From c8625b2c862c5f91cd419e82c39277ce5e7816c7 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Fri, 15 May 2020 16:00:02 +0300 Subject: [PATCH 1/3] Update to neofs-api v0.7.5 --- Makefile | 2 +- docs/service.md | 1 + service/verify.pb.go | Bin 39615 -> 40916 bytes service/verify.proto | 3 +++ 4 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b99682bf..6b1ab7a6 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -PROTO_VERSION=v0.7.4 +PROTO_VERSION=v0.7.5 PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz B=\033[0;1m diff --git a/docs/service.md b/docs/service.md index 9ed548ef..0765f044 100644 --- a/docs/service.md +++ b/docs/service.md @@ -132,6 +132,7 @@ User token granting rights for object manipulation | Address | [refs.Address](#refs.Address) | | Address is an object address for which token is issued | | Lifetime | [TokenLifetime](#service.TokenLifetime) | | Lifetime is a lifetime of the session | | SessionKey | [bytes](#bytes) | | SessionKey is a public key of session key | +| OwnerKey | [bytes](#bytes) | | OwnerKey is a public key of the token owner | diff --git a/service/verify.pb.go b/service/verify.pb.go index 3dadf0b559b9930f8b0dccd14d645b45c1b8f4d7..d198302b4ca428e96b4d5b34089043bf8d99a369 100644 GIT binary patch delta 3755 zcmYk9O^aMb6oyITXu3mY0@1`kLaxD#PVAWb{V`-j0ul!o0TEGm_Y>Ppx|^ic772GL zh#+{ky2w9J8W*nO!XKcZD?$7T{sgPu=k`o*F4d>1&Uw#!-a1wN^yk5!PX|ASSGy-W zFLobXy`9~<<=p#xT0eZJ{=%6&a&l+>X>l|uo%`nZtZ^0}*Un;gzn(fXyJ|E%Uflg~ zarZ_tp3N8IY5t%-SWk@S4`+*6aLxJT(QLYZZEfy;z5ac7@9uM}J?H#0-I)u+?%z9G z)^O%-y*OU<=7rtU$3I@$IlsF7@*k%MN!IP$T(r&DahI{ao^QvYHy#b$r5D;CwI)i} zj!RARtqW`MG+QNhTzU4JrTRvi)!1jRyt#q3hm``vGPPl5ZL!wI04S}c(R3t>&p6jg zS#o(QD{F}qArYcR<04iBV8>b-Xu1%{O4~|}+f4CYCbX2CYgt%SD$iQJYh`QVSduE4 zh>${6Y$1_oAQufZC`_T$2+6mN1SXcFOdxA*s9~v5xTLmT0oG_kwPAqowmzdK0^FKfFd-qfGB`fVF@*^LE$TcC$A}vlw6^7eAxqiGd61+Yb*h-Yn3W; zMr3_U#YqxHaAk5$4&4)X_j%@0r9s_8zx&(0)LK!X98WlW5eEWS4zZ(CUu#@Svq|>` z49*80szzWc!LPL~(AcF8erwrnP%$S#tWzvB1}B^}#Decc%($f@qyiJkQKKw9efzV7 zuB1#~UldqZijUL~D3LQZ<1|wQn9haX(>E00M499QlM`8`WQ_+R(U!}O(lTi!D2PuE zq*$VE`J)w~G^2h)RV+xUa)=ZeZaK4=_J+!q_EO1WT7a!H2g~#t<0uz+k8aA2RQNJQ zh!x*x$tjm?p<5nwM;p)0u~S}cpF$bkaTm4jBMMy9@jibM2D&c5=g zC_{rMk&$nx4&7S4yUSE-&`qwD=8CX6gG*~d=p=rv9E<>L4m3g3MH})O<0ccws->WXFlCy6)&g1SivVJc;gi!1VYIYB5;LvQMxZx_ zs(m2WG_y_Z7lPNqRReD<6;~;n^~D{+H2K>IJs3bLbf7UU0}5%QXe%RtT%$|?w{S%@ zO#3xeDsx5XwWpItideX*Xc-8K{tie^1HN-<%av2GaA}%8ZBr13?GkePA}U(%4_ym4 zLW9FX2L}PTDp;W}*J7k`uhkNFr~xoI)z`J6ZalbQ`+={E9}_ITD6(YQ6H&9%G$X@{U7H|S}EB2ZR+ zN0YmV=QA4OU7rhff7fUm7d6jno@Ay?+4wx}xWSDmEi-r(;QlF)Du-O8H=5v^$v4Wt zLQ^V5$>!~Y>qNNv_R)-E6OEo}UPP9qKoNY-gkW&e62+mELDGG+fB6c862j9q(|0U- zdl#>|{n7UI^`EFc=MBeoz8npQ6X)iEb5u`Xeen8vvUA>g;rI{TUiZ`Cjqcpxvs;?( zt{h%Im9M^i`?s^*KktrC{*|43@4N2zS4OK}-v2A;b|zb=lCFLH;p)GyMuSUh$IgM1 p&*$~DS_kVce*N0X|IC8}XF53&s^Rbi&T9L!vjh2l{LP*1{{gUq&xim3 delta 3385 zcmY+GtF9$Q6o$hI0#3pNhXLk@VFJk^>1%a&28ASOg241uq9AG4ya9o&P*^0%4%o3{ zNkH%bJOzeT-`8SeD%I6h>+-LE{Z)UyynFfE-LK8l%g^sTyL|rilk3xmUtYg{_`x4< z+@?9u{0rbB=WYlG@YwOlBe&%r{afghA7sbzLmZG)dvujbo)i11D<1VBTQ6V5P2uBHGC+Z?F*YWOl$-u!i9&o@NoI5e17y8mhu}lFv}Uka;gLC zo|s!I*Gt6#W91ExdbV~Ll_DJ=8@V0V5>(BeW7H}btQ<~Owi5#YnZQ7zOq{duEq@0> zmFp#`PIwqFG!R{F*tQN)k3)8F>>IW%l;`ZZq)#lV5gn&HDQaAJp4mCkUzI7az9dp8 z*lPPpk@yj8YV(0(w`#3RL{?)@U@SllAtmsPhtPsB5hck)@ke9Q;F&Nt+cg4k(~6sb z<&|R}@TMY;9y4Ifg`wXu_WCSvf5GYs_^dr4*RCSU`zmpKK@LPT2Oe zP!6On_w=Lwt;s^@bpe$nXd;2GANy#;3QLxKA38xu}*z z6hamSXe6T`Z7j8HRnIF5V5kFNRG{j5?v?Q0ixPD!39Q0{NJ`w<94c%pv@-$gXH`P< zz+r(=Y-HF%2}eLm%yWx}f7`KHK}jeRsrPm+fhi#yw(W*mmatR7OxQNYiaA=eqlkOZ zAeUhQfXQsD$0I;g4CQqVh9R-BUXYLCZMNRVgPDMZH>}rS=tK6PC@2#uud=fcu$QZM zMX)#fFUd0?j=B0JK2|9n4zaG$^AWMheFE_EADM5kq2jMC>%5{=Ce>kX5!x323kMY3 zpnlFl){Vemw|Jq4?nW@)NwUP-Lz$3(!Zwoa*%=mz=%U)$f$x(v9NFG*gN%%J6aaK; zw=ha@!ji)7p4>{suFunhDV~=Gm7Lksz#(Z}Z1`8Y1zJlpn=Gr3GUf0TU%6URG2b$V zCzHI^7ln|*w7@OtgvY|H3IAf~Lu|ow{LU!JYwam1UXdcf6#f_h(8z-oi|Xf5TqPZ5i(XuSogvzn#ZTFv`A&sWfq?;(^rV zoA%BNo?5xJ^OmCk-c~25oNXYW6&^V?y8lpE6;K0cgd6%ybdCZcdcF!(e^->rm7TV- zDfo^GV&)V|5oTPyv~ckJR3bi)&7gRbSu!`k&YM`tgTPpZo{2@>Pcb diff --git a/service/verify.proto b/service/verify.proto index ed360beb..a6619a6c 100644 --- a/service/verify.proto +++ b/service/verify.proto @@ -63,6 +63,9 @@ message Token { // SessionKey is a public key of session key bytes SessionKey = 6; + + // OwnerKey is a public key of the token owner + bytes OwnerKey = 7; } // TokenInfo is a grouped information about token From bc413f628071b1ff529da97a1ce959e7632d1c04 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Fri, 15 May 2020 16:03:47 +0300 Subject: [PATCH 2/3] service: defined OwnerKeyContainer and embed it to SessionInfo interface --- service/token.go | 5 +++++ service/types.go | 15 ++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/service/token.go b/service/token.go index cce10592..2497718a 100644 --- a/service/token.go +++ b/service/token.go @@ -103,6 +103,11 @@ func (m *Token_Info) SetSessionKey(key []byte) { m.SessionKey = key } +// SetOwnerKey is an OwnerKey field setter. +func (m *Token_Info) SetOwnerKey(key []byte) { + m.OwnerKey = key +} + // SetSignature is a Signature field setter. func (m *Token) SetSignature(sig []byte) { m.Signature = sig diff --git a/service/types.go b/service/types.go index 31f45070..66582f56 100644 --- a/service/types.go +++ b/service/types.go @@ -158,6 +158,17 @@ type SignatureContainer interface { SetSignature([]byte) } +// OwnerKeySource is an interface of the container of owner key bytes with read access. +type OwnerKeySource interface { + GetOwnerKey() []byte +} + +// OwnerKeyContainer is an interface of the container of owner key bytes. +type OwnerKeyContainer interface { + OwnerKeySource + SetOwnerKey([]byte) +} + // SessionTokenSource is an interface of the container of a SessionToken with read access. type SessionTokenSource interface { GetSessionToken() SessionToken @@ -170,7 +181,8 @@ type SessionTokenSource interface { // - verb of the session; // - address of the session object; // - token lifetime; -// - public session key bytes. +// - public session key bytes; +// - owner's public key bytes. type SessionTokenInfo interface { TokenIDContainer OwnerIDContainer @@ -178,6 +190,7 @@ type SessionTokenInfo interface { AddressContainer LifetimeContainer SessionKeyContainer + OwnerKeyContainer } // SessionToken is an interface of token information and signature pair. From 1896264f8c43dfe257d4efdca32ece3c3d1619b9 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Fri, 15 May 2020 16:05:02 +0300 Subject: [PATCH 3/3] service: add owner key to a signed payload of SessionToken --- service/token.go | 8 +++++--- service/token_test.go | 27 +++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/service/token.go b/service/token.go index 2497718a..a5dd5da3 100644 --- a/service/token.go +++ b/service/token.go @@ -174,11 +174,11 @@ func NewVerifiedSessionToken(token SessionToken) DataWithSignature { } } -func tokenInfoSize(v SessionKeySource) int { +func tokenInfoSize(v SessionTokenInfo) int { if v == nil { return 0 } - return fixedTokenDataSize + len(v.GetSessionKey()) + return fixedTokenDataSize + len(v.GetSessionKey()) + len(v.GetOwnerKey()) } // Fills passed buffer with signing token information bytes. @@ -208,7 +208,9 @@ func copyTokenSignedData(buf []byte, token SessionTokenInfo) { tokenEndianness.PutUint64(buf[off:], token.ExpirationEpoch()) off += 8 - copy(buf[off:], token.GetSessionKey()) + off += copy(buf[off:], token.GetSessionKey()) + + copy(buf[off:], token.GetOwnerKey()) } // SignedData concatenates signed data with session token information. Returns concatenation result. diff --git a/service/token_test.go b/service/token_test.go index e8599e76..43e380d7 100644 --- a/service/token_test.go +++ b/service/token_test.go @@ -77,6 +77,16 @@ func TestTokenGettersSetters(t *testing.T) { require.Equal(t, key, tok.GetSessionKey()) } + { + key := make([]byte, 10) + _, err := rand.Read(key) + require.NoError(t, err) + + tok.SetOwnerKey(key) + + require.Equal(t, key, tok.GetOwnerKey()) + } + { // Signature sig := make([]byte, 10) _, err := rand.Read(sig) @@ -126,6 +136,11 @@ func TestSignToken(t *testing.T) { require.NoError(t, err) token.SetSessionKey(sessionKey) + ownerKey := make([]byte, 10) + _, err = rand.Read(ownerKey[:]) + require.NoError(t, err) + token.SetOwnerKey(ownerKey) + signedToken := NewSignedSessionToken(token) verifiedToken := NewVerifiedSessionToken(token) @@ -211,6 +226,18 @@ func TestSignToken(t *testing.T) { token.SetSessionKey(sessionKey) }, }, + { // Owner key + corrupt: func() { + ownerKey := token.GetOwnerKey() + ownerKey[0]++ + token.SetOwnerKey(ownerKey) + }, + restore: func() { + ownerKey := token.GetOwnerKey() + ownerKey[0]-- + token.SetOwnerKey(ownerKey) + }, + }, } for _, v := range items {