harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

start to implement the code needed for verifying variable signature algorithms

Browse Source
This commit is contained in:
zotlabs 2017-07-25 22:17:31 -07:00
parent eec2871680
commit 7d82b5f28d
1 changed files with 31 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
include/zot.php
View File

@ -111,13 +111,15 @@ function zot_get_hublocs($hash) {
*/ */
function zot_build_packet($channel, $type = 'notify', $recipients = null, $remote_key = null, $methods = '', $secret = null, $extra = null) { function zot_build_packet($channel, $type = 'notify', $recipients = null, $remote_key = null, $methods = '', $secret = null, $extra = null) {
$sig_method = get_config('system','signature_algorithm','sha256');
$data = [ $data = [
'type' => $type, 'type' => $type,
'sender' => [ 'sender' => [
'guid' => $channel['channel_guid'], 'guid' => $channel['channel_guid'],
'guid_sig' => base64url_encode(rsa_sign($channel['channel_guid'],$channel['channel_prvkey'])), 'guid_sig' => base64url_encode(rsa_sign($channel['channel_guid'],$channel['channel_prvkey'],$sig_method)),
'url' => z_root(), 'url' => z_root(),
'url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])), 'url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'],$sig_method)),
'sitekey' => get_config('system','pubkey') 'sitekey' => get_config('system','pubkey')
], ],
'callback' => '/post', 'callback' => '/post',
@ -135,7 +137,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
if ($secret) { if ($secret) {
$data['secret'] = $secret; $data['secret'] = $secret;
$data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'])); $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method));
} }
if ($extra) { if ($extra) {
@ -576,6 +578,8 @@ function zot_register_hub($arr) {
if($arr['url'] && $arr['url_sig'] && $arr['guid'] && $arr['guid_sig']) { if($arr['url'] && $arr['url_sig'] && $arr['guid'] && $arr['guid_sig']) {
$sig_methods = ((array_key_exists('signing',$arr) && is_array($arr['signing'])) ? $arr['signing'] : [ 'sha256' ]);
$guid_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']); $guid_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']);
$url = $arr['url'] . '/.well-known/zot-info/?f=&guid_hash=' . $guid_hash; $url = $arr['url'] . '/.well-known/zot-info/?f=&guid_hash=' . $guid_hash;
@ -595,17 +599,18 @@ function zot_register_hub($arr) {
* our current communication. * our current communication.
*/ */
if((rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$record['key'])) foreach($sig_methods as $method) {
&& (rsa_verify($arr['url'],base64url_decode($arr['url_sig']),$record['key'])) if((rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$record['key'],$method))
&& (rsa_verify($arr['url'],base64url_decode($arr['url_sig']),$record['key'],$method))
&& ($arr['guid'] === $record['guid']) && ($arr['guid'] === $record['guid'])
&& ($arr['guid_sig'] === $record['guid_sig'])) { && ($arr['guid_sig'] === $record['guid_sig'])) {
$c = import_xchan($record); $c = import_xchan($record);
if($c['success']) if($c['success'])
$result['success'] = true; $result['success'] = true;
} }
else { else {
logger('zot_register_hub: failure to verify returned packet.'); logger('zot_register_hub: failure to verify returned packet using ' . $method);
}
} }
} }
} }
@ -658,8 +663,19 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
$import_photos = false; $import_photos = false;
if(! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key'])) { $sig_methods = ((array_key_exists('signing',$arr) && is_array($arr['signing'])) ? $arr['signing'] : [ 'sha256' ]);
logger('import_xchan: Unable to verify channel signature for ' . $arr['address']); $verified = false;
foreach($sig_methods as $method) {
if(! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key'],$method)) {
logger('import_xchan: Unable to verify channel signature for ' . $arr['address'] . ' using ' . $method);
continue;
}
else {
$verified = true;
}
}
if(! $verified) {
$ret['message'] = t('Unable to verify channel signature'); $ret['message'] = t('Unable to verify channel signature');
return $ret; return $ret;
} }