Exemplo n.º 1
0
// VerifyUserSig verifies that the user-signature of UIDMessage is valid.
func (msg *Message) VerifyUserSig(preMsg *Message) error {
	var ed25519Key cipher.Ed25519Key
	// check message counter
	if preMsg.UIDContent.MSGCOUNT+1 != msg.UIDContent.MSGCOUNT {
		return log.Error(ErrIncrement)
	}
	// get content
	content := msg.UIDContent.JSON()
	// get self-signature
	selfsig, err := base64.Decode(msg.USERSIGNATURE)
	if err != nil {
		return err
	}
	// create ed25519 key
	pubKey, err := base64.Decode(preMsg.UIDContent.SIGKEY.PUBKEY)
	if err != nil {
		return err
	}
	if err := ed25519Key.SetPublicKey(pubKey); err != nil {
		return err
	}
	// verify self-signature
	if !ed25519Key.Verify(content, selfsig) {
		return log.Error(ErrInvalidUserSig)
	}
	return nil
}
Exemplo n.º 2
0
// Verify verifies that the KeyInit is valid and contains a valid ECDHE25519
// key.
func (ki *KeyInit) Verify(keyInitRepositoryURIs []string, sigPubKey string) error {
	// The REPOURI points to this KeyInit Repository
	if !util.ContainsString(keyInitRepositoryURIs, ki.Contents.REPOURI) {
		log.Error(ErrRepoURI)
		return ErrRepoURI
	}

	// verify that SESSIONANCHORHASH matches decrypted SESSIONANCHOR
	sa, err := ki.SessionAnchor(sigPubKey)
	if err != nil {
		return err
	}

	// get KeyEntry message from SessionAnchor
	ke, err := sa.KeyEntry("ECDHE25519")
	if err != nil {
		return err
	}

	// verify KeyEntry message
	if err := ke.Verify(); err != nil {
		return err
	}

	// NOTAFTER and NOTBEFORE are valid
	if ki.Contents.NOTBEFORE >= ki.Contents.NOTAFTER {
		log.Error(ErrInvalidTimes)
		return ErrInvalidTimes
	}
	// not expired
	if ki.Contents.NOTAFTER < uint64(times.Now()) {
		log.Error(ErrExpired)
		return ErrExpired
	}

	// SIGNATURE was made with UIDMessage.UIDContent.SIGKEY over Contents
	var ed25519Key cipher.Ed25519Key
	sig, err := base64.Decode(ki.SIGNATURE)
	if err != nil {
		return err
	}
	pubKey, err := base64.Decode(sigPubKey)
	if err != nil {
		return err
	}
	// create ed25519 key
	ed25519Key.SetPublicKey(pubKey)
	// verify self-signature
	if !ed25519Key.Verify(ki.Contents.json(), sig) {
		log.Error(ErrInvalidKeyInitSig)
		return ErrInvalidKeyInitSig
	}

	return nil
}
Exemplo n.º 3
0
// VerifyNonce verifies the nonce signature with the given sigPubKey.
func VerifyNonce(sigPubKey string, nonce uint64, signature string) error {
	var ed25519Key cipher.Ed25519Key
	sig, err := base64.Decode(signature)
	if err != nil {
		return err
	}
	pubKey, err := base64.Decode(sigPubKey)
	if err != nil {
		return err
	}
	if err := ed25519Key.SetPublicKey(pubKey); err != nil {
		return err
	}
	if !ed25519Key.Verify(encode.ToByte8(nonce), sig) {
		return log.Error(ErrInvalidNonceSig)
	}
	return nil
}
Exemplo n.º 4
0
// VerifySrvSig verifies the signature with the srvPubKey.
func (ki *KeyInit) VerifySrvSig(signature, srvPubKey string) error {
	var ed25519Key cipher.Ed25519Key
	// get server-signature
	sig, err := base64.Decode(signature)
	if err != nil {
		return err
	}
	// create ed25519 key
	pubKey, err := base64.Decode(srvPubKey)
	if err != nil {
		return err
	}
	ed25519Key.SetPublicKey(pubKey)
	// verify server-signature
	if !ed25519Key.Verify(ki.JSON(), sig) {
		log.Error(ErrInvalidSrvSig)
		return ErrInvalidSrvSig
	}
	return nil
}
Exemplo n.º 5
0
// VerifySelfSig verifies that the self-signature of UIDMessage is valid.
func (msg *Message) VerifySelfSig() error {
	var ed25519Key cipher.Ed25519Key
	// get content
	content := msg.UIDContent.JSON()
	// get self-signature
	selfsig, err := base64.Decode(msg.SELFSIGNATURE)
	if err != nil {
		return err
	}
	// create ed25519 key
	pubKey, err := base64.Decode(msg.UIDContent.SIGKEY.PUBKEY)
	if err != nil {
		return err
	}
	if err := ed25519Key.SetPublicKey(pubKey); err != nil {
		return err
	}
	// verify self-signature
	if !ed25519Key.Verify(content, selfsig) {
		return log.Error(ErrInvalidSelfSig)
	}
	return nil
}
Exemplo n.º 6
0
// VerifySrvSig verifies that the server-signature of MessageReply is valid.
func (reply *MessageReply) VerifySrvSig(msg *Message, srvPubKey string) error {
	// make sure messages match
	UIDHash, UIDIndex, _ := msg.Encrypt()
	idx, msg, err := reply.Decrypt(UIDHash)
	if err != nil {
		return err
	}
	if !bytes.Equal(idx, UIDIndex) {
		return log.Error(ErrMsgMismatch)
	}
	if !bytes.Equal(msg.JSON(), msg.JSON()) {
		return log.Error(ErrMsgMismatch)
	}
	// verify server signature
	var ed25519Key cipher.Ed25519Key
	// get content
	content := reply.ENTRY.json()
	// get server-signature
	sig, err := base64.Decode(reply.SERVERSIGNATURE)
	if err != nil {
		return log.Error(err)
	}
	// create ed25519 key
	pubKey, err := base64.Decode(srvPubKey)
	if err != nil {
		return log.Error(err)
	}
	if err := ed25519Key.SetPublicKey(pubKey); err != nil {
		return err
	}
	// verify server-signature
	if !ed25519Key.Verify(content, sig) {
		return log.Error(ErrInvalidSrvSig)
	}
	return nil
}