storj/pkg/auth/signedMessage.go

// Copyright (C) 2018 Storj Labs, Inc.
// See LICENSE for copying information.

package auth

import (
	"github.com/gogo/protobuf/proto"
	"github.com/zeebo/errs"

	"storj.io/storj/pkg/identity"
	"storj.io/storj/pkg/peertls"
	"storj.io/storj/pkg/pkcrypto"
	"storj.io/storj/pkg/storj"
)

var (
	//ErrSign indicates a failure during signing
	ErrSign = errs.Class("Failed to sign message")
	//ErrVerify indicates a failure during signature validation
	ErrVerify = errs.Class("Failed to validate message signature")
	//ErrSigLen indicates an invalid signature length
	ErrSigLen = errs.Class("Invalid signature length")
	//ErrSerial indicates an invalid serial number length
	ErrSerial = errs.Class("Invalid SerialNumber")
	//ErrExpired indicates the agreement is expired
	ErrExpired = errs.Class("Agreement is expired")
	//ErrSigner indicates a public key / node id mismatch
	ErrSigner = errs.Class("Message public key did not match expected signer")
	//ErrBadID indicates a public key / node id mismatch
	ErrBadID = errs.Class("Node ID did not match expected id")

	//ErrMarshal indicates a failure during serialization
	ErrMarshal = errs.Class("Could not marshal item to bytes")
	//ErrUnmarshal indicates a failure during deserialization
	ErrUnmarshal = errs.Class("Could not unmarshal bytes to item")
	//ErrMissing indicates missing or empty information
	ErrMissing = errs.Class("Required field is empty")
)

//SignableMessage is a protocol buffer with a certs and a signature
//Note that we assume proto.Message is a pointer receiver
type SignableMessage interface {
	proto.Message
	GetCerts() [][]byte
	GetSignature() []byte
	SetCerts([][]byte)
	SetSignature([]byte)
}

//SignMessage adds the crypto-related aspects of signed message
func SignMessage(msg SignableMessage, ID identity.FullIdentity) error {
	if msg == nil {
		return ErrMissing.New("message")
	}
	msg.SetSignature(nil)
	msg.SetCerts(nil)
	msgBytes, err := proto.Marshal(msg)
	if err != nil {
		return ErrMarshal.Wrap(err)
	}
	signature, err := pkcrypto.HashAndSign(ID.Key, msgBytes)
	if err != nil {
		return ErrSign.Wrap(err)
	}
	msg.SetSignature(signature)
	msg.SetCerts(ID.RawChain())
	return nil
}

//VerifyMsg checks the crypto-related aspects of signed message
func VerifyMsg(msg SignableMessage, signer storj.NodeID) error {
	//setup
	if msg == nil {
		return ErrMissing.New("message")
	} else if msg.GetSignature() == nil {
		return ErrMissing.New("message signature")
	} else if msg.GetCerts() == nil {
		return ErrMissing.New("message certificates")
	}
	signature := msg.GetSignature()
	certs := msg.GetCerts()
	msg.SetSignature(nil)
	msg.SetCerts(nil)
	msgBytes, err := proto.Marshal(msg)
	if err != nil {
		return ErrMarshal.Wrap(err)
	}
	//check certs
	if len(certs) < 2 {
		return ErrVerify.New("Expected at least leaf and CA public keys")
	}
	err = peertls.VerifyPeerFunc(peertls.VerifyPeerCertChains)(certs, nil)
	if err != nil {
		return ErrVerify.Wrap(err)
	}
	leaf, err := pkcrypto.CertFromDER(certs[peertls.LeafIndex])
	if err != nil {
		return err
	}
	ca, err := pkcrypto.CertFromDER(certs[peertls.CAIndex])
	if err != nil {
		return err
	}
	// verify signature
	if id, err := identity.NodeIDFromCert(ca); err != nil || id != signer {
		return ErrSigner.New("%+v vs %+v", id, signer)
	}
	if err := pkcrypto.HashAndVerifySignature(leaf.PublicKey, msgBytes, signature); err != nil {
		return ErrVerify.New("%+v", err)
	}
	//cleanup
	msg.SetSignature(signature)
	msg.SetCerts(certs)
	return nil
}
Make Bandwidth Agreements Secure / Trustable (#1117) * Added cert chains and nodeid verification to bandwidth agreement 2019-01-25 18:05:21 +00:00			`// Copyright (C) 2018 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package auth`

			`import (`
make bandwidth agreements sensible: without []byte's (#1152) removed []byte's from bandwidth agreement protocol buffers 2019-01-28 19:45:25 +00:00			`"github.com/gogo/protobuf/proto"`
Make Bandwidth Agreements Secure / Trustable (#1117) * Added cert chains and nodeid verification to bandwidth agreement 2019-01-25 18:05:21 +00:00			`"github.com/zeebo/errs"`

			`"storj.io/storj/pkg/identity"`
			`"storj.io/storj/pkg/peertls"`
Consolidate key/cert/signature encoding and decoding (#1243) 2019-02-07 18:40:28 +00:00			`"storj.io/storj/pkg/pkcrypto"`
Make Bandwidth Agreements Secure / Trustable (#1117) * Added cert chains and nodeid verification to bandwidth agreement 2019-01-25 18:05:21 +00:00			`"storj.io/storj/pkg/storj"`
			`)`

			`var (`
make bandwidth agreements sensible: without []byte's (#1152) removed []byte's from bandwidth agreement protocol buffers 2019-01-28 19:45:25 +00:00			`//ErrSign indicates a failure during signing`
			`ErrSign = errs.Class("Failed to sign message")`
			`//ErrVerify indicates a failure during signature validation`
			`ErrVerify = errs.Class("Failed to validate message signature")`
			`//ErrSigLen indicates an invalid signature length`
			`ErrSigLen = errs.Class("Invalid signature length")`
			`//ErrSerial indicates an invalid serial number length`
			`ErrSerial = errs.Class("Invalid SerialNumber")`
			`//ErrExpired indicates the agreement is expired`
			`ErrExpired = errs.Class("Agreement is expired")`
			`//ErrSigner indicates a public key / node id mismatch`
			`ErrSigner = errs.Class("Message public key did not match expected signer")`
			`//ErrBadID indicates a public key / node id mismatch`
			`ErrBadID = errs.Class("Node ID did not match expected id")`

			`//ErrMarshal indicates a failure during serialization`
			`ErrMarshal = errs.Class("Could not marshal item to bytes")`
			`//ErrUnmarshal indicates a failure during deserialization`
			`ErrUnmarshal = errs.Class("Could not unmarshal bytes to item")`
			`//ErrMissing indicates missing or empty information`
			`ErrMissing = errs.Class("Required field is empty")`
Make Bandwidth Agreements Secure / Trustable (#1117) * Added cert chains and nodeid verification to bandwidth agreement 2019-01-25 18:05:21 +00:00			`)`

make bandwidth agreements sensible: without []byte's (#1152) removed []byte's from bandwidth agreement protocol buffers 2019-01-28 19:45:25 +00:00			`//SignableMessage is a protocol buffer with a certs and a signature`
			`//Note that we assume proto.Message is a pointer receiver`
			`type SignableMessage interface {`
			`proto.Message`
			`GetCerts() [][]byte`
			`GetSignature() []byte`
			`SetCerts([][]byte)`
			`SetSignature([]byte)`
			`}`

			`//SignMessage adds the crypto-related aspects of signed message`
			`func SignMessage(msg SignableMessage, ID identity.FullIdentity) error {`
			`if msg == nil {`
			`return ErrMissing.New("message")`
			`}`
			`msg.SetSignature(nil)`
			`msg.SetCerts(nil)`
			`msgBytes, err := proto.Marshal(msg)`
			`if err != nil {`
			`return ErrMarshal.Wrap(err)`
			`}`
Unite all cryptographic signing and verifying (#1244) this change removes the cryptopasta dependency. a couple possible sources of problem with this change: * the encoding used for ECDSA signatures on SignedMessage has changed. the encoding employed by cryptopasta was workable, but not the same as the encoding used for such signatures in the rest of the world (most particularly, on ECDSA signatures in X.509 certificates). I think we'll be best served by using one ECDSA signature encoding from here on, but if we need to use the old encoding for backwards compatibility with existing nodes, that can be arranged. * since there's already a breaking change in SignedMessage, I changed it to send and receive public keys in raw PKIX format, instead of PEM. PEM just adds unhelpful overhead for this case. 2019-02-07 20:39:20 +00:00			`signature, err := pkcrypto.HashAndSign(ID.Key, msgBytes)`
make bandwidth agreements sensible: without []byte's (#1152) removed []byte's from bandwidth agreement protocol buffers 2019-01-28 19:45:25 +00:00			`if err != nil {`
			`return ErrSign.Wrap(err)`
			`}`
			`msg.SetSignature(signature)`
[V3-1320] fix empty node ID verification non-error (#1395) * small identity refactor: + Optimize? iterative cert chain methods to use array instead of slice + Add `ToChain` helper for converting 1d to 2d cert chain TODO: replace literal declarations with this + rename `ChainRaw/RestChainRaw` to `RawChain/RawRestChain` (adjective noun, instead of nound adjective) * add regression tests for V3-1320 * fix V3-1320 * separate `DialUnverifiedIDOption` from `DialOption` * separate `PingNode` and `DialNode` from `PingAddress` and `DialAddress` * update node ID while bootstrapping * goimports & fix comment * add test case 2019-03-04 20:03:33 +00:00			`msg.SetCerts(ID.RawChain())`
make bandwidth agreements sensible: without []byte's (#1152) removed []byte's from bandwidth agreement protocol buffers 2019-01-28 19:45:25 +00:00			`return nil`
			`}`

Make Bandwidth Agreements Secure / Trustable (#1117) * Added cert chains and nodeid verification to bandwidth agreement 2019-01-25 18:05:21 +00:00			`//VerifyMsg checks the crypto-related aspects of signed message`
make bandwidth agreements sensible: without []byte's (#1152) removed []byte's from bandwidth agreement protocol buffers 2019-01-28 19:45:25 +00:00			`func VerifyMsg(msg SignableMessage, signer storj.NodeID) error {`
			`//setup`
			`if msg == nil {`
			`return ErrMissing.New("message")`
			`} else if msg.GetSignature() == nil {`
			`return ErrMissing.New("message signature")`
			`} else if msg.GetCerts() == nil {`
			`return ErrMissing.New("message certificates")`
Make Bandwidth Agreements Secure / Trustable (#1117) * Added cert chains and nodeid verification to bandwidth agreement 2019-01-25 18:05:21 +00:00			`}`
make bandwidth agreements sensible: without []byte's (#1152) removed []byte's from bandwidth agreement protocol buffers 2019-01-28 19:45:25 +00:00			`signature := msg.GetSignature()`
			`certs := msg.GetCerts()`
			`msg.SetSignature(nil)`
			`msg.SetCerts(nil)`
			`msgBytes, err := proto.Marshal(msg)`
			`if err != nil {`
			`return ErrMarshal.Wrap(err)`
			`}`
			`//check certs`
Make Bandwidth Agreements Secure / Trustable (#1117) * Added cert chains and nodeid verification to bandwidth agreement 2019-01-25 18:05:21 +00:00			`if len(certs) < 2 {`
make bandwidth agreements sensible: without []byte's (#1152) removed []byte's from bandwidth agreement protocol buffers 2019-01-28 19:45:25 +00:00			`return ErrVerify.New("Expected at least leaf and CA public keys")`
Make Bandwidth Agreements Secure / Trustable (#1117) * Added cert chains and nodeid verification to bandwidth agreement 2019-01-25 18:05:21 +00:00			`}`
make bandwidth agreements sensible: without []byte's (#1152) removed []byte's from bandwidth agreement protocol buffers 2019-01-28 19:45:25 +00:00			`err = peertls.VerifyPeerFunc(peertls.VerifyPeerCertChains)(certs, nil)`
Make Bandwidth Agreements Secure / Trustable (#1117) * Added cert chains and nodeid verification to bandwidth agreement 2019-01-25 18:05:21 +00:00			`if err != nil {`
make bandwidth agreements sensible: without []byte's (#1152) removed []byte's from bandwidth agreement protocol buffers 2019-01-28 19:45:25 +00:00			`return ErrVerify.Wrap(err)`
Make Bandwidth Agreements Secure / Trustable (#1117) * Added cert chains and nodeid verification to bandwidth agreement 2019-01-25 18:05:21 +00:00			`}`
Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`leaf, err := pkcrypto.CertFromDER(certs[peertls.LeafIndex])`
Make Bandwidth Agreements Secure / Trustable (#1117) * Added cert chains and nodeid verification to bandwidth agreement 2019-01-25 18:05:21 +00:00			`if err != nil {`
			`return err`
			`}`
Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`ca, err := pkcrypto.CertFromDER(certs[peertls.CAIndex])`
Make Bandwidth Agreements Secure / Trustable (#1117) * Added cert chains and nodeid verification to bandwidth agreement 2019-01-25 18:05:21 +00:00			`if err != nil {`
			`return err`
			`}`
make bandwidth agreements sensible: without []byte's (#1152) removed []byte's from bandwidth agreement protocol buffers 2019-01-28 19:45:25 +00:00			`// verify signature`
Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`if id, err := identity.NodeIDFromCert(ca); err != nil \|\| id != signer {`
make bandwidth agreements sensible: without []byte's (#1152) removed []byte's from bandwidth agreement protocol buffers 2019-01-28 19:45:25 +00:00			`return ErrSigner.New("%+v vs %+v", id, signer)`
Make Bandwidth Agreements Secure / Trustable (#1117) * Added cert chains and nodeid verification to bandwidth agreement 2019-01-25 18:05:21 +00:00			`}`
Unite all cryptographic signing and verifying (#1244) this change removes the cryptopasta dependency. a couple possible sources of problem with this change: * the encoding used for ECDSA signatures on SignedMessage has changed. the encoding employed by cryptopasta was workable, but not the same as the encoding used for such signatures in the rest of the world (most particularly, on ECDSA signatures in X.509 certificates). I think we'll be best served by using one ECDSA signature encoding from here on, but if we need to use the old encoding for backwards compatibility with existing nodes, that can be arranged. * since there's already a breaking change in SignedMessage, I changed it to send and receive public keys in raw PKIX format, instead of PEM. PEM just adds unhelpful overhead for this case. 2019-02-07 20:39:20 +00:00			`if err := pkcrypto.HashAndVerifySignature(leaf.PublicKey, msgBytes, signature); err != nil {`
			`return ErrVerify.New("%+v", err)`
Make Bandwidth Agreements Secure / Trustable (#1117) * Added cert chains and nodeid verification to bandwidth agreement 2019-01-25 18:05:21 +00:00			`}`
make bandwidth agreements sensible: without []byte's (#1152) removed []byte's from bandwidth agreement protocol buffers 2019-01-28 19:45:25 +00:00			`//cleanup`
			`msg.SetSignature(signature)`
			`msg.SetCerts(certs)`
Make Bandwidth Agreements Secure / Trustable (#1117) * Added cert chains and nodeid verification to bandwidth agreement 2019-01-25 18:05:21 +00:00			`return nil`
			`}`