diff --git a/js/models/network/Async.js b/js/models/network/Async.js index f348f2d7b..1a1fecd49 100644 --- a/js/models/network/Async.js +++ b/js/models/network/Async.js @@ -206,24 +206,22 @@ Network.prototype._onMessage = function(enc) { return; } - // TODO - /* - if (!this.copayerForPeer[sender] || (isInbound && !this.isInboundPeerAuth[sender])) { - this._deletePeer(sender); - return; - } - */ - - //console.log('receiving ' + JSON.stringify(payload)); var self = this; switch (payload.type) { case 'hello': + // if we locked allowed copayers, check if it belongs if (this.allowedCopayerIds && !this.allowedCopayerIds[payload.copayerId]) { this._deletePeer(sender); return; } + //ensure claimed public key is actually the public key of the peer + //e.g., their public key should hash to be their peerId + if (enc.pubkey !== this.peerFromCopayer(payload.copayerId)) { + this._deletePeer(enc.pubkey, 'incorrect pubkey for peerId'); + return; + } this._addConnectedCopayer(payload.copayerId); break; default: @@ -379,6 +377,7 @@ Network.prototype.encode = function(copayerId, payload) { }; var copayerIdBuf = new Buffer(copayerId, 'hex'); var message = AuthMessage.encode(copayerIdBuf, this.getKey(), payload, opts); + return message; }; Network.prototype.isOnline = function() { diff --git a/test/test.network.Async.js b/test/test.network.Async.js index f6860d7eb..3680a97f8 100644 --- a/test/test.network.Async.js +++ b/test/test.network.Async.js @@ -11,15 +11,17 @@ var EventEmitter = require('events').EventEmitter; describe('Network / Async', function() { - var createN = function() { + var createN = function(pk) { var n = new Async(); - var fakeSocket = new EventEmitter(); + var fakeSocket = {}; + fakeSocket.emit = function() {}; + fakeSocket.on = function() {}; n.createSocket = function() { return fakeSocket; }; var opts = { copayerId: '03b51d01d798522cf61211b4dfcdd6db219ee33cf166e1cb7f43d836ab00ccddee', - privkey: '31701118abde096d166607115ed00ce74a2231f68f43144406c863f5ebf06c32', + privkey: pk || '31701118abde096d166607115ed00ce74a2231f68f43144406c863f5ebf06c32', lastTimestamp: 1, }; n.start(opts); @@ -59,10 +61,11 @@ describe('Network / Async', function() { it('should call _sendToOne for a copayer', function(done) { var n = createN(); n.privkey = bitcore.util.sha256('test'); + n.key = null; var data = new bitcore.Buffer('my data to send'); - var copayerId = '03b51d01d798522cf61211b4dfcdd6db219ee33cf166e1cb7f43d836abc5c18b23'; + var copayerId = '03b51d01d798522cf61211b4dfcdd6d01020304cf166e1cb7f43d836abc5c18b23'; n._sendToOne = function(a, b, cb) { cb(); }; @@ -74,10 +77,11 @@ describe('Network / Async', function() { it('should call _sendToOne with encrypted data for a copayer', function(done) { var n = createN(); n.privkey = bitcore.util.sha256('test'); + n.key = null; var data = new bitcore.Buffer('my data to send'); - var copayerId = '03b51d01d798522cf61211b4dfcdd6db219ee33cf166e1cb7f43d836abc5c18b23'; + var copayerId = '03b51d01d798522cf61001b4dfcdd6db219ee33cf166e1cb7f43d836abc5c18b23'; n._sendToOne = function(a1, enc, cb) { var encPayload = JSON.parse(enc.toString()); encPayload.sig.length.should.be.greaterThan(0); @@ -107,7 +111,7 @@ describe('Network / Async', function() { }); }); - describe('#_onData', function() { + describe('#_onMessage', function() { var privkey1 = bitcore.util.sha256('test privkey 1'); var privkey2 = bitcore.util.sha256('test privkey 2'); var privkey3 = bitcore.util.sha256('test privkey 2'); @@ -115,62 +119,49 @@ describe('Network / Async', function() { var key1 = new bitcore.Key(); key1.private = privkey1; key1.regenerateSync(); + var pk1 = key1.private.toString('hex'); + var cid1 = key1.public.toString('hex'); var key2 = new bitcore.Key(); key2.private = privkey2; key2.regenerateSync(); + var pk2 = key2.private.toString('hex'); + var cid2 = key2.public.toString('hex'); var key3 = new bitcore.Key(); key3.private = privkey3; key3.regenerateSync(); + var pk3 = key3.private.toString('hex'); + var cid3 = key3.public.toString('hex'); it('should not reject data sent from a peer with hijacked pubkey', function() { - var n = createN(); - n.privkey = key2.private.toString('hex'); - n.key = null; + var n = createN(pk2); var message = { type: 'hello', - copayerId: key1.public.toString('hex') + copayerId: cid1 }; - var messagestr = JSON.stringify(message); - var messagebuf = new Buffer(messagestr); - - var encoded = n._encode(key2.public, key1, messagebuf); - var encodedstr = JSON.stringify(encoded); - var encodeduint = new Buffer(encodedstr); - - var isInbound = true; - var peerId = new bitcore.SIN(key1.public); + var enc = n.encode(cid2, message); n._deletePeer = sinon.spy(); - n._onData(encodeduint, isInbound, peerId); + n._onMessage(enc); n._deletePeer.calledOnce.should.equal(false); }); it('should reject data sent from a peer with hijacked pubkey', function() { - var n = createN(); - n.privkey = key2.private.toString('hex'); - n.key = null; + var n = createN(pk2); var message = { type: 'hello', - copayerId: key3.public.toString('hex') //MITM pubkey 3 + copayerId: cid3 // MITM }; - var messagestr = JSON.stringify(message); - var messagebuf = new Buffer(messagestr); - - var encoded = n._encode(key2.public, key1, messagebuf); - var encodedstr = JSON.stringify(encoded); - var encodeduint = new Buffer(encodedstr); - - var isInbound = true; - var peerId = new bitcore.SIN(key1.public); + + var enc = n.encode(cid2, message); n._deletePeer = sinon.spy(); - n._onData(encodeduint, isInbound, peerId); + n._onMessage(enc); n._deletePeer.calledOnce.should.equal(true); n._deletePeer.getCall(0).args[0].should.equal(peerId); n._deletePeer.getCall(0).args[1].should.equal('incorrect pubkey for peerId'); @@ -200,7 +191,7 @@ describe('Network / Async', function() { n._deletePeer = sinon.spy(); - n._onData(encodeduint, isInbound, peerId); + n._onMessage(encodeduint, isInbound, peerId); n._deletePeer.calledOnce.should.equal(false); n.getHexNonces()[(new bitcore.SIN(key1.public)).toString()].toString('hex').should.equal('0000000000000001'); }); @@ -231,7 +222,7 @@ describe('Network / Async', function() { n._deletePeer = sinon.spy(); - n._onData(encodeduint, isInbound, peerId); + n._onMessage(encodeduint, isInbound, peerId); n._deletePeer.calledOnce.should.equal(false); }); @@ -261,7 +252,7 @@ describe('Network / Async', function() { n._deletePeer = sinon.spy(); - n._onData(encodeduint, isInbound, peerId); + n._onMessage(encodeduint, isInbound, peerId); n._deletePeer.calledOnce.should.equal(false); }); @@ -291,7 +282,7 @@ describe('Network / Async', function() { n._deletePeer = sinon.spy(); - n._onData(encodeduint, isInbound, peerId); + n._onMessage(encodeduint, isInbound, peerId); n._deletePeer.calledOnce.should.equal(true); }); @@ -321,7 +312,7 @@ describe('Network / Async', function() { n._deletePeer = sinon.spy(); - n._onData(encodeduint, isInbound, peerId); + n._onMessage(encodeduint, isInbound, peerId); n._deletePeer.calledOnce.should.equal(true); });