fix: sign full envelope instead of just payload (C-01)

gcmsg · claude · gcmsg · commit 7dc5648b305c · 2026-03-11T19:09:03.000+08:00
Add SigningPayload(), SetSignature(), GetSignature() to Envelope implementing
the SignableEnvelope interface. The signing payload is a SHA-256 hash of
Source, Destination, Protocol, MessageType, Nonce, Timestamp, and Payload,
preventing attackers from modifying routing fields without invalidating
the signature.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/envelope/envelope.go b/envelope/envelope.go
@@ -1,6 +1,8 @@
 package envelope
 
 import (
+	"crypto/sha256"
+	"encoding/binary"
 	"time"
 
 	"github.com/google/uuid"
@@ -100,3 +102,40 @@ func (e *Envelope) WithMetadata(key, value string) *Envelope {
 	e.Metadata[key] = value
 	return e
 }
+
+// SigningPayload returns a canonical byte representation of the envelope's
+// security-critical fields for signing. This covers Source, Destination,
+// Protocol, MessageType, Nonce, Timestamp, and Payload — preventing an
+// attacker from modifying routing or replay-protection fields without
+// invalidating the signature.
+//
+// This implements the identity.SignableEnvelope interface.
+func (e *Envelope) SigningPayload() []byte {
+	h := sha256.New()
+	h.Write([]byte(e.Source))
+	h.Write([]byte{0}) // separator
+	h.Write([]byte(e.Destination))
+	h.Write([]byte{0})
+	h.Write([]byte(e.Protocol))
+	h.Write([]byte{0})
+	h.Write([]byte(e.MessageType))
+	h.Write([]byte{0})
+	h.Write([]byte(e.Nonce))
+	h.Write([]byte{0})
+	// Encode timestamp as Unix nanoseconds for deterministic representation.
+	var tsBuf [8]byte
+	binary.BigEndian.PutUint64(tsBuf[:], uint64(e.Timestamp.UnixNano()))
+	h.Write(tsBuf[:])
+	h.Write(e.Payload)
+	return h.Sum(nil)
+}
+
+// SetSignature sets the envelope's signature field.
+func (e *Envelope) SetSignature(sig string) {
+	e.Signature = sig
+}
+
+// GetSignature returns the envelope's signature field.
+func (e *Envelope) GetSignature() string {
+	return e.Signature
+}
diff --git a/envelope/envelope_test.go b/envelope/envelope_test.go
@@ -1,8 +1,11 @@
 package envelope
 
 import (
+	"bytes"
 	"testing"
+	"time"
 
+	"github.com/peerclaw/peerclaw-core/identity"
 	"github.com/peerclaw/peerclaw-core/protocol"
 )
 
@@ -75,3 +78,85 @@ func TestNewResponse_SetsPayload(t *testing.T) {
 		t.Errorf("expected Payload world, got %s", string(resp.Payload))
 	}
 }
+
+func TestSigningPayload_Deterministic(t *testing.T) {
+	env := &Envelope{
+		Source:      "alice",
+		Destination: "bob",
+		Protocol:    protocol.ProtocolA2A,
+		MessageType: MessageTypeRequest,
+		Nonce:       "nonce-123",
+		Timestamp:   time.Date(2026, 1, 1, 0, 0, 0, 0, time.UTC),
+		Payload:     []byte("hello"),
+	}
+
+	p1 := env.SigningPayload()
+	p2 := env.SigningPayload()
+	if !bytes.Equal(p1, p2) {
+		t.Error("SigningPayload should be deterministic")
+	}
+}
+
+func TestSigningPayload_ChangesOnFieldMutation(t *testing.T) {
+	env := &Envelope{
+		Source:      "alice",
+		Destination: "bob",
+		Protocol:    protocol.ProtocolA2A,
+		MessageType: MessageTypeRequest,
+		Nonce:       "nonce-123",
+		Timestamp:   time.Date(2026, 1, 1, 0, 0, 0, 0, time.UTC),
+		Payload:     []byte("hello"),
+	}
+
+	baseline := env.SigningPayload()
+
+	// Changing any covered field should produce a different signing payload.
+	fields := []struct {
+		name   string
+		mutate func()
+		revert func()
+	}{
+		{"Source", func() { env.Source = "mallory" }, func() { env.Source = "alice" }},
+		{"Destination", func() { env.Destination = "eve" }, func() { env.Destination = "bob" }},
+		{"Protocol", func() { env.Protocol = protocol.ProtocolMCP }, func() { env.Protocol = protocol.ProtocolA2A }},
+		{"MessageType", func() { env.MessageType = MessageTypeResponse }, func() { env.MessageType = MessageTypeRequest }},
+		{"Nonce", func() { env.Nonce = "other" }, func() { env.Nonce = "nonce-123" }},
+		{"Timestamp", func() { env.Timestamp = time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC) }, func() { env.Timestamp = time.Date(2026, 1, 1, 0, 0, 0, 0, time.UTC) }},
+		{"Payload", func() { env.Payload = []byte("tampered") }, func() { env.Payload = []byte("hello") }},
+	}
+
+	for _, f := range fields {
+		f.mutate()
+		changed := env.SigningPayload()
+		if bytes.Equal(baseline, changed) {
+			t.Errorf("changing %s should produce different signing payload", f.name)
+		}
+		f.revert()
+	}
+}
+
+func TestSignEnvelope_VerifyEnvelope_RoundTrip(t *testing.T) {
+	kp, err := identity.GenerateKeypair()
+	if err != nil {
+		t.Fatalf("GenerateKeypair: %v", err)
+	}
+
+	env := New("alice", "bob", protocol.ProtocolA2A, []byte("hello"))
+	env.Nonce = "test-nonce"
+	identity.SignEnvelope(env, kp.PrivateKey)
+
+	if env.Signature == "" {
+		t.Fatal("expected non-empty signature")
+	}
+
+	pubKey, _ := identity.ParsePublicKey(kp.PublicKeyString())
+	if err := identity.VerifyEnvelope(env, pubKey); err != nil {
+		t.Fatalf("VerifyEnvelope should pass: %v", err)
+	}
+
+	// Tamper with Source — should fail.
+	env.Source = "mallory"
+	if err := identity.VerifyEnvelope(env, pubKey); err == nil {
+		t.Error("tampered Source should fail verification")
+	}
+}
