/
verify.go
171 lines (136 loc) · 5.38 KB
/
verify.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.
package signing
import (
"context"
"storj.io/common/pb"
"storj.io/common/storj"
"storj.io/common/tracing"
)
var verifyOrderLimitSignatureMon = mon.Task()
// Signee is able to verify that the data signature belongs to the signee.
type Signee interface {
ID() storj.NodeID
HashAndVerifySignature(ctx context.Context, data, signature []byte) error
}
// VerifyOrderLimitSignature verifies that the signature inside order limit is valid and belongs to the satellite.
func VerifyOrderLimitSignature(ctx context.Context, satellite Signee, signed *pb.OrderLimit) (err error) {
if areSignaturesDisabled(ctx) {
return nil
}
return verifyOrderLimitSignature(ctx, satellite, signed)
}
// VerifyOrderSignature verifies that the signature inside order is valid and belongs to the uplink.
func VerifyOrderSignature(ctx context.Context, uplink Signee, signed *pb.Order) (err error) {
if areSignaturesDisabled(ctx) {
return nil
}
return verifyOrderSignature(ctx, uplink, signed)
}
// VerifyUplinkOrderSignature verifies that the signature inside order is valid and belongs to the uplink.
func VerifyUplinkOrderSignature(ctx context.Context, publicKey storj.PiecePublicKey, signed *pb.Order) (err error) {
if areSignaturesDisabled(ctx) {
return nil
}
return verifyUplinkOrderSignature(ctx, publicKey, signed)
}
// VerifyPieceHashSignature verifies that the signature inside piece hash is valid and belongs to the signer, which is either uplink or storage node.
func VerifyPieceHashSignature(ctx context.Context, signee Signee, signed *pb.PieceHash) (err error) {
if areSignaturesDisabled(ctx) {
return nil
}
return verifyPieceHashSignature(ctx, signee, signed)
}
// VerifyUplinkPieceHashSignature verifies that the signature inside piece hash is valid and belongs to the signer, which is either uplink or storage node.
func VerifyUplinkPieceHashSignature(ctx context.Context, publicKey storj.PiecePublicKey, signed *pb.PieceHash) (err error) {
if areSignaturesDisabled(ctx) {
return nil
}
return verifyUplinkPieceHashSignature(ctx, publicKey, signed)
}
// VerifyExitCompleted verifies that the signature inside ExitCompleted belongs to the satellite.
func VerifyExitCompleted(ctx context.Context, satellite Signee, signed *pb.ExitCompleted) (err error) {
if areSignaturesDisabled(ctx) {
return nil
}
return verifyExitCompleted(ctx, satellite, signed)
}
// VerifyExitFailed verifies that the signature inside ExitFailed belongs to the satellite.
func VerifyExitFailed(ctx context.Context, satellite Signee, signed *pb.ExitFailed) (err error) {
if areSignaturesDisabled(ctx) {
return nil
}
return verifyExitFailed(ctx, satellite, signed)
}
func verifyOrderLimitSignature(ctx context.Context, satellite Signee, signed *pb.OrderLimit) (err error) {
ctx = tracing.WithoutDistributedTracing(ctx)
defer verifyOrderLimitSignatureMon(&ctx)(&err)
bytes, err := EncodeOrderLimit(ctx, signed)
if err != nil {
return Error.Wrap(err)
}
return satellite.HashAndVerifySignature(ctx, bytes, signed.SatelliteSignature)
}
func verifyOrderSignature(ctx context.Context, uplink Signee, signed *pb.Order) (err error) {
defer mon.Task()(&ctx)(&err)
if len(signed.XXX_unrecognized) > 0 {
return Error.New("unrecognized fields are not allowed")
}
bytes, err := EncodeOrder(ctx, signed)
if err != nil {
return Error.Wrap(err)
}
return uplink.HashAndVerifySignature(ctx, bytes, signed.UplinkSignature)
}
func verifyUplinkOrderSignature(ctx context.Context, publicKey storj.PiecePublicKey, signed *pb.Order) (err error) {
ctx = tracing.WithoutDistributedTracing(ctx)
defer mon.Task()(&ctx)(&err)
if len(signed.XXX_unrecognized) > 0 {
return Error.New("unrecognized fields are not allowed")
}
bytes, err := EncodeOrder(ctx, signed)
if err != nil {
return Error.Wrap(err)
}
return Error.Wrap(publicKey.Verify(bytes, signed.UplinkSignature))
}
func verifyPieceHashSignature(ctx context.Context, signee Signee, signed *pb.PieceHash) (err error) {
ctx = tracing.WithoutDistributedTracing(ctx)
defer mon.Task()(&ctx)(&err)
if len(signed.XXX_unrecognized) > 0 {
return Error.New("unrecognized fields are not allowed")
}
bytes, err := EncodePieceHash(ctx, signed)
if err != nil {
return Error.Wrap(err)
}
return signee.HashAndVerifySignature(ctx, bytes, signed.Signature)
}
func verifyUplinkPieceHashSignature(ctx context.Context, publicKey storj.PiecePublicKey, signed *pb.PieceHash) (err error) {
ctx = tracing.WithoutDistributedTracing(ctx)
defer mon.Task()(&ctx)(&err)
if len(signed.XXX_unrecognized) > 0 {
return Error.New("unrecognized fields are not allowed")
}
bytes, err := EncodePieceHash(ctx, signed)
if err != nil {
return Error.Wrap(err)
}
return Error.Wrap(publicKey.Verify(bytes, signed.Signature))
}
func verifyExitCompleted(ctx context.Context, satellite Signee, signed *pb.ExitCompleted) (err error) {
defer mon.Task()(&ctx)(&err)
bytes, err := EncodeExitCompleted(ctx, signed)
if err != nil {
return Error.Wrap(err)
}
return Error.Wrap(satellite.HashAndVerifySignature(ctx, bytes, signed.ExitCompleteSignature))
}
func verifyExitFailed(ctx context.Context, satellite Signee, signed *pb.ExitFailed) (err error) {
defer mon.Task()(&ctx)(&err)
bytes, err := EncodeExitFailed(ctx, signed)
if err != nil {
return Error.Wrap(err)
}
return Error.Wrap(satellite.HashAndVerifySignature(ctx, bytes, signed.ExitFailureSignature))
}