From 9c26c5facde5966826d923befa9c8b2fd1bf3c33 Mon Sep 17 00:00:00 2001
From: Jason Volk <jason@zemos.net>
Date: Thu, 22 Mar 2018 01:31:17 -0700
Subject: [PATCH] ircd::m::vm: Option to verify origin signature on eval.

---
 include/ircd/m/vm.h | 3 +++
 ircd/m/vm.cc        | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/include/ircd/m/vm.h b/include/ircd/m/vm.h
index 8be094c8a..c1a15bbcf 100644
--- a/include/ircd/m/vm.h
+++ b/include/ircd/m/vm.h
@@ -131,6 +131,9 @@ struct ircd::m::vm::opts
 	/// replayed through the system (not recommended).
 	bool replays {false};
 
+	// Verify the origin signature
+	bool verify {true};
+
 	/// TODO: Y
 	bool prev_check_exists {true};
 
diff --git a/ircd/m/vm.cc b/ircd/m/vm.cc
index 1680f9727..fbeba2d39 100644
--- a/ircd/m/vm.cc
+++ b/ircd/m/vm.cc
@@ -168,6 +168,7 @@ ircd::m::vm::commit(const event &event,
 	commit_hook(event);
 
 	vm::opts opts_{opts};
+	opts_.verify = false;
 
 	// Some functionality on this server may create an event on behalf
 	// of remote users. It's safe for us to mask this here, but eval'ing
@@ -358,6 +359,13 @@ ircd::m::vm::_eval_pdu(eval &eval,
 			fault::EXISTS, "Event has already been evaluated."
 		};
 
+	if(opts.verify)
+		if(!m::event::verify(event))
+			throw m::BAD_SIGNATURE
+			{
+				"Signature verification failed"
+			};
+
 	eval_hook(event);
 
 	const auto &depth