github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/kbcrypto/nacl_sig_info.go (about) 1 // Copyright 2018 Keybase, Inc. All rights reserved. Use of 2 // this source code is governed by the included BSD license. 3 4 package kbcrypto 5 6 import ( 7 "encoding/base64" 8 "errors" 9 "fmt" 10 11 keybase1 "github.com/keybase/client/go/protocol/keybase1" 12 ) 13 14 type NaclSigInfo struct { 15 Kid keybase1.BinaryKID `codec:"key"` 16 Payload []byte `codec:"payload,omitempty"` 17 Sig NaclSignature `codec:"sig"` 18 SigType AlgoType `codec:"sig_type"` 19 HashType HashType `codec:"hash_type"` 20 Detached bool `codec:"detached"` 21 Version int `codec:"version,omitempty"` 22 Prefix SignaturePrefix `codec:"prefix,omitempty"` 23 } 24 25 func (s *NaclSigInfo) GetTagAndVersion() (PacketTag, PacketVersion) { 26 return TagSignature, KeybasePacketV1 27 } 28 29 var _ Packetable = (*NaclSigInfo)(nil) 30 31 type BadKeyError struct { 32 Msg string 33 } 34 35 func (p BadKeyError) Error() string { 36 msg := "Bad key found" 37 if len(p.Msg) != 0 { 38 msg = msg + ": " + p.Msg 39 } 40 return msg 41 } 42 43 type VerificationError struct { 44 // XXX - NOTE(maxtaco) - 20190418 - this is not to be confused with Cause(), which interacts with the pkg/errors 45 // system. There should probably be a better solution than this, but let's leave it for now. 46 Cause error 47 } 48 49 func newVerificationErrorWithString(s string) VerificationError { 50 return VerificationError{Cause: errors.New(s)} 51 } 52 53 func NewVerificationError(e error) VerificationError { 54 return VerificationError{Cause: e} 55 } 56 57 func (e VerificationError) Error() string { 58 if e.Cause == nil { 59 return "Verification failed" 60 } 61 return fmt.Sprintf("Verification failed: %s", e.Cause.Error()) 62 } 63 64 func (e VerificationError) ToStatus() keybase1.Status { 65 cause := "" 66 if e.Cause != nil { 67 cause = e.Cause.Error() 68 } 69 return keybase1.Status{ 70 Code: SCSigCannotVerify, 71 Name: "SC_SIG_CANNOT_VERIFY", 72 Fields: []keybase1.StringKVPair{ 73 {Key: "Cause", Value: cause}, 74 }, 75 } 76 } 77 78 type UnhandledSignatureError struct { 79 version int 80 } 81 82 func (e UnhandledSignatureError) Error() string { 83 return fmt.Sprintf("unhandled signature version: %d", e.version) 84 } 85 86 func (s NaclSigInfo) Verify() (*NaclSigningKeyPublic, error) { 87 return s.verifyWithPayload(s.Payload, false) 88 } 89 90 // verifyWithPayload verifies the NaclSigInfo s, with the payload payload. Note that 91 // s may or may not have a payload already baked into it. If it does, and checkPayloadEquality 92 // is true, then we assert that the "baked-in" payload is equal to the specified payload. 93 // We'll only pass `false` for this flag from just above, to avoid checking that s.Payload == s.Payload, 94 // which we know it does. We need this unfortunate complexity because some signatures the client 95 // tries to verify are "attached," meaning the payload comes along with the sig info. And in other 96 // cases, the signatures are "detached", meaning they are supplied out-of-band. This function 97 // handles both cases. 98 func (s NaclSigInfo) verifyWithPayload(payload []byte, checkPayloadEquality bool) (*NaclSigningKeyPublic, error) { 99 key := KIDToNaclSigningKeyPublic(s.Kid) 100 if key == nil { 101 return nil, BadKeyError{} 102 } 103 if payload == nil { 104 return nil, newVerificationErrorWithString("nil payload") 105 } 106 if len(payload) == 0 { 107 return nil, newVerificationErrorWithString("empty payload") 108 } 109 110 if checkPayloadEquality && s.Payload != nil && !SecureByteArrayEq(payload, s.Payload) { 111 return nil, newVerificationErrorWithString("payload mismatch") 112 } 113 114 switch s.Version { 115 case 0, 1: 116 if !key.Verify(payload, s.Sig) { 117 return nil, newVerificationErrorWithString("verify failed") 118 } 119 case 2: 120 if !s.Prefix.IsWhitelisted() { 121 return nil, newVerificationErrorWithString("unknown prefix") 122 } 123 if !key.Verify(s.Prefix.Prefix(payload), s.Sig) { 124 return nil, newVerificationErrorWithString("verify failed") 125 } 126 default: 127 return nil, UnhandledSignatureError{s.Version} 128 } 129 130 return key, nil 131 } 132 133 func (s *NaclSigInfo) ArmoredEncode() (ret string, err error) { 134 return EncodePacketToArmoredString(s) 135 } 136 137 func DecodeNaclSigInfoPacket(data []byte) (NaclSigInfo, error) { 138 var info NaclSigInfo 139 err := DecodePacketFromBytes(data, &info) 140 if err != nil { 141 return NaclSigInfo{}, err 142 } 143 return info, nil 144 } 145 146 func DecodeArmoredNaclSigInfoPacket(s string) (NaclSigInfo, error) { 147 b, err := base64.StdEncoding.DecodeString(s) 148 if err != nil { 149 return NaclSigInfo{}, err 150 } 151 return DecodeNaclSigInfoPacket(b) 152 } 153 154 // NaclVerifyAndExtract interprets the given string as a NaCl-signed messaged, in 155 // the keybase NaclSigInfo (v1) format. It will check that the signature verified, and if so, 156 // will return the public key that was used for the verification, the payload of the signature, 157 // the full body of the decoded SignInfo, and an error 158 func NaclVerifyAndExtract(s string) (nk *NaclSigningKeyPublic, payload []byte, fullBody []byte, err error) { 159 fullBody, err = base64.StdEncoding.DecodeString(s) 160 if err != nil { 161 return nil, nil, nil, err 162 } 163 164 naclSig, err := DecodeNaclSigInfoPacket(fullBody) 165 if err != nil { 166 return nil, nil, nil, err 167 } 168 169 nk, err = naclSig.Verify() 170 if err != nil { 171 return nil, nil, nil, err 172 } 173 174 payload = naclSig.Payload 175 return nk, payload, fullBody, nil 176 } 177 178 func NaclVerifyWithPayload(sig string, payloadIn []byte) (nk *NaclSigningKeyPublic, fullBody []byte, err error) { 179 fullBody, err = base64.StdEncoding.DecodeString(sig) 180 if err != nil { 181 return nil, nil, err 182 } 183 184 naclSig, err := DecodeNaclSigInfoPacket(fullBody) 185 if err != nil { 186 return nil, nil, err 187 } 188 189 nk, err = naclSig.verifyWithPayload(payloadIn, true) 190 if err != nil { 191 return nil, nil, err 192 } 193 194 return nk, fullBody, nil 195 } 196 197 func (s NaclSigInfo) SigID() (ret keybase1.SigIDBase, err error) { 198 var body []byte 199 body, err = EncodePacketToBytes(&s) 200 if err != nil { 201 return "", err 202 } 203 return ComputeSigIDFromSigBody(body), nil 204 }