diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4ebc8ae --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +coverage diff --git a/.rspec b/.rspec new file mode 100644 index 0000000..c99d2e7 --- /dev/null +++ b/.rspec @@ -0,0 +1 @@ +--require spec_helper diff --git a/Gemfile b/Gemfile index 93a7d09..5adc273 100644 --- a/Gemfile +++ b/Gemfile @@ -2,5 +2,8 @@ source 'https://rubygems.org' +gem 'rspec', '~> 3.1' gem 'rubocop', '~> 1.30' +gem 'rubocop-rspec', '~> 2.10' +gem 'simplecov', '~> 0.21', require: false gemspec diff --git a/Gemfile.lock b/Gemfile.lock index 76a4c5a..f4d7224 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -8,6 +8,8 @@ GEM remote: https://rubygems.org/ specs: ast (2.4.2) + diff-lcs (1.5.0) + docile (1.4.0) ed25519 (1.3.0) parallel (1.22.1) parser (3.1.2.0) @@ -15,6 +17,19 @@ GEM rainbow (3.1.1) regexp_parser (2.5.0) rexml (3.2.5) + rspec (3.11.0) + rspec-core (~> 3.11.0) + rspec-expectations (~> 3.11.0) + rspec-mocks (~> 3.11.0) + rspec-core (3.11.0) + rspec-support (~> 3.11.0) + rspec-expectations (3.11.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-mocks (3.11.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-support (3.11.0) rubocop (1.30.0) parallel (~> 1.10) parser (>= 3.1.0.0) @@ -26,7 +41,15 @@ GEM unicode-display_width (>= 1.4.0, < 3.0) rubocop-ast (1.18.0) parser (>= 3.1.1.0) + rubocop-rspec (2.11.1) + rubocop (~> 1.19) ruby-progressbar (1.11.0) + simplecov (0.21.2) + docile (~> 1.1) + simplecov-html (~> 0.11) + simplecov_json_formatter (~> 0.1) + simplecov-html (0.12.3) + simplecov_json_formatter (0.1.4) unicode-display_width (2.1.0) PLATFORMS @@ -34,7 +57,10 @@ PLATFORMS DEPENDENCIES minisign! + rspec (~> 3.1) rubocop (~> 1.30) + rubocop-rspec (~> 2.10) + simplecov (~> 0.21) BUNDLED WITH 2.1.4 diff --git a/README.md b/README.md index cd26d6f..1e08772 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Minisign.rb +# Minisign A rubygem for verifying [Minisign](http://jedisct1.github.io/minisign/) signatures. diff --git a/spec/minisign_spec.rb b/spec/minisign_spec.rb new file mode 100644 index 0000000..6e25693 --- /dev/null +++ b/spec/minisign_spec.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +describe Minisign::PublicKey do + before do + @pk = Minisign::PublicKey.new(File.read('test/local.pub').split("\n").pop) + @message = File.read('test/example.txt') + end + it 'verifies signatures' do + @signature = Minisign::Signature.new(File.read('test/example.txt.minisig')) + expect(@pk.verify(@signature, @message)).to match('Trusted comment') + end + it 'raises ed25519 errors' do + @signature = Minisign::Signature.new(File.read('test/example.txt.minisig.unverifiable')) + expect { @pk.verify(@signature, @message) }.to raise_error(Ed25519::VerifyError) + end + it 'verifies trusted comments' do + @signature = Minisign::Signature.new(File.read('test/example.txt.minisig.tampered')) + expect { @pk.verify(@signature, @message) }.to raise_error('Comment signature verification failed') + end +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb new file mode 100644 index 0000000..8a06978 --- /dev/null +++ b/spec/spec_helper.rb @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +require 'simplecov' +SimpleCov.start do + add_filter '/spec' +end + +require 'minisign' + +RSpec.configure do |config| + config.expect_with :rspec do |expectations| + expectations.include_chain_clauses_in_custom_matcher_descriptions = true + end + config.mock_with :rspec do |mocks| + mocks.verify_partial_doubles = true + end + config.shared_context_metadata_behavior = :apply_to_host_groups +end diff --git a/test/example.txt.minisig.tampered b/test/example.txt.minisig.tampered new file mode 100644 index 0000000..13f9d29 --- /dev/null +++ b/test/example.txt.minisig.tampered @@ -0,0 +1,4 @@ +untrusted comment: signature from minisign secret key +RUTg6JXWzv6GDmPMFIE8V3D+S6mi6FBFrUNwvRVZrLNrySSWT8HPLXhN16nSzb3WLTSd59SceVfGtgEP2FMHVAqTc40mLXBbJQ4= +trusted comment: timestamp:1653934367 file:example.txt hashed +YU7xAGNcc5LGLHHyw14S6xtIvhfF3chGJ/rLSauaiPb1jtnt6JHB/ieMIjqEZ8unxxLllXQ2t6uQqzIKsiwAAg== diff --git a/test/example.txt.minisig.unverifiable b/test/example.txt.minisig.unverifiable new file mode 100644 index 0000000..8c1ec59 --- /dev/null +++ b/test/example.txt.minisig.unverifiable @@ -0,0 +1,4 @@ +untrusted comment: signature from minisign secret key +RUTg6JXWzv6GDmPMFIE8V3D+S5mi6FBFrUNwvRVZrLNrySSWT8HPLXhN16nSzb3WLTSd59SceVfGtgEP2FMHVAqTc40mLXBbJQ4= +trusted comment: timestamp:1653934067 file:example.txt hashed +YU7xAGNcc5LGLHHyw14S6xtIvhfF3chGJ/rLSauaiPb1jtnt6JHB/ieMIjqEZ8unxxLllXQ2t6uQqzIKsiwAAg==