feat(apple): adapt the macOS client to ABI v2 — client identity + SPAKE2 PIN pairing
ci / rust (push) Has been cancelled
ci / rust (push) Has been cancelled
The pairing/renegotiation batch bumped the punktfunk/1 ABI to v2 and the host now hard-rejects v1 Hellos (m3.rs), so streaming from the Mac was dead until the bundled PunktfunkCore.xcframework is rebuilt — it is gitignored, so that is a per-checkout step: bash scripts/build-xcframework.sh. The Swift wrapper itself was already adapted upstream; this lands the app on top of it. - ClientIdentityStore: persistent client identity in the login Keychain, presented on every connect so paired hosts recognize this Mac. Keychain access failure throws instead of regenerating (a fresh identity would silently un-pair this Mac from every --require-pairing host); a lost first-run race resolves toward the stored identity; pairing uses the strict loadForPairing() so a memory-only identity can't strand a ceremony. - PairSheet: the SPAKE2 PIN ceremony, reachable from a host card's context menu and from the trust prompt's "Pair with PIN instead…" (which drops the live session first — the host's accept loop is sequential). Success pins the verified fingerprint and connects; an in-flight ceremony self-discards when the sheet is dismissed, so a late success can't pin + auto-connect behind the user's back. Wrong PIN and Keychain failures get distinct, actionable error text. - Tests: identity unit tests; the full pairing ceremony + --require-pairing gate on loopback (test-loopback.sh arms a second host, parses its PIN from the log, and gives both hosts throwaway config homes — no more writes to the real ~/.config/punktfunk); remote pairing + pinned stream over the LAN (PUNKTFUNK_REMOTE_PIN, _PORT). Validated live against the box: SPAKE2 ceremony with the host's arming PIN → verified fingerprint → pinned + identified 720p60 session (host persisted the client identity); first light 60/60 AUs decoded to pixels; vkcube on glass through the app. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,36 @@
|
||||
// Client identity generation through the ABI (punktfunk_generate_identity): the PEM pair
|
||||
// hosts use to recognize a paired client. Pure local crypto — no host needed.
|
||||
|
||||
import XCTest
|
||||
@testable import PunktfunkKit
|
||||
|
||||
final class IdentityTests: XCTestCase {
|
||||
func testGenerateIdentityYieldsDistinctPEMPairs() throws {
|
||||
let a = try generateIdentity()
|
||||
let b = try generateIdentity()
|
||||
|
||||
XCTAssertTrue(a.certPEM.contains("BEGIN CERTIFICATE"), "cert is PEM")
|
||||
XCTAssertTrue(a.keyPEM.contains("PRIVATE KEY"), "key is PEM")
|
||||
XCTAssertTrue(a.certPEM.hasSuffix("\n") || a.certPEM.contains("END CERTIFICATE"))
|
||||
|
||||
// Each call mints a fresh keypair — identical output would mean a broken RNG.
|
||||
XCTAssertNotEqual(a.certPEM, b.certPEM)
|
||||
XCTAssertNotEqual(a.keyPEM, b.keyPEM)
|
||||
}
|
||||
|
||||
func testPairAgainstNothingFailsCleanly() {
|
||||
// Nothing listens on this port; the ceremony must throw within its timeout, and
|
||||
// must not report .wrongPIN (no SPAKE2 exchange ever happened).
|
||||
do {
|
||||
let identity = try generateIdentity()
|
||||
_ = try pair(
|
||||
host: "127.0.0.1", port: 9, identity: identity,
|
||||
pin: "0000", name: "test", timeoutMs: 2000)
|
||||
XCTFail("expected pair() against a dead port to throw")
|
||||
} catch PunktfunkClientError.wrongPIN {
|
||||
XCTFail("dead port must not look like a wrong PIN")
|
||||
} catch {
|
||||
// any other error is the correct outcome
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user