[#562] pkg: remove nspcc-dev/neofs-crypto dependency

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
This commit is contained in:
Evgenii Stratonikov 2021-05-31 11:55:40 +03:00 committed by Alex Vanin
parent 5cab0026c3
commit 9142c778c7
7 changed files with 51 additions and 38 deletions

1
go.mod
View file

@ -14,7 +14,6 @@ require (
github.com/nspcc-dev/hrw v1.0.9 github.com/nspcc-dev/hrw v1.0.9
github.com/nspcc-dev/neo-go v0.95.1 github.com/nspcc-dev/neo-go v0.95.1
github.com/nspcc-dev/neofs-api-go v1.27.1 github.com/nspcc-dev/neofs-api-go v1.27.1
github.com/nspcc-dev/neofs-crypto v0.3.0
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20210520210714-9dee13f0d556 github.com/nspcc-dev/neofs-sdk-go v0.0.0-20210520210714-9dee13f0d556
github.com/nspcc-dev/tzhash v1.4.0 github.com/nspcc-dev/tzhash v1.4.0
github.com/panjf2000/ants/v2 v2.3.0 github.com/panjf2000/ants/v2 v2.3.0

View file

@ -2,15 +2,17 @@ package object
import ( import (
"bytes" "bytes"
"crypto/ecdsa"
"crypto/elliptic"
"errors" "errors"
"fmt" "fmt"
"strconv" "strconv"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/nspcc-dev/neofs-api-go/pkg/object" "github.com/nspcc-dev/neofs-api-go/pkg/object"
"github.com/nspcc-dev/neofs-api-go/pkg/owner" "github.com/nspcc-dev/neofs-api-go/pkg/owner"
"github.com/nspcc-dev/neofs-api-go/pkg/storagegroup" "github.com/nspcc-dev/neofs-api-go/pkg/storagegroup"
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object" objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-node/pkg/core/netmap" "github.com/nspcc-dev/neofs-node/pkg/core/netmap"
) )
@ -106,7 +108,12 @@ func (v *FormatValidator) validateSignatureKey(obj *Object) error {
} }
func (v *FormatValidator) checkOwnerKey(id *owner.ID, key []byte) error { func (v *FormatValidator) checkOwnerKey(id *owner.ID, key []byte) error {
wallet, err := owner.NEO3WalletFromPublicKey(crypto.UnmarshalPublicKey(key)) pub, err := keys.NewPublicKeyFromBytes(key, elliptic.P256())
if err != nil {
return err
}
wallet, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(pub))
if err != nil { if err != nil {
// TODO: check via NeoFSID // TODO: check via NeoFSID
return err return err

View file

@ -8,13 +8,13 @@ import (
"strconv" "strconv"
"testing" "testing"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
cidtest "github.com/nspcc-dev/neofs-api-go/pkg/container/id/test" cidtest "github.com/nspcc-dev/neofs-api-go/pkg/container/id/test"
"github.com/nspcc-dev/neofs-api-go/pkg/object" "github.com/nspcc-dev/neofs-api-go/pkg/object"
"github.com/nspcc-dev/neofs-api-go/pkg/owner" "github.com/nspcc-dev/neofs-api-go/pkg/owner"
sessiontest "github.com/nspcc-dev/neofs-api-go/pkg/session/test" sessiontest "github.com/nspcc-dev/neofs-api-go/pkg/session/test"
"github.com/nspcc-dev/neofs-api-go/pkg/storagegroup" "github.com/nspcc-dev/neofs-api-go/pkg/storagegroup"
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object" objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
"github.com/nspcc-dev/neofs-node/pkg/util/test"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -65,7 +65,8 @@ func TestFormatValidator_Validate(t *testing.T) {
}), }),
) )
ownerKey := test.DecodeKey(-1) ownerKey, err := keys.NewPrivateKey()
require.NoError(t, err)
t.Run("nil input", func(t *testing.T) { t.Run("nil input", func(t *testing.T) {
require.Error(t, v.Validate(nil)) require.Error(t, v.Validate(nil))
@ -93,7 +94,7 @@ func TestFormatValidator_Validate(t *testing.T) {
}) })
t.Run("correct w/ session token", func(t *testing.T) { t.Run("correct w/ session token", func(t *testing.T) {
w, err := owner.NEO3WalletFromPublicKey(&ownerKey.PublicKey) w, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(ownerKey.PublicKey()))
require.NoError(t, err) require.NoError(t, err)
tok := sessiontest.Generate() tok := sessiontest.Generate()
@ -104,15 +105,15 @@ func TestFormatValidator_Validate(t *testing.T) {
obj.SetSessionToken(sessiontest.Generate()) obj.SetSessionToken(sessiontest.Generate())
obj.SetOwnerID(tok.OwnerID()) obj.SetOwnerID(tok.OwnerID())
require.NoError(t, object.SetIDWithSignature(ownerKey, obj.SDK())) require.NoError(t, object.SetIDWithSignature(&ownerKey.PrivateKey, obj.SDK()))
require.NoError(t, v.Validate(obj.Object())) require.NoError(t, v.Validate(obj.Object()))
}) })
t.Run("correct w/o session token", func(t *testing.T) { t.Run("correct w/o session token", func(t *testing.T) {
obj := blankValidObject(t, ownerKey) obj := blankValidObject(t, &ownerKey.PrivateKey)
require.NoError(t, object.SetIDWithSignature(ownerKey, obj.SDK())) require.NoError(t, object.SetIDWithSignature(&ownerKey.PrivateKey, obj.SDK()))
require.NoError(t, v.Validate(obj.Object())) require.NoError(t, v.Validate(obj.Object()))
}) })
@ -187,7 +188,7 @@ func TestFormatValidator_Validate(t *testing.T) {
t.Run("expiration", func(t *testing.T) { t.Run("expiration", func(t *testing.T) {
fn := func(val string) *Object { fn := func(val string) *Object {
obj := blankValidObject(t, ownerKey) obj := blankValidObject(t, &ownerKey.PrivateKey)
a := object.NewAttribute() a := object.NewAttribute()
a.SetKey(objectV2.SysAttributeExpEpoch) a.SetKey(objectV2.SysAttributeExpEpoch)
@ -195,7 +196,7 @@ func TestFormatValidator_Validate(t *testing.T) {
obj.SetAttributes(a) obj.SetAttributes(a)
require.NoError(t, object.SetIDWithSignature(ownerKey, obj.SDK())) require.NoError(t, object.SetIDWithSignature(&ownerKey.PrivateKey, obj.SDK()))
return obj.Object() return obj.Object()
} }

View file

@ -6,6 +6,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
acl "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl" acl "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
cid "github.com/nspcc-dev/neofs-api-go/pkg/container/id" cid "github.com/nspcc-dev/neofs-api-go/pkg/container/id"
objectSDK "github.com/nspcc-dev/neofs-api-go/pkg/object" objectSDK "github.com/nspcc-dev/neofs-api-go/pkg/object"
@ -16,7 +17,6 @@ import (
"github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-api-go/v2/refs"
"github.com/nspcc-dev/neofs-api-go/v2/session" "github.com/nspcc-dev/neofs-api-go/v2/session"
v2signature "github.com/nspcc-dev/neofs-api-go/v2/signature" v2signature "github.com/nspcc-dev/neofs-api-go/v2/signature"
crypto "github.com/nspcc-dev/neofs-crypto"
core "github.com/nspcc-dev/neofs-node/pkg/core/container" core "github.com/nspcc-dev/neofs-node/pkg/core/container"
"github.com/nspcc-dev/neofs-node/pkg/core/netmap" "github.com/nspcc-dev/neofs-node/pkg/core/netmap"
"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine" "github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine"
@ -589,7 +589,7 @@ func stickyBitCheck(info requestInfo, owner *owner.ID) bool {
return true return true
} }
requestSenderKey := crypto.UnmarshalPublicKey(info.senderKey) requestSenderKey := unmarshalPublicKey(info.senderKey)
return isOwnerFromKey(owner, requestSenderKey) return isOwnerFromKey(owner, requestSenderKey)
} }
@ -726,7 +726,7 @@ func isValidBearer(reqInfo requestInfo, st netmap.State) bool {
} }
// 3. Then check if container owner signed this token. // 3. Then check if container owner signed this token.
tokenIssuerKey := crypto.UnmarshalPublicKey(token.GetSignature().GetKey()) tokenIssuerKey := unmarshalPublicKey(token.GetSignature().GetKey())
if !isOwnerFromKey(reqInfo.cnrOwner, tokenIssuerKey) { if !isOwnerFromKey(reqInfo.cnrOwner, tokenIssuerKey) {
// todo: in this case we can issue all owner keys from neofs.id and check once again // todo: in this case we can issue all owner keys from neofs.id and check once again
return false return false
@ -735,7 +735,7 @@ func isValidBearer(reqInfo requestInfo, st netmap.State) bool {
// 4. Then check if request sender has rights to use this token. // 4. Then check if request sender has rights to use this token.
tokenOwnerField := owner.NewIDFromV2(token.GetBody().GetOwnerID()) tokenOwnerField := owner.NewIDFromV2(token.GetBody().GetOwnerID())
if tokenOwnerField != nil { // see bearer token owner field description if tokenOwnerField != nil { // see bearer token owner field description
requestSenderKey := crypto.UnmarshalPublicKey(reqInfo.senderKey) requestSenderKey := unmarshalPublicKey(reqInfo.senderKey)
if !isOwnerFromKey(tokenOwnerField, requestSenderKey) { if !isOwnerFromKey(tokenOwnerField, requestSenderKey) {
// todo: in this case we can issue all owner keys from neofs.id and check once again // todo: in this case we can issue all owner keys from neofs.id and check once again
return false return false
@ -754,12 +754,12 @@ func isValidLifetime(lifetime *bearer.TokenLifetime, epoch uint64) bool {
return epoch >= lifetime.GetNbf() && epoch <= lifetime.GetExp() return epoch >= lifetime.GetNbf() && epoch <= lifetime.GetExp()
} }
func isOwnerFromKey(id *owner.ID, key *ecdsa.PublicKey) bool { func isOwnerFromKey(id *owner.ID, key *keys.PublicKey) bool {
if id == nil || key == nil { if id == nil || key == nil {
return false return false
} }
wallet, err := owner.NEO3WalletFromPublicKey(key) wallet, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(key))
if err != nil { if err != nil {
return false return false
} }

View file

@ -3,8 +3,10 @@ package acl
import ( import (
"bytes" "bytes"
"crypto/ecdsa" "crypto/ecdsa"
"crypto/elliptic"
"fmt" "fmt"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/nspcc-dev/neofs-api-go/pkg" "github.com/nspcc-dev/neofs-api-go/pkg"
acl "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl" acl "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
"github.com/nspcc-dev/neofs-api-go/pkg/container" "github.com/nspcc-dev/neofs-api-go/pkg/container"
@ -15,7 +17,6 @@ import (
bearer "github.com/nspcc-dev/neofs-api-go/v2/acl" bearer "github.com/nspcc-dev/neofs-api-go/v2/acl"
"github.com/nspcc-dev/neofs-api-go/v2/session" "github.com/nspcc-dev/neofs-api-go/v2/session"
v2signature "github.com/nspcc-dev/neofs-api-go/v2/signature" v2signature "github.com/nspcc-dev/neofs-api-go/v2/signature"
crypto "github.com/nspcc-dev/neofs-crypto"
core "github.com/nspcc-dev/neofs-node/pkg/core/netmap" core "github.com/nspcc-dev/neofs-node/pkg/core/netmap"
"go.uber.org/zap" "go.uber.org/zap"
) )
@ -61,7 +62,7 @@ func (c SenderClassifier) Classify(
return 0, false, nil, err return 0, false, nil, err
} }
ownerKeyInBytes := crypto.MarshalPublicKey(ownerKey) ownerKeyInBytes := ownerKey.Bytes()
// todo: get owner from neofs.id if present // todo: get owner from neofs.id if present
@ -94,7 +95,7 @@ func (c SenderClassifier) Classify(
return acl.RoleOthers, false, ownerKeyInBytes, nil return acl.RoleOthers, false, ownerKeyInBytes, nil
} }
func requestOwner(req metaWithToken) (*owner.ID, *ecdsa.PublicKey, error) { func requestOwner(req metaWithToken) (*owner.ID, *keys.PublicKey, error) {
if req.vheader == nil { if req.vheader == nil {
return nil, nil, fmt.Errorf("%w: nil verification header", ErrMalformedRequest) return nil, nil, fmt.Errorf("%w: nil verification header", ErrMalformedRequest)
} }
@ -111,8 +112,8 @@ func requestOwner(req metaWithToken) (*owner.ID, *ecdsa.PublicKey, error) {
return nil, nil, fmt.Errorf("%w: nil at body signature", ErrMalformedRequest) return nil, nil, fmt.Errorf("%w: nil at body signature", ErrMalformedRequest)
} }
key := crypto.UnmarshalPublicKey(bodySignature.Key()) key := unmarshalPublicKey(bodySignature.Key())
neo3wallet, err := owner.NEO3WalletFromPublicKey(key) neo3wallet, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(key))
if err != nil { if err != nil {
return nil, nil, fmt.Errorf("can't create neo3 wallet: %w", err) return nil, nil, fmt.Errorf("can't create neo3 wallet: %w", err)
} }
@ -196,7 +197,7 @@ func lookupKeyInContainer(
return false, nil return false, nil
} }
func ownerFromToken(token *session.SessionToken) (*owner.ID, *ecdsa.PublicKey, error) { func ownerFromToken(token *session.SessionToken) (*owner.ID, *keys.PublicKey, error) {
// 1. First check signature of session token. // 1. First check signature of session token.
signWrapper := v2signature.StableMarshalerWrapper{SM: token.GetBody()} signWrapper := v2signature.StableMarshalerWrapper{SM: token.GetBody()}
if err := signature.VerifyDataWithSource(signWrapper, func() (key, sig []byte) { if err := signature.VerifyDataWithSource(signWrapper, func() (key, sig []byte) {
@ -207,7 +208,7 @@ func ownerFromToken(token *session.SessionToken) (*owner.ID, *ecdsa.PublicKey, e
} }
// 2. Then check if session token owner issued the session token // 2. Then check if session token owner issued the session token
tokenIssuerKey := crypto.UnmarshalPublicKey(token.GetSignature().GetKey()) tokenIssuerKey := unmarshalPublicKey(token.GetSignature().GetKey())
tokenOwner := owner.NewIDFromV2(token.GetBody().GetOwnerID()) tokenOwner := owner.NewIDFromV2(token.GetBody().GetOwnerID())
if !isOwnerFromKey(tokenOwner, tokenIssuerKey) { if !isOwnerFromKey(tokenOwner, tokenIssuerKey) {
@ -217,3 +218,11 @@ func ownerFromToken(token *session.SessionToken) (*owner.ID, *ecdsa.PublicKey, e
return tokenOwner, tokenIssuerKey, nil return tokenOwner, tokenIssuerKey, nil
} }
func unmarshalPublicKey(bs []byte) *keys.PublicKey {
pub, err := keys.NewPublicKeyFromBytes(bs, elliptic.P256())
if err != nil {
return nil
}
return pub
}

View file

@ -1,20 +1,20 @@
package v2 package v2
import ( import (
"crypto/ecdsa"
"crypto/rand" "crypto/rand"
"crypto/sha256" "crypto/sha256"
"testing" "testing"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl" "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
cid "github.com/nspcc-dev/neofs-api-go/pkg/container/id" cid "github.com/nspcc-dev/neofs-api-go/pkg/container/id"
cidtest "github.com/nspcc-dev/neofs-api-go/pkg/container/id/test" cidtest "github.com/nspcc-dev/neofs-api-go/pkg/container/id/test"
objectSDK "github.com/nspcc-dev/neofs-api-go/pkg/object" objectSDK "github.com/nspcc-dev/neofs-api-go/pkg/object"
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object" objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
"github.com/nspcc-dev/neofs-api-go/v2/session" "github.com/nspcc-dev/neofs-api-go/v2/session"
crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-node/pkg/core/object" "github.com/nspcc-dev/neofs-node/pkg/core/object"
eacl2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl" eacl2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl"
"github.com/nspcc-dev/neofs-node/pkg/util/test"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -111,14 +111,16 @@ func TestHeadRequest(t *testing.T) {
table := new(eacl.Table) table := new(eacl.Table)
senderKey := test.DecodeKey(-1).PublicKey priv, err := keys.NewPrivateKey()
require.NoError(t, err)
senderKey := priv.PublicKey()
r := eacl.NewRecord() r := eacl.NewRecord()
r.SetOperation(eacl.OperationHead) r.SetOperation(eacl.OperationHead)
r.SetAction(eacl.ActionDeny) r.SetAction(eacl.ActionDeny)
r.AddFilter(eacl.HeaderFromObject, eacl.MatchStringEqual, attrKey, attrVal) r.AddFilter(eacl.HeaderFromObject, eacl.MatchStringEqual, attrKey, attrVal)
r.AddFilter(eacl.HeaderFromRequest, eacl.MatchStringEqual, xKey, xVal) r.AddFilter(eacl.HeaderFromRequest, eacl.MatchStringEqual, xKey, xVal)
eacl.AddFormedTarget(r, eacl.RoleUnknown, senderKey) eacl.AddFormedTarget(r, eacl.RoleUnknown, (ecdsa.PublicKey)(*senderKey))
table.AddRecord(r) table.AddRecord(r)
@ -132,7 +134,7 @@ func TestHeadRequest(t *testing.T) {
unit := new(eacl2.ValidationUnit). unit := new(eacl2.ValidationUnit).
WithContainerID(cid). WithContainerID(cid).
WithOperation(eacl.OperationHead). WithOperation(eacl.OperationHead).
WithSenderKey(crypto.MarshalPublicKey(&senderKey)). WithSenderKey(senderKey.Bytes()).
WithHeaderSource( WithHeaderSource(
NewMessageHeaderSource( NewMessageHeaderSource(
WithObjectStorage(lStorage), WithObjectStorage(lStorage),

View file

@ -2,16 +2,13 @@ package storage
import ( import (
"context" "context"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"fmt" "fmt"
"github.com/google/uuid" "github.com/google/uuid"
"github.com/mr-tron/base58" "github.com/mr-tron/base58"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/nspcc-dev/neofs-api-go/pkg/owner" "github.com/nspcc-dev/neofs-api-go/pkg/owner"
"github.com/nspcc-dev/neofs-api-go/v2/session" "github.com/nspcc-dev/neofs-api-go/v2/session"
crypto "github.com/nspcc-dev/neofs-crypto"
) )
func (s *TokenStore) Create(ctx context.Context, body *session.CreateRequestBody) (*session.CreateResponseBody, error) { func (s *TokenStore) Create(ctx context.Context, body *session.CreateRequestBody) (*session.CreateResponseBody, error) {
@ -30,7 +27,7 @@ func (s *TokenStore) Create(ctx context.Context, body *session.CreateRequestBody
return nil, fmt.Errorf("could not marshal token ID: %w", err) return nil, fmt.Errorf("could not marshal token ID: %w", err)
} }
sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) sk, err := keys.NewPrivateKey()
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -40,16 +37,14 @@ func (s *TokenStore) Create(ctx context.Context, body *session.CreateRequestBody
tokenID: base58.Encode(uidBytes), tokenID: base58.Encode(uidBytes),
ownerID: base58.Encode(ownerBytes), ownerID: base58.Encode(ownerBytes),
}] = &PrivateToken{ }] = &PrivateToken{
sessionKey: sk, sessionKey: &sk.PrivateKey,
exp: body.GetExpiration(), exp: body.GetExpiration(),
} }
s.mtx.Unlock() s.mtx.Unlock()
res := new(session.CreateResponseBody) res := new(session.CreateResponseBody)
res.SetID(uidBytes) res.SetID(uidBytes)
res.SetSessionKey( res.SetSessionKey(sk.PublicKey().Bytes())
crypto.MarshalPublicKey(&sk.PublicKey),
)
return res, nil return res, nil
} }