Verify payload in stage 1

src/handshake.ts

@@ -80,7 +80,7 @@ export class Handshake {
       if (!libp2pRemotekey) {
         throw new Error("Missing remote's libp2p public key, can't verify signature.");
       }
-      verifySignedPayload(receivedMessageBuffer.ns, plaintext, libp2pRemotekey);
+      await verifySignedPayload(receivedMessageBuffer.ns, plaintext, libp2pRemotekey);
     } else {
       logger('Stage 1 - Responder sending out first message with signed payload and static key.');
       const signedPayload = signPayload(this.libp2pPrivateKey, getHandshakePayload(this.staticKeys.publicKey));

src/noise.ts

@@ -47,7 +47,7 @@ export class Noise implements NoiseConnection {
   public async secureOutbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise<SecureOutbound> {
     const wrappedConnection = Wrap(connection);
     const libp2pPublicKey = localPeer.pubKey.marshal();
-    const handshake = await this.performHandshake(wrappedConnection, true, libp2pPublicKey);
+    const handshake = await this.performHandshake(wrappedConnection, true, libp2pPublicKey, remotePeer);
     const conn = await this.createSecureConnection(wrappedConnection, handshake);
 
     return {
@@ -66,7 +66,7 @@ export class Noise implements NoiseConnection {
   public async secureInbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise<SecureOutbound> {
     const wrappedConnection = Wrap(connection);
     const libp2pPublicKey = localPeer.pubKey.marshal();
-    const handshake = await this.performHandshake(wrappedConnection, false, libp2pPublicKey);
+    const handshake = await this.performHandshake(wrappedConnection, false, libp2pPublicKey, remotePeer);
     const conn = await this.createSecureConnection(wrappedConnection, handshake);
 
     return {
@@ -79,12 +79,13 @@ export class Noise implements NoiseConnection {
     connection: WrappedConnection,
     isInitiator: boolean,
     libp2pPublicKey: bytes,
+    remotePeer: PeerId,
   ): Promise<Handshake> {
     const prologue = Buffer.from(this.protocol);
     const handshake = new Handshake(isInitiator, this.privateKey, libp2pPublicKey, prologue, this.staticKeys, connection);
 
     await handshake.propose(this.earlyData);
-    await handshake.exchange();
+    await handshake.exchange(remotePeer.pubKey.marshal());
     await handshake.finish();
 
     return handshake;

src/utils.ts

@@ -90,11 +90,13 @@ export async function verifyPeerId(peerId: bytes, publicKey: bytes) {
   }
 }
 
-export function verifySignedPayload(noiseStaticKey: bytes, plaintext: bytes, libp2pPublicKey: bytes) {
+export async function verifySignedPayload(noiseStaticKey: bytes, plaintext: bytes, libp2pPublicKey: bytes) {
+  const NoiseHandshakePayload = await loadPayloadProto();
+  const receivedPayload = NoiseHandshakePayload.toObject(NoiseHandshakePayload.decode(plaintext));
   const generatedPayload = getHandshakePayload(noiseStaticKey);
 
-  if (!ed25519.verify(generatedPayload, signature, libp2pPublicKey)) {
+  if (!ed25519.verify(generatedPayload, receivedPayload.noiseStaticKeySignature, libp2pPublicKey)) {
-    throw new Error("Static key doesn't match to peer that signed payload!");
+    Promise.reject("Static key doesn't match to peer that signed payload!");
   }
 }
 

test/handshake.test.ts

@@ -31,7 +31,7 @@ describe("Handshake", () => {
     await handshakeResponder.propose();
 
     await handshakeResponder.exchange();
-    await handshakeInitator.exchange();
+    await handshakeInitator.exchange(peerB.pubKey.marshal());
 
     await handshakeInitator.finish();
     await handshakeResponder.finish();