From d930e68e5342831cc4c568fb3e57a94e847dd129 Mon Sep 17 00:00:00 2001 From: Rick Carlino Date: Thu, 15 Oct 2020 07:30:30 -0500 Subject: [PATCH] :clap::tada: Message verification works on the Golang version! Hooray! --- README.md | 7 +++---- project/decoders.go | 4 ++++ project/parser.go | 8 ++++++-- project/verify.go | 17 ++++++++++++++--- 4 files changed, 27 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 4f955bd..2457df2 100644 --- a/README.md +++ b/README.md @@ -20,14 +20,13 @@ Email `contact@vaporsfot.xyz` if you have any questions. * Writing a BNF grammar for message parsing * Test coverage increases * Manual QA of features and edge cases + * Providing constructive feedback on documentation * Cross-compiling windows binaries * General Golang help (I am a Golang novice- project structure could be improved) - * Security auditing and vulnerability discovery. Please send security concerns to `contact@vaporsoft.xyz`. + * Security auditing and vulnerability discovery. Please send security concerns to `contact@vaporsoft.xyz` privately. # TODO -**CURRENT TASK:** Write a message parser. - - [ ] Add a real testing lib to DRY things up. - [ ] Get a good CI system going? Run tests at PR time, provide prebuilt binaries, prevent coverage slips, etc.. - [ ] Add a `transact()` helper to ensure all transactions are closed out. @@ -38,8 +37,8 @@ Email `contact@vaporsfot.xyz` if you have any questions. |Done?|Noun |Verb | Flag / arg 1 | Flag 2 | |-----|------------|-----------|---------------|-----------| - | |blob |remove | mhash | | | |bundle |ingest | | | + | |blob |remove | mhash | | | |message |show | message mhash | | | |message |find | --all | | | |message |find | --last | | diff --git a/project/decoders.go b/project/decoders.go index 9f6258b..1dae61c 100644 --- a/project/decoders.go +++ b/project/decoders.go @@ -21,6 +21,10 @@ func B32Decode(input string) []byte { return output } +func decodeMhash(input string) []byte { + return []byte(B32Decode(input[5:])) +} + func validateMhash(input string) string { arry := strings.Split(input, ".") if len(arry) != 2 { diff --git a/project/parser.go b/project/parser.go index da2fe89..c6285af 100644 --- a/project/parser.go +++ b/project/parser.go @@ -119,13 +119,17 @@ func parseBody(state *parserState) { } func parseFooter(state *parserState) { + t := state.scanner.Text() + chunks := strings.Split(t, " ") + state.buffer.signature = chunks[1] state.mode = parsingDone err := verifyShallow(&state.buffer) if err != nil { - state.results = append(state.results, state.buffer) - state.buffer = pigeonMessage{} panicf("Message verification failed for %s. %s", state.buffer.signature, err) } + state.results = append(state.results, state.buffer) + state.buffer.body = []pigeonBodyItem{} + state.buffer = pigeonMessage{} } func maybeContinue(state *parserState) { diff --git a/project/verify.go b/project/verify.go index 19c2d6d..4987fcc 100644 --- a/project/verify.go +++ b/project/verify.go @@ -1,6 +1,7 @@ package main import ( + "crypto/ed25519" "errors" "fmt" "regexp" @@ -69,8 +70,18 @@ func validateBodyValue(value *string) error { return nil } -func validateSignature(_topHalf string, _b32signature string) error { - return errors.New("WIP") +func validateSignature(message *pigeonMessage, topHalf string) error { + asciiSignature := message.signature + signature := []byte(B32Decode(asciiSignature)) + publicKey := decodeMhash(message.author) + ok := ed25519.Verify(publicKey, []byte(topHalf), signature) + + if ok { + return nil + } + + error := fmt.Sprintf("Can't verify message %s", message.signature) + return errors.New(error) } func verifyBodyItem(bodyItem *pigeonBodyItem) error { @@ -113,6 +124,6 @@ func verifyShallow(message *pigeonMessage) error { } buffer.Write([]byte("\n")) - validateSignature(buffer.String(), message.signature) + validateSignature(message, buffer.String()) return nil }