diff --git a/cmd/frostfs-cli/modules/control/synchronize_tree.go b/cmd/frostfs-cli/modules/control/synchronize_tree.go index 2287344d6..5f2e4da96 100644 --- a/cmd/frostfs-cli/modules/control/synchronize_tree.go +++ b/cmd/frostfs-cli/modules/control/synchronize_tree.go @@ -9,7 +9,7 @@ import ( "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key" commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" - controlSvc "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage" cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" "github.com/spf13/cobra" ) @@ -60,7 +60,7 @@ func synchronizeTree(cmd *cobra.Command, _ []string) { }, } - err := controlSvc.SignMessage(pk, req) + err := ctrlmessage.Sign(pk, req) commonCmd.ExitOnErr(cmd, "could not sign request: %w", err) cli := getClient(cmd, pk) diff --git a/cmd/frostfs-cli/modules/control/util.go b/cmd/frostfs-cli/modules/control/util.go index ffaceff13..c0577ac0c 100644 --- a/cmd/frostfs-cli/modules/control/util.go +++ b/cmd/frostfs-cli/modules/control/util.go @@ -8,7 +8,7 @@ import ( internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client" "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags" commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common" - controlSvc "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client" frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto" "github.com/spf13/cobra" @@ -33,8 +33,8 @@ func initControlIRFlags(cmd *cobra.Command) { ff.Uint32(irFlagNameVUB, 0, "Valid until block value for notary transaction") } -func signRequest(cmd *cobra.Command, pk *ecdsa.PrivateKey, req controlSvc.SignedMessage) { - err := controlSvc.SignMessage(pk, req) +func signRequest(cmd *cobra.Command, pk *ecdsa.PrivateKey, req ctrlmessage.SignedMessage) { + err := ctrlmessage.Sign(pk, req) commonCmd.ExitOnErr(cmd, "could not sign request: %w", err) } diff --git a/pkg/services/control/server/ctrlmessage/sign.go b/pkg/services/control/server/ctrlmessage/sign.go new file mode 100644 index 000000000..31425b337 --- /dev/null +++ b/pkg/services/control/server/ctrlmessage/sign.go @@ -0,0 +1,44 @@ +package ctrlmessage + +import ( + "crypto/ecdsa" + "fmt" + + "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" + frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto" + frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa" +) + +type SignedMessage interface { + ReadSignedData([]byte) ([]byte, error) + GetSignature() *control.Signature + SetSignature(*control.Signature) +} + +// Sign signs Control service ctrlmessage with private key. +func Sign(key *ecdsa.PrivateKey, msg SignedMessage) error { + binBody, err := msg.ReadSignedData(nil) + if err != nil { + return fmt.Errorf("marshal request body: %w", err) + } + + var sig frostfscrypto.Signature + + err = sig.Calculate(frostfsecdsa.Signer(*key), binBody) + if err != nil { + return fmt.Errorf("calculate signature: %w", err) + } + + // TODO(@cthulhu-rider): #468 use Signature ctrlmessage from FrostFS API to avoid conversion + var sigV2 refs.Signature + sig.WriteToV2(&sigV2) + + var sigControl control.Signature + sigControl.SetKey(sigV2.GetKey()) + sigControl.SetSign(sigV2.GetSign()) + + msg.SetSignature(&sigControl) + + return nil +} diff --git a/pkg/services/control/server/detach_shards.go b/pkg/services/control/server/detach_shards.go index c8bea97b4..a4111bddb 100644 --- a/pkg/services/control/server/detach_shards.go +++ b/pkg/services/control/server/detach_shards.go @@ -6,6 +6,7 @@ import ( "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/util/logicerr" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -29,7 +30,7 @@ func (s *Server) DetachShards(_ context.Context, req *control.DetachShardsReques Body: &control.DetachShardsResponse_Body{}, } - if err = SignMessage(s.key, resp); err != nil { + if err = ctrlmessage.Sign(s.key, resp); err != nil { return nil, status.Error(codes.Internal, err.Error()) } diff --git a/pkg/services/control/server/doctor.go b/pkg/services/control/server/doctor.go index 707a6c983..80041de44 100644 --- a/pkg/services/control/server/doctor.go +++ b/pkg/services/control/server/doctor.go @@ -5,6 +5,7 @@ import ( "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -29,7 +30,7 @@ func (s *Server) Doctor(ctx context.Context, req *control.DoctorRequest) (*contr resp := &control.DoctorResponse{Body: &control.DoctorResponse_Body{}} - err = SignMessage(s.key, resp) + err = ctrlmessage.Sign(s.key, resp) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } diff --git a/pkg/services/control/server/evacuate.go b/pkg/services/control/server/evacuate.go index 462ab211e..3b65bff2c 100644 --- a/pkg/services/control/server/evacuate.go +++ b/pkg/services/control/server/evacuate.go @@ -11,6 +11,7 @@ import ( "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/pilorama" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object_manager/placement" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/replicator" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/tree" @@ -49,7 +50,7 @@ func (s *Server) EvacuateShard(ctx context.Context, req *control.EvacuateShardRe }, } - err = SignMessage(s.key, resp) + err = ctrlmessage.Sign(s.key, resp) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } @@ -131,7 +132,7 @@ func (s *Server) replicateTreeToNode(ctx context.Context, forest pilorama.Forest err = tree.SignMessage(req, s.key) if err != nil { - return fmt.Errorf("can't sign apply request: %w", err) + return fmt.Errorf("can't message apply request: %w", err) } err = s.treeService.ReplicateTreeOp(ctx, node, req) diff --git a/pkg/services/control/server/evacuate_async.go b/pkg/services/control/server/evacuate_async.go index 42ae2635b..b829573ec 100644 --- a/pkg/services/control/server/evacuate_async.go +++ b/pkg/services/control/server/evacuate_async.go @@ -7,6 +7,7 @@ import ( "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/util/logicerr" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -43,7 +44,7 @@ func (s *Server) StartShardEvacuation(ctx context.Context, req *control.StartSha Body: &control.StartShardEvacuationResponse_Body{}, } - err = SignMessage(s.key, resp) + err = ctrlmessage.Sign(s.key, resp) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } @@ -70,7 +71,7 @@ func (s *Server) GetShardEvacuationStatus(ctx context.Context, req *control.GetS return nil, err } - err = SignMessage(s.key, resp) + err = ctrlmessage.Sign(s.key, resp) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } @@ -96,7 +97,7 @@ func (s *Server) StopShardEvacuation(ctx context.Context, req *control.StopShard Body: &control.StopShardEvacuationResponse_Body{}, } - err = SignMessage(s.key, resp) + err = ctrlmessage.Sign(s.key, resp) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } @@ -122,7 +123,7 @@ func (s *Server) ResetShardEvacuationStatus(ctx context.Context, req *control.Re Body: &control.ResetShardEvacuationStatusResponse_Body{}, } - err = SignMessage(s.key, resp) + err = ctrlmessage.Sign(s.key, resp) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } diff --git a/pkg/services/control/server/flush_cache.go b/pkg/services/control/server/flush_cache.go index 67ffa1f2c..031002d71 100644 --- a/pkg/services/control/server/flush_cache.go +++ b/pkg/services/control/server/flush_cache.go @@ -5,6 +5,7 @@ import ( "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -28,7 +29,7 @@ func (s *Server) FlushCache(ctx context.Context, req *control.FlushCacheRequest) resp := &control.FlushCacheResponse{Body: &control.FlushCacheResponse_Body{}} - err = SignMessage(s.key, resp) + err = ctrlmessage.Sign(s.key, resp) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } diff --git a/pkg/services/control/server/gc.go b/pkg/services/control/server/gc.go index d382dd7e5..d9fefc38e 100644 --- a/pkg/services/control/server/gc.go +++ b/pkg/services/control/server/gc.go @@ -6,6 +6,7 @@ import ( "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage" oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" @@ -58,7 +59,7 @@ func (s *Server) DropObjects(ctx context.Context, req *control.DropObjectsReques resp.SetBody(body) // sign the response - if err := SignMessage(s.key, resp); err != nil { + if err := ctrlmessage.Sign(s.key, resp); err != nil { return nil, status.Error(codes.Internal, err.Error()) } diff --git a/pkg/services/control/server/healthcheck.go b/pkg/services/control/server/healthcheck.go index 9e87caa49..121c51280 100644 --- a/pkg/services/control/server/healthcheck.go +++ b/pkg/services/control/server/healthcheck.go @@ -4,6 +4,7 @@ import ( "context" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -27,7 +28,7 @@ func (s *Server) HealthCheck(_ context.Context, req *control.HealthCheckRequest) body.SetHealthStatus(s.healthChecker.HealthStatus()) // sign the response - if err := SignMessage(s.key, resp); err != nil { + if err := ctrlmessage.Sign(s.key, resp); err != nil { return nil, status.Error(codes.Internal, err.Error()) } diff --git a/pkg/services/control/server/list_shards.go b/pkg/services/control/server/list_shards.go index a020547a2..d6531b947 100644 --- a/pkg/services/control/server/list_shards.go +++ b/pkg/services/control/server/list_shards.go @@ -6,6 +6,7 @@ import ( "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/blobstor" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/shard/mode" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -59,7 +60,7 @@ func (s *Server) ListShards(_ context.Context, req *control.ListShardsRequest) ( body.SetShards(shardInfos) // sign the response - if err := SignMessage(s.key, resp); err != nil { + if err := ctrlmessage.Sign(s.key, resp); err != nil { return nil, status.Error(codes.Internal, err.Error()) } diff --git a/pkg/services/control/server/policy_engine.go b/pkg/services/control/server/policy_engine.go index 7ec3d58ac..e2e1fd731 100644 --- a/pkg/services/control/server/policy_engine.go +++ b/pkg/services/control/server/policy_engine.go @@ -7,6 +7,7 @@ import ( "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ape" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage" apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain" "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine" "google.golang.org/grpc/codes" @@ -99,7 +100,7 @@ func (s *Server) AddChainLocalOverride(_ context.Context, req *control.AddChainL ChainId: []byte(chain.ID), }, } - err = SignMessage(s.key, resp) + err = ctrlmessage.Sign(s.key, resp) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } @@ -125,7 +126,7 @@ func (s *Server) GetChainLocalOverride(_ context.Context, req *control.GetChainL Chain: chain.Bytes(), }, } - err = SignMessage(s.key, resp) + err = ctrlmessage.Sign(s.key, resp) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } @@ -156,7 +157,7 @@ func (s *Server) ListChainLocalOverrides(_ context.Context, req *control.ListCha Chains: serializedChains, }, } - err = SignMessage(s.key, resp) + err = ctrlmessage.Sign(s.key, resp) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } @@ -181,7 +182,7 @@ func (s *Server) RemoveChainLocalOverride(_ context.Context, req *control.Remove resp := &control.RemoveChainLocalOverrideResponse{ Body: &control.RemoveChainLocalOverrideResponse_Body{}, } - err = SignMessage(s.key, resp) + err = ctrlmessage.Sign(s.key, resp) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } @@ -206,7 +207,7 @@ func (s *Server) RemoveChainLocalOverridesByTarget(_ context.Context, req *contr resp := &control.RemoveChainLocalOverridesByTargetResponse{ Body: &control.RemoveChainLocalOverridesByTargetResponse_Body{}, } - err = SignMessage(s.key, resp) + err = ctrlmessage.Sign(s.key, resp) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } @@ -237,7 +238,7 @@ func (s *Server) ListTargetsLocalOverrides(_ context.Context, req *control.ListT Targets: targets, }, } - err = SignMessage(s.key, resp) + err = ctrlmessage.Sign(s.key, resp) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } diff --git a/pkg/services/control/server/seal_writecache.go b/pkg/services/control/server/seal_writecache.go index 5c39cf484..e3f8b8caf 100644 --- a/pkg/services/control/server/seal_writecache.go +++ b/pkg/services/control/server/seal_writecache.go @@ -5,6 +5,7 @@ import ( "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -40,7 +41,7 @@ func (s *Server) SealWriteCache(ctx context.Context, req *control.SealWriteCache } } - err = SignMessage(s.key, resp) + err = ctrlmessage.Sign(s.key, resp) if err != nil { return nil, err } diff --git a/pkg/services/control/server/set_netmap_status.go b/pkg/services/control/server/set_netmap_status.go index d4a856952..3fd69df12 100644 --- a/pkg/services/control/server/set_netmap_status.go +++ b/pkg/services/control/server/set_netmap_status.go @@ -4,6 +4,7 @@ import ( "context" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -44,7 +45,7 @@ func (s *Server) SetNetmapStatus(_ context.Context, req *control.SetNetmapStatus resp.SetBody(body) // sign the response - if err := SignMessage(s.key, resp); err != nil { + if err := ctrlmessage.Sign(s.key, resp); err != nil { return nil, status.Error(codes.Internal, err.Error()) } diff --git a/pkg/services/control/server/set_shard_mode.go b/pkg/services/control/server/set_shard_mode.go index 18a7eb327..52835c41d 100644 --- a/pkg/services/control/server/set_shard_mode.go +++ b/pkg/services/control/server/set_shard_mode.go @@ -6,6 +6,7 @@ import ( "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/shard/mode" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -50,7 +51,7 @@ func (s *Server) SetShardMode(_ context.Context, req *control.SetShardModeReques resp.SetBody(body) // sign the response - err = SignMessage(s.key, resp) + err = ctrlmessage.Sign(s.key, resp) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } diff --git a/pkg/services/control/server/sign.go b/pkg/services/control/server/sign.go index acc405821..514af273f 100644 --- a/pkg/services/control/server/sign.go +++ b/pkg/services/control/server/sign.go @@ -2,26 +2,17 @@ package control import ( "bytes" - "crypto/ecdsa" "errors" "fmt" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs" - "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage" frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto" - frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa" ) -// SignedMessage is an interface of Control service message. -type SignedMessage interface { - ReadSignedData([]byte) ([]byte, error) - GetSignature() *control.Signature - SetSignature(*control.Signature) -} - var errDisallowedKey = errors.New("key is not in the allowed list") -func (s *Server) isValidRequest(req SignedMessage) error { +func (s *Server) isValidRequest(req ctrlmessage.SignedMessage) error { sign := req.GetSignature() if sign == nil { // TODO(@cthulhu-rider): #468 use "const" error @@ -68,30 +59,3 @@ func (s *Server) isValidRequest(req SignedMessage) error { return nil } - -// SignMessage signs Control service message with private key. -func SignMessage(key *ecdsa.PrivateKey, msg SignedMessage) error { - binBody, err := msg.ReadSignedData(nil) - if err != nil { - return fmt.Errorf("marshal request body: %w", err) - } - - var sig frostfscrypto.Signature - - err = sig.Calculate(frostfsecdsa.Signer(*key), binBody) - if err != nil { - return fmt.Errorf("calculate signature: %w", err) - } - - // TODO(@cthulhu-rider): #468 use Signature message from FrostFS API to avoid conversion - var sigV2 refs.Signature - sig.WriteToV2(&sigV2) - - var sigControl control.Signature - sigControl.SetKey(sigV2.GetKey()) - sigControl.SetSign(sigV2.GetSign()) - - msg.SetSignature(&sigControl) - - return nil -} diff --git a/pkg/services/control/server/syncronize_tree.go b/pkg/services/control/server/syncronize_tree.go index 678f87d0a..b2a966b2c 100644 --- a/pkg/services/control/server/syncronize_tree.go +++ b/pkg/services/control/server/syncronize_tree.go @@ -4,6 +4,7 @@ import ( "context" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" + "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/tree" cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" netmapSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap" @@ -42,7 +43,7 @@ func (s *Server) SynchronizeTree(ctx context.Context, req *control.SynchronizeTr resp := new(control.SynchronizeTreeResponse) resp.SetBody(new(control.SynchronizeTreeResponse_Body)) - err = SignMessage(s.key, resp) + err = ctrlmessage.Sign(s.key, resp) if err != nil { return nil, status.Error(codes.Internal, err.Error()) }