876
-koi_net/processor/knowledge_object.py,sha256=RCgzkILsWm1Jw_NkSu4jTRYA9Ugga6mJ4jqKWwketQs,4090
-koi_net/protocol/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-koi_net/protocol/api_models.py,sha256=DYDKCRD2Uja633bBAyTsaxyb1oF9pX9yQ9NpNAbkczo,1070
-koi_net/protocol/consts.py,sha256=bisbVEojPIHlLhkLafBzfIhH25TjNfvTORF1g6YXzIM,243
-koi_net/protocol/edge.py,sha256=CcmvIY4P1HEBdKNJ4wFRDmwYMRMss24Besmbi7ZRFxQ,427
-koi_net/protocol/event.py,sha256=eGgihEj1gliLoQRk8pVB2q_was0AGo-PbT3Hqnpn3oU,1379
-koi_net/protocol/helpers.py,sha256=8ZkQrjb_G0QEaMIKe9wkFOBonl1bkmemx_pwKMwIiLg,695
-koi_net/protocol/node.py,sha256=2HhCh3LdBLlY2Z_kXNmKHzpVLKbP_ODob3HjHayFQtM,375
-koi_net-1.0.0b19.dist-info/METADATA,sha256=uVzxDiRiHRncwfjotk7j_frmm_ka6PEpI-kcA278HoE,37107
-koi_net-1.0.0b19.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-koi_net-1.0.0b19.dist-info/licenses/LICENSE,sha256=03mgCL5qth2aD9C3F3qNVs4sFJSpK9kjtYCyOwdSp7s,1069
-koi_net-1.0.0b19.dist-info/RECORD,,