Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Only increment nonce for valid messages #199

Closed
dapplion opened this issue Aug 18, 2022 · 2 comments · Fixed by #200
Closed

Only increment nonce for valid messages #199

dapplion opened this issue Aug 18, 2022 · 2 comments · Fixed by #200
Assignees

Comments

@dapplion
Copy link
Contributor

When receiving a message we increment the nonce before validating message integrity

public decryptWithAd (cs: CipherState, ad: Uint8Array, ciphertext: Uint8Array): {plaintext: bytes, valid: boolean} {
const { plaintext, valid } = this.decrypt(cs.k, cs.n, ad, ciphertext)
cs.n.increment()
return { plaintext, valid }
}

And attacker could fill nonce spots and break comms if it can MITM the connection

@mpetrunic
Copy link
Member

The whole point of noise is to prevent MITM. And even if somebody succeeds it can only reset con with that one peer he managed to corrupt so it isn't really important I guess?

@wemeetagain
Copy link
Member

Tracing thru the code it seems that at most a single message can decrypt incorrectly before the stream is reset.
two cases:

  1. during handshake, the handshake throws, https://github.com/ChainSafe/js-libp2p-noise/blob/master/src/handshake-xx.ts L74, L88, L126
  2. after handshake, during streaming, iterable throws, https://github.com/ChainSafe/js-libp2p-noise/blob/master/src/crypto/streaming.ts L34

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
No open projects
Archived in project
Development

Successfully merging a pull request may close this issue.

3 participants