service: add owner key to a signed payload of SessionToken

service/token.go

@@ -174,11 +174,11 @@ func NewVerifiedSessionToken(token SessionToken) DataWithSignature {
 	}
 }
 
-func tokenInfoSize(v SessionKeySource) int {
+func tokenInfoSize(v SessionTokenInfo) int {
 	if v == nil {
 		return 0
 	}
-	return fixedTokenDataSize + len(v.GetSessionKey())
+	return fixedTokenDataSize + len(v.GetSessionKey()) + len(v.GetOwnerKey())
 }
 
 // Fills passed buffer with signing token information bytes.
@@ -208,7 +208,9 @@ func copyTokenSignedData(buf []byte, token SessionTokenInfo) {
 	tokenEndianness.PutUint64(buf[off:], token.ExpirationEpoch())
 	off += 8
 
-	copy(buf[off:], token.GetSessionKey())
+	off += copy(buf[off:], token.GetSessionKey())
+
+	copy(buf[off:], token.GetOwnerKey())
 }
 
 // SignedData concatenates signed data with session token information. Returns concatenation result.

service/token_test.go

@@ -77,6 +77,16 @@ func TestTokenGettersSetters(t *testing.T) {
 		require.Equal(t, key, tok.GetSessionKey())
 	}
 
+	{
+		key := make([]byte, 10)
+		_, err := rand.Read(key)
+		require.NoError(t, err)
+
+		tok.SetOwnerKey(key)
+
+		require.Equal(t, key, tok.GetOwnerKey())
+	}
+
 	{ // Signature
 		sig := make([]byte, 10)
 		_, err := rand.Read(sig)
@@ -126,6 +136,11 @@ func TestSignToken(t *testing.T) {
 	require.NoError(t, err)
 	token.SetSessionKey(sessionKey)
 
+	ownerKey := make([]byte, 10)
+	_, err = rand.Read(ownerKey[:])
+	require.NoError(t, err)
+	token.SetOwnerKey(ownerKey)
+
 	signedToken := NewSignedSessionToken(token)
 	verifiedToken := NewVerifiedSessionToken(token)
 
@@ -211,6 +226,18 @@ func TestSignToken(t *testing.T) {
 				token.SetSessionKey(sessionKey)
 			},
 		},
+		{ // Owner key
+			corrupt: func() {
+				ownerKey := token.GetOwnerKey()
+				ownerKey[0]++
+				token.SetOwnerKey(ownerKey)
+			},
+			restore: func() {
+				ownerKey := token.GetOwnerKey()
+				ownerKey[0]--
+				token.SetOwnerKey(ownerKey)
+			},
+		},
 	}
 
 	for _, v := range items {