ssb_validate/
lib.rs

1//! Validate Secure Scuttlebutt (SSB) messages and message values, either individually or as hash chains
2//! (with support for parallel batch validation).
3//!
4//! ## Validation Criteria
5//!
6//! Secure Scuttlebutt "feeds" are a sequence of messages published by one author. To be valid, a
7//! message must satisfy a number of critera. The exact criteria depend on the context of the
8//! message. It's important to note that this crate does not perform signature verification. See
9//! the [ssb-verify-signatures](https://github.com/sunrise-choir/ssb-verify-signatures) repo for
10//! that functionality.
11//!
12//! If the message is the first in the feed:
13//!
14//! - the value of the `previous` field must be `null`
15//! - the value of the `sequence` field must be `1`
16//!
17//! If the message is not the first in the feed:
18//!
19//! - the value of the `previous` field must be the hash of the previous message
20//! - the value of the `sequence` field must be 1 larger than the `sequence` of the previous
21//! message
22//!
23//! Other criteria which all messages must satisfy (unless they are being validated out-of-order):
24//!
25//! - the value of the `hash` field must be `sha256`
26//! - the `author` must not change compared the the previous message
27//! - if the message includes a `key`, it must be the hash of the `value` of the message
28//! - message `value` fields must be in the order: `previous`, `author` or `sequence`, `author` or
29//! `sequence`, `timestamp`, `hash`, `content`, `signature`
30//! - the message `value` must not include extra (unexpected) fields
31//! - the value of the message `content` field must be encoded in canonical base64 and contain
32//! `.box` if it is a string (encrypted private message)
33//! - the length of the serialized message `value` must not exceed 8192 UTF-16 code units
34//!
35//! All of the above criteria are validated by this library (either directly or via dependencies).
36//!
37//! You can check messages one by one or batch process a collection of them (uses
38//! [rayon](https://docs.rs/rayon/1.2.0/rayon/index.html) internally)
39//!
40//! ## Out-of-Order (OOO) and Multi-Author Validation
41//!
42//! In addition to validating messages using all of the above criteria, it is also possible to
43//! validate out-of-order messages or message values by satisfying a subset of those criteria. This
44//! crate provides functions to perform batch validation of such out-of-order messages.
45//!
46//! Out-of-order message validation may be performed for single-author or multi-author use cases
47//! (separate functions exist for each case).
48//!
49//! When performing validation for out-of-order messages from a single author, the messages must be
50//! authored by a single keypair. However, it is not required that the sequence number of a message
51//! be 1 larger than the sequence number of the previous message, nor is it required that the hash
52//! of the previous message match the hash given for the previous message in a message.
53//!
54//! Multi-author validation, by contrast to the above, does not perform any checks of
55//! the `previous` message. Indeed, it may be said that this method of validation has no concept of
56//! a previous message (except that the `previous` field must be present in the message in the
57//! correct order).
58//!
59//! ## Benchmarks
60//!
61//! Benchmarking on a 2016 2 core i5 shows that batch processing  is ~1.6 times faster than processing
62//! one at a time.
63//!
64//! Benchmarking on Android on a [One Plus 5T](https://en.wikipedia.org/wiki/OnePlus_5T) (8 core arm64)
65//! shows that batch processing is ~3.3 times faster.
66pub mod error;
67pub mod message;
68pub mod message_value;
69pub mod test_data;
70pub mod utils;