Skip to content

Commit

Permalink
fix(security): ensure validate is properly checking verify status
Browse files Browse the repository at this point in the history
  • Loading branch information
jacobheun committed Aug 22, 2018
1 parent 48d0456 commit 33684e3
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 3 deletions.
4 changes: 2 additions & 2 deletions src/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,8 @@ const validate = (publicKey, entry, callback) => {
const dataForSignature = ipnsEntryDataForSig(value, validityType, validity)

// Validate Signature
publicKey.verify(dataForSignature, entry.signature, (err) => {
if (err) {
publicKey.verify(dataForSignature, entry.signature, (err, isValid) => {
if (err || !isValid) {
log.error('record signature verification failed')
return callback(Object.assign(new Error('record signature verification failed'), { code: ERRORS.ERR_SIGNATURE_VERIFICATION }))
}
Expand Down
24 changes: 23 additions & 1 deletion test/index.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ const crypto = require('libp2p-crypto')
const { fromB58String } = require('multihashes')

const ipns = require('../src')
const ERRORS = require('../src/errors')

const df = DaemonFactory.create({ type: 'proc', exec: ipfs })

Expand Down Expand Up @@ -88,14 +89,35 @@ describe('ipns', function () {
ipns.create(rsa, cid, sequence, validity, (err, entry) => {
expect(err).to.not.exist()

ipns.validate(rsa.public, entry, (err, res) => {
ipns.validate(rsa.public, entry, (err) => {
expect(err).to.not.exist()

done()
})
})
})

it('should fail to validate a bad record', (done) => {
const sequence = 0
const validity = 1000000

ipns.create(rsa, cid, sequence, validity, (err, entry) => {
expect(err).to.not.exist()

// corrupt the record by changing the value to random bytes
entry.value = crypto.randomBytes(46).toString()

ipns.validate(rsa.public, entry, (err) => {
expect(err).to.exist()
expect(err).to.include({
code: ERRORS.ERR_SIGNATURE_VERIFICATION
})

done()
})
})
})

it('should create an ipns record with a validity of 1 nanosecond correctly and it should not be valid 1ms later', (done) => {
const sequence = 0
const validity = 0.00001
Expand Down

0 comments on commit 33684e3

Please sign in to comment.