fix: use deterministic signatures RFC6979

2023-05-03 11:59:47 -04:00 · 2023-05-03 11:59:47 -04:00 · f11b82d94a
parent 837a0f2708
commit f11b82d94a
2 changed files with 16 additions and 10 deletions
--- a/waku/v2/protocol/relay/validators.go
+++ b/waku/v2/protocol/relay/validators.go
@ -4,9 +4,11 @@ import (
 	"context"
 	"crypto/ecdsa"
 	"crypto/elliptic"
-	"crypto/rand"
 	"encoding/hex"

+	"github.com/ethereum/go-ethereum/crypto"
+	"github.com/ethereum/go-ethereum/crypto/secp256k1"
+
 	pubsub "github.com/libp2p/go-libp2p-pubsub"
 	"github.com/libp2p/go-libp2p/core/peer"
 	"github.com/waku-org/go-waku/waku/v2/hash"
@ -24,6 +26,7 @@ func MsgHash(pubSubTopic string, msg *pb.WakuMessage) []byte {
 type validatorFn = func(ctx context.Context, peerID peer.ID, message *pubsub.Message) bool

 func validatorFnBuilder(topic string, publicKey *ecdsa.PublicKey) validatorFn {
+	pubkBytes := crypto.FromECDSAPub(publicKey)
 	return func(ctx context.Context, peerID peer.ID, message *pubsub.Message) bool {
 		msg := new(pb.WakuMessage)
 		err := proto.Unmarshal(message.Data, msg)
@ -34,7 +37,7 @@ func validatorFnBuilder(topic string, publicKey *ecdsa.PublicKey) validatorFn {
 		msgHash := MsgHash(topic, msg)
 		signature := msg.Meta

-		return ecdsa.VerifyASN1(publicKey, msgHash, signature)
+		return secp256k1.VerifySignature(pubkBytes, msgHash, signature)
 	}
 }

@ -46,11 +49,11 @@ func (w *WakuRelay) AddSignedTopicValidator(topic string, publicKey *ecdsa.Publi

 func SignMessage(privKey *ecdsa.PrivateKey, topic string, msg *pb.WakuMessage) error {
 	msgHash := MsgHash(topic, msg)
-	sign, err := ecdsa.SignASN1(rand.Reader, privKey, msgHash)
+	sign, err := secp256k1.Sign(msgHash, crypto.FromECDSA(privKey))
 	if err != nil {
 		return err
 	}

-	msg.Meta = sign
+	msg.Meta = sign[0:64] // Drop the V in R||S||V
 	return nil
 }
--- a/waku/v2/protocol/relay/validators_test.go
+++ b/waku/v2/protocol/relay/validators_test.go
@ -3,9 +3,9 @@ package relay
 import (
 	"bytes"
 	"context"
+	"encoding/hex"
 	"testing"

-	"github.com/ethereum/go-ethereum/common/hexutil"
 	"github.com/ethereum/go-ethereum/crypto"
 	pubsub "github.com/libp2p/go-libp2p-pubsub"
 	pubsub_pb "github.com/libp2p/go-libp2p-pubsub/pb"
@ -15,12 +15,12 @@ import (
 )

 func TestMsgHash(t *testing.T) {
-	privKeyB, _ := hexutil.Decode("0x5526a8990317c9b7b58d07843d270f9cd1d9aaee129294c1c478abf7261dd9e6")
+	privKeyB, _ := hex.DecodeString("5526a8990317c9b7b58d07843d270f9cd1d9aaee129294c1c478abf7261dd9e6")
 	prvKey, _ := crypto.ToECDSA(privKeyB)

-	payload, _ := hexutil.Decode("0x3af5c7a8d71498e82e1991089d8429448f3b78277fac141af9052e77fc003dfb")
-	contentTopic := "my-content-topic"
-	pubsubTopic := "some-spam-protected-topic"
+	payload, _ := hex.DecodeString("1A12E077D0E89F9CAC11FBBB6A676C86120B5AD3E248B1F180E98F15EE43D2DFCF62F00C92737B2FF6F59B3ABA02773314B991C41DC19ADB0AD8C17C8E26757B")
+	contentTopic := "content-topic"
+	pubsubTopic := "pubsub-topic"

 	msg := &pb.WakuMessage{
 		Payload:      payload,
@ -30,9 +30,12 @@ func TestMsgHash(t *testing.T) {
 	err := SignMessage(prvKey, pubsubTopic, msg)
 	require.NoError(t, err)

+	expectedSignature, _ := hex.DecodeString("B139487797A242291E0DD3F689777E559FB749D565D55FF202C18E24F21312A555043437B4F808BB0D21D542D703873DC712D76A3BAF1C5C8FF754210D894AD4")
+	require.True(t, bytes.Equal(expectedSignature, msg.Meta))
+
 	msgData, _ := proto.Marshal(msg)

-	expectedMessageHash, _ := hexutil.Decode("0xd0e3231ec48f9c0cf9306b7100c30b4e85c78854b67b41e4ee388fb4610f543d")
+	expectedMessageHash, _ := hex.DecodeString("0914369D6D0C13783A8E86409FE42C68D8E8296456B9A9468C845006BCE5B9B2")
 	messageHash := MsgHash(pubsubTopic, msg)
 	require.True(t, bytes.Equal(expectedMessageHash, messageHash))