fix: use fixed encoding/decoding everywhere

jacobheun · jacobheun · commit 840c217dbbd3 · 2019-11-21T09:38:08.000-06:00
fix: exchange final nonce handshake over encryption
diff --git a/src/handshake/finish.js b/src/handshake/finish.js
@@ -7,6 +7,7 @@ log.error = debug('libp2p:secio:error')
 const DuplexPair = require('it-pair/duplex')
 const pipe = require('it-pipe')
 const lp = require('it-length-prefixed')
+const Wrap = require('it-pb-rpc')
 const { int32BEEncode, int32BEDecode } = lp
 const ensureBuffer = require('it-buffer')
 
@@ -20,32 +21,29 @@ module.exports = async function finish (state, wrapped) {
 
   const proto = state.protocols
 
-  wrapped.write(state.proposal.in.rand)
-  const nonceBack = await wrapped.read(state.proposal.in.rand.length)
-
-  crypto.verifyNonce(state, nonceBack.slice())
-
-  log('3. finish - finish')
-
-  const network = wrapped.unwrap()
   const [secure, user] = DuplexPair()
+  const network = wrapped.unwrap()
 
   pipe(
-    secure.source, // this is FROM the user
+    secure, // this is FROM the user
     ensureBuffer,
     etm.createBoxStream(proto.local.cipher, proto.local.mac),
     lp.encode({ lengthEncoder: int32BEEncode }),
-    network.sink // and gets piped INTO the network
-  )
-
-  pipe(
-    network.source, // this is FROM the network
+    network, // and gets piped INTO and FROM the network
     lp.decode({ lengthDecoder: int32BEDecode }),
     ensureBuffer,
     etm.createUnboxStream(proto.remote.cipher, proto.remote.mac),
-    secure.sink // and gets piped TO the user
+    secure // and gets piped TO the user
   )
 
+  // Exchange nonces over the encrypted stream for final verification
+  const shake = Wrap(user)
+  shake.write(state.proposal.in.rand)
+  const nonceBack = await shake.read(state.proposal.in.rand.length)
+  crypto.verifyNonce(state, nonceBack.slice())
+
+  log('3. finish - finish')
+
   // Awesome that's all folks.
-  state.secure = user
+  state.secure = shake.unwrap()
 }
diff --git a/src/handshake/propose.js b/src/handshake/propose.js
@@ -1,7 +1,8 @@
 'use strict'
 
 const crypto = require('./crypto')
-
+const lp = require('it-length-prefixed')
+const { int32BEEncode } = lp
 const debug = require('debug')
 const log = debug('libp2p:secio')
 log.error = debug('libp2p:secio:error')
@@ -11,8 +12,10 @@ log.error = debug('libp2p:secio:error')
 module.exports = async function propose (state, wrapped) {
   log('1. propose - start')
 
-  log('1. propose - writing proposal')
-  await wrapped.writeLP(crypto.createProposal(state))
+  const prop = crypto.createProposal(state)
+  log('1. propose - writing proposal', prop)
+
+  await wrapped.write(lp.encode.single(prop, { lengthEncoder: int32BEEncode }))
 
   log('1. propose - reading proposal')
   const msg = (await wrapped.readLP()).slice()
diff --git a/src/index.js b/src/index.js
@@ -8,13 +8,14 @@ log.error = debug('libp2p:secio:error')
 const handshake = require('./handshake')
 const State = require('./state')
 const Wrap = require('it-pb-rpc')
+const { int32BEDecode, int32BEEncode } = require('it-length-prefixed')
 
 async function secure (localPeer, duplex, remotePeer) { // returns duplex
   assert(localPeer, 'no local private key provided')
   assert(duplex, 'no connection for the handshake provided')
 
   const state = new State(localPeer, remotePeer)
-  const wrapped = Wrap(duplex)
+  const wrapped = Wrap(duplex, { lengthDecoder: int32BEDecode, lengthEncoder: int32BEEncode })
   await handshake(state, wrapped)
 
   return {
