frostfs-node/pkg/services/tree/signature.go

package tree

import (
	"crypto/ecdsa"
	"crypto/elliptic"
	"errors"
	"fmt"

	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
	"github.com/nspcc-dev/neofs-api-go/v2/refs"
	"github.com/nspcc-dev/neofs-sdk-go/bearer"
	cidSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
	"github.com/nspcc-dev/neofs-sdk-go/eacl"
	"github.com/nspcc-dev/neofs-sdk-go/user"
)

type message interface {
	SignedDataSize() int
	ReadSignedData([]byte) ([]byte, error)
	GetSignature() *Signature
	SetSignature(*Signature)
}

// verifyClient verifies that the request for a client operation was either signed by owner
// or contains a valid bearer token.
func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op eacl.Operation) error {
	err := verifyMessage(req)
	if err != nil {
		return err
	}

	cnr, err := s.cnrSource.Get(cid)
	if err != nil {
		return fmt.Errorf("can't get container %s: %w", cid, err)
	}

	ownerID := cnr.Value.Owner()

	if len(rawBearer) == 0 { // must be signed by the owner
		// No error is expected because `VerifyDataWithSource` checks the signature.
		// However, we may use different algorithms in the future, thus this check.
		pub, err := keys.NewPublicKeyFromBytes(req.GetSignature().GetKey(), elliptic.P256())
		if err != nil {
			return fmt.Errorf("invalid public key: %w", err)
		}

		var actualID user.ID
		user.IDFromKey(&actualID, (ecdsa.PublicKey)(*pub))

		if !actualID.Equals(ownerID) {
			return errors.New("`Move` request must be signed by a container owner")
		}
		return nil
	}

	var bt bearer.Token
	if err := bt.Unmarshal(rawBearer); err != nil {
		return fmt.Errorf("invalid bearer token: %w", err)
	}
	if !bearer.ResolveIssuer(bt).Equals(ownerID) {
		return errors.New("bearer token must be signed by the container owner")
	}
	if !bt.AssertContainer(cid) {
		return errors.New("bearer token is created for another container")
	}
	if !bt.VerifySignature() {
		return errors.New("invalid bearer token signature")
	}

	tb := bt.EACLTable()

	// The default action should be DENY, so we use RoleOthers to allow token issuer
	// to restrict everyone not affected by the previous rules.
	// This can be simplified after nspcc-dev/neofs-sdk-go#243 .
	action, found := eacl.NewValidator().CalculateAction(new(eacl.ValidationUnit).
		WithEACLTable(&tb).
		WithContainerID(&cid).
		WithRole(eacl.RoleOthers).
		WithSenderKey(req.GetSignature().GetKey()).
		WithOperation(op))
	if !found || action != eacl.ActionAllow {
		return errors.New("operation denied by bearer eACL")
	}
	return nil
}

func verifyMessage(m message) error {
	binBody, err := m.ReadSignedData(nil)
	if err != nil {
		return fmt.Errorf("marshal request body: %w", err)
	}

	sig := m.GetSignature()

	// TODO(@cthulhu-rider): #1387 use Signature message from NeoFS API to avoid conversion
	var sigV2 refs.Signature
	sigV2.SetKey(sig.GetKey())
	sigV2.SetSign(sig.GetSign())
	sigV2.SetScheme(refs.ECDSA_SHA512)

	var sigSDK neofscrypto.Signature
	sigSDK.ReadFromV2(sigV2)

	if !sigSDK.Verify(binBody) {
		return errors.New("invalid signature")
	}
	return nil
}

func signMessage(m message, key *ecdsa.PrivateKey) error {
	binBody, err := m.ReadSignedData(nil)
	if err != nil {
		return err
	}

	keySDK := neofsecdsa.Signer(*key)
	data, err := keySDK.Sign(binBody)
	if err != nil {
		return err
	}

	rawPub := make([]byte, keySDK.Public().MaxEncodedSize())
	rawPub = rawPub[:keySDK.Public().Encode(rawPub)]
	m.SetSignature(&Signature{
		Key:  rawPub,
		Sign: data,
	})

	return nil
}