Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Made message signing in Cryptography use SHA512 as the message content for... #1

Closed
netkas wants to merge 421 commits from master into dev
pull from: master
merge into: Nosial:dev
Conversation 3 Commits 421 Files changed 226 +19 -74
1 changed files with 19 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 6001e85160 - Show all commits

93
src/Socialbox/Socialbox.php
View file

@ -720,7 +720,7 @@
try try
{ {
$client = new SocialClient(self::getServerAddress(), $domain); $client = new SocialClient(self::getServerAddress(), $domain);
$client->authenticate(); $client->verificationAuthenticate();
} }
catch (Exception $e) catch (Exception $e)
{ {
@ -758,49 +758,25 @@
* *
* @param PeerAddress|string $signingPeer The peer address or string identifier of the signing peer * @param PeerAddress|string $signingPeer The peer address or string identifier of the signing peer
* @param string $signatureUuid The UUID of the signature key to be resolved * @param string $signatureUuid The UUID of the signature key to be resolved
* @param string $signatureKey The public key of the signature that was used to sign the message
* @param string $signature The signature to be verified * @param string $signature The signature to be verified
* @param string $messageHash The SHA-512 hash of the message that was signed * @param string $messageHash The SHA-512 hash of the message that was signed
* @param int $signatureTime The time at which the message was signed * @param int $signatureTime The time at which the message was signed
* @return SignatureVerificationStatus The status of the signature verification * @return SignatureVerificationStatus The status of the signature verification
*/ */
public static function verifyTimedSignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signatureKey, string $signature, string $messageHash, int $signatureTime): SignatureVerificationStatus public static function verifyTimedSignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signature, string $messageHash, int $signatureTime): SignatureVerificationStatus
{ {
try
{
if (!Cryptography::verifyTimedMessage($messageHash, $signature, $signatureKey, $signatureTime, false))
{
return SignatureVerificationStatus::INVALID;
}
}
catch (CryptographyException)
{
return SignatureVerificationStatus::INVALID;
}
// Resolve the peer signature key // Resolve the peer signature key
try try
{ {
$signingKey = self::resolvePeerSignature($signingPeer, $signatureUuid); $signingKey = self::resolvePeerSignature($signingPeer, $signatureUuid);
if($signingKey === null)
{
return SignatureVerificationStatus::NOT_FOUND;
}
} }
catch(StandardRpcException) catch(StandardRpcException)
{ {
return SignatureVerificationStatus::UNVERIFIED; return SignatureVerificationStatus::RESOLUTION_ERROR;
}
if($signingKey === null)
{
return SignatureVerificationStatus::UNVERIFIED;
}
if($signingKey->getPublicKey() !== $signatureKey)
{
return SignatureVerificationStatus::PUBLIC_KEY_MISMATCH;
}
if($signingKey->getUuid() !== $signatureUuid)
{
return SignatureVerificationStatus::UUID_MISMATCH;
} }
if(time() > $signingKey->getExpires()) if(time() > $signingKey->getExpires())
@ -818,7 +794,7 @@
} }
catch (CryptographyException) catch (CryptographyException)
{ {
return SignatureVerificationStatus::INVALID; return SignatureVerificationStatus::ERROR;
} }
return SignatureVerificationStatus::VERIFIED; return SignatureVerificationStatus::VERIFIED;
@ -832,66 +808,36 @@
* *
* @param PeerAddress|string $signingPeer The peer address or string identifier of the signing peer * @param PeerAddress|string $signingPeer The peer address or string identifier of the signing peer
* @param string $signatureUuid The UUID of the signature key to be resolved * @param string $signatureUuid The UUID of the signature key to be resolved
* @param string $signatureKey The public key of the signature that was used to sign the message * @param string $signature The signature to be verified
* @param string $signature The signature to be verified
* @param string $messageHash The SHA-512 hash of the message that was signed * @param string $messageHash The SHA-512 hash of the message that was signed
* @return SignatureVerificationStatus The status of the signature verification * @return SignatureVerificationStatus The status of the signature verification
*/ */
public static function verifySignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signatureKey, string $signature, string $messageHash): SignatureVerificationStatus public static function verifySignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signature, string $messageHash): SignatureVerificationStatus
{ {
try
{
if (!Cryptography::verifyMessage($messageHash, $signature, $signatureKey, false))
{
return SignatureVerificationStatus::INVALID;
}
}
catch (CryptographyException)
{
return SignatureVerificationStatus::INVALID;
}
// Resolve the peer signature key
try try
{ {
$signingKey = self::resolvePeerSignature($signingPeer, $signatureUuid); $signingKey = self::resolvePeerSignature($signingPeer, $signatureUuid);
if($signingKey === null)
{
return SignatureVerificationStatus::NOT_FOUND;
}
} }
catch(StandardRpcException) catch(StandardRpcException)
{ {
return SignatureVerificationStatus::UNVERIFIED; return SignatureVerificationStatus::RESOLUTION_ERROR;
}
if($signingKey === null)
{
return SignatureVerificationStatus::UNVERIFIED;
}
if($signingKey->getPublicKey() !== $signatureKey)
{
return SignatureVerificationStatus::PUBLIC_KEY_MISMATCH;
}
if($signingKey->getUuid() !== $signatureUuid)
{
return SignatureVerificationStatus::UUID_MISMATCH;
}
if(time() > $signingKey->getExpires())
{
return SignatureVerificationStatus::EXPIRED;
} }
// Verify the signature with the resolved key // Verify the signature with the resolved key
try try
{ {
if (!Cryptography::verifyTimedMessage($messageHash, $signature, $signingKey->getPublicKey(), false)) if (!Cryptography::verifyMessage($messageHash, $signature, $signingKey->getPublicKey(), false))
{ {
return SignatureVerificationStatus::INVALID; return SignatureVerificationStatus::INVALID;
} }
} }
catch (CryptographyException) catch (CryptographyException)
{ {
return SignatureVerificationStatus::INVALID; return SignatureVerificationStatus::ERROR;
} }
return SignatureVerificationStatus::VERIFIED; return SignatureVerificationStatus::VERIFIED;
@ -1142,7 +1088,6 @@
try try
{ {
$peer = RegisteredPeerManager::getPeerByAddress($peerAddress); $peer = RegisteredPeerManager::getPeerByAddress($peerAddress);
if($peer === null) if($peer === null)
{ {
throw new StandardRpcException('The requested peer was not found', StandardError::PEER_NOT_FOUND); throw new StandardRpcException('The requested peer was not found', StandardError::PEER_NOT_FOUND);
@ -1160,7 +1105,7 @@
} }
catch (DatabaseOperationException $e) catch (DatabaseOperationException $e)
{ {
throw new StandardRpcException('Failed to resolve peer information: ' . $e->getMessage(), StandardError::INTERNAL_SERVER_ERROR, $e); throw new StandardRpcException('Failed to resolve local peer information', StandardError::INTERNAL_SERVER_ERROR, $e);
} }
// If there's an identifier, we can resolve more information fields if the target peer has added the caller // If there's an identifier, we can resolve more information fields if the target peer has added the caller
@ -1194,7 +1139,7 @@
} }
catch (DatabaseOperationException $e) catch (DatabaseOperationException $e)
{ {
throw new StandardRpcException('Failed to resolve peer information: ' . $e->getMessage(), StandardError::INTERNAL_SERVER_ERROR, $e); throw new StandardRpcException('Failed to resolve local peer information', StandardError::INTERNAL_SERVER_ERROR, $e);
} }
} }
} }