frostfs-node/pkg/services/private/server/sign.go

package private

import (
	"bytes"
	"crypto/ecdsa"
	"errors"

	"github.com/nspcc-dev/neofs-api-go/util/signature"
	"github.com/nspcc-dev/neofs-node/pkg/services/private"
)

// SignedMessage is an interface of Private service message.
type SignedMessage interface {
	signature.DataSource
	GetSignature() *private.Signature
	SetSignature(*private.Signature)
}

var errDisallowedKey = errors.New("key is not in the allowed list")

func (s *Server) isValidRequest(req SignedMessage) error {
	var (
		sign    = req.GetSignature()
		key     = sign.GetKey()
		allowed = false
	)

	// check if key is allowed
	for i := range s.allowedKeys {
		if allowed = bytes.Equal(s.allowedKeys[i], key); allowed {
			break
		}
	}

	if !allowed {
		return errDisallowedKey
	}

	// verify signature
	return signature.VerifyDataWithSource(req, func() ([]byte, []byte) {
		return key, sign.GetSign()
	})
}

// SignMessage signs Private service message with private key.
func SignMessage(key *ecdsa.PrivateKey, msg SignedMessage) error {
	return signature.SignDataWithHandler(key, msg, func(key []byte, sig []byte) {
		s := new(private.Signature)
		s.SetKey(key)
		s.SetSign(sig)

		msg.SetSignature(s)
	})
}
[#306] private: Implement server of gRPC private node service Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-01-13 12:49:46 +00:00			`package private`

			`import (`
			`"bytes"`
			`"crypto/ecdsa"`
			`"errors"`

			`"github.com/nspcc-dev/neofs-api-go/util/signature"`
			`"github.com/nspcc-dev/neofs-node/pkg/services/private"`
			`)`

			`// SignedMessage is an interface of Private service message.`
			`type SignedMessage interface {`
			`signature.DataSource`
			`GetSignature() *private.Signature`
			`SetSignature(*private.Signature)`
			`}`

			`var errDisallowedKey = errors.New("key is not in the allowed list")`

			`func (s *Server) isValidRequest(req SignedMessage) error {`
			`var (`
			`sign = req.GetSignature()`
			`key = sign.GetKey()`
			`allowed = false`
			`)`

			`// check if key is allowed`
			`for i := range s.allowedKeys {`
			`if allowed = bytes.Equal(s.allowedKeys[i], key); allowed {`
			`break`
			`}`
			`}`

			`if !allowed {`
			`return errDisallowedKey`
			`}`

			`// verify signature`
			`return signature.VerifyDataWithSource(req, func() ([]byte, []byte) {`
			`return key, sign.GetSign()`
			`})`
			`}`

			`// SignMessage signs Private service message with private key.`
			`func SignMessage(key *ecdsa.PrivateKey, msg SignedMessage) error {`
			`return signature.SignDataWithHandler(key, msg, func(key []byte, sig []byte) {`
			`s := new(private.Signature)`
			`s.SetKey(key)`
			`s.SetSign(sig)`

			`msg.SetSignature(s)`
			`})`
			`}`