mirror of
https://github.com/fluencelabs/js-libp2p-noise
synced 2025-06-13 06:41:42 +00:00
Verify peer id
This commit is contained in:
morrigan
@ -29,7 +29,6 @@
|
||||
"bn.js-typings": "^1.0.1",
|
||||
"chai": "^4.2.0",
|
||||
"eslint": "^6.6.0",
|
||||
"libp2p-crypto": "^0.17.1",
|
||||
"mocha": "^6.2.2",
|
||||
"typescript": "^3.6.4"
|
||||
},
|
||||
@ -60,6 +59,7 @@
|
||||
"it-pair": "^1.0.0",
|
||||
"it-pb-rpc": "^0.1.3",
|
||||
"it-pipe": "^1.1.0",
|
||||
"libp2p-crypto": "^0.17.1",
|
||||
"peer-id": "^0.13.5",
|
||||
"protobufjs": "~6.8.8"
|
||||
}
|
||||
|
||||
@ -14,6 +14,8 @@ export type PeerId = {
|
||||
pubKey: {
|
||||
marshal(): bytes;
|
||||
};
|
||||
marshalPubKey(): bytes;
|
||||
marshalPrivKey(): bytes;
|
||||
};
|
||||
|
||||
export interface NoiseConnection {
|
||||
|
||||
@ -2,14 +2,16 @@ import { Buffer } from "buffer";
|
||||
|
||||
import { bytes, bytes32 } from "./@types/basic";
|
||||
import { NoiseSession, XXHandshake } from "./xx";
|
||||
import { KeyPair } from "./@types/libp2p";
|
||||
import { KeyPair, PeerId } from "./@types/libp2p";
|
||||
import {
|
||||
createHandshakePayload,
|
||||
decodeMessageBuffer,
|
||||
encodeMessageBuffer,
|
||||
getHandshakePayload,
|
||||
logger, signEarlyDataPayload,
|
||||
signPayload, verifySignedPayload,
|
||||
logger,
|
||||
signEarlyDataPayload,
|
||||
signPayload,
|
||||
verifySignedPayload,
|
||||
} from "./utils";
|
||||
import { WrappedConnection } from "./noise";
|
||||
|
||||
@ -22,6 +24,7 @@ export class Handshake {
|
||||
private prologue: bytes32;
|
||||
private staticKeys: KeyPair;
|
||||
private connection: WrappedConnection;
|
||||
private remotePeer: PeerId;
|
||||
private xx: XXHandshake;
|
||||
|
||||
constructor(
|
||||
@ -31,6 +34,7 @@ export class Handshake {
|
||||
prologue: bytes32,
|
||||
staticKeys: KeyPair,
|
||||
connection: WrappedConnection,
|
||||
remotePeer: PeerId,
|
||||
handshake?: XXHandshake,
|
||||
) {
|
||||
this.isInitiator = isInitiator;
|
||||
@ -39,6 +43,7 @@ export class Handshake {
|
||||
this.prologue = prologue;
|
||||
this.staticKeys = staticKeys;
|
||||
this.connection = connection;
|
||||
this.remotePeer = remotePeer;
|
||||
|
||||
this.xx = handshake || new XXHandshake();
|
||||
this.session = this.xx.initSession(this.isInitiator, this.prologue, this.staticKeys);
|
||||
@ -67,11 +72,12 @@ export class Handshake {
|
||||
const plaintext = await this.xx.recvMessage(this.session, receivedMessageBuffer);
|
||||
logger('Stage 1 - Initiator received the message. Got remote\'s static key.');
|
||||
|
||||
// if (!libp2pRemotekey) {
|
||||
// throw new Error("Missing remote's libp2p public key, can't verify peer ID.");
|
||||
// }
|
||||
logger("Initiator going to check remote's signature...");
|
||||
await verifySignedPayload(receivedMessageBuffer.ns, plaintext);
|
||||
try {
|
||||
await verifySignedPayload(receivedMessageBuffer.ns, plaintext, this.remotePeer.id);
|
||||
} catch (e) {
|
||||
throw new Error(`Error occurred while verifying signed payload: ${e.message}`);
|
||||
}
|
||||
logger("All good with the signature!");
|
||||
} else {
|
||||
logger('Stage 1 - Responder sending out first message with signed payload and static key.');
|
||||
@ -111,11 +117,11 @@ export class Handshake {
|
||||
const plaintext = await this.xx.recvMessage(this.session, receivedMessageBuffer);
|
||||
logger('Stage 2 - Responder received the message, finished handshake. Got remote\'s static key.');
|
||||
|
||||
// if (!libp2pRemotekey) {
|
||||
// throw new Error("Missing remote's libp2p public key, can't verify signature.");
|
||||
// }
|
||||
|
||||
await verifySignedPayload(receivedMessageBuffer.ns, plaintext);
|
||||
try {
|
||||
await verifySignedPayload(receivedMessageBuffer.ns, plaintext, this.remotePeer.id);
|
||||
} catch (e) {
|
||||
throw new Error(`Error occurred while verifying signed payload: ${e.message}`);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -46,7 +46,7 @@ export class Noise implements NoiseConnection {
|
||||
*/
|
||||
public async secureOutbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise<SecureOutbound> {
|
||||
const wrappedConnection = Wrap(connection);
|
||||
const libp2pPublicKey = localPeer.pubKey.marshal();
|
||||
const libp2pPublicKey = localPeer.marshalPubKey();
|
||||
const handshake = await this.performHandshake(wrappedConnection, true, libp2pPublicKey, remotePeer);
|
||||
const conn = await this.createSecureConnection(wrappedConnection, handshake);
|
||||
|
||||
@ -65,7 +65,7 @@ export class Noise implements NoiseConnection {
|
||||
*/
|
||||
public async secureInbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise<SecureOutbound> {
|
||||
const wrappedConnection = Wrap(connection);
|
||||
const libp2pPublicKey = localPeer.pubKey.marshal();
|
||||
const libp2pPublicKey = localPeer.marshalPubKey();
|
||||
const handshake = await this.performHandshake(wrappedConnection, false, libp2pPublicKey, remotePeer);
|
||||
const conn = await this.createSecureConnection(wrappedConnection, handshake);
|
||||
|
||||
@ -82,7 +82,7 @@ export class Noise implements NoiseConnection {
|
||||
remotePeer: PeerId,
|
||||
): Promise<Handshake> {
|
||||
const prologue = Buffer.from(this.protocol);
|
||||
const handshake = new Handshake(isInitiator, this.privateKey, libp2pPublicKey, prologue, this.staticKeys, connection);
|
||||
const handshake = new Handshake(isInitiator, this.privateKey, libp2pPublicKey, prologue, this.staticKeys, connection, remotePeer);
|
||||
|
||||
try {
|
||||
await handshake.propose();
|
||||
|
||||
21
src/utils.ts
21
src/utils.ts
@ -3,6 +3,7 @@ import protobuf from "protobufjs";
|
||||
import { Buffer } from "buffer";
|
||||
import debug from "debug";
|
||||
import PeerId from "peer-id";
|
||||
import * as crypto from 'libp2p-crypto';
|
||||
|
||||
import { KeyPair } from "./@types/libp2p";
|
||||
import { bytes } from "./@types/basic";
|
||||
@ -83,19 +84,23 @@ export function decodeMessageBuffer(message: bytes): MessageBuffer {
|
||||
}
|
||||
}
|
||||
|
||||
export async function verifyPeerId(peerId: bytes, publicKey: bytes) {
|
||||
const generatedPeerId = await PeerId.createFromPubKey(publicKey);
|
||||
if (!generatedPeerId.equals(peerId)) {
|
||||
throw new Error("Peer ID doesn't match libp2p public key.");
|
||||
}
|
||||
async function isValidPeerId(peerId: bytes, publicKeyProtobuf: bytes) {
|
||||
const generatedPeerId = await PeerId.createFromPubKey(publicKeyProtobuf);
|
||||
return generatedPeerId.id.equals(peerId);
|
||||
}
|
||||
|
||||
export async function verifySignedPayload(noiseStaticKey: bytes, plaintext: bytes) {
|
||||
export async function verifySignedPayload(noiseStaticKey: bytes, plaintext: bytes, peerId: bytes) {
|
||||
const NoiseHandshakePayload = await loadPayloadProto();
|
||||
const receivedPayload = NoiseHandshakePayload.toObject(NoiseHandshakePayload.decode(plaintext));
|
||||
const generatedPayload = getHandshakePayload(noiseStaticKey);
|
||||
|
||||
if (!ed25519.verify(generatedPayload, receivedPayload.noiseStaticKeySignature, receivedPayload.libp2pKey)) {
|
||||
if (!(await isValidPeerId(peerId, receivedPayload.libp2pKey)) ) {
|
||||
throw new Error("Peer ID doesn't match libp2p public key.");
|
||||
}
|
||||
|
||||
const generatedPayload = getHandshakePayload(noiseStaticKey);
|
||||
// Unmarshaling from PublicKey protobuf and taking key buffer only.
|
||||
const publicKey = crypto.keys.unmarshalPublicKey(receivedPayload.libp2pKey).marshal();
|
||||
if (!ed25519.verify(generatedPayload, receivedPayload.noiseStaticKeySignature, publicKey)) {
|
||||
throw new Error("Static key doesn't match to peer that signed payload!");
|
||||
}
|
||||
}
|
||||
|
||||
@ -21,12 +21,12 @@ describe("Handshake", () => {
|
||||
const [peerA, peerB] = await createPeerIds(2);
|
||||
|
||||
const initiatorPrivKey = peerA.privKey.marshal().slice(0, 32);
|
||||
const initiatorPubKey = peerA.pubKey.marshal();
|
||||
const handshakeInitator = new Handshake(true, initiatorPrivKey, initiatorPubKey, prologue, staticKeysInitiator, connectionFrom);
|
||||
const initiatorPubKey = peerA.marshalPubKey();
|
||||
const handshakeInitator = new Handshake(true, initiatorPrivKey, initiatorPubKey, prologue, staticKeysInitiator, connectionFrom, peerB);
|
||||
|
||||
const responderPrivKey = peerB.privKey.marshal().slice(0, 32);
|
||||
const responderPubKey = peerB.pubKey.marshal();
|
||||
const handshakeResponder = new Handshake(false, responderPrivKey, responderPubKey, prologue, staticKeysResponder, connectionTo);
|
||||
const responderPubKey = peerB.marshalPubKey();
|
||||
const handshakeResponder = new Handshake(false, responderPrivKey, responderPubKey, prologue, staticKeysResponder, connectionTo, peerA);
|
||||
|
||||
await handshakeInitator.propose();
|
||||
await handshakeResponder.propose();
|
||||
|
||||
@ -59,9 +59,9 @@ describe("Noise", () => {
|
||||
const prologue = Buffer.from('/noise');
|
||||
const staticKeys = generateKeypair();
|
||||
const xx = new XXHandshake();
|
||||
const libp2pPubKey = remotePeer.pubKey.marshal();
|
||||
const libp2pPubKey = remotePeer.marshalPubKey();
|
||||
const libp2pPrivKey = remotePeer.privKey.marshal().slice(0, 32);
|
||||
const handshake = new Handshake(false, libp2pPrivKey, libp2pPubKey, prologue, staticKeys, wrapped, xx);
|
||||
const handshake = new Handshake(false, libp2pPrivKey, libp2pPubKey, prologue, staticKeys, wrapped, localPeer, xx);
|
||||
|
||||
let receivedMessageBuffer = decodeMessageBuffer((await wrapped.readLP()).slice());
|
||||
// The first handshake message contains the initiator's ephemeral public key
|
||||
|
||||
Reference in New Issue
Block a user