[#265] session: Implement method to verify session data signature

There is a need to verify session data signatures calculated using private session key. `Container` token encapsulates public session key, so we need to provide method for signature check. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-06-07 20:25:29 +03:00 · 2022-06-07 20:25:29 +03:00 · 031eac2f48
commit 031eac2f48
parent 67ff996dc3
2 changed files with 38 additions and 0 deletions
--- a/session/container.go
+++ b/session/container.go
@ -8,6 +8,7 @@ import (
 	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	"github.com/nspcc-dev/neofs-api-go/v2/session"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
 	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
@ -199,3 +200,17 @@ func (x Container) AssertVerb(verb ContainerVerb) bool {
 func IssuedBy(cnr Container, id user.ID) bool {
 	return cnr.Issuer().Equals(id)
 }
 // VerifySessionDataSignature verifies signature of the session data. In practice,
 // the method is used to authenticate an operation with session data.
 func (x Container) VerifySessionDataSignature(data, signature []byte) bool {
 	var sigV2 refs.Signature
 	sigV2.SetKey(x.authKey)
 	sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256)
 	sigV2.SetSign(signature)
 	var sig neofscrypto.Signature
 	sig.ReadFromV2(sigV2)
 	return sig.Verify(data)
 }
--- a/session/container_test.go
+++ b/session/container_test.go
@ -11,6 +11,7 @@ import (
 	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	v2session "github.com/nspcc-dev/neofs-api-go/v2/session"
 	cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
 	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
 	sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
@ -543,3 +544,25 @@ func TestContainer_Sign(t *testing.T) {
 	require.True(t, val.VerifySignature())
 }
 func TestContainer_VerifyDataSignature(t *testing.T) {
 	signer := randSigner()
 	var tok session.Container
 	data := make([]byte, 100)
 	rand.Read(data)
 	var sig neofscrypto.Signature
 	require.NoError(t, sig.Calculate(neofsecdsa.SignerRFC6979(signer), data))
 	var sigV2 refs.Signature
 	sig.WriteToV2(&sigV2)
 	require.False(t, tok.VerifySessionDataSignature(data, sigV2.GetSign()))
 	tok.SetAuthKey((*neofsecdsa.PublicKeyRFC6979)(&signer.PublicKey))
 	require.True(t, tok.VerifySessionDataSignature(data, sigV2.GetSign()))
 	require.False(t, tok.VerifySessionDataSignature(append(data, 1), sigV2.GetSign()))
 	require.False(t, tok.VerifySessionDataSignature(data, append(sigV2.GetSign(), 1)))
 }