Sterister
e6fdf31b49
Some checks failed
Test / test (push) Has been cancelled
Cross-platform vectors / TypeScript vectors (bun) (push) Has been cancelled
Cross-platform vectors / Kotlin vectors (gradle) (push) Has been cancelled
Docker build and publish / docker (push) Has been cancelled
Publish / publish (push) Has been cancelled
V3.1 → V3.12 consolidated and tagged for the first GA release. Wire format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers byte-for-byte. The version bump is semantic: audit-cycle complete, opt-in surface fully exposed, threat model refreshed for every new surface. Highlights: - All 24 @shade/* packages bumped to 4.0.0 in lockstep. - CHANGELOG 4.0.0 section is the canonical manifest of what landed. - THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12 Web-Worker boundary) + residual-risks table refreshed. - OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox, bridge, observer, /metrics, /healthz, /ready. - MIGRATION 0.3.x → 4.0 documented + smoke-tested against shade migrate-storage on a real SQLite DB. - docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer. - scripts/soak.ts harness for the GA-stable 2-week soak window. - All V*.md plans archived under docs/archive/ with Status: Done. - Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen non-realtime stack. Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green. Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports version 4.0.0 on /health. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
224 lines
7.6 KiB
TypeScript
224 lines
7.6 KiB
TypeScript
import { describe, expect, test } from 'bun:test';
|
|
import { SubtleCryptoProvider } from '@shade/crypto-web';
|
|
import {
|
|
KTLogManager,
|
|
MemoryKTLogStore,
|
|
computeBundleHash,
|
|
ktProofFromWire,
|
|
ktProofToWire,
|
|
verifyBundleAbsence,
|
|
verifyBundleInclusion,
|
|
verifyBundleTombstone,
|
|
} from '../src/index.js';
|
|
import { KTSplitViewError, KTVerificationError } from '../src/errors.js';
|
|
|
|
const crypto = new SubtleCryptoProvider();
|
|
|
|
async function makeManager() {
|
|
const kp = await crypto.generateEd25519KeyPair();
|
|
const store = new MemoryKTLogStore();
|
|
const mgr = await KTLogManager.create({
|
|
crypto,
|
|
store,
|
|
signingPrivateKey: kp.privateKey,
|
|
signingPublicKey: kp.publicKey,
|
|
});
|
|
return { mgr, kp, store };
|
|
}
|
|
|
|
function fakeBundle(seed: number) {
|
|
return {
|
|
identitySigningKey: new Uint8Array(32).fill(seed),
|
|
identityDHKey: new Uint8Array(32).fill(seed + 1),
|
|
signedPreKey: {
|
|
keyId: 1,
|
|
publicKey: new Uint8Array(32).fill(seed + 2),
|
|
signature: new Uint8Array(64).fill(seed + 3),
|
|
},
|
|
};
|
|
}
|
|
|
|
describe('KTLogManager — happy paths', () => {
|
|
test('register + buildBundleInclusionProof + verify', async () => {
|
|
const { mgr, kp } = await makeManager();
|
|
const bundle = fakeBundle(0x10);
|
|
const bundleHash = computeBundleHash(bundle);
|
|
await mgr.recordRegister('alice', bundleHash);
|
|
const sth = await mgr.publishSTH();
|
|
|
|
const proof = await mgr.buildBundleInclusionProof('alice', sth);
|
|
expect(proof).not.toBeNull();
|
|
expect(proof!.body.kind).toBe('inclusion');
|
|
|
|
const verified = await verifyBundleInclusion(
|
|
{ crypto, logPublicKey: kp.publicKey },
|
|
'alice',
|
|
bundle,
|
|
proof!,
|
|
);
|
|
expect(verified.treeSize).toBe(1);
|
|
});
|
|
|
|
test('absence proof for unknown address verifies', async () => {
|
|
const { mgr, kp } = await makeManager();
|
|
await mgr.recordRegister('alice', computeBundleHash(fakeBundle(0x10)));
|
|
const sth = await mgr.publishSTH();
|
|
const proof = mgr.buildBundleAbsenceProof('zeta', sth);
|
|
expect(proof).not.toBeNull();
|
|
expect(proof!.body.kind).toBe('absence');
|
|
await verifyBundleAbsence({ crypto, logPublicKey: kp.publicKey }, 'zeta', proof!);
|
|
});
|
|
|
|
test('tombstone proof verifies after delete', async () => {
|
|
const { mgr, kp } = await makeManager();
|
|
await mgr.recordRegister('alice', computeBundleHash(fakeBundle(0x10)));
|
|
await mgr.recordDelete('alice');
|
|
const sth = await mgr.publishSTH();
|
|
const proof = await mgr.buildBundleInclusionProof('alice', sth);
|
|
expect(proof!.body.kind).toBe('tombstone');
|
|
const verified = await verifyBundleTombstone(
|
|
{ crypto, logPublicKey: kp.publicKey },
|
|
'alice',
|
|
proof!,
|
|
);
|
|
expect(verified.treeSize).toBe(2);
|
|
});
|
|
|
|
test('multiple addresses + STH at increasing tree sizes', async () => {
|
|
const { mgr, kp } = await makeManager();
|
|
const aliceBundle = fakeBundle(0x10);
|
|
const bobBundle = fakeBundle(0x20);
|
|
await mgr.recordRegister('alice', computeBundleHash(aliceBundle));
|
|
await mgr.recordRegister('bob', computeBundleHash(bobBundle));
|
|
const sth = await mgr.publishSTH();
|
|
expect(sth.treeSize).toBe(2);
|
|
|
|
const proofAlice = await mgr.buildBundleInclusionProof('alice', sth);
|
|
const proofBob = await mgr.buildBundleInclusionProof('bob', sth);
|
|
await verifyBundleInclusion(
|
|
{ crypto, logPublicKey: kp.publicKey },
|
|
'alice',
|
|
aliceBundle,
|
|
proofAlice!,
|
|
);
|
|
await verifyBundleInclusion(
|
|
{ crypto, logPublicKey: kp.publicKey },
|
|
'bob',
|
|
bobBundle,
|
|
proofBob!,
|
|
);
|
|
});
|
|
|
|
test('rotation: new register replaces old', async () => {
|
|
const { mgr, kp } = await makeManager();
|
|
const v1 = fakeBundle(0x10);
|
|
const v2 = fakeBundle(0x55);
|
|
await mgr.recordRegister('alice', computeBundleHash(v1));
|
|
await mgr.recordRegister('alice', computeBundleHash(v2));
|
|
const sth = await mgr.publishSTH();
|
|
const proof = await mgr.buildBundleInclusionProof('alice', sth);
|
|
// Latest is v2; verifying with v1's bundle should fail.
|
|
await expect(
|
|
verifyBundleInclusion({ crypto, logPublicKey: kp.publicKey }, 'alice', v1, proof!),
|
|
).rejects.toBeInstanceOf(KTVerificationError);
|
|
await verifyBundleInclusion(
|
|
{ crypto, logPublicKey: kp.publicKey },
|
|
'alice',
|
|
v2,
|
|
proof!,
|
|
);
|
|
});
|
|
});
|
|
|
|
describe('KTLogManager — wire encoding roundtrip', () => {
|
|
test('inclusion proof survives wire roundtrip', async () => {
|
|
const { mgr, kp } = await makeManager();
|
|
const bundle = fakeBundle(0x42);
|
|
await mgr.recordRegister('alice', computeBundleHash(bundle));
|
|
const sth = await mgr.publishSTH();
|
|
const proof = await mgr.buildBundleInclusionProof('alice', sth);
|
|
|
|
const wire = ktProofToWire(proof!);
|
|
const json = JSON.stringify(wire);
|
|
const back = ktProofFromWire(JSON.parse(json));
|
|
await verifyBundleInclusion(
|
|
{ crypto, logPublicKey: kp.publicKey },
|
|
'alice',
|
|
bundle,
|
|
back,
|
|
);
|
|
});
|
|
});
|
|
|
|
describe('Tampering detection', () => {
|
|
test('forged bundle (different signing key) is rejected', async () => {
|
|
const { mgr, kp } = await makeManager();
|
|
const real = fakeBundle(0x10);
|
|
await mgr.recordRegister('alice', computeBundleHash(real));
|
|
const sth = await mgr.publishSTH();
|
|
const proof = await mgr.buildBundleInclusionProof('alice', sth);
|
|
|
|
const forged = { ...real, identitySigningKey: new Uint8Array(32).fill(0xff) };
|
|
await expect(
|
|
verifyBundleInclusion({ crypto, logPublicKey: kp.publicKey }, 'alice', forged, proof!),
|
|
).rejects.toBeInstanceOf(KTVerificationError);
|
|
});
|
|
|
|
test('proof for alice cannot be re-used for bob (address mismatch)', async () => {
|
|
const { mgr, kp } = await makeManager();
|
|
const aliceBundle = fakeBundle(0x10);
|
|
await mgr.recordRegister('alice', computeBundleHash(aliceBundle));
|
|
const sth = await mgr.publishSTH();
|
|
const proof = await mgr.buildBundleInclusionProof('alice', sth);
|
|
await expect(
|
|
verifyBundleInclusion(
|
|
{ crypto, logPublicKey: kp.publicKey },
|
|
'bob',
|
|
aliceBundle,
|
|
proof!,
|
|
),
|
|
).rejects.toBeInstanceOf(KTVerificationError);
|
|
});
|
|
|
|
test('split-view: same tree_size with different roots is detected by witness', async () => {
|
|
const { mgr, kp } = await makeManager();
|
|
const bundle = fakeBundle(0x10);
|
|
await mgr.recordRegister('alice', computeBundleHash(bundle));
|
|
const sth = await mgr.publishSTH();
|
|
// Forge a *different* STH at the same tree_size — pretend the server
|
|
// signed two divergent versions.
|
|
const sth2 = await mgr.publishSTH();
|
|
expect(sth2.treeSize).toBe(sth.treeSize);
|
|
|
|
// To simulate a conflicting STH, sign one with a tampered root_hash.
|
|
const tampered = { ...sth, rootHash: new Uint8Array(sth.rootHash) };
|
|
tampered.rootHash[0] ^= 0xff;
|
|
// Re-sign with the same key so it would individually verify…
|
|
const forged = await (await import('../src/sth.js')).signSth(crypto, kp.privateKey, {
|
|
treeSize: tampered.treeSize,
|
|
timestampMs: tampered.timestampMs,
|
|
rootHash: tampered.rootHash,
|
|
indexRoot: tampered.indexRoot,
|
|
logId: tampered.logId,
|
|
});
|
|
|
|
const { LightWitness } = await import('../src/witness.js');
|
|
const witness = new LightWitness({
|
|
crypto,
|
|
logPublicKey: kp.publicKey,
|
|
fetcher: {
|
|
async fetchLatestSTH() {
|
|
return (await import('../src/sth.js')).sthToWire(sth, (b) =>
|
|
Buffer.from(b).toString('base64'),
|
|
);
|
|
},
|
|
async fetchConsistencyProof() {
|
|
return { proof: [] };
|
|
},
|
|
},
|
|
});
|
|
await witness.observe(sth);
|
|
await expect(witness.observe(forged)).rejects.toBeInstanceOf(KTSplitViewError);
|
|
});
|
|
});
|