unom/punktfunk
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases 4 Wiki Activity
Files
015f2ee47b76fa4b9e942e42d6287fe9c13713a8
punktfunk/clients/apple/Tests/PunktfunkKitTests/IdentityTests.swift
T
enricobuehler 0494e0200a
ci / rust (push) Has been cancelled
Details
feat(apple): adapt the macOS client to ABI v2 — client identity + SPAKE2 PIN pairing 
The pairing/renegotiation batch bumped the punktfunk/1 ABI to v2 and the host now
hard-rejects v1 Hellos (m3.rs), so streaming from the Mac was dead until the bundled
PunktfunkCore.xcframework is rebuilt — it is gitignored, so that is a per-checkout step:
bash scripts/build-xcframework.sh. The Swift wrapper itself was already adapted upstream;
this lands the app on top of it.

- ClientIdentityStore: persistent client identity in the login Keychain, presented on
  every connect so paired hosts recognize this Mac. Keychain access failure throws
  instead of regenerating (a fresh identity would silently un-pair this Mac from every
  --require-pairing host); a lost first-run race resolves toward the stored identity;
  pairing uses the strict loadForPairing() so a memory-only identity can't strand a
  ceremony.
- PairSheet: the SPAKE2 PIN ceremony, reachable from a host card's context menu and from
  the trust prompt's "Pair with PIN instead…" (which drops the live session first — the
  host's accept loop is sequential). Success pins the verified fingerprint and connects;
  an in-flight ceremony self-discards when the sheet is dismissed, so a late success
  can't pin + auto-connect behind the user's back. Wrong PIN and Keychain failures get
  distinct, actionable error text.
- Tests: identity unit tests; the full pairing ceremony + --require-pairing gate on
  loopback (test-loopback.sh arms a second host, parses its PIN from the log, and gives
  both hosts throwaway config homes — no more writes to the real ~/.config/punktfunk);
  remote pairing + pinned stream over the LAN (PUNKTFUNK_REMOTE_PIN, _PORT).

Validated live against the box: SPAKE2 ceremony with the host's arming PIN → verified
fingerprint → pinned + identified 720p60 session (host persisted the client identity);
first light 60/60 AUs decoded to pixels; vkcube on glass through the app.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-10 21:49:43 +02:00

37 lines
1.5 KiB
Swift
Raw Blame History

// Client identity generation through the ABI (punktfunk_generate_identity): the PEM pair
// hosts use to recognize a paired client. Pure local crypto no host needed.
import XCTest
@testable import PunktfunkKit
final class IdentityTests: XCTestCase {
func testGenerateIdentityYieldsDistinctPEMPairs() throws {
let a = try generateIdentity()
let b = try generateIdentity()
XCTAssertTrue(a.certPEM.contains("BEGIN CERTIFICATE"), "cert is PEM")
XCTAssertTrue(a.keyPEM.contains("PRIVATE KEY"), "key is PEM")
XCTAssertTrue(a.certPEM.hasSuffix("\n") || a.certPEM.contains("END CERTIFICATE"))
// Each call mints a fresh keypair identical output would mean a broken RNG.
XCTAssertNotEqual(a.certPEM, b.certPEM)
XCTAssertNotEqual(a.keyPEM, b.keyPEM)
}
func testPairAgainstNothingFailsCleanly() {
// Nothing listens on this port; the ceremony must throw within its timeout, and
// must not report .wrongPIN (no SPAKE2 exchange ever happened).
do {
let identity = try generateIdentity()
_ = try pair(
host: "127.0.0.1", port: 9, identity: identity,
pin: "0000", name: "test", timeoutMs: 2000)
XCTFail("expected pair() against a dead port to throw")
} catch PunktfunkClientError.wrongPIN {
XCTFail("dead port must not look like a wrong PIN")
} catch {
// any other error is the correct outcome
}
}
}
Reference in New Issue View Git Blame Copy Permalink