Merge branch 'release/0.2.9'

2020-01-17 14:06:53 +03:00 · 2020-01-17 14:06:53 +03:00 · e945525510
commit e945525510
parent abc3c371ce 34828f5578
16 changed files with 190 additions and 38 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,6 +1,23 @@
 # Changelog
 This is the changelog for NeoFS Proto

+## [0.2.9] - 2020-01-17
+
+### Added
+- Docs for container ACL field
+- Public key header in the object with docs
+- Public key field in the session token with docs
+
+### Changed
+- Routine to verify correct object checks if integrity header is last and
+may use public key header if verification header is not present
+- Routine to verify correct session token checks if keys in the token 
+associated with owner id
+- Updated neofs-crypto to v0.2.3
+
+### Removed
+- Timestamp in object tombstone header
+
 ## [0.2.8] - 2019-12-21

 ### Added
@ -88,3 +105,4 @@ Initial public release
 [0.2.6]: https://github.com/nspcc-dev/neofs-proto/compare/v0.2.5...v0.2.6
 [0.2.7]: https://github.com/nspcc-dev/neofs-proto/compare/v0.2.6...v0.2.7
 [0.2.8]: https://github.com/nspcc-dev/neofs-proto/compare/v0.2.7...v0.2.8
+[0.2.9]: https://github.com/nspcc-dev/neofs-proto/compare/v0.2.8...v0.2.9
--- a/docs/container.md
+++ b/docs/container.md
@ -21,6 +21,8 @@
 - [container/types.proto](#container/types.proto)

  - Messages
+    - [AccessControlList](#container.AccessControlList)
+    - [AccessGroup](#container.AccessGroup)
    - [Container](#container.Container)
    

@ -164,6 +166,7 @@ via consensus in inner ring nodes
 | Capacity | [uint64](#uint64) |  | Capacity defines amount of data that can be stored in the container (doesn't used for now). |
 | OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
 | rules | [netmap.PlacementRule](#netmap.PlacementRule) |  | Rules define storage policy for the object inside the container. |
+| Group | [AccessGroup](#container.AccessGroup) |  | Container ACL. |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |

@ -193,6 +196,29 @@ via consensus in inner ring nodes
 <!-- end services -->


+<a name="container.AccessControlList"></a>
+
+### Message AccessControlList
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| List | [AccessGroup](#container.AccessGroup) | repeated | List of access groups. |
+
+
+<a name="container.AccessGroup"></a>
+
+### Message AccessGroup
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| AccessMode | [uint32](#uint32) |  | Group access mode. |
+| UserGroup | [bytes](#bytes) | repeated | Group members. |
+
+
 <a name="container.Container"></a>

 ### Message Container
@ -205,6 +231,7 @@ The Container service definition.
 | Salt | [bytes](#bytes) |  | Salt is a nonce for unique container id calculation. |
 | Capacity | [uint64](#uint64) |  | Capacity defines amount of data that can be stored in the container (doesn't used for now). |
 | Rules | [netmap.PlacementRule](#netmap.PlacementRule) |  | Rules define storage policy for the object inside the container. |
+| List | [AccessControlList](#container.AccessControlList) |  | Container ACL. |

 <!-- end messages -->

--- a/docs/object.md
+++ b/docs/object.md
@ -33,6 +33,7 @@
    - [IntegrityHeader](#object.IntegrityHeader)
    - [Link](#object.Link)
    - [Object](#object.Object)
+    - [PublicKey](#object.PublicKey)
    - [Range](#object.Range)
    - [SystemHeader](#object.SystemHeader)
    - [Tombstone](#object.Tombstone)
@ -368,6 +369,7 @@ in distributed system.
 | PayloadChecksum | [bytes](#bytes) |  | PayloadChecksum of actual object's payload |
 | Integrity | [IntegrityHeader](#object.IntegrityHeader) |  | Integrity header with checksum of all above headers in the object |
 | StorageGroup | [storagegroup.StorageGroup](#storagegroup.StorageGroup) |  | StorageGroup contains meta information for the data audit |
+| PublicKey | [PublicKey](#object.PublicKey) |  | PublicKey of owner of the object. Key is used for verification and can be based on NeoID or x509 cert. |


 <a name="object.IntegrityHeader"></a>
@ -407,6 +409,17 @@ in distributed system.
 | Payload | [bytes](#bytes) |  | Payload is an object's payload |


+<a name="object.PublicKey"></a>
+
+### Message PublicKey
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Value | [bytes](#bytes) |  | Value contains marshaled ecdsa public key |
+
+
 <a name="object.Range"></a>

 ### Message Range
@ -441,10 +454,6 @@ in distributed system.



-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| Epoch | [uint64](#uint64) |  | Epoch when tombstone was created |
-

 <a name="object.Transform"></a>

--- a/docs/session.md
+++ b/docs/session.md
@ -115,6 +115,7 @@ User token granting rights for object manipulation
 | ObjectID | [bytes](#bytes) | repeated | ObjectID is an object identifier of manipulation object |
 | Signature | [bytes](#bytes) |  | Signature is a token signature, signed by owner of manipulation object |
 | ID | [bytes](#bytes) |  | ID is a token identifier. valid UUIDv4 represented in bytes |
+| PublicKeys | [bytes](#bytes) | repeated | PublicKeys associated with owner |


 <a name="session.VerificationHeader"></a>
--- a/go.mod
+++ b/go.mod
@ -7,7 +7,7 @@ require (
 	github.com/golang/protobuf v1.3.2
 	github.com/google/uuid v1.1.1
 	github.com/mr-tron/base58 v1.1.3
-	github.com/nspcc-dev/neofs-crypto v0.2.2
+	github.com/nspcc-dev/neofs-crypto v0.2.3
 	github.com/nspcc-dev/netmap v1.6.1
 	github.com/nspcc-dev/tzhash v1.3.0
 	github.com/pkg/errors v0.8.1
--- a/go.sum
+++ b/go.sum
@ -106,12 +106,12 @@ github.com/mr-tron/base58 v1.1.3/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjW
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/nspcc-dev/hrw v1.0.8 h1:vwRuJXZXgkMvf473vFzeWGCfY1WBVeSHAEHvR4u3/Cg=
 github.com/nspcc-dev/hrw v1.0.8/go.mod h1:l/W2vx83vMQo6aStyx2AuZrJ+07lGv2JQGlVkPG06MU=
-github.com/nspcc-dev/neofs-crypto v0.2.2 h1:jLc5O+Wdpaq7L4lNYFX7li+OP4I1FsvvcPW1NXm3erY=
-github.com/nspcc-dev/neofs-crypto v0.2.2/go.mod h1:F/96fUzPM3wR+UGsPi3faVNmFlA9KAEAUQR7dMxZmNA=
+github.com/nspcc-dev/neofs-crypto v0.2.3 h1:aca3X2aly92ENRbFK+kH6Hd+J9EQ4Eu6XMVoITSIKtc=
+github.com/nspcc-dev/neofs-crypto v0.2.3/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw=
 github.com/nspcc-dev/netmap v1.6.1 h1:Pigqpqi6QSdRiusbq5XlO20A18k6Eyu7j9MzOfAE3CM=
 github.com/nspcc-dev/netmap v1.6.1/go.mod h1:mhV3UOg9ljQmu0teQShD6+JYX09XY5gu2I4hIByCH9M=
-github.com/nspcc-dev/rfc6979 v0.1.0 h1:Lwg7esRRoyK1Up/IN1vAef1EmvrBeMHeeEkek2fAJ6c=
-github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
+github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE=
+github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
 github.com/nspcc-dev/tzhash v1.3.0 h1:n6FTHsfPYbMi5Jmo6SwGVVRQD8i2w1P2ScCaW6rz69Q=
 github.com/nspcc-dev/tzhash v1.3.0/go.mod h1:Lc4DersKS8MNIrunTmsAzANO56qnG+LZ4GOE/WYGVzU=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
--- a/object/extensions.go
+++ b/object/extensions.go
@ -1,4 +1,5 @@
 package object
+// todo: all extensions must be transferred to the separate util library

 import "github.com/nspcc-dev/neofs-proto/storagegroup"

--- a/object/types.go
+++ b/object/types.go
@ -67,6 +67,8 @@ const (
 	IntegrityHdr
 	// StorageGroupHdr is a storage group header type.
 	StorageGroupHdr
+	// PublicKeyHdr is a public key header type.
+	PublicKeyHdr
 )

 var (
@ -140,6 +142,8 @@ func (m Header) typeOf(t isHeader_Value) (ok bool) {
 		_, ok = m.Value.(*Header_Integrity)
 	case *Header_StorageGroup:
 		_, ok = m.Value.(*Header_StorageGroup)
+	case *Header_PublicKey:
+		_, ok = m.Value.(*Header_PublicKey)
 	}
 	return
 }
@ -168,6 +172,8 @@ func HeaderType(t headerType) Pred {
 		return func(h *Header) bool { _, ok := h.Value.(*Header_Integrity); return ok }
 	case StorageGroupHdr:
 		return func(h *Header) bool { _, ok := h.Value.(*Header_StorageGroup); return ok }
+	case PublicKeyHdr:
+		return func(h *Header) bool { _, ok := h.Value.(*Header_PublicKey); return ok }
 	default:
 		return nil
 	}
--- a/object/types.pb.go
+++ b/object/types.pb.go
--- a/object/types.proto
+++ b/object/types.proto
@ -45,13 +45,12 @@ message Header {
        IntegrityHeader Integrity              = 9;
        // StorageGroup contains meta information for the data audit
        storagegroup.StorageGroup StorageGroup = 10;
+        // PublicKey of owner of the object. Key is used for verification and can be based on NeoID or x509 cert.
+        PublicKey PublicKey                    = 11;
    }
 }

-message Tombstone {
-    // Epoch when tombstone was created
-    uint64 Epoch = 1;
-}
+message Tombstone {}

 message SystemHeader {
    // Version of the object structure
@ -125,3 +124,8 @@ message Object {
    // Payload is an object's payload
    bytes Payload             = 3;
 }
+
+message PublicKey {
+    // Value contains marshaled ecdsa public key
+    bytes Value = 1;
+}
--- a/object/verification.go
+++ b/object/verification.go
@ -63,28 +63,35 @@ func (m Object) verifySignature(key []byte, ih *IntegrityHeader) error {
 // Verify performs local integrity check by finding verification header and
 // integrity header. If header integrity is passed, function verifies
 // checksum of the object payload.
+// todo: move this verification logic into separate library
 func (m Object) Verify() error {
 	var (
 		err      error
 		checksum []byte
+		pubkey []byte
 	)
-	// Prepare structures
-	_, vh := m.LastHeader(HeaderType(VerifyHdr))
-	if vh == nil {
-		return ErrHeaderNotFound
-	}
-	verify := vh.Value.(*Header_Verify).Verify
-
-	_, ih := m.LastHeader(HeaderType(IntegrityHdr))
-	if ih == nil {
+	ind, ih := m.LastHeader(HeaderType(IntegrityHdr))
+	if ih == nil || ind != len(m.Headers) - 1{
 		return ErrHeaderNotFound
 	}
 	integrity := ih.Value.(*Header_Integrity).Integrity

+	// Prepare structures
+	_, vh := m.LastHeader(HeaderType(VerifyHdr))
+	if vh == nil {
+		_, pkh := m.LastHeader(HeaderType(PublicKeyHdr))
+		if pkh == nil {
+			return ErrHeaderNotFound
+		}
+		pubkey = pkh.Value.(*Header_PublicKey).PublicKey.Value
+	} else {
+		pubkey = vh.Value.(*Header_Verify).Verify.PublicKey
+	}
+
 	// Verify signature
-	err = m.verifySignature(verify.PublicKey, integrity)
+	err = m.verifySignature(pubkey, integrity)
 	if err != nil {
-		return errors.Wrapf(err, "public key: %x", verify.PublicKey)
+		return errors.Wrapf(err, "public key: %x", pubkey)
 	}

 	// Verify checksum of header
@ -111,22 +118,32 @@ func (m Object) Verify() error {
 	return nil
 }

-// Sign creates new integrity header and adds it to the end of the list of
-// extended headers.
-func (m *Object) Sign(key *ecdsa.PrivateKey) error {
-	headerChecksum, err := m.headersChecksum(false)
+// CreateIntegrityHeader returns signed integrity header for the object
+func CreateIntegrityHeader(obj *Object, key *ecdsa.PrivateKey) (*Header, error) {
+	headerChecksum, err := obj.headersChecksum(false)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	headerChecksumSignature, err := crypto.Sign(key, headerChecksum)
 	if err != nil {
-		return err
+		return nil, err
 	}
-	m.AddHeader(&Header{Value: &Header_Integrity{
+
+	return &Header{Value: &Header_Integrity{
 		Integrity: &IntegrityHeader{
 			HeadersChecksum:   headerChecksum,
 			ChecksumSignature: headerChecksumSignature,
 		},
-	}})
+	}}, nil
+}
+
+// Sign creates new integrity header and adds it to the end of the list of
+// extended headers.
+func (m *Object) Sign(key *ecdsa.PrivateKey) error {
+	ih, err := CreateIntegrityHeader(m, key)
+	if err != nil {
+		return err
+	}
+	m.AddHeader(ih)
 	return nil
 }
--- a/object/verification_test.go
+++ b/object/verification_test.go
@ -56,7 +56,7 @@ func TestObject_Verify(t *testing.T) {
 	obj.SetPayload(payload)
 	obj.SetHeader(&Header{Value: &Header_PayloadChecksum{[]byte("incorrect checksum")}})

-	t.Run("error no integrity header", func(t *testing.T) {
+	t.Run("error no integrity header and pubkey", func(t *testing.T) {
 		err = obj.Verify()
 		require.EqualError(t, err, ErrHeaderNotFound.Error())
 	})
@ -83,12 +83,25 @@ func TestObject_Verify(t *testing.T) {
 	}
 	obj.SetVerificationHeader(vh)

+	// validation header is not last
+	t.Run("error validation header is not last", func(t *testing.T) {
+		err = obj.Verify()
+		require.EqualError(t, err, ErrHeaderNotFound.Error())
+	})
+
+	obj.Headers = obj.Headers[:len(obj.Headers)-2]
+	obj.SetVerificationHeader(vh)
+	obj.SetHeader(&Header{Value: &Header_Integrity{ih}})
+
 	t.Run("error invalid header checksum", func(t *testing.T) {
 		err = obj.Verify()
 		require.EqualError(t, err, ErrVerifyHeader.Error())
 	})

-	require.NoError(t, obj.Sign(sessionkey))
+	obj.Headers = obj.Headers[:len(obj.Headers)-1]
+	genIH, err := CreateIntegrityHeader(obj, sessionkey)
+	require.NoError(t, err)
+	obj.SetHeader(genIH)

 	t.Run("error invalid payload checksum", func(t *testing.T) {
 		err = obj.Verify()
@ -96,10 +109,39 @@ func TestObject_Verify(t *testing.T) {
 	})

 	obj.SetHeader(&Header{Value: &Header_PayloadChecksum{obj.PayloadChecksum()}})
-	require.NoError(t, obj.Sign(sessionkey))

-	t.Run("correct", func(t *testing.T) {
+	obj.Headers = obj.Headers[:len(obj.Headers)-1]
+	genIH, err = CreateIntegrityHeader(obj, sessionkey)
+	require.NoError(t, err)
+	obj.SetHeader(genIH)
+
+	t.Run("correct with vh", func(t *testing.T) {
 		err = obj.Verify()
 		require.NoError(t, err)
 	})
+
+	pkh := Header{Value: &Header_PublicKey{&PublicKey{
+		Value: crypto.MarshalPublicKey(&key.PublicKey),
+	}}}
+	// replace vh with pkh
+	obj.Headers[len(obj.Headers)-2] = pkh
+	// re-sign object
+	obj.Sign(sessionkey)
+
+
+	t.Run("incorrect with bad public key", func(t *testing.T) {
+		err = obj.Verify()
+		require.Error(t, err)
+	})
+
+	obj.SetHeader(&Header{Value: &Header_PublicKey{&PublicKey{
+		Value: dataPK,
+	}}})
+	obj.Sign(sessionkey)
+
+	t.Run("correct with good public key", func(t *testing.T) {
+		err = obj.Verify()
+		require.NoError(t, err)
+	})
+
 }
--- a/session/store_test.go
+++ b/session/store_test.go
@ -31,20 +31,22 @@ func newTestClient(t *testing.T) *testClient {

 func signToken(t *testing.T, token *PToken, c *testClient) {
 	require.NotNil(t, token)
+	token.SetPublicKeys(&c.PublicKey)

 	signH, err := c.Sign(token.Header.PublicKey)
 	require.NoError(t, err)
 	require.NotNil(t, signH)

 	// data is not yet signed
-	require.False(t, token.Verify(&c.PublicKey))
+	keys := UnmarshalPublicKeys(&token.Token)
+	require.False(t, token.Verify(keys...))

 	signT, err := c.Sign(token.verificationData())
 	require.NoError(t, err)
 	require.NotNil(t, signT)

 	token.AddSignatures(signH, signT)
-	require.True(t, token.Verify(&c.PublicKey))
+	require.True(t, token.Verify(keys...))
 }

 func TestTokenStore(t *testing.T) {
--- a/session/types.go
+++ b/session/types.go
@ -6,6 +6,7 @@ import (
 	"sync"

 	crypto "github.com/nspcc-dev/neofs-crypto"
+	"github.com/nspcc-dev/neofs-proto/chain"
 	"github.com/nspcc-dev/neofs-proto/internal"
 	"github.com/nspcc-dev/neofs-proto/refs"
 	"github.com/pkg/errors"
@ -111,11 +112,24 @@ func (m *Token) Sign(key *ecdsa.PrivateKey) error {
 	return nil
 }

+// SetPublicKeys sets owner's public keys to the token
+func (m *Token) SetPublicKeys(keys... *ecdsa.PublicKey) {
+	m.PublicKeys = m.PublicKeys[:0]
+	for i := range keys {
+		m.PublicKeys = append(m.PublicKeys, crypto.MarshalPublicKey(keys[i]))
+	}
+}
+
 // Verify checks if token is correct and signed.
 func (m *Token) Verify(keys ...*ecdsa.PublicKey) bool {
 	if m.FirstEpoch > m.LastEpoch {
 		return false
 	}
+	ownerFromKeys := chain.KeysToAddress(keys...)
+	if m.OwnerID.String() != ownerFromKeys {
+		return false
+	}
+
 	for i := range keys {
 		if m.Header.Verify(keys[i]) && crypto.Verify(keys[i], m.verificationData(), m.Signature) == nil {
 			return true
@ -156,3 +170,12 @@ func (m *VerificationHeader) Verify(keys ...*ecdsa.PublicKey) bool {
 	}
 	return false
 }
+
+// UnmarshalPublicKeys returns unmarshal public keys from the token
+func UnmarshalPublicKeys(t *Token) []*ecdsa.PublicKey {
+	r := make([]*ecdsa.PublicKey, 0, len(t.PublicKeys))
+	for i := range t.PublicKeys {
+		r = append(r, crypto.UnmarshalPublicKey(t.PublicKeys[i]))
+	}
+	return r
+}
--- a/session/types.pb.go
+++ b/session/types.pb.go
--- a/session/types.proto
+++ b/session/types.proto
@ -29,4 +29,6 @@ message Token {
    bytes Signature = 6;
    // ID is a token identifier. valid UUIDv4 represented in bytes
    bytes ID = 7 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
+    // PublicKeys associated with owner
+    repeated bytes PublicKeys = 8;
 }