release(v4.0.0): Shade GA — V3.x consolidation + audit prep
Some checks failed
Test / test (push) Has been cancelled
Cross-platform vectors / TypeScript vectors (bun) (push) Has been cancelled
Cross-platform vectors / Kotlin vectors (gradle) (push) Has been cancelled
Docker build and publish / docker (push) Has been cancelled
Publish / publish (push) Has been cancelled
Some checks failed
Test / test (push) Has been cancelled
Cross-platform vectors / TypeScript vectors (bun) (push) Has been cancelled
Cross-platform vectors / Kotlin vectors (gradle) (push) Has been cancelled
Docker build and publish / docker (push) Has been cancelled
Publish / publish (push) Has been cancelled
V3.1 → V3.12 consolidated and tagged for the first GA release. Wire format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers byte-for-byte. The version bump is semantic: audit-cycle complete, opt-in surface fully exposed, threat model refreshed for every new surface. Highlights: - All 24 @shade/* packages bumped to 4.0.0 in lockstep. - CHANGELOG 4.0.0 section is the canonical manifest of what landed. - THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12 Web-Worker boundary) + residual-risks table refreshed. - OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox, bridge, observer, /metrics, /healthz, /ready. - MIGRATION 0.3.x → 4.0 documented + smoke-tested against shade migrate-storage on a real SQLite DB. - docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer. - scripts/soak.ts harness for the GA-stable 2-week soak window. - All V*.md plans archived under docs/archive/ with Status: Done. - Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen non-realtime stack. Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green. Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports version 4.0.0 on /health. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
223
packages/shade-key-transparency/tests/witness.test.ts
Normal file
223
packages/shade-key-transparency/tests/witness.test.ts
Normal file
@@ -0,0 +1,223 @@
|
||||
import { describe, expect, test } from 'bun:test';
|
||||
import { SubtleCryptoProvider } from '@shade/crypto-web';
|
||||
import {
|
||||
KTLogManager,
|
||||
LightWitness,
|
||||
MemoryKTLogStore,
|
||||
computeBundleHash,
|
||||
computeLogId,
|
||||
signSth,
|
||||
sthToWire,
|
||||
} from '../src/index.js';
|
||||
import {
|
||||
KTLogIdMismatchError,
|
||||
KTSplitViewError,
|
||||
KTStaleSTHError,
|
||||
KTVerificationError,
|
||||
} from '../src/errors.js';
|
||||
import { toBase64, fromBase64 } from '../src/util.js';
|
||||
|
||||
const crypto = new SubtleCryptoProvider();
|
||||
|
||||
async function setup() {
|
||||
const kp = await crypto.generateEd25519KeyPair();
|
||||
const store = new MemoryKTLogStore();
|
||||
const mgr = await KTLogManager.create({
|
||||
crypto,
|
||||
store,
|
||||
signingPrivateKey: kp.privateKey,
|
||||
signingPublicKey: kp.publicKey,
|
||||
});
|
||||
return { kp, mgr };
|
||||
}
|
||||
|
||||
function fakeBundle(seed: number) {
|
||||
return {
|
||||
identitySigningKey: new Uint8Array(32).fill(seed),
|
||||
identityDHKey: new Uint8Array(32).fill(seed + 1),
|
||||
signedPreKey: {
|
||||
keyId: 1,
|
||||
publicKey: new Uint8Array(32).fill(seed + 2),
|
||||
signature: new Uint8Array(64).fill(seed + 3),
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
describe('LightWitness', () => {
|
||||
test('observes valid STH and stores it', async () => {
|
||||
const { kp, mgr } = await setup();
|
||||
await mgr.recordRegister('alice', computeBundleHash(fakeBundle(0x10)));
|
||||
const sth = await mgr.publishSTH();
|
||||
|
||||
const witness = new LightWitness({
|
||||
crypto,
|
||||
logPublicKey: kp.publicKey,
|
||||
fetcher: {
|
||||
async fetchLatestSTH() {
|
||||
return sthToWire(sth, toBase64);
|
||||
},
|
||||
async fetchConsistencyProof() {
|
||||
return { proof: [] };
|
||||
},
|
||||
},
|
||||
});
|
||||
const polled = await witness.pollOnce();
|
||||
expect(polled.treeSize).toBe(1);
|
||||
expect(witness.compare(sth)).toBe('agree');
|
||||
});
|
||||
|
||||
test('rejects STH whose log_id does not match pinned key', async () => {
|
||||
const { mgr } = await setup();
|
||||
const wrong = await crypto.generateEd25519KeyPair();
|
||||
await mgr.recordRegister('alice', computeBundleHash(fakeBundle(0x10)));
|
||||
const sth = await mgr.publishSTH();
|
||||
|
||||
const witness = new LightWitness({
|
||||
crypto,
|
||||
logPublicKey: wrong.publicKey, // pinned to wrong key
|
||||
fetcher: {
|
||||
async fetchLatestSTH() {
|
||||
return sthToWire(sth, toBase64);
|
||||
},
|
||||
async fetchConsistencyProof() {
|
||||
return { proof: [] };
|
||||
},
|
||||
},
|
||||
});
|
||||
await expect(witness.pollOnce()).rejects.toBeInstanceOf(KTLogIdMismatchError);
|
||||
});
|
||||
|
||||
test('rejects STH older than maxStaleMs', async () => {
|
||||
const { kp, mgr } = await setup();
|
||||
await mgr.recordRegister('alice', computeBundleHash(fakeBundle(0x10)));
|
||||
const sth = await mgr.publishSTH(1000); // far in the past
|
||||
const witness = new LightWitness({
|
||||
crypto,
|
||||
logPublicKey: kp.publicKey,
|
||||
fetcher: {
|
||||
async fetchLatestSTH() {
|
||||
return sthToWire(sth, toBase64);
|
||||
},
|
||||
async fetchConsistencyProof() {
|
||||
return { proof: [] };
|
||||
},
|
||||
},
|
||||
maxStaleMs: 1000,
|
||||
now: () => 10_000_000,
|
||||
});
|
||||
await expect(witness.pollOnce()).rejects.toBeInstanceOf(KTStaleSTHError);
|
||||
});
|
||||
|
||||
test('detects split-view at same tree_size', async () => {
|
||||
const { kp, mgr } = await setup();
|
||||
await mgr.recordRegister('alice', computeBundleHash(fakeBundle(0x10)));
|
||||
const sth1 = await mgr.publishSTH();
|
||||
|
||||
// Forge another signed STH with same tree_size but different rootHash
|
||||
const tamperedRoot = new Uint8Array(sth1.rootHash);
|
||||
tamperedRoot[0] ^= 0xff;
|
||||
const sth2 = await signSth(crypto, kp.privateKey, {
|
||||
treeSize: sth1.treeSize,
|
||||
timestampMs: sth1.timestampMs,
|
||||
rootHash: tamperedRoot,
|
||||
indexRoot: sth1.indexRoot,
|
||||
logId: computeLogId(kp.publicKey),
|
||||
});
|
||||
|
||||
const witness = new LightWitness({
|
||||
crypto,
|
||||
logPublicKey: kp.publicKey,
|
||||
fetcher: {
|
||||
async fetchLatestSTH() {
|
||||
return sthToWire(sth1, toBase64);
|
||||
},
|
||||
async fetchConsistencyProof() {
|
||||
return { proof: [] };
|
||||
},
|
||||
},
|
||||
});
|
||||
await witness.observe(sth1);
|
||||
await expect(witness.observe(sth2)).rejects.toBeInstanceOf(KTSplitViewError);
|
||||
});
|
||||
|
||||
test('verifies consistency between two successive STHs', async () => {
|
||||
const { kp, mgr } = await setup();
|
||||
await mgr.recordRegister('alice', computeBundleHash(fakeBundle(0x10)));
|
||||
const sth1 = await mgr.publishSTH();
|
||||
await mgr.recordRegister('bob', computeBundleHash(fakeBundle(0x20)));
|
||||
const sth2 = await mgr.publishSTH();
|
||||
|
||||
const consistency = await mgr.buildConsistencyProof(sth1.treeSize);
|
||||
const witness = new LightWitness({
|
||||
crypto,
|
||||
logPublicKey: kp.publicKey,
|
||||
fetcher: {
|
||||
async fetchLatestSTH() {
|
||||
return sthToWire(sth2, toBase64);
|
||||
},
|
||||
async fetchConsistencyProof() {
|
||||
return { proof: consistency.proof.map(toBase64) };
|
||||
},
|
||||
},
|
||||
});
|
||||
await witness.observe(sth1);
|
||||
await witness.observe(sth2);
|
||||
expect(witness.compare(sth2)).toBe('agree');
|
||||
});
|
||||
|
||||
test('rejects STH where log re-wrote history (consistency proof fails)', async () => {
|
||||
const { kp, mgr } = await setup();
|
||||
await mgr.recordRegister('alice', computeBundleHash(fakeBundle(0x10)));
|
||||
const sth1 = await mgr.publishSTH();
|
||||
|
||||
// Build a forked log where leaf 0 is different.
|
||||
const forkStore = new MemoryKTLogStore();
|
||||
const forkMgr = await KTLogManager.create({
|
||||
crypto,
|
||||
store: forkStore,
|
||||
signingPrivateKey: kp.privateKey,
|
||||
signingPublicKey: kp.publicKey,
|
||||
});
|
||||
await forkMgr.recordRegister('mallory', computeBundleHash(fakeBundle(0xee)));
|
||||
await forkMgr.recordRegister('bob', computeBundleHash(fakeBundle(0x20)));
|
||||
const forkedSth2 = await forkMgr.publishSTH();
|
||||
const forkedConsistency = await forkMgr.buildConsistencyProof(sth1.treeSize);
|
||||
|
||||
const witness = new LightWitness({
|
||||
crypto,
|
||||
logPublicKey: kp.publicKey,
|
||||
fetcher: {
|
||||
async fetchLatestSTH() {
|
||||
return sthToWire(forkedSth2, toBase64);
|
||||
},
|
||||
async fetchConsistencyProof() {
|
||||
return { proof: forkedConsistency.proof.map(toBase64) };
|
||||
},
|
||||
},
|
||||
});
|
||||
await witness.observe(sth1);
|
||||
await expect(witness.observe(forkedSth2)).rejects.toBeInstanceOf(KTVerificationError);
|
||||
});
|
||||
|
||||
test('compare returns "unknown" for tree_size we have not seen', async () => {
|
||||
const { kp, mgr } = await setup();
|
||||
await mgr.recordRegister('alice', computeBundleHash(fakeBundle(0x10)));
|
||||
const sth = await mgr.publishSTH();
|
||||
const witness = new LightWitness({
|
||||
crypto,
|
||||
logPublicKey: kp.publicKey,
|
||||
fetcher: {
|
||||
async fetchLatestSTH() {
|
||||
return sthToWire(sth, toBase64);
|
||||
},
|
||||
async fetchConsistencyProof() {
|
||||
return { proof: [] };
|
||||
},
|
||||
},
|
||||
});
|
||||
expect(witness.compare(sth)).toBe('unknown');
|
||||
});
|
||||
});
|
||||
|
||||
// Make TS happy about unused fromBase64
|
||||
void fromBase64;
|
||||
Reference in New Issue
Block a user