Accueil Explorer Aide
Connexion
Tilo15
/
php-ppub
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: 3d554f5fe1
Branches Tags
php-ppub
/
ppcl.php

ppcl.php 6.6 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194 
  1. <?php
    2. 

  2. 

  3. class Ppcl {
    4. 

  4.     public $identifier;
    5. 

  5.     public $serial;
    6. 

  6.     public $domains = array();
    7. 

  7.     public $members = array();
    8. 

  8.     public $agents = array();
    9. 

  9.     public $last_modified;
    10. 

  10.     public $signature;
    11. 

  11.     public $shared_signature_key;
    12. 

  12.     public $shared_signature;
    13. 

  13.     public $name;
    14. 

  14.     public $current_state_token;
    15. 

  15. 

  16.     public $publications = array();
    17. 

  17.     private $authoritative_part;
    18. 

  18. 

  19.     public function from_string($str) {
    20. 

  20.         $lines = explode("\n", $str);
    21. 

  21.         $header = explode(" ", $lines[0]);
    22. 

  22.         $this->authoritative_part = explode("\nMOD ", $str, 2)[0];
    23. 

  23. 

  24.         if($header[0] != "PPCL") {
    25. 

  25.             throw new Exception("Header does not start with PPCL magic number", 1);
    26. 

  26.         }
    27. 

  27.         $this->identifier = base64_decode($header[1]);
    28. 

  28.         $this->serial = (int)$header[2];
    29. 

  29. 

  30.         $authoritative = true;
    31. 

  31.         foreach ($lines as $line) {
    32. 

  32.             $entry = explode(" ", $line);
    33. 

  33.             if($entry[0] == "PPCL") {
    34. 

  34.                 continue;
    35. 

  35.             }
    36. 

  36.             if($entry[0] == "SSK" && $authoritative) {
    37. 

  37.                 $this->shared_signature_key = base64_decode($entry[1]);
    38. 

  38.             }
    39. 

  39.             else if($entry[0] == "NAM" && $authoritative) {
    40. 

  40.                 $this->name = explode(" ", $line, 2)[1];
    41. 

  41.             }
    42. 

  42.             else if($entry[0] == "DOM" && $authoritative) {
    43. 

  43.                 array_push($this->domains, $entry[1]);
    44. 

  44.             }
    45. 

  45.             else if($entry[0] == "MEM" && $authoritative) {
    46. 

  46.                 array_push($this->members, new CollectionMember($entry[1], base64_decode($entry[2]), base64_decode($entry[3]), base64_decode($entry[4])));
    47. 

  47.             }
    48. 

  48.             else if($entry[0] == "AGT" && $authoritative) {
    49. 

  49.                 array_push($this->agents, new CollectionAgent($entry[1], base64_decode($entry[2]), base64_decode($entry[3])));
    50. 

  50.             }
    51. 

  51.             else if($entry[0] == "SIG" && $authoritative) {
    52. 

  52.                 $this->signature = base64_decode($entry[1]);
    53. 

  53.                 $authoritative = false;
    54. 

  54.             }
    55. 

  55.             else if($entry[0] == "CST") {
    56. 

  56.                 $this->current_state_token = base64_decode($entry[1]);
    57. 

  57.             }
    58. 

  58.             else if($entry[0] == "MOD") {
    59. 

  59.                 $this->last_modified = new DateTime($entry[1]);
    60. 

  60.             }
    61. 

  61.             else if($entry[0] == "PUB") {
    62. 

  62.                 array_push($this->publications, new CollectionPublication($line, $this->members));
    63. 

  63.             }
    64. 

  64.             else if($entry[0] == "SSG") {
    65. 

  65.                 $this->shared_signature = base64_decode($entry[1]);
    66. 

  66.             }
    67. 

  67.         }
    68. 

  68. 

  69.         // Verify authoritative signature
    70. 

  70.         $parts = explode("\nSIG ", $str, 2);
    71. 

  71.         $hash = hash("sha512", $parts[0], true);
    72. 

  72.         $sig_data = sodium_crypto_sign_open($this->signature, $this->identifier);
    73. 

  73.         if($hash != $sig_data) {
    74. 

  74.             throw new Exception("Invalid authoritative signature", 1);
    75. 

  75.         }
    76. 

  76. 

  77.         // Verify shared signature
    78. 

  78.         $parts = explode("\nSSG ", $str, 2);
    79. 

  79.         $hash = hash("sha512", $parts[0], true);
    80. 

  80.         $sig_data = sodium_crypto_sign_open($this->shared_signature, $this->shared_signature_key);
    81. 

  81.         if($hash != $sig_data) {
    82. 

  82.             throw new Exception("Invalid shared signature", 1);
    83. 

  83.         }
    84. 

  84.     }
    85. 

  85. 

  86.     public function to_string() {
    87. 

  87.         $str = $this->authoritative_part;
    88. 

  88.         $now = new DateTime();
    89. 

  89.         $token = random_bytes(256);
    90. 

  90.         $str .= "\nCST " . $token . "\nMOD " . $now->format(DateTime::ATOM) . "\n";
    91. 

  91.         usort($this->publications, function ($a, $b) { return $a->timestamp <=> $b->timestamp; });
    92. 

  92.         foreach($this->publications as $pub) {
    93. 

  93.             $str .= "\n" . $pub->raw_data;
    94. 

  94.         }
    95. 

  95.         $checksum = hash("sha512", $str, true);
    96. 

  96. 

  97.         $agent = null;
    98. 

  98.         foreach($this->agents as $agt) {
    99. 

  99.             if($agt->public_key == base64_decode(PPCL_AGENT_PUBLIC_KEY)) {
    100. 

  100.                 $agent = $agt;
    101. 

  101.                 break;
    102. 

  102.             }
    103. 

  103.         }
    104. 

  104.         if($agent == null) {
    105. 

  105.             throw new Exception("Public key defined in config (PPCL_AGENT_PUBLIC_KEY) not present in PPCL file", 1);
    106. 

  106.         }
    107. 

  107. 

  108.         $key = sodium_crypto_box_keypair_from_secretkey_and_publickey(base64_decode(PPCL_AGENT_SECRET_KEY), $agent->public_key);
    109. 

  109.         $secret = sodium_crypto_box_seal_open($agent->collection_secret, $key);
    110. 

  110.         if($secret == null) {
    111. 

  111.             throw new Exception("Could not decrypt collection secret", 1);
    112. 

  112.         }
    113. 

  113. 

  114.         $shared_signature = sodium_crypto_sign($checksum, $secret);
    115. 

  115.         $str .= "\nSSG " . base64_encode($shared_signature);
    116. 

  116.         return $str;
    117. 

  117.     }
    118. 

  118. }
    119. 

  119. 

  120. class CollectionMember {
    121. 

  121.     public $name;
    122. 

  122.     public $signing_public_key;
    123. 

  123.     public $sealing_public_key;
    124. 

  124.     public $collection_secret;
    125. 

  125.     
    126. 

  126.     public function __construct($name, $sign_key, $seal_key, $secret) {
    127. 

  127.         $this->name = $name;
    128. 

  128.         $this->signing_public_key = $sign_key;
    129. 

  129.         $this->sealing_public_key = $seal_key;
    130. 

  130.         $this->collection_secret = $secret;
    131. 

  131.     }
    132. 

  132. }
    133. 

  133. 

  134. class CollectionAgent {
    135. 

  135.     public $name;
    136. 

  136.     public $public_key;
    137. 

  137.     public $collection_secret;
    138. 

  138.     
    139. 

  139.     public function __construct($name, $key, $secret) {
    140. 

  140.         $this->name = $name;
    141. 

  141.         $this->public_key = $key;
    142. 

  142.         $this->collection_secret = $secret;
    143. 

  143.     }
    144. 

  144. }
    145. 

  145. 

  146. class CollectionPublication {
    147. 

  147.     public $name;
    148. 

  148.     public $member_name;
    149. 

  149.     public $timestamp;
    150. 

  150.     public $signature;
    151. 

  151.     public $checksum;
    152. 

  152.     public $raw_data;
    153. 

  153. 

  154.     public function __construct($line, $members) {
    155. 

  155.         $this->raw_data = $line;
    156. 

  156.         $parts = explode(": ", $line, 2);
    157. 

  157.         $params = explode(" ", $parts[1]);
    158. 

  158. 

  159.         $this->name = substr($parts[0], 4);
    160. 

  160.         $this->member_name = $params[0];
    161. 

  161.         $this->timestamp = new DateTime($params[1]);
    162. 

  162.         $this->signature = base64_decode($params[2]);
    163. 

  163.         
    164. 

  164.         $member = null;
    165. 

  165.         foreach($members as $m) {
    166. 

  166.             if($m->name == $this->member_name) {
    167. 

  167.                 $member = $m;
    168. 

  168.                 break;
    169. 

  169.             }
    170. 

  170.         }
    171. 

  171. 

  172.         if($member == null) {
    173. 

  173.             throw new Exception("PUB entry references member (" . $this->member_name . ") that is not present in the collection", 1);
    174. 

  174.         }
    175. 

  175. 

  176.         $hash_data = $this->name . ": " . $this->member_name . " " . $params[1];
    177. 

  177.         $hash = hash("sha512", $hash_data, true);
    178. 

  178.         $sig_data = sodium_crypto_sign_open($this->signature, $member->signing_public_key);
    179. 

  179.         if(substr($sig_data, 0, 64) != $hash) {
    180. 

  180.             throw new Exception("Invalid member signature on publication " . $this->name , 1);
    181. 

  181.         }
    182. 

  182. 

  183.         $this->checksum = substr($sig_data, 64, 64);
    184. 

  184.     }
    185. 

  185.     
    186. 

  186.     public function verify_ppub() {
    187. 

  187.         $file_hash = hash_file("sha512", PUBLICATION_DIR . "/" . $this->name, true);
    188. 

  188.         return $file_hash == $this->checksum;
    189. 

  189.     }
    190. 

  190. 

  191. }
    192. 

  192. 

  193. 

  194. ?>
    195.