frostfs-api-go/service/token.go

package service

import (
	"crypto/ecdsa"
	"encoding/binary"

	crypto "github.com/nspcc-dev/neofs-crypto"
)

var tokenEndianness = binary.BigEndian

// GetID is an ID field getter.
func (m Token_Info) GetID() TokenID {
	return m.ID
}

// SetID is an ID field setter.
func (m *Token_Info) SetID(id TokenID) {
	m.ID = id
}

// GetOwnerID is an OwnerID field getter.
func (m Token_Info) GetOwnerID() OwnerID {
	return m.OwnerID
}

// SetOwnerID is an OwnerID field setter.
func (m *Token_Info) SetOwnerID(id OwnerID) {
	m.OwnerID = id
}

// SetVerb is a Verb field setter.
func (m *Token_Info) SetVerb(verb Token_Info_Verb) {
	m.Verb = verb
}

// GetAddress is an Address field getter.
func (m Token_Info) GetAddress() Address {
	return m.Address
}

// SetAddress is an Address field setter.
func (m *Token_Info) SetAddress(addr Address) {
	m.Address = addr
}

// CreationEpoch is a Created field getter.
func (m Token_Info) CreationEpoch() uint64 {
	return m.Created
}

// SetCreationEpoch is a Created field setter.
func (m *Token_Info) SetCreationEpoch(e uint64) {
	m.Created = e
}

// ExpirationEpoch is a ValidUntil field getter.
func (m Token_Info) ExpirationEpoch() uint64 {
	return m.ValidUntil
}

// SetExpirationEpoch is a ValidUntil field setter.
func (m *Token_Info) SetExpirationEpoch(e uint64) {
	m.ValidUntil = e
}

// SetSessionKey is a SessionKey field setter.
func (m *Token_Info) SetSessionKey(key []byte) {
	m.SessionKey = key
}

// SetSignature is a Signature field setter.
func (m *Token) SetSignature(sig []byte) {
	m.Signature = sig
}

// Returns byte slice that is used for creation/verification of the token signature.
func verificationTokenData(token SessionToken) []byte {
	var sz int

	id := token.GetID()
	sz += id.Size()

	ownerID := token.GetOwnerID()
	sz += ownerID.Size()

	verb := uint32(token.GetVerb())
	sz += 4

	addr := token.GetAddress()
	sz += addr.CID.Size() + addr.ObjectID.Size()

	cEpoch := token.CreationEpoch()
	sz += 8

	fEpoch := token.ExpirationEpoch()
	sz += 8

	key := token.GetSessionKey()
	sz += len(key)

	data := make([]byte, sz)

	var off int

	tokenEndianness.PutUint32(data, verb)
	off += 4

	tokenEndianness.PutUint64(data[off:], cEpoch)
	off += 8

	tokenEndianness.PutUint64(data[off:], fEpoch)
	off += 8

	off += copy(data[off:], id.Bytes())
	off += copy(data[off:], ownerID.Bytes())
	off += copy(data[off:], addr.CID.Bytes())
	off += copy(data[off:], addr.ObjectID.Bytes())
	off += copy(data[off:], key)

	return data
}

// SignToken calculates and stores the signature of token information.
//
// If passed token is nil, ErrNilToken returns.
// If passed private key is nil, crypto.ErrEmptyPrivateKey returns.
func SignToken(token SessionToken, key *ecdsa.PrivateKey) error {
	if token == nil {
		return ErrNilToken
	} else if key == nil {
		return crypto.ErrEmptyPrivateKey
	}

	sig, err := crypto.Sign(key, verificationTokenData(token))
	if err != nil {
		return err
	}

	token.SetSignature(sig)

	return nil
}

// VerifyTokenSignature checks if token was signed correctly.
//
// If passed token is nil, ErrNilToken returns.
// If passed public key is nil, crypto.ErrEmptyPublicKey returns.
func VerifyTokenSignature(token SessionToken, key *ecdsa.PublicKey) error {
	if token == nil {
		return ErrNilToken
	} else if key == nil {
		return crypto.ErrEmptyPublicKey
	}

	return crypto.Verify(
		key,
		verificationTokenData(token),
		token.GetSignature(),
	)
}
service: define and implement Token field composing interface This commit: * defines SessionToken interface of Token field getters/setters group; * implements SessionToken on Token message. 2020-04-28 13:58:07 +00:00			`package service`

			`import (`
service: implement Sign/Verify functions for SessionToken 2020-04-28 16:03:15 +00:00			`"crypto/ecdsa"`
			`"encoding/binary"`

			`crypto "github.com/nspcc-dev/neofs-crypto"`
service: define and implement Token field composing interface This commit: * defines SessionToken interface of Token field getters/setters group; * implements SessionToken on Token message. 2020-04-28 13:58:07 +00:00			`)`

service: implement Sign/Verify functions for SessionToken 2020-04-28 16:03:15 +00:00			`var tokenEndianness = binary.BigEndian`

service: define and implement Token field composing interface This commit: * defines SessionToken interface of Token field getters/setters group; * implements SessionToken on Token message. 2020-04-28 13:58:07 +00:00			`// GetID is an ID field getter.`
			`func (m Token_Info) GetID() TokenID {`
			`return m.ID`
			`}`

			`// SetID is an ID field setter.`
			`func (m *Token_Info) SetID(id TokenID) {`
			`m.ID = id`
			`}`

			`// GetOwnerID is an OwnerID field getter.`
			`func (m Token_Info) GetOwnerID() OwnerID {`
			`return m.OwnerID`
			`}`

			`// SetOwnerID is an OwnerID field setter.`
			`func (m *Token_Info) SetOwnerID(id OwnerID) {`
			`m.OwnerID = id`
			`}`

			`// SetVerb is a Verb field setter.`
			`func (m *Token_Info) SetVerb(verb Token_Info_Verb) {`
			`m.Verb = verb`
			`}`

			`// GetAddress is an Address field getter.`
			`func (m Token_Info) GetAddress() Address {`
			`return m.Address`
			`}`

			`// SetAddress is an Address field setter.`
			`func (m *Token_Info) SetAddress(addr Address) {`
			`m.Address = addr`
			`}`

			`// CreationEpoch is a Created field getter.`
			`func (m Token_Info) CreationEpoch() uint64 {`
			`return m.Created`
			`}`

			`// SetCreationEpoch is a Created field setter.`
			`func (m *Token_Info) SetCreationEpoch(e uint64) {`
			`m.Created = e`
			`}`

			`// ExpirationEpoch is a ValidUntil field getter.`
			`func (m Token_Info) ExpirationEpoch() uint64 {`
			`return m.ValidUntil`
			`}`

			`// SetExpirationEpoch is a ValidUntil field setter.`
			`func (m *Token_Info) SetExpirationEpoch(e uint64) {`
			`m.ValidUntil = e`
			`}`

			`// SetSessionKey is a SessionKey field setter.`
			`func (m *Token_Info) SetSessionKey(key []byte) {`
			`m.SessionKey = key`
			`}`

			`// SetSignature is a Signature field setter.`
			`func (m *Token) SetSignature(sig []byte) {`
			`m.Signature = sig`
			`}`
service: implement Sign/Verify functions for SessionToken 2020-04-28 16:03:15 +00:00
			`// Returns byte slice that is used for creation/verification of the token signature.`
			`func verificationTokenData(token SessionToken) []byte {`
			`var sz int`

			`id := token.GetID()`
			`sz += id.Size()`

			`ownerID := token.GetOwnerID()`
			`sz += ownerID.Size()`

			`verb := uint32(token.GetVerb())`
			`sz += 4`

			`addr := token.GetAddress()`
			`sz += addr.CID.Size() + addr.ObjectID.Size()`

			`cEpoch := token.CreationEpoch()`
			`sz += 8`

			`fEpoch := token.ExpirationEpoch()`
			`sz += 8`

			`key := token.GetSessionKey()`
			`sz += len(key)`

			`data := make([]byte, sz)`

			`var off int`

			`tokenEndianness.PutUint32(data, verb)`
			`off += 4`

			`tokenEndianness.PutUint64(data[off:], cEpoch)`
			`off += 8`

			`tokenEndianness.PutUint64(data[off:], fEpoch)`
			`off += 8`

			`off += copy(data[off:], id.Bytes())`
			`off += copy(data[off:], ownerID.Bytes())`
			`off += copy(data[off:], addr.CID.Bytes())`
			`off += copy(data[off:], addr.ObjectID.Bytes())`
			`off += copy(data[off:], key)`

			`return data`
			`}`

			`// SignToken calculates and stores the signature of token information.`
			`//`
service: change constant errors This commit: * moves defined errors to a separate file; * renames ErrEmptyToken to ErrNilToken; * merges ErrZeroTTL and ErrIncorrectTTL into single ErrInvalidTTL. 2020-05-04 10:04:10 +00:00			`// If passed token is nil, ErrNilToken returns.`
service: implement Sign/Verify functions for SessionToken 2020-04-28 16:03:15 +00:00			`// If passed private key is nil, crypto.ErrEmptyPrivateKey returns.`
			`func SignToken(token SessionToken, key *ecdsa.PrivateKey) error {`
			`if token == nil {`
service: change constant errors This commit: * moves defined errors to a separate file; * renames ErrEmptyToken to ErrNilToken; * merges ErrZeroTTL and ErrIncorrectTTL into single ErrInvalidTTL. 2020-05-04 10:04:10 +00:00			`return ErrNilToken`
service: implement Sign/Verify functions for SessionToken 2020-04-28 16:03:15 +00:00			`} else if key == nil {`
			`return crypto.ErrEmptyPrivateKey`
			`}`

			`sig, err := crypto.Sign(key, verificationTokenData(token))`
			`if err != nil {`
			`return err`
			`}`

			`token.SetSignature(sig)`

			`return nil`
			`}`

			`// VerifyTokenSignature checks if token was signed correctly.`
service: prevent NPE in VerifyTokenSignature function This commit adds next changes to VerifyTokenSignature: * returns ErrEmptyToken on nil token argument; * returns ErrEmptyPublicKey on nil public key argument. 2020-04-29 07:57:07 +00:00			`//`
service: change constant errors This commit: * moves defined errors to a separate file; * renames ErrEmptyToken to ErrNilToken; * merges ErrZeroTTL and ErrIncorrectTTL into single ErrInvalidTTL. 2020-05-04 10:04:10 +00:00			`// If passed token is nil, ErrNilToken returns.`
service: prevent NPE in VerifyTokenSignature function This commit adds next changes to VerifyTokenSignature: * returns ErrEmptyToken on nil token argument; * returns ErrEmptyPublicKey on nil public key argument. 2020-04-29 07:57:07 +00:00			`// If passed public key is nil, crypto.ErrEmptyPublicKey returns.`
service: implement Sign/Verify functions for SessionToken 2020-04-28 16:03:15 +00:00			`func VerifyTokenSignature(token SessionToken, key *ecdsa.PublicKey) error {`
service: prevent NPE in VerifyTokenSignature function This commit adds next changes to VerifyTokenSignature: * returns ErrEmptyToken on nil token argument; * returns ErrEmptyPublicKey on nil public key argument. 2020-04-29 07:57:07 +00:00			`if token == nil {`
service: change constant errors This commit: * moves defined errors to a separate file; * renames ErrEmptyToken to ErrNilToken; * merges ErrZeroTTL and ErrIncorrectTTL into single ErrInvalidTTL. 2020-05-04 10:04:10 +00:00			`return ErrNilToken`
service: prevent NPE in VerifyTokenSignature function This commit adds next changes to VerifyTokenSignature: * returns ErrEmptyToken on nil token argument; * returns ErrEmptyPublicKey on nil public key argument. 2020-04-29 07:57:07 +00:00			`} else if key == nil {`
			`return crypto.ErrEmptyPublicKey`
			`}`

service: implement Sign/Verify functions for SessionToken 2020-04-28 16:03:15 +00:00			`return crypto.Verify(`
			`key,`
			`verificationTokenData(token),`
			`token.GetSignature(),`
			`)`
			`}`