2020-08-14 12:51:10 +00:00
|
|
|
package signature
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/ecdsa"
|
|
|
|
"fmt"
|
|
|
|
|
2023-03-07 10:38:56 +00:00
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/util/signature"
|
2023-02-28 14:47:12 +00:00
|
|
|
"golang.org/x/sync/errgroup"
|
2020-08-14 12:51:10 +00:00
|
|
|
)
|
|
|
|
|
2020-08-18 13:01:40 +00:00
|
|
|
type serviceRequest interface {
|
2020-08-20 10:41:55 +00:00
|
|
|
GetMetaHeader() *session.RequestMetaHeader
|
|
|
|
GetVerificationHeader() *session.RequestVerificationHeader
|
|
|
|
SetVerificationHeader(*session.RequestVerificationHeader)
|
2020-08-14 12:51:10 +00:00
|
|
|
}
|
|
|
|
|
2020-08-18 13:01:40 +00:00
|
|
|
type serviceResponse interface {
|
2020-08-20 10:41:55 +00:00
|
|
|
GetMetaHeader() *session.ResponseMetaHeader
|
|
|
|
GetVerificationHeader() *session.ResponseVerificationHeader
|
|
|
|
SetVerificationHeader(*session.ResponseVerificationHeader)
|
2020-08-18 13:01:40 +00:00
|
|
|
}
|
|
|
|
|
2023-02-28 10:01:18 +00:00
|
|
|
type signatureReceiver interface {
|
2020-08-20 09:43:47 +00:00
|
|
|
SetBodySignature(*refs.Signature)
|
|
|
|
SetMetaSignature(*refs.Signature)
|
|
|
|
SetOriginSignature(*refs.Signature)
|
2020-08-18 13:01:40 +00:00
|
|
|
}
|
|
|
|
|
2023-02-28 10:01:18 +00:00
|
|
|
// SignServiceMessage signes service message with key.
|
2023-05-15 14:25:04 +00:00
|
|
|
func SignServiceMessage(key *ecdsa.PrivateKey, msg any) error {
|
2023-02-28 10:01:18 +00:00
|
|
|
switch v := msg.(type) {
|
|
|
|
case nil:
|
|
|
|
return nil
|
|
|
|
case serviceRequest:
|
|
|
|
return signServiceRequest(key, v)
|
|
|
|
case serviceResponse:
|
|
|
|
return signServiceResponse(key, v)
|
|
|
|
default:
|
|
|
|
panic(fmt.Sprintf("unsupported session message %T", v))
|
2020-08-18 13:01:40 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-28 10:01:18 +00:00
|
|
|
func signServiceRequest(key *ecdsa.PrivateKey, v serviceRequest) error {
|
|
|
|
result := &session.RequestVerificationHeader{}
|
|
|
|
body := serviceMessageBody(v)
|
|
|
|
meta := v.GetMetaHeader()
|
|
|
|
header := v.GetVerificationHeader()
|
|
|
|
if err := signMessageParts(key, body, meta, header, header != nil, result); err != nil {
|
|
|
|
return err
|
2020-08-18 13:01:40 +00:00
|
|
|
}
|
2023-02-28 10:01:18 +00:00
|
|
|
result.SetOrigin(header)
|
|
|
|
v.SetVerificationHeader(result)
|
2020-08-18 13:01:40 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-02-28 10:01:18 +00:00
|
|
|
func signServiceResponse(key *ecdsa.PrivateKey, v serviceResponse) error {
|
|
|
|
result := &session.ResponseVerificationHeader{}
|
|
|
|
body := serviceMessageBody(v)
|
|
|
|
meta := v.GetMetaHeader()
|
|
|
|
header := v.GetVerificationHeader()
|
|
|
|
if err := signMessageParts(key, body, meta, header, header != nil, result); err != nil {
|
|
|
|
return err
|
2020-08-18 13:01:40 +00:00
|
|
|
}
|
2023-02-28 10:01:18 +00:00
|
|
|
result.SetOrigin(header)
|
|
|
|
v.SetVerificationHeader(result)
|
2020-08-18 13:01:40 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-02-28 10:01:18 +00:00
|
|
|
func signMessageParts(key *ecdsa.PrivateKey, body, meta, header stableMarshaler, hasHeader bool, result signatureReceiver) error {
|
2023-02-28 14:47:12 +00:00
|
|
|
eg := &errgroup.Group{}
|
2023-02-28 10:01:18 +00:00
|
|
|
if !hasHeader {
|
2020-08-20 10:41:55 +00:00
|
|
|
// sign session message body
|
2023-02-28 14:47:12 +00:00
|
|
|
eg.Go(func() error {
|
|
|
|
if err := signServiceMessagePart(key, body, result.SetBodySignature); err != nil {
|
|
|
|
return fmt.Errorf("could not sign body: %w", err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
})
|
2020-08-14 12:51:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// sign meta header
|
2023-02-28 14:47:12 +00:00
|
|
|
eg.Go(func() error {
|
|
|
|
if err := signServiceMessagePart(key, meta, result.SetMetaSignature); err != nil {
|
|
|
|
return fmt.Errorf("could not sign meta header: %w", err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
})
|
2020-08-14 12:51:10 +00:00
|
|
|
|
|
|
|
// sign verification header origin
|
2023-02-28 14:47:12 +00:00
|
|
|
eg.Go(func() error {
|
|
|
|
if err := signServiceMessagePart(key, header, result.SetOriginSignature); err != nil {
|
|
|
|
return fmt.Errorf("could not sign origin of verification header: %w", err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
})
|
|
|
|
return eg.Wait()
|
2020-08-14 12:51:10 +00:00
|
|
|
}
|
|
|
|
|
2020-08-20 09:43:47 +00:00
|
|
|
func signServiceMessagePart(key *ecdsa.PrivateKey, part stableMarshaler, sigWrite func(*refs.Signature)) error {
|
2022-04-11 11:40:00 +00:00
|
|
|
var sig *refs.Signature
|
2020-08-14 12:51:10 +00:00
|
|
|
|
2023-03-09 08:33:21 +00:00
|
|
|
wrapper := StableMarshalerWrapper{
|
|
|
|
SM: part,
|
|
|
|
}
|
2020-08-14 12:51:10 +00:00
|
|
|
// sign part
|
|
|
|
if err := signature.SignDataWithHandler(
|
|
|
|
key,
|
2023-03-09 08:33:21 +00:00
|
|
|
wrapper,
|
2022-02-22 11:25:43 +00:00
|
|
|
func(s *refs.Signature) {
|
2022-04-11 11:40:00 +00:00
|
|
|
sig = s
|
2022-02-22 11:25:43 +00:00
|
|
|
},
|
2020-08-14 12:51:10 +00:00
|
|
|
); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// write part signature
|
|
|
|
sigWrite(sig)
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|