storj/pkg/auth/signature.go

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.

package auth

import (
	"crypto/ecdsa"

	"github.com/gtank/cryptopasta"

	"storj.io/storj/pkg/identity"
	"storj.io/storj/pkg/pb"
	"storj.io/storj/pkg/peertls"
)

// GenerateSignature creates signature from identity id
func GenerateSignature(data []byte, identity *identity.FullIdentity) ([]byte, error) {
	if len(data) == 0 {
		return nil, nil
	}

	k, ok := identity.Key.(*ecdsa.PrivateKey)
	if !ok {
		return nil, peertls.ErrUnsupportedKey.New("%T", identity.Key)
	}
	signature, err := cryptopasta.Sign(data, k)
	if err != nil {
		return nil, err
	}
	return signature, nil
}

// NewSignedMessage creates instance of signed message
func NewSignedMessage(signature []byte, identity *identity.FullIdentity) (*pb.SignedMessage, error) {
	k, ok := identity.Leaf.PublicKey.(*ecdsa.PublicKey)
	if !ok {
		return nil, peertls.ErrUnsupportedKey.New("%T", identity.Leaf.PublicKey)
	}

	encodedKey, err := cryptopasta.EncodePublicKey(k)
	if err != nil {
		return nil, err
	}
	return &pb.SignedMessage{
		Data:      identity.ID.Bytes(),
		Signature: signature,
		PublicKey: encodedKey,
	}, nil
}

// SignedMessageVerifier checks if provided signed message can be verified
type SignedMessageVerifier func(signature *pb.SignedMessage) error

// NewSignedMessageVerifier creates default implementation of SignedMessageVerifier
func NewSignedMessageVerifier() SignedMessageVerifier {
	return func(signedMessage *pb.SignedMessage) error {
		if signedMessage == nil {
			return Error.New("no message to verify")
		}
		if signedMessage.Signature == nil {
			return Error.New("missing signature for verification")
		}
		if signedMessage.Data == nil {
			return Error.New("missing data for verification")
		}
		if signedMessage.PublicKey == nil {
			return Error.New("missing public key for verification")
		}

		k, err := cryptopasta.DecodePublicKey(signedMessage.GetPublicKey())
		if err != nil {
			return Error.Wrap(err)
		}
		if ok := cryptopasta.Verify(signedMessage.GetData(), signedMessage.GetSignature(), k); !ok {
			return Error.New("failed to verify message")
		}
		return nil
	}
}
updates copyright 2018 to 2019 (#1133) 2019-01-24 20:15:10 +00:00			`// Copyright (C) 2019 Storj Labs, Inc.`
Satellite signature generation (#453) * Satellite signature generation * Add unit test * remove unused var * remove base64 encoding from signature generation 2018-10-11 15:35:55 +01:00			`// See LICENSE for copying information.`

			`package auth`

			`import (`
			`"crypto/ecdsa"`

			`"github.com/gtank/cryptopasta"`

Delete provider package (#1177) 2019-01-30 20:47:21 +00:00			`"storj.io/storj/pkg/identity"`
Satellite signature generation (#453) * Satellite signature generation * Add unit test * remove unused var * remove base64 encoding from signature generation 2018-10-11 15:35:55 +01:00			`"storj.io/storj/pkg/pb"`
			`"storj.io/storj/pkg/peertls"`
			`)`

			`// GenerateSignature creates signature from identity id`
Delete provider package (#1177) 2019-01-30 20:47:21 +00:00			`func GenerateSignature(data []byte, identity *identity.FullIdentity) ([]byte, error) {`
Send bandwidth alloc from satellite to storage node (#538) * Send bandwidth alloc from satellite to storage node * Remove unecessary nil checks * set Renter field * fix tests * goimports * Update README.md * Update README.md * Update README.md * Update README.md (#550) * Skip flaky TestPing (#552) 2018-10-30 16:24:46 +00:00			`if len(data) == 0 {`
Satellite signature generation (#453) * Satellite signature generation * Add unit test * remove unused var * remove base64 encoding from signature generation 2018-10-11 15:35:55 +01:00			`return nil, nil`
			`}`

			`k, ok := identity.Key.(*ecdsa.PrivateKey)`
			`if !ok {`
			`return nil, peertls.ErrUnsupportedKey.New("%T", identity.Key)`
			`}`
Send bandwidth alloc from satellite to storage node (#538) * Send bandwidth alloc from satellite to storage node * Remove unecessary nil checks * set Renter field * fix tests * goimports * Update README.md * Update README.md * Update README.md * Update README.md (#550) * Skip flaky TestPing (#552) 2018-10-30 16:24:46 +00:00			`signature, err := cryptopasta.Sign(data, k)`
Satellite signature generation (#453) * Satellite signature generation * Add unit test * remove unused var * remove base64 encoding from signature generation 2018-10-11 15:35:55 +01:00			`if err != nil {`
			`return nil, err`
			`}`
			`return signature, nil`
			`}`

Satellite verification on storage node (#469) * Satellite verification on storage node * fix formatting * fix formatting * rename SignatureAuth to SignedMessage * fixes after review * fix linter errors * improve errors handling * remove SignedMessageProvider * fix liter errors * params changed to authorization, signed message in audit, minor fixes * fix formatting 2018-10-17 12:40:11 +01:00			`// NewSignedMessage creates instance of signed message`
Delete provider package (#1177) 2019-01-30 20:47:21 +00:00			`func NewSignedMessage(signature []byte, identity identity.FullIdentity) (pb.SignedMessage, error) {`
Satellite signature generation (#453) * Satellite signature generation * Add unit test * remove unused var * remove base64 encoding from signature generation 2018-10-11 15:35:55 +01:00			`k, ok := identity.Leaf.PublicKey.(*ecdsa.PublicKey)`
			`if !ok {`
			`return nil, peertls.ErrUnsupportedKey.New("%T", identity.Leaf.PublicKey)`
			`}`

			`encodedKey, err := cryptopasta.EncodePublicKey(k)`
			`if err != nil {`
			`return nil, err`
			`}`
Satellite verification on storage node (#469) * Satellite verification on storage node * fix formatting * fix formatting * rename SignatureAuth to SignedMessage * fixes after review * fix linter errors * improve errors handling * remove SignedMessageProvider * fix liter errors * params changed to authorization, signed message in audit, minor fixes * fix formatting 2018-10-17 12:40:11 +01:00			`return &pb.SignedMessage{`
Satellite signature generation (#453) * Satellite signature generation * Add unit test * remove unused var * remove base64 encoding from signature generation 2018-10-11 15:35:55 +01:00			`Data: identity.ID.Bytes(),`
			`Signature: signature,`
			`PublicKey: encodedKey,`
			`}, nil`
			`}`
Satellite verification on storage node (#469) * Satellite verification on storage node * fix formatting * fix formatting * rename SignatureAuth to SignedMessage * fixes after review * fix linter errors * improve errors handling * remove SignedMessageProvider * fix liter errors * params changed to authorization, signed message in audit, minor fixes * fix formatting 2018-10-17 12:40:11 +01:00
			`// SignedMessageVerifier checks if provided signed message can be verified`
			`type SignedMessageVerifier func(signature *pb.SignedMessage) error`

			`// NewSignedMessageVerifier creates default implementation of SignedMessageVerifier`
			`func NewSignedMessageVerifier() SignedMessageVerifier {`
			`return func(signedMessage *pb.SignedMessage) error {`
			`if signedMessage == nil {`
			`return Error.New("no message to verify")`
			`}`
			`if signedMessage.Signature == nil {`
			`return Error.New("missing signature for verification")`
			`}`
			`if signedMessage.Data == nil {`
			`return Error.New("missing data for verification")`
			`}`
			`if signedMessage.PublicKey == nil {`
			`return Error.New("missing public key for verification")`
			`}`

			`k, err := cryptopasta.DecodePublicKey(signedMessage.GetPublicKey())`
			`if err != nil {`
			`return Error.Wrap(err)`
			`}`
			`if ok := cryptopasta.Verify(signedMessage.GetData(), signedMessage.GetSignature(), k); !ok {`
			`return Error.New("failed to verify message")`
			`}`
			`return nil`
			`}`
			`}`