fix(wire/net): remove test backend signature from authMsg of exchange address protocol

NhoxxKienn · NhoxxKienn · commit 092ffbb9358d · 2025-05-19T13:06:46.000+02:00
Signed-off-by: Minh Huy Tran &lt;huy@perun.network&gt;
diff --git a/wire/account.go b/wire/account.go
@@ -84,7 +84,7 @@ func (m *AuthResponseMsg) Decode(r io.Reader) (err error) {
 }
 
 // NewAuthResponseMsg creates an authentication response message.
-func NewAuthResponseMsg(acc map[wallet.BackendID]Account) (Msg, error) {
+func NewAuthResponseMsg(acc map[wallet.BackendID]Account, backendID wallet.BackendID) (Msg, error) {
 	addressMap := make(map[wallet.BackendID]Address)
 	for id, a := range acc {
 		addressMap[id] = a.Address()
@@ -98,7 +98,7 @@ func NewAuthResponseMsg(acc map[wallet.BackendID]Account) (Msg, error) {
 		}
 		addressBytes = append(addressBytes, addrBytes...)
 	}
-	signature, err := acc[testBackendID].Sign(addressBytes)
+	signature, err := acc[backendID].Sign(addressBytes)
 	if err != nil {
 		return nil, fmt.Errorf("failed to sign address: %w", err)
 	}
diff --git a/wire/net/exchange_addr.go b/wire/net/exchange_addr.go
@@ -63,33 +63,35 @@ func IsAuthenticationError(err error) bool {
 func ExchangeAddrsActive(ctx context.Context, id map[wallet.BackendID]wire.Account, peer map[wallet.BackendID]wire.Address, conn Conn) error {
 	var err error
 	ok := pkg.TerminatesCtx(ctx, func() {
-		authMsg, err2 := wire.NewAuthResponseMsg(id)
-		if err2 != nil {
-			err = errors.WithMessage(err2, "creating auth message")
-			return
-		}
-		err = conn.Send(&wire.Envelope{
-			Sender:    wire.AddressMapfromAccountMap(id),
-			Recipient: peer,
-			Msg:       authMsg,
-		})
-		if err != nil {
-			err = errors.WithMessage(err, "sending message")
-			return
-		}
+		for bid := range id {
+			authMsg, err2 := wire.NewAuthResponseMsg(id, bid)
+			if err2 != nil {
+				err = errors.WithMessage(err2, "creating auth message")
+				return
+			}
+			err = conn.Send(&wire.Envelope{
+				Sender:    wire.AddressMapfromAccountMap(id),
+				Recipient: peer,
+				Msg:       authMsg,
+			})
+			if err != nil {
+				err = errors.WithMessage(err, "sending message")
+				return
+			}
 
-		var e *wire.Envelope
-		if e, err = conn.Recv(); err != nil {
-			err = errors.WithMessage(err, "receiving message")
-		} else if _, ok := e.Msg.(*wire.AuthResponseMsg); !ok {
-			err = errors.Errorf("expected AuthResponse wire msg, got %v", e.Msg.Type())
-		} else if msg, ok := e.Msg.(*wire.AuthResponseMsg); ok {
-			if check := VerifyAddressSignature(peer, msg.Signature); check != nil {
-				err = errors.WithMessage(check, "verifying peer address's signature")
+			var e *wire.Envelope
+			if e, err = conn.Recv(); err != nil {
+				err = errors.WithMessage(err, "receiving message")
+			} else if _, ok := e.Msg.(*wire.AuthResponseMsg); !ok {
+				err = errors.Errorf("expected AuthResponse wire msg, got %v", e.Msg.Type())
+			} else if msg, ok := e.Msg.(*wire.AuthResponseMsg); ok {
+				if check := VerifyAddressSignature(peer, msg.Signature); check != nil {
+					err = errors.WithMessage(check, "verifying peer address's signature")
+				}
+			} else if !channel.EqualWireMaps(e.Recipient, wire.AddressMapfromAccountMap(id)) &&
+				!channel.EqualWireMaps(e.Sender, peer) {
+				err = NewAuthenticationError(e.Sender, e.Recipient, wire.AddressMapfromAccountMap(id), "unmatched response sender or recipient")
 			}
-		} else if !channel.EqualWireMaps(e.Recipient, wire.AddressMapfromAccountMap(id)) &&
-			!channel.EqualWireMaps(e.Sender, peer) {
-			err = NewAuthenticationError(e.Sender, e.Recipient, wire.AddressMapfromAccountMap(id), "unmatched response sender or recipient")
 		}
 	})
 
@@ -108,33 +110,35 @@ func ExchangeAddrsPassive(ctx context.Context, id map[wallet.BackendID]wire.Acco
 	var err error
 	addrs := wire.AddressMapfromAccountMap(id)
 	ok := pkg.TerminatesCtx(ctx, func() {
-		var e *wire.Envelope
-		if e, err = conn.Recv(); err != nil {
-			err = errors.WithMessage(err, "receiving auth message")
-		} else if _, ok := e.Msg.(*wire.AuthResponseMsg); !ok {
-			err = errors.Errorf("expected AuthResponse wire msg, got %v", e.Msg.Type())
-		} else if !channel.EqualWireMaps(e.Recipient, addrs) {
-			err = NewAuthenticationError(e.Sender, e.Recipient, wire.AddressMapfromAccountMap(id), "unmatched response sender or recipient")
-		} else if msg, ok := e.Msg.(*wire.AuthResponseMsg); ok {
-			if err = VerifyAddressSignature(e.Sender, msg.Signature); err != nil {
-				err = errors.WithMessage(err, "verifying peer address's signature")
+		for bid := range id {
+			var e *wire.Envelope
+			if e, err = conn.Recv(); err != nil {
+				err = errors.WithMessage(err, "receiving auth message")
+			} else if _, ok := e.Msg.(*wire.AuthResponseMsg); !ok {
+				err = errors.Errorf("expected AuthResponse wire msg, got %v", e.Msg.Type())
+			} else if !channel.EqualWireMaps(e.Recipient, addrs) {
+				err = NewAuthenticationError(e.Sender, e.Recipient, wire.AddressMapfromAccountMap(id), "unmatched response sender or recipient")
+			} else if msg, ok := e.Msg.(*wire.AuthResponseMsg); ok {
+				if err = VerifyAddressSignature(e.Sender, msg.Signature); err != nil {
+					err = errors.WithMessage(err, "verifying peer address's signature")
+				}
 			}
-		}
 
-		if err != nil {
-			return
-		}
+			if err != nil {
+				return
+			}
 
-		authMsg, err2 := wire.NewAuthResponseMsg(id)
-		if err2 != nil {
-			err = errors.WithMessage(err2, "creating auth message")
-			return
+			authMsg, err2 := wire.NewAuthResponseMsg(id, bid)
+			if err2 != nil {
+				err = errors.WithMessage(err2, "creating auth message")
+				return
+			}
+			addr, err = e.Sender, conn.Send(&wire.Envelope{
+				Sender:    wire.AddressMapfromAccountMap(id),
+				Recipient: e.Sender,
+				Msg:       authMsg,
+			})
 		}
-		addr, err = e.Sender, conn.Send(&wire.Envelope{
-			Sender:    wire.AddressMapfromAccountMap(id),
-			Recipient: e.Sender,
-			Msg:       authMsg,
-		})
 	})
 
 	if !ok {
diff --git a/wire/test/msgstest.go b/wire/test/msgstest.go
@@ -40,7 +40,7 @@ func AuthMsgsSerializationTest(t *testing.T, serializerTest func(t *testing.T, m
 	t.Helper()
 
 	rng := pkgtest.Prng(t)
-	testMsg, err := wire.NewAuthResponseMsg(NewRandomAccountMap(rng, TestBackendID))
+	testMsg, err := wire.NewAuthResponseMsg(NewRandomAccountMap(rng, TestBackendID), TestBackendID)
 	if err != nil {
 		t.Fatal(err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -84,7 +84,7 @@ func (m *AuthResponseMsg) Decode(r io.Reader) (err error) {`
`84`	`84`	`}`
`85`	`85`
`86`	`86`	`// NewAuthResponseMsg creates an authentication response message.`
`87`		`-func NewAuthResponseMsg(acc map[wallet.BackendID]Account) (Msg, error) {`
	`87`	`+func NewAuthResponseMsg(acc map[wallet.BackendID]Account, backendID wallet.BackendID) (Msg, error) {`
`88`	`88`	`addressMap := make(map[wallet.BackendID]Address)`
`89`	`89`	`for id, a := range acc {`
`90`	`90`	`addressMap[id] = a.Address()`
`@@ -98,7 +98,7 @@ func NewAuthResponseMsg(acc map[wallet.BackendID]Account) (Msg, error) {`
`98`	`98`	`}`
`99`	`99`	`addressBytes = append(addressBytes, addrBytes...)`
`100`	`100`	`}`
`101`		`- signature, err := acc[testBackendID].Sign(addressBytes)`
	`101`	`+ signature, err := acc[backendID].Sign(addressBytes)`
`102`	`102`	`if err != nil {`
`103`	`103`	`return nil, fmt.Errorf("failed to sign address: %w", err)`
`104`	`104`	`}`
Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ func AuthMsgsSerializationTest(t testing.T, serializerTest func(t testing.T, m`
`40`	`40`	`t.Helper()`
`41`	`41`
`42`	`42`	`rng := pkgtest.Prng(t)`
`43`		`- testMsg, err := wire.NewAuthResponseMsg(NewRandomAccountMap(rng, TestBackendID))`
	`43`	`+ testMsg, err := wire.NewAuthResponseMsg(NewRandomAccountMap(rng, TestBackendID), TestBackendID)`
`44`	`44`	`if err != nil {`
`45`	`45`	`t.Fatal(err)`
`46`	`46`	`}`