EliChin/frostfs-api-go
1
0
Fork 0
forked from TrueCloudLab/frostfs-api-go
Code Issues Pull requests Projects Releases Packages Wiki Activity

[#3] signature: Verify parts in parallel

Browse source 
Verify request/response parts in parallel

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
This commit is contained in:
Dmitrii Stepanov 2023-02-28 18:52:50 +03:00
parent 611f73ad0f
commit 73fde0e37c
4 changed files with 54 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
go.mod
View file

@ -5,7 +5,7 @@ go 1.18
require ( require (
git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0
github.com/stretchr/testify v1.7.0 github.com/stretchr/testify v1.7.0
golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 golang.org/x/sync v0.1.0
google.golang.org/grpc v1.48.0 google.golang.org/grpc v1.48.0
google.golang.org/protobuf v1.28.0 google.golang.org/protobuf v1.28.0
) )
@ -14,10 +14,10 @@ require (
git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0 // indirect git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0 // indirect
github.com/davecgh/go-spew v1.1.0 // indirect github.com/davecgh/go-spew v1.1.0 // indirect
github.com/golang/protobuf v1.5.2 // indirect github.com/golang/protobuf v1.5.2 // indirect
github.com/google/go-cmp v0.5.8 // indirect
github.com/mr-tron/base58 v1.2.0 // indirect github.com/mr-tron/base58 v1.2.0 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect
golang.org/x/net v0.0.0-20201021035429-f5854403a974 // indirect golang.org/x/net v0.0.0-20201021035429-f5854403a974 // indirect
golang.org/x/sync v0.1.0 // indirect
golang.org/x/sys v0.1.0 // indirect golang.org/x/sys v0.1.0 // indirect
golang.org/x/text v0.3.3 // indirect golang.org/x/text v0.3.3 // indirect
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 // indirect google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 // indirect

3
go.sum
View file

@ -48,6 +48,7 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o= github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o=
@ -64,8 +65,6 @@ go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqe
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI=
golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=

73
signature/verify.go
View file

@ -6,8 +6,8 @@ import (
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/util/collection"
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/util/signature" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/util/signature"
"golang.org/x/sync/errgroup"
) )
type signatureProvider interface { type signatureProvider interface {
@ -16,6 +16,12 @@ type signatureProvider interface {
GetOriginSignature() *refs.Signature GetOriginSignature() *refs.Signature
} }
type buffers struct {
Body []byte
Meta []byte
Header []byte
}
// VerifyServiceMessage verifies service message. // VerifyServiceMessage verifies service message.
func VerifyServiceMessage(msg interface{}) error { func VerifyServiceMessage(msg interface{}) error {
switch v := msg.(type) { switch v := msg.(type) {
@ -34,16 +40,23 @@ func verifyServiceRequest(v serviceRequest) error {
meta := v.GetMetaHeader() meta := v.GetMetaHeader()
verificationHeader := v.GetVerificationHeader() verificationHeader := v.GetVerificationHeader()
body := serviceMessageBody(v) body := serviceMessageBody(v)
size := collection.Max(body.StableSize(), meta.StableSize(), verificationHeader.StableSize()) buffers := createBuffers(body.StableSize(), meta.StableSize(), verificationHeader.StableSize())
buf := make([]byte, 0, size) return verifyServiceRequestRecursive(body, meta, verificationHeader, buffers)
return verifyServiceRequestRecursive(body, meta, verificationHeader, buf)
} }
func verifyServiceRequestRecursive(body stableMarshaler, meta *session.RequestMetaHeader, verify *session.RequestVerificationHeader, buf []byte) error { func createBuffers(bodySize, metaSize, headerSize int) *buffers {
return &buffers{
Body: make([]byte, 0, bodySize),
Meta: make([]byte, 0, metaSize),
Header: make([]byte, 0, headerSize),
}
}
func verifyServiceRequestRecursive(body stableMarshaler, meta *session.RequestMetaHeader, verify *session.RequestVerificationHeader, buffers *buffers) error {
verificationHeaderOrigin := verify.GetOrigin() verificationHeaderOrigin := verify.GetOrigin()
metaOrigin := meta.GetOrigin() metaOrigin := meta.GetOrigin()
stop, err := verifyMessageParts(body, meta, verificationHeaderOrigin, verificationHeaderOrigin != nil, verify, buf) stop, err := verifyMessageParts(body, meta, verificationHeaderOrigin, verificationHeaderOrigin != nil, verify, buffers)
if err != nil { if err != nil {
return err return err
} }
@ -51,23 +64,40 @@ func verifyServiceRequestRecursive(body stableMarshaler, meta *session.RequestMe
return nil return nil
} }
return verifyServiceRequestRecursive(body, metaOrigin, verificationHeaderOrigin, buf) return verifyServiceRequestRecursive(body, metaOrigin, verificationHeaderOrigin, buffers)
} }
func verifyMessageParts(body, meta, originHeader stableMarshaler, hasOriginHeader bool, sigProvider signatureProvider, buf []byte) (stop bool, err error) { func verifyMessageParts(body, meta, originHeader stableMarshaler, hasOriginHeader bool, sigProvider signatureProvider, buffers *buffers) (stop bool, err error) {
if err := verifyServiceMessagePart(meta, sigProvider.GetMetaSignature, buf); err != nil { eg := &errgroup.Group{}
return false, fmt.Errorf("could not verify meta header: %w", err)
eg.Go(func() error {
if err := verifyServiceMessagePart(meta, sigProvider.GetMetaSignature, buffers.Meta); err != nil {
return fmt.Errorf("could not verify meta header: %w", err)
}
return nil
})
eg.Go(func() error {
if err := verifyServiceMessagePart(originHeader, sigProvider.GetOriginSignature, buffers.Header); err != nil {
return fmt.Errorf("could not verify origin of verification header: %w", err)
}
return nil
})
if !hasOriginHeader {
eg.Go(func() error {
if err := verifyServiceMessagePart(body, sigProvider.GetBodySignature, buffers.Body); err != nil {
return fmt.Errorf("could not verify body: %w", err)
}
return nil
})
} }
if err := verifyServiceMessagePart(originHeader, sigProvider.GetOriginSignature, buf); err != nil { if err := eg.Wait(); err != nil {
return false, fmt.Errorf("could not verify origin of verification header: %w", err) return false, err
} }
if !hasOriginHeader { if !hasOriginHeader {
if err := verifyServiceMessagePart(body, sigProvider.GetBodySignature, buf); err != nil {
return false, fmt.Errorf("could not verify body: %w", err)
}
return true, nil return true, nil
} }
@ -82,16 +112,15 @@ func verifyServiceResponse(v serviceResponse) error {
meta := v.GetMetaHeader() meta := v.GetMetaHeader()
verificationHeader := v.GetVerificationHeader() verificationHeader := v.GetVerificationHeader()
body := serviceMessageBody(v) body := serviceMessageBody(v)
size := collection.Max(body.StableSize(), meta.StableSize(), verificationHeader.StableSize()) buffers := createBuffers(body.StableSize(), meta.StableSize(), verificationHeader.StableSize())
buf := make([]byte, 0, size) return verifyServiceResponseRecursive(body, meta, verificationHeader, buffers)
return verifyServiceResponseRecursive(body, meta, verificationHeader, buf)
} }
func verifyServiceResponseRecursive(body stableMarshaler, meta *session.ResponseMetaHeader, verify *session.ResponseVerificationHeader, buf []byte) error { func verifyServiceResponseRecursive(body stableMarshaler, meta *session.ResponseMetaHeader, verify *session.ResponseVerificationHeader, buffers *buffers) error {
verificationHeaderOrigin := verify.GetOrigin() verificationHeaderOrigin := verify.GetOrigin()
metaOrigin := meta.GetOrigin() metaOrigin := meta.GetOrigin()
stop, err := verifyMessageParts(body, meta, verificationHeaderOrigin, verificationHeaderOrigin != nil, verify, buf) stop, err := verifyMessageParts(body, meta, verificationHeaderOrigin, verificationHeaderOrigin != nil, verify, buffers)
if err != nil { if err != nil {
return err return err
} }
@ -99,7 +128,7 @@ func verifyServiceResponseRecursive(body stableMarshaler, meta *session.Response
return nil return nil
} }
return verifyServiceResponseRecursive(body, metaOrigin, verificationHeaderOrigin, buf) return verifyServiceResponseRecursive(body, metaOrigin, verificationHeaderOrigin, buffers)
} }
func verifyServiceMessagePart(part stableMarshaler, sigRdr func() *refs.Signature, buf []byte) error { func verifyServiceMessagePart(part stableMarshaler, sigRdr func() *refs.Signature, buf []byte) error {

17
util/collection/slice.go
View file

@ -1,17 +0,0 @@
package collection
import "golang.org/x/exp/constraints"
// Max finds maximum value of items.
func Max[T constraints.Ordered](items ...T) T {
if len(items) == 0 {
panic("failed to get max value: empty slice")
}
result := items[0]
for i := 1; i < len(items); i++ {
if items[i] > result {
result = items[i]
}
}
return result
}