From e9a1d8851276ac2c649098c6f96bc5ee8916d7e4 Mon Sep 17 00:00:00 2001 From: Franck Royer Date: Fri, 2 Jul 2021 11:29:04 +1000 Subject: [PATCH] Fix Public Key Message validation and use it --- examples/eth-dm/src/InitWaku.tsx | 12 +++++++----- examples/eth-dm/src/crypto.ts | 30 ++++++++++++++++++++++-------- 2 files changed, 29 insertions(+), 13 deletions(-) diff --git a/examples/eth-dm/src/InitWaku.tsx b/examples/eth-dm/src/InitWaku.tsx index e19991bb68..da105ff848 100644 --- a/examples/eth-dm/src/InitWaku.tsx +++ b/examples/eth-dm/src/InitWaku.tsx @@ -127,12 +127,14 @@ function handlePublicKeyMessage( if (ethDmPublicKey === myPublicKey) return; const res = validatePublicKeyMessage(publicKeyMsg); - console.log(`Public Key Message Received, valid: ${res}`, publicKeyMsg); + console.log('Is Public Key Message valid?', res); - setter((prevPks: Map) => { - prevPks.set(bytesToHexStr(publicKeyMsg.ethAddress), ethDmPublicKey); - return new Map(prevPks); - }); + if (res) { + setter((prevPks: Map) => { + prevPks.set(bytesToHexStr(publicKeyMsg.ethAddress), ethDmPublicKey); + return new Map(prevPks); + }); + } } async function handleDirectMessage( diff --git a/examples/eth-dm/src/crypto.ts b/examples/eth-dm/src/crypto.ts index ac9480c908..da76e4cdc8 100644 --- a/examples/eth-dm/src/crypto.ts +++ b/examples/eth-dm/src/crypto.ts @@ -33,11 +33,14 @@ export async function createPublicKeyMessage( ethDmPublicKey: string ): Promise { const ethAddress = await web3Signer.getAddress(); + const bytesEthDmPublicKey = Buffer.from( + ethDmPublicKey.replace(/0x/, ''), + 'hex' + ); const signature = await web3Signer.signMessage( - formatPublicKeyForSignature(ethDmPublicKey) + formatPublicKeyForSignature(bytesEthDmPublicKey) ); - const bytesEthDmPublicKey = Buffer.from(ethDmPublicKey, 'hex'); const bytesEthAddress = Buffer.from(ethAddress.replace(/0x/, ''), 'hex'); const bytesSignature = Buffer.from(signature.replace(/0x/, ''), 'hex'); @@ -52,13 +55,24 @@ export async function createPublicKeyMessage( * Validate that the EthDm Public Key was signed by the holder of the given Ethereum address. */ export function validatePublicKeyMessage(msg: PublicKeyMessage): boolean { + const formatedMsg = formatPublicKeyForSignature(msg.ethDmPublicKey); try { - const sigAddress = ethers.utils.verifyMessage( - formatPublicKeyForSignature(bytesToHexStr(msg.ethDmPublicKey)), - msg.signature + const sigAddress = ethers.utils.verifyMessage(formatedMsg, msg.signature); + const sigAddressBytes = Buffer.from(sigAddress.replace(/0x/, ''), 'hex'); + // Compare the actual byte arrays instead of strings that may differ in casing or prefixing. + const cmp = sigAddressBytes.compare(new Buffer(msg.ethAddress)); + console.log( + `Buffer comparison result: ${cmp} for (signature address, message address)`, + sigAddressBytes, + msg.ethAddress ); - return sigAddress === bytesToHexStr(msg.ethAddress); + return cmp === 0; } catch (e) { + console.log( + 'Failed to verify signature for Public Key Message', + formatedMsg, + msg + ); return false; } } @@ -70,9 +84,9 @@ export function validatePublicKeyMessage(msg: PublicKeyMessage): boolean { * The usage of the object helps ensure the signature is only used in an Eth-DM * context. */ -function formatPublicKeyForSignature(ethDmPublicKey: string): string { +function formatPublicKeyForSignature(ethDmPublicKey: Uint8Array): string { return JSON.stringify({ - ethDmPublicKey, + ethDmPublicKey: bytesToHexStr(ethDmPublicKey), }); }