[#265] session: Implement method to verify session data signature
There is a need to verify session data signatures calculated using private session key. `Container` token encapsulates public session key, so we need to provide method for signature check. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
parent
67ff996dc3
commit
031eac2f48
2 changed files with 38 additions and 0 deletions
|
@ -8,6 +8,7 @@ import (
|
|||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/user"
|
||||
)
|
||||
|
||||
|
@ -199,3 +200,17 @@ func (x Container) AssertVerb(verb ContainerVerb) bool {
|
|||
func IssuedBy(cnr Container, id user.ID) bool {
|
||||
return cnr.Issuer().Equals(id)
|
||||
}
|
||||
|
||||
// VerifySessionDataSignature verifies signature of the session data. In practice,
|
||||
// the method is used to authenticate an operation with session data.
|
||||
func (x Container) VerifySessionDataSignature(data, signature []byte) bool {
|
||||
var sigV2 refs.Signature
|
||||
sigV2.SetKey(x.authKey)
|
||||
sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256)
|
||||
sigV2.SetSign(signature)
|
||||
|
||||
var sig neofscrypto.Signature
|
||||
sig.ReadFromV2(sigV2)
|
||||
|
||||
return sig.Verify(data)
|
||||
}
|
||||
|
|
|
@ -11,6 +11,7 @@ import (
|
|||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||
v2session "github.com/nspcc-dev/neofs-api-go/v2/session"
|
||||
cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
|
||||
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
|
||||
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||
sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
|
||||
|
@ -543,3 +544,25 @@ func TestContainer_Sign(t *testing.T) {
|
|||
|
||||
require.True(t, val.VerifySignature())
|
||||
}
|
||||
|
||||
func TestContainer_VerifyDataSignature(t *testing.T) {
|
||||
signer := randSigner()
|
||||
|
||||
var tok session.Container
|
||||
|
||||
data := make([]byte, 100)
|
||||
rand.Read(data)
|
||||
|
||||
var sig neofscrypto.Signature
|
||||
require.NoError(t, sig.Calculate(neofsecdsa.SignerRFC6979(signer), data))
|
||||
|
||||
var sigV2 refs.Signature
|
||||
sig.WriteToV2(&sigV2)
|
||||
|
||||
require.False(t, tok.VerifySessionDataSignature(data, sigV2.GetSign()))
|
||||
|
||||
tok.SetAuthKey((*neofsecdsa.PublicKeyRFC6979)(&signer.PublicKey))
|
||||
require.True(t, tok.VerifySessionDataSignature(data, sigV2.GetSign()))
|
||||
require.False(t, tok.VerifySessionDataSignature(append(data, 1), sigV2.GetSign()))
|
||||
require.False(t, tok.VerifySessionDataSignature(data, append(sigV2.GetSign(), 1)))
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue