40 lines
1.3 KiB
Python
40 lines
1.3 KiB
Python
"""Verifiable routing logs with lightweight signing.
|
|
|
|
This module provides a Signer, log entry creator, and verifier. For demonstration,
|
|
signatures use HMAC-SHA256 with a secret key. Replace with proper public-key crypto
|
|
in production.
|
|
"""
|
|
from __future__ import annotations
|
|
import json
|
|
import time
|
|
import hmac
|
|
import hashlib
|
|
|
|
class Signer:
|
|
def __init__(self, key: str):
|
|
self.key = key.encode("utf-8")
|
|
|
|
def sign_payload(self, payload: dict) -> str:
|
|
data = json.dumps(payload, sort_keys=True).encode("utf-8")
|
|
return hmac.new(self.key, data, hashlib.sha256).hexdigest()
|
|
|
|
def make_signed_log(order_id: str, venue: str, price: float, latency_ms: int, signer: Signer, timestamp: int | None = None) -> dict:
|
|
payload = {
|
|
"order_id": order_id,
|
|
"venue": venue,
|
|
"price": price,
|
|
"latency_ms": latency_ms,
|
|
"timestamp": timestamp or int(time.time() * 1000),
|
|
}
|
|
signature = signer.sign_payload(payload)
|
|
payload["signature"] = signature
|
|
return payload
|
|
|
|
def verify_log(log: dict, signer: Signer) -> bool:
|
|
if "signature" not in log:
|
|
return False
|
|
sig = log["signature"]
|
|
payload = {k: v for k, v in log.items() if k != "signature"}
|
|
expected = signer.sign_payload(payload)
|
|
return hmac.compare_digest(sig, expected)
|