-
Notifications
You must be signed in to change notification settings - Fork 387
/
signing.go
90 lines (75 loc) · 2.7 KB
/
signing.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.
package metainfo
import (
"context"
"storj.io/common/pb"
"storj.io/common/signing"
"storj.io/storj/satellite/internalpb"
)
// SignStreamID signs the stream ID using the specified signer.
// Signer is a satellite.
func SignStreamID(ctx context.Context, signer signing.Signer, unsigned *internalpb.StreamID) (_ *internalpb.StreamID, err error) {
defer mon.Task()(&ctx)(&err)
bytes, err := EncodeStreamID(ctx, unsigned)
if err != nil {
return nil, Error.Wrap(err)
}
signed := *unsigned
signed.SatelliteSignature, err = signer.SignHMACSHA256(ctx, bytes)
if err != nil {
return nil, Error.Wrap(err)
}
return &signed, nil
}
// SignSegmentID signs the segment ID using the specified signer.
// Signer is a satellite.
func SignSegmentID(ctx context.Context, signer signing.Signer, unsigned *internalpb.SegmentID) (_ *internalpb.SegmentID, err error) {
defer mon.Task()(&ctx)(&err)
bytes, err := EncodeSegmentID(ctx, unsigned)
if err != nil {
return nil, Error.Wrap(err)
}
signed := *unsigned
signed.SatelliteSignature, err = signer.HashAndSign(ctx, bytes)
if err != nil {
return nil, Error.Wrap(err)
}
return &signed, nil
}
// EncodeStreamID encodes stream ID into bytes for signing.
func EncodeStreamID(ctx context.Context, streamID *internalpb.StreamID) (_ []byte, err error) {
defer mon.Task()(&ctx)(&err)
signature := streamID.SatelliteSignature
streamID.SatelliteSignature = nil
out, err := pb.Marshal(streamID)
streamID.SatelliteSignature = signature
return out, err
}
// EncodeSegmentID encodes segment ID into bytes for signing.
func EncodeSegmentID(ctx context.Context, segmentID *internalpb.SegmentID) (_ []byte, err error) {
defer mon.Task()(&ctx)(&err)
signature := segmentID.SatelliteSignature
segmentID.SatelliteSignature = nil
out, err := pb.Marshal(segmentID)
segmentID.SatelliteSignature = signature
return out, err
}
// VerifyStreamID verifies that the signature inside stream ID belongs to the satellite.
func VerifyStreamID(ctx context.Context, satellite signing.Signer, signed *internalpb.StreamID) (err error) {
defer mon.Task()(&ctx)(&err)
bytes, err := EncodeStreamID(ctx, signed)
if err != nil {
return Error.Wrap(err)
}
return satellite.VerifyHMACSHA256(ctx, bytes, signed.SatelliteSignature)
}
// VerifySegmentID verifies that the signature inside segment ID belongs to the satellite.
func VerifySegmentID(ctx context.Context, satellite signing.Signee, signed *internalpb.SegmentID) (err error) {
defer mon.Task()(&ctx)(&err)
bytes, err := EncodeSegmentID(ctx, signed)
if err != nil {
return Error.Wrap(err)
}
return satellite.HashAndVerifySignature(ctx, bytes, signed.SatelliteSignature)
}