Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Added method verifyPeerSignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signatureKey, string $signature, string $messageHash, int $signatureTime): SignatureVerificationStatus

Browse source
This commit is contained in:
netkas 2025-02-03 14:11:07 -05:00
parent 0e190c085a
commit 7485733219
2 changed files with 47 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
src/Socialbox/Enums/Status/SignatureVerificationStatus.php
View file

@ -10,7 +10,17 @@
case INVALID = 'INVALID'; case INVALID = 'INVALID';
/** /**
* The provided signature was valid but the key associated with the signature has expired. * The provided signature was valid but the public key used to verify the signature was not the expected public key.
*/
case PUBLIC_KEY_MISMATCH = 'PUBLIC_KEY_MISMATCH';
/**
* The provided signature was valid but the UUID used to verify the signature was not the expected UUID.
*/
case UUID_MISMATCH = 'UUID_MISMATCH';
/**
* The provided signature was valid but the signing key has expired.
*/ */
case EXPIRED = 'EXPIRED'; case EXPIRED = 'EXPIRED';
@ -18,4 +28,9 @@
* The provided signature was valid but unable to be verified against the peer's known public key. * The provided signature was valid but unable to be verified against the peer's known public key.
*/ */
case UNVERIFIED = 'UNVERIFIED'; case UNVERIFIED = 'UNVERIFIED';
/**
* The provided signature was valid and verified locally and against the peer's known public key successfully.
*/
case VERIFIED = 'VERIFIED';
} }

37
src/Socialbox/Socialbox.php
View file

@ -15,6 +15,7 @@
use Socialbox\Enums\PrivacyState; use Socialbox\Enums\PrivacyState;
use Socialbox\Enums\ReservedUsernames; use Socialbox\Enums\ReservedUsernames;
use Socialbox\Enums\SessionState; use Socialbox\Enums\SessionState;
use Socialbox\Enums\SigningKeyState;
use Socialbox\Enums\StandardError; use Socialbox\Enums\StandardError;
use Socialbox\Enums\StandardHeaders; use Socialbox\Enums\StandardHeaders;
use Socialbox\Enums\StandardMethods; use Socialbox\Enums\StandardMethods;
@ -751,6 +752,11 @@
} }
/** /**
* Verifies the signature of a message using the public key of the signing peer both locally and externally.
* If the peer is registered locally, the signature is verified using the local public key.
* If the peer is external, the signature is verified by resolving the peer's public key from the external server.
* The signature is verified against the resolved public key, and the status of the verification is returned.
*
* @param PeerAddress|string $signingPeer The peer address or string identifier of the signing peer * @param PeerAddress|string $signingPeer The peer address or string identifier of the signing peer
* @param string $signatureUuid The UUID of the signature key to be resolved * @param string $signatureUuid The UUID of the signature key to be resolved
* @param string $signatureKey The public key of the signature that was used to sign the message * @param string $signatureKey The public key of the signature that was used to sign the message
@ -761,12 +767,9 @@
*/ */
public static function verifyPeerSignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signatureKey, string $signature, string $messageHash, int $signatureTime): SignatureVerificationStatus public static function verifyPeerSignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signatureKey, string $signature, string $messageHash, int $signatureTime): SignatureVerificationStatus
{ {
$messageHash = sprintf('%s:%d', $messageHash, $signatureTime);
// First verify the signature with the provided parameters
try try
{ {
if (!Cryptography::verifyMessage($messageHash, $signature, $signatureKey, false)) if (!Cryptography::verifyTimedMessage($messageHash, $signature, $signatureKey, $signatureTime, false))
{ {
return SignatureVerificationStatus::INVALID; return SignatureVerificationStatus::INVALID;
} }
@ -779,17 +782,37 @@
// Resolve the peer signature key // Resolve the peer signature key
try try
{ {
$signingKey = self::resolvePeerSignature($peerAddress, $signatureUuid); $signingKey = self::resolvePeerSignature($signingPeer, $signatureUuid);
} }
catch(StandardRpcException) catch(StandardRpcException)
{ {
return SignatureVerificationStatus::UNVERIFIED; return SignatureVerificationStatus::UNVERIFIED;
} }
if($signingKey === null)
{
return SignatureVerificationStatus::UNVERIFIED;
}
if($signingKey->getPublicKey() !== $signatureKey)
{
return SignatureVerificationStatus::PUBLIC_KEY_MISMATCH;
}
if($signingKey->getUuid() !== $signatureUuid)
{
return SignatureVerificationStatus::UUID_MISMATCH;
}
if(time() > $signingKey->getExpires())
{
return SignatureVerificationStatus::EXPIRED;
}
// Verify the signature with the resolved key // Verify the signature with the resolved key
try try
{ {
if (!Cryptography::verifyMessage($messageHash, $signature, $signingKey->getPublicKey(), false)) if (!Cryptography::verifyTimedMessage($messageHash, $signature, $signingKey->getPublicKey(), $signatureTime, false))
{ {
return SignatureVerificationStatus::INVALID; return SignatureVerificationStatus::INVALID;
} }
@ -798,6 +821,8 @@
{ {
return SignatureVerificationStatus::INVALID; return SignatureVerificationStatus::INVALID;
} }
return SignatureVerificationStatus::VERIFIED;
} }
/** /**