Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Made message signing in Cryptography use SHA512 as the message content for... #1

Closed
netkas wants to merge 421 commits from master into dev
pull from: master
merge into: Nosial:dev
Conversation 3 Commits 421 Files changed 226 +47 -7
2 changed files with 47 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 7485733219 - Show all commits

17
src/Socialbox/Enums/Status/SignatureVerificationStatus.php
View file

@ -10,7 +10,17 @@
case INVALID = 'INVALID';
/**
* The provided signature was valid but the key associated with the signature has expired.
* The provided signature was valid but the public key used to verify the signature was not the expected public key.
*/
case PUBLIC_KEY_MISMATCH = 'PUBLIC_KEY_MISMATCH';
/**
* The provided signature was valid but the UUID used to verify the signature was not the expected UUID.
*/
case UUID_MISMATCH = 'UUID_MISMATCH';
/**
* The provided signature was valid but the signing key has expired.
*/
case EXPIRED = 'EXPIRED';
@ -18,4 +28,9 @@
* The provided signature was valid but unable to be verified against the peer's known public key.
*/
case UNVERIFIED = 'UNVERIFIED';
/**
* The provided signature was valid and verified locally and against the peer's known public key successfully.
*/
case VERIFIED = 'VERIFIED';
}

37
src/Socialbox/Socialbox.php
View file

@ -15,6 +15,7 @@
use Socialbox\Enums\PrivacyState;
use Socialbox\Enums\ReservedUsernames;
use Socialbox\Enums\SessionState;
use Socialbox\Enums\SigningKeyState;
use Socialbox\Enums\StandardError;
use Socialbox\Enums\StandardHeaders;
use Socialbox\Enums\StandardMethods;
@ -751,6 +752,11 @@
}
/**
* Verifies the signature of a message using the public key of the signing peer both locally and externally.
* If the peer is registered locally, the signature is verified using the local public key.
* If the peer is external, the signature is verified by resolving the peer's public key from the external server.
* The signature is verified against the resolved public key, and the status of the verification is returned.
*
* @param PeerAddress|string $signingPeer The peer address or string identifier of the signing peer
* @param string $signatureUuid The UUID of the signature key to be resolved
* @param string $signatureKey The public key of the signature that was used to sign the message
@ -761,12 +767,9 @@
*/
public static function verifyPeerSignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signatureKey, string $signature, string $messageHash, int $signatureTime): SignatureVerificationStatus
{
$messageHash = sprintf('%s:%d', $messageHash, $signatureTime);
// First verify the signature with the provided parameters
try
{
if (!Cryptography::verifyMessage($messageHash, $signature, $signatureKey, false))
if (!Cryptography::verifyTimedMessage($messageHash, $signature, $signatureKey, $signatureTime, false))
{
return SignatureVerificationStatus::INVALID;
}
@ -779,17 +782,37 @@
// Resolve the peer signature key
try
{
$signingKey = self::resolvePeerSignature($peerAddress, $signatureUuid);
$signingKey = self::resolvePeerSignature($signingPeer, $signatureUuid);
}
catch(StandardRpcException)
{
return SignatureVerificationStatus::UNVERIFIED;
}
if($signingKey === null)
{
return SignatureVerificationStatus::UNVERIFIED;
}
if($signingKey->getPublicKey() !== $signatureKey)
{
return SignatureVerificationStatus::PUBLIC_KEY_MISMATCH;
}
if($signingKey->getUuid() !== $signatureUuid)
{
return SignatureVerificationStatus::UUID_MISMATCH;
}
if(time() > $signingKey->getExpires())
{
return SignatureVerificationStatus::EXPIRED;
}
// Verify the signature with the resolved key
try
{
if (!Cryptography::verifyMessage($messageHash, $signature, $signingKey->getPublicKey(), false))
if (!Cryptography::verifyTimedMessage($messageHash, $signature, $signingKey->getPublicKey(), $signatureTime, false))
{
return SignatureVerificationStatus::INVALID;
}
@ -798,6 +821,8 @@
{
return SignatureVerificationStatus::INVALID;
}
return SignatureVerificationStatus::VERIFIED;
}
/**