Made message signing in Cryptography use SHA512 as the message content for... #1
2 changed files with 110 additions and 25 deletions
|
|
@ -2,13 +2,12 @@
|
||||||
|
|
||||||
namespace Socialbox\Classes\StandardMethods\Core;
|
namespace Socialbox\Classes\StandardMethods\Core;
|
||||||
|
|
||||||
use Exception;
|
|
||||||
use InvalidArgumentException;
|
use InvalidArgumentException;
|
||||||
use Socialbox\Abstracts\Method;
|
use Socialbox\Abstracts\Method;
|
||||||
use Socialbox\Enums\StandardError;
|
use Socialbox\Classes\Cryptography;
|
||||||
|
use Socialbox\Classes\Validator;
|
||||||
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
|
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
|
||||||
use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
|
use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
|
||||||
use Socialbox\Exceptions\Standard\StandardRpcException;
|
|
||||||
use Socialbox\Interfaces\SerializableInterface;
|
use Socialbox\Interfaces\SerializableInterface;
|
||||||
use Socialbox\Objects\ClientRequest;
|
use Socialbox\Objects\ClientRequest;
|
||||||
use Socialbox\Objects\PeerAddress;
|
use Socialbox\Objects\PeerAddress;
|
||||||
|
|
@ -24,19 +23,23 @@
|
||||||
public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
|
public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
|
||||||
{
|
{
|
||||||
// Check if the required 'peer' parameter is set.
|
// Check if the required 'peer' parameter is set.
|
||||||
if(!$rpcRequest->containsParameter('signing_peer'))
|
if(!$rpcRequest->containsParameter('peer'))
|
||||||
{
|
{
|
||||||
throw new MissingRpcArgumentException('signing_peer');
|
throw new MissingRpcArgumentException('peer');
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!$rpcRequest->containsParameter('signature_uuid'))
|
if(!$rpcRequest->containsParameter('signature_uuid'))
|
||||||
{
|
{
|
||||||
throw new MissingRpcArgumentException('signature_uuid');
|
throw new MissingRpcArgumentException('signature_uuid');
|
||||||
}
|
}
|
||||||
|
elseif(!Validator::validateUuid($rpcRequest->getParameter('signature_uuid')))
|
||||||
if(!$rpcRequest->containsParameter('signature_key'))
|
|
||||||
{
|
{
|
||||||
throw new MissingRpcArgumentException('signature_key');
|
throw new InvalidRpcArgumentException('signature_uuid', 'Invalid UUID V4');
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!$rpcRequest->containsParameter('signature_public_key'))
|
||||||
|
{
|
||||||
|
throw new MissingRpcArgumentException('signature_public_key');
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!$rpcRequest->containsParameter('signature'))
|
if(!$rpcRequest->containsParameter('signature'))
|
||||||
|
|
@ -44,40 +47,48 @@
|
||||||
throw new MissingRpcArgumentException('signature');
|
throw new MissingRpcArgumentException('signature');
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!$rpcRequest->containsParameter('message_hash'))
|
if(!$rpcRequest->containsParameter('sha512'))
|
||||||
{
|
{
|
||||||
throw new MissingRpcArgumentException('message_hash');
|
throw new MissingRpcArgumentException('sha512');
|
||||||
}
|
}
|
||||||
|
elseif(!Cryptography::validateSha512($rpcRequest->getParameter('sha512')))
|
||||||
if(!$rpcRequest->containsParameter('signature_time'))
|
|
||||||
{
|
{
|
||||||
throw new MissingRpcArgumentException('signature_time');
|
throw new InvalidRpcArgumentException('sha512', 'Invalid SHA512');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Parse the peer address
|
// Parse the peer address
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
$peerAddress = PeerAddress::fromAddress($rpcRequest->getParameter('signing_peer'));
|
$peerAddress = PeerAddress::fromAddress($rpcRequest->getParameter('peer'));
|
||||||
}
|
}
|
||||||
catch(InvalidArgumentException $e)
|
catch(InvalidArgumentException $e)
|
||||||
{
|
{
|
||||||
throw new InvalidRpcArgumentException('signing_peer', $e);
|
throw new InvalidRpcArgumentException('peer', $e);
|
||||||
}
|
}
|
||||||
|
|
||||||
try
|
if($rpcRequest->containsParameter('signature_time'))
|
||||||
{
|
{
|
||||||
return $rpcRequest->produceResponse(Socialbox::verifyPeerSignature(
|
if(!is_numeric($rpcRequest->getParameter('signature_time')))
|
||||||
|
{
|
||||||
|
throw new InvalidRpcArgumentException('signature_time', 'Invalid timestamp, must be a Unix Timestamp');
|
||||||
|
}
|
||||||
|
|
||||||
|
return $rpcRequest->produceResponse(Socialbox::verifyTimedSignature(
|
||||||
signingPeer: $peerAddress,
|
signingPeer: $peerAddress,
|
||||||
signatureUuid: $rpcRequest->getParameter('signature_uuid'),
|
signatureUuid: $rpcRequest->getParameter('signature_uuid'),
|
||||||
signatureKey: $rpcRequest->getParameter('signature_key'),
|
signatureKey: $rpcRequest->getParameter('signature_public_key'),
|
||||||
signature: $rpcRequest->getParameter('signature'),
|
signature: $rpcRequest->getParameter('signature'),
|
||||||
messageHash: $rpcRequest->getParameter('message_hash'),
|
messageHash: $rpcRequest->getParameter('sha512'),
|
||||||
signatureTime: $rpcRequest->getParameter('signature_time')
|
signatureTime: (int)$rpcRequest->getParameter('signature_time')
|
||||||
)->value);
|
)->value);
|
||||||
}
|
}
|
||||||
catch (Exception $e)
|
|
||||||
{
|
return $rpcRequest->produceResponse(Socialbox::verifySignature(
|
||||||
throw new StandardRpcException('Failed to resolve peer signature', StandardError::INTERNAL_SERVER_ERROR, $e);
|
signingPeer: $peerAddress,
|
||||||
}
|
signatureUuid: $rpcRequest->getParameter('signature_uuid'),
|
||||||
|
signatureKey: $rpcRequest->getParameter('signature_public_key'),
|
||||||
|
signature: $rpcRequest->getParameter('signature'),
|
||||||
|
messageHash: $rpcRequest->getParameter('sha512'),
|
||||||
|
)->value);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -764,7 +764,7 @@
|
||||||
* @param int $signatureTime The time at which the message was signed
|
* @param int $signatureTime The time at which the message was signed
|
||||||
* @return SignatureVerificationStatus The status of the signature verification
|
* @return SignatureVerificationStatus The status of the signature verification
|
||||||
*/
|
*/
|
||||||
public static function verifyPeerSignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signatureKey, string $signature, string $messageHash, int $signatureTime): SignatureVerificationStatus
|
public static function verifyTimedSignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signatureKey, string $signature, string $messageHash, int $signatureTime): SignatureVerificationStatus
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
|
@ -824,6 +824,80 @@
|
||||||
return SignatureVerificationStatus::VERIFIED;
|
return SignatureVerificationStatus::VERIFIED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Verifies the signature of a message using the public key of the signing peer both locally and externally.
|
||||||
|
* If the peer is registered locally, the signature is verified using the local public key.
|
||||||
|
* If the peer is external, the signature is verified by resolving the peer's public key from the external server.
|
||||||
|
* The signature is verified against the resolved public key, and the status of the verification is returned.
|
||||||
|
*
|
||||||
|
* @param PeerAddress|string $signingPeer The peer address or string identifier of the signing peer
|
||||||
|
* @param string $signatureUuid The UUID of the signature key to be resolved
|
||||||
|
* @param string $signatureKey The public key of the signature that was used to sign the message
|
||||||
|
* @param string $signature The signature to be verified
|
||||||
|
* @param string $messageHash The SHA-512 hash of the message that was signed
|
||||||
|
* @return SignatureVerificationStatus The status of the signature verification
|
||||||
|
*/
|
||||||
|
public static function verifySignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signatureKey, string $signature, string $messageHash): SignatureVerificationStatus
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
if (!Cryptography::verifyMessage($messageHash, $signature, $signatureKey, false))
|
||||||
|
{
|
||||||
|
return SignatureVerificationStatus::INVALID;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catch (CryptographyException)
|
||||||
|
{
|
||||||
|
return SignatureVerificationStatus::INVALID;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Resolve the peer signature key
|
||||||
|
try
|
||||||
|
{
|
||||||
|
$signingKey = self::resolvePeerSignature($signingPeer, $signatureUuid);
|
||||||
|
}
|
||||||
|
catch(StandardRpcException)
|
||||||
|
{
|
||||||
|
return SignatureVerificationStatus::UNVERIFIED;
|
||||||
|
}
|
||||||
|
|
||||||
|
if($signingKey === null)
|
||||||
|
{
|
||||||
|
return SignatureVerificationStatus::UNVERIFIED;
|
||||||
|
}
|
||||||
|
|
||||||
|
if($signingKey->getPublicKey() !== $signatureKey)
|
||||||
|
{
|
||||||
|
return SignatureVerificationStatus::PUBLIC_KEY_MISMATCH;
|
||||||
|
}
|
||||||
|
|
||||||
|
if($signingKey->getUuid() !== $signatureUuid)
|
||||||
|
{
|
||||||
|
return SignatureVerificationStatus::UUID_MISMATCH;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(time() > $signingKey->getExpires())
|
||||||
|
{
|
||||||
|
return SignatureVerificationStatus::EXPIRED;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Verify the signature with the resolved key
|
||||||
|
try
|
||||||
|
{
|
||||||
|
if (!Cryptography::verifyTimedMessage($messageHash, $signature, $signingKey->getPublicKey(), false))
|
||||||
|
{
|
||||||
|
return SignatureVerificationStatus::INVALID;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catch (CryptographyException)
|
||||||
|
{
|
||||||
|
return SignatureVerificationStatus::INVALID;
|
||||||
|
}
|
||||||
|
|
||||||
|
return SignatureVerificationStatus::VERIFIED;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Resolves a peer signature key based on the given peer address or string identifier.
|
* Resolves a peer signature key based on the given peer address or string identifier.
|
||||||
*
|
*
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue