JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
78dc02b758
storj/pkg/bwagreement/server.go
Egon Elbre 78dc02b758 Satellite Peer (#1034) 
* add satellite peer

* Add overlay

* reorganize kademlia

* add RunRefresh

* add refresh to storagenode.Peer

* add discovery

* add agreements and metainfo

* rename

* add datarepair checker

* add repair

* add todo notes for audit

* add testing interface

* add into testplanet

* fixes

* fix compilation errors

* fix compilation errors

* make testplanet run

* remove audit refrences

* ensure that audit tests run

* dev

* checker tests compilable

* fix discovery

* fix compilation

* fix

* fix

* dev

* fix

* disable auth

* fixes

* revert go.mod/sum

* fix linter errors

* fix

* fix copyright

* Add address param for SN dashboard (#1076)

* Rename storj-sdk to storj-sim (#1078)

* Storagenode logs and config improvements  (#1075)

* Add more info to SN logs

* remove config-dir from user config

* add output where config was stored

* add message for successful connection

* fix linter

* remove storage.path from user config

* resolve config path

* move success  message to info

* log improvements

* Remove captplanet (#1070)

* pkg/server: include production cert (#1082)

Change-Id: Ie8e6fe78550be83c3bd797db7a1e58d37c684792

* Generate Payments Report (#1079)

* memory.Size: autoformat sizes based on value entropy (#1081)

* Jj/bytes (#1085)

* run tally and rollup

* sets dev default tally and rollup intervals

* nonessential storj-sim edits (#1086)

* Closing context doesn't stop storage node (#1084)

* Print when cancelled

* Close properly

* Don't log nil

* Don't print error when closing dashboard

* Fix panic in inspector if ping fails (#1088)

* Consolidate identity management to identity cli commands (#1083)

* Consolidate identity management:

Move identity cretaion/signing out of storagenode setup command.

* fixes

* linters

* Consolidate identity management:

Move identity cretaion/signing out of storagenode setup command.

* fixes

* sava backups before saving signed certs

* add "-prebuilt-test-cmds" test flag

* linters

* prepare cli tests for travis

* linter fixes

* more fixes

* linter gods

* sp/sdk/sim

* remove ca.difficulty

* remove unused difficulty

* return setup to its rightful place

* wip travis

* Revert "wip travis"

This reverts commit 56834849dcf066d3cc0a4f139033fc3f6d7188ca.

* typo in travis.yaml

* remove tests

* remove more

* make it only create one identity at a time for consistency

* add config-dir for consitency

* add identity creation to storj-sim

* add flags

* simplify

* fix nolint and compile

* prevent overwrite and pass difficulty, concurrency, and parent creds

* goimports
2019-01-18 08:54:08 -05:00

173 lines
5.3 KiB
Go
Raw Blame History

// Copyright (C) 2018 Storj Labs, Inc.
// See LICENSE for copying information.
package bwagreement
import (
"context"
"crypto"
"crypto/ecdsa"
"crypto/x509"
"time"
"github.com/gogo/protobuf/proto"
"github.com/gtank/cryptopasta"
"go.uber.org/zap"
"storj.io/storj/pkg/pb"
"storj.io/storj/pkg/peertls"
)
// DB stores bandwidth agreements.
type DB interface {
// CreateAgreement adds a new bandwidth agreement.
CreateAgreement(context.Context, string, Agreement) error
// GetAgreements gets all bandwidth agreements.
GetAgreements(context.Context) ([]Agreement, error)
// GetAgreementsSince gets all bandwidth agreements since specific time.
GetAgreementsSince(context.Context, time.Time) ([]Agreement, error)
}
// Server is an implementation of the pb.BandwidthServer interface
type Server struct {
db DB
pkey crypto.PublicKey
logger *zap.Logger
}
// Agreement is a struct that contains a bandwidth agreement and the associated signature
type Agreement struct {
Agreement []byte
Signature []byte
CreatedAt time.Time
ExpiresAt time.Time
}
// NewServer creates instance of Server
func NewServer(db DB, logger *zap.Logger, pkey crypto.PublicKey) *Server {
// TODO: reorder arguments, rename logger -> log
return &Server{
db: db,
logger: logger,
pkey: pkey,
}
}
// Close closes resources
func (s *Server) Close() error { return nil }
// BandwidthAgreements receives and stores bandwidth agreements from storage nodes
func (s *Server) BandwidthAgreements(ctx context.Context, ba *pb.RenterBandwidthAllocation) (reply *pb.AgreementsSummary, err error) {
defer mon.Task()(&ctx)(&err)
s.logger.Debug("Received Agreement...")
reply = &pb.AgreementsSummary{
Status: pb.AgreementsSummary_REJECTED,
}
// storagenode signature is empty
if len(ba.GetSignature()) == 0 {
return reply, BwAgreementError.New("Invalid Storage Node Signature length in the RenterBandwidthAllocation")
}
rbad := &pb.RenterBandwidthAllocation_Data{}
if err = proto.Unmarshal(ba.GetData(), rbad); err != nil {
return reply, BwAgreementError.New("Failed to unmarshal RenterBandwidthAllocation: %+v", err)
}
pba := rbad.GetPayerAllocation()
pbad := &pb.PayerBandwidthAllocation_Data{}
if err := proto.Unmarshal(pba.GetData(), pbad); err != nil {
return reply, BwAgreementError.New("Failed to unmarshal PayerBandwidthAllocation: %+v", err)
}
// satellite signature is empty
if len(pba.GetSignature()) == 0 {
return reply, BwAgreementError.New("Invalid Satellite Signature length in the PayerBandwidthAllocation")
}
if len(pbad.SerialNumber) == 0 {
return reply, BwAgreementError.New("Invalid SerialNumber in the PayerBandwidthAllocation")
}
if err = s.verifySignature(ctx, ba); err != nil {
return reply, err
}
serialNum := pbad.GetSerialNumber() + rbad.StorageNodeId.String()
// get and check expiration
exp := time.Unix(pbad.GetExpirationUnixSec(), 0).UTC()
if exp.Before(time.Now().UTC()) {
return reply, BwAgreementError.New("Bandwidth agreement is expired (%v)", exp)
}
err = s.db.CreateAgreement(ctx, serialNum, Agreement{
Signature: ba.GetSignature(),
Agreement: ba.GetData(),
ExpiresAt: exp,
})
if err != nil {
//todo: better classify transport errors (AgreementsSummary_FAIL) vs logical (AgreementsSummary_REJECTED)
return reply, BwAgreementError.New("SerialNumber already exists in the PayerBandwidthAllocation")
}
reply.Status = pb.AgreementsSummary_OK
s.logger.Debug("Stored Agreement...")
return reply, nil
}
func (s *Server) verifySignature(ctx context.Context, ba *pb.RenterBandwidthAllocation) error {
// TODO(security): detect replay attacks
//Deserealize RenterBandwidthAllocation.GetData() so we can get public key
rbad := &pb.RenterBandwidthAllocation_Data{}
if err := proto.Unmarshal(ba.GetData(), rbad); err != nil {
return BwAgreementError.New("Failed to unmarshal RenterBandwidthAllocation: %+v", err)
}
pba := rbad.GetPayerAllocation()
pbad := &pb.PayerBandwidthAllocation_Data{}
if err := proto.Unmarshal(pba.GetData(), pbad); err != nil {
return BwAgreementError.New("Failed to unmarshal PayerBandwidthAllocation: %+v", err)
}
// Extract renter's public key from PayerBandwidthAllocation_Data
pubkey, err := x509.ParsePKIXPublicKey(pbad.GetPubKey())
if err != nil {
return BwAgreementError.New("Failed to extract Public Key from RenterBandwidthAllocation: %+v", err)
}
// Typecast public key
k, ok := pubkey.(*ecdsa.PublicKey)
if !ok {
return peertls.ErrUnsupportedKey.New("%T", pubkey)
}
signatureLength := k.Curve.Params().P.BitLen() / 8
if len(ba.GetSignature()) < signatureLength {
return BwAgreementError.New("Invalid Renter's Signature Length")
}
// verify Renter's (uplink) signature
if ok := cryptopasta.Verify(ba.GetData(), ba.GetSignature(), k); !ok {
return BwAgreementError.New("Failed to verify Renter's Signature")
}
// satellite public key
k, ok = s.pkey.(*ecdsa.PublicKey)
if !ok {
return peertls.ErrUnsupportedKey.New("%T", s.pkey)
}
signatureLength = k.Curve.Params().P.BitLen() / 8
if len(rbad.GetPayerAllocation().GetSignature()) < signatureLength {
return BwAgreementError.New("Inavalid Payer's Signature Length")
}
// verify Payer's (satellite) signature
if ok := cryptopasta.Verify(rbad.GetPayerAllocation().GetData(), rbad.GetPayerAllocation().GetSignature(), k); !ok {
return BwAgreementError.New("Failed to verify Payer's Signature")
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink