search

nostrver-se / nostr-php

PHP helper library for Nostr https://nostr-php.dev
https://nostr-php.dev
MIT License
53 stars 15 forks source link

event verify not working #49

Closed github-tijlxyz closed 8 months ago

github-tijlxyz commented 9 months ago

Event verify doesn't seem to work for my events that are signed with Alby nip07 signer or go-nostr. I also tried setting all the field manually like $event->setContent('...') ect.

Example code:

$json = '{"id":"d677b5efa1484e3461884d6ba01e78b7ced36ccfc4b5b873c0b4142ea574938f","pubkey":"07adfda9c5adc80881bb2a5220f6e3181e0c043b90fa115c4f183464022968e6","created_at":1707844702,"kind":27236,"tags":[],"content":"hey, this is just a test","sig":"49352dbe20322a9cc40433537a147805e2541846c006a3e06d9f90faadb89c83ee6da24807fb9eddc6ed9a1d3c15cd5438df07ec6149d6bf48fe1312c9593567"}';

$event = new Event();
$isValid = $event->verify($json);

error:

[...] local.ERROR: hex2bin(): Hexadecimal input string must have an even length {"exception":"[object] (ErrorException(code: 0): hex2bin(): Hexadecimal input string must have an even length at .../project/vendor/public-square/phpecc/src/Crypto/Signature/SchnorrSignature.php:123)
Sebastix commented 9 months ago

I assume you're sure that the signature matches the used public key in those signer tools and in your php code?

github-tijlxyz commented 9 months ago

I assume you're sure that the signature matches the used public key in those signer tools and in your php code?

Yes

1ma commented 8 months ago

I added a test case to the native Nostr extension (based on libsecp256k1) that verifies that this combination of public key, message and signature is actually correct: https://github.com/1ma/secp256k1-nostr-php/commit/4634befb3200039f6beb0326d6e2ec4ceecf04bb

I can also reproduce the issue on phpecc. It's actually two separate (but maybe related?) problems: one warning and one fatal error:

use Mdanter\Ecc\Crypto\Signature\SchnorrSignature;

require_once __DIR__ . '/vendor/autoload.php';

$pubkey = '07adfda9c5adc80881bb2a5220f6e3181e0c043b90fa115c4f183464022968e6';
$signature = '49352dbe20322a9cc40433537a147805e2541846c006a3e06d9f90faadb89c83ee6da24807fb9eddc6ed9a1d3c15cd5438df07ec6149d6bf48fe1312c9593567';
$message = 'd677b5efa1484e3461884d6ba01e78b7ced36ccfc4b5b873c0b4142ea574938f';

var_dump((new SchnorrSignature())->verify($pubkey, $signature, $message));

Expected output:

bool(true)

Actual output:

PHP Warning:  hex2bin(): Hexadecimal input string must have an even length in vendor/public-square/phpecc/src/Crypto/Signature/SchnorrSignature.php on line 123
PHP Fatal error:  Uncaught TypeError: hash(): Argument #2 ($data) must be of type string, false given in vendor/public-square/phpecc/src/Crypto/Signature/SchnorrSignature.php:124
Stack trace:
#0 vendor/public-square/phpecc/src/Crypto/Signature/SchnorrSignature.php(124): hash()
#1 /home/marcel/.config/JetBrains/PhpStorm2023.3/scratches/aviam.php(13): Mdanter\Ecc\Crypto\Signature\SchnorrSignature->verify()
#2 {main}
  thrown in vendor/public-square/phpecc/src/Crypto/Signature/SchnorrSignature.php on line 124

This confirms this is a bug in public-square/phpecc v0.1.2.

Tagging @agccurtis here because the repo doesn't allow creating issues.

Sebastix commented 8 months ago

Fixed in https://github.com/swentel/nostr-php/pull/51