chore: clean up logic (#165)

wemeetagain · web-flow · commit 7a0d8c00c809 · 2022-07-14T10:30:43.000+02:00
- decodePayload is synchronous
- remove isValidPeerId - only decode peer id once
- don't use the return value of verifySignedPayload anywhere
- remove duplicate length check, use isValidPublicKey
diff --git a/src/handshake-ik.ts b/src/handshake-ik.ts
@@ -73,7 +73,7 @@ export class IKHandshake implements IHandshake {
           throw new Error('ik handshake stage 0 decryption validation fail')
         }
         logger('IK Stage 0 - Responder got message, going to verify payload.')
-        const decodedPayload = await decodePayload(plaintext)
+        const decodedPayload = decodePayload(plaintext)
         this.remotePeer = this.remotePeer || await getPeerIdFromPayload(decodedPayload)
         await verifySignedPayload(this.session.hs.rs, decodedPayload, this.remotePeer)
         this.setRemoteEarlyData(decodedPayload.data)
@@ -99,7 +99,7 @@ export class IKHandshake implements IHandshake {
         if (!valid) {
           throw new Error('ik stage 1 decryption validation fail')
         }
-        const decodedPayload = await decodePayload(plaintext)
+        const decodedPayload = decodePayload(plaintext)
         this.remotePeer = this.remotePeer || await getPeerIdFromPayload(decodedPayload)
         await verifySignedPayload(receivedMessageBuffer.ns.slice(0, 32), decodedPayload, this.remotePeer)
         this.setRemoteEarlyData(decodedPayload.data)
diff --git a/src/handshake-xx-fallback.ts b/src/handshake-xx-fallback.ts
@@ -69,7 +69,7 @@ export class XXFallbackHandshake extends XXHandshake {
 
       logger("Initiator going to check remote's signature...")
       try {
-        const decodedPayload = await decodePayload(plaintext)
+        const decodedPayload = decodePayload(plaintext)
         this.remotePeer = this.remotePeer || await getPeerIdFromPayload(decodedPayload)
         await verifySignedPayload(this.session.hs.rs, decodedPayload, this.remotePeer)
         this.setRemoteEarlyData(decodedPayload.data)
diff --git a/src/handshake-xx.ts b/src/handshake-xx.ts
@@ -94,9 +94,9 @@ export class XXHandshake implements IHandshake {
 
       logger("Initiator going to check remote's signature...")
       try {
-        const decodedPayload = await decodePayload(plaintext)
+        const decodedPayload = decodePayload(plaintext)
         this.remotePeer = this.remotePeer || await getPeerIdFromPayload(decodedPayload)
-        this.remotePeer = await verifySignedPayload(this.session.hs.rs, decodedPayload, this.remotePeer)
+        await verifySignedPayload(this.session.hs.rs, decodedPayload, this.remotePeer)
         this.setRemoteEarlyData(decodedPayload.data)
       } catch (e) {
         const err = e as Error
@@ -129,7 +129,7 @@ export class XXHandshake implements IHandshake {
       logger('Stage 2 - Responder received the message, finished handshake.')
 
       try {
-        const decodedPayload = await decodePayload(plaintext)
+        const decodedPayload = decodePayload(plaintext)
         this.remotePeer = this.remotePeer || await getPeerIdFromPayload(decodedPayload)
         await verifySignedPayload(this.session.hs.rs, decodedPayload, this.remotePeer)
         this.setRemoteEarlyData(decodedPayload.data)
diff --git a/src/handshakes/ik.ts b/src/handshakes/ik.ts
@@ -108,7 +108,7 @@ export class IK extends AbstractHandshake {
     this.mixHash(hs.ss, hs.re)
     this.mixKey(hs.ss, this.dh(hs.s.privateKey, hs.re))
     const { plaintext: ns, valid: valid1 } = this.decryptAndHash(hs.ss, message.ns)
-    if (valid1 && ns.length === 32 && isValidPublicKey(ns)) {
+    if (valid1 && isValidPublicKey(ns)) {
       hs.rs = ns
     }
     this.mixKey(hs.ss, this.dh(hs.s.privateKey, hs.rs))
diff --git a/src/handshakes/xx.ts b/src/handshakes/xx.ts
@@ -87,7 +87,7 @@ export class XX extends AbstractHandshake {
     }
     this.mixKey(hs.ss, this.dh(hs.e.privateKey, hs.re))
     const { plaintext: ns, valid: valid1 } = this.decryptAndHash(hs.ss, message.ns)
-    if (valid1 && ns.length === 32 && isValidPublicKey(ns)) {
+    if (valid1 && isValidPublicKey(ns)) {
       hs.rs = ns
     }
     this.mixKey(hs.ss, this.dh(hs.e.privateKey, hs.rs))
@@ -97,7 +97,7 @@ export class XX extends AbstractHandshake {
 
   private readMessageC (hs: HandshakeState, message: MessageBuffer): {h: bytes, plaintext: bytes, valid: boolean, cs1: CipherState, cs2: CipherState} {
     const { plaintext: ns, valid: valid1 } = this.decryptAndHash(hs.ss, message.ns)
-    if (valid1 && ns.length === 32 && isValidPublicKey(ns)) {
+    if (valid1 && isValidPublicKey(ns)) {
       hs.rs = ns
     }
     if (!hs.e) {
diff --git a/src/utils.ts b/src/utils.ts
@@ -62,11 +62,6 @@ export function getHandshakePayload (publicKey: bytes): bytes {
   return uint8ArrayConcat([prefix, publicKey], prefix.length + publicKey.length)
 }
 
-async function isValidPeerId (peerId: PeerId, publicKeyProtobuf: bytes): Promise<boolean> {
-  const generatedPeerId = await peerIdFromKeys(publicKeyProtobuf)
-  return generatedPeerId.equals(peerId)
-}
-
 /**
  * Verifies signed payload, throws on any irregularities.
  *
@@ -80,31 +75,30 @@ export async function verifySignedPayload (
   payload: pb.NoiseHandshakePayload,
   remotePeer: PeerId
 ): Promise<PeerId> {
-  const identityKey = payload.identityKey
-  if (!(await isValidPeerId(remotePeer, identityKey))) {
+  // Unmarshaling from PublicKey protobuf
+  const payloadPeerId = await peerIdFromKeys(payload.identityKey)
+  if (!payloadPeerId.equals(remotePeer)) {
     throw new Error("Peer ID doesn't match libp2p public key.")
   }
   const generatedPayload = getHandshakePayload(noiseStaticKey)
-  // Unmarshaling from PublicKey protobuf
-  const peerId = await peerIdFromKeys(identityKey)
 
-  if (peerId.publicKey == null) {
+  if (payloadPeerId.publicKey == null) {
     throw new Error('PublicKey was missing from PeerId')
   }
 
   if (payload.identitySig == null) {
     throw new Error('Signature was missing from message')
   }
 
-  const publicKey = unmarshalPublicKey(peerId.publicKey)
+  const publicKey = unmarshalPublicKey(payloadPeerId.publicKey)
 
   const valid = await publicKey.verify(generatedPayload, payload.identitySig)
 
   if (!valid) {
     throw new Error("Static key doesn't match to peer that signed payload!")
   }
 
-  return peerId
+  return payloadPeerId
 }
 
 export function isValidPublicKey (pk: bytes): boolean {

Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ export class IK extends AbstractHandshake {`
`108`	`108`	`this.mixHash(hs.ss, hs.re)`
`109`	`109`	`this.mixKey(hs.ss, this.dh(hs.s.privateKey, hs.re))`
`110`	`110`	`const { plaintext: ns, valid: valid1 } = this.decryptAndHash(hs.ss, message.ns)`
`111`		`- if (valid1 && ns.length === 32 && isValidPublicKey(ns)) {`
	`111`	`+ if (valid1 && isValidPublicKey(ns)) {`
`112`	`112`	`hs.rs = ns`
`113`	`113`	`}`
`114`	`114`	`this.mixKey(hs.ss, this.dh(hs.s.privateKey, hs.rs))`
Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ export class XX extends AbstractHandshake {`
`87`	`87`	`}`
`88`	`88`	`this.mixKey(hs.ss, this.dh(hs.e.privateKey, hs.re))`
`89`	`89`	`const { plaintext: ns, valid: valid1 } = this.decryptAndHash(hs.ss, message.ns)`
`90`		`- if (valid1 && ns.length === 32 && isValidPublicKey(ns)) {`
	`90`	`+ if (valid1 && isValidPublicKey(ns)) {`
`91`	`91`	`hs.rs = ns`
`92`	`92`	`}`
`93`	`93`	`this.mixKey(hs.ss, this.dh(hs.e.privateKey, hs.rs))`
`@@ -97,7 +97,7 @@ export class XX extends AbstractHandshake {`
`97`	`97`
`98`	`98`	`private readMessageC (hs: HandshakeState, message: MessageBuffer): {h: bytes, plaintext: bytes, valid: boolean, cs1: CipherState, cs2: CipherState} {`
`99`	`99`	`const { plaintext: ns, valid: valid1 } = this.decryptAndHash(hs.ss, message.ns)`
`100`		`- if (valid1 && ns.length === 32 && isValidPublicKey(ns)) {`
	`100`	`+ if (valid1 && isValidPublicKey(ns)) {`
`101`	`101`	`hs.rs = ns`
`102`	`102`	`}`
`103`	`103`	`if (!hs.e) {`