forked from AplaProject/go-apla
/
signer.go
77 lines (62 loc) · 1.93 KB
/
signer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
//go:generate sh -c "mockery -inpkg -name Signer -print > file.tmp && mv file.tmp signer_mock.go"
package crypto
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/sha256"
"fmt"
"math/big"
"github.com/GenesisKernel/go-genesis/tools/update_server/model"
)
type Signer interface {
MakeSign(build model.Build) ([]byte, error)
CheckSign(build model.Build, public []byte) (bool, error)
}
type BuildSigner struct {
privateKey []byte
}
func NewBuildSigner(privateKey []byte) BuildSigner {
return BuildSigner{privateKey: privateKey}
}
// Make sign is signing build with private key
func (bs *BuildSigner) MakeSign(build model.Build) ([]byte, error) {
var sign []byte
var pubkeyCurve elliptic.Curve
pubkeyCurve = elliptic.P256()
bi := new(big.Int).SetBytes(bs.privateKey)
priv := new(ecdsa.PrivateKey)
priv.PublicKey.Curve = pubkeyCurve
priv.D = bi
data := build.Body
data = append(data, []byte(build.Time.String())...)
data = append(data, []byte(build.Version.String())...)
signhash := sha256.Sum256(data)
r, s, err := ecdsa.Sign(rand.Reader, priv, signhash[:])
if err != nil {
return sign, err
}
return append(r.Bytes(), s.Bytes()...), nil
}
// CheckSign is checking build sign with public key
func (bs *BuildSigner) CheckSign(build model.Build, public []byte) (bool, error) {
if len(build.Sign) != 64 {
return false, fmt.Errorf("invalid parameters len(signature) == 0")
}
pubkeyCurve := elliptic.P256()
data := build.Body
data = append(data, []byte(build.Time.String())...)
data = append(data, []byte(build.Version.String())...)
hash := sha256.Sum256(data)
pubkey := new(ecdsa.PublicKey)
pubkey.Curve = pubkeyCurve
pubkey.X = new(big.Int).SetBytes(public[0:32])
pubkey.Y = new(big.Int).SetBytes(public[32:])
r := new(big.Int).SetBytes(build.Sign[:32])
s := new(big.Int).SetBytes(build.Sign[32:])
verifyStatus := ecdsa.Verify(pubkey, hash[:], r, s)
if !verifyStatus {
return false, nil
}
return true, nil
}