// VerifyUserSig verifies that the user-signature of UIDMessage is valid.
func (msg *Message) VerifyUserSig(preMsg *Message) error {
var ed25519Key cipher.Ed25519Key
// check message counter
if preMsg.UIDContent.MSGCOUNT+1 != msg.UIDContent.MSGCOUNT {
return log.Error(ErrIncrement)
}
// get content
content := msg.UIDContent.JSON()
// get self-signature
selfsig, err := base64.Decode(msg.USERSIGNATURE)
if err != nil {
return err
}
// create ed25519 key
pubKey, err := base64.Decode(preMsg.UIDContent.SIGKEY.PUBKEY)
if err != nil {
return err
}
if err := ed25519Key.SetPublicKey(pubKey); err != nil {
return err
}
// verify self-signature
if !ed25519Key.Verify(content, selfsig) {
return log.Error(ErrInvalidUserSig)
}
return nil
}
// Verify verifies that the KeyInit is valid and contains a valid ECDHE25519
// key.
func (ki *KeyInit) Verify(keyInitRepositoryURIs []string, sigPubKey string) error {
// The REPOURI points to this KeyInit Repository
if !util.ContainsString(keyInitRepositoryURIs, ki.Contents.REPOURI) {
log.Error(ErrRepoURI)
return ErrRepoURI
}
// verify that SESSIONANCHORHASH matches decrypted SESSIONANCHOR
sa, err := ki.SessionAnchor(sigPubKey)
if err != nil {
return err
}
// get KeyEntry message from SessionAnchor
ke, err := sa.KeyEntry("ECDHE25519")
if err != nil {
return err
}
// verify KeyEntry message
if err := ke.Verify(); err != nil {
return err
}
// NOTAFTER and NOTBEFORE are valid
if ki.Contents.NOTBEFORE >= ki.Contents.NOTAFTER {
log.Error(ErrInvalidTimes)
return ErrInvalidTimes
}
// not expired
if ki.Contents.NOTAFTER < uint64(times.Now()) {
log.Error(ErrExpired)
return ErrExpired
}
// SIGNATURE was made with UIDMessage.UIDContent.SIGKEY over Contents
var ed25519Key cipher.Ed25519Key
sig, err := base64.Decode(ki.SIGNATURE)
if err != nil {
return err
}
pubKey, err := base64.Decode(sigPubKey)
if err != nil {
return err
}
// create ed25519 key
ed25519Key.SetPublicKey(pubKey)
// verify self-signature
if !ed25519Key.Verify(ki.Contents.json(), sig) {
log.Error(ErrInvalidKeyInitSig)
return ErrInvalidKeyInitSig
}
return nil
}
// VerifyNonce verifies the nonce signature with the given sigPubKey.
func VerifyNonce(sigPubKey string, nonce uint64, signature string) error {
var ed25519Key cipher.Ed25519Key
sig, err := base64.Decode(signature)
if err != nil {
return err
}
pubKey, err := base64.Decode(sigPubKey)
if err != nil {
return err
}
if err := ed25519Key.SetPublicKey(pubKey); err != nil {
return err
}
if !ed25519Key.Verify(encode.ToByte8(nonce), sig) {
return log.Error(ErrInvalidNonceSig)
}
return nil
}
// VerifySrvSig verifies the signature with the srvPubKey.
func (ki *KeyInit) VerifySrvSig(signature, srvPubKey string) error {
var ed25519Key cipher.Ed25519Key
// get server-signature
sig, err := base64.Decode(signature)
if err != nil {
return err
}
// create ed25519 key
pubKey, err := base64.Decode(srvPubKey)
if err != nil {
return err
}
ed25519Key.SetPublicKey(pubKey)
// verify server-signature
if !ed25519Key.Verify(ki.JSON(), sig) {
log.Error(ErrInvalidSrvSig)
return ErrInvalidSrvSig
}
return nil
}
// CreateReply creates MessageReply.
func CreateReply(
UIDMessageEncrypted, HCEntry string,
HCPos uint64,
sigKey *cipher.Ed25519Key,
) *MessageReply {
// Construct Entry from hcEntry, hcPos, UIDMessageEncrypted
entry := Entry{
UIDMESSAGEENCRYPTED: UIDMessageEncrypted,
HASHCHAINENTRY: HCEntry,
HASHCHAINPOS: HCPos,
}
// Sign Entry by Key Server's key pkey: serverSig = sign(pkey, Entry)
serverSig := sigKey.Sign(entry.json())
// Construct MessageReply from Entry, serverSig
return &MessageReply{
ENTRY: entry,
SERVERSIGNATURE: base64.Encode(serverSig),
}
}
// VerifySelfSig verifies that the self-signature of UIDMessage is valid.
func (msg *Message) VerifySelfSig() error {
var ed25519Key cipher.Ed25519Key
// get content
content := msg.UIDContent.JSON()
// get self-signature
selfsig, err := base64.Decode(msg.SELFSIGNATURE)
if err != nil {
return err
}
// create ed25519 key
pubKey, err := base64.Decode(msg.UIDContent.SIGKEY.PUBKEY)
if err != nil {
return err
}
if err := ed25519Key.SetPublicKey(pubKey); err != nil {
return err
}
// verify self-signature
if !ed25519Key.Verify(content, selfsig) {
return log.Error(ErrInvalidSelfSig)
}
return nil
}
// VerifySrvSig verifies that the server-signature of MessageReply is valid.
func (reply *MessageReply) VerifySrvSig(msg *Message, srvPubKey string) error {
// make sure messages match
UIDHash, UIDIndex, _ := msg.Encrypt()
idx, msg, err := reply.Decrypt(UIDHash)
if err != nil {
return err
}
if !bytes.Equal(idx, UIDIndex) {
return log.Error(ErrMsgMismatch)
}
if !bytes.Equal(msg.JSON(), msg.JSON()) {
return log.Error(ErrMsgMismatch)
}
// verify server signature
var ed25519Key cipher.Ed25519Key
// get content
content := reply.ENTRY.json()
// get server-signature
sig, err := base64.Decode(reply.SERVERSIGNATURE)
if err != nil {
return log.Error(err)
}
// create ed25519 key
pubKey, err := base64.Decode(srvPubKey)
if err != nil {
return log.Error(err)
}
if err := ed25519Key.SetPublicKey(pubKey); err != nil {
return err
}
// verify server-signature
if !ed25519Key.Verify(content, sig) {
return log.Error(ErrInvalidSrvSig)
}
return nil
}
// Sign signs the KeyInit message and returns the signature.
func (ki *KeyInit) Sign(sigKey *cipher.Ed25519Key) string {
return base64.Encode(sigKey.Sign(ki.JSON()))
}
