fluencelabs/js-libp2p-noise
1
0
Fork 0
mirror of https://github.com/fluencelabs/js-libp2p-noise synced 2025-06-14 04:31:36 +00:00
Code Issues Projects Releases Wiki Activity

Verify peer id

Browse Source
This commit is contained in:
morrigan
2019-12-03 13:39:33 +01:00
parent 88bc55ac41
commit e0806499ff
7 changed files with 43 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -29,7 +29,6 @@
"bn.js-typings": "^1.0.1", "bn.js-typings": "^1.0.1",
"chai": "^4.2.0", "chai": "^4.2.0",
"eslint": "^6.6.0", "eslint": "^6.6.0",
"libp2p-crypto": "^0.17.1",
"mocha": "^6.2.2", "mocha": "^6.2.2",
"typescript": "^3.6.4" "typescript": "^3.6.4"
}, },
@ -60,6 +59,7 @@
"it-pair": "^1.0.0", "it-pair": "^1.0.0",
"it-pb-rpc": "^0.1.3", "it-pb-rpc": "^0.1.3",
"it-pipe": "^1.1.0", "it-pipe": "^1.1.0",
"libp2p-crypto": "^0.17.1",
"peer-id": "^0.13.5", "peer-id": "^0.13.5",
"protobufjs": "~6.8.8" "protobufjs": "~6.8.8"
} }

2
src/@types/libp2p.ts
View File

@ -14,6 +14,8 @@ export type PeerId = {
pubKey: { pubKey: {
marshal(): bytes; marshal(): bytes;
}; };
marshalPubKey(): bytes;
marshalPrivKey(): bytes;
}; };
export interface NoiseConnection { export interface NoiseConnection {

30
src/handshake.ts
View File

@ -2,14 +2,16 @@ import { Buffer } from "buffer";
import { bytes, bytes32 } from "./@types/basic"; import { bytes, bytes32 } from "./@types/basic";
import { NoiseSession, XXHandshake } from "./xx"; import { NoiseSession, XXHandshake } from "./xx";
import { KeyPair } from "./@types/libp2p"; import { KeyPair, PeerId } from "./@types/libp2p";
import { import {
createHandshakePayload, createHandshakePayload,
decodeMessageBuffer, decodeMessageBuffer,
encodeMessageBuffer, encodeMessageBuffer,
getHandshakePayload, getHandshakePayload,
logger, signEarlyDataPayload, logger,
signPayload, verifySignedPayload, signEarlyDataPayload,
signPayload,
verifySignedPayload,
} from "./utils"; } from "./utils";
import { WrappedConnection } from "./noise"; import { WrappedConnection } from "./noise";
@ -22,6 +24,7 @@ export class Handshake {
private prologue: bytes32; private prologue: bytes32;
private staticKeys: KeyPair; private staticKeys: KeyPair;
private connection: WrappedConnection; private connection: WrappedConnection;
private remotePeer: PeerId;
private xx: XXHandshake; private xx: XXHandshake;
constructor( constructor(
@ -31,6 +34,7 @@ export class Handshake {
prologue: bytes32, prologue: bytes32,
staticKeys: KeyPair, staticKeys: KeyPair,
connection: WrappedConnection, connection: WrappedConnection,
remotePeer: PeerId,
handshake?: XXHandshake, handshake?: XXHandshake,
) { ) {
this.isInitiator = isInitiator; this.isInitiator = isInitiator;
@ -39,6 +43,7 @@ export class Handshake {
this.prologue = prologue; this.prologue = prologue;
this.staticKeys = staticKeys; this.staticKeys = staticKeys;
this.connection = connection; this.connection = connection;
this.remotePeer = remotePeer;
this.xx = handshake || new XXHandshake(); this.xx = handshake || new XXHandshake();
this.session = this.xx.initSession(this.isInitiator, this.prologue, this.staticKeys); this.session = this.xx.initSession(this.isInitiator, this.prologue, this.staticKeys);
@ -67,11 +72,12 @@ export class Handshake {
const plaintext = await this.xx.recvMessage(this.session, receivedMessageBuffer); const plaintext = await this.xx.recvMessage(this.session, receivedMessageBuffer);
logger('Stage 1 - Initiator received the message. Got remote\'s static key.'); logger('Stage 1 - Initiator received the message. Got remote\'s static key.');
// if (!libp2pRemotekey) {
// throw new Error("Missing remote's libp2p public key, can't verify peer ID.");
// }
logger("Initiator going to check remote's signature..."); logger("Initiator going to check remote's signature...");
await verifySignedPayload(receivedMessageBuffer.ns, plaintext); try {
await verifySignedPayload(receivedMessageBuffer.ns, plaintext, this.remotePeer.id);
} catch (e) {
throw new Error(`Error occurred while verifying signed payload: ${e.message}`);
}
logger("All good with the signature!"); logger("All good with the signature!");
} else { } else {
logger('Stage 1 - Responder sending out first message with signed payload and static key.'); logger('Stage 1 - Responder sending out first message with signed payload and static key.');
@ -111,11 +117,11 @@ export class Handshake {
const plaintext = await this.xx.recvMessage(this.session, receivedMessageBuffer); const plaintext = await this.xx.recvMessage(this.session, receivedMessageBuffer);
logger('Stage 2 - Responder received the message, finished handshake. Got remote\'s static key.'); logger('Stage 2 - Responder received the message, finished handshake. Got remote\'s static key.');
// if (!libp2pRemotekey) { try {
// throw new Error("Missing remote's libp2p public key, can't verify signature."); await verifySignedPayload(receivedMessageBuffer.ns, plaintext, this.remotePeer.id);
// } } catch (e) {
throw new Error(`Error occurred while verifying signed payload: ${e.message}`);
await verifySignedPayload(receivedMessageBuffer.ns, plaintext); }
} }
} }

6
src/noise.ts
View File

@ -46,7 +46,7 @@ export class Noise implements NoiseConnection {
*/ */
public async secureOutbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise<SecureOutbound> { public async secureOutbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise<SecureOutbound> {
const wrappedConnection = Wrap(connection); const wrappedConnection = Wrap(connection);
const libp2pPublicKey = localPeer.pubKey.marshal(); const libp2pPublicKey = localPeer.marshalPubKey();
const handshake = await this.performHandshake(wrappedConnection, true, libp2pPublicKey, remotePeer); const handshake = await this.performHandshake(wrappedConnection, true, libp2pPublicKey, remotePeer);
const conn = await this.createSecureConnection(wrappedConnection, handshake); const conn = await this.createSecureConnection(wrappedConnection, handshake);
@ -65,7 +65,7 @@ export class Noise implements NoiseConnection {
*/ */
public async secureInbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise<SecureOutbound> { public async secureInbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise<SecureOutbound> {
const wrappedConnection = Wrap(connection); const wrappedConnection = Wrap(connection);
const libp2pPublicKey = localPeer.pubKey.marshal(); const libp2pPublicKey = localPeer.marshalPubKey();
const handshake = await this.performHandshake(wrappedConnection, false, libp2pPublicKey, remotePeer); const handshake = await this.performHandshake(wrappedConnection, false, libp2pPublicKey, remotePeer);
const conn = await this.createSecureConnection(wrappedConnection, handshake); const conn = await this.createSecureConnection(wrappedConnection, handshake);
@ -82,7 +82,7 @@ export class Noise implements NoiseConnection {
remotePeer: PeerId, remotePeer: PeerId,
): Promise<Handshake> { ): Promise<Handshake> {
const prologue = Buffer.from(this.protocol); const prologue = Buffer.from(this.protocol);
const handshake = new Handshake(isInitiator, this.privateKey, libp2pPublicKey, prologue, this.staticKeys, connection); const handshake = new Handshake(isInitiator, this.privateKey, libp2pPublicKey, prologue, this.staticKeys, connection, remotePeer);
try { try {
await handshake.propose(); await handshake.propose();

21
src/utils.ts
View File

@ -3,6 +3,7 @@ import protobuf from "protobufjs";
import { Buffer } from "buffer"; import { Buffer } from "buffer";
import debug from "debug"; import debug from "debug";
import PeerId from "peer-id"; import PeerId from "peer-id";
import * as crypto from 'libp2p-crypto';
import { KeyPair } from "./@types/libp2p"; import { KeyPair } from "./@types/libp2p";
import { bytes } from "./@types/basic"; import { bytes } from "./@types/basic";
@ -83,19 +84,23 @@ export function decodeMessageBuffer(message: bytes): MessageBuffer {
} }
} }
export async function verifyPeerId(peerId: bytes, publicKey: bytes) { async function isValidPeerId(peerId: bytes, publicKeyProtobuf: bytes) {
const generatedPeerId = await PeerId.createFromPubKey(publicKey); const generatedPeerId = await PeerId.createFromPubKey(publicKeyProtobuf);
if (!generatedPeerId.equals(peerId)) { return generatedPeerId.id.equals(peerId);
throw new Error("Peer ID doesn't match libp2p public key.");
}
} }
export async function verifySignedPayload(noiseStaticKey: bytes, plaintext: bytes) { export async function verifySignedPayload(noiseStaticKey: bytes, plaintext: bytes, peerId: bytes) {
const NoiseHandshakePayload = await loadPayloadProto(); const NoiseHandshakePayload = await loadPayloadProto();
const receivedPayload = NoiseHandshakePayload.toObject(NoiseHandshakePayload.decode(plaintext)); const receivedPayload = NoiseHandshakePayload.toObject(NoiseHandshakePayload.decode(plaintext));
const generatedPayload = getHandshakePayload(noiseStaticKey);
if (!ed25519.verify(generatedPayload, receivedPayload.noiseStaticKeySignature, receivedPayload.libp2pKey)) { if (!(await isValidPeerId(peerId, receivedPayload.libp2pKey)) ) {
throw new Error("Peer ID doesn't match libp2p public key.");
}
const generatedPayload = getHandshakePayload(noiseStaticKey);
// Unmarshaling from PublicKey protobuf and taking key buffer only.
const publicKey = crypto.keys.unmarshalPublicKey(receivedPayload.libp2pKey).marshal();
if (!ed25519.verify(generatedPayload, receivedPayload.noiseStaticKeySignature, publicKey)) {
throw new Error("Static key doesn't match to peer that signed payload!"); throw new Error("Static key doesn't match to peer that signed payload!");
} }
} }

8
test/handshake.test.ts
View File

@ -21,12 +21,12 @@ describe("Handshake", () => {
const [peerA, peerB] = await createPeerIds(2); const [peerA, peerB] = await createPeerIds(2);
const initiatorPrivKey = peerA.privKey.marshal().slice(0, 32); const initiatorPrivKey = peerA.privKey.marshal().slice(0, 32);
const initiatorPubKey = peerA.pubKey.marshal(); const initiatorPubKey = peerA.marshalPubKey();
const handshakeInitator = new Handshake(true, initiatorPrivKey, initiatorPubKey, prologue, staticKeysInitiator, connectionFrom); const handshakeInitator = new Handshake(true, initiatorPrivKey, initiatorPubKey, prologue, staticKeysInitiator, connectionFrom, peerB);
const responderPrivKey = peerB.privKey.marshal().slice(0, 32); const responderPrivKey = peerB.privKey.marshal().slice(0, 32);
const responderPubKey = peerB.pubKey.marshal(); const responderPubKey = peerB.marshalPubKey();
const handshakeResponder = new Handshake(false, responderPrivKey, responderPubKey, prologue, staticKeysResponder, connectionTo); const handshakeResponder = new Handshake(false, responderPrivKey, responderPubKey, prologue, staticKeysResponder, connectionTo, peerA);
await handshakeInitator.propose(); await handshakeInitator.propose();
await handshakeResponder.propose(); await handshakeResponder.propose();

4
test/noise.test.ts
View File

@ -59,9 +59,9 @@ describe("Noise", () => {
const prologue = Buffer.from('/noise'); const prologue = Buffer.from('/noise');
const staticKeys = generateKeypair(); const staticKeys = generateKeypair();
const xx = new XXHandshake(); const xx = new XXHandshake();
const libp2pPubKey = remotePeer.pubKey.marshal(); const libp2pPubKey = remotePeer.marshalPubKey();
const libp2pPrivKey = remotePeer.privKey.marshal().slice(0, 32); const libp2pPrivKey = remotePeer.privKey.marshal().slice(0, 32);
const handshake = new Handshake(false, libp2pPrivKey, libp2pPubKey, prologue, staticKeys, wrapped, xx); const handshake = new Handshake(false, libp2pPrivKey, libp2pPubKey, prologue, staticKeys, wrapped, localPeer, xx);
let receivedMessageBuffer = decodeMessageBuffer((await wrapped.readLP()).slice()); let receivedMessageBuffer = decodeMessageBuffer((await wrapped.readLP()).slice());
// The first handshake message contains the initiator's ephemeral public key // The first handshake message contains the initiator's ephemeral public key