Skip to content

fix(gossipsub): validate the message key for all peer id types#3569

Open
tabcat wants to merge 1 commit into
libp2p:mainfrom
tabcat:fix/gossipsub-key-binding
Open

fix(gossipsub): validate the message key for all peer id types#3569
tabcat wants to merge 1 commit into
libp2p:mainfrom
tabcat:fix/gossipsub-key-binding

Conversation

@tabcat

@tabcat tabcat commented Jul 16, 2026

Copy link
Copy Markdown
Member

Description

When validating a StrictSign message that carries a key, @libp2p/gossipsub checks that key against the message's from peer id. That check compared the public keys directly, which only applies when the from peer id inlines its public key (Ed25519, secp256k1).

It now derives the peer id from the supplied key and compares that instead, so the check applies to every peer id type, including those that don't inline a public key (RSA).

Change checklist

  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation if necessary (this includes comments as well)
  • I have added tests that prove my fix is effective or that my feature works

The message key was checked against the from peer id by comparing public keys directly, which only applies to peer ids that inline their public key. It now derives the peer id from the key and compares that, so the check applies to every peer id type.
@tabcat
tabcat marked this pull request as ready for review July 16, 2026 15:37
@tabcat
tabcat requested a review from a team as a code owner July 16, 2026 15:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant