databag/net/server/internal/messageUtil.go

package databag

import (
	"crypto"
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha256"
	"encoding/base64"
	"encoding/hex"
	"encoding/json"
	"errors"
	"time"
)

//ReadDataMessage is a helper function to read signed protocol messages
func ReadDataMessage(msg *DataMessage, obj interface{}) (string, string, int64, error) {

	var data []byte
	var hash [32]byte
	var err error
	var publicKey *rsa.PublicKey

	if msg.KeyType != APPRSA4096 && msg.KeyType != APPRSA2048 {
		return "", "", 0, errors.New("unsupported key type")
	}

	// extract public key
	data, err = base64.StdEncoding.DecodeString(msg.PublicKey)
	if err != nil {
		return "", "", 0, err
	}
	publicKey, err = ParseRsaPublicKeyFromPemStr(string(data))
	if err != nil {
		return "", "", 0, err
	}

	// compute guid
	hash = sha256.Sum256(data)
	guid := hex.EncodeToString(hash[:])

	// extract signature
	data, err = base64.StdEncoding.DecodeString(msg.Signature)
	if err != nil {
		return "", "", 0, err
	}
	signature := data

	// verify hash
	data, err = base64.StdEncoding.DecodeString(msg.Message)
	if err != nil {
		return "", "", 0, err
	}
	hash = sha256.Sum256(data)
	if msg.SignatureType == APPSignPKCS1V15 {
		err = rsa.VerifyPKCS1v15(publicKey, crypto.SHA256, hash[:], signature)
		if err != nil {
			return "", "", 0, err
		}
	} else if msg.SignatureType == APPSignPSS {
		err = rsa.VerifyPSS(publicKey, crypto.SHA256, hash[:], signature, nil)
		if err != nil {
			return "", "", 0, err
		}
	} else {
		return "", "", 0, errors.New("unsupported signature type")
	}

	// extract data
	var signedData SignedData
	err = json.Unmarshal(data, &signedData)
	if err != nil {
		return "", "", 0, err
	}

	// validate signer
	if signedData.GUID != guid {
		return "", "", 0, errors.New("invalid message source")
	}

	// extract data
	err = json.Unmarshal([]byte(signedData.Value), obj)
	if err != nil {
		return "", "", 0, err
	}

	return guid, signedData.MessageType, signedData.Timestamp, nil
}

//WriteDataMessage is a helper function to write signed protocol messages
func WriteDataMessage(privateKey string, publicKey string, keyType string,
	signType string, guid string, messageType string, obj interface{}) (*DataMessage, error) {

	var data []byte
	var hash [32]byte
	var err error
	var private *rsa.PrivateKey

	// create message to sign
	data, err = json.Marshal(obj)
	if err != nil {
		return nil, err
	}
	var signedData SignedData
	signedData.GUID = guid
	signedData.Timestamp = time.Now().Unix()
	signedData.MessageType = messageType
	signedData.Value = string(data)
	data, err = json.Marshal(&signedData)
  if err != nil {
    return nil, errors.New("marshall failed");
  }
	message := base64.StdEncoding.EncodeToString(data)

	if keyType != APPRSA2048 && keyType != APPRSA4096 {
		return nil, errors.New("unsupported key type")
	}

	// get private key
	private, err = ParseRsaPrivateKeyFromPemStr(privateKey)
	if err != nil {
		return nil, err
	}
	key := base64.StdEncoding.EncodeToString([]byte(publicKey))

	// compute signature
	hash = sha256.Sum256(data)
	if signType == APPSignPKCS1V15 {
		data, err = rsa.SignPKCS1v15(rand.Reader, private, crypto.SHA256, hash[:])
	} else if signType == APPSignPSS {
		data, err = rsa.SignPSS(rand.Reader, private, crypto.SHA256, hash[:], nil)
	} else {
		return nil, errors.New("unsupported signature type")
	}
  if err != nil {
    return nil, errors.New("rsa sign failed");
  }
	signature := base64.StdEncoding.EncodeToString(data)

	dataMessage := DataMessage{
		PublicKey:     key,
		KeyType:       keyType,
		Signature:     signature,
		SignatureType: signType,
		Message:       message,
	}
	return &dataMessage, nil
}