mirror of
https://github.com/BigBodyCobain/Shadowbroker.git
synced 2026-04-24 03:26:06 +02:00
anoracleofra-code
668ce16dc7
Gate messages now propagate via the Infonet hashchain as encrypted blobs — every node syncs them through normal chain sync while only Gate members with MLS keys can decrypt. Added mesh reputation system, peer push workers, voluntary Wormhole opt-in for node participation, fork recovery, killwormhole scripts, obfuscated terminology, and hardened the self-updater to protect encryption keys and chain state during updates. New features: Shodan search, train tracking, Sentinel Hub imagery, 8 new intelligence layers, CCTV expansion to 11,000+ cameras across 6 countries, Mesh Terminal CLI, prediction markets, desktop-shell scaffold, and comprehensive mesh test suite (215 frontend + backend tests passing). Community contributors: @wa1id, @AlborzNazari, @adust09, @Xpirix, @imqdcr, @csysp, @suranyami, @chr0n1x, @johan-martensson, @singularfailure, @smithbh, @OrfeoTerkuci, @deuza, @tm-const, @Elhard1, @ttulttul
281 lines
9.5 KiB
Python
281 lines
9.5 KiB
Python
import asyncio
|
|
import json
|
|
import time
|
|
|
|
from starlette.requests import Request
|
|
|
|
|
|
def _json_request(path: str, body: dict) -> Request:
|
|
payload = json.dumps(body).encode("utf-8")
|
|
sent = {"value": False}
|
|
|
|
async def receive():
|
|
if sent["value"]:
|
|
return {"type": "http.request", "body": b"", "more_body": False}
|
|
sent["value"] = True
|
|
return {"type": "http.request", "body": payload, "more_body": False}
|
|
|
|
return Request(
|
|
{
|
|
"type": "http",
|
|
"headers": [(b"content-type", b"application/json")],
|
|
"client": ("test", 12345),
|
|
"method": "POST",
|
|
"path": path,
|
|
},
|
|
receive,
|
|
)
|
|
|
|
|
|
def test_dm_send_keeps_encrypted_payloads_off_ledger(monkeypatch):
|
|
import main
|
|
from services import wormhole_supervisor
|
|
from services.mesh import mesh_hashchain, mesh_dm_relay
|
|
|
|
append_called = {"value": False}
|
|
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_verify_signed_event",
|
|
lambda **kwargs: (True, ""),
|
|
)
|
|
monkeypatch.setattr(main, "_secure_dm_enabled", lambda: False)
|
|
monkeypatch.setattr(wormhole_supervisor, "get_transport_tier", lambda: "private_transitional")
|
|
|
|
def fake_append(**kwargs):
|
|
append_called["value"] = True
|
|
return {"event_id": "unexpected"}
|
|
|
|
monkeypatch.setattr(mesh_hashchain.infonet, "append", fake_append)
|
|
monkeypatch.setattr(mesh_hashchain.infonet, "validate_and_set_sequence", lambda *_args, **_kwargs: (True, ""))
|
|
monkeypatch.setattr(mesh_dm_relay.dm_relay, "consume_nonce", lambda *_args, **_kwargs: (True, "ok"))
|
|
monkeypatch.setattr(
|
|
mesh_dm_relay.dm_relay,
|
|
"deposit",
|
|
lambda **kwargs: {
|
|
"ok": True,
|
|
"msg_id": kwargs.get("msg_id", ""),
|
|
"detail": "stored",
|
|
},
|
|
)
|
|
|
|
req = _json_request(
|
|
"/api/mesh/dm/send",
|
|
{
|
|
"sender_id": "alice",
|
|
"recipient_id": "bob",
|
|
"delivery_class": "request",
|
|
"recipient_token": "",
|
|
"ciphertext": "x3dh1:opaque",
|
|
"msg_id": "m1",
|
|
"timestamp": int(time.time()),
|
|
"public_key": "cHVi",
|
|
"public_key_algo": "Ed25519",
|
|
"signature": "sig",
|
|
"sequence": 1,
|
|
"protocol_version": "infonet/2",
|
|
},
|
|
)
|
|
|
|
response = asyncio.run(main.dm_send(req))
|
|
|
|
assert response["ok"] is True
|
|
assert append_called["value"] is False
|
|
|
|
|
|
def test_dm_key_registration_keeps_key_material_off_ledger(monkeypatch):
|
|
import main
|
|
from services.mesh import mesh_hashchain, mesh_dm_relay
|
|
|
|
append_called = {"value": False}
|
|
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_verify_signed_event",
|
|
lambda **kwargs: (True, ""),
|
|
)
|
|
|
|
def fake_append(**kwargs):
|
|
append_called["value"] = True
|
|
return {"event_id": "unexpected"}
|
|
|
|
monkeypatch.setattr(mesh_hashchain.infonet, "append", fake_append)
|
|
monkeypatch.setattr(
|
|
mesh_dm_relay.dm_relay,
|
|
"register_dh_key",
|
|
lambda *args, **kwargs: (True, "ok", {"bundle_fingerprint": "bf", "accepted_sequence": 1}),
|
|
)
|
|
|
|
req = _json_request(
|
|
"/api/mesh/dm/register",
|
|
{
|
|
"agent_id": "alice",
|
|
"dh_pub_key": "dhpub",
|
|
"dh_algo": "X25519",
|
|
"timestamp": int(time.time()),
|
|
"public_key": "cHVi",
|
|
"public_key_algo": "Ed25519",
|
|
"signature": "sig",
|
|
"sequence": 1,
|
|
"protocol_version": "infonet/2",
|
|
},
|
|
)
|
|
|
|
response = asyncio.run(main.dm_register_key(req))
|
|
|
|
assert response["ok"] is True
|
|
assert append_called["value"] is False
|
|
|
|
|
|
def test_wormhole_dm_key_registration_keeps_key_material_off_ledger(tmp_path, monkeypatch):
|
|
import main
|
|
from services.mesh import (
|
|
mesh_hashchain,
|
|
mesh_secure_storage,
|
|
mesh_wormhole_persona,
|
|
)
|
|
|
|
monkeypatch.setattr(mesh_secure_storage, "DATA_DIR", tmp_path)
|
|
monkeypatch.setattr(mesh_secure_storage, "MASTER_KEY_FILE", tmp_path / "wormhole_secure_store.key")
|
|
monkeypatch.setattr(mesh_wormhole_persona, "DATA_DIR", tmp_path)
|
|
monkeypatch.setattr(mesh_wormhole_persona, "PERSONA_FILE", tmp_path / "wormhole_persona.json")
|
|
monkeypatch.setattr(
|
|
mesh_wormhole_persona,
|
|
"LEGACY_DM_IDENTITY_FILE",
|
|
tmp_path / "wormhole_identity.json",
|
|
)
|
|
|
|
append_called = {"value": False}
|
|
|
|
def fake_append(**kwargs):
|
|
append_called["value"] = True
|
|
return {"event_id": "unexpected"}
|
|
|
|
monkeypatch.setattr(mesh_hashchain.infonet, "append", fake_append)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"register_wormhole_prekey_bundle",
|
|
lambda *args, **kwargs: {"ok": True, "bundle": {}},
|
|
)
|
|
|
|
response = asyncio.run(main.api_wormhole_dm_register_key(_json_request("/api/wormhole/dm/register-key", {})))
|
|
|
|
assert response["ok"] is True
|
|
assert append_called["value"] is False
|
|
|
|
|
|
def test_dead_drop_contact_consent_helpers_round_trip():
|
|
from services.mesh.mesh_wormhole_dead_drop import (
|
|
build_contact_accept,
|
|
build_contact_deny,
|
|
build_contact_offer,
|
|
parse_contact_consent,
|
|
)
|
|
|
|
offer = build_contact_offer(dh_pub_key="dhpub", dh_algo="X25519", geo_hint="40.12,-105.27")
|
|
accept = build_contact_accept(shared_alias="dmx_pairwise")
|
|
deny = build_contact_deny(reason="declined")
|
|
|
|
assert parse_contact_consent(offer) == {
|
|
"kind": "contact_offer",
|
|
"dh_pub_key": "dhpub",
|
|
"dh_algo": "X25519",
|
|
"geo_hint": "40.12,-105.27",
|
|
}
|
|
assert parse_contact_consent(accept) == {
|
|
"kind": "contact_accept",
|
|
"shared_alias": "dmx_pairwise",
|
|
}
|
|
assert parse_contact_consent(deny) == {
|
|
"kind": "contact_deny",
|
|
"reason": "declined",
|
|
}
|
|
|
|
|
|
def test_pairwise_alias_is_separate_from_gate_identities(tmp_path, monkeypatch):
|
|
from services.mesh import (
|
|
mesh_secure_storage,
|
|
mesh_wormhole_contacts,
|
|
mesh_wormhole_dead_drop,
|
|
mesh_wormhole_persona,
|
|
)
|
|
|
|
monkeypatch.setattr(mesh_secure_storage, "DATA_DIR", tmp_path)
|
|
monkeypatch.setattr(mesh_secure_storage, "MASTER_KEY_FILE", tmp_path / "wormhole_secure_store.key")
|
|
monkeypatch.setattr(mesh_wormhole_persona, "DATA_DIR", tmp_path)
|
|
monkeypatch.setattr(mesh_wormhole_persona, "PERSONA_FILE", tmp_path / "wormhole_persona.json")
|
|
monkeypatch.setattr(
|
|
mesh_wormhole_persona,
|
|
"LEGACY_DM_IDENTITY_FILE",
|
|
tmp_path / "wormhole_identity.json",
|
|
)
|
|
monkeypatch.setattr(mesh_wormhole_contacts, "DATA_DIR", tmp_path)
|
|
monkeypatch.setattr(mesh_wormhole_contacts, "CONTACTS_FILE", tmp_path / "wormhole_dm_contacts.json")
|
|
|
|
gate_session = mesh_wormhole_persona.enter_gate_anonymously("infonet", rotate=True)["identity"]
|
|
gate_persona = mesh_wormhole_persona.create_gate_persona("infonet", label="watcher")["identity"]
|
|
dm_identity = mesh_wormhole_persona.get_dm_identity()
|
|
|
|
issued = mesh_wormhole_dead_drop.issue_pairwise_dm_alias(
|
|
peer_id="peer_alpha",
|
|
peer_dh_pub="dhpub_alpha",
|
|
)
|
|
|
|
assert issued["ok"] is True
|
|
assert issued["identity_scope"] == "dm_alias"
|
|
assert issued["shared_alias"].startswith("dmx_")
|
|
assert issued["shared_alias"] != gate_session["node_id"]
|
|
assert issued["shared_alias"] != gate_persona["node_id"]
|
|
assert issued["shared_alias"] != dm_identity["node_id"]
|
|
assert issued["dm_identity_id"] == dm_identity["node_id"]
|
|
assert issued["contact"]["sharedAlias"] == issued["shared_alias"]
|
|
assert issued["contact"]["dhPubKey"] == "dhpub_alpha"
|
|
|
|
|
|
def test_pairwise_alias_rotation_promotes_after_grace(tmp_path, monkeypatch):
|
|
from services.mesh import (
|
|
mesh_secure_storage,
|
|
mesh_wormhole_contacts,
|
|
mesh_wormhole_dead_drop,
|
|
mesh_wormhole_persona,
|
|
)
|
|
|
|
monkeypatch.setattr(mesh_secure_storage, "DATA_DIR", tmp_path)
|
|
monkeypatch.setattr(mesh_secure_storage, "MASTER_KEY_FILE", tmp_path / "wormhole_secure_store.key")
|
|
monkeypatch.setattr(mesh_wormhole_persona, "DATA_DIR", tmp_path)
|
|
monkeypatch.setattr(mesh_wormhole_persona, "PERSONA_FILE", tmp_path / "wormhole_persona.json")
|
|
monkeypatch.setattr(
|
|
mesh_wormhole_persona,
|
|
"LEGACY_DM_IDENTITY_FILE",
|
|
tmp_path / "wormhole_identity.json",
|
|
)
|
|
monkeypatch.setattr(mesh_wormhole_contacts, "DATA_DIR", tmp_path)
|
|
monkeypatch.setattr(mesh_wormhole_contacts, "CONTACTS_FILE", tmp_path / "wormhole_dm_contacts.json")
|
|
|
|
initial = mesh_wormhole_dead_drop.issue_pairwise_dm_alias(
|
|
peer_id="peer_beta",
|
|
peer_dh_pub="dhpub_beta",
|
|
)
|
|
rotated = mesh_wormhole_dead_drop.rotate_pairwise_dm_alias(
|
|
peer_id="peer_beta",
|
|
peer_dh_pub="dhpub_beta",
|
|
grace_ms=5_000,
|
|
)
|
|
|
|
assert rotated["ok"] is True
|
|
assert rotated["active_alias"] == initial["shared_alias"]
|
|
assert rotated["pending_alias"].startswith("dmx_")
|
|
assert rotated["pending_alias"] != initial["shared_alias"]
|
|
assert rotated["contact"]["sharedAlias"] == initial["shared_alias"]
|
|
assert rotated["contact"]["pendingSharedAlias"] == rotated["pending_alias"]
|
|
assert rotated["contact"]["sharedAliasGraceUntil"] >= rotated["grace_until"]
|
|
|
|
future = rotated["grace_until"] / 1000.0 + 1
|
|
monkeypatch.setattr(mesh_wormhole_contacts.time, "time", lambda: future)
|
|
promoted = mesh_wormhole_contacts.list_wormhole_dm_contacts()["peer_beta"]
|
|
|
|
assert promoted["sharedAlias"] == rotated["pending_alias"]
|
|
assert promoted["pendingSharedAlias"] == ""
|
|
assert promoted["sharedAliasGraceUntil"] == 0
|
|
assert initial["shared_alias"] in promoted["previousSharedAliases"]
|