frostfs-api-go/signature/verify.go

package signature

import (
	"errors"
	"fmt"

	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/util/signature"
	"golang.org/x/sync/errgroup"
)

type signatureProvider interface {
	GetBodySignature() *refs.Signature
	GetMetaSignature() *refs.Signature
	GetOriginSignature() *refs.Signature
}

// VerifyServiceMessage verifies service message.
func VerifyServiceMessage(msg any) error {
	switch v := msg.(type) {
	case nil:
		return nil
	case serviceRequest:
		return verifyServiceRequest(v)
	case serviceResponse:
		return verifyServiceResponse(v)
	default:
		panic(fmt.Sprintf("unsupported session message %T", v))
	}
}

func verifyServiceRequest(v serviceRequest) error {
	meta := v.GetMetaHeader()
	verificationHeader := v.GetVerificationHeader()
	body := serviceMessageBody(v)
	return verifyServiceRequestRecursive(body, meta, verificationHeader)
}

func verifyServiceRequestRecursive(body stableMarshaler, meta *session.RequestMetaHeader, verify *session.RequestVerificationHeader) error {
	verificationHeaderOrigin := verify.GetOrigin()
	metaOrigin := meta.GetOrigin()

	stop, err := verifyMessageParts(body, meta, verificationHeaderOrigin, verificationHeaderOrigin != nil, verify)
	if err != nil {
		return err
	}
	if stop {
		return nil
	}

	return verifyServiceRequestRecursive(body, metaOrigin, verificationHeaderOrigin)
}

func verifyMessageParts(body, meta, originHeader stableMarshaler, hasOriginHeader bool, sigProvider signatureProvider) (stop bool, err error) {
	eg := &errgroup.Group{}

	eg.Go(func() error {
		if err := verifyServiceMessagePart(meta, sigProvider.GetMetaSignature); err != nil {
			return fmt.Errorf("could not verify meta header: %w", err)
		}
		return nil
	})

	eg.Go(func() error {
		if err := verifyServiceMessagePart(originHeader, sigProvider.GetOriginSignature); err != nil {
			return fmt.Errorf("could not verify origin of verification header: %w", err)
		}
		return nil
	})

	if !hasOriginHeader {
		eg.Go(func() error {
			if err := verifyServiceMessagePart(body, sigProvider.GetBodySignature); err != nil {
				return fmt.Errorf("could not verify body: %w", err)
			}
			return nil
		})
	}

	if err := eg.Wait(); err != nil {
		return false, err
	}

	if !hasOriginHeader {
		return true, nil
	}

	if sigProvider.GetBodySignature() != nil {
		return false, errors.New("body signature misses at the matryoshka upper level")
	}

	return false, nil
}

func verifyServiceResponse(v serviceResponse) error {
	meta := v.GetMetaHeader()
	verificationHeader := v.GetVerificationHeader()
	body := serviceMessageBody(v)
	return verifyServiceResponseRecursive(body, meta, verificationHeader)
}

func verifyServiceResponseRecursive(body stableMarshaler, meta *session.ResponseMetaHeader, verify *session.ResponseVerificationHeader) error {
	verificationHeaderOrigin := verify.GetOrigin()
	metaOrigin := meta.GetOrigin()

	stop, err := verifyMessageParts(body, meta, verificationHeaderOrigin, verificationHeaderOrigin != nil, verify)
	if err != nil {
		return err
	}
	if stop {
		return nil
	}

	return verifyServiceResponseRecursive(body, metaOrigin, verificationHeaderOrigin)
}

func verifyServiceMessagePart(part stableMarshaler, sigRdr func() *refs.Signature) error {
	wrapper := StableMarshalerWrapper{
		SM: part,
	}

	return signature.VerifyDataWithSource(
		wrapper,
		sigRdr,
	)
}
[#3] signature: Refactor sign and verify Split methods to separate files, drop redundant intefaces Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 10:01:18 +00:00			`package signature`

			`import (`
			`"errors"`
			`"fmt"`

			`"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"`
			`"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"`
			`"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/util/signature"`
[#3] signature: Verify parts in parallel Verify request/response parts in parallel Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 15:52:50 +00:00			`"golang.org/x/sync/errgroup"`
[#3] signature: Refactor sign and verify Split methods to separate files, drop redundant intefaces Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 10:01:18 +00:00			`)`

			`type signatureProvider interface {`
			`GetBodySignature() *refs.Signature`
			`GetMetaSignature() *refs.Signature`
			`GetOriginSignature() *refs.Signature`
			`}`

			`// VerifyServiceMessage verifies service message.`
[#28] Replace interface{} with any Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com> 2023-05-15 14:25:04 +00:00			`func VerifyServiceMessage(msg any) error {`
[#3] signature: Refactor sign and verify Split methods to separate files, drop redundant intefaces Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 10:01:18 +00:00			`switch v := msg.(type) {`
			`case nil:`
			`return nil`
			`case serviceRequest:`
			`return verifyServiceRequest(v)`
			`case serviceResponse:`
			`return verifyServiceResponse(v)`
			`default:`
			`panic(fmt.Sprintf("unsupported session message %T", v))`
			`}`
			`}`

			`func verifyServiceRequest(v serviceRequest) error {`
			`meta := v.GetMetaHeader()`
			`verificationHeader := v.GetVerificationHeader()`
			`body := serviceMessageBody(v)`
[#3] signature: Add buffer pool Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-03-09 08:33:21 +00:00			`return verifyServiceRequestRecursive(body, meta, verificationHeader)`
[#3] signature: Verify parts in parallel Verify request/response parts in parallel Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 15:52:50 +00:00			`}`

[#3] signature: Add buffer pool Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-03-09 08:33:21 +00:00			`func verifyServiceRequestRecursive(body stableMarshaler, meta session.RequestMetaHeader, verify session.RequestVerificationHeader) error {`
[#3] signature: Refactor sign and verify Split methods to separate files, drop redundant intefaces Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 10:01:18 +00:00			`verificationHeaderOrigin := verify.GetOrigin()`
			`metaOrigin := meta.GetOrigin()`

[#3] signature: Add buffer pool Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-03-09 08:33:21 +00:00			`stop, err := verifyMessageParts(body, meta, verificationHeaderOrigin, verificationHeaderOrigin != nil, verify)`
[#3] signature: Refactor sign and verify Split methods to separate files, drop redundant intefaces Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 10:01:18 +00:00			`if err != nil {`
			`return err`
			`}`
			`if stop {`
			`return nil`
			`}`

[#3] signature: Add buffer pool Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-03-09 08:33:21 +00:00			`return verifyServiceRequestRecursive(body, metaOrigin, verificationHeaderOrigin)`
[#3] signature: Refactor sign and verify Split methods to separate files, drop redundant intefaces Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 10:01:18 +00:00			`}`

[#3] signature: Add buffer pool Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-03-09 08:33:21 +00:00			`func verifyMessageParts(body, meta, originHeader stableMarshaler, hasOriginHeader bool, sigProvider signatureProvider) (stop bool, err error) {`
[#3] signature: Verify parts in parallel Verify request/response parts in parallel Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 15:52:50 +00:00			`eg := &errgroup.Group{}`

			`eg.Go(func() error {`
[#3] signature: Add buffer pool Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-03-09 08:33:21 +00:00			`if err := verifyServiceMessagePart(meta, sigProvider.GetMetaSignature); err != nil {`
[#3] signature: Verify parts in parallel Verify request/response parts in parallel Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 15:52:50 +00:00			`return fmt.Errorf("could not verify meta header: %w", err)`
			`}`
			`return nil`
			`})`

			`eg.Go(func() error {`
[#3] signature: Add buffer pool Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-03-09 08:33:21 +00:00			`if err := verifyServiceMessagePart(originHeader, sigProvider.GetOriginSignature); err != nil {`
[#3] signature: Verify parts in parallel Verify request/response parts in parallel Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 15:52:50 +00:00			`return fmt.Errorf("could not verify origin of verification header: %w", err)`
			`}`
			`return nil`
			`})`

			`if !hasOriginHeader {`
			`eg.Go(func() error {`
[#3] signature: Add buffer pool Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-03-09 08:33:21 +00:00			`if err := verifyServiceMessagePart(body, sigProvider.GetBodySignature); err != nil {`
[#3] signature: Verify parts in parallel Verify request/response parts in parallel Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 15:52:50 +00:00			`return fmt.Errorf("could not verify body: %w", err)`
			`}`
			`return nil`
			`})`
[#3] signature: Refactor sign and verify Split methods to separate files, drop redundant intefaces Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 10:01:18 +00:00			`}`

[#3] signature: Verify parts in parallel Verify request/response parts in parallel Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 15:52:50 +00:00			`if err := eg.Wait(); err != nil {`
			`return false, err`
[#3] signature: Refactor sign and verify Split methods to separate files, drop redundant intefaces Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 10:01:18 +00:00			`}`

			`if !hasOriginHeader {`
			`return true, nil`
			`}`

			`if sigProvider.GetBodySignature() != nil {`
			`return false, errors.New("body signature misses at the matryoshka upper level")`
			`}`

			`return false, nil`
			`}`

			`func verifyServiceResponse(v serviceResponse) error {`
			`meta := v.GetMetaHeader()`
			`verificationHeader := v.GetVerificationHeader()`
			`body := serviceMessageBody(v)`
[#3] signature: Add buffer pool Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-03-09 08:33:21 +00:00			`return verifyServiceResponseRecursive(body, meta, verificationHeader)`
[#3] signature: Refactor sign and verify Split methods to separate files, drop redundant intefaces Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 10:01:18 +00:00			`}`

[#3] signature: Add buffer pool Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-03-09 08:33:21 +00:00			`func verifyServiceResponseRecursive(body stableMarshaler, meta session.ResponseMetaHeader, verify session.ResponseVerificationHeader) error {`
[#3] signature: Refactor sign and verify Split methods to separate files, drop redundant intefaces Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 10:01:18 +00:00			`verificationHeaderOrigin := verify.GetOrigin()`
			`metaOrigin := meta.GetOrigin()`

[#3] signature: Add buffer pool Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-03-09 08:33:21 +00:00			`stop, err := verifyMessageParts(body, meta, verificationHeaderOrigin, verificationHeaderOrigin != nil, verify)`
[#3] signature: Refactor sign and verify Split methods to separate files, drop redundant intefaces Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 10:01:18 +00:00			`if err != nil {`
			`return err`
			`}`
			`if stop {`
			`return nil`
			`}`

[#3] signature: Add buffer pool Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-03-09 08:33:21 +00:00			`return verifyServiceResponseRecursive(body, metaOrigin, verificationHeaderOrigin)`
[#3] signature: Refactor sign and verify Split methods to separate files, drop redundant intefaces Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 10:01:18 +00:00			`}`

[#3] signature: Add buffer pool Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-03-09 08:33:21 +00:00			`func verifyServiceMessagePart(part stableMarshaler, sigRdr func() *refs.Signature) error {`
			`wrapper := StableMarshalerWrapper{`
			`SM: part,`
			`}`

[#3] signature: Refactor sign and verify Split methods to separate files, drop redundant intefaces Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 10:01:18 +00:00			`return signature.VerifyDataWithSource(`
[#3] signature: Add buffer pool Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-03-09 08:33:21 +00:00			`wrapper,`
[#3] signature: Refactor sign and verify Split methods to separate files, drop redundant intefaces Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com> 2023-02-28 10:01:18 +00:00			`sigRdr,`
			`)`
			`}`