diff --git a/src/handshake.ts b/src/handshake.ts index 1c2bae6..f897029 100644 --- a/src/handshake.ts +++ b/src/handshake.ts @@ -80,7 +80,7 @@ export class Handshake { if (!libp2pRemotekey) { throw new Error("Missing remote's libp2p public key, can't verify signature."); } - verifySignedPayload(receivedMessageBuffer.ns, plaintext, libp2pRemotekey); + await verifySignedPayload(receivedMessageBuffer.ns, plaintext, libp2pRemotekey); } else { logger('Stage 1 - Responder sending out first message with signed payload and static key.'); const signedPayload = signPayload(this.libp2pPrivateKey, getHandshakePayload(this.staticKeys.publicKey)); diff --git a/src/noise.ts b/src/noise.ts index fe33aed..8221a41 100644 --- a/src/noise.ts +++ b/src/noise.ts @@ -47,7 +47,7 @@ export class Noise implements NoiseConnection { public async secureOutbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise { const wrappedConnection = Wrap(connection); const libp2pPublicKey = localPeer.pubKey.marshal(); - const handshake = await this.performHandshake(wrappedConnection, true, libp2pPublicKey); + const handshake = await this.performHandshake(wrappedConnection, true, libp2pPublicKey, remotePeer); const conn = await this.createSecureConnection(wrappedConnection, handshake); return { @@ -66,7 +66,7 @@ export class Noise implements NoiseConnection { public async secureInbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise { const wrappedConnection = Wrap(connection); const libp2pPublicKey = localPeer.pubKey.marshal(); - const handshake = await this.performHandshake(wrappedConnection, false, libp2pPublicKey); + const handshake = await this.performHandshake(wrappedConnection, false, libp2pPublicKey, remotePeer); const conn = await this.createSecureConnection(wrappedConnection, handshake); return { @@ -79,12 +79,13 @@ export class Noise implements NoiseConnection { connection: WrappedConnection, isInitiator: boolean, libp2pPublicKey: bytes, + remotePeer: PeerId, ): Promise { const prologue = Buffer.from(this.protocol); const handshake = new Handshake(isInitiator, this.privateKey, libp2pPublicKey, prologue, this.staticKeys, connection); await handshake.propose(this.earlyData); - await handshake.exchange(); + await handshake.exchange(remotePeer.pubKey.marshal()); await handshake.finish(); return handshake; diff --git a/src/utils.ts b/src/utils.ts index c133651..107819d 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -90,11 +90,13 @@ export async function verifyPeerId(peerId: bytes, publicKey: bytes) { } } -export function verifySignedPayload(noiseStaticKey: bytes, plaintext: bytes, libp2pPublicKey: bytes) { +export async function verifySignedPayload(noiseStaticKey: bytes, plaintext: bytes, libp2pPublicKey: bytes) { + const NoiseHandshakePayload = await loadPayloadProto(); + const receivedPayload = NoiseHandshakePayload.toObject(NoiseHandshakePayload.decode(plaintext)); const generatedPayload = getHandshakePayload(noiseStaticKey); - if (!ed25519.verify(generatedPayload, signature, libp2pPublicKey)) { - throw new Error("Static key doesn't match to peer that signed payload!"); + if (!ed25519.verify(generatedPayload, receivedPayload.noiseStaticKeySignature, libp2pPublicKey)) { + Promise.reject("Static key doesn't match to peer that signed payload!"); } } diff --git a/test/handshake.test.ts b/test/handshake.test.ts index 7166f49..927bc2b 100644 --- a/test/handshake.test.ts +++ b/test/handshake.test.ts @@ -31,7 +31,7 @@ describe("Handshake", () => { await handshakeResponder.propose(); await handshakeResponder.exchange(); - await handshakeInitator.exchange(); + await handshakeInitator.exchange(peerB.pubKey.marshal()); await handshakeInitator.finish(); await handshakeResponder.finish();