mirror of https://github.com/waku-org/nwaku.git
77 lines
2.3 KiB
Nim
77 lines
2.3 KiB
Nim
when (NimMajor, NimMinor) < (1, 4):
|
|
{.push raises: [Defect].}
|
|
else:
|
|
{.push raises: [].}
|
|
|
|
import
|
|
std/math,
|
|
chronicles,
|
|
chronos,
|
|
metrics,
|
|
stew/byteutils,
|
|
stew/endians2,
|
|
libp2p/protocols/pubsub/gossipsub,
|
|
libp2p/protocols/pubsub/rpc/messages,
|
|
libp2p/protocols/pubsub/errors,
|
|
nimcrypto/sha2,
|
|
secp256k1
|
|
|
|
const MessageWindowInSec = 5*60 # +- 5 minutes
|
|
|
|
import
|
|
../../waku/waku_relay/protocol,
|
|
../../waku/waku_core,
|
|
./external_config
|
|
|
|
declarePublicCounter waku_msg_validator_signed_outcome, "number of messages for each validation outcome", ["result"]
|
|
|
|
# Application level message hash
|
|
proc msgHash*(pubSubTopic: string, msg: WakuMessage): array[32, byte] =
|
|
var ctx: sha256
|
|
ctx.init()
|
|
defer: ctx.clear()
|
|
|
|
ctx.update(pubsubTopic.toBytes())
|
|
ctx.update(msg.payload)
|
|
ctx.update(msg.contentTopic.toBytes())
|
|
ctx.update(msg.timestamp.uint64.toBytes(Endianness.littleEndian))
|
|
ctx.update(if msg.ephemeral: @[1.byte] else: @[0.byte])
|
|
|
|
return ctx.finish()
|
|
|
|
proc withinTimeWindow*(msg: WakuMessage): bool =
|
|
# Returns true if the message timestamp is:
|
|
# abs(now - msg.timestamp) < MessageWindowInSec
|
|
let ts = msg.timestamp
|
|
let now = getNowInNanosecondTime()
|
|
let window = getNanosecondTime(MessageWindowInSec)
|
|
|
|
if abs(now - ts) < window:
|
|
return true
|
|
return false
|
|
|
|
proc addSignedTopicsValidator*(w: WakuRelay, protectedTopics: seq[ProtectedTopic]) =
|
|
debug "adding validator to signed topics"
|
|
|
|
proc validator(topic: string, msg: WakuMessage): Future[errors.ValidationResult] {.async.} =
|
|
var outcome = errors.ValidationResult.Reject
|
|
|
|
for protectedTopic in protectedTopics:
|
|
|
|
if(protectedTopic.topic == topic):
|
|
if msg.timestamp != 0:
|
|
if msg.withinTimeWindow():
|
|
let msgHash = SkMessage(topic.msgHash(msg))
|
|
let recoveredSignature = SkSignature.fromRaw(msg.meta)
|
|
if recoveredSignature.isOk():
|
|
if recoveredSignature.get.verify(msgHash, protectedTopic.key):
|
|
outcome = errors.ValidationResult.Accept
|
|
|
|
if outcome != errors.ValidationResult.Accept:
|
|
debug "signed topic validation failed", topic=topic, publicTopicKey=protectedTopic.key
|
|
waku_msg_validator_signed_outcome.inc(labelValues = [$outcome])
|
|
return outcome
|
|
|
|
return errors.ValidationResult.Accept
|
|
|
|
w.addValidator(validator, "signed topic validation failed") |