%SJR3ZABEFZa4R6eiEbFnoDzIET3xt7lwzwp+pNqMaTE=.sha256message key hashing
While signature verification is now working, as far as I can tell, I stumbled over this bug during building the replication.
verify_test.go:20:
Error Trace: verify_test.go:20
Error: Not equal:
expected: "%enY+X5IpdI+GpETc8zTpkxGXlYy9R3iDUjVO95wYqv8=.sha256"
actual : "%me77DVILCm0oxWQZOKoVtUqQvN0h4MqvL01fJ/3Bhpc=.sha256"
Test: TestVerify
Messages: hash mismatch 39
verify_test.go:20:
Error Trace: verify_test.go:20
Error: Not equal:
expected: "%AtJIWxiswmhGUJWGRTHltmIBkScyQm4z8wTtvITj6Bs=.sha256"
actual : "%6/S72jACksqxG9zqB0LEIWPJTRH6oTu67pgGzSbOBLk=.sha256"
Test: TestVerify
Messages: hash mismatch 64
verify_test.go:20:
Error Trace: verify_test.go:20
Error: Not equal:
expected: "%tZaohfYyVX0qKJ/CSaqJv/JNp4k55dR6htxk/PeCay0=.sha256"
actual : "%GHVBZZ+SLoRls6x6NaGWApx2DDvUnTThYy56u+ZZerc=.sha256"
Test: TestVerify
Messages: hash mismatch 132
verify_test.go:20:
Error Trace: verify_test.go:20
Error: Not equal:
expected: "%/VwgCLSQFZ+1DYOwPgC3Q0dxIPUsaFmQlkP8YXhgqJA=.sha256"
actual : "%CcXAPIeuFzJ1Q8nIU8nB20Ruer6dLAzR4fgqJq9Mtuo=.sha256"
Test: TestVerify
Messages: hash mismatch 276
verify_test.go:20:
Error Trace: verify_test.go:20
Error: Not equal:
expected: "%8tzDn6FztBDkc0wtqTV0YJ1wZ5nx6ZFd3xNlVVRyHHg=.sha256"
actual : "%Pozi3nkQK8k6jb46uIQcCsFwz+Ca0k2gEUfBeb9VtzA=.sha256"
Test: TestVerify
Messages: hash mismatch 277
verify_test.go:20:
Error Trace: verify_test.go:20
Error: Not equal:
expected: "%eOWNFZUNWcTFyRMq9Qrhh91NZQlY6GR0Eg9ddQFId64=.sha256"
actual : "%o0e5Xdgp5zOWV5nrYYcWV/pLEx+P9EMUk0Y/BHMmREg=.sha256"
Test: TestVerify
Messages: hash mismatch 352
... lots of more messages after this. also notice that that there are lots messages in between which work..!
The defining characteristic of these messages is that they all contain Unicode characters. Notice that this is the last step in verify. The pretty-printing and signature verification get tested separately and produce the same output as the JS implementation.
I missed it before %TcBUH16... because the Verify() tests only used the first 20 messages of a feed, since the go test -short setup was inconsistent with the other tests...
Now for the post-mortem: @keks and I had to laugh frantically at this for some time.. Again: signature verification shouldn't pass if we slipped up badly during the formatting and it failed for a lot of messages. I then added a check to recalculate the hash for the input, that gets used to 1:1 compare the pretty-printing. Somehow jsland was able to produce the wanted hash on exactly those bytes.. but writing it to a file and manually generating the sha256 of that failed us with the same output as the go-code in the tests..
The reasons without much fanfare: As far as we can tell JS uses new Buffer(input, 'binary') when doing the hash and 'utf8' when it does the signatures...
Q: What is the internal representation of strings in nodejs?
Our implementation now needs to take the json utf8 input and turn it into what ever it is in v8...
