test to verify message signatures

2020-03-13 07:39:44 -05:00 · 2020-03-13 07:39:44 -05:00 · ff1c7cee00
parent 18d82f30f7
commit ff1c7cee00
3 changed files with 36 additions and 23 deletions
--- a/README.md
+++ b/README.md
@ -24,6 +24,8 @@ Eg: `pigeon identity show` becomes `./pigeon-cli show`.
 - [X] pigeon peer block
 - [X] pigeon peer all
 - [X] 100% coverage
+ - [ ] Convert `".sig.ed25519"` literals to constants
+ - [ ] Reduce whole darn repo into single module to aide portability
 - [ ] Remove all `.current` "singletons" / hacks
 - [ ] Rename numerous "pigeon message ..." commands to "pigeon draft ..."
 - [ ] pigeon bundle create
--- a/dist/pigeon/message.rb
+++ b/dist/pigeon/message.rb
@ -26,6 +26,18 @@ module Pigeon

    private

+    def template
+      @template ||= MessageSerializer.new(self)
+    end
+
+    def template_string
+      @template_string ||= template.render_without_signature
+    end
+
+    def keypair
+      @keypair ||= KeyPair.current
+    end
+
    def initialize(author:, kind:, body:)
      raise "BODY CANT BE EMPTY" if body.empty?
      @author = author
@ -33,17 +45,15 @@ module Pigeon
      @body = body
      # Side effects in a constructor? Hmm...
      store = Pigeon::Storage.current
-      @signature = calculate_signature
      @depth = store.message_count
+      @signature = calculate_signature
      @prev = store.get_message_by_depth(@author, @depth - 1)
      self.freeze
      store.save_message(self)
    end

    def calculate_signature
-      template = MessageSerializer.new(self)
-      string = template.render_without_signature
-      KeyPair.current.sign(string)
+      keypair.sign(template_string)
    end
  end
 end
--- a/spec/pigeon/message_spec.rb
+++ b/spec/pigeon/message_spec.rb
@ -90,30 +90,31 @@ RSpec.describe Pigeon::Message do
    expect(m4.prev).to be
  end

+  # Init keypair
+  # Get secret
+  # Create signing key
+
  it "verifies accuracy of signatures" do
-    # Initial setup
+    # === Initial setup
    Pigeon::KeyPair.current
    secret = Pigeon::Storage.current.get_config(Pigeon::SEED_CONFIG_KEY)
-    real_signing_key = Pigeon::KeyPair.current.instance_variable_get(:@signing_key)
-    signing_key = Ed25519::SigningKey.new(secret)
+    message = template.message
    plaintext = template.render_without_signature
-    duplicate_plaintext =
-      Pigeon::MessageSerializer.new(template.message).render_without_signature
-    # Sanity checks
-    expect(secret.length).to eq(32)
-    expect(plaintext).to eq(duplicate_plaintext)
-    expect(real_signing_key.to_bytes).to eq(signing_key.to_bytes)
-    random_string = SecureRandom.uuid
-    random_sig1 = Base64.urlsafe_encode64(signing_key.sign(random_string))
-    random_sig2 =
-      Pigeon::KeyPair.current.sign(random_string).gsub(".sig.ed25519", "")
-    expect(random_sig1).to eq(random_sig2)

-    duplicate_signature =
-      Base64.urlsafe_encode64(signing_key.sign(plaintext))
-    real_sinature = template.message.signature.gsub(".sig.ed25519", "")
+    # Make fake pairs of data for cross-checking
+    key1 = Pigeon::KeyPair.current.instance_variable_get(:@signing_key)
+    key2 = Ed25519::SigningKey.new(secret)

-    binding.pry
-    expect(real_sinature).to eq(duplicate_signature)
+    sig1 = key1.sign(plaintext)
+    sig2 = key2.sign(plaintext)
+
+    expect(key1.seed).to eq(key2.seed)
+    expect(sig1).to eq(sig2)
+
+    sig1_b64 = Base64.urlsafe_encode64(sig1) + ".sig.ed25519"
+    sig2_b64 = Base64.urlsafe_encode64(sig2) + ".sig.ed25519"
+
+    expect(message.signature).to eq(sig1_b64)
+    expect(message.signature).to eq(sig2_b64)
  end
 end