storj/pkg/auth/signature.go

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.

package auth

import (
	"storj.io/storj/pkg/identity"
	"storj.io/storj/pkg/pb"
	"storj.io/storj/pkg/pkcrypto"
)

// GenerateSignature creates signature from identity id
func GenerateSignature(data []byte, identity *identity.FullIdentity) ([]byte, error) {
	return pkcrypto.HashAndSign(identity.Key, data)
}

// NewSignedMessage creates instance of signed message
func NewSignedMessage(signature []byte, identity *identity.FullIdentity) (*pb.SignedMessage, error) {
	encodedKey, err := pkcrypto.PublicKeyToPKIX(identity.Leaf.PublicKey)
	if err != nil {
		return nil, err
	}
	return &pb.SignedMessage{
		Data:      identity.ID.Bytes(),
		Signature: signature,
		PublicKey: encodedKey,
	}, nil
}

// SignedMessageVerifier checks if provided signed message can be verified
type SignedMessageVerifier func(signature *pb.SignedMessage) error

// NewSignedMessageVerifier creates default implementation of SignedMessageVerifier
func NewSignedMessageVerifier() SignedMessageVerifier {
	return func(signedMessage *pb.SignedMessage) error {
		if signedMessage == nil {
			return Error.New("no message to verify")
		}
		if signedMessage.Signature == nil {
			return Error.New("missing signature for verification")
		}
		if signedMessage.Data == nil {
			return Error.New("missing data for verification")
		}
		if signedMessage.PublicKey == nil {
			return Error.New("missing public key for verification")
		}

		k, err := pkcrypto.PublicKeyFromPKIX(signedMessage.GetPublicKey())
		if err != nil {
			return Error.Wrap(err)
		}
		return pkcrypto.HashAndVerifySignature(k, signedMessage.GetData(), signedMessage.GetSignature())
	}
}
updates copyright 2018 to 2019 (#1133) 2019-01-24 20:15:10 +00:00			`// Copyright (C) 2019 Storj Labs, Inc.`
Satellite signature generation (#453) * Satellite signature generation * Add unit test * remove unused var * remove base64 encoding from signature generation 2018-10-11 15:35:55 +01:00			`// See LICENSE for copying information.`

			`package auth`

			`import (`
Delete provider package (#1177) 2019-01-30 20:47:21 +00:00			`"storj.io/storj/pkg/identity"`
Satellite signature generation (#453) * Satellite signature generation * Add unit test * remove unused var * remove base64 encoding from signature generation 2018-10-11 15:35:55 +01:00			`"storj.io/storj/pkg/pb"`
regroup things related to public-key cryptography (#1241) 2019-02-07 09:04:29 +00:00			`"storj.io/storj/pkg/pkcrypto"`
Satellite signature generation (#453) * Satellite signature generation * Add unit test * remove unused var * remove base64 encoding from signature generation 2018-10-11 15:35:55 +01:00			`)`

			`// GenerateSignature creates signature from identity id`
Delete provider package (#1177) 2019-01-30 20:47:21 +00:00			`func GenerateSignature(data []byte, identity *identity.FullIdentity) ([]byte, error) {`
Unite all cryptographic signing and verifying (#1244) this change removes the cryptopasta dependency. a couple possible sources of problem with this change: * the encoding used for ECDSA signatures on SignedMessage has changed. the encoding employed by cryptopasta was workable, but not the same as the encoding used for such signatures in the rest of the world (most particularly, on ECDSA signatures in X.509 certificates). I think we'll be best served by using one ECDSA signature encoding from here on, but if we need to use the old encoding for backwards compatibility with existing nodes, that can be arranged. * since there's already a breaking change in SignedMessage, I changed it to send and receive public keys in raw PKIX format, instead of PEM. PEM just adds unhelpful overhead for this case. 2019-02-07 20:39:20 +00:00			`return pkcrypto.HashAndSign(identity.Key, data)`
Satellite signature generation (#453) * Satellite signature generation * Add unit test * remove unused var * remove base64 encoding from signature generation 2018-10-11 15:35:55 +01:00			`}`

Satellite verification on storage node (#469) * Satellite verification on storage node * fix formatting * fix formatting * rename SignatureAuth to SignedMessage * fixes after review * fix linter errors * improve errors handling * remove SignedMessageProvider * fix liter errors * params changed to authorization, signed message in audit, minor fixes * fix formatting 2018-10-17 12:40:11 +01:00			`// NewSignedMessage creates instance of signed message`
Delete provider package (#1177) 2019-01-30 20:47:21 +00:00			`func NewSignedMessage(signature []byte, identity identity.FullIdentity) (pb.SignedMessage, error) {`
Unite all cryptographic signing and verifying (#1244) this change removes the cryptopasta dependency. a couple possible sources of problem with this change: * the encoding used for ECDSA signatures on SignedMessage has changed. the encoding employed by cryptopasta was workable, but not the same as the encoding used for such signatures in the rest of the world (most particularly, on ECDSA signatures in X.509 certificates). I think we'll be best served by using one ECDSA signature encoding from here on, but if we need to use the old encoding for backwards compatibility with existing nodes, that can be arranged. * since there's already a breaking change in SignedMessage, I changed it to send and receive public keys in raw PKIX format, instead of PEM. PEM just adds unhelpful overhead for this case. 2019-02-07 20:39:20 +00:00			`encodedKey, err := pkcrypto.PublicKeyToPKIX(identity.Leaf.PublicKey)`
Satellite signature generation (#453) * Satellite signature generation * Add unit test * remove unused var * remove base64 encoding from signature generation 2018-10-11 15:35:55 +01:00			`if err != nil {`
			`return nil, err`
			`}`
Satellite verification on storage node (#469) * Satellite verification on storage node * fix formatting * fix formatting * rename SignatureAuth to SignedMessage * fixes after review * fix linter errors * improve errors handling * remove SignedMessageProvider * fix liter errors * params changed to authorization, signed message in audit, minor fixes * fix formatting 2018-10-17 12:40:11 +01:00			`return &pb.SignedMessage{`
Satellite signature generation (#453) * Satellite signature generation * Add unit test * remove unused var * remove base64 encoding from signature generation 2018-10-11 15:35:55 +01:00			`Data: identity.ID.Bytes(),`
			`Signature: signature,`
			`PublicKey: encodedKey,`
			`}, nil`
			`}`
Satellite verification on storage node (#469) * Satellite verification on storage node * fix formatting * fix formatting * rename SignatureAuth to SignedMessage * fixes after review * fix linter errors * improve errors handling * remove SignedMessageProvider * fix liter errors * params changed to authorization, signed message in audit, minor fixes * fix formatting 2018-10-17 12:40:11 +01:00
			`// SignedMessageVerifier checks if provided signed message can be verified`
			`type SignedMessageVerifier func(signature *pb.SignedMessage) error`

			`// NewSignedMessageVerifier creates default implementation of SignedMessageVerifier`
			`func NewSignedMessageVerifier() SignedMessageVerifier {`
			`return func(signedMessage *pb.SignedMessage) error {`
			`if signedMessage == nil {`
			`return Error.New("no message to verify")`
			`}`
			`if signedMessage.Signature == nil {`
			`return Error.New("missing signature for verification")`
			`}`
			`if signedMessage.Data == nil {`
			`return Error.New("missing data for verification")`
			`}`
			`if signedMessage.PublicKey == nil {`
			`return Error.New("missing public key for verification")`
			`}`

Unite all cryptographic signing and verifying (#1244) this change removes the cryptopasta dependency. a couple possible sources of problem with this change: * the encoding used for ECDSA signatures on SignedMessage has changed. the encoding employed by cryptopasta was workable, but not the same as the encoding used for such signatures in the rest of the world (most particularly, on ECDSA signatures in X.509 certificates). I think we'll be best served by using one ECDSA signature encoding from here on, but if we need to use the old encoding for backwards compatibility with existing nodes, that can be arranged. * since there's already a breaking change in SignedMessage, I changed it to send and receive public keys in raw PKIX format, instead of PEM. PEM just adds unhelpful overhead for this case. 2019-02-07 20:39:20 +00:00			`k, err := pkcrypto.PublicKeyFromPKIX(signedMessage.GetPublicKey())`
Satellite verification on storage node (#469) * Satellite verification on storage node * fix formatting * fix formatting * rename SignatureAuth to SignedMessage * fixes after review * fix linter errors * improve errors handling * remove SignedMessageProvider * fix liter errors * params changed to authorization, signed message in audit, minor fixes * fix formatting 2018-10-17 12:40:11 +01:00			`if err != nil {`
			`return Error.Wrap(err)`
			`}`
Unite all cryptographic signing and verifying (#1244) this change removes the cryptopasta dependency. a couple possible sources of problem with this change: * the encoding used for ECDSA signatures on SignedMessage has changed. the encoding employed by cryptopasta was workable, but not the same as the encoding used for such signatures in the rest of the world (most particularly, on ECDSA signatures in X.509 certificates). I think we'll be best served by using one ECDSA signature encoding from here on, but if we need to use the old encoding for backwards compatibility with existing nodes, that can be arranged. * since there's already a breaking change in SignedMessage, I changed it to send and receive public keys in raw PKIX format, instead of PEM. PEM just adds unhelpful overhead for this case. 2019-02-07 20:39:20 +00:00			`return pkcrypto.HashAndVerifySignature(k, signedMessage.GetData(), signedMessage.GetSignature())`
Satellite verification on storage node (#469) * Satellite verification on storage node * fix formatting * fix formatting * rename SignatureAuth to SignedMessage * fixes after review * fix linter errors * improve errors handling * remove SignedMessageProvider * fix liter errors * params changed to authorization, signed message in audit, minor fixes * fix formatting 2018-10-17 12:40:11 +01:00			`}`
			`}`