status-im
/
go-waku
mirror of https://github.com/status-im/go-waku.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: neither encoding nor address comparison are needed to protect a topic

This commit is contained in:
Richard Ramos 2023-05-26 10:42:25 -04:00
parent 0dbe4fd5ff
commit 2c17e20d99
No known key found for this signature in database
GPG Key ID: 1CE87DB518195760
2 changed files with 11 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
waku/v2/protocol/relay/validators.go
View File

@ -15,7 +15,6 @@ import (
pubsub "github.com/libp2p/go-libp2p-pubsub"
"github.com/libp2p/go-libp2p/core/peer"
"github.com/waku-org/go-waku/waku/v2/hash"
"github.com/waku-org/go-waku/waku/v2/protocol"
"github.com/waku-org/go-waku/waku/v2/protocol/pb"
"github.com/waku-org/go-waku/waku/v2/timesource"
"go.uber.org/zap"
@ -56,9 +55,7 @@ func withinTimeWindow(t timesource.Timesource, msg *pb.WakuMessage) bool {
type validatorFn = func(ctx context.Context, peerID peer.ID, message *pubsub.Message) bool
func validatorFnBuilder(t timesource.Timesource, publicKey *ecdsa.PublicKey) (validatorFn, error) {
address := crypto.PubkeyToAddress(*publicKey)
topic := protocol.NewNamedShardingPubsubTopic(address.String() + "/proto").String()
func validatorFnBuilder(t timesource.Timesource, topic string, publicKey *ecdsa.PublicKey) (validatorFn, error) {
return func(ctx context.Context, peerID peer.ID, message *pubsub.Message) bool {
msg := new(pb.WakuMessage)
err := proto.Unmarshal(message.Data, msg)
@ -73,21 +70,19 @@ func validatorFnBuilder(t timesource.Timesource, publicKey *ecdsa.PublicKey) (va
msgHash := MsgHash(topic, msg)
signature := msg.Meta
pubKey, err := crypto.SigToPub(msgHash, signature)
msgPubKey, err := crypto.SigToPub(msgHash, signature)
if err != nil {
return false
}
msgAddress := crypto.PubkeyToAddress(*pubKey)
return bytes.Equal(msgAddress.Bytes(), address.Bytes())
return bytes.Equal(crypto.FromECDSAPub(msgPubKey), crypto.FromECDSAPub(publicKey))
}, nil
}
func (w *WakuRelay) AddSignedTopicValidator(topic string, publicKey *ecdsa.PublicKey) error {
w.log.Info("adding validator to signed topic", zap.String("topic", topic), zap.String("publicKey", hex.EncodeToString(elliptic.Marshal(publicKey.Curve, publicKey.X, publicKey.Y))))
fn, err := validatorFnBuilder(w.timesource, publicKey)
fn, err := validatorFnBuilder(w.timesource, topic, publicKey)
if err != nil {
return err
}
@ -104,9 +99,8 @@ func (w *WakuRelay) AddSignedTopicValidator(topic string, publicKey *ecdsa.Publi
return nil
}
func SignMessage(privKey *ecdsa.PrivateKey, msg *pb.WakuMessage) error {
topic := PrivKeyToTopic(privKey)
msgHash := MsgHash(topic, msg)
func SignMessage(privKey *ecdsa.PrivateKey, msg *pb.WakuMessage, pubsubTopic string) error {
msgHash := MsgHash(pubsubTopic, msg)
sign, err := secp256k1.Sign(msgHash, crypto.FromECDSA(privKey))
if err != nil {
return err
@ -115,8 +109,3 @@ func SignMessage(privKey *ecdsa.PrivateKey, msg *pb.WakuMessage) error {
msg.Meta = sign
return nil
}
func PrivKeyToTopic(privKey *ecdsa.PrivateKey) string {
address := crypto.PubkeyToAddress(privKey.PublicKey)
return protocol.NewNamedShardingPubsubTopic(address.String() + "/proto").String()
}

9
waku/v2/protocol/relay/validators_test.go
View File

@ -41,6 +41,7 @@ func TestMsgHash(t *testing.T) {
prvKey, _ := crypto.ToECDSA(privKeyB)
payload, _ := hex.DecodeString("1A12E077D0E89F9CAC11FBBB6A676C86120B5AD3E248B1F180E98F15EE43D2DFCF62F00C92737B2FF6F59B3ABA02773314B991C41DC19ADB0AD8C17C8E26757B")
protectedPubSubTopic := "pubsub-topic"
contentTopic := "content-topic"
ephemeral := true
timestamp := time.Unix(0, 1683208172339052800)
@ -52,7 +53,7 @@ func TestMsgHash(t *testing.T) {
Ephemeral: ephemeral,
}
err := SignMessage(prvKey, msg)
err := SignMessage(prvKey, msg, protectedPubSubTopic)
require.NoError(t, err)
// expectedSignature, _ := hex.DecodeString("127FA211B2514F0E974A055392946DC1A14052182A6ABEFB8A6CD7C51DA1BF2E40595D28EF1A9488797C297EED3AAC45430005FB3A7F037BDD9FC4BD99F59E63")
@ -64,7 +65,7 @@ func TestMsgHash(t *testing.T) {
//messageHash := MsgHash(pubsubTopic, msg)
//require.True(t, bytes.Equal(expectedMessageHash, messageHash))
myValidator, err := validatorFnBuilder(NewFakeTimesource(timestamp), &prvKey.PublicKey)
myValidator, err := validatorFnBuilder(NewFakeTimesource(timestamp), protectedPubSubTopic, &prvKey.PublicKey)
require.NoError(t, err)
result := myValidator(context.Background(), "", &pubsub.Message{
Message: &pubsub_pb.Message{
@ -75,7 +76,7 @@ func TestMsgHash(t *testing.T) {
// Exceed 5m window in both directions
now5m1sInPast := timestamp.Add(-5 * time.Minute).Add(-1 * time.Second)
myValidator, err = validatorFnBuilder(NewFakeTimesource(now5m1sInPast), &prvKey.PublicKey)
myValidator, err = validatorFnBuilder(NewFakeTimesource(now5m1sInPast), protectedPubSubTopic, &prvKey.PublicKey)
require.NoError(t, err)
result = myValidator(context.Background(), "", &pubsub.Message{
Message: &pubsub_pb.Message{
@ -85,7 +86,7 @@ func TestMsgHash(t *testing.T) {
require.False(t, result)
now5m1sInFuture := timestamp.Add(5 * time.Minute).Add(1 * time.Second)
myValidator, err = validatorFnBuilder(NewFakeTimesource(now5m1sInFuture), &prvKey.PublicKey)
myValidator, err = validatorFnBuilder(NewFakeTimesource(now5m1sInFuture), protectedPubSubTopic, &prvKey.PublicKey)
require.NoError(t, err)
result = myValidator(context.Background(), "", &pubsub.Message{
Message: &pubsub_pb.Message{