Merge pull request #84 from nspcc-dev/session-refactor-private-token

session: refactor PrivateToken interface
This commit is contained in:
Leonard Lyubich 2020-05-18 16:49:31 +03:00 committed by GitHub
commit ab796b81d2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 50 additions and 34 deletions

View file

@ -13,3 +13,7 @@ const ErrNilGPRCClientConn = internal.Error("gRPC client connection is nil")
// ErrPrivateTokenNotFound is returned when addressed private token was // ErrPrivateTokenNotFound is returned when addressed private token was
// not found in storage. // not found in storage.
const ErrPrivateTokenNotFound = internal.Error("private token not found") const ErrPrivateTokenNotFound = internal.Error("private token not found")
// ErrNilPrivateToken is returned by functions that expect a non-nil
// PrivateToken, but received nil.
const ErrNilPrivateToken = internal.Error("private token is nil")

View file

@ -30,14 +30,26 @@ func NewPrivateToken(validUntil uint64) (PrivateToken, error) {
}, nil }, nil
} }
// Sign signs data with session private key. // PublicSessionToken returns a binary representation of session public key.
func (t *pToken) Sign(data []byte) ([]byte, error) { //
return crypto.Sign(t.sessionKey, data) // If passed PrivateToken is nil, ErrNilPrivateToken returns.
// If passed PrivateToken carries nil private key, crypto.ErrEmptyPrivateKey returns.
func PublicSessionToken(pToken PrivateToken) ([]byte, error) {
if pToken == nil {
return nil, ErrNilPrivateToken
} }
// PublicKey returns a binary representation of the session public key. sk := pToken.PrivateKey()
func (t *pToken) PublicKey() []byte { if sk == nil {
return crypto.MarshalPublicKey(&t.sessionKey.PublicKey) return nil, crypto.ErrEmptyPrivateKey
}
return crypto.MarshalPublicKey(&sk.PublicKey), nil
}
// PrivateKey is a session private key getter.
func (t *pToken) PrivateKey() *ecdsa.PrivateKey {
return t.sessionKey
} }
func (t *pToken) Expired(epoch uint64) bool { func (t *pToken) Expired(epoch uint64) bool {

View file

@ -1,35 +1,17 @@
package session package session
import ( import (
"crypto/rand"
"testing" "testing"
crypto "github.com/nspcc-dev/neofs-crypto" crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
func TestPrivateToken(t *testing.T) { func TestPToken_PrivateKey(t *testing.T) {
// create new private token // create new private token
pToken, err := NewPrivateToken(0) pToken, err := NewPrivateToken(0)
require.NoError(t, err) require.NoError(t, err)
require.NotNil(t, pToken.PrivateKey())
// generate data to sign
data := make([]byte, 10)
_, err = rand.Read(data)
require.NoError(t, err)
// sign data via private token
sig, err := pToken.Sign(data)
require.NoError(t, err)
// check signature
require.NoError(t,
crypto.Verify(
crypto.UnmarshalPublicKey(pToken.PublicKey()),
data,
sig,
),
)
} }
func TestPToken_Expired(t *testing.T) { func TestPToken_Expired(t *testing.T) {
@ -68,3 +50,27 @@ func TestPrivateTokenKey_SetTokenID(t *testing.T) {
require.Equal(t, tokenID, s.token) require.Equal(t, tokenID, s.token)
} }
func TestPublicSessionToken(t *testing.T) {
var err error
// nil PrivateToken
_, err = PublicSessionToken(nil)
require.EqualError(t, err, ErrNilPrivateToken.Error())
// empty private key
var pToken PrivateToken = new(pToken)
_, err = PublicSessionToken(pToken)
require.EqualError(t, err, crypto.ErrEmptyPrivateKey.Error())
// correct PrivateToken
pToken, err = NewPrivateToken(0)
require.NoError(t, err)
key := pToken.PrivateKey()
require.NotNil(t, key)
res, err := PublicSessionToken(pToken)
require.NoError(t, err)
require.Equal(t, res, crypto.MarshalPublicKey(&key.PublicKey))
}

View file

@ -10,14 +10,8 @@ import (
// PrivateToken is an interface of session private part. // PrivateToken is an interface of session private part.
type PrivateToken interface { type PrivateToken interface {
// PublicKey must return a binary representation of session public key. // PrivateKey must return session private key.
PublicKey() []byte PrivateKey() *ecdsa.PrivateKey
// Sign must return the signature of passed data.
//
// Resulting signature must be verified by crypto.Verify function
// with the session public key.
Sign([]byte) ([]byte, error)
// Expired must return true if and only if private token is expired in the given epoch number. // Expired must return true if and only if private token is expired in the given epoch number.
Expired(uint64) bool Expired(uint64) bool