nwaku/apps/wakunode2/wakunode2_validator_signed.nim

77 lines
2.3 KiB
Nim

when (NimMajor, NimMinor) < (1, 4):
{.push raises: [Defect].}
else:
{.push raises: [].}
import
std/math,
chronicles,
chronos,
metrics,
stew/byteutils,
stew/endians2,
libp2p/protocols/pubsub/gossipsub,
libp2p/protocols/pubsub/rpc/messages,
libp2p/protocols/pubsub/errors,
nimcrypto/sha2,
secp256k1
const MessageWindowInSec = 5*60 # +- 5 minutes
import
../../waku/waku_relay/protocol,
../../waku/waku_core,
./external_config
declarePublicCounter waku_msg_validator_signed_outcome, "number of messages for each validation outcome", ["result"]
# Application level message hash
proc msgHash*(pubSubTopic: string, msg: WakuMessage): array[32, byte] =
var ctx: sha256
ctx.init()
defer: ctx.clear()
ctx.update(pubsubTopic.toBytes())
ctx.update(msg.payload)
ctx.update(msg.contentTopic.toBytes())
ctx.update(msg.timestamp.uint64.toBytes(Endianness.littleEndian))
ctx.update(if msg.ephemeral: @[1.byte] else: @[0.byte])
return ctx.finish()
proc withinTimeWindow*(msg: WakuMessage): bool =
# Returns true if the message timestamp is:
# abs(now - msg.timestamp) < MessageWindowInSec
let ts = msg.timestamp
let now = getNowInNanosecondTime()
let window = getNanosecondTime(MessageWindowInSec)
if abs(now - ts) < window:
return true
return false
proc addSignedTopicsValidator*(w: WakuRelay, protectedTopics: seq[ProtectedTopic]) =
debug "adding validator to signed topics"
proc validator(topic: string, msg: WakuMessage): Future[errors.ValidationResult] {.async.} =
var outcome = errors.ValidationResult.Reject
for protectedTopic in protectedTopics:
if(protectedTopic.topic == topic):
if msg.timestamp != 0:
if msg.withinTimeWindow():
let msgHash = SkMessage(topic.msgHash(msg))
let recoveredSignature = SkSignature.fromRaw(msg.meta)
if recoveredSignature.isOk():
if recoveredSignature.get.verify(msgHash, protectedTopic.key):
outcome = errors.ValidationResult.Accept
if outcome != errors.ValidationResult.Accept:
debug "signed topic validation failed", topic=topic, publicTopicKey=protectedTopic.key
waku_msg_validator_signed_outcome.inc(labelValues = [$outcome])
return outcome
return errors.ValidationResult.Accept
w.addValidator(validator, "signed topic validation failed")