From 7b03a3df3bd5fa99a01a79073322b922021dd59e Mon Sep 17 00:00:00 2001
From: morrigan <belma.dzi@gmail.com>
Date: Mon, 2 Dec 2019 12:53:00 +0100
Subject: [PATCH] Write functions for verification

---
 package.json     |  2 +-
 src/handshake.ts | 10 +++++++---
 src/utils.ts     | 16 ++++++++++++++++
 3 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/package.json b/package.json
index 62758b8..e3d47e9 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,6 @@
     "eslint": "^6.6.0",
     "libp2p-crypto": "^0.17.1",
     "mocha": "^6.2.2",
-    "peer-id": "^0.13.5",
     "typescript": "^3.6.4"
   },
   "babel": {
@@ -61,6 +60,7 @@
     "it-pair": "^1.0.0",
     "it-pb-rpc": "^0.1.3",
     "it-pipe": "^1.1.0",
+    "peer-id": "^0.13.5",
     "protobufjs": "~6.8.8"
   }
 }
diff --git a/src/handshake.ts b/src/handshake.ts
index 5cbe50f..1c2bae6 100644
--- a/src/handshake.ts
+++ b/src/handshake.ts
@@ -9,7 +9,7 @@ import {
   encodeMessageBuffer,
   getHandshakePayload,
   logger, signEarlyDataPayload,
-  signPayload,
+  signPayload, verifySignedPayload,
 } from "./utils";
 import { WrappedConnection } from "./noise";
 
@@ -70,13 +70,17 @@ export class Handshake {
   }
 
   // stage 1
-  async exchange(): Promise<void> {
+  async exchange(libp2pRemotekey?: bytes): Promise<void> {
     if (this.isInitiator) {
       logger('Stage 1 - Initiator waiting to receive first message from responder...');
       const receivedMessageBuffer = decodeMessageBuffer((await this.connection.readLP()).slice());
       const plaintext = await this.xx.recvMessage(this.session, receivedMessageBuffer);
-      // TODO: Verify payload
       logger('Stage 1 - Initiator received the message. Got remote\'s static key.');
+
+      if (!libp2pRemotekey) {
+        throw new Error("Missing remote's libp2p public key, can't verify signature.");
+      }
+      verifySignedPayload(receivedMessageBuffer.ns, plaintext, libp2pRemotekey);
     } else {
       logger('Stage 1 - Responder sending out first message with signed payload and static key.');
       const signedPayload = signPayload(this.libp2pPrivateKey, getHandshakePayload(this.staticKeys.publicKey));
diff --git a/src/utils.ts b/src/utils.ts
index f65da02..c133651 100644
--- a/src/utils.ts
+++ b/src/utils.ts
@@ -2,6 +2,7 @@ import { x25519, ed25519 } from 'bcrypto';
 import protobuf from "protobufjs";
 import { Buffer } from "buffer";
 import debug from "debug";
+import PeerId from "peer-id";
 
 import { KeyPair } from "./@types/libp2p";
 import { bytes } from "./@types/basic";
@@ -82,6 +83,21 @@ export function decodeMessageBuffer(message: bytes): MessageBuffer {
   }
 }
 
+export async function verifyPeerId(peerId: bytes, publicKey: bytes) {
+  const generatedPeerId = await PeerId.createFromPubKey(publicKey);
+  if (!generatedPeerId.equals(peerId)) {
+    Promise.reject("Peer ID doesn't match libp2p public key.");
+  }
+}
+
+export function verifySignedPayload(noiseStaticKey: bytes, plaintext: bytes, libp2pPublicKey: bytes) {
+  const generatedPayload = getHandshakePayload(noiseStaticKey);
+
+  if (!ed25519.verify(generatedPayload, signature, libp2pPublicKey)) {
+    throw new Error("Static key doesn't match to peer that signed payload!");
+  }
+}
+
 export const int16BEEncode = (value, target, offset) => {
   target = target || Buffer.allocUnsafe(2);
   return target.writeInt16BE(value, offset);