Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Made message signing in Cryptography use SHA512 as the message content for... #1

Closed
netkas wants to merge 421 commits from master into dev
pull from: master
merge into: Nosial:dev
Conversation 3 Commits 421 Files changed 226 +47 -17
1 changed files with 47 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit f74a91963e - Show all commits

42
src/Socialbox/Classes/Cryptography.php
View file

@ -297,9 +297,7 @@
* @return string The base64-encoded digital signature. * @return string The base64-encoded digital signature.
* @throws CryptographyException If the message or private key is invalid, or if signing fails. * @throws CryptographyException If the message or private key is invalid, or if signing fails.
*/ */
public static function signMessage(string $message, string $privateKey): string public static function signMessage(string $message, string $privateKey, bool $hash=true): string
{
try
{ {
if (empty($message)) if (empty($message))
{ {
@ -311,6 +309,20 @@
throw new CryptographyException("Empty private key provided"); throw new CryptographyException("Empty private key provided");
} }
if($hash)
{
$message = hash('sha512', $message);
}
else
{
if(!self::validateSha512($message))
{
throw new CryptographyException("Invalid SHA-512 hash provided");
}
}
try
{
$privateKey = self::validateAndExtractKey($privateKey, self::KEY_TYPE_SIGNING); $privateKey = self::validateAndExtractKey($privateKey, self::KEY_TYPE_SIGNING);
$decodedKey = sodium_base642bin($privateKey, self::BASE64_VARIANT, true); $decodedKey = sodium_base642bin($privateKey, self::BASE64_VARIANT, true);
@ -326,6 +338,11 @@
} }
catch (Exception $e) catch (Exception $e)
{ {
if($e instanceof CryptographyException)
{
throw $e;
}
throw new CryptographyException("Failed to sign message: " . $e->getMessage()); throw new CryptographyException("Failed to sign message: " . $e->getMessage());
} }
} }
@ -336,18 +353,31 @@
* @param string $message The original message that was signed. * @param string $message The original message that was signed.
* @param string $signature The base64-encoded signature to be verified. * @param string $signature The base64-encoded signature to be verified.
* @param string $publicKey The base64-encoded public key used to verify the signature. * @param string $publicKey The base64-encoded public key used to verify the signature.
* @param bool $hash True to hash the message before verification, false to use the message directly.
* @return bool True if the signature is valid; false otherwise. * @return bool True if the signature is valid; false otherwise.
* @throws CryptographyException If any parameter is empty, if the public key or signature is invalid, or if the verification process fails. * @throws CryptographyException If any parameter is empty, if the public key or signature is invalid, or if the verification process fails.
*/ */
public static function verifyMessage(string $message, string $signature, string $publicKey): bool public static function verifyMessage(string $message, string $signature, string $publicKey, bool $hash=true): bool
{
try
{ {
if (empty($message) || empty($signature) || empty($publicKey)) if (empty($message) || empty($signature) || empty($publicKey))
{ {
throw new CryptographyException("Empty parameter(s) provided"); throw new CryptographyException("Empty parameter(s) provided");
} }
if($hash)
{
$message = hash('sha512', $message);
}
else
{
if(!self::validateSha512($message))
{
throw new CryptographyException("Invalid SHA-512 hash provided");
}
}
try
{
$publicKey = self::validateAndExtractKey($publicKey, self::KEY_TYPE_SIGNING); $publicKey = self::validateAndExtractKey($publicKey, self::KEY_TYPE_SIGNING);
$decodedKey = sodium_base642bin($publicKey, self::BASE64_VARIANT, true); $decodedKey = sodium_base642bin($publicKey, self::BASE64_VARIANT, true);
$decodedSignature = sodium_base642bin($signature, self::BASE64_VARIANT, true); $decodedSignature = sodium_base642bin($signature, self::BASE64_VARIANT, true);