From 735b49f4e7d952a059c8292c2468f255ae398821 Mon Sep 17 00:00:00 2001
From: SMIRNOVAM3 <smirnov.am@svrlab.ru>
Date: Mon, 4 Dec 2023 11:32:03 +0300
Subject: [PATCH] feat: public NKey in connect for verifying the signature

For information, see:
https://docs.nats.io/reference/reference-protocols/nats-protocol#syntax-1

The algorithm was reverse-engineered from nats.py client:
https://github.com/nats-io/nats.py/blob/3dbc3cfbfae32174b5000a53398140631d488636/nats/aio/client.py#L603C3-L603C3

Tested against NATS 2.9.15
---
 src/Authenticator.php                         |  1 +
 src/Client.php                                |  1 +
 src/Message/Connect.php                       |  1 +
 src/NKeys/Authenticator.php                   |  5 ++
 src/NKeys/{Base32Decoder.php => Base32.php}   | 53 +++++++++++++-
 src/NKeys/CRC16.php                           | 57 +++++++++++++++
 src/NKeys/SecretKey.php                       | 71 +++++++++++++++----
 tests/Unit/NKeys/AuthenticatorTest.php        | 19 ++++-
 .../{Base32DecoderTest.php => Base32Test.php} | 40 ++++++++---
 tests/Unit/NKeys/CRC16Test.php                | 29 ++++++++
 tests/Unit/NKeys/SecretKeyTest.php            | 28 ++++++--
 11 files changed, 278 insertions(+), 27 deletions(-)
 rename src/NKeys/{Base32Decoder.php => Base32.php} (73%)
 create mode 100644 src/NKeys/CRC16.php
 rename tests/Unit/NKeys/{Base32DecoderTest.php => Base32Test.php} (56%)
 create mode 100644 tests/Unit/NKeys/CRC16Test.php

diff --git a/src/Authenticator.php b/src/Authenticator.php
index f06bade..ffec8cf 100644
--- a/src/Authenticator.php
+++ b/src/Authenticator.php
@@ -10,6 +10,7 @@
 abstract class Authenticator
 {
     abstract public function sign(string $nonce): string;
+    abstract public function getPublicKey(): string;
 
     public static function create(Configuration $configuration): ?self
     {
diff --git a/src/Client.php b/src/Client.php
index ebcab94..836bb06 100644
--- a/src/Client.php
+++ b/src/Client.php
@@ -104,6 +104,7 @@ public function connect(): self
         }
         if (isset($this->info->nonce) && $this->authenticator) {
             $this->connect->sig = $this->authenticator->sign($this->info->nonce);
+            $this->connect->nkey = $this->authenticator->getPublicKey();
         }
 
         $this->send($this->connect);
diff --git a/src/Message/Connect.php b/src/Message/Connect.php
index cf7abcd..71fc0b2 100644
--- a/src/Message/Connect.php
+++ b/src/Message/Connect.php
@@ -20,6 +20,7 @@ class Connect extends Prototype
     public string $tls_required;
     public string $user;
     public string $version;
+    public string $nkey;
 
     public function render(): string
     {
diff --git a/src/NKeys/Authenticator.php b/src/NKeys/Authenticator.php
index 3e4c66e..e776e0d 100644
--- a/src/NKeys/Authenticator.php
+++ b/src/NKeys/Authenticator.php
@@ -18,4 +18,9 @@ public function sign(string $nonce): string
 
         return base64_encode($signature);
     }
+
+    public function getPublicKey(): string
+    {
+        return $this->key->getPublicKey();
+    }
 }
diff --git a/src/NKeys/Base32Decoder.php b/src/NKeys/Base32.php
similarity index 73%
rename from src/NKeys/Base32Decoder.php
rename to src/NKeys/Base32.php
index 8459f2e..0dfaf2c 100644
--- a/src/NKeys/Base32Decoder.php
+++ b/src/NKeys/Base32.php
@@ -9,7 +9,7 @@
 /**
  * @see https://github.com/selective-php/base32
  */
-class Base32Decoder
+class Base32
 {
     /**
      * @var array<string>
@@ -88,6 +88,57 @@ class Base32Decoder
         '7' => '31',
     ];
 
+    /**
+     * Encodes data with base32.
+     *
+     * @param string $input The original data, as a string
+     * @param bool $padding Use padding false when encoding for urls
+     *
+     * @return string The Base32 encoded string
+     */
+    public function encode(string $input, bool $padding = true): string
+    {
+        if ($input === '') {
+            return '';
+        }
+
+        $input = str_split($input);
+        $binaryString = '';
+
+        $inputCount = count($input);
+        for ($i = 0; $i < $inputCount; $i++) {
+            $binaryString .= str_pad(base_convert((string) ord($input[$i]), 10, 2), 8, '0', STR_PAD_LEFT);
+        }
+
+        $fiveBitBinaryArray = str_split($binaryString, 5);
+        $base32 = '';
+        $i = 0;
+        $fiveCount = count($fiveBitBinaryArray);
+
+        while ($i < $fiveCount) {
+            $base32 .= self::MAP[base_convert(str_pad($fiveBitBinaryArray[$i], 5, '0'), 2, 10)];
+            $i++;
+        }
+
+        $x = strlen($binaryString) % 40;
+        if ($padding && $x !== 0) {
+            if ($x === 8) {
+                return $base32 . str_repeat(self::MAP[32], 6);
+            }
+            if ($x === 16) {
+                return $base32 . str_repeat(self::MAP[32], 4);
+            }
+            if ($x === 24) {
+                return $base32 . str_repeat(self::MAP[32], 3);
+            }
+            if ($x === 32) {
+                return $base32 . self::MAP[32];
+            }
+        }
+
+        return $base32;
+    }
+
     /**
      * Decodes data encoded with base32.
      * @throws InvalidArgumentException
diff --git a/src/NKeys/CRC16.php b/src/NKeys/CRC16.php
new file mode 100644
index 0000000..b86c4dc
--- /dev/null
+++ b/src/NKeys/CRC16.php
@@ -0,0 +1,57 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Basis\Nats\NKeys;
+
+class CRC16
+{
+    private const CRC16MAP = [
+        0x0000, 0x1021, 0x2042, 0x3063, 0x4084, 0x50a5, 0x60c6, 0x70e7,
+        0x8108, 0x9129, 0xa14a, 0xb16b, 0xc18c, 0xd1ad, 0xe1ce, 0xf1ef,
+        0x1231, 0x0210, 0x3273, 0x2252, 0x52b5, 0x4294, 0x72f7, 0x62d6,
+        0x9339, 0x8318, 0xb37b, 0xa35a, 0xd3bd, 0xc39c, 0xf3ff, 0xe3de,
+        0x2462, 0x3443, 0x0420, 0x1401, 0x64e6, 0x74c7, 0x44a4, 0x5485,
+        0xa56a, 0xb54b, 0x8528, 0x9509, 0xe5ee, 0xf5cf, 0xc5ac, 0xd58d,
+        0x3653, 0x2672, 0x1611, 0x0630, 0x76d7, 0x66f6, 0x5695, 0x46b4,
+        0xb75b, 0xa77a, 0x9719, 0x8738, 0xf7df, 0xe7fe, 0xd79d, 0xc7bc,
+        0x48c4, 0x58e5, 0x6886, 0x78a7, 0x0840, 0x1861, 0x2802, 0x3823,
+        0xc9cc, 0xd9ed, 0xe98e, 0xf9af, 0x8948, 0x9969, 0xa90a, 0xb92b,
+        0x5af5, 0x4ad4, 0x7ab7, 0x6a96, 0x1a71, 0x0a50, 0x3a33, 0x2a12,
+        0xdbfd, 0xcbdc, 0xfbbf, 0xeb9e, 0x9b79, 0x8b58, 0xbb3b, 0xab1a,
+        0x6ca6, 0x7c87, 0x4ce4, 0x5cc5, 0x2c22, 0x3c03, 0x0c60, 0x1c41,
+        0xedae, 0xfd8f, 0xcdec, 0xddcd, 0xad2a, 0xbd0b, 0x8d68, 0x9d49,
+        0x7e97, 0x6eb6, 0x5ed5, 0x4ef4, 0x3e13, 0x2e32, 0x1e51, 0x0e70,
+        0xff9f, 0xefbe, 0xdfdd, 0xcffc, 0xbf1b, 0xaf3a, 0x9f59, 0x8f78,
+        0x9188, 0x81a9, 0xb1ca, 0xa1eb, 0xd10c, 0xc12d, 0xf14e, 0xe16f,
+        0x1080, 0x00a1, 0x30c2, 0x20e3, 0x5004, 0x4025, 0x7046, 0x6067,
+        0x83b9, 0x9398, 0xa3fb, 0xb3da, 0xc33d, 0xd31c, 0xe37f, 0xf35e,
+        0x02b1, 0x1290, 0x22f3, 0x32d2, 0x4235, 0x5214, 0x6277, 0x7256,
+        0xb5ea, 0xa5cb, 0x95a8, 0x8589, 0xf56e, 0xe54f, 0xd52c, 0xc50d,
+        0x34e2, 0x24c3, 0x14a0, 0x0481, 0x7466, 0x6447, 0x5424, 0x4405,
+        0xa7db, 0xb7fa, 0x8799, 0x97b8, 0xe75f, 0xf77e, 0xc71d, 0xd73c,
+        0x26d3, 0x36f2, 0x0691, 0x16b0, 0x6657, 0x7676, 0x4615, 0x5634,
+        0xd94c, 0xc96d, 0xf90e, 0xe92f, 0x99c8, 0x89e9, 0xb98a, 0xa9ab,
+        0x5844, 0x4865, 0x7806, 0x6827, 0x18c0, 0x08e1, 0x3882, 0x28a3,
+        0xcb7d, 0xdb5c, 0xeb3f, 0xfb1e, 0x8bf9, 0x9bd8, 0xabbb, 0xbb9a,
+        0x4a75, 0x5a54, 0x6a37, 0x7a16, 0x0af1, 0x1ad0, 0x2ab3, 0x3a92,
+        0xfd2e, 0xed0f, 0xdd6c, 0xcd4d, 0xbdaa, 0xad8b, 0x9de8, 0x8dc9,
+        0x7c26, 0x6c07, 0x5c64, 0x4c45, 0x3ca2, 0x2c83, 0x1ce0, 0x0cc1,
+        0xef1f, 0xff3e, 0xcf5d, 0xdf7c, 0xaf9b, 0xbfba, 0x8fd9, 0x9ff8,
+        0x6e17, 0x7e36, 0x4e55, 0x5e74, 0x2e93, 0x3eb2, 0x0ed1, 0x1ef0,
+    ];
+
+    /**
+     * CRC16
+     *
+     * @param $byteArray array of bytes from unpack('C*', ...)
+     */
+    public static function hash(array $byteArray): int
+    {
+        $crc = 0;
+        foreach ($byteArray as $c) {
+            $crc = (($crc << 8) & 0xffff) ^ static::CRC16MAP[(($crc >> 8) ^ $c) & 0x00FF];
+        }
+        return $crc;
+    }
+}
diff --git a/src/NKeys/SecretKey.php b/src/NKeys/SecretKey.php
index 2997963..f4f7ab8 100644
--- a/src/NKeys/SecretKey.php
+++ b/src/NKeys/SecretKey.php
@@ -16,16 +16,40 @@ class SecretKey
     private const PREFIX_BYTE_ACCOUNT  = 0;
     private const PREFIX_BYTE_USER     = 20 << 3;
 
-    public function __construct(public readonly string $value)
-    {
+    private ?string $publicKey = null;
+
+    public function __construct(
+        public readonly string $value,
+        private readonly string $verifyingKey,
+        private readonly int $prefix
+    ) {
         if (strlen($this->value) !== SODIUM_CRYPTO_SIGN_SECRETKEYBYTES) {
             throw new InvalidArgumentException("Invalid secret key provided");
         }
+        if (strlen($this->verifyingKey) !== SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES) {
+            throw new InvalidArgumentException("Invalid verifying key provided");
+        }
+        self::validatePrefix($this->prefix);
+    }
+
+    private static function validatePrefix(int $prefix): void
+    {
+        if (
+            !in_array($prefix, [
+                self::PREFIX_BYTE_SERVER,
+                self::PREFIX_BYTE_CLUSTER,
+                self::PREFIX_BYTE_OPERATOR,
+                self::PREFIX_BYTE_ACCOUNT,
+                self::PREFIX_BYTE_USER,
+            ])
+        ) {
+            throw new InvalidArgumentException("Invalid seed prefix");
+        }
     }
 
     public static function fromSeed(string $seed): self
     {
-        $decoded = (new Base32Decoder())->decode($seed);
+        $decoded = (new Base32())->decode($seed);
 
         // Validate seed
         $b1 = ord($decoded[0]) & 0xf8;
@@ -33,15 +57,8 @@ public static function fromSeed(string $seed): self
 
         if ($b1 !== self::PREFIX_BYTE_SEED) {
             throw new InvalidArgumentException("Invalid seed");
-        } elseif (!in_array($b2, [
-            self::PREFIX_BYTE_SERVER,
-            self::PREFIX_BYTE_CLUSTER,
-            self::PREFIX_BYTE_OPERATOR,
-            self::PREFIX_BYTE_ACCOUNT,
-            self::PREFIX_BYTE_USER,
-        ])) {
-            throw new InvalidArgumentException("Invalid seed prefix");
         }
+        self::validatePrefix($b2);
 
         // Deterministically derive the key pair from a single key
         $rawSeed = substr($decoded, 2, -2);
@@ -50,6 +67,36 @@ public static function fromSeed(string $seed): self
         // Extract the Ed25519 secret key from a keypair
         $secretKey = sodium_crypto_sign_secretkey($keyPair);
 
-        return new self($secretKey);
+        // Extract the Ed25519 public key from a keypair
+        $verifyingKey = sodium_crypto_sign_publickey($keyPair);
+
+        return new self($secretKey, $verifyingKey, $b2);
+    }
+
+    public function getPublicKey(): string
+    {
+        if ($this->publicKey !== null) {
+            return $this->publicKey;
+        }
+        // Bytearray with Ed25519 public key
+        $verifyingKeyBytes = unpack('C*', $this->verifyingKey);
+
+        // Prepending prefix byte
+        array_unshift($verifyingKeyBytes, $this->prefix);
+
+        // Calculating CRC16
+        $crc = CRC16::hash($verifyingKeyBytes);
+        // CRC16 int to bytes in little endian unsigned short
+        $crcBytesLE = unpack('C*', pack('v', $crc));
+
+        // Appending CRC16 LE to our bytearray
+        $verifyingKeyBytes = array_merge($verifyingKeyBytes, $crcBytesLE);
+
+        // Converting bytearray back to string
+        $publicKeyString = call_user_func_array("pack", array_merge(["C*"], $verifyingKeyBytes));
+
+        // Hashing public key as base32
+        $this->publicKey = (new Base32())->encode($publicKeyString);
+        return $this->publicKey;
     }
 }
diff --git a/tests/Unit/NKeys/AuthenticatorTest.php b/tests/Unit/NKeys/AuthenticatorTest.php
index e0a48f5..be68ffe 100644
--- a/tests/Unit/NKeys/AuthenticatorTest.php
+++ b/tests/Unit/NKeys/AuthenticatorTest.php
@@ -13,7 +13,9 @@ class AuthenticatorTest extends TestCase
     public function testSign()
     {
         $key = new SecretKey(
-            hex2bin("05de91c9b25408111262d7f4aa769b6d0c83e796d18cc9e1ecd16cdaf573d0876dbdcb0a7b213d6c04f55b6436afaf224ee52fba6cc9ba4da573b13ba8102012")
+            hex2bin("05de91c9b25408111262d7f4aa769b6d0c83e796d18cc9e1ecd16cdaf573d0876dbdcb0a7b213d6c04f55b6436afaf224ee52fba6cc9ba4da573b13ba8102012"),
+            hex2bin("6dbdcb0a7b213d6c04f55b6436afaf224ee52fba6cc9ba4da573b13ba8102012"),
+            20 << 3
         );
         $authenticator = new Authenticator($key);
 
@@ -24,4 +26,19 @@ public function testSign()
 
         $this->assertEquals($expected, $result);
     }
+
+    public function testPublicKey()
+    {
+        $key = new SecretKey(
+            hex2bin("05de91c9b25408111262d7f4aa769b6d0c83e796d18cc9e1ecd16cdaf573d0876dbdcb0a7b213d6c04f55b6436afaf224ee52fba6cc9ba4da573b13ba8102012"),
+            hex2bin("6dbdcb0a7b213d6c04f55b6436afaf224ee52fba6cc9ba4da573b13ba8102012"),
+            20 << 3
+        );
+        $authenticator = new Authenticator($key);
+
+        $result = $authenticator->getPublicKey();
+        $expected = "UBW33SYKPMQT23AE6VNWINVPV4RE5ZJPXJWMTOSNUVZ3CO5ICAQBEIPK";
+
+        $this->assertEquals($expected, $result);
+    }
 }
diff --git a/tests/Unit/NKeys/Base32DecoderTest.php b/tests/Unit/NKeys/Base32Test.php
similarity index 56%
rename from tests/Unit/NKeys/Base32DecoderTest.php
rename to tests/Unit/NKeys/Base32Test.php
index 1380ecb..a3cf621 100644
--- a/tests/Unit/NKeys/Base32DecoderTest.php
+++ b/tests/Unit/NKeys/Base32Test.php
@@ -4,33 +4,57 @@
 
 namespace Tests\Unit\NKeys;
 
-use Basis\Nats\NKeys\Base32Decoder;
+use Basis\Nats\NKeys\Base32;
 use InvalidArgumentException;
 use Tests\TestCase;
 
-class Base32DecoderTest extends TestCase
+class Base32Test extends TestCase
 {
     /**
      * @dataProvider dataProvider
      */
     public function testDecode(string $input, string $expected)
     {
-        $decoder = new Base32Decoder();
+        $base32 = new Base32();
 
-        $result = $decoder->decode($input);
+        $result = $base32->decode($input);
 
         $this->assertEquals($expected, bin2hex($result));
     }
 
+    /**
+     * @dataProvider dataProvider
+     */
+    public function testEncode(string $expected, string $input)
+    {
+        $base32 = new Base32();
+
+        $result = $base32->encode(hex2bin($input), false);
+
+        $this->assertEquals($expected, $result);
+    }
+
+    /**
+     * @dataProvider dataProvider
+     */
+    public function testEncodePadding(string $expected, string $input)
+    {
+        $base32 = new Base32();
+
+        $result = $base32->encode(hex2bin($input));
+
+        $this->assertEquals($expected . '======', $result);
+    }
+
     /**
      * @dataProvider invalidInputProvider
      */
     public function testDecodeInvalid($input)
     {
-        $decoder = new Base32Decoder();
+        $base32 = new Base32();
 
         $this->expectException(InvalidArgumentException::class);
-        $decoder->decode($input);
+        $base32->decode($input);
     }
 
     public function invalidInputProvider(): array
@@ -44,9 +68,9 @@ public function invalidInputProvider(): array
 
     public function testDecodeEmpty()
     {
-        $decoder = new Base32Decoder();
+        $base32 = new Base32();
 
-        $this->assertEquals("", $decoder->decode(""));
+        $this->assertEquals("", $base32->decode(""));
     }
 
     public function dataProvider(): array
diff --git a/tests/Unit/NKeys/CRC16Test.php b/tests/Unit/NKeys/CRC16Test.php
new file mode 100644
index 0000000..78f0d7a
--- /dev/null
+++ b/tests/Unit/NKeys/CRC16Test.php
@@ -0,0 +1,29 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tests\Unit\NKeys;
+
+use Basis\Nats\NKeys\CRC16;
+use Tests\TestCase;
+
+class CRC16Test extends TestCase
+{
+    /**
+     * @dataProvider dataProvider
+     */
+    public function testHash(array $input, int $expected)
+    {
+        $result = CRC16::hash($input);
+
+        $this->assertEquals($expected, $result);
+    }
+
+    public function dataProvider(): array
+    {
+        return [
+            [unpack('C*', hex2bin("6dbdcb0a7b213d6c04f55b6436afaf224ee52fba6cc9ba4da573b13ba8102012")), 38323],
+            [unpack('C*', hex2bin("2bf5af21cc4d2f04b821e0773ca032e50134d4dc628e5e260c105db958a3ab97")), 49357],
+        ];
+    }
+}
diff --git a/tests/Unit/NKeys/SecretKeyTest.php b/tests/Unit/NKeys/SecretKeyTest.php
index 4908a9e..8c902b9 100644
--- a/tests/Unit/NKeys/SecretKeyTest.php
+++ b/tests/Unit/NKeys/SecretKeyTest.php
@@ -10,10 +10,29 @@
 
 class SecretKeyTest extends TestCase
 {
-    public function testConstructionWithInvalidArgument()
+    private static $VALID_SECRET_KEY_HEX = "05de91c9b25408111262d7f4aa769b6d0c83e796d18cc9e1ecd16cdaf573d0876dbdcb0a7b213d6c04f55b6436afaf224ee52fba6cc9ba4da573b13ba8102012";
+    private static $VALID_VERIFYING_KEY_HEX = "6dbdcb0a7b213d6c04f55b6436afaf224ee52fba6cc9ba4da573b13ba8102012";
+    private static $VALID_PUBLIC_KEY = "UBW33SYKPMQT23AE6VNWINVPV4RE5ZJPXJWMTOSNUVZ3CO5ICAQBEIPK";
+
+    public function testConstructionWithInvalidPrivateKeyArgument()
+    {
+        $this->expectException(InvalidArgumentException::class);
+        $this->expectExceptionMessage("Invalid secret key provided");
+        new SecretKey("", "", 0);
+    }
+
+    public function testConstructionWithInvalidVerifyingKeyArgument()
     {
         $this->expectException(InvalidArgumentException::class);
-        new SecretKey("");
+        $this->expectExceptionMessage("Invalid verifying key provided");
+        new SecretKey(hex2bin(self::$VALID_SECRET_KEY_HEX), "", 0);
+    }
+
+    public function testConstructionWithInvalidPrefixArgument()
+    {
+        $this->expectException(InvalidArgumentException::class);
+        $this->expectExceptionMessage("Invalid seed prefix");
+        new SecretKey(hex2bin(self::$VALID_SECRET_KEY_HEX), hex2bin(self::$VALID_VERIFYING_KEY_HEX), 42);
     }
 
     /**
@@ -38,8 +57,7 @@ public function testFromSeed()
         $seed = "SUAALXURZGZFICARCJRNP5FKO2NW2DED46LNDDGJ4HWNC3G26VZ5BBZAME";
         $key = SecretKey::fromSeed($seed);
 
-        $expectedSecretKey = "05de91c9b25408111262d7f4aa769b6d0c83e796d18cc9e1ecd16cdaf573d0876dbdcb0a7b213d6c04f55b6436afaf224ee52fba6cc9ba4da573b13ba8102012";
-
-        $this->assertEquals($expectedSecretKey, bin2hex($key->value));
+        $this->assertEquals(self::$VALID_SECRET_KEY_HEX, bin2hex($key->value));
+        $this->assertEquals(self::$VALID_PUBLIC_KEY, $key->getPublicKey());
     }
 }