Add overlay certificate checks

validator/full-node-shard.cpp

@@ -16,6 +16,8 @@
 
     Copyright 2017-2020 Telegram Systems LLP
 */
+#include "auto/tl/ton_api.h"
+#include "overlays.h"
 #include "td/utils/SharedSlice.h"
 #include "full-node-shard.hpp"
 #include "full-node-shard-queries.hpp"
@@ -79,6 +81,10 @@ void FullNodeShardImpl::create_overlay() {
     void receive_broadcast(PublicKeyHash src, overlay::OverlayIdShort overlay_id, td::BufferSlice data) override {
       td::actor::send_closure(node_, &FullNodeShardImpl::receive_broadcast, src, std::move(data));
     }
+    void check_broadcast(PublicKeyHash src, overlay::OverlayIdShort overlay_id, td::BufferSlice data,
+                         td::Promise<td::Unit> promise) override {
+      td::actor::send_closure(node_, &FullNodeShardImpl::check_broadcast, src, std::move(data), std::move(promise));
+    }
     Callback(td::actor::ActorId<FullNodeShardImpl> node) : node_(node) {
     }
 
@@ -95,6 +101,17 @@ void FullNodeShardImpl::create_overlay() {
   }
 }
 
+void FullNodeShardImpl::check_broadcast(PublicKeyHash src, td::BufferSlice broadcast, td::Promise<td::Unit> promise) {
+  auto B = fetch_tl_object<ton_api::tonNode_externalMessageBroadcast>(std::move(broadcast), true);
+  if (B.is_error()) {
+    return promise.set_error(B.move_as_error_prefix("failed to parse external message broadcast: "));
+  }
+
+  auto q = B.move_as_ok();
+  td::actor::send_closure(validator_manager_, &ValidatorManagerInterface::check_external_message,
+                          std::move(q->message_->data_), std::move(promise));
+}
+
 void FullNodeShardImpl::update_adnl_id(adnl::AdnlNodeIdShort adnl_id, td::Promise<td::Unit> promise) {
   td::actor::send_closure(overlays_, &ton::overlay::Overlays::delete_overlay, adnl_id_, overlay_id_);
   adnl_id_ = adnl_id;
@@ -804,8 +821,9 @@ void FullNodeShardImpl::sign_new_certificate(PublicKeyHash sign_by) {
     return;
   }
 
-  ton::overlay::Certificate cert{sign_by, static_cast<td::int32>(td::Clocks::system() + 3600),
-                                 overlay::Overlays::max_fec_broadcast_size(), td::BufferSlice{}};
+  ton::overlay::Certificate cert{
+      sign_by, static_cast<td::int32>(td::Clocks::system() + 3600), overlay::Overlays::max_fec_broadcast_size(),
+      overlay::CertificateFlags::Trusted | overlay::CertificateFlags::AllowFec, td::BufferSlice{}};
   auto to_sign = cert.to_sign(overlay_id_, local_id_);
 
   auto P = td::PromiseCreator::lambda(
@@ -845,7 +863,7 @@ void FullNodeShardImpl::update_validators(std::vector<PublicKeyHash> public_key_
     authorized_keys.emplace(key, overlay::Overlays::max_fec_broadcast_size());
   }
 
-  rules_ = overlay::OverlayPrivacyRules{1 << 14, std::move(authorized_keys)};
+  rules_ = overlay::OverlayPrivacyRules{1 << 14, 0, std::move(authorized_keys)};
   td::actor::send_closure(overlays_, &overlay::Overlays::set_privacy_rules, adnl_id_, overlay_id_, rules_);
 
   if (update_cert) {
@@ -949,8 +967,7 @@ void FullNodeShardImpl::update_neighbour_stats(adnl::AdnlNodeIdShort adnl_id, do
   }
 }
 
-void FullNodeShardImpl::got_neighbour_capabilities(adnl::AdnlNodeIdShort adnl_id, double t,
-                                                   td::BufferSlice data) {
+void FullNodeShardImpl::got_neighbour_capabilities(adnl::AdnlNodeIdShort adnl_id, double t, td::BufferSlice data) {
   auto it = neighbours_.find(adnl_id);
   if (it == neighbours_.end()) {
     return;

validator/full-node-shard.hpp

@@ -19,6 +19,8 @@
 #pragma once
 
 #include "full-node-shard.h"
+#include "td/actor/PromiseFuture.h"
+#include "td/utils/port/Poll.h"
 
 namespace ton {
 
@@ -139,6 +141,7 @@ class FullNodeShardImpl : public FullNodeShard {
   void process_broadcast(PublicKeyHash src, ton_api::tonNode_externalMessageBroadcast &query);
   void process_broadcast(PublicKeyHash src, ton_api::tonNode_newShardBlockBroadcast &query);
   void receive_broadcast(PublicKeyHash src, td::BufferSlice query);
+  void check_broadcast(PublicKeyHash src, td::BufferSlice query, td::Promise<td::Unit> promise);
 
   void send_ihr_message(td::BufferSlice data) override;
   void send_external_message(td::BufferSlice data) override;

validator/manager-disk.hpp

@@ -124,6 +124,9 @@ class ValidatorManagerImpl : public ValidatorManager {
   //void get_block_description(BlockIdExt block_id, td::Promise<BlockDescription> promise) override;
 
   void new_external_message(td::BufferSlice data) override;
+  void check_external_message(td::BufferSlice data, td::Promise<td::Unit> promise) override {
+    UNREACHABLE();
+  }
   void new_ihr_message(td::BufferSlice data) override;
   void new_shard_block(BlockIdExt block_id, CatchainSeqno cc_seqno, td::BufferSlice data) override;
 

validator/manager-hardfork.hpp

@@ -144,6 +144,9 @@ class ValidatorManagerImpl : public ValidatorManager {
   void get_key_block_proof_link(BlockIdExt block_id, td::Promise<td::BufferSlice> promise) override;
 
   void new_external_message(td::BufferSlice data) override;
+  void check_external_message(td::BufferSlice data, td::Promise<td::Unit> promise) override {
+    UNREACHABLE();
+  }
   void new_ihr_message(td::BufferSlice data) override;
   void new_shard_block(BlockIdExt block_id, CatchainSeqno cc_seqno, td::BufferSlice data) override {
     UNREACHABLE();

validator/manager.hpp

@@ -20,6 +20,8 @@
 
 #include "interfaces/validator-manager.h"
 #include "interfaces/db.h"
+#include "td/actor/PromiseFuture.h"
+#include "td/utils/port/Poll.h"
 #include "validator-group.hpp"
 #include "shard-client.hpp"
 #include "manager-init.h"
@@ -325,6 +327,9 @@ class ValidatorManagerImpl : public ValidatorManager {
   //void get_block_description(BlockIdExt block_id, td::Promise<BlockDescription> promise) override;
 
   void new_external_message(td::BufferSlice data) override;
+  void check_external_message(td::BufferSlice data, td::Promise<td::Unit> promise) override {
+    promise.set_value(td::Unit());
+  }
   void new_ihr_message(td::BufferSlice data) override;
   void new_shard_block(BlockIdExt block_id, CatchainSeqno cc_seqno, td::BufferSlice data) override;
 

validator/validator.h

@@ -94,9 +94,8 @@ struct ValidatorManagerOptions : public td::CntObject {
       BlockIdExt zero_block_id, BlockIdExt init_block_id,
       std::function<bool(ShardIdFull, CatchainSeqno, ShardCheckMode)> check_shard = [](ShardIdFull, CatchainSeqno,
                                                                                        ShardCheckMode) { return true; },
-      bool allow_blockchain_init = false, double sync_blocks_before = 300,
-      double block_ttl = 86400 * 7, double state_ttl = 3600,
-      double archive_ttl = 86400 * 365, double key_proof_ttl = 86400 * 3650,
+      bool allow_blockchain_init = false, double sync_blocks_before = 300, double block_ttl = 86400 * 7,
+      double state_ttl = 3600, double archive_ttl = 86400 * 365, double key_proof_ttl = 86400 * 3650,
       bool initial_sync_disabled = false);
 };
 
@@ -176,6 +175,7 @@ class ValidatorManagerInterface : public td::actor::Actor {
   virtual void write_handle(BlockHandle handle, td::Promise<td::Unit> promise) = 0;
 
   virtual void new_external_message(td::BufferSlice data) = 0;
+  virtual void check_external_message(td::BufferSlice data, td::Promise<td::Unit> promise) = 0;
   virtual void new_ihr_message(td::BufferSlice data) = 0;
   virtual void new_shard_block(BlockIdExt block_id, CatchainSeqno cc_seqno, td::BufferSlice data) = 0;