[] session: Implement method to verify session data signature

There is a need to verify session data signatures calculated using
private session key. `Container` token encapsulates public session key,
so we need to provide method for signature check.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2022-06-07 20:25:29 +03:00 committed by LeL
parent 67ff996dc3
commit 031eac2f48
2 changed files with 38 additions and 0 deletions

View file

@ -8,6 +8,7 @@ import (
"github.com/nspcc-dev/neofs-api-go/v2/refs"
"github.com/nspcc-dev/neofs-api-go/v2/session"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
"github.com/nspcc-dev/neofs-sdk-go/user"
)
@ -199,3 +200,17 @@ func (x Container) AssertVerb(verb ContainerVerb) bool {
func IssuedBy(cnr Container, id user.ID) bool {
return cnr.Issuer().Equals(id)
}
// VerifySessionDataSignature verifies signature of the session data. In practice,
// the method is used to authenticate an operation with session data.
func (x Container) VerifySessionDataSignature(data, signature []byte) bool {
var sigV2 refs.Signature
sigV2.SetKey(x.authKey)
sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256)
sigV2.SetSign(signature)
var sig neofscrypto.Signature
sig.ReadFromV2(sigV2)
return sig.Verify(data)
}

View file

@ -11,6 +11,7 @@ import (
"github.com/nspcc-dev/neofs-api-go/v2/refs"
v2session "github.com/nspcc-dev/neofs-api-go/v2/session"
cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/nspcc-dev/neofs-sdk-go/session"
sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
@ -543,3 +544,25 @@ func TestContainer_Sign(t *testing.T) {
require.True(t, val.VerifySignature())
}
func TestContainer_VerifyDataSignature(t *testing.T) {
signer := randSigner()
var tok session.Container
data := make([]byte, 100)
rand.Read(data)
var sig neofscrypto.Signature
require.NoError(t, sig.Calculate(neofsecdsa.SignerRFC6979(signer), data))
var sigV2 refs.Signature
sig.WriteToV2(&sigV2)
require.False(t, tok.VerifySessionDataSignature(data, sigV2.GetSign()))
tok.SetAuthKey((*neofsecdsa.PublicKeyRFC6979)(&signer.PublicKey))
require.True(t, tok.VerifySessionDataSignature(data, sigV2.GetSign()))
require.False(t, tok.VerifySessionDataSignature(append(data, 1), sigV2.GetSign()))
require.False(t, tok.VerifySessionDataSignature(data, append(sigV2.GetSign(), 1)))
}