Update timing of initiator payloading sending to verify that payload

src/handshake.ts

@@ -45,9 +45,55 @@ export class Handshake {
   }
 
   // stage 0
-  async propose(earlyData?: bytes): Promise<void> {
+  async propose(): Promise<void> {
     if (this.isInitiator) {
       logger("Stage 0 - Initiator starting to send first message.");
+      const messageBuffer = await this.xx.sendMessage(this.session, Buffer.alloc(0));
+      this.connection.writeLP(encodeMessageBuffer(messageBuffer));
+      logger("Stage 0 - Initiator finished sending first message.");
+    } else {
+      logger("Stage 0 - Responder waiting to receive first message...");
+      const receivedMessageBuffer = decodeMessageBuffer((await this.connection.readLP()).slice());
+      await this.xx.recvMessage(this.session, receivedMessageBuffer);
+      logger("Stage 0 - Responder received first message.");
+    }
+  }
+
+  // stage 1
+  async exchange(): Promise<void> {
+    if (this.isInitiator) {
+      logger('Stage 1 - Initiator waiting to receive first message from responder...');
+      const receivedMessageBuffer = decodeMessageBuffer((await this.connection.readLP()).slice());
+      const plaintext = await this.xx.recvMessage(this.session, receivedMessageBuffer);
+      logger('Stage 1 - Initiator received the message. Got remote\'s static key.');
+
+      // if (!libp2pRemotekey) {
+      //   throw new Error("Missing remote's libp2p public key, can't verify peer ID.");
+      // }
+      logger("Initiator going to check remote's signature...");
+      await verifySignedPayload(receivedMessageBuffer.ns, plaintext);
+      logger("All good with the signature!");
+    } else {
+      logger('Stage 1 - Responder sending out first message with signed payload and static key.');
+      const signedPayload = signPayload(this.libp2pPrivateKey, getHandshakePayload(this.staticKeys.publicKey));
+      const signedEarlyDataPayload = signEarlyDataPayload(this.libp2pPrivateKey, Buffer.alloc(0));
+      const handshakePayload = await createHandshakePayload(
+        this.libp2pPublicKey,
+        this.libp2pPrivateKey,
+        signedPayload,
+        signedEarlyDataPayload,
+      );
+
+      const messageBuffer = await this.xx.sendMessage(this.session, handshakePayload);
+      this.connection.writeLP(encodeMessageBuffer(messageBuffer));
+      logger('Stage 1 - Responder sent the second handshake message with signed payload.')
+    }
+  }
+
+  // stage 2
+  async finish(earlyData?: bytes): Promise<void> {
+    if (this.isInitiator) {
+      logger('Stage 2 - Initiator sending third handshake message.');
       const signedPayload = signPayload(this.libp2pPrivateKey, getHandshakePayload(this.staticKeys.publicKey));
       const signedEarlyDataPayload = signEarlyDataPayload(this.libp2pPrivateKey, earlyData || Buffer.alloc(0));
       const handshakePayload = await createHandshakePayload(
@@ -58,56 +104,18 @@ export class Handshake {
       );
       const messageBuffer = await this.xx.sendMessage(this.session, handshakePayload);
       this.connection.writeLP(encodeMessageBuffer(messageBuffer));
-
-      logger("Stage 0 - Initiator finished proposing, sent signed NoiseHandshake payload and static public key.");
-    } else {
-      logger("Stage 0 - Responder waiting to receive first message...");
-      const receivedMessageBuffer = decodeMessageBuffer((await this.connection.readLP()).slice());
-      const plaintext = await this.xx.recvMessage(this.session, receivedMessageBuffer);
-      // TODO: Verify payload
-      logger("Stage 0 - Responder received first message.");
-    }
-  }
-
-  // stage 1
-  async exchange(libp2pRemotekey?: bytes): Promise<void> {
-    if (this.isInitiator) {
-      logger('Stage 1 - Initiator waiting to receive first message from responder...');
-      const receivedMessageBuffer = decodeMessageBuffer((await this.connection.readLP()).slice());
-      const plaintext = await this.xx.recvMessage(this.session, receivedMessageBuffer);
-      logger('Stage 1 - Initiator received the message. Got remote\'s static key.');
-
-      if (!libp2pRemotekey) {
-        throw new Error("Missing remote's libp2p public key, can't verify signature.");
-      }
-      await verifySignedPayload(receivedMessageBuffer.ns, plaintext, libp2pRemotekey);
-    } else {
-      logger('Stage 1 - Responder sending out first message with signed payload and static key.');
-      const signedPayload = signPayload(this.libp2pPrivateKey, getHandshakePayload(this.staticKeys.publicKey));
-      const handshakePayload = await createHandshakePayload(
-        this.libp2pPublicKey,
-        this.libp2pPrivateKey,
-        signedPayload,
-      );
-
-      const messageBuffer = await this.xx.sendMessage(this.session, handshakePayload);
-      this.connection.writeLP(encodeMessageBuffer(messageBuffer));
-      logger('Stage 1 - Responder sent the second handshake message.')
-    }
-  }
-
-  // stage 2
-  async finish(): Promise<void> {
-    if (this.isInitiator) {
-      logger('Stage 2 - Initiator sending third handshake message.');
-      const messageBuffer = await this.xx.sendMessage(this.session, Buffer.alloc(0));
-      this.connection.writeLP(encodeMessageBuffer(messageBuffer));
-      logger('Stage 2 - Initiator sent message.');
+      logger('Stage 2 - Initiator sent message with signed payload.');
     } else {
       logger('Stage 2 - Responder waiting for third handshake message...');
-      const receivedMessageBuffer = (await this.connection.readLP()).slice();
-      const plaintext = await this.xx.recvMessage(this.session, decodeMessageBuffer(receivedMessageBuffer));
+      const receivedMessageBuffer = decodeMessageBuffer((await this.connection.readLP()).slice());
+      const plaintext = await this.xx.recvMessage(this.session, receivedMessageBuffer);
       logger('Stage 2 - Responder received the message, finished handshake. Got remote\'s static key.');
+
+      // if (!libp2pRemotekey) {
+      //   throw new Error("Missing remote's libp2p public key, can't verify signature.");
+      // }
+
+      await verifySignedPayload(receivedMessageBuffer.ns, plaintext);
     }
   }
 

src/noise.ts

@@ -84,9 +84,13 @@ export class Noise implements NoiseConnection {
     const prologue = Buffer.from(this.protocol);
     const handshake = new Handshake(isInitiator, this.privateKey, libp2pPublicKey, prologue, this.staticKeys, connection);
 
-    await handshake.propose(this.earlyData);
-    await handshake.exchange(remotePeer.pubKey.marshal());
-    await handshake.finish();
+    try {
+      await handshake.propose();
+      await handshake.exchange();
+      await handshake.finish(this.earlyData);
+    } catch (e) {
+      throw new Error(`Error occurred during handshake: ${e.message}`);
+    }
 
     return handshake;
   }

src/utils.ts

@@ -86,17 +86,17 @@ export function decodeMessageBuffer(message: bytes): MessageBuffer {
 export async function verifyPeerId(peerId: bytes, publicKey: bytes) {
   const generatedPeerId = await PeerId.createFromPubKey(publicKey);
   if (!generatedPeerId.equals(peerId)) {
-    Promise.reject("Peer ID doesn't match libp2p public key.");
+    throw new Error("Peer ID doesn't match libp2p public key.");
   }
 }
 
-export async function verifySignedPayload(noiseStaticKey: bytes, plaintext: bytes, libp2pPublicKey: bytes) {
+export async function verifySignedPayload(noiseStaticKey: bytes, plaintext: bytes) {
   const NoiseHandshakePayload = await loadPayloadProto();
   const receivedPayload = NoiseHandshakePayload.toObject(NoiseHandshakePayload.decode(plaintext));
   const generatedPayload = getHandshakePayload(noiseStaticKey);
 
-  if (!ed25519.verify(generatedPayload, receivedPayload.noiseStaticKeySignature, libp2pPublicKey)) {
-    Promise.reject("Static key doesn't match to peer that signed payload!");
+  if (!ed25519.verify(generatedPayload, receivedPayload.noiseStaticKeySignature, receivedPayload.libp2pKey)) {
+    throw new Error("Static key doesn't match to peer that signed payload!");
   }
 }