Write functions for verification

2025-04-25 06:22:27 +00:00 · 2019-12-02 12:53:00 +01:00 · 2019-12-02 12:53:00 +01:00 · 7b03a3df3b
commit 7b03a3df3b
parent fc71a22a6c
3 changed files with 24 additions and 4 deletions
--- a/package.json
+++ b/package.json
@ -31,7 +31,6 @@
    "eslint": "^6.6.0",
    "libp2p-crypto": "^0.17.1",
    "mocha": "^6.2.2",
-    "peer-id": "^0.13.5",
    "typescript": "^3.6.4"
  },
  "babel": {
@ -61,6 +60,7 @@
    "it-pair": "^1.0.0",
    "it-pb-rpc": "^0.1.3",
    "it-pipe": "^1.1.0",
+    "peer-id": "^0.13.5",
    "protobufjs": "~6.8.8"
  }
 }
--- a/src/handshake.ts
+++ b/src/handshake.ts
@ -9,7 +9,7 @@ import {
  encodeMessageBuffer,
  getHandshakePayload,
  logger, signEarlyDataPayload,
-  signPayload,
+  signPayload, verifySignedPayload,
 } from "./utils";
 import { WrappedConnection } from "./noise";

@ -70,13 +70,17 @@ export class Handshake {
  }

  // stage 1
-  async exchange(): Promise<void> {
+  async exchange(libp2pRemotekey?: bytes): Promise<void> {
    if (this.isInitiator) {
      logger('Stage 1 - Initiator waiting to receive first message from responder...');
      const receivedMessageBuffer = decodeMessageBuffer((await this.connection.readLP()).slice());
      const plaintext = await this.xx.recvMessage(this.session, receivedMessageBuffer);
-      // TODO: Verify payload
      logger('Stage 1 - Initiator received the message. Got remote\'s static key.');
+
+      if (!libp2pRemotekey) {
+        throw new Error("Missing remote's libp2p public key, can't verify signature.");
+      }
+      verifySignedPayload(receivedMessageBuffer.ns, plaintext, libp2pRemotekey);
    } else {
      logger('Stage 1 - Responder sending out first message with signed payload and static key.');
      const signedPayload = signPayload(this.libp2pPrivateKey, getHandshakePayload(this.staticKeys.publicKey));
--- a/src/utils.ts
+++ b/src/utils.ts
@ -2,6 +2,7 @@ import { x25519, ed25519 } from 'bcrypto';
 import protobuf from "protobufjs";
 import { Buffer } from "buffer";
 import debug from "debug";
+import PeerId from "peer-id";

 import { KeyPair } from "./@types/libp2p";
 import { bytes } from "./@types/basic";
@ -82,6 +83,21 @@ export function decodeMessageBuffer(message: bytes): MessageBuffer {
  }
 }

+export async function verifyPeerId(peerId: bytes, publicKey: bytes) {
+  const generatedPeerId = await PeerId.createFromPubKey(publicKey);
+  if (!generatedPeerId.equals(peerId)) {
+    Promise.reject("Peer ID doesn't match libp2p public key.");
+  }
+}
+
+export function verifySignedPayload(noiseStaticKey: bytes, plaintext: bytes, libp2pPublicKey: bytes) {
+  const generatedPayload = getHandshakePayload(noiseStaticKey);
+
+  if (!ed25519.verify(generatedPayload, signature, libp2pPublicKey)) {
+    throw new Error("Static key doesn't match to peer that signed payload!");
+  }
+}
+
 export const int16BEEncode = (value, target, offset) => {
  target = target || Buffer.allocUnsafe(2);
  return target.writeInt16BE(value, offset);