storj/pkg/signing/verify.go

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.

package signing

import (
	"context"

	"storj.io/storj/pkg/pb"
	"storj.io/storj/pkg/storj"
)

// Signee is able to verify that the data signature belongs to the signee.
type Signee interface {
	ID() storj.NodeID
	HashAndVerifySignature(ctx context.Context, data, signature []byte) error
}

// VerifyOrderLimitSignature verifies that the signature inside order limit is valid and  belongs to the satellite.
func VerifyOrderLimitSignature(ctx context.Context, satellite Signee, signed *pb.OrderLimit) (err error) {
	defer mon.Task()(&ctx)(&err)
	bytes, err := EncodeOrderLimit(ctx, signed)
	if err != nil {
		return Error.Wrap(err)
	}

	return satellite.HashAndVerifySignature(ctx, bytes, signed.SatelliteSignature)
}

// VerifyOrderSignature verifies that the signature inside order is valid and belongs to the uplink.
func VerifyOrderSignature(ctx context.Context, uplink Signee, signed *pb.Order) (err error) {
	defer mon.Task()(&ctx)(&err)
	bytes, err := EncodeOrder(ctx, signed)
	if err != nil {
		return Error.Wrap(err)
	}

	return uplink.HashAndVerifySignature(ctx, bytes, signed.UplinkSignature)
}

// VerifyUplinkOrderSignature verifies that the signature inside order is valid and belongs to the uplink.
func VerifyUplinkOrderSignature(ctx context.Context, publicKey storj.PiecePublicKey, signed *pb.Order) (err error) {
	defer mon.Task()(&ctx)(&err)
	bytes, err := EncodeOrder(ctx, signed)
	if err != nil {
		return Error.Wrap(err)
	}

	return Error.Wrap(publicKey.Verify(bytes, signed.UplinkSignature))
}

// VerifyPieceHashSignature verifies that the signature inside piece hash is valid and belongs to the signer, which is either uplink or storage node.
func VerifyPieceHashSignature(ctx context.Context, signee Signee, signed *pb.PieceHash) (err error) {
	defer mon.Task()(&ctx)(&err)
	bytes, err := EncodePieceHash(ctx, signed)
	if err != nil {
		return Error.Wrap(err)
	}

	return signee.HashAndVerifySignature(ctx, bytes, signed.Signature)
}

// VerifyUplinkPieceHashSignature verifies that the signature inside piece hash is valid and belongs to the signer, which is either uplink or storage node.
func VerifyUplinkPieceHashSignature(ctx context.Context, publicKey storj.PiecePublicKey, signed *pb.PieceHash) (err error) {
	defer mon.Task()(&ctx)(&err)

	bytes, err := EncodePieceHash(ctx, signed)
	if err != nil {
		return Error.Wrap(err)
	}

	return Error.Wrap(publicKey.Verify(bytes, signed.Signature))
}

// VerifyVoucher verifies that the signature inside voucher is valid and belongs to the satellite
func VerifyVoucher(ctx context.Context, satellite Signee, signed *pb.Voucher) (err error) {
	defer mon.Task()(&ctx)(&err)
	bytes, err := EncodeVoucher(ctx, signed)
	if err != nil {
		return Error.Wrap(err)
	}

	return satellite.HashAndVerifySignature(ctx, bytes, signed.SatelliteSignature)
}

// VerifyStreamID verifies that the signature inside stream ID belongs to the satellite
func VerifyStreamID(ctx context.Context, satellite Signee, signed *pb.SatStreamID) (err error) {
	defer mon.Task()(&ctx)(&err)
	bytes, err := EncodeStreamID(ctx, signed)
	if err != nil {
		return Error.Wrap(err)
	}

	return satellite.HashAndVerifySignature(ctx, bytes, signed.SatelliteSignature)
}

// VerifySegmentID verifies that the signature inside segment ID belongs to the satellite
func VerifySegmentID(ctx context.Context, satellite Signee, signed *pb.SatSegmentID) (err error) {
	defer mon.Task()(&ctx)(&err)
	bytes, err := EncodeSegmentID(ctx, signed)
	if err != nil {
		return Error.Wrap(err)
	}

	return satellite.HashAndVerifySignature(ctx, bytes, signed.SatelliteSignature)
}
Storage node and upload/download protocol refactor (#1422) refactor storage node server refactor upload and download protocol 2019-03-18 10:55:06 +00:00			`// Copyright (C) 2019 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package signing`

			`import (`
pkg/*: add monkit task to missing places (#2109) 2019-06-04 12:36:27 +01:00			`"context"`

Storage node and upload/download protocol refactor (#1422) refactor storage node server refactor upload and download protocol 2019-03-18 10:55:06 +00:00			`"storj.io/storj/pkg/pb"`
			`"storj.io/storj/pkg/storj"`
			`)`

			`// Signee is able to verify that the data signature belongs to the signee.`
			`type Signee interface {`
			`ID() storj.NodeID`
pkg/auth: add monkit task to missing places (#2123) What: add monkit.Task to a bunch of functions that are missing it Why: this will significantly help our instrumentation, data collection, and tracing about what's going on in the network 2019-06-05 14:47:01 +01:00			`HashAndVerifySignature(ctx context.Context, data, signature []byte) error`
Storage node and upload/download protocol refactor (#1422) refactor storage node server refactor upload and download protocol 2019-03-18 10:55:06 +00:00			`}`

protocol: implement new piece signing and verification (#2525) 2019-07-11 21:51:40 +01:00			`// VerifyOrderLimitSignature verifies that the signature inside order limit is valid and belongs to the satellite.`
pkg/pb: rename Order2 to Order, OrderLimit2 to OrderLimit (#2406) 2019-07-01 16:54:11 +01:00			`func VerifyOrderLimitSignature(ctx context.Context, satellite Signee, signed *pb.OrderLimit) (err error) {`
pkg/*: add monkit task to missing places (#2109) 2019-06-04 12:36:27 +01:00			`defer mon.Task()(&ctx)(&err)`
pkg/auth: add monkit task to missing places (#2123) What: add monkit.Task to a bunch of functions that are missing it Why: this will significantly help our instrumentation, data collection, and tracing about what's going on in the network 2019-06-05 14:47:01 +01:00			`bytes, err := EncodeOrderLimit(ctx, signed)`
Storage node and upload/download protocol refactor (#1422) refactor storage node server refactor upload and download protocol 2019-03-18 10:55:06 +00:00			`if err != nil {`
			`return Error.Wrap(err)`
			`}`

pkg/auth: add monkit task to missing places (#2123) What: add monkit.Task to a bunch of functions that are missing it Why: this will significantly help our instrumentation, data collection, and tracing about what's going on in the network 2019-06-05 14:47:01 +01:00			`return satellite.HashAndVerifySignature(ctx, bytes, signed.SatelliteSignature)`
Storage node and upload/download protocol refactor (#1422) refactor storage node server refactor upload and download protocol 2019-03-18 10:55:06 +00:00			`}`

protocol: implement new piece signing and verification (#2525) 2019-07-11 21:51:40 +01:00			`// VerifyOrderSignature verifies that the signature inside order is valid and belongs to the uplink.`
pkg/pb: rename Order2 to Order, OrderLimit2 to OrderLimit (#2406) 2019-07-01 16:54:11 +01:00			`func VerifyOrderSignature(ctx context.Context, uplink Signee, signed *pb.Order) (err error) {`
pkg/*: add monkit task to missing places (#2109) 2019-06-04 12:36:27 +01:00			`defer mon.Task()(&ctx)(&err)`
pkg/auth: add monkit task to missing places (#2123) What: add monkit.Task to a bunch of functions that are missing it Why: this will significantly help our instrumentation, data collection, and tracing about what's going on in the network 2019-06-05 14:47:01 +01:00			`bytes, err := EncodeOrder(ctx, signed)`
Storage node and upload/download protocol refactor (#1422) refactor storage node server refactor upload and download protocol 2019-03-18 10:55:06 +00:00			`if err != nil {`
			`return Error.Wrap(err)`
			`}`

pkg/auth: add monkit task to missing places (#2123) What: add monkit.Task to a bunch of functions that are missing it Why: this will significantly help our instrumentation, data collection, and tracing about what's going on in the network 2019-06-05 14:47:01 +01:00			`return uplink.HashAndVerifySignature(ctx, bytes, signed.UplinkSignature)`
Storage node and upload/download protocol refactor (#1422) refactor storage node server refactor upload and download protocol 2019-03-18 10:55:06 +00:00			`}`

protocol: implement new piece signing and verification (#2525) 2019-07-11 21:51:40 +01:00			`// VerifyUplinkOrderSignature verifies that the signature inside order is valid and belongs to the uplink.`
			`func VerifyUplinkOrderSignature(ctx context.Context, publicKey storj.PiecePublicKey, signed *pb.Order) (err error) {`
			`defer mon.Task()(&ctx)(&err)`
			`bytes, err := EncodeOrder(ctx, signed)`
			`if err != nil {`
			`return Error.Wrap(err)`
			`}`

			`return Error.Wrap(publicKey.Verify(bytes, signed.UplinkSignature))`
			`}`

			`// VerifyPieceHashSignature verifies that the signature inside piece hash is valid and belongs to the signer, which is either uplink or storage node.`
pkg/auth: add monkit task to missing places (#2123) What: add monkit.Task to a bunch of functions that are missing it Why: this will significantly help our instrumentation, data collection, and tracing about what's going on in the network 2019-06-05 14:47:01 +01:00			`func VerifyPieceHashSignature(ctx context.Context, signee Signee, signed *pb.PieceHash) (err error) {`
pkg/*: add monkit task to missing places (#2109) 2019-06-04 12:36:27 +01:00			`defer mon.Task()(&ctx)(&err)`
pkg/auth: add monkit task to missing places (#2123) What: add monkit.Task to a bunch of functions that are missing it Why: this will significantly help our instrumentation, data collection, and tracing about what's going on in the network 2019-06-05 14:47:01 +01:00			`bytes, err := EncodePieceHash(ctx, signed)`
Storage node and upload/download protocol refactor (#1422) refactor storage node server refactor upload and download protocol 2019-03-18 10:55:06 +00:00			`if err != nil {`
			`return Error.Wrap(err)`
			`}`

pkg/auth: add monkit task to missing places (#2123) What: add monkit.Task to a bunch of functions that are missing it Why: this will significantly help our instrumentation, data collection, and tracing about what's going on in the network 2019-06-05 14:47:01 +01:00			`return signee.HashAndVerifySignature(ctx, bytes, signed.Signature)`
Storage node and upload/download protocol refactor (#1422) refactor storage node server refactor upload and download protocol 2019-03-18 10:55:06 +00:00			`}`
add storage node voucher request service (#2158) * add voucher service on storage node * config field tag syntax, go routines for requests * hook up voucher service in storagenode/peer.go * add voucher config to testplanet * add voucher config to testplanet * add voucher response status INVALID, ACCEPTED, REJECTED * add a test for vouchers service * handle no row from GetValid, test it * add trust pool to voucher service * use trusted list to get satellites * verify vouchers upon receipt * test VerifyVoucher 2019-06-21 23:48:52 +01:00
protocol: implement new piece signing and verification (#2525) 2019-07-11 21:51:40 +01:00			`// VerifyUplinkPieceHashSignature verifies that the signature inside piece hash is valid and belongs to the signer, which is either uplink or storage node.`
			`func VerifyUplinkPieceHashSignature(ctx context.Context, publicKey storj.PiecePublicKey, signed *pb.PieceHash) (err error) {`
			`defer mon.Task()(&ctx)(&err)`

			`bytes, err := EncodePieceHash(ctx, signed)`
			`if err != nil {`
			`return Error.Wrap(err)`
			`}`

			`return Error.Wrap(publicKey.Verify(bytes, signed.Signature))`
			`}`

			`// VerifyVoucher verifies that the signature inside voucher is valid and belongs to the satellite`
add storage node voucher request service (#2158) * add voucher service on storage node * config field tag syntax, go routines for requests * hook up voucher service in storagenode/peer.go * add voucher config to testplanet * add voucher config to testplanet * add voucher response status INVALID, ACCEPTED, REJECTED * add a test for vouchers service * handle no row from GetValid, test it * add trust pool to voucher service * use trusted list to get satellites * verify vouchers upon receipt * test VerifyVoucher 2019-06-21 23:48:52 +01:00			`func VerifyVoucher(ctx context.Context, satellite Signee, signed *pb.Voucher) (err error) {`
			`defer mon.Task()(&ctx)(&err)`
			`bytes, err := EncodeVoucher(ctx, signed)`
			`if err != nil {`
			`return Error.Wrap(err)`
			`}`

			`return satellite.HashAndVerifySignature(ctx, bytes, signed.SatelliteSignature)`
			`}`
Metainfo RPC objects methods (#2534) 2019-07-16 11:39:23 +01:00
			`// VerifyStreamID verifies that the signature inside stream ID belongs to the satellite`
			`func VerifyStreamID(ctx context.Context, satellite Signee, signed *pb.SatStreamID) (err error) {`
			`defer mon.Task()(&ctx)(&err)`
			`bytes, err := EncodeStreamID(ctx, signed)`
			`if err != nil {`
			`return Error.Wrap(err)`
			`}`

			`return satellite.HashAndVerifySignature(ctx, bytes, signed.SatelliteSignature)`
			`}`
Metainfo RPC segment methods (part 1) (#2567) 2019-07-22 15:45:18 +01:00
			`// VerifySegmentID verifies that the signature inside segment ID belongs to the satellite`
			`func VerifySegmentID(ctx context.Context, satellite Signee, signed *pb.SatSegmentID) (err error) {`
			`defer mon.Task()(&ctx)(&err)`
			`bytes, err := EncodeSegmentID(ctx, signed)`
			`if err != nil {`
			`return Error.Wrap(err)`
			`}`

			`return satellite.HashAndVerifySignature(ctx, bytes, signed.SatelliteSignature)`
			`}`