-
Notifications
You must be signed in to change notification settings - Fork 0
/
validation.go
103 lines (86 loc) · 2.57 KB
/
validation.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package record
import (
"bytes"
"errors"
"strings"
key "github.com/ipfs/go-ipfs/blocks/key"
ci "github.com/ipfs/go-ipfs/p2p/crypto"
pb "github.com/ipfs/go-ipfs/routing/dht/pb"
u "github.com/ipfs/go-ipfs/util"
)
// ValidatorFunc is a function that is called to validate a given
// type of DHTRecord.
type ValidatorFunc func(key.Key, []byte) error
// ErrBadRecord is returned any time a dht record is found to be
// incorrectly formatted or signed.
var ErrBadRecord = errors.New("bad dht record")
// ErrInvalidRecordType is returned if a DHTRecord keys prefix
// is not found in the Validator map of the DHT.
var ErrInvalidRecordType = errors.New("invalid record keytype")
// Validator is an object that helps ensure routing records are valid.
// It is a collection of validator functions, each of which implements
// its own notion of validity.
type Validator map[string]*ValidChecker
type ValidChecker struct {
Func ValidatorFunc
Sign bool
}
// VerifyRecord checks a record and ensures it is still valid.
// It runs needed validators
func (v Validator) VerifyRecord(r *pb.Record) error {
// Now, check validity func
parts := strings.Split(r.GetKey(), "/")
if len(parts) < 3 {
log.Infof("Record key does not have validator: %s", key.Key(r.GetKey()))
return nil
}
val, ok := v[parts[1]]
if !ok {
log.Infof("Unrecognized key prefix: %s", parts[1])
return ErrInvalidRecordType
}
return val.Func(key.Key(r.GetKey()), r.GetValue())
}
func (v Validator) IsSigned(k key.Key) (bool, error) {
// Now, check validity func
parts := strings.Split(string(k), "/")
if len(parts) < 3 {
log.Infof("Record key does not have validator: %s", k)
return false, nil
}
val, ok := v[parts[1]]
if !ok {
log.Infof("Unrecognized key prefix: %s", parts[1])
return false, ErrInvalidRecordType
}
return val.Sign, nil
}
// ValidatePublicKeyRecord implements ValidatorFunc and
// verifies that the passed in record value is the PublicKey
// that matches the passed in key.
func ValidatePublicKeyRecord(k key.Key, val []byte) error {
keyparts := bytes.Split([]byte(k), []byte("/"))
if len(keyparts) < 3 {
return errors.New("invalid key")
}
pkh := u.Hash(val)
if !bytes.Equal(keyparts[2], pkh) {
return errors.New("public key does not match storage key")
}
return nil
}
var PublicKeyValidator = &ValidChecker{
Func: ValidatePublicKeyRecord,
Sign: false,
}
func CheckRecordSig(r *pb.Record, pk ci.PubKey) error {
blob := RecordBlobForSig(r)
good, err := pk.Verify(blob, r.Signature)
if err != nil {
return nil
}
if !good {
return errors.New("invalid record signature")
}
return nil
}