From c6378ad7976a784bc170f80f4ecb20db2e16ece3 Mon Sep 17 00:00:00 2001 From: Shibo Lyu Date: Mon, 30 Sep 2024 16:17:19 +0800 Subject: [PATCH] fix(identity): catching sig verification errors --- identity/identity.test.ts | 35 +++++++++++++++++++++++++++++++++-- identity/identity.ts | 4 ++-- 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/identity/identity.test.ts b/identity/identity.test.ts index 318b403..269d859 100644 --- a/identity/identity.test.ts +++ b/identity/identity.test.ts @@ -3,8 +3,8 @@ import { BlahKeyPair } from "../crypto/mod.ts"; import { BlahIdentity } from "./identity.ts"; import type { BlahIdentityFile, BlahProfile } from "./mod.ts"; -const idKeyPair = await BlahKeyPair.generate(); -const actKeyPair = await BlahKeyPair.generate(); +let idKeyPair: BlahKeyPair; +let actKeyPair: BlahKeyPair; const profile: BlahProfile = { typ: "profile", name: "Shibo Lyu", @@ -17,6 +17,8 @@ let identityFile: BlahIdentityFile; let identityFromFile: BlahIdentity; Deno.test("create identity", async () => { + idKeyPair = await BlahKeyPair.generate(); + actKeyPair = await BlahKeyPair.generate(); identity = await BlahIdentity.create(idKeyPair, actKeyPair, profile); }); @@ -48,6 +50,35 @@ Deno.test("parse identity file", async () => { identityFromFile = await BlahIdentity.fromIdentityFile(identityFile); }); +Deno.test("identity file profile sigs are properly verfied", async () => { + const identityFileWithProfileInvalidProfileSig: BlahIdentityFile = { + ...identityFile, + profile: { ...identityFile.profile, sig: "_ obviously not a valid sig _" }, + }; + const identityWithProfileInvalidProfileSig = await BlahIdentity + .fromIdentityFile( + identityFileWithProfileInvalidProfileSig, + ); + expect(identityWithProfileInvalidProfileSig.profileSigValid).toBe(false); +}); + +Deno.test("identity file act key sigs are properly verfied", async () => { + const identityFileWithActKeyInvalidActKeySig: BlahIdentityFile = { + ...identityFile, + act_keys: [ + { + ...identityFile.act_keys[0], + sig: "_ obviously not a valid sig _", + }, + ], + }; + const identityWithActKeyInvalidActKeySig = await BlahIdentity + .fromIdentityFile( + identityFileWithActKeyInvalidActKeySig, + ); + expect(identityWithActKeyInvalidActKeySig.actKeys[0].sigValid).toBe(false); +}); + Deno.test("add a second act key", async () => { const actKeyPair2 = await BlahKeyPair.generate(); await identity.addActKey(actKeyPair2, { comment: "test" }); diff --git a/identity/identity.ts b/identity/identity.ts index 86c6965..5de241c 100644 --- a/identity/identity.ts +++ b/identity/identity.ts @@ -31,7 +31,7 @@ async function constructActKeyFromRaw( const publicKey = idKey instanceof BlahKeyPair ? idKey.publicKey : idKey; let sigValid = false; try { - publicKey.verifyPayload(raw); + await publicKey.verifyPayload(raw); sigValid = true; } catch { sigValid = false; @@ -151,7 +151,7 @@ export class BlahIdentity { } let profileSigValid = false; try { - profileSigningKey.verifyPayload(rawProfile); + await profileSigningKey.verifyPayload(rawProfile); profileSigValid = true; } catch { profileSigValid = false;