Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

message verify failed (sbot: invalid signature) #5

Closed
cryptix opened this issue Jan 21, 2019 · 0 comments
Closed

message verify failed (sbot: invalid signature) #5

cryptix opened this issue Jan 21, 2019 · 0 comments

Comments

@cryptix
Copy link
Member

cryptix commented Jan 21, 2019

There are still some edge cases around message verification:

caller=handler.go:112 module=sbot plugin=gossip handleConnect="fetchFeed hops failed" 
err="fetchFeed(@/02iw6SFEPIHl8nMkYSwcCgRWxiG6VP547Wcp1NW8Bo=.ed25519:4505):
message verify failed:
ssb Verify(@/02iw6SFEPIHl8nMkYSwcCgRWxiG6VP547Wcp1NW8Bo=.ed25519:4506):
could not verify message: sbot: invalid signature"

If you have the feed in question you can do this to reproduce the problem and get an extended diff:

$ cd ssb/message
$ npm i
$ node encode_test.js '@/02iw6SFEPIHl8nMkYSwcCgRWxiG6VP547Wcp1NW8Bo=.ed25519'
$ go test

2019/01/21 23:07:25 loaded 5366 messages from testdata.zip
--- FAIL: TestSignatureVerify (1.05s)
    signature_test.go:26: strings are not identical: 
        {
          "previous": "%N4UCoD60og80twWAv6cliXOAPfBcg2yU1bFxnMz4ElM=.sha256",
          "author": "@/02iw6SFEPIHl8nMkYSwcCgRWxiG6VP547Wcp1NW8Bo=.ed25519",
          "sequence": 4506,
          "timestamp": 1462418380624,
          "hash": "sha256",
          "content": {
            "type": "post",
            "text": "- http://research.microsoft.com/en-us/um/people/simonpj/Papers/financial-contracts/contracts-icfp.pdf\n\nopens with haskell and one-letter variable names. great start.\n\n> At this point, any red-blooded funtional programmer should start to foam at the mouth, yelling \"build a combinator library\". And indeed, that turns out to be not only possible, but tremendously bene\fu000cficial.\n\nok agree, way better than that powerpoint\n\n> `c7 = scaleK 100 (get (truncate t1 (one GBP)))`\n\nso the author says these are the four functions that make a contract that pays 100 GBP at time t1.\n\n> Why did we go to the trouble of de\fu000cfining zb in terms of four combinators, rather than making it primitive? Beause it turns out that `scaleK`, `get`, `truncate`, and `one` are all independently useful.\n\n\"it turns out\" instantiates a contract too, i think.\n\n> The temperature in Los Angeles can be objectively measured; but the value to me of insuring my house is subjective, and is not an observable. Observables are thus a diff\u000berent \"kind of thing\" from contracts, so we give them a di\u000bfferent type:\n\nnot sure i buy that syllogism...\n\n![legalese.png](&wWf1aNvgqvtWnu7fywNff2UALjcrsmKxK4RgePUixm4=.sha256)\n\nok sure\n\n![gibberish.png](&6/6P/avhWbg9GNVVZ8qqBatjMwwPEHil1mRm3uzuUxc=.sha256)\n\n:\\\n\n> Much of the subtlety in \fu000cfinancial contracts arises because the participants can exercise choices. We enapsulate choice in two primitive combinators, or and anytime. The former allows one to choose which of two contracts to acquire (this section), while the latter allows one to choose when to acquire it (Section 3.5).\n\nsure, why not\n\nthere is a second section about evaluation, which hopefully answers the burning questions this section raises (next msg)",
            "root": "%9NYn+97xLhIqI0oPdiWxOckPODa9X267553iFtEDH74=.sha256",
            "branch": "%N4UCoD60og80twWAv6cliXOAPfBcg2yU1bFxnMz4ElM=.sha256",
            "mentions": [
              {
                "link": "&wWf1aNvgqvtWnu7fywNff2UALjcrsmKxK4RgePUixm4=.sha256",
                "name": "legalese.png",
                "size": 135799,
                "type": "image/png"
              },
              {
                "link": "&6/6P/avhWbg9GNVVZ8qqBatjMwwPEHil1mRm3uzuUxc=.sha256",
                "name": "gibberish.png",
                "size": 53361,
                "type": "image/png"
              }
            ],
            "channel": "networks"
          }
        }
    require.go:794: 
                Error Trace:    signature_test.go:29
                Error:          Received unexpected error:
                                sbot: invalid signature
                                go.cryptoscope.co/ssb/message.Signature.Verify
                                        /home/cryptix/go/src/go.cryptoscope.co/ssb/message/signature.go:56
                                go.cryptoscope.co/ssb/message.TestSignatureVerify
                                        /home/cryptix/go/src/go.cryptoscope.co/ssb/message/signature_test.go:28
                                testing.tRunner
                                        /nix/store/1205i5sksik4dqlr85pphrrllmic9a9n-go-1.11.4/share/go/src/testing/testing.go:827
                                runtime.goexit
                                        /nix/store/1205i5sksik4dqlr85pphrrllmic9a9n-go-1.11.4/share/go/src/runtime/asm_amd64.s:1333
                Test:           TestSignatureVerify
                Messages:       verify failed
FAIL
exit status 1
FAIL    go.cryptoscope.co/ssb/message   1.241s

(The paste stripped the color encoding. The gist of the diff is should have \f but has \u000c)

There is another one of these involving float encoding documented in this thread: http://viewer.scuttlebot.io/%25ej5uaph%2BvBGQmX%2B9lFywOLzyZMbpBvZ5khm26ERdZbo%3D.sha256
cryptix added a commit that referenced this issue Jan 21, 2019
@cryptix
Fix Message Verification (updates #5)
23f3c1e 
This fixes two identified cases. There might be more.

1) fix \f encoding

Somehow this one wasn't captured by %q in encode.go
There might be a better place for unicodeEscapeSome()

2) keep original string of floats

Reproducing the exact behavior of v8' JSONification of floats is still
troubling.
keks pushed a commit that referenced this issue Jan 25, 2019
@cryptix
Fix Message Verification (updates #5)
031236f 
This fixes two identified cases. There might be more.

1) fix \f encoding

Somehow this one wasn't captured by %q in encode.go
There might be a better place for unicodeEscapeSome()

2) keep original string of floats

Reproducing the exact behavior of v8' JSONification of floats is still
troubling.
decentral1se referenced this issue in decentral1se/ssb Oct 28, 2022
@boreq
Always recurse to process followees of people we follow (#5)
dec8a69 
Under normal circumstances SSB clients build a list of feeds which should be
replicated by analysing contact messages. Each contact messages creates a
directed edge connecting two vertices constituting relevant feeds in the
so-called social graph. To create a list of feeds to replicate the graph is
walked following the directed edges up to a certain depth, starting with the
local node.

This behaviour is more complicated in go-ssb. The library will only follow the
edge if the edge is mutual (sometimes referred to as "friends"). This was
reported as counterintuitive as other clients do not behave in this way.

This commit changes this behaviour to the default behaviour described in the
first paragraph of this commit message.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cryptix