go-waku/waku/v2/protocol/relay/validators.go

package relay

import (
	"context"
	"crypto/ecdsa"
	"crypto/elliptic"
	"encoding/binary"
	"encoding/hex"
	"time"

	"github.com/ethereum/go-ethereum/crypto"
	"github.com/ethereum/go-ethereum/crypto/secp256k1"
	pubsub "github.com/libp2p/go-libp2p-pubsub"
	"github.com/libp2p/go-libp2p/core/peer"

	"github.com/waku-org/go-waku/waku/v2/hash"
	"github.com/waku-org/go-waku/waku/v2/protocol/pb"
	"github.com/waku-org/go-waku/waku/v2/timesource"
	"go.uber.org/zap"
)

func msgHash(pubSubTopic string, msg *pb.WakuMessage) []byte {
	timestampBytes := make([]byte, 8)
	binary.LittleEndian.PutUint64(timestampBytes, uint64(msg.GetTimestamp()))

	var ephemeralByte byte
	if msg.GetEphemeral() {
		ephemeralByte = 1
	}

	return hash.SHA256(
		[]byte(pubSubTopic),
		msg.Payload,
		[]byte(msg.ContentTopic),
		timestampBytes,
		[]byte{ephemeralByte},
	)
}

type validatorFn = func(ctx context.Context, msg *pb.WakuMessage, topic string) bool

func (w *WakuRelay) RegisterDefaultValidator(fn validatorFn) {
	w.topicValidatorMutex.Lock()
	defer w.topicValidatorMutex.Unlock()
	w.defaultTopicValidators = append(w.defaultTopicValidators, fn)
}

func (w *WakuRelay) RegisterTopicValidator(topic string, fn validatorFn) {
	w.topicValidatorMutex.Lock()
	defer w.topicValidatorMutex.Unlock()

	w.topicValidators[topic] = append(w.topicValidators[topic], fn)
}

func (w *WakuRelay) RemoveTopicValidator(topic string) {
	w.topicValidatorMutex.Lock()
	defer w.topicValidatorMutex.Unlock()

	delete(w.topicValidators, topic)
}

func (w *WakuRelay) topicValidator(topic string) func(ctx context.Context, peerID peer.ID, message *pubsub.Message) bool {
	return func(ctx context.Context, peerID peer.ID, message *pubsub.Message) bool {
		msg, err := pb.Unmarshal(message.Data)
		if err != nil {
			return false
		}

		w.topicValidatorMutex.RLock()
		validators, exists := w.topicValidators[topic]
		validators = append(validators, w.defaultTopicValidators...)
		w.topicValidatorMutex.RUnlock()

		if exists {
			for _, v := range validators {
				if !v(ctx, msg, topic) {
					return false
				}
			}
		}

		return true
	}
}

// AddSignedTopicValidator registers a gossipsub validator for a topic which will check that messages Meta field contains a valid ECDSA signature for the specified pubsub topic. This is used as a DoS prevention mechanism
func (w *WakuRelay) AddSignedTopicValidator(topic string, publicKey *ecdsa.PublicKey) error {
	w.log.Info("adding validator to signed topic", zap.String("topic", topic), zap.String("publicKey", hex.EncodeToString(elliptic.Marshal(publicKey.Curve, publicKey.X, publicKey.Y))))

	fn := signedTopicBuilder(w.timesource, publicKey)

	w.RegisterTopicValidator(topic, fn)

	if !w.IsSubscribed(topic) {
		w.log.Warn("relay is not subscribed to signed topic", zap.String("topic", topic))
	}

	return nil
}

const messageWindowDuration = time.Minute * 5

func withinTimeWindow(t timesource.Timesource, msg *pb.WakuMessage) bool {
	if msg.GetTimestamp() == 0 {
		return false
	}

	now := t.Now()
	msgTime := time.Unix(0, msg.GetTimestamp())

	return now.Sub(msgTime).Abs() <= messageWindowDuration
}

func signedTopicBuilder(t timesource.Timesource, publicKey *ecdsa.PublicKey) validatorFn {
	publicKeyBytes := crypto.FromECDSAPub(publicKey)
	return func(ctx context.Context, msg *pb.WakuMessage, topic string) bool {
		if !withinTimeWindow(t, msg) {
			return false
		}

		msgHash := msgHash(topic, msg)
		signature := msg.Meta

		return secp256k1.VerifySignature(publicKeyBytes, msgHash, signature)
	}
}

// SignMessage adds an ECDSA signature to a WakuMessage as an opt-in mechanism for DoS prevention
func SignMessage(privKey *ecdsa.PrivateKey, msg *pb.WakuMessage, pubsubTopic string) error {
	msgHash := msgHash(pubsubTopic, msg)
	sign, err := secp256k1.Sign(msgHash, crypto.FromECDSA(privKey))
	if err != nil {
		return err
	}

	msg.Meta = sign[0:64] // Remove V
	return nil
}
feat: dos protected topic relay msgs based on meta field 2023-04-05 21:03:29 +00:00			`package relay`

			`import (`
			`"context"`
			`"crypto/ecdsa"`
revert: "refactor: use an address instead of public key for the node setup" This reverts commit 38a9fc4b19ba9eae64f8f8da0388e2a9b06cf72f. 2023-05-22 21:03:40 +00:00			`"crypto/elliptic"`
feat: validate message timestamp in signed topic validator 2023-05-04 15:56:56 +00:00			`"encoding/binary"`
revert: "refactor: use an address instead of public key for the node setup" This reverts commit 38a9fc4b19ba9eae64f8f8da0388e2a9b06cf72f. 2023-05-22 21:03:40 +00:00			`"encoding/hex"`
feat: validate message timestamp in signed topic validator 2023-05-04 15:56:56 +00:00			`"time"`
feat: dos protected topic relay msgs based on meta field 2023-04-05 21:03:29 +00:00
fix: use deterministic signatures RFC6979 2023-05-03 15:59:47 +00:00			`"github.com/ethereum/go-ethereum/crypto"`
			`"github.com/ethereum/go-ethereum/crypto/secp256k1"`
feat: dos protected topic relay msgs based on meta field 2023-04-05 21:03:29 +00:00			`pubsub "github.com/libp2p/go-libp2p-pubsub"`
			`"github.com/libp2p/go-libp2p/core/peer"`
feat(rln-relay): ensure execution order for pubsub validators 2023-09-07 21:39:10 +00:00
feat: dos protected topic relay msgs based on meta field 2023-04-05 21:03:29 +00:00			`"github.com/waku-org/go-waku/waku/v2/hash"`
			`"github.com/waku-org/go-waku/waku/v2/protocol/pb"`
feat: validate message timestamp in signed topic validator 2023-05-04 15:56:56 +00:00			`"github.com/waku-org/go-waku/waku/v2/timesource"`
feat: dos protected topic relay msgs based on meta field 2023-04-05 21:03:29 +00:00			`"go.uber.org/zap"`
			`)`

chore: add missing comments to functions 2023-07-19 16:25:35 +00:00			`func msgHash(pubSubTopic string, msg *pb.WakuMessage) []byte {`
feat: validate message timestamp in signed topic validator 2023-05-04 15:56:56 +00:00			`timestampBytes := make([]byte, 8)`
chore: use waku-org/waku-proto repository for protobuffer definitions (#828) 2023-11-07 19:48:43 +00:00			`binary.LittleEndian.PutUint64(timestampBytes, uint64(msg.GetTimestamp()))`
feat: validate message timestamp in signed topic validator 2023-05-04 15:56:56 +00:00
			`var ephemeralByte byte`
chore: use waku-org/waku-proto repository for protobuffer definitions (#828) 2023-11-07 19:48:43 +00:00			`if msg.GetEphemeral() {`
feat: validate message timestamp in signed topic validator 2023-05-04 15:56:56 +00:00			`ephemeralByte = 1`
			`}`

			`return hash.SHA256(`
			`[]byte(pubSubTopic),`
			`msg.Payload,`
			`[]byte(msg.ContentTopic),`
			`timestampBytes,`
			`[]byte{ephemeralByte},`
			`)`
			`}`

feat(rln-relay): ensure execution order for pubsub validators 2023-09-07 21:39:10 +00:00			`type validatorFn = func(ctx context.Context, msg *pb.WakuMessage, topic string) bool`
feat: validate message timestamp in signed topic validator 2023-05-04 15:56:56 +00:00
feat(rln-relay): ensure execution order for pubsub validators 2023-09-07 21:39:10 +00:00			`func (w *WakuRelay) RegisterDefaultValidator(fn validatorFn) {`
			`w.topicValidatorMutex.Lock()`
			`defer w.topicValidatorMutex.Unlock()`
			`w.defaultTopicValidators = append(w.defaultTopicValidators, fn)`
			`}`
feat: validate message timestamp in signed topic validator 2023-05-04 15:56:56 +00:00
feat(rln-relay): ensure execution order for pubsub validators 2023-09-07 21:39:10 +00:00			`func (w *WakuRelay) RegisterTopicValidator(topic string, fn validatorFn) {`
			`w.topicValidatorMutex.Lock()`
			`defer w.topicValidatorMutex.Unlock()`
feat: validate message timestamp in signed topic validator 2023-05-04 15:56:56 +00:00
feat(rln-relay): ensure execution order for pubsub validators 2023-09-07 21:39:10 +00:00			`w.topicValidators[topic] = append(w.topicValidators[topic], fn)`
feat: dos protected topic relay msgs based on meta field 2023-04-05 21:03:29 +00:00			`}`

feat(rln-relay): ensure execution order for pubsub validators 2023-09-07 21:39:10 +00:00			`func (w *WakuRelay) RemoveTopicValidator(topic string) {`
			`w.topicValidatorMutex.Lock()`
			`defer w.topicValidatorMutex.Unlock()`
chore: add unit test for signed validator and --protected-topic-flag 2023-05-02 15:10:45 +00:00
feat(rln-relay): ensure execution order for pubsub validators 2023-09-07 21:39:10 +00:00			`delete(w.topicValidators, topic)`
			`}`

			`func (w WakuRelay) topicValidator(topic string) func(ctx context.Context, peerID peer.ID, message pubsub.Message) bool {`
chore: add unit test for signed validator and --protected-topic-flag 2023-05-02 15:10:45 +00:00			`return func(ctx context.Context, peerID peer.ID, message *pubsub.Message) bool {`
refactor: validate protobuffers for lightpush and relay (#824) 2023-10-24 16:26:02 +00:00			`msg, err := pb.Unmarshal(message.Data)`
feat: dos protected topic relay msgs based on meta field 2023-04-05 21:03:29 +00:00			`if err != nil {`
			`return false`
			`}`

feat(rln-relay): ensure execution order for pubsub validators 2023-09-07 21:39:10 +00:00			`w.topicValidatorMutex.RLock()`
			`validators, exists := w.topicValidators[topic]`
			`validators = append(validators, w.defaultTopicValidators...)`
			`w.topicValidatorMutex.RUnlock()`

			`if exists {`
			`for _, v := range validators {`
			`if !v(ctx, msg, topic) {`
			`return false`
			`}`
			`}`
feat: validate message timestamp in signed topic validator 2023-05-04 15:56:56 +00:00			`}`

feat(rln-relay): ensure execution order for pubsub validators 2023-09-07 21:39:10 +00:00			`return true`
			`}`
chore: add unit test for signed validator and --protected-topic-flag 2023-05-02 15:10:45 +00:00			`}`

chore: add missing comments to functions 2023-07-19 16:25:35 +00:00			`// AddSignedTopicValidator registers a gossipsub validator for a topic which will check that messages Meta field contains a valid ECDSA signature for the specified pubsub topic. This is used as a DoS prevention mechanism`
revert: "refactor: use an address instead of public key for the node setup" This reverts commit 38a9fc4b19ba9eae64f8f8da0388e2a9b06cf72f. 2023-05-22 21:03:40 +00:00			`func (w WakuRelay) AddSignedTopicValidator(topic string, publicKey ecdsa.PublicKey) error {`
			`w.log.Info("adding validator to signed topic", zap.String("topic", topic), zap.String("publicKey", hex.EncodeToString(elliptic.Marshal(publicKey.Curve, publicKey.X, publicKey.Y))))`
feat: use addresses in signed topic validator 2023-05-09 14:48:55 +00:00
feat(rln-relay): ensure execution order for pubsub validators 2023-09-07 21:39:10 +00:00			`fn := signedTopicBuilder(w.timesource, publicKey)`
feat: use addresses in signed topic validator 2023-05-09 14:48:55 +00:00
feat(rln-relay): ensure execution order for pubsub validators 2023-09-07 21:39:10 +00:00			`w.RegisterTopicValidator(topic, fn)`
fix: code review 2023-05-04 14:04:54 +00:00
			`if !w.IsSubscribed(topic) {`
			`w.log.Warn("relay is not subscribed to signed topic", zap.String("topic", topic))`
			`}`

			`return nil`
feat: dos protected topic relay msgs based on meta field 2023-04-05 21:03:29 +00:00			`}`

feat(rln-relay): ensure execution order for pubsub validators 2023-09-07 21:39:10 +00:00			`const messageWindowDuration = time.Minute * 5`

			`func withinTimeWindow(t timesource.Timesource, msg *pb.WakuMessage) bool {`
chore: use waku-org/waku-proto repository for protobuffer definitions (#828) 2023-11-07 19:48:43 +00:00			`if msg.GetTimestamp() == 0 {`
feat(rln-relay): ensure execution order for pubsub validators 2023-09-07 21:39:10 +00:00			`return false`
			`}`

			`now := t.Now()`
chore: use waku-org/waku-proto repository for protobuffer definitions (#828) 2023-11-07 19:48:43 +00:00			`msgTime := time.Unix(0, msg.GetTimestamp())`
feat(rln-relay): ensure execution order for pubsub validators 2023-09-07 21:39:10 +00:00
			`return now.Sub(msgTime).Abs() <= messageWindowDuration`
			`}`

			`func signedTopicBuilder(t timesource.Timesource, publicKey *ecdsa.PublicKey) validatorFn {`
			`publicKeyBytes := crypto.FromECDSAPub(publicKey)`
			`return func(ctx context.Context, msg *pb.WakuMessage, topic string) bool {`
			`if !withinTimeWindow(t, msg) {`
			`return false`
			`}`

			`msgHash := msgHash(topic, msg)`
			`signature := msg.Meta`

			`return secp256k1.VerifySignature(publicKeyBytes, msgHash, signature)`
			`}`
			`}`

chore: add missing comments to functions 2023-07-19 16:25:35 +00:00			`// SignMessage adds an ECDSA signature to a WakuMessage as an opt-in mechanism for DoS prevention`
fix: neither encoding nor address comparison are needed to protect a topic 2023-05-26 14:42:25 +00:00			`func SignMessage(privKey ecdsa.PrivateKey, msg pb.WakuMessage, pubsubTopic string) error {`
chore: add missing comments to functions 2023-07-19 16:25:35 +00:00			`msgHash := msgHash(pubsubTopic, msg)`
fix: use deterministic signatures RFC6979 2023-05-03 15:59:47 +00:00			`sign, err := secp256k1.Sign(msgHash, crypto.FromECDSA(privKey))`
feat: dos protected topic relay msgs based on meta field 2023-04-05 21:03:29 +00:00			`if err != nil {`
			`return err`
			`}`

fix: signatures 2023-05-26 15:18:00 +00:00			`msg.Meta = sign[0:64] // Remove V`
feat: dos protected topic relay msgs based on meta field 2023-04-05 21:03:29 +00:00			`return nil`
			`}`