frostfs-api-go/session/private.go

package session

import (
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"

	crypto "github.com/nspcc-dev/neofs-crypto"
)

type pToken struct {
	// private session token
	sessionKey *ecdsa.PrivateKey
	// last epoch of the lifetime
	validUntil uint64
}

// NewPrivateToken creates PrivateToken instance that expires after passed epoch.
//
// Returns non-nil error on key generation error.
func NewPrivateToken(validUntil uint64) (PrivateToken, error) {
	sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
	if err != nil {
		return nil, err
	}

	return &pToken{
		sessionKey: sk,
		validUntil: validUntil,
	}, nil
}

// PublicSessionToken returns a binary representation of session public key.
//
// If passed PrivateToken is nil, ErrNilPrivateToken returns.
// If passed PrivateToken carries nil private key, crypto.ErrEmptyPrivateKey returns.
func PublicSessionToken(pToken PrivateToken) ([]byte, error) {
	if pToken == nil {
		return nil, ErrNilPrivateToken
	}

	sk := pToken.PrivateKey()
	if sk == nil {
		return nil, crypto.ErrEmptyPrivateKey
	}

	return crypto.MarshalPublicKey(&sk.PublicKey), nil
}

// PrivateKey is a session private key getter.
func (t *pToken) PrivateKey() *ecdsa.PrivateKey {
	return t.sessionKey
}

func (t *pToken) Expired(epoch uint64) bool {
	return t.validUntil < epoch
}

// SetOwnerID is an owner ID field setter.
func (s *PrivateTokenKey) SetOwnerID(id OwnerID) {
	s.owner = id
}

// SetTokenID is a token ID field setter.
func (s *PrivateTokenKey) SetTokenID(id TokenID) {
	s.token = id
}
session: replace PToken structure with PrivateToken interface In previous implementation PToken contained the full Token structure. Since private token is used for data signature only, storing unused fields of a user token is impractical. To emphasize the purpose of the private part of the session, it makes sense to provide the user of the session package with its interface. The interface will only provide the functionality of data signing with private session key. This commit: * removes PToken structure from session package; * defines PrivateToken interface of private session part; * adds the implementation of PrivateToken on unexported struct; * provides the constructor that generates session key internally. 2020-04-29 08:52:05 +00:00			`package session`

			`import (`
			`"crypto/ecdsa"`
session: remove trivial defaultCurve function 2020-04-29 09:46:05 +00:00			`"crypto/elliptic"`
session: replace PToken structure with PrivateToken interface In previous implementation PToken contained the full Token structure. Since private token is used for data signature only, storing unused fields of a user token is impractical. To emphasize the purpose of the private part of the session, it makes sense to provide the user of the session package with its interface. The interface will only provide the functionality of data signing with private session key. This commit: * removes PToken structure from session package; * defines PrivateToken interface of private session part; * adds the implementation of PrivateToken on unexported struct; * provides the constructor that generates session key internally. 2020-04-29 08:52:05 +00:00			`"crypto/rand"`
session: implement function for receiving session public key bytes After recent changes PrivateToken cannot directly return public key bytes. In order to provide this ability, this commit implements a function over PrivateToken interface. 2020-05-18 10:14:18 +00:00
			`crypto "github.com/nspcc-dev/neofs-crypto"`
session: replace PToken structure with PrivateToken interface In previous implementation PToken contained the full Token structure. Since private token is used for data signature only, storing unused fields of a user token is impractical. To emphasize the purpose of the private part of the session, it makes sense to provide the user of the session package with its interface. The interface will only provide the functionality of data signing with private session key. This commit: * removes PToken structure from session package; * defines PrivateToken interface of private session part; * adds the implementation of PrivateToken on unexported struct; * provides the constructor that generates session key internally. 2020-04-29 08:52:05 +00:00			`)`

			`type pToken struct {`
			`// private session token`
			`sessionKey *ecdsa.PrivateKey`
session: support the expiration of private tokens All sessions in NeoFS has limited in epochs lifetime. There is a need to limit the lifetime of private session tokens. This commmit: * extends PrivateToken interface with Expired method; * defines EpochLifetimeStore interface with RemoveExpired method and embeds it to PrivateTokenStore interface; * adds epoch value parameter to private token constructor. 2020-04-29 11:11:19 +00:00			`// last epoch of the lifetime`
			`validUntil uint64`
session: replace PToken structure with PrivateToken interface In previous implementation PToken contained the full Token structure. Since private token is used for data signature only, storing unused fields of a user token is impractical. To emphasize the purpose of the private part of the session, it makes sense to provide the user of the session package with its interface. The interface will only provide the functionality of data signing with private session key. This commit: * removes PToken structure from session package; * defines PrivateToken interface of private session part; * adds the implementation of PrivateToken on unexported struct; * provides the constructor that generates session key internally. 2020-04-29 08:52:05 +00:00			`}`

session: support the expiration of private tokens All sessions in NeoFS has limited in epochs lifetime. There is a need to limit the lifetime of private session tokens. This commmit: * extends PrivateToken interface with Expired method; * defines EpochLifetimeStore interface with RemoveExpired method and embeds it to PrivateTokenStore interface; * adds epoch value parameter to private token constructor. 2020-04-29 11:11:19 +00:00			`// NewPrivateToken creates PrivateToken instance that expires after passed epoch.`
session: replace PToken structure with PrivateToken interface In previous implementation PToken contained the full Token structure. Since private token is used for data signature only, storing unused fields of a user token is impractical. To emphasize the purpose of the private part of the session, it makes sense to provide the user of the session package with its interface. The interface will only provide the functionality of data signing with private session key. This commit: * removes PToken structure from session package; * defines PrivateToken interface of private session part; * adds the implementation of PrivateToken on unexported struct; * provides the constructor that generates session key internally. 2020-04-29 08:52:05 +00:00			`//`
			`// Returns non-nil error on key generation error.`
session: support the expiration of private tokens All sessions in NeoFS has limited in epochs lifetime. There is a need to limit the lifetime of private session tokens. This commmit: * extends PrivateToken interface with Expired method; * defines EpochLifetimeStore interface with RemoveExpired method and embeds it to PrivateTokenStore interface; * adds epoch value parameter to private token constructor. 2020-04-29 11:11:19 +00:00			`func NewPrivateToken(validUntil uint64) (PrivateToken, error) {`
session: remove trivial defaultCurve function 2020-04-29 09:46:05 +00:00			`sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)`
session: replace PToken structure with PrivateToken interface In previous implementation PToken contained the full Token structure. Since private token is used for data signature only, storing unused fields of a user token is impractical. To emphasize the purpose of the private part of the session, it makes sense to provide the user of the session package with its interface. The interface will only provide the functionality of data signing with private session key. This commit: * removes PToken structure from session package; * defines PrivateToken interface of private session part; * adds the implementation of PrivateToken on unexported struct; * provides the constructor that generates session key internally. 2020-04-29 08:52:05 +00:00			`if err != nil {`
			`return nil, err`
			`}`

			`return &pToken{`
			`sessionKey: sk,`
session: support the expiration of private tokens All sessions in NeoFS has limited in epochs lifetime. There is a need to limit the lifetime of private session tokens. This commmit: * extends PrivateToken interface with Expired method; * defines EpochLifetimeStore interface with RemoveExpired method and embeds it to PrivateTokenStore interface; * adds epoch value parameter to private token constructor. 2020-04-29 11:11:19 +00:00			`validUntil: validUntil,`
session: replace PToken structure with PrivateToken interface In previous implementation PToken contained the full Token structure. Since private token is used for data signature only, storing unused fields of a user token is impractical. To emphasize the purpose of the private part of the session, it makes sense to provide the user of the session package with its interface. The interface will only provide the functionality of data signing with private session key. This commit: * removes PToken structure from session package; * defines PrivateToken interface of private session part; * adds the implementation of PrivateToken on unexported struct; * provides the constructor that generates session key internally. 2020-04-29 08:52:05 +00:00			`}, nil`
			`}`

session: implement function for receiving session public key bytes After recent changes PrivateToken cannot directly return public key bytes. In order to provide this ability, this commit implements a function over PrivateToken interface. 2020-05-18 10:14:18 +00:00			`// PublicSessionToken returns a binary representation of session public key.`
			`//`
			`// If passed PrivateToken is nil, ErrNilPrivateToken returns.`
			`// If passed PrivateToken carries nil private key, crypto.ErrEmptyPrivateKey returns.`
			`func PublicSessionToken(pToken PrivateToken) ([]byte, error) {`
			`if pToken == nil {`
			`return nil, ErrNilPrivateToken`
			`}`

			`sk := pToken.PrivateKey()`
			`if sk == nil {`
			`return nil, crypto.ErrEmptyPrivateKey`
			`}`

			`return crypto.MarshalPublicKey(&sk.PublicKey), nil`
			`}`

			`// PrivateKey is a session private key getter.`
session: change PrivateToken interface methods This commit replaces PublicKey() and SignData() methods of PrivateToken with PrivateKey() in order to have the ability to sign data with session key using service package functions. 2020-05-18 10:11:39 +00:00			`func (t pToken) PrivateKey() ecdsa.PrivateKey {`
			`return t.sessionKey`
session: replace PToken structure with PrivateToken interface In previous implementation PToken contained the full Token structure. Since private token is used for data signature only, storing unused fields of a user token is impractical. To emphasize the purpose of the private part of the session, it makes sense to provide the user of the session package with its interface. The interface will only provide the functionality of data signing with private session key. This commit: * removes PToken structure from session package; * defines PrivateToken interface of private session part; * adds the implementation of PrivateToken on unexported struct; * provides the constructor that generates session key internally. 2020-04-29 08:52:05 +00:00			`}`
session: support the expiration of private tokens All sessions in NeoFS has limited in epochs lifetime. There is a need to limit the lifetime of private session tokens. This commmit: * extends PrivateToken interface with Expired method; * defines EpochLifetimeStore interface with RemoveExpired method and embeds it to PrivateTokenStore interface; * adds epoch value parameter to private token constructor. 2020-04-29 11:11:19 +00:00
			`func (t *pToken) Expired(epoch uint64) bool {`
			`return t.validUntil < epoch`
			`}`
session: add OwnerID to a private token storage key 2020-05-08 10:20:12 +00:00
			`// SetOwnerID is an owner ID field setter.`
			`func (s *PrivateTokenKey) SetOwnerID(id OwnerID) {`
			`s.owner = id`
			`}`

			`// SetTokenID is a token ID field setter.`
			`func (s *PrivateTokenKey) SetTokenID(id TokenID) {`
			`s.token = id`
			`}`