Require that storage servers sign stored entries

author: Magnus Ahltorp <map@kth.se> 2017-02-18 00:41:07 +0100
committer: Magnus Ahltorp <map@kth.se> 2017-02-18 00:41:07 +0100
commit: 8ecfbfa2a57708366763d7adbfcb87f9b0df7d03 (patch)
tree: c73012f287783d061a6bbf015dfe09b5dee1604d /src/http_auth.erl
parent: 8feab15047ea459eba1653b77157192f28ae5183 (diff)
1 files changed, 18 insertions, 1 deletions
diff --git a/src/http_auth.erl b/src/http_auth.erl
index ff8c506..276e1cd 100644
--- a/src/http_auth.erl
+++ b/src/http_auth.erl
@@ -2,7 +2,7 @@
 %%% See LICENSE for licensing information.
 
 -module(http_auth).
--export([verify_auth/4, create_auth/3, init_key_table/0]).
+-export([verify_auth/4, create_auth/3, init_key_table/0, sign_stored/1, verify_stored/3]).
 
 -define(KEY_TABLE, http_auth_keys).
 
@@ -135,6 +135,23 @@ verify_auth(AuthHeader, Method, Path, Data) ->
             failure
     end.
 
+sign_stored(Data) ->
+    {Key, KeyName} = own_key(),
+    Signature = public_key:sign(Data, sha256, Key),
+    {KeyName, Signature}.
+
+verify_stored(KeyName, Data, Signature) ->
+    case lookup_publickey(KeyName) of
+        nokey ->
+            lager:error("key name ~p could not be found", [KeyName]),
+            false;
+        failure ->
+            lager:error("signature ~p with key name ~p and data ~p did not check out", [Signature, KeyName, Data]),
+            false;
+        Key ->
+            public_key:verify(Data, sha256, Signature, Key)
+    end.
+
 create_auth(Method, Path, Data) ->
     case own_key() of
         {Key, KeyName} ->
author	Magnus Ahltorp <map@kth.se>	2017-02-18 00:41:07 +0100
committer	Magnus Ahltorp <map@kth.se>	2017-02-18 00:41:07 +0100
commit	8ecfbfa2a57708366763d7adbfcb87f9b0df7d03 (patch)
tree	c73012f287783d061a6bbf015dfe09b5dee1604d /src/http_auth.erl
parent	8feab15047ea459eba1653b77157192f28ae5183 (diff)