Merge branch 'release/0.7.5'

CHANGELOG.md

@@ -1,6 +1,20 @@
 # Changelog
 This is the changelog for NeoFS-API-Go
 
+## [0.7.5] - 2020-05-16
+
+### Added
+
+- Owner key to the `SessionToken` signed payload.
+
+### Changed
+
+- `OwnerKeyContainer` interface embedded to `SessionTokenInfo` interface.
+
+### Updated
+
+- NeoFS API v0.7.5
+
 ## [0.7.4] - 2020-05-12
 
 ### Added
@@ -290,3 +304,4 @@ Initial public release
 [0.7.0]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.6.2...v0.7.0
 [0.7.1]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.0...v0.7.1
 [0.7.4]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.1...v0.7.4
+[0.7.5]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.4...v0.7.5

Makefile

@@ -1,4 +1,4 @@
-PROTO_VERSION=v0.7.4
+PROTO_VERSION=v0.7.5
 PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz
 
 B=\033[0;1m

docs/service.md

@@ -132,6 +132,7 @@ User token granting rights for object manipulation
 | Address | [refs.Address](#refs.Address) |  | Address is an object address for which token is issued |
 | Lifetime | [TokenLifetime](#service.TokenLifetime) |  | Lifetime is a lifetime of the session |
 | SessionKey | [bytes](#bytes) |  | SessionKey is a public key of session key |
+| OwnerKey | [bytes](#bytes) |  | OwnerKey is a public key of the token owner |
 
 
 <a name="service.TokenLifetime"></a>

service/token.go

@@ -26,6 +26,10 @@ type signDataReaderWithToken struct {
 	token SessionToken
 }
 
+type signedSessionToken struct {
+	SessionToken
+}
+
 const verbSize = 4
 
 const fixedTokenDataSize = 0 +
@@ -99,6 +103,11 @@ func (m *Token_Info) SetSessionKey(key []byte) {
 	m.SessionKey = key
 }
 
+// SetOwnerKey is an OwnerKey field setter.
+func (m *Token_Info) SetOwnerKey(key []byte) {
+	m.OwnerKey = key
+}
+
 // SetSignature is a Signature field setter.
 func (m *Token) SetSignature(sig []byte) {
 	m.Signature = sig
@@ -116,40 +125,60 @@ func (x Token_Info_Verb) Bytes() []byte {
 	return data
 }
 
-// AddSignKey calls a Signature field setter with passed signature.
-func (m *Token) AddSignKey(sig []byte, _ *ecdsa.PublicKey) {
-	m.SetSignature(sig)
+// AddSignKey calls a Signature field setter of token with passed signature.
+func (s signedSessionToken) AddSignKey(sig []byte, _ *ecdsa.PublicKey) {
+	if s.SessionToken != nil {
+		s.SessionToken.SetSignature(sig)
+	}
 }
 
 // SignedData returns token information in a binary representation.
-func (m *Token) SignedData() ([]byte, error) {
-	return SignedDataFromReader(m)
+func (s signedSessionToken) SignedData() ([]byte, error) {
+	return SignedDataFromReader(s)
+}
+
+// SignedDataSize returns the length of signed token information slice.
+func (s signedSessionToken) SignedDataSize() int {
+	return tokenInfoSize(s.SessionToken)
 }
 
 // ReadSignedData copies a binary representation of the token information to passed buffer.
 //
 // If buffer length is less than required, io.ErrUnexpectedEOF returns.
-func (m *Token_Info) ReadSignedData(p []byte) (int, error) {
-	sz := m.SignedDataSize()
+func (s signedSessionToken) ReadSignedData(p []byte) (int, error) {
+	sz := s.SignedDataSize()
 	if len(p) < sz {
 		return 0, io.ErrUnexpectedEOF
 	}
 
-	copyTokenSignedData(p, m)
+	copyTokenSignedData(p, s.SessionToken)
 
 	return sz, nil
 }
 
-// SignedDataSize returns the length of signed token information slice.
-func (m *Token_Info) SignedDataSize() int {
-	return tokenInfoSize(m)
+// NewSignedSessionToken wraps passed SessionToken in a component suitable for signing.
+//
+// Result can be used in AddSignatureWithKey function.
+func NewSignedSessionToken(token SessionToken) DataWithSignKeyAccumulator {
+	return &signedSessionToken{
+		SessionToken: token,
+	}
 }
 
-func tokenInfoSize(v SessionKeySource) int {
+// NewVerifiedSessionToken wraps passed SessionToken in a component suitable for signature verification.
+//
+// Result can be used in VerifySignatureWithKey function.
+func NewVerifiedSessionToken(token SessionToken) DataWithSignature {
+	return &signedSessionToken{
+		SessionToken: token,
+	}
+}
+
+func tokenInfoSize(v SessionTokenInfo) int {
 	if v == nil {
 		return 0
 	}
-	return fixedTokenDataSize + len(v.GetSessionKey())
+	return fixedTokenDataSize + len(v.GetSessionKey()) + len(v.GetOwnerKey())
 }
 
 // Fills passed buffer with signing token information bytes.
@@ -179,7 +208,9 @@ func copyTokenSignedData(buf []byte, token SessionTokenInfo) {
 	tokenEndianness.PutUint64(buf[off:], token.ExpirationEpoch())
 	off += 8
 
-	copy(buf[off:], token.GetSessionKey())
+	off += copy(buf[off:], token.GetSessionKey())
+
+	copy(buf[off:], token.GetOwnerKey())
 }
 
 // SignedData concatenates signed data with session token information. Returns concatenation result.

service/token_test.go

@@ -77,6 +77,16 @@ func TestTokenGettersSetters(t *testing.T) {
 		require.Equal(t, key, tok.GetSessionKey())
 	}
 
+	{
+		key := make([]byte, 10)
+		_, err := rand.Read(key)
+		require.NoError(t, err)
+
+		tok.SetOwnerKey(key)
+
+		require.Equal(t, key, tok.GetOwnerKey())
+	}
+
 	{ // Signature
 		sig := make([]byte, 10)
 		_, err := rand.Read(sig)
@@ -89,7 +99,7 @@ func TestTokenGettersSetters(t *testing.T) {
 }
 
 func TestSignToken(t *testing.T) {
-	token := new(Token)
+	var token SessionToken = new(Token)
 
 	// create private key for signing
 	sk := test.DecodeKey(0)
@@ -126,9 +136,17 @@ func TestSignToken(t *testing.T) {
 	require.NoError(t, err)
 	token.SetSessionKey(sessionKey)
 
+	ownerKey := make([]byte, 10)
+	_, err = rand.Read(ownerKey[:])
+	require.NoError(t, err)
+	token.SetOwnerKey(ownerKey)
+
+	signedToken := NewSignedSessionToken(token)
+	verifiedToken := NewVerifiedSessionToken(token)
+
 	// sign and verify token
-	require.NoError(t, AddSignatureWithKey(sk, token))
-	require.NoError(t, VerifySignatureWithKey(pk, token))
+	require.NoError(t, AddSignatureWithKey(sk, signedToken))
+	require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))
 
 	items := []struct {
 		corrupt func()
@@ -208,12 +226,24 @@ func TestSignToken(t *testing.T) {
 				token.SetSessionKey(sessionKey)
 			},
 		},
+		{ // Owner key
+			corrupt: func() {
+				ownerKey := token.GetOwnerKey()
+				ownerKey[0]++
+				token.SetOwnerKey(ownerKey)
+			},
+			restore: func() {
+				ownerKey := token.GetOwnerKey()
+				ownerKey[0]--
+				token.SetOwnerKey(ownerKey)
+			},
+		},
 	}
 
 	for _, v := range items {
 		v.corrupt()
-		require.Error(t, VerifySignatureWithKey(pk, token))
+		require.Error(t, VerifySignatureWithKey(pk, verifiedToken))
 		v.restore()
-		require.NoError(t, VerifySignatureWithKey(pk, token))
+		require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))
 	}
 }

service/types.go

@@ -158,6 +158,17 @@ type SignatureContainer interface {
 	SetSignature([]byte)
 }
 
+// OwnerKeySource is an interface of the container of owner key bytes with read access.
+type OwnerKeySource interface {
+	GetOwnerKey() []byte
+}
+
+// OwnerKeyContainer is an interface of the container of owner key bytes.
+type OwnerKeyContainer interface {
+	OwnerKeySource
+	SetOwnerKey([]byte)
+}
+
 // SessionTokenSource is an interface of the container of a SessionToken with read access.
 type SessionTokenSource interface {
 	GetSessionToken() SessionToken
@@ -170,7 +181,8 @@ type SessionTokenSource interface {
 // - verb of the session;
 // - address of the session object;
 // - token lifetime;
-// - public session key bytes.
+// - public session key bytes;
+// - owner's public key bytes.
 type SessionTokenInfo interface {
 	TokenIDContainer
 	OwnerIDContainer
@@ -178,6 +190,7 @@ type SessionTokenInfo interface {
 	AddressContainer
 	LifetimeContainer
 	SessionKeyContainer
+	OwnerKeyContainer
 }
 
 // SessionToken is an interface of token information and signature pair.

service/verify.pb.go

@@ -239,7 +239,9 @@ type Token_Info struct {
 	// Lifetime is a lifetime of the session
 	TokenLifetime `protobuf:"bytes,5,opt,name=Lifetime,proto3,embedded=Lifetime" json:"Lifetime"`
 	// SessionKey is a public key of session key
-	SessionKey           []byte   `protobuf:"bytes,6,opt,name=SessionKey,proto3" json:"SessionKey,omitempty"`
+	SessionKey []byte `protobuf:"bytes,6,opt,name=SessionKey,proto3" json:"SessionKey,omitempty"`
+	// OwnerKey is a public key of the token owner
+	OwnerKey             []byte   `protobuf:"bytes,7,opt,name=OwnerKey,proto3" json:"OwnerKey,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -288,6 +290,13 @@ func (m *Token_Info) GetSessionKey() []byte {
 	return nil
 }
 
+func (m *Token_Info) GetOwnerKey() []byte {
+	if m != nil {
+		return m.OwnerKey
+	}
+	return nil
+}
+
 // TokenLifetime carries a group of lifetime parameters of the token
 type TokenLifetime struct {
 	// Created carries an initial epoch of token lifetime
@@ -354,43 +363,44 @@ func init() {
 func init() { proto.RegisterFile("service/verify.proto", fileDescriptor_4bdd5bc50ec96238) }
 
 var fileDescriptor_4bdd5bc50ec96238 = []byte{
-	// 567 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x53, 0x4d, 0x6f, 0xd3, 0x40,
-	0x10, 0xed, 0x26, 0xce, 0xd7, 0xf4, 0x03, 0xb3, 0x20, 0x64, 0x22, 0x94, 0x44, 0x11, 0x87, 0x54,
-	0x22, 0x8e, 0x94, 0x4a, 0x08, 0x09, 0x2e, 0x0d, 0x11, 0x34, 0xa2, 0x82, 0x6a, 0x53, 0x7a, 0xe0,
-	0xe6, 0xd8, 0x63, 0x77, 0x45, 0xeb, 0x0d, 0xbb, 0x9b, 0xa0, 0xfe, 0x13, 0x7e, 0x03, 0xbf, 0x83,
-	0x43, 0x8f, 0x3d, 0x22, 0x24, 0x22, 0x14, 0xfe, 0x04, 0x47, 0xe4, 0xb5, 0x93, 0xb8, 0x12, 0xdc,
-	0xde, 0xbc, 0x99, 0x37, 0xef, 0x65, 0xe2, 0x85, 0xfb, 0x0a, 0xe5, 0x9c, 0xfb, 0xd8, 0x9b, 0xa3,
-	0xe4, 0xe1, 0x95, 0x3b, 0x95, 0x42, 0x0b, 0x5a, 0xc9, 0xd8, 0xba, 0x2d, 0x31, 0x54, 0x3d, 0x7d,
-	0x35, 0x45, 0x95, 0xb6, 0xea, 0xdd, 0x88, 0xeb, 0xf3, 0xd9, 0xc4, 0xf5, 0xc5, 0x65, 0x2f, 0x12,
-	0x91, 0xe8, 0x19, 0x7a, 0x32, 0x0b, 0x4d, 0x65, 0x0a, 0x83, 0xd2, 0xf1, 0xf6, 0x37, 0x02, 0x0f,
-	0x19, 0x7e, 0x9a, 0xa1, 0xd2, 0x67, 0x89, 0x03, 0xf7, 0x3d, 0xcd, 0x45, 0x7c, 0x84, 0x5e, 0x80,
-	0x92, 0x1e, 0x03, 0x8c, 0x79, 0x14, 0x7b, 0x7a, 0x26, 0x51, 0x39, 0xa4, 0x55, 0xec, 0x6c, 0xf7,
-	0x9f, 0xb8, 0x99, 0xb9, 0xfb, 0x5f, 0x9d, 0xbb, 0x16, 0xb1, 0x9c, 0x9e, 0x3e, 0x86, 0xd2, 0xa9,
-	0xf8, 0x88, 0xb1, 0x53, 0x68, 0x91, 0xce, 0x76, 0x7f, 0x6f, 0xbd, 0xc8, 0xb0, 0x2c, 0x6d, 0xd6,
-	0x0f, 0xa0, 0xb6, 0xd6, 0x50, 0x0a, 0x56, 0x52, 0x38, 0xa4, 0x45, 0x3a, 0x3b, 0xcc, 0xe0, 0x84,
-	0x3b, 0x41, 0x94, 0x66, 0xcb, 0x0e, 0x33, 0xb8, 0xfd, 0xb3, 0x98, 0xed, 0xa6, 0xcf, 0xa1, 0x66,
-	0xc0, 0x28, 0x0e, 0x85, 0x91, 0x6d, 0xf7, 0xef, 0xdd, 0x36, 0x72, 0x93, 0xd6, 0xa0, 0x7a, 0xbd,
-	0x68, 0x6e, 0xdd, 0x2c, 0x9a, 0x84, 0x6d, 0xe6, 0xe9, 0xa3, 0x9c, 0xb7, 0x53, 0x35, 0xfb, 0x37,
-	0x44, 0xfd, 0x4f, 0x01, 0x2c, 0x33, 0xd6, 0x84, 0xc2, 0x68, 0x98, 0x66, 0x1a, 0xdc, 0x49, 0xf6,
-	0xfc, 0x58, 0x34, 0x2b, 0xe9, 0x96, 0x21, 0x2b, 0x8c, 0x86, 0x74, 0x1f, 0x2a, 0xef, 0x3e, 0xc7,
-	0x28, 0x47, 0xc3, 0x34, 0xe5, 0x66, 0x2a, 0xa3, 0xd9, 0x0a, 0xd0, 0xa7, 0x60, 0xcd, 0x51, 0x4e,
-	0x9c, 0x62, 0x8b, 0x74, 0xf6, 0xfa, 0xce, 0x3f, 0xa2, 0xba, 0x67, 0x28, 0x27, 0x83, 0xea, 0x72,
-	0xd1, 0xb4, 0x12, 0xc4, 0xcc, 0x3c, 0x7d, 0x06, 0x95, 0xc3, 0x20, 0x90, 0xa8, 0x94, 0x63, 0x99,
-	0x5f, 0xb9, 0xeb, 0x26, 0xdf, 0x82, 0x9b, 0x91, 0x1b, 0xc7, 0x8c, 0x60, 0x2b, 0x40, 0x5f, 0x40,
-	0xf5, 0x98, 0x87, 0xa8, 0xf9, 0x25, 0x3a, 0x25, 0x23, 0x7d, 0x70, 0xdb, 0x75, 0xd5, 0xcd, 0xdd,
-	0x68, 0xad, 0xa0, 0x0d, 0x80, 0x31, 0x2a, 0xc5, 0x45, 0xfc, 0x06, 0xaf, 0x9c, 0xb2, 0xb9, 0x51,
-	0x8e, 0x69, 0x9f, 0x82, 0x49, 0x49, 0x2b, 0x50, 0x3c, 0x99, 0x69, 0x7b, 0x2b, 0x01, 0xaf, 0x51,
-	0xdb, 0x84, 0x56, 0xc1, 0x4a, 0x3e, 0x0f, 0xbb, 0x40, 0x01, 0xca, 0x63, 0xf4, 0xa4, 0x7f, 0x6e,
-	0x17, 0x13, 0x3c, 0xc4, 0x0b, 0xd4, 0x68, 0x5b, 0xb4, 0x06, 0x25, 0xe6, 0xc5, 0x11, 0xda, 0x25,
-	0xba, 0x0b, 0x35, 0x03, 0x8f, 0x3c, 0x75, 0x6e, 0x97, 0xdb, 0x23, 0xd8, 0xbd, 0x15, 0x8d, 0x3a,
-	0x50, 0x79, 0x29, 0xd1, 0xd3, 0x18, 0x98, 0xff, 0xc1, 0x62, 0xab, 0x32, 0x09, 0x78, 0xe6, 0x5d,
-	0xf0, 0xe0, 0x7d, 0xac, 0xf9, 0x85, 0x39, 0xbf, 0xc5, 0x72, 0xcc, 0x60, 0x7c, 0xbd, 0x6c, 0x90,
-	0x9b, 0x65, 0x83, 0x7c, 0x5f, 0x36, 0xc8, 0xaf, 0x65, 0x83, 0x7c, 0xf9, 0xdd, 0xd8, 0xfa, 0xb0,
-	0x9f, 0x7b, 0x36, 0xb1, 0x9a, 0xfa, 0x7e, 0x37, 0xc0, 0x79, 0x2f, 0x46, 0x11, 0xaa, 0xae, 0x37,
-	0xe5, 0xdd, 0x48, 0xf4, 0xb2, 0x1b, 0x7d, 0x2d, 0xdc, 0x7d, 0x8b, 0xe2, 0xd5, 0xd8, 0x3d, 0x3c,
-	0x19, 0xb9, 0xe3, 0x94, 0x9b, 0x94, 0xcd, 0x6b, 0x3a, 0xf8, 0x1b, 0x00, 0x00, 0xff, 0xff, 0x13,
-	0xf0, 0xba, 0xcc, 0xaf, 0x03, 0x00, 0x00,
+	// 579 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x53, 0x4f, 0x6f, 0x12, 0x41,
+	0x14, 0xef, 0xc0, 0xc2, 0xc2, 0xeb, 0x1f, 0xd7, 0xd1, 0x98, 0x95, 0x18, 0x20, 0xc4, 0x03, 0x4d,
+	0x64, 0x49, 0x68, 0x62, 0x4c, 0xf4, 0x52, 0x24, 0x5a, 0x62, 0xa3, 0xcd, 0x50, 0x7b, 0xf0, 0xb6,
+	0xc0, 0x63, 0x3b, 0xb1, 0xdd, 0xc1, 0x99, 0x01, 0xd3, 0xef, 0xe1, 0xc1, 0xcf, 0xe0, 0xe7, 0xf0,
+	0xd0, 0x63, 0x8f, 0xc6, 0x03, 0x31, 0xf8, 0x29, 0xbc, 0x99, 0x99, 0x5d, 0x60, 0x9b, 0xe8, 0xed,
+	0xf7, 0x7e, 0xef, 0xfd, 0xde, 0xef, 0xcd, 0x9b, 0x19, 0xb8, 0xaf, 0x50, 0xce, 0xf9, 0x08, 0xdb,
+	0x73, 0x94, 0x7c, 0x72, 0x15, 0x4c, 0xa5, 0xd0, 0x82, 0xba, 0x29, 0x5b, 0xf1, 0x24, 0x4e, 0x54,
+	0x5b, 0x5f, 0x4d, 0x51, 0x25, 0xa9, 0x4a, 0x2b, 0xe2, 0xfa, 0x7c, 0x36, 0x0c, 0x46, 0xe2, 0xb2,
+	0x1d, 0x89, 0x48, 0xb4, 0x2d, 0x3d, 0x9c, 0x4d, 0x6c, 0x64, 0x03, 0x8b, 0x92, 0xf2, 0xc6, 0x77,
+	0x02, 0x0f, 0x19, 0x7e, 0x9a, 0xa1, 0xd2, 0x67, 0xc6, 0x81, 0x8f, 0x42, 0xcd, 0x45, 0x7c, 0x84,
+	0xe1, 0x18, 0x25, 0x3d, 0x06, 0x18, 0xf0, 0x28, 0x0e, 0xf5, 0x4c, 0xa2, 0xf2, 0x49, 0x3d, 0xdf,
+	0xdc, 0xee, 0x3c, 0x09, 0x52, 0xf3, 0xe0, 0xbf, 0xba, 0x60, 0x2d, 0x62, 0x19, 0x3d, 0x7d, 0x0c,
+	0x85, 0x53, 0xf1, 0x11, 0x63, 0x3f, 0x57, 0x27, 0xcd, 0xed, 0xce, 0xde, 0xba, 0x91, 0x65, 0x59,
+	0x92, 0xac, 0x1c, 0x40, 0x79, 0xad, 0xa1, 0x14, 0x1c, 0x13, 0xf8, 0xa4, 0x4e, 0x9a, 0x3b, 0xcc,
+	0x62, 0xc3, 0x9d, 0x20, 0x4a, 0xdb, 0x65, 0x87, 0x59, 0xdc, 0xf8, 0x93, 0x4f, 0x7b, 0xd3, 0xe7,
+	0x50, 0xb6, 0xa0, 0x1f, 0x4f, 0x84, 0x95, 0x6d, 0x77, 0xee, 0xdd, 0x36, 0x0a, 0x4c, 0xaa, 0x5b,
+	0xba, 0x5e, 0xd4, 0xb6, 0x6e, 0x16, 0x35, 0xc2, 0x36, 0xf5, 0xf4, 0x51, 0xc6, 0xdb, 0x2f, 0xd9,
+	0xfe, 0x1b, 0xa2, 0xf2, 0x25, 0x0f, 0x8e, 0x2d, 0xab, 0x41, 0xae, 0xdf, 0x4b, 0x66, 0xea, 0xde,
+	0x31, 0x7d, 0x7e, 0x2e, 0x6a, 0x6e, 0xd2, 0xa5, 0xc7, 0x72, 0xfd, 0x1e, 0xdd, 0x07, 0xf7, 0xdd,
+	0xe7, 0x18, 0x65, 0xbf, 0x97, 0x4c, 0xb9, 0xa9, 0x4a, 0x69, 0xb6, 0x02, 0xf4, 0x29, 0x38, 0x73,
+	0x94, 0x43, 0x3f, 0x5f, 0x27, 0xcd, 0xbd, 0x8e, 0xff, 0x8f, 0x51, 0x83, 0x33, 0x94, 0xc3, 0x6e,
+	0x69, 0xb9, 0xa8, 0x39, 0x06, 0x31, 0x5b, 0x4f, 0x9f, 0x81, 0x7b, 0x38, 0x1e, 0x4b, 0x54, 0xca,
+	0x77, 0xec, 0x29, 0x77, 0x03, 0xf3, 0x16, 0x82, 0x94, 0xdc, 0x38, 0xa6, 0x04, 0x5b, 0x01, 0xfa,
+	0x02, 0x4a, 0xc7, 0x7c, 0x82, 0x9a, 0x5f, 0xa2, 0x5f, 0xb0, 0xd2, 0x07, 0xb7, 0x5d, 0x57, 0xd9,
+	0xcc, 0x8e, 0xd6, 0x0a, 0x5a, 0x05, 0x18, 0xa0, 0x52, 0x5c, 0xc4, 0x6f, 0xf0, 0xca, 0x2f, 0xda,
+	0x1d, 0x65, 0x18, 0x5a, 0x81, 0x92, 0x3d, 0x9a, 0xc9, 0xba, 0x36, 0xbb, 0x8e, 0x1b, 0xa7, 0x60,
+	0x4f, 0x40, 0x5d, 0xc8, 0x9f, 0xcc, 0xb4, 0xb7, 0x65, 0xc0, 0x6b, 0xd4, 0x1e, 0xa1, 0x25, 0x70,
+	0xcc, 0xd3, 0xf1, 0x72, 0x14, 0xa0, 0x38, 0xc0, 0x50, 0x8e, 0xce, 0xbd, 0xbc, 0xc1, 0x3d, 0xbc,
+	0x40, 0x8d, 0x9e, 0x43, 0xcb, 0x50, 0x60, 0x61, 0x1c, 0xa1, 0x57, 0xa0, 0xbb, 0x50, 0xb6, 0xf0,
+	0x28, 0x54, 0xe7, 0x5e, 0xb1, 0xd1, 0x87, 0xdd, 0x5b, 0x63, 0x53, 0x1f, 0xdc, 0x97, 0x12, 0x43,
+	0x8d, 0x63, 0x7b, 0x47, 0x0e, 0x5b, 0x85, 0x66, 0xf8, 0xb3, 0xf0, 0x82, 0x8f, 0xdf, 0xc7, 0x9a,
+	0x5f, 0xd8, 0xab, 0x71, 0x58, 0x86, 0xe9, 0x0e, 0xae, 0x97, 0x55, 0x72, 0xb3, 0xac, 0x92, 0x1f,
+	0xcb, 0x2a, 0xf9, 0xb5, 0xac, 0x92, 0xaf, 0xbf, 0xab, 0x5b, 0x1f, 0xf6, 0x33, 0x5f, 0x2a, 0x56,
+	0xd3, 0xd1, 0xa8, 0x35, 0xc6, 0x79, 0x3b, 0x46, 0x31, 0x51, 0xad, 0x70, 0xca, 0x5b, 0x91, 0x68,
+	0xa7, 0xfb, 0xfb, 0x96, 0xbb, 0xfb, 0x16, 0xc5, 0xab, 0x41, 0x70, 0x78, 0xd2, 0x0f, 0x06, 0x09,
+	0x37, 0x2c, 0xda, 0x9f, 0x76, 0xf0, 0x37, 0x00, 0x00, 0xff, 0xff, 0xcb, 0xab, 0x17, 0xd9, 0xcb,
+	0x03, 0x00, 0x00,
 }
 
 func (m *RequestVerificationHeader) Marshal() (dAtA []byte, err error) {
@@ -555,6 +565,13 @@ func (m *Token_Info) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 		i -= len(m.XXX_unrecognized)
 		copy(dAtA[i:], m.XXX_unrecognized)
 	}
+	if len(m.OwnerKey) > 0 {
+		i -= len(m.OwnerKey)
+		copy(dAtA[i:], m.OwnerKey)
+		i = encodeVarintVerify(dAtA, i, uint64(len(m.OwnerKey)))
+		i--
+		dAtA[i] = 0x3a
+	}
 	if len(m.SessionKey) > 0 {
 		i -= len(m.SessionKey)
 		copy(dAtA[i:], m.SessionKey)
@@ -739,6 +756,10 @@ func (m *Token_Info) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovVerify(uint64(l))
 	}
+	l = len(m.OwnerKey)
+	if l > 0 {
+		n += 1 + l + sovVerify(uint64(l))
+	}
 	if m.XXX_unrecognized != nil {
 		n += len(m.XXX_unrecognized)
 	}
@@ -1350,6 +1371,40 @@ func (m *Token_Info) Unmarshal(dAtA []byte) error {
 				m.SessionKey = []byte{}
 			}
 			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OwnerKey", wireType)
+			}
+			var byteLen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowVerify
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				byteLen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if byteLen < 0 {
+				return ErrInvalidLengthVerify
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthVerify
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.OwnerKey = append(m.OwnerKey[:0], dAtA[iNdEx:postIndex]...)
+			if m.OwnerKey == nil {
+				m.OwnerKey = []byte{}
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipVerify(dAtA[iNdEx:])

service/verify.proto

@@ -63,6 +63,9 @@ message Token {
 
         // SessionKey is a public key of session key
         bytes SessionKey = 6;
+
+        // OwnerKey is a public key of the token owner
+        bytes OwnerKey = 7;
     }
 
     // TokenInfo is a grouped information about token