syncing with ballisitca/master

dist/ba_data/python/bacommon/securedata.py

@@ -0,0 +1,56 @@
+# Released under the MIT License. See LICENSE for details.
+#
+"""Functionality related to verifying ballistica server generated data."""
+
+import datetime
+from dataclasses import dataclass
+from typing import TYPE_CHECKING, Annotated
+
+from efro.util import utc_now
+from efro.dataclassio import ioprepped, IOAttrs
+
+if TYPE_CHECKING:
+    pass
+
+
+@ioprepped
+@dataclass
+class SecureDataChecker:
+    """Verifies data as being signed by our master server."""
+
+    # Time period this checker is valid for.
+    starttime: Annotated[datetime.datetime, IOAttrs('s')]
+    endtime: Annotated[datetime.datetime, IOAttrs('e')]
+
+    # Current set of public keys.
+    publickeys: Annotated[list[bytes], IOAttrs('k')]
+
+    def check(self, data: bytes, signature: bytes) -> bool:
+        """Verify data, returning True if successful.
+
+        Note that this call imports and uses the cryptography module and
+        can be slow; it generally should be done in a background thread
+        or on a server.
+        """
+        from cryptography.hazmat.primitives.asymmetric import ed25519
+        from cryptography.exceptions import InvalidSignature
+
+        now = utc_now()
+
+        # Make sure we seem valid based on local time.
+        if now < self.starttime:
+            raise RuntimeError('SecureDataChecker starttime is in the future.')
+        if now > self.endtime:
+            raise RuntimeError('SecureDataChecker endtime is in the past.')
+
+        # Try our keys from newest to oldest. Most stuff will be using
+        # the newest key so this should be most efficient.
+        for key in reversed(self.publickeys):
+            try:
+                publickey = ed25519.Ed25519PublicKey.from_public_bytes(key)
+                publickey.verify(signature, data)
+                return True
+            except InvalidSignature:
+                pass
+
+        return False