verify_file_signature() – Verifies the contents of a file against its ED25519 signature.

You appear to be a bot. Output may be restricted

Description

Verifies the contents of a file against its ED25519 signature.

Usage

$bool|WP_Error = verify_file_signature( $filename, $signatures, $filename_for_errors );

Parameters

$filename
( string ) required – The file to validate.
$signatures
( string|array ) required – A Signature provided for the file.
$filename_for_errors
( string|false ) optional – Optional. A friendly filename for errors.

Returns

bool|WP_Error True on success, false if verification not attempted, or WP_Error describing an error condition.

Source

File name: wordpress/wp-admin/includes/file.php


Lines:

1 to 100 of 149
function verify_file_signature( $filename, $signatures, $filename_for_errors = false ) {
  if ( ! $filename_for_errors ) {
    $filename_for_errors = wp_basename( $filename );
  }

  // Check we can process signatures.
  if ( ! function_exists( 'sodium_crypto_sign_verify_detached' ) || ! in_array( 'sha384', array_map( 'strtolower', hash_algos() ), true ) ) {
    return new WP_Error(
      'signature_verification_unsupported',
      sprintf(
        /* translators: %s: The filename of the package. */
        __( 'The authenticity of %s could not be verified as signature verification is unavailable on this system.' ),
        '<span class="code">' . esc_html( $filename_for_errors ) . '</span>'
      ),
      ( ! function_exists( 'sodium_crypto_sign_verify_detached' ) ? 'sodium_crypto_sign_verify_detached' : 'sha384' )
    );
  }

  // Check for a edge-case affecting PHP Maths abilities.
  if (
    ! extension_loaded( 'sodium' ) &&
    in_array( PHP_VERSION_ID, array( 70200, 70201, 70202 ), true ) &&
    extension_loaded( 'opcache' )
  ) {
    // Sodium_Compat isn't compatible with PHP 7.2.0~7.2.2 due to a bug in the PHP Opcache extension, bail early as it'll fail.
    // https://bugs.php.net/bug.php?id=75938
    return new WP_Error(
      'signature_verification_unsupported',
      sprintf(
        /* translators: %s: The filename of the package. */
        __( 'The authenticity of %s could not be verified as signature verification is unavailable on this system.' ),
        '<span class="code">' . esc_html( $filename_for_errors ) . '</span>'
      ),
      array(
        'php'    => phpversion(),
        'sodium' => defined( 'SODIUM_LIBRARY_VERSION' ) ? SODIUM_LIBRARY_VERSION : ( defined( 'ParagonIE_Sodium_Compat::VERSION_STRING' ) ? ParagonIE_Sodium_Compat::VERSION_STRING : false ),
      )
    );
  }

  // Verify runtime speed of Sodium_Compat is acceptable.
  if ( ! extension_loaded( 'sodium' ) && ! ParagonIE_Sodium_Compat::ParagonIE_Sodium_Compat::polyfill_is_fast() ) {
    $sodium_compat_is_fast = false;

    // Allow for an old version of Sodium_Compat being loaded before the bundled WordPress one.
    if ( method_exists( 'ParagonIE_Sodium_Compat', 'runtime_speed_test' ) ) {
      /*
			 * Run `ParagonIE_Sodium_Compat::runtime_speed_test()` in optimized integer mode,
			 * as that's what WordPress utilizes during signing verifications.
			 */
      // phpcs:disable WordPress.NamingConventions.ValidVariableName
      $old_fastMult                      = ParagonIE_Sodium_Compat::$fastMult;
      ParagonIE_Sodium_Compat::$fastMult = true;
      $sodium_compat_is_fast             = ParagonIE_Sodium_Compat::ParagonIE_Sodium_Compat::runtime_speed_test( 100, 10 );
      ParagonIE_Sodium_Compat::$fastMult = $old_fastMult;
      // phpcs:enable
    }

    // This cannot be performed in a reasonable amount of time.
    // https://github.com/paragonie/sodium_compat#help-sodium_compat-is-slow-how-can-i-make-it-fast
    if ( ! $sodium_compat_is_fast ) {
      return new WP_Error(
        'signature_verification_unsupported',
        sprintf(
          /* translators: %s: The filename of the package. */
          __( 'The authenticity of %s could not be verified as signature verification is unavailable on this system.' ),
          '<span class="code">' . esc_html( $filename_for_errors ) . '</span>'
        ),
        array(
          'php'                => phpversion(),
          'sodium'             => defined( 'SODIUM_LIBRARY_VERSION' ) ? SODIUM_LIBRARY_VERSION : ( defined( 'ParagonIE_Sodium_Compat::VERSION_STRING' ) ? ParagonIE_Sodium_Compat::VERSION_STRING : false ),
          'polyfill_is_fast'   => false,
          'max_execution_time' => ini_get( 'max_execution_time' ),
        )
      );
    }
  }

  if ( ! $signatures ) {
    return new WP_Error(
      'signature_verification_no_signature',
      sprintf(
        /* translators: %s: The filename of the package. */
        __( 'The authenticity of %s could not be verified as no signature was found.' ),
        '<span class="code">' . esc_html( $filename_for_errors ) . '</span>'
      ),
      array(
        'filename' => $filename_for_errors,
      )
    );
  }

  $trusted_keys = wp_trusted_keys();
  $file_hash    = hash_file( 'sha384', $filename, true );

  mbstring_binary_safe_encoding();

  $skipped_key       = 0;
  $skipped_signature = 0;

 View on GitHub View on Trac