go-waku/waku/v2/protocol/relay/validators.go

package relay

import (
	"context"
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"
	"encoding/hex"

	pubsub "github.com/libp2p/go-libp2p-pubsub"
	"github.com/libp2p/go-libp2p/core/peer"
	"github.com/waku-org/go-waku/waku/v2/hash"
	"github.com/waku-org/go-waku/waku/v2/protocol/pb"
	"go.uber.org/zap"
	proto "google.golang.org/protobuf/proto"
)

// Application level message hash
func MsgHash(pubSubTopic string, msg *pb.WakuMessage) []byte {
	// TODO: Other fields?
	return hash.SHA256([]byte(pubSubTopic), msg.Payload, []byte(msg.ContentTopic))
}

type validatorFn = func(ctx context.Context, peerID peer.ID, message *pubsub.Message) bool

func validatorFnBuilder(topic string, publicKey *ecdsa.PublicKey) validatorFn {
	return func(ctx context.Context, peerID peer.ID, message *pubsub.Message) bool {
		msg := new(pb.WakuMessage)
		err := proto.Unmarshal(message.Data, msg)
		if err != nil {
			return false
		}

		msgHash := MsgHash(topic, msg)
		signature := msg.Meta

		return ecdsa.VerifyASN1(publicKey, msgHash, signature)
	}
}

func (w *WakuRelay) AddSignedTopicValidator(topic string, publicKey *ecdsa.PublicKey) error {
	w.log.Info("adding validator to signed topic", zap.String("topic", topic), zap.String("publicKey", hex.EncodeToString(elliptic.Marshal(publicKey.Curve, publicKey.X, publicKey.Y))))
	err := w.pubsub.RegisterTopicValidator(topic, validatorFnBuilder(topic, publicKey))
	return err
}

func SignMessage(privKey *ecdsa.PrivateKey, topic string, msg *pb.WakuMessage) error {
	msgHash := MsgHash(topic, msg)
	sign, err := ecdsa.SignASN1(rand.Reader, privKey, msgHash)
	if err != nil {
		return err
	}

	msg.Meta = sign
	return nil
}
feat: dos protected topic relay msgs based on meta field 2023-04-05 21:03:29 +00:00			`package relay`

			`import (`
			`"context"`
			`"crypto/ecdsa"`
			`"crypto/elliptic"`
			`"crypto/rand"`
			`"encoding/hex"`

			`pubsub "github.com/libp2p/go-libp2p-pubsub"`
			`"github.com/libp2p/go-libp2p/core/peer"`
			`"github.com/waku-org/go-waku/waku/v2/hash"`
			`"github.com/waku-org/go-waku/waku/v2/protocol/pb"`
			`"go.uber.org/zap"`
			`proto "google.golang.org/protobuf/proto"`
			`)`

			`// Application level message hash`
			`func MsgHash(pubSubTopic string, msg *pb.WakuMessage) []byte {`
			`// TODO: Other fields?`
			`return hash.SHA256([]byte(pubSubTopic), msg.Payload, []byte(msg.ContentTopic))`
			`}`

chore: add unit test for signed validator and --protected-topic-flag 2023-05-02 15:10:45 +00:00			`type validatorFn = func(ctx context.Context, peerID peer.ID, message *pubsub.Message) bool`

			`func validatorFnBuilder(topic string, publicKey *ecdsa.PublicKey) validatorFn {`
			`return func(ctx context.Context, peerID peer.ID, message *pubsub.Message) bool {`
feat: dos protected topic relay msgs based on meta field 2023-04-05 21:03:29 +00:00			`msg := new(pb.WakuMessage)`
			`err := proto.Unmarshal(message.Data, msg)`
			`if err != nil {`
			`return false`
			`}`

			`msgHash := MsgHash(topic, msg)`
			`signature := msg.Meta`

			`return ecdsa.VerifyASN1(publicKey, msgHash, signature)`
chore: add unit test for signed validator and --protected-topic-flag 2023-05-02 15:10:45 +00:00			`}`
			`}`

			`func (w WakuRelay) AddSignedTopicValidator(topic string, publicKey ecdsa.PublicKey) error {`
			`w.log.Info("adding validator to signed topic", zap.String("topic", topic), zap.String("publicKey", hex.EncodeToString(elliptic.Marshal(publicKey.Curve, publicKey.X, publicKey.Y))))`
			`err := w.pubsub.RegisterTopicValidator(topic, validatorFnBuilder(topic, publicKey))`
refactor: initialize broadcaster on Start 2023-04-14 21:50:44 +00:00			`return err`
feat: dos protected topic relay msgs based on meta field 2023-04-05 21:03:29 +00:00			`}`

chore: add unit test for signed validator and --protected-topic-flag 2023-05-02 15:10:45 +00:00			`func SignMessage(privKey ecdsa.PrivateKey, topic string, msg pb.WakuMessage) error {`
feat: dos protected topic relay msgs based on meta field 2023-04-05 21:03:29 +00:00			`msgHash := MsgHash(topic, msg)`
			`sign, err := ecdsa.SignASN1(rand.Reader, privKey, msgHash)`
			`if err != nil {`
			`return err`
			`}`

			`msg.Meta = sign`
			`return nil`
			`}`