From 22af538c9895896bc324f51493e6d9d46b3b83fc Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Sat, 16 May 2020 15:28:35 +0300 Subject: [PATCH 1/2] Revert "service: add owner key to a signed payload of SessionToken" This reverts commit 1896264f --- service/token.go | 8 +++----- service/token_test.go | 27 --------------------------- 2 files changed, 3 insertions(+), 32 deletions(-) diff --git a/service/token.go b/service/token.go index a5dd5da..2497718 100644 --- a/service/token.go +++ b/service/token.go @@ -174,11 +174,11 @@ func NewVerifiedSessionToken(token SessionToken) DataWithSignature { } } -func tokenInfoSize(v SessionTokenInfo) int { +func tokenInfoSize(v SessionKeySource) int { if v == nil { return 0 } - return fixedTokenDataSize + len(v.GetSessionKey()) + len(v.GetOwnerKey()) + return fixedTokenDataSize + len(v.GetSessionKey()) } // Fills passed buffer with signing token information bytes. @@ -208,9 +208,7 @@ func copyTokenSignedData(buf []byte, token SessionTokenInfo) { tokenEndianness.PutUint64(buf[off:], token.ExpirationEpoch()) off += 8 - off += copy(buf[off:], token.GetSessionKey()) - - copy(buf[off:], token.GetOwnerKey()) + copy(buf[off:], token.GetSessionKey()) } // SignedData concatenates signed data with session token information. Returns concatenation result. diff --git a/service/token_test.go b/service/token_test.go index 43e380d..e8599e7 100644 --- a/service/token_test.go +++ b/service/token_test.go @@ -77,16 +77,6 @@ func TestTokenGettersSetters(t *testing.T) { require.Equal(t, key, tok.GetSessionKey()) } - { - key := make([]byte, 10) - _, err := rand.Read(key) - require.NoError(t, err) - - tok.SetOwnerKey(key) - - require.Equal(t, key, tok.GetOwnerKey()) - } - { // Signature sig := make([]byte, 10) _, err := rand.Read(sig) @@ -136,11 +126,6 @@ func TestSignToken(t *testing.T) { require.NoError(t, err) token.SetSessionKey(sessionKey) - ownerKey := make([]byte, 10) - _, err = rand.Read(ownerKey[:]) - require.NoError(t, err) - token.SetOwnerKey(ownerKey) - signedToken := NewSignedSessionToken(token) verifiedToken := NewVerifiedSessionToken(token) @@ -226,18 +211,6 @@ func TestSignToken(t *testing.T) { token.SetSessionKey(sessionKey) }, }, - { // Owner key - corrupt: func() { - ownerKey := token.GetOwnerKey() - ownerKey[0]++ - token.SetOwnerKey(ownerKey) - }, - restore: func() { - ownerKey := token.GetOwnerKey() - ownerKey[0]-- - token.SetOwnerKey(ownerKey) - }, - }, } for _, v := range items { From bd261cf56659247d41b5a437a6c2d35e96f84c66 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Sat, 16 May 2020 15:29:44 +0300 Subject: [PATCH 2/2] service: call OwnerKey setter in AddSignKey method implementation --- service/token.go | 9 +++++++-- service/token_test.go | 26 ++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/service/token.go b/service/token.go index 2497718..638539f 100644 --- a/service/token.go +++ b/service/token.go @@ -6,6 +6,7 @@ import ( "io" "github.com/nspcc-dev/neofs-api-go/refs" + crypto "github.com/nspcc-dev/neofs-crypto" ) type signAccumWithToken struct { @@ -125,10 +126,14 @@ func (x Token_Info_Verb) Bytes() []byte { return data } -// AddSignKey calls a Signature field setter of token with passed signature. -func (s signedSessionToken) AddSignKey(sig []byte, _ *ecdsa.PublicKey) { +// AddSignKey calls a Signature field setter and an OwnerKey field setter with corresponding arguments. +func (s signedSessionToken) AddSignKey(sig []byte, key *ecdsa.PublicKey) { if s.SessionToken != nil { s.SessionToken.SetSignature(sig) + + s.SessionToken.SetOwnerKey( + crypto.MarshalPublicKey(key), + ) } } diff --git a/service/token_test.go b/service/token_test.go index e8599e7..4fb430a 100644 --- a/service/token_test.go +++ b/service/token_test.go @@ -5,6 +5,7 @@ import ( "testing" "github.com/nspcc-dev/neofs-api-go/refs" + crypto "github.com/nspcc-dev/neofs-crypto" "github.com/nspcc-dev/neofs-crypto/test" "github.com/stretchr/testify/require" ) @@ -220,3 +221,28 @@ func TestSignToken(t *testing.T) { require.NoError(t, VerifySignatureWithKey(pk, verifiedToken)) } } + +func TestSignedSessionToken_AddSignKey(t *testing.T) { + // nil SessionToken + s := new(signedSessionToken) + + require.NotPanics(t, func() { + s.AddSignKey(nil, nil) + }) + + // create test public key and signature + pk := &test.DecodeKey(0).PublicKey + sig := []byte{1, 2, 3} + + s.SessionToken = new(Token) + + // add key-signature pair to SessionToken + s.AddSignKey(sig, pk) + + require.Equal(t, sig, s.GetSignature()) + + require.Equal(t, + crypto.MarshalPublicKey(pk), + s.GetOwnerKey(), + ) +}