eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

Magicsig::generate is now static

Browse Source 
This also fixes a problem with "initial salmon slap", which was a
problem for newly registered accounts which would have their first
salmon slap fail to distribute since there was a problem with Magicsig
keys. Apparently we have to re-read them with importKeys so the
Crypt_RSA objects publicKey and privateKey match later instances of them.

I think it may have been that generate() doesn't specify a signatureMode,
but I leave experimentation of that to the future.
This commit is contained in:
Mikael Nordfeldth 2014-06-02 21:50:40 +02:00
parent 537dff7987
commit 0bc122ff58
3 changed files with 40 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/OStatus/OStatusPlugin.php
View File

@ -1344,9 +1344,7 @@ class OStatusPlugin extends Plugin
// Get this profile's keypair // Get this profile's keypair
$magicsig = Magicsig::getKV('user_id', $target->id); $magicsig = Magicsig::getKV('user_id', $target->id);
if (!$magicsig instanceof Magicsig && $target->isLocal()) { if (!$magicsig instanceof Magicsig && $target->isLocal()) {
// No keypair yet, let's generate one. Only for local users. $magicsig = Magicsig::generate($target->getUser());
$magicsig = new Magicsig();
$magicsig->generate($target->getUser());
} }
if ($magicsig instanceof Magicsig) { if ($magicsig instanceof Magicsig) {

23
plugins/OStatus/classes/Magicsig.php
View File

@ -132,7 +132,7 @@ class Magicsig extends Managed_DataObject
*/ */
function insert() function insert()
{ {
$this->keypair = $this->toString(); $this->keypair = $this->toString(true);
return parent::insert(); return parent::insert();
} }
@ -145,20 +145,25 @@ class Magicsig extends Managed_DataObject
* *
* @param User $user the local user (since we don't have remote private keys) * @param User $user the local user (since we don't have remote private keys)
*/ */
public function generate(User $user, $bits=1024) public static function generate(User $user, $bits=1024, $alg='RSA-SHA256')
{ {
$magicsig = new Magicsig($alg);
$magicsig->user_id = $user->id;
$rsa = new Crypt_RSA(); $rsa = new Crypt_RSA();
$keypair = $rsa->createKey($bits); $keypair = $rsa->createKey($bits);
$this->privateKey = new Crypt_RSA(); $magicsig->privateKey = new Crypt_RSA();
$this->privateKey->loadKey($keypair['privatekey']); $magicsig->privateKey->loadKey($keypair['privatekey']);
$this->publicKey = new Crypt_RSA(); $magicsig->publicKey = new Crypt_RSA();
$this->publicKey->loadKey($keypair['publickey']); $magicsig->publicKey->loadKey($keypair['publickey']);
$this->user_id = $user->id; $magicsig->insert(); // will do $this->keypair = $this->toString(true);
$this->insert(); $magicsig->importKeys(); // seems it's necessary to re-read keys from text keypair
return $magicsig;
} }
/** /**
@ -172,7 +177,7 @@ class Magicsig extends Managed_DataObject
$mod = Magicsig::base64_url_encode($this->publicKey->modulus->toBytes()); $mod = Magicsig::base64_url_encode($this->publicKey->modulus->toBytes());
$exp = Magicsig::base64_url_encode($this->publicKey->exponent->toBytes()); $exp = Magicsig::base64_url_encode($this->publicKey->exponent->toBytes());
$private_exp = ''; $private_exp = '';
if ($full_pair && $this->privateKey->exponent->toBytes()) { if ($full_pair && $this->privateKey instanceof Crypt_RSA && $this->privateKey->exponent->toBytes()) {
$private_exp = '.' . Magicsig::base64_url_encode($this->privateKey->exponent->toBytes()); $private_exp = '.' . Magicsig::base64_url_encode($this->privateKey->exponent->toBytes());
} }

45
plugins/OStatus/lib/magicenvelope.php
View File

@ -153,21 +153,23 @@ class MagicEnvelope
* @param <type> $text * @param <type> $text
* @param <type> $mimetype * @param <type> $mimetype
* @param Magicsig $magicsig Magicsig with private key available. * @param Magicsig $magicsig Magicsig with private key available.
*
* @return MagicEnvelope object with all properties set * @return MagicEnvelope object with all properties set
*
* @throws Exception of various kinds on signing failure
*/ */
public static function signMessage($text, $mimetype, Magicsig $magicsig) public function signMessage($text, $mimetype, Magicsig $magicsig)
{ {
$magic_env = new MagicEnvelope(); assert($magicsig->privateKey instanceof Crypt_RSA);
// Prepare text and metadata for signing // Prepare text and metadata for signing
$magic_env->data = Magicsig::base64_url_encode($text); $this->data = Magicsig::base64_url_encode($text);
$magic_env->data_type = $mimetype; $this->data_type = $mimetype;
$magic_env->encoding = self::ENCODING; $this->encoding = self::ENCODING;
$magic_env->alg = $magicsig->getName(); $this->alg = $magicsig->getName();
// Get the actual signature
$magic_env->sig = $magicsig->sign($magic_env->signingText());
return $magic_env; // Get the actual signature
$this->sig = $magicsig->sign($this->signingText());
} }
/** /**
@ -182,7 +184,7 @@ class MagicEnvelope
$xs->element('me:data', array('type' => $this->data_type), $this->data); $xs->element('me:data', array('type' => $this->data_type), $this->data);
$xs->element('me:encoding', null, $this->encoding); $xs->element('me:encoding', null, $this->encoding);
$xs->element('me:alg', null, $this->alg); $xs->element('me:alg', null, $this->alg);
$xs->element('me:sig', null, $this->sig); $xs->element('me:sig', null, $this->getSignature());
$xs->elementEnd('me:env'); $xs->elementEnd('me:env');
$string = $xs->getString(); $string = $xs->getString();
@ -220,7 +222,7 @@ class MagicEnvelope
$prov->appendChild($enc); $prov->appendChild($enc);
$alg = $dom->createElementNS(self::NS, 'me:alg', $this->alg); $alg = $dom->createElementNS(self::NS, 'me:alg', $this->alg);
$prov->appendChild($alg); $prov->appendChild($alg);
$sig = $dom->createElementNS(self::NS, 'me:sig', $this->sig); $sig = $dom->createElementNS(self::NS, 'me:sig', $this->getSignature());
$prov->appendChild($sig); $prov->appendChild($sig);
$dom->documentElement->appendChild($prov); $dom->documentElement->appendChild($prov);
@ -231,6 +233,11 @@ class MagicEnvelope
return $dom; return $dom;
} }
public function getSignature()
{
return $this->sig;
}
/** /**
* Find the author URI referenced in the payload Atom entry. * Find the author URI referenced in the payload Atom entry.
* *
@ -280,7 +287,7 @@ class MagicEnvelope
return false; return false;
} }
return $magicsig->verify($this->signingText(), $this->sig); return $magicsig->verify($this->signingText(), $this->getSignature());
} }
/** /**
@ -326,24 +333,22 @@ class MagicEnvelope
* @param string $text XML fragment to sign, assumed to be Atom * @param string $text XML fragment to sign, assumed to be Atom
* @param User $user User who cryptographically signs $text * @param User $user User who cryptographically signs $text
* *
* @return string XML string representation of magic envelope * @return MagicEnvelope object complete with signature
* *
* @throws Exception on bad profile input or key generation problems * @throws Exception on bad profile input or key generation problems
* @fixme if signing fails, this seems to return the original text without warning. Is there a reason for this?
*/ */
public static function signAsUser($text, User $user) public static function signAsUser($text, User $user)
{ {
// Find already stored key // Find already stored key
$magicsig = Magicsig::getKV('user_id', $user->id); $magicsig = Magicsig::getKV('user_id', $user->id);
if (!$magicsig instanceof Magicsig) { if (!$magicsig instanceof Magicsig) {
// No keypair yet, let's generate one. $magicsig = Magicsig::generate($user);
$magicsig = new Magicsig();
$magicsig->generate($user);
} }
assert($magicsig instanceof Magicsig);
assert($magicsig->privateKey instanceof Crypt_RSA);
$magic_env = self::signMessage($text, 'application/atom+xml', $magicsig); $magic_env = new MagicEnvelope();
$magic_env->signMessage($text, 'application/atom+xml', $magicsig);
assert($magic_env instanceof MagicEnvelope);
return $magic_env; return $magic_env;
} }