fix(p2p/pubsub): verify signature

Author: vlad9486

Cargo.lock

@@ -32,6 +32,7 @@ tracing-wasm = "0.2"
 [target.'cfg(not(target_family = "wasm"))'.dependencies]
 redux = { workspace = true, features=["serializable_callbacks"] }
 tracing-subscriber = { version = "0.3.17", features = ["json", "env-filter"] }
+libp2p-identity = { version = "=0.2.7", features = ["ed25519", "rand", "serde"] }
 
 [features]
 p2p-webrtc = ["node/p2p-webrtc"]

node/common/Cargo.toml

@@ -87,4 +87,13 @@ impl P2pCryptoService for NodeService {
             .sign(&msg)
             .expect("unable to create signature")
     }
+
+    fn verify_publication(&mut self, pk: &[u8], publication: &[u8], sig: &[u8]) -> bool {
+        let Ok(pk) = libp2p_identity::PublicKey::try_decode_protobuf(pk) else {
+            return false;
+        };
+        println!("pk {:?}", pk);
+        let msg: Vec<u8> = [b"libp2p-pubsub:", publication].concat();
+        pk.verify(&msg, sig)
+    }
 }

node/common/src/service/p2p.rs

@@ -307,6 +307,7 @@ pub enum ActionKind {
     P2pNetworkPubsubBroadcastSigned,
     P2pNetworkPubsubGraft,
     P2pNetworkPubsubIncomingData,
+    P2pNetworkPubsubIncomingMessage,
     P2pNetworkPubsubNewStream,
     P2pNetworkPubsubOutgoingData,
     P2pNetworkPubsubOutgoingMessage,
@@ -540,7 +541,7 @@ pub enum ActionKind {
 }
 
 impl ActionKind {
-    pub const COUNT: u16 = 448;
+    pub const COUNT: u16 = 449;
 }
 
 impl std::fmt::Display for ActionKind {
@@ -1464,6 +1465,7 @@ impl ActionKindGet for P2pNetworkPubsubAction {
         match self {
             Self::NewStream { .. } => ActionKind::P2pNetworkPubsubNewStream,
             Self::IncomingData { .. } => ActionKind::P2pNetworkPubsubIncomingData,
+            Self::IncomingMessage { .. } => ActionKind::P2pNetworkPubsubIncomingMessage,
             Self::Graft { .. } => ActionKind::P2pNetworkPubsubGraft,
             Self::Prune { .. } => ActionKind::P2pNetworkPubsubPrune,
             Self::Broadcast { .. } => ActionKind::P2pNetworkPubsubBroadcast,

node/src/action_kind.rs

@@ -55,6 +55,7 @@ hex = "0.4.3"
 
 [target.'cfg(not(target_family = "wasm"))'.dependencies]
 redux = { workspace = true, features=["serializable_callbacks"] }
+libp2p-identity = { version = "=0.2.7", features = ["ed25519", "rand", "serde"] }
 
 [features]
 default = ["p2p-libp2p", "scenario-generators"]

node/testing/Cargo.toml

@@ -296,6 +296,10 @@ impl P2pCryptoService for NodeTestingService {
     fn sign_publication(&mut self, publication: &[u8]) -> Vec<u8> {
         self.real.sign_publication(publication)
     }
+
+    fn verify_publication(&mut self, pk: &[u8], publication: &[u8], sig: &[u8]) -> bool {
+        self.real.verify_publication(pk, publication, sig)
+    }
 }
 
 impl node::ledger::LedgerService for NodeTestingService {

node/testing/src/service/mod.rs

@@ -36,6 +36,7 @@ pub trait P2pCryptoService: redux::Service {
     fn sign_key(&mut self, key: &[u8; 32]) -> Vec<u8>;
 
     fn sign_publication(&mut self, publication: &[u8]) -> Vec<u8>;
+    fn verify_publication(&mut self, pk: &[u8], publication: &[u8], sig: &[u8]) -> bool;
 }
 
 #[derive(Debug, thiserror::Error)]

p2p/src/network/p2p_network_service.rs

@@ -20,6 +20,11 @@ pub enum P2pNetworkPubsubAction {
         data: Data,
         seen_limit: usize,
     },
+    IncomingMessage {
+        peer_id: PeerId,
+        message: pb::Message,
+        seen_limit: usize,
+    },
     Graft {
         peer_id: PeerId,
         topic_id: String,

p2p/src/network/pubsub/p2p_network_pubsub_actions.rs

@@ -125,7 +125,42 @@ impl P2pNetworkPubsubAction {
                 }
             }
             P2pNetworkPubsubAction::BroadcastSigned { .. } => broadcast(store),
-            P2pNetworkPubsubAction::IncomingData { peer_id, .. } => {
+            P2pNetworkPubsubAction::IncomingData {
+                peer_id,
+                seen_limit,
+                ..
+            } => {
+                let Some(state) = state.clients.get(&peer_id) else {
+                    return;
+                };
+                let messages = state.incoming_messages.clone();
+
+                for mut message in messages {
+                    if let (Some(signature), Some(from)) =
+                        (message.signature.take(), message.from.clone())
+                    {
+                        message.key = None;
+                        let mut data = vec![];
+                        if prost::Message::encode(&message, &mut data).is_err() {
+                            continue;
+                        } else if !store
+                            .service()
+                            .verify_publication(&from[2..], &data, &signature)
+                        {
+                            continue;
+                        }
+                    } else {
+                        // the message doesn't contain signature or it doesn't contain verifying key
+                        continue;
+                    }
+                    store.dispatch(P2pNetworkPubsubAction::IncomingMessage {
+                        peer_id,
+                        message,
+                        seen_limit,
+                    });
+                }
+            }
+            P2pNetworkPubsubAction::IncomingMessage { peer_id, .. } => {
                 // println!("(pubsub) {this} <- {peer_id}");
 
                 let incoming_block = state.incoming_block.as_ref().cloned();