From 8ecfbfa2a57708366763d7adbfcb87f9b0df7d03 Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Sat, 18 Feb 2017 00:41:07 +0100
Subject: Require that storage servers sign stored entries

---
 src/http_auth.erl | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

(limited to 'src/http_auth.erl')

diff --git a/src/http_auth.erl b/src/http_auth.erl
index ff8c506..276e1cd 100644
--- a/src/http_auth.erl
+++ b/src/http_auth.erl
@@ -2,7 +2,7 @@
 %%% See LICENSE for licensing information.
 
 -module(http_auth).
--export([verify_auth/4, create_auth/3, init_key_table/0]).
+-export([verify_auth/4, create_auth/3, init_key_table/0, sign_stored/1, verify_stored/3]).
 
 -define(KEY_TABLE, http_auth_keys).
 
@@ -135,6 +135,23 @@ verify_auth(AuthHeader, Method, Path, Data) ->
             failure
     end.
 
+sign_stored(Data) ->
+    {Key, KeyName} = own_key(),
+    Signature = public_key:sign(Data, sha256, Key),
+    {KeyName, Signature}.
+
+verify_stored(KeyName, Data, Signature) ->
+    case lookup_publickey(KeyName) of
+        nokey ->
+            lager:error("key name ~p could not be found", [KeyName]),
+            false;
+        failure ->
+            lager:error("signature ~p with key name ~p and data ~p did not check out", [Signature, KeyName, Data]),
+            false;
+        Key ->
+            public_key:verify(Data, sha256, Signature, Key)
+    end.
+
 create_auth(Method, Path, Data) ->
     case own_key() of
         {Key, KeyName} ->
-- 
cgit v1.1