Merge pull request #109 from LiskHQ/107-handle-invalid-input-verifyMe…

…ssage Handle invalid input verify message - Fixes #107
LiskArchive · Apr 27, 2017 · 46ecd97 · 46ecd97
2 parents c100a71 + 06b65b4
commit 46ecd97
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 7 deletions.
diff --git a/dist/lisk-js.js b/dist/lisk-js.js
@@ -324,9 +324,9 @@ LiskAPI.prototype.sendRequest = function (requestType, options, callback) {
 				that.sendRequest(requestType, options, callback);
 			}, 1000);
 		} else {
-			var rejectAnswer = { error: error, message: 'could not create http request to any of the given peers' };
+			var rejectAnswer = { success: false, error: error, message: 'could not create http request to any of the given peers' };
 			if(!callback || (typeof callback !== 'function')) {
-				return Promise.reject(rejectAnswer);
+				return rejectAnswer;
 			} else {
 				return callback(rejectAnswer);
 			}
@@ -1979,10 +1979,18 @@ function verifyMessageWithPublicKey (signedMessage, publicKey) {
 	var signedMessageBytes = convert.hexToBuffer(signedMessage);
 	var publicKeyBytes = convert.hexToBuffer(publicKey);
 
-	var openSignature = naclInstance.crypto_sign_open(signedMessageBytes, publicKeyBytes);
+	if(publicKeyBytes.length !== 32) return { message: 'Invalid publicKey, expected 32-byte publicKey' };
+
+	//give appropriate error messages from crypto_sign_open
 
+	var openSignature = naclInstance.crypto_sign_open(signedMessageBytes, publicKeyBytes);
 	// Returns original message
-	return naclInstance.decode_utf8(openSignature);
+	if(openSignature) {
+		return naclInstance.decode_utf8(openSignature);
+	} else {
+		return { message: 'Invalid signature publicKey combination, cannot verify message' };
+	}
+
 }
 
 function convertPublicKeyEd2Curve (publicKey) {

diff --git a/dist/lisk-js.min.js b/dist/lisk-js.min.js
diff --git a/lib/transactions/crypto/sign.js b/lib/transactions/crypto/sign.js
@@ -61,10 +61,18 @@ function verifyMessageWithPublicKey (signedMessage, publicKey) {
 	var signedMessageBytes = convert.hexToBuffer(signedMessage);
 	var publicKeyBytes = convert.hexToBuffer(publicKey);
 
+	if(publicKeyBytes.length !== 32) return { message: 'Invalid publicKey, expected 32-byte publicKey' };
+
+	//give appropriate error messages from crypto_sign_open
 	var openSignature = naclInstance.crypto_sign_open(signedMessageBytes, publicKeyBytes);
 
-	// Returns original message
-	return naclInstance.decode_utf8(openSignature);
+	if(openSignature) {
+		// Returns original message
+		return naclInstance.decode_utf8(openSignature);
+	} else {
+		return { message: 'Invalid signature publicKey combination, cannot verify message' };
+	}
+
 }
 
 function convertPublicKeyEd2Curve (publicKey) {

diff --git a/test/transactions/crypto/index.js b/test/transactions/crypto/index.js
@@ -138,6 +138,23 @@ describe('crypto/index.js', function () {
 		it('should output the original signed message', function () {
 			(verifyMessage).should.be.equal(message);
 		});
+
+		it('should detect invalid publicKeys', function () {
+
+			var invalidPublicKey = keypair.publicKey + 'ERROR';
+			var invalidVerifyMessage = newcrypto.verifyMessageWithPublicKey(signedMessage, invalidPublicKey);
+
+			(invalidVerifyMessage.message).should.be.equal('Invalid publicKey, expected 32-byte publicKey');
+
+		});
+
+		it('should detect not verifyable signature', function () {
+
+			var signedMessage = newcrypto.signMessageWithSecret(message, secret) + 'ERROR';
+			var invalidVerifyMessage = newcrypto.verifyMessageWithPublicKey(signedMessage, publicKey);
+
+			(invalidVerifyMessage.message).should.be.equal('Invalid signature publicKey combination, cannot verify message');
+		});
 	});
 
 	describe('#printSignedMessage sign.js', function () {