forked from TrueCloudLab/frostfs-sdk-go
[#93] Remove golang.org/x/crypto dependency
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
parent
a2572a23a3
commit
2806d90089
18 changed files with 97 additions and 144 deletions
|
@ -2,11 +2,10 @@ package eacl
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/elliptic"
|
|
||||||
"crypto/rand"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
v2acl "github.com/nspcc-dev/neofs-api-go/v2/acl"
|
v2acl "github.com/nspcc-dev/neofs-api-go/v2/acl"
|
||||||
checksumtest "github.com/nspcc-dev/neofs-sdk-go/checksum/test"
|
checksumtest "github.com/nspcc-dev/neofs-sdk-go/checksum/test"
|
||||||
cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
|
cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
|
||||||
|
@ -252,7 +251,7 @@ func TestReservedRecords(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func randomPublicKey(t *testing.T) *ecdsa.PublicKey {
|
func randomPublicKey(t *testing.T) *ecdsa.PublicKey {
|
||||||
p, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
p, err := keys.NewPrivateKey()
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
return &p.PublicKey
|
return &p.PrivateKey.PublicKey
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,8 +2,8 @@ package eacl
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/elliptic"
|
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
v2acl "github.com/nspcc-dev/neofs-api-go/v2/acl"
|
v2acl "github.com/nspcc-dev/neofs-api-go/v2/acl"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -51,8 +51,7 @@ func SetTargetECDSAKeys(t *Target, pubs ...*ecdsa.PublicKey) {
|
||||||
}
|
}
|
||||||
|
|
||||||
for i := 0; i < ln; i++ {
|
for i := 0; i < ln; i++ {
|
||||||
b := elliptic.MarshalCompressed(pubs[i].Curve, pubs[i].X, pubs[i].Y)
|
binKeys = append(binKeys, (*keys.PublicKey)(pubs[i]).Bytes())
|
||||||
binKeys = append(binKeys, b)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
t.SetBinaryKeys(binKeys)
|
t.SetBinaryKeys(binKeys)
|
||||||
|
@ -68,13 +67,9 @@ func TargetECDSAKeys(t *Target) []*ecdsa.PublicKey {
|
||||||
pubs := make([]*ecdsa.PublicKey, ln)
|
pubs := make([]*ecdsa.PublicKey, ln)
|
||||||
|
|
||||||
for i := 0; i < ln; i++ {
|
for i := 0; i < ln; i++ {
|
||||||
x, y := elliptic.UnmarshalCompressed(elliptic.P256(), binKeys[i])
|
p := new(keys.PublicKey)
|
||||||
if x != nil && y != nil {
|
if p.DecodeBytes(binKeys[i]) == nil {
|
||||||
pubs[i] = &ecdsa.PublicKey{
|
pubs[i] = (*ecdsa.PublicKey)(p)
|
||||||
Curve: elliptic.P256(),
|
|
||||||
X: x,
|
|
||||||
Y: y,
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,9 +2,9 @@ package eacl
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/elliptic"
|
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/acl"
|
"github.com/nspcc-dev/neofs-api-go/v2/acl"
|
||||||
v2acl "github.com/nspcc-dev/neofs-api-go/v2/acl"
|
v2acl "github.com/nspcc-dev/neofs-api-go/v2/acl"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
@ -25,8 +25,7 @@ func TestTarget(t *testing.T) {
|
||||||
require.Equal(t, v2acl.RoleSystem, v2.GetRole())
|
require.Equal(t, v2acl.RoleSystem, v2.GetRole())
|
||||||
require.Len(t, v2.GetKeys(), len(pubs))
|
require.Len(t, v2.GetKeys(), len(pubs))
|
||||||
for i, key := range v2.GetKeys() {
|
for i, key := range v2.GetKeys() {
|
||||||
b := elliptic.MarshalCompressed(pubs[i].Curve, pubs[i].X, pubs[i].Y)
|
require.Equal(t, key, (*keys.PublicKey)(pubs[i]).Bytes())
|
||||||
require.Equal(t, key, b)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
newTarget := NewTargetFromV2(v2)
|
newTarget := NewTargetFromV2(v2)
|
||||||
|
|
2
go.mod
2
go.mod
|
@ -12,9 +12,7 @@ require (
|
||||||
github.com/nspcc-dev/neo-go v0.98.0
|
github.com/nspcc-dev/neo-go v0.98.0
|
||||||
github.com/nspcc-dev/neofs-api-go/v2 v2.11.0-pre.0.20211201134523-3604d96f3fe1
|
github.com/nspcc-dev/neofs-api-go/v2 v2.11.0-pre.0.20211201134523-3604d96f3fe1
|
||||||
github.com/nspcc-dev/neofs-crypto v0.3.0
|
github.com/nspcc-dev/neofs-crypto v0.3.0
|
||||||
github.com/nspcc-dev/rfc6979 v0.2.0
|
|
||||||
github.com/stretchr/testify v1.7.0
|
github.com/stretchr/testify v1.7.0
|
||||||
go.uber.org/zap v1.18.1
|
go.uber.org/zap v1.18.1
|
||||||
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97
|
|
||||||
google.golang.org/grpc v1.41.0
|
google.golang.org/grpc v1.41.0
|
||||||
)
|
)
|
||||||
|
|
|
@ -1,11 +1,10 @@
|
||||||
package object
|
package object
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/ecdsa"
|
|
||||||
"crypto/elliptic"
|
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -18,9 +17,9 @@ func TestVerificationFields(t *testing.T) {
|
||||||
obj.SetPayload(payload)
|
obj.SetPayload(payload)
|
||||||
obj.SetPayloadSize(uint64(len(payload)))
|
obj.SetPayloadSize(uint64(len(payload)))
|
||||||
|
|
||||||
p, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
p, err := keys.NewPrivateKey()
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.NoError(t, SetVerificationFields(p, obj))
|
require.NoError(t, SetVerificationFields(&p.PrivateKey, obj))
|
||||||
|
|
||||||
require.NoError(t, CheckVerificationFields(obj.Object()))
|
require.NoError(t, CheckVerificationFields(obj.Object()))
|
||||||
|
|
||||||
|
|
|
@ -6,6 +6,8 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"github.com/mr-tron/base58"
|
"github.com/mr-tron/base58"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/hash"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/encoding/address"
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -94,12 +96,12 @@ func valid(rawID []byte) bool {
|
||||||
if len(rawID) != NEO3WalletSize {
|
if len(rawID) != NEO3WalletSize {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if rawID[0] != addressPrefixN3 {
|
if rawID[0] != address.NEO3Prefix {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
const boundIndex = NEO3WalletSize - 4
|
const boundIndex = NEO3WalletSize - 4
|
||||||
return bytes.Equal(rawID[boundIndex:], addressChecksum(rawID[:boundIndex]))
|
return bytes.Equal(rawID[boundIndex:], hash.Checksum(rawID[:boundIndex]))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Marshal marshals ID into a protobuf binary form.
|
// Marshal marshals ID into a protobuf binary form.
|
||||||
|
|
|
@ -2,11 +2,11 @@ package owner_test
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/elliptic"
|
|
||||||
"crypto/rand"
|
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/mr-tron/base58"
|
"github.com/mr-tron/base58"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/util/slice"
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||||
. "github.com/nspcc-dev/neofs-sdk-go/owner"
|
. "github.com/nspcc-dev/neofs-sdk-go/owner"
|
||||||
ownertest "github.com/nspcc-dev/neofs-sdk-go/owner/test"
|
ownertest "github.com/nspcc-dev/neofs-sdk-go/owner/test"
|
||||||
|
@ -28,11 +28,10 @@ func TestID_Valid(t *testing.T) {
|
||||||
val := id.ToV2().GetValue()
|
val := id.ToV2().GetValue()
|
||||||
|
|
||||||
t.Run("invalid prefix", func(t *testing.T) {
|
t.Run("invalid prefix", func(t *testing.T) {
|
||||||
v := make([]byte, len(val))
|
val := slice.Copy(val)
|
||||||
copy(v, val)
|
val[0] ^= 0xFF
|
||||||
v[0] ^= 0xFF
|
|
||||||
|
|
||||||
id := ownertest.IDFromBytes(v)
|
id := ownertest.IDFromBytes(val)
|
||||||
require.False(t, id.Valid())
|
require.False(t, id.Valid())
|
||||||
})
|
})
|
||||||
t.Run("invalid size", func(t *testing.T) {
|
t.Run("invalid size", func(t *testing.T) {
|
||||||
|
@ -42,20 +41,19 @@ func TestID_Valid(t *testing.T) {
|
||||||
require.False(t, id.Valid())
|
require.False(t, id.Valid())
|
||||||
})
|
})
|
||||||
t.Run("invalid checksum", func(t *testing.T) {
|
t.Run("invalid checksum", func(t *testing.T) {
|
||||||
v := make([]byte, len(val))
|
val := slice.Copy(val)
|
||||||
copy(v, val)
|
val[NEO3WalletSize-1] ^= 0xFF
|
||||||
v[NEO3WalletSize-1] ^= 0xFF
|
|
||||||
|
|
||||||
id := ownertest.IDFromBytes(v)
|
id := ownertest.IDFromBytes(val)
|
||||||
require.False(t, id.Valid())
|
require.False(t, id.Valid())
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestNewIDFromNeo3Wallet(t *testing.T) {
|
func TestNewIDFromNeo3Wallet(t *testing.T) {
|
||||||
p, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
p, err := keys.NewPrivateKey()
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
wallet, err := NEO3WalletFromPublicKey(&p.PublicKey)
|
wallet, err := NEO3WalletFromPublicKey((*ecdsa.PublicKey)(p.PublicKey()))
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
id := NewIDFromNeo3Wallet(wallet)
|
id := NewIDFromNeo3Wallet(wallet)
|
||||||
|
@ -64,10 +62,10 @@ func TestNewIDFromNeo3Wallet(t *testing.T) {
|
||||||
|
|
||||||
func TestID_Parse(t *testing.T) {
|
func TestID_Parse(t *testing.T) {
|
||||||
t.Run("should parse successful", func(t *testing.T) {
|
t.Run("should parse successful", func(t *testing.T) {
|
||||||
p, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
p, err := keys.NewPrivateKey()
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
wallet, err := NEO3WalletFromPublicKey(&p.PublicKey)
|
wallet, err := NEO3WalletFromPublicKey((*ecdsa.PublicKey)(p.PublicKey()))
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
eid := NewIDFromNeo3Wallet(wallet)
|
eid := NewIDFromNeo3Wallet(wallet)
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
package ownertest
|
package ownertest
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/sha256"
|
|
||||||
"math/rand"
|
"math/rand"
|
||||||
|
|
||||||
|
"github.com/mr-tron/base58"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/encoding/address"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/util"
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
||||||
)
|
)
|
||||||
|
@ -11,13 +13,15 @@ import (
|
||||||
// ID returns owner.ID calculated
|
// ID returns owner.ID calculated
|
||||||
// from a random owner.NEO3Wallet.
|
// from a random owner.NEO3Wallet.
|
||||||
func ID() *owner.ID {
|
func ID() *owner.ID {
|
||||||
u := make([]byte, owner.NEO3WalletSize)
|
u := util.Uint160{}
|
||||||
u[0] = 0x35
|
rand.Read(u[:])
|
||||||
rand.Read(u[1:21])
|
|
||||||
h1 := sha256.Sum256(u[:21])
|
addr := address.Uint160ToString(u)
|
||||||
h2 := sha256.Sum256(h1[:])
|
data, err := base58.Decode(addr)
|
||||||
copy(u[21:], h2[:4])
|
if err != nil {
|
||||||
return IDFromBytes(u)
|
panic(err)
|
||||||
|
}
|
||||||
|
return IDFromBytes(data)
|
||||||
}
|
}
|
||||||
|
|
||||||
// IDFromBytes returns owner.ID generated
|
// IDFromBytes returns owner.ID generated
|
||||||
|
|
|
@ -2,12 +2,11 @@ package owner
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/elliptic"
|
|
||||||
"crypto/sha256"
|
|
||||||
"errors"
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
"github.com/mr-tron/base58"
|
"github.com/mr-tron/base58"
|
||||||
"golang.org/x/crypto/ripemd160"
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
)
|
)
|
||||||
|
|
||||||
// NEO3Wallet represents NEO3 wallet address.
|
// NEO3Wallet represents NEO3 wallet address.
|
||||||
|
@ -16,8 +15,6 @@ type NEO3Wallet [NEO3WalletSize]byte
|
||||||
// NEO3WalletSize contains size of neo3 wallet.
|
// NEO3WalletSize contains size of neo3 wallet.
|
||||||
const NEO3WalletSize = 25
|
const NEO3WalletSize = 25
|
||||||
|
|
||||||
const addressPrefixN3 = 0x35
|
|
||||||
|
|
||||||
// ErrEmptyPublicKey when PK passed to Verify method is nil.
|
// ErrEmptyPublicKey when PK passed to Verify method is nil.
|
||||||
var ErrEmptyPublicKey = errors.New("empty public key")
|
var ErrEmptyPublicKey = errors.New("empty public key")
|
||||||
|
|
||||||
|
@ -27,30 +24,17 @@ func NEO3WalletFromPublicKey(key *ecdsa.PublicKey) (*NEO3Wallet, error) {
|
||||||
return nil, ErrEmptyPublicKey
|
return nil, ErrEmptyPublicKey
|
||||||
}
|
}
|
||||||
|
|
||||||
b := elliptic.MarshalCompressed(key.Curve, key.X, key.Y)
|
neoPublicKey := (*keys.PublicKey)(key)
|
||||||
script := []byte{0x0C /* PUSHDATA1 */, byte(len(b)) /* 33 */}
|
|
||||||
script = append(script, b...)
|
|
||||||
script = append(script, 0x41 /* SYSCALL */)
|
|
||||||
h := sha256.Sum256([]byte("System.Crypto.CheckSig"))
|
|
||||||
script = append(script, h[:4]...)
|
|
||||||
|
|
||||||
h1 := sha256.Sum256(script)
|
d, err := base58.Decode(neoPublicKey.Address())
|
||||||
rw := ripemd160.New()
|
if err != nil {
|
||||||
rw.Write(h1[:])
|
return nil, fmt.Errorf("can't decode neo3 address from key: %w", err)
|
||||||
h160 := rw.Sum(nil)
|
|
||||||
|
|
||||||
var w NEO3Wallet
|
|
||||||
w[0] = addressPrefixN3
|
|
||||||
copy(w[1:21], h160)
|
|
||||||
copy(w[21:], addressChecksum(w[:21]))
|
|
||||||
|
|
||||||
return &w, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func addressChecksum(data []byte) []byte {
|
w := new(NEO3Wallet)
|
||||||
h1 := sha256.Sum256(data)
|
copy(w.Bytes(), d)
|
||||||
h2 := sha256.Sum256(h1[:])
|
|
||||||
return h2[:4]
|
return w, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// String implements fmt.Stringer.
|
// String implements fmt.Stringer.
|
||||||
|
|
|
@ -4,7 +4,6 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/sha256"
|
"crypto/sha256"
|
||||||
"encoding/hex"
|
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"math"
|
"math"
|
||||||
|
@ -14,6 +13,7 @@ import (
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/client"
|
"github.com/nspcc-dev/neofs-sdk-go/client"
|
||||||
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/container"
|
"github.com/nspcc-dev/neofs-sdk-go/container"
|
||||||
|
@ -430,9 +430,8 @@ func (p *pool) OwnerID() *owner.ID {
|
||||||
}
|
}
|
||||||
|
|
||||||
func formCacheKey(address string, key *ecdsa.PrivateKey) string {
|
func formCacheKey(address string, key *ecdsa.PrivateKey) string {
|
||||||
buf := make([]byte, 32)
|
k := keys.PrivateKey{PrivateKey: *key}
|
||||||
key.D.FillBytes(buf)
|
return address + k.String()
|
||||||
return address + hex.EncodeToString(buf)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *pool) conn(ctx context.Context, cfg *callConfig) (*clientPack, []client.CallOption, error) {
|
func (p *pool) conn(ctx context.Context, cfg *callConfig) (*clientPack, []client.CallOption, error) {
|
||||||
|
|
|
@ -5,8 +5,6 @@ package pool
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/elliptic"
|
|
||||||
crand "crypto/rand"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"math/rand"
|
"math/rand"
|
||||||
"testing"
|
"testing"
|
||||||
|
@ -14,6 +12,7 @@ import (
|
||||||
|
|
||||||
"github.com/golang/mock/gomock"
|
"github.com/golang/mock/gomock"
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/client"
|
"github.com/nspcc-dev/neofs-sdk-go/client"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/netmap"
|
"github.com/nspcc-dev/neofs-sdk-go/netmap"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/session"
|
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||||
|
@ -64,9 +63,9 @@ func TestBuildPoolCreateSessionFailed(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func newPrivateKey(t *testing.T) *ecdsa.PrivateKey {
|
func newPrivateKey(t *testing.T) *ecdsa.PrivateKey {
|
||||||
p, err := ecdsa.GenerateKey(elliptic.P256(), crand.Reader)
|
p, err := keys.NewPrivateKey()
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
return p
|
return &p.PrivateKey
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestBuildPoolOneNodeFailed(t *testing.T) {
|
func TestBuildPoolOneNodeFailed(t *testing.T) {
|
||||||
|
|
|
@ -1,11 +1,9 @@
|
||||||
package reputationtest
|
package reputationtest
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/ecdsa"
|
|
||||||
"crypto/elliptic"
|
|
||||||
"crypto/rand"
|
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/reputation"
|
"github.com/nspcc-dev/neofs-sdk-go/reputation"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/util/signature"
|
"github.com/nspcc-dev/neofs-sdk-go/util/signature"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
@ -14,13 +12,13 @@ import (
|
||||||
func PeerID() *reputation.PeerID {
|
func PeerID() *reputation.PeerID {
|
||||||
v := reputation.NewPeerID()
|
v := reputation.NewPeerID()
|
||||||
|
|
||||||
p, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
p, err := keys.NewPrivateKey()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
key := [signature.PublicKeyCompressedSize]byte{}
|
key := [signature.PublicKeyCompressedSize]byte{}
|
||||||
copy(key[:], elliptic.MarshalCompressed(p.Curve, p.X, p.Y))
|
copy(key[:], p.Bytes())
|
||||||
v.SetPublicKey(key)
|
v.SetPublicKey(key)
|
||||||
|
|
||||||
return v
|
return v
|
||||||
|
@ -53,9 +51,9 @@ func GlobalTrust() *reputation.GlobalTrust {
|
||||||
func SignedGlobalTrust(t testing.TB) *reputation.GlobalTrust {
|
func SignedGlobalTrust(t testing.TB) *reputation.GlobalTrust {
|
||||||
gt := GlobalTrust()
|
gt := GlobalTrust()
|
||||||
|
|
||||||
p, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
p, err := keys.NewPrivateKey()
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.NoError(t, gt.Sign(p))
|
require.NoError(t, gt.Sign(&p.PrivateKey))
|
||||||
|
|
||||||
return gt
|
return gt
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,22 +1,20 @@
|
||||||
package sessiontest
|
package sessiontest
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/ecdsa"
|
|
||||||
"crypto/elliptic"
|
|
||||||
crand "crypto/rand"
|
|
||||||
"math/rand"
|
"math/rand"
|
||||||
|
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/session"
|
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||||
)
|
)
|
||||||
|
|
||||||
var p *ecdsa.PrivateKey
|
var p *keys.PrivateKey
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
var err error
|
var err error
|
||||||
|
|
||||||
p, err = ecdsa.GenerateKey(elliptic.P256(), crand.Reader)
|
p, err = keys.NewPrivateKey()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
@ -39,7 +37,7 @@ func Token() *session.Token {
|
||||||
ownerID := owner.NewID()
|
ownerID := owner.NewID()
|
||||||
ownerID.SetNeo3Wallet(w)
|
ownerID.SetNeo3Wallet(w)
|
||||||
|
|
||||||
keyBin := elliptic.MarshalCompressed(p.PublicKey.Curve, p.PublicKey.X, p.PublicKey.Y)
|
keyBin := p.PublicKey().Bytes()
|
||||||
|
|
||||||
tok.SetID(uid)
|
tok.SetID(uid)
|
||||||
tok.SetOwnerID(ownerID)
|
tok.SetOwnerID(ownerID)
|
||||||
|
@ -57,7 +55,7 @@ func Token() *session.Token {
|
||||||
func SignedToken() *session.Token {
|
func SignedToken() *session.Token {
|
||||||
tok := Token()
|
tok := Token()
|
||||||
|
|
||||||
err := tok.Sign(p)
|
err := tok.Sign(&p.PrivateKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"crypto/elliptic"
|
"crypto/elliptic"
|
||||||
"errors"
|
"errors"
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/acl"
|
"github.com/nspcc-dev/neofs-api-go/v2/acl"
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||||
v2signature "github.com/nspcc-dev/neofs-api-go/v2/signature"
|
v2signature "github.com/nspcc-dev/neofs-api-go/v2/signature"
|
||||||
|
@ -89,14 +90,8 @@ func (b *BearerToken) SignToken(key *ecdsa.PrivateKey) error {
|
||||||
// To pass node validation it should be owner of requested container. Returns
|
// To pass node validation it should be owner of requested container. Returns
|
||||||
// nil if token is not signed.
|
// nil if token is not signed.
|
||||||
func (b *BearerToken) Issuer() *owner.ID {
|
func (b *BearerToken) Issuer() *owner.ID {
|
||||||
var pub *ecdsa.PublicKey
|
pub, _ := keys.NewPublicKeyFromBytes(b.token.GetSignature().GetKey(), elliptic.P256())
|
||||||
|
wallet, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(pub))
|
||||||
x, y := elliptic.UnmarshalCompressed(elliptic.P256(), b.token.GetSignature().GetKey())
|
|
||||||
if x != nil && y != nil {
|
|
||||||
pub = &ecdsa.PublicKey{Curve: elliptic.P256(), X: x, Y: y}
|
|
||||||
}
|
|
||||||
|
|
||||||
wallet, err := owner.NEO3WalletFromPublicKey(pub)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,10 +2,9 @@ package token_test
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/elliptic"
|
|
||||||
"crypto/rand"
|
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/token"
|
"github.com/nspcc-dev/neofs-sdk-go/token"
|
||||||
|
@ -21,16 +20,16 @@ func TestBearerToken_Issuer(t *testing.T) {
|
||||||
})
|
})
|
||||||
|
|
||||||
t.Run("signed token", func(t *testing.T) {
|
t.Run("signed token", func(t *testing.T) {
|
||||||
p, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
p, err := keys.NewPrivateKey()
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
wallet, err := owner.NEO3WalletFromPublicKey(&p.PublicKey)
|
wallet, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(p.PublicKey()))
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
ownerID := owner.NewIDFromNeo3Wallet(wallet)
|
ownerID := owner.NewIDFromNeo3Wallet(wallet)
|
||||||
|
|
||||||
bearerToken.SetEACLTable(eacl.NewTable())
|
bearerToken.SetEACLTable(eacl.NewTable())
|
||||||
require.NoError(t, bearerToken.SignToken(p))
|
require.NoError(t, bearerToken.SignToken(&p.PrivateKey))
|
||||||
require.True(t, ownerID.Equal(bearerToken.Issuer()))
|
require.True(t, ownerID.Equal(bearerToken.Issuer()))
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,7 @@
|
||||||
package tokentest
|
package tokentest
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/ecdsa"
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
"crypto/elliptic"
|
|
||||||
"crypto/rand"
|
|
||||||
|
|
||||||
eacltest "github.com/nspcc-dev/neofs-sdk-go/eacl/test"
|
eacltest "github.com/nspcc-dev/neofs-sdk-go/eacl/test"
|
||||||
ownertest "github.com/nspcc-dev/neofs-sdk-go/owner/test"
|
ownertest "github.com/nspcc-dev/neofs-sdk-go/owner/test"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/token"
|
"github.com/nspcc-dev/neofs-sdk-go/token"
|
||||||
|
@ -29,12 +26,12 @@ func BearerToken() *token.BearerToken {
|
||||||
func SignedBearerToken() *token.BearerToken {
|
func SignedBearerToken() *token.BearerToken {
|
||||||
tok := BearerToken()
|
tok := BearerToken()
|
||||||
|
|
||||||
p, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
p, err := keys.NewPrivateKey()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = tok.SignToken(p)
|
err = tok.SignToken(&p.PrivateKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,9 @@ import (
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/elliptic"
|
"crypto/elliptic"
|
||||||
"errors"
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
)
|
)
|
||||||
|
|
||||||
type DataSource interface {
|
type DataSource interface {
|
||||||
|
@ -72,8 +75,8 @@ func SignDataWithHandler(key *ecdsa.PrivateKey, src DataSource, handler KeySigna
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
b := elliptic.MarshalCompressed(key.Curve, key.X, key.Y)
|
pub := (*keys.PublicKey)(&key.PublicKey)
|
||||||
handler(b, sig)
|
handler(pub.Bytes(), sig)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -93,16 +96,19 @@ func VerifyDataWithSource(dataSrc DataSource, sigSrc KeySignatureSource, opts ..
|
||||||
|
|
||||||
key, sig := sigSrc()
|
key, sig := sigSrc()
|
||||||
|
|
||||||
var pub *ecdsa.PublicKey
|
var pub *keys.PublicKey
|
||||||
if len(key) != 0 {
|
if len(key) != 0 {
|
||||||
x, y := elliptic.UnmarshalCompressed(elliptic.P256(), key)
|
pub, err = keys.NewPublicKeyFromBytes(key, elliptic.P256())
|
||||||
if x == nil || y == nil {
|
if err != nil {
|
||||||
return ErrInvalidPublicKey
|
return fmt.Errorf("%w: %v", ErrInvalidPublicKey, err)
|
||||||
}
|
}
|
||||||
pub = &ecdsa.PublicKey{Curve: elliptic.P256(), X: x, Y: y}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return cfg.verifyFunc(pub, data, sig)
|
return cfg.verifyFunc(
|
||||||
|
(*ecdsa.PublicKey)(pub),
|
||||||
|
data,
|
||||||
|
sig,
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
func SignData(key *ecdsa.PrivateKey, v DataWithSignature, opts ...SignOption) error {
|
func SignData(key *ecdsa.PrivateKey, v DataWithSignature, opts ...SignOption) error {
|
||||||
|
|
|
@ -8,7 +8,7 @@ import (
|
||||||
"crypto/sha512"
|
"crypto/sha512"
|
||||||
"math/big"
|
"math/big"
|
||||||
|
|
||||||
"github.com/nspcc-dev/rfc6979"
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
)
|
)
|
||||||
|
|
||||||
var curve = elliptic.P256()
|
var curve = elliptic.P256()
|
||||||
|
@ -77,31 +77,15 @@ func SignWithRFC6979() SignOption {
|
||||||
}
|
}
|
||||||
|
|
||||||
func signRFC6979(key *ecdsa.PrivateKey, msg []byte) ([]byte, error) {
|
func signRFC6979(key *ecdsa.PrivateKey, msg []byte) ([]byte, error) {
|
||||||
digest := sha256.Sum256(msg)
|
p := &keys.PrivateKey{PrivateKey: *key}
|
||||||
r, s := rfc6979.SignECDSA(key, digest[:], sha256.New)
|
return p.Sign(msg), nil
|
||||||
return getSignatureSlice(key.Curve, r, s), nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func verifyRFC6979(pub *ecdsa.PublicKey, msg []byte, sig []byte) error {
|
func verifyRFC6979(key *ecdsa.PublicKey, msg []byte, sig []byte) error {
|
||||||
|
p := (*keys.PublicKey)(key)
|
||||||
h := sha256.Sum256(msg)
|
h := sha256.Sum256(msg)
|
||||||
if pub.X == nil || pub.Y == nil || len(sig) != 64 {
|
if p.Verify(sig, h[:]) {
|
||||||
return ErrInvalidSignature
|
|
||||||
}
|
|
||||||
|
|
||||||
rBytes := new(big.Int).SetBytes(sig[0:32])
|
|
||||||
sBytes := new(big.Int).SetBytes(sig[32:64])
|
|
||||||
if ecdsa.Verify(pub, h[:], rBytes, sBytes) {
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
return ErrInvalidSignature
|
return ErrInvalidSignature
|
||||||
}
|
}
|
||||||
|
|
||||||
func getSignatureSlice(curve elliptic.Curve, r, s *big.Int) []byte {
|
|
||||||
params := curve.Params()
|
|
||||||
curveOrderByteSize := params.P.BitLen() / 8
|
|
||||||
signature := make([]byte, curveOrderByteSize*2)
|
|
||||||
_ = r.FillBytes(signature[:curveOrderByteSize])
|
|
||||||
_ = s.FillBytes(signature[curveOrderByteSize:])
|
|
||||||
|
|
||||||
return signature
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in a new issue