js-libp2p-noise/test/noise.test.ts

import { expect, assert } from "chai";
import DuplexPair from 'it-pair/duplex';

import { Noise } from "../src";
import {createPeerIdsFromFixtures} from "./fixtures/peer";
import Wrap from "it-pb-rpc";
import { random } from "bcrypto";
import sinon from "sinon";
import {XXHandshake} from "../src/handshake-xx";
import {
  createHandshakePayload,
  generateKeypair,
  getHandshakePayload, getPayload,
  signPayload
} from "../src/utils";
import {decode0, decode1, encode1} from "../src/encoder";
import {XX} from "../src/handshakes/xx";
import {Buffer} from "buffer";
import {getKeyPairFromPeerId} from "./utils";
import {KeyCache} from "../src/keycache";
import {XXFallbackHandshake} from "../src/handshake-xx-fallback";

describe("Noise", () => {
  let remotePeer, localPeer;
  let sandbox = sinon.createSandbox();

  before(async () => {
    [localPeer, remotePeer] = await createPeerIdsFromFixtures(2);
  });

  afterEach(function() {
    sandbox.restore();
  });

  it("should communicate through encrypted streams without noise pipes", async() => {
    try {
      const noiseInit = new Noise(undefined, undefined, false);
      const noiseResp = new Noise(undefined, undefined, false);

      const [inboundConnection, outboundConnection] = DuplexPair();
      const [outbound, inbound] = await Promise.all([
        noiseInit.secureOutbound(localPeer, outboundConnection, remotePeer),
        noiseResp.secureInbound(remotePeer, inboundConnection, localPeer),
      ]);
      const wrappedInbound = Wrap(inbound.conn);
      const wrappedOutbound = Wrap(outbound.conn);

      wrappedOutbound.writeLP(Buffer.from("test"));
      const response = await wrappedInbound.readLP();
      expect(response.toString()).equal("test");
    } catch (e) {
      assert(false, e.message);
    }
  });

  it("should test that secureOutbound is spec compliant", async() => {
    const noiseInit = new Noise(undefined, undefined, false);
    const [inboundConnection, outboundConnection] = DuplexPair();

    const [outbound, { wrapped, handshake }] = await Promise.all([
      noiseInit.secureOutbound(localPeer, outboundConnection, remotePeer),
      (async () => {
        const wrapped = Wrap(inboundConnection);
        const prologue = Buffer.from('/noise');
        const staticKeys = generateKeypair();
        const xx = new XX();

        const payload = await getPayload(remotePeer, staticKeys.publicKey);
        const handshake = new XXHandshake(false, payload, prologue, staticKeys, wrapped, localPeer, xx);

        let receivedMessageBuffer = decode0((await wrapped.readLP()).slice());
        // The first handshake message contains the initiator's ephemeral public key
        expect(receivedMessageBuffer.ne.length).equal(32);
        xx.recvMessage(handshake.session, receivedMessageBuffer);

        // Stage 1
        const { publicKey: libp2pPubKey } = getKeyPairFromPeerId(remotePeer);
        const signedPayload = await signPayload(remotePeer, getHandshakePayload(staticKeys.publicKey));
        const handshakePayload = await createHandshakePayload(libp2pPubKey, signedPayload);

        const messageBuffer = xx.sendMessage(handshake.session, handshakePayload);
        wrapped.writeLP(encode1(messageBuffer));

        // Stage 2 - finish handshake
        receivedMessageBuffer = decode1((await wrapped.readLP()).slice());
        xx.recvMessage(handshake.session, receivedMessageBuffer);
        return {wrapped, handshake};
      })(),
    ]);

    try {
      const wrappedOutbound = Wrap(outbound.conn);
      wrappedOutbound.write(Buffer.from("test"));

      // Check that noise message is prefixed with 16-bit big-endian unsigned integer
      const receivedEncryptedPayload = (await wrapped.read()).slice();
      const dataLength = receivedEncryptedPayload.readInt16BE(0);
      const data = receivedEncryptedPayload.slice(2, dataLength + 2);
      const decrypted = handshake.decrypt(data, handshake.session);
      // Decrypted data should match
      assert(decrypted.equals(Buffer.from("test")));
    } catch (e) {
      assert(false, e.message);
    }
  })


  it("should test large payloads", async() => {
    try {
      const noiseInit = new Noise(undefined, undefined, false);
      const noiseResp = new Noise(undefined, undefined, false);

      const [inboundConnection, outboundConnection] = DuplexPair();
      const [outbound, inbound] = await Promise.all([
        noiseInit.secureOutbound(localPeer, outboundConnection, remotePeer),
        noiseResp.secureInbound(remotePeer, inboundConnection, localPeer),
      ]);
      const wrappedInbound = Wrap(inbound.conn);
      const wrappedOutbound = Wrap(outbound.conn);

      const largePlaintext = random.randomBytes(100000);
      wrappedOutbound.writeLP(largePlaintext);
      const response = await wrappedInbound.readLP();

      expect(response.length).equals(largePlaintext.length);
    } catch (e) {
      console.error(e);
      assert(false, e.message);
    }
  });

  it("should communicate through encrypted streams with noise pipes", async() => {
    try {
      const staticKeysInitiator = generateKeypair();
      const noiseInit = new Noise(staticKeysInitiator.privateKey);
      const staticKeysResponder = generateKeypair();
      const noiseResp = new Noise(staticKeysResponder.privateKey);

      // Prepare key cache for noise pipes
      await KeyCache.store(localPeer, staticKeysInitiator.publicKey);
      await KeyCache.store(remotePeer, staticKeysResponder.publicKey);

      const xxSpy = sandbox.spy(noiseInit, "performXXHandshake");
      const xxFallbackSpy = sandbox.spy(noiseInit, "performXXFallbackHandshake");

      const [inboundConnection, outboundConnection] = DuplexPair();
      const [outbound, inbound] = await Promise.all([
        noiseInit.secureOutbound(localPeer, outboundConnection, remotePeer),
        noiseResp.secureInbound(remotePeer, inboundConnection, localPeer),
      ]);
      const wrappedInbound = Wrap(inbound.conn);
      const wrappedOutbound = Wrap(outbound.conn);

      wrappedOutbound.writeLP(Buffer.from("test v2"));
      const response = await wrappedInbound.readLP();
      expect(response.toString()).equal("test v2");

      assert(xxSpy.notCalled);
      assert(xxFallbackSpy.notCalled);
    } catch (e) {
      console.error(e);
      assert(false, e.message);
    }
  });

  it("should switch to XX fallback because of invalid remote static key", async() => {
    try {
      const staticKeysInitiator = generateKeypair();
      const noiseInit = new Noise(staticKeysInitiator.privateKey);
      const noiseResp = new Noise();

      // Prepare key cache for noise pipes
      await KeyCache.store(localPeer, staticKeysInitiator.publicKey);
      await KeyCache.store(remotePeer, generateKeypair().publicKey);

      const [inboundConnection, outboundConnection] = DuplexPair();
      const [outbound, inbound] = await Promise.all([
        noiseInit.secureOutbound(localPeer, outboundConnection, remotePeer),
        noiseResp.secureInbound(remotePeer, inboundConnection, localPeer),
      ]);

      const wrappedInbound = Wrap(inbound.conn);
      const wrappedOutbound = Wrap(outbound.conn);

      wrappedOutbound.writeLP(Buffer.from("test fallback"));
      const response = await wrappedInbound.readLP();
      expect(response.toString()).equal("test fallback");
    } catch (e) {
      console.error(e);
      assert(false, e.message);
    }
  });
});
Create test 2019-11-27 14:19:35 +01:00			`import { expect, assert } from "chai";`
Fix errors 2019-11-12 14:07:25 +01:00			`import DuplexPair from 'it-pair/duplex';`

Expose noise class 2019-11-11 15:39:09 +01:00			`import { Noise } from "../src";`
Fix eslint 2019-12-02 15:28:59 +01:00			`import {createPeerIdsFromFixtures} from "./fixtures/peer";`
Create test and prepare identity keys 2019-11-26 10:52:30 +01:00			`import Wrap from "it-pb-rpc";`
Address PR comments 2019-12-27 13:15:06 +01:00			`import { random } from "bcrypto";`
Add sinon to better test with spies 2020-01-16 17:49:41 +01:00			`import sinon from "sinon";`
Address PR comments 2020-01-07 13:34:45 +01:00			`import {XXHandshake} from "../src/handshake-xx";`
Create test and prepare identity keys 2019-11-26 10:52:30 +01:00			`import {`
			`createHandshakePayload,`
			`generateKeypair,`
use libp2p keys from PeerId argument 2020-01-07 16:59:41 +01:00			`getHandshakePayload, getPayload,`
Create test and prepare identity keys 2019-11-26 10:52:30 +01:00			`signPayload`
			`} from "../src/utils";`
Update encoder functions 2020-01-07 10:29:40 +01:00			`import {decode0, decode1, encode1} from "../src/encoder";`
Better naming 2020-01-05 19:09:59 +01:00			`import {XX} from "../src/handshakes/xx";`
Create test and prepare identity keys 2019-11-26 10:52:30 +01:00			`import {Buffer} from "buffer";`
Address PR comments 2019-12-27 13:15:06 +01:00			`import {getKeyPairFromPeerId} from "./utils";`
Test and fix failed IK handshakes 2020-01-15 17:27:32 +01:00			`import {KeyCache} from "../src/keycache";`
Add sinon to better test with spies 2020-01-16 17:49:41 +01:00			`import {XXFallbackHandshake} from "../src/handshake-xx-fallback";`
Expose noise class 2019-11-11 15:39:09 +01:00
			`describe("Noise", () => {`
Create test and prepare identity keys 2019-11-26 10:52:30 +01:00			`let remotePeer, localPeer;`
Add sinon to better test with spies 2020-01-16 17:49:41 +01:00			`let sandbox = sinon.createSandbox();`
Create test and prepare identity keys 2019-11-26 10:52:30 +01:00
			`before(async () => {`
Fix eslint 2019-12-02 15:28:59 +01:00			`[localPeer, remotePeer] = await createPeerIdsFromFixtures(2);`
Create test and prepare identity keys 2019-11-26 10:52:30 +01:00			`});`

Add sinon to better test with spies 2020-01-16 17:49:41 +01:00			`afterEach(function() {`
			`sandbox.restore();`
			`});`

Test and fix failed IK handshakes 2020-01-15 17:27:32 +01:00			`it("should communicate through encrypted streams without noise pipes", async() => {`
Update timing of initiator payloading sending to verify that payload 2019-12-02 15:24:49 +01:00			`try {`
Use static key caching 2020-01-13 16:33:58 +01:00			`const noiseInit = new Noise(undefined, undefined, false);`
			`const noiseResp = new Noise(undefined, undefined, false);`
Create test and prepare identity keys 2019-11-26 10:52:30 +01:00
Update timing of initiator payloading sending to verify that payload 2019-12-02 15:24:49 +01:00			`const [inboundConnection, outboundConnection] = DuplexPair();`
			`const [outbound, inbound] = await Promise.all([`
			`noiseInit.secureOutbound(localPeer, outboundConnection, remotePeer),`
			`noiseResp.secureInbound(remotePeer, inboundConnection, localPeer),`
			`]);`
			`const wrappedInbound = Wrap(inbound.conn);`
			`const wrappedOutbound = Wrap(outbound.conn);`
WIP test 2019-11-26 14:14:10 +01:00
Update timing of initiator payloading sending to verify that payload 2019-12-02 15:24:49 +01:00			`wrappedOutbound.writeLP(Buffer.from("test"));`
			`const response = await wrappedInbound.readLP();`
			`expect(response.toString()).equal("test");`
			`} catch (e) {`
			`assert(false, e.message);`
			`}`
Add debug 2019-11-27 08:39:06 +01:00			`});`
Fix test 2019-11-26 15:24:10 +01:00
Add debug 2019-11-27 08:39:06 +01:00			`it("should test that secureOutbound is spec compliant", async() => {`
Use static key caching 2020-01-13 16:33:58 +01:00			`const noiseInit = new Noise(undefined, undefined, false);`
Fix test 2019-11-26 15:24:10 +01:00			`const [inboundConnection, outboundConnection] = DuplexPair();`

Update handling keys, refactoring 2019-11-28 17:32:46 +01:00			`const [outbound, { wrapped, handshake }] = await Promise.all([`
Add debug 2019-11-27 08:39:06 +01:00			`noiseInit.secureOutbound(localPeer, outboundConnection, remotePeer),`
Fix test 2019-11-26 15:24:10 +01:00			`(async () => {`
			`const wrapped = Wrap(inboundConnection);`
			`const prologue = Buffer.from('/noise');`
Update handling keys, refactoring 2019-11-28 17:32:46 +01:00			`const staticKeys = generateKeypair();`
Better naming 2020-01-05 19:09:59 +01:00			`const xx = new XX();`
Write tests 2019-12-03 13:52:44 +01:00
use libp2p keys from PeerId argument 2020-01-07 16:59:41 +01:00			`const payload = await getPayload(remotePeer, staticKeys.publicKey);`
Fix merging updated payload signing 2020-01-11 20:20:57 +01:00			`const handshake = new XXHandshake(false, payload, prologue, staticKeys, wrapped, localPeer, xx);`
Fix test 2019-11-26 15:24:10 +01:00
Update encoder functions 2020-01-07 10:29:40 +01:00			`let receivedMessageBuffer = decode0((await wrapped.readLP()).slice());`
Create test 2019-11-27 14:19:35 +01:00			`// The first handshake message contains the initiator's ephemeral public key`
			`expect(receivedMessageBuffer.ne.length).equal(32);`
Remove promises from xx 2019-12-03 15:12:55 +01:00			`xx.recvMessage(handshake.session, receivedMessageBuffer);`
Fix test 2019-11-26 15:24:10 +01:00
Create test 2019-11-27 14:19:35 +01:00			`// Stage 1`
Fix merging updated payload signing 2020-01-11 20:20:57 +01:00			`const { publicKey: libp2pPubKey } = getKeyPairFromPeerId(remotePeer);`
use libp2p keys from PeerId argument 2020-01-07 16:59:41 +01:00			`const signedPayload = await signPayload(remotePeer, getHandshakePayload(staticKeys.publicKey));`
Fix merging updated payload signing 2020-01-11 20:20:57 +01:00			`const handshakePayload = await createHandshakePayload(libp2pPubKey, signedPayload);`
Create test 2019-11-27 14:19:35 +01:00
Remove promises from xx 2019-12-03 15:12:55 +01:00			`const messageBuffer = xx.sendMessage(handshake.session, handshakePayload);`
Update encoder functions 2020-01-07 10:29:40 +01:00			`wrapped.writeLP(encode1(messageBuffer));`
Create test 2019-11-27 14:19:35 +01:00
			`// Stage 2 - finish handshake`
Update encoder functions 2020-01-07 10:29:40 +01:00			`receivedMessageBuffer = decode1((await wrapped.readLP()).slice());`
Remove promises from xx 2019-12-03 15:12:55 +01:00			`xx.recvMessage(handshake.session, receivedMessageBuffer);`
Update timing of initiator payloading sending to verify that payload 2019-12-02 15:24:49 +01:00			`return {wrapped, handshake};`
Fix test 2019-11-26 15:24:10 +01:00			`})(),`
			`]);`
Create test 2019-11-27 14:19:35 +01:00
Update timing of initiator payloading sending to verify that payload 2019-12-02 15:24:49 +01:00			`try {`
			`const wrappedOutbound = Wrap(outbound.conn);`
			`wrappedOutbound.write(Buffer.from("test"));`
Create test 2019-11-27 14:19:35 +01:00
Update timing of initiator payloading sending to verify that payload 2019-12-02 15:24:49 +01:00			`// Check that noise message is prefixed with 16-bit big-endian unsigned integer`
			`const receivedEncryptedPayload = (await wrapped.read()).slice();`
			`const dataLength = receivedEncryptedPayload.readInt16BE(0);`
			`const data = receivedEncryptedPayload.slice(2, dataLength + 2);`
			`const decrypted = handshake.decrypt(data, handshake.session);`
			`// Decrypted data should match`
			`assert(decrypted.equals(Buffer.from("test")));`
			`} catch (e) {`
			`assert(false, e.message);`
			`}`
Expose noise class 2019-11-11 15:39:09 +01:00			`})`
Create test for large payload 2019-12-24 16:25:49 +01:00

			`it("should test large payloads", async() => {`
			`try {`
Use static key caching 2020-01-13 16:33:58 +01:00			`const noiseInit = new Noise(undefined, undefined, false);`
			`const noiseResp = new Noise(undefined, undefined, false);`
Create test for large payload 2019-12-24 16:25:49 +01:00
			`const [inboundConnection, outboundConnection] = DuplexPair();`
			`const [outbound, inbound] = await Promise.all([`
			`noiseInit.secureOutbound(localPeer, outboundConnection, remotePeer),`
			`noiseResp.secureInbound(remotePeer, inboundConnection, localPeer),`
			`]);`
			`const wrappedInbound = Wrap(inbound.conn);`
			`const wrappedOutbound = Wrap(outbound.conn);`

Address PR comments 2019-12-27 13:15:06 +01:00			`const largePlaintext = random.randomBytes(100000);`
Create test for large payload 2019-12-24 16:25:49 +01:00			`wrappedOutbound.writeLP(largePlaintext);`
			`const response = await wrappedInbound.readLP();`
Read large payload 2019-12-24 20:36:16 +01:00
			`expect(response.length).equals(largePlaintext.length);`
Create test for large payload 2019-12-24 16:25:49 +01:00			`} catch (e) {`
			`console.error(e);`
			`assert(false, e.message);`
			`}`
			`});`
Test and fix failed IK handshakes 2020-01-15 17:27:32 +01:00
			`it("should communicate through encrypted streams with noise pipes", async() => {`
			`try {`
			`const staticKeysInitiator = generateKeypair();`
			`const noiseInit = new Noise(staticKeysInitiator.privateKey);`
			`const staticKeysResponder = generateKeypair();`
			`const noiseResp = new Noise(staticKeysResponder.privateKey);`

			`// Prepare key cache for noise pipes`
			`await KeyCache.store(localPeer, staticKeysInitiator.publicKey);`
			`await KeyCache.store(remotePeer, staticKeysResponder.publicKey);`

Add sinon to better test with spies 2020-01-16 17:49:41 +01:00			`const xxSpy = sandbox.spy(noiseInit, "performXXHandshake");`
			`const xxFallbackSpy = sandbox.spy(noiseInit, "performXXFallbackHandshake");`

Test and fix failed IK handshakes 2020-01-15 17:27:32 +01:00			`const [inboundConnection, outboundConnection] = DuplexPair();`
			`const [outbound, inbound] = await Promise.all([`
			`noiseInit.secureOutbound(localPeer, outboundConnection, remotePeer),`
			`noiseResp.secureInbound(remotePeer, inboundConnection, localPeer),`
			`]);`
			`const wrappedInbound = Wrap(inbound.conn);`
			`const wrappedOutbound = Wrap(outbound.conn);`

			`wrappedOutbound.writeLP(Buffer.from("test v2"));`
			`const response = await wrappedInbound.readLP();`
			`expect(response.toString()).equal("test v2");`
Add sinon to better test with spies 2020-01-16 17:49:41 +01:00
			`assert(xxSpy.notCalled);`
			`assert(xxFallbackSpy.notCalled);`
Test and fix failed IK handshakes 2020-01-15 17:27:32 +01:00			`} catch (e) {`
			`console.error(e);`
			`assert(false, e.message);`
			`}`
			`});`

			`it("should switch to XX fallback because of invalid remote static key", async() => {`
			`try {`
			`const staticKeysInitiator = generateKeypair();`
			`const noiseInit = new Noise(staticKeysInitiator.privateKey);`
			`const noiseResp = new Noise();`

			`// Prepare key cache for noise pipes`
			`await KeyCache.store(localPeer, staticKeysInitiator.publicKey);`
			`await KeyCache.store(remotePeer, generateKeypair().publicKey);`

			`const [inboundConnection, outboundConnection] = DuplexPair();`
			`const [outbound, inbound] = await Promise.all([`
			`noiseInit.secureOutbound(localPeer, outboundConnection, remotePeer),`
			`noiseResp.secureInbound(remotePeer, inboundConnection, localPeer),`
			`]);`
Add sinon to better test with spies 2020-01-16 17:49:41 +01:00
			`const wrappedInbound = Wrap(inbound.conn);`
			`const wrappedOutbound = Wrap(outbound.conn);`

			`wrappedOutbound.writeLP(Buffer.from("test fallback"));`
			`const response = await wrappedInbound.readLP();`
			`expect(response.toString()).equal("test fallback");`
Test and fix failed IK handshakes 2020-01-15 17:27:32 +01:00			`} catch (e) {`
			`console.error(e);`
Add sinon to better test with spies 2020-01-16 17:49:41 +01:00			`assert(false, e.message);`
Test and fix failed IK handshakes 2020-01-15 17:27:32 +01:00			`}`
			`});`
Expose noise class 2019-11-11 15:39:09 +01:00			`});`