diff --git a/container/convert.go b/container/convert.go index 89e0153e..5e49bead 100644 --- a/container/convert.go +++ b/container/convert.go @@ -152,6 +152,18 @@ func (c *Container) FromGRPCMessage(m grpc.Message) error { return nil } +func toSignatureRFC6979(s *refs.Signature) *refsGRPC.SignatureRFC6979 { + var res *refsGRPC.SignatureRFC6979 + + if s != nil { + res = new(refsGRPC.SignatureRFC6979) + res.SetKey(s.GetKey()) + res.SetSign(s.GetSign()) + } + + return res +} + func (r *PutRequestBody) ToGRPCMessage() grpc.Message { var m *container.PutRequest_Body @@ -159,7 +171,7 @@ func (r *PutRequestBody) ToGRPCMessage() grpc.Message { m = new(container.PutRequest_Body) m.SetContainer(r.cnr.ToGRPCMessage().(*container.Container)) - m.SetSignature(r.sig.ToGRPCMessage().(*refsGRPC.Signature)) + m.SetSignature(toSignatureRFC6979(r.sig)) } return m @@ -195,7 +207,8 @@ func (r *PutRequestBody) FromGRPCMessage(m grpc.Message) error { r.sig = new(refs.Signature) } - err = r.sig.FromGRPCMessage(sig) + r.sig.SetKey(sig.GetKey()) + r.sig.SetSign(sig.GetSign()) } return err @@ -391,7 +404,7 @@ func (r *GetResponseBody) ToGRPCMessage() grpc.Message { m.SetContainer(r.cnr.ToGRPCMessage().(*container.Container)) m.SetSessionToken(r.token.ToGRPCMessage().(*sessionGRPC.SessionToken)) - m.SetSignature(r.sig.ToGRPCMessage().(*refsGRPC.Signature)) + m.SetSignature(toSignatureRFC6979(r.sig)) } return m @@ -424,7 +437,8 @@ func (r *GetResponseBody) FromGRPCMessage(m grpc.Message) error { r.sig = new(refs.Signature) } - err = r.sig.FromGRPCMessage(sig) + r.sig.SetKey(sig.GetKey()) + r.sig.SetSign(sig.GetSign()) } token := v.GetSessionToken() @@ -486,7 +500,7 @@ func (r *DeleteRequestBody) ToGRPCMessage() grpc.Message { m = new(container.DeleteRequest_Body) m.SetContainerId(r.cid.ToGRPCMessage().(*refsGRPC.ContainerID)) - m.SetSignature(r.sig.ToGRPCMessage().(*refsGRPC.Signature)) + m.SetSignature(toSignatureRFC6979(r.sig)) } return m @@ -522,7 +536,8 @@ func (r *DeleteRequestBody) FromGRPCMessage(m grpc.Message) error { r.sig = new(refs.Signature) } - err = r.sig.FromGRPCMessage(sig) + r.sig.SetKey(sig.GetKey()) + r.sig.SetSign(sig.GetSign()) } return err @@ -765,7 +780,7 @@ func (r *SetExtendedACLRequestBody) ToGRPCMessage() grpc.Message { m = new(container.SetExtendedACLRequest_Body) m.SetEacl(r.eacl.ToGRPCMessage().(*aclGRPC.EACLTable)) - m.SetSignature(r.sig.ToGRPCMessage().(*refsGRPC.Signature)) + m.SetSignature(toSignatureRFC6979(r.sig)) } return m @@ -801,7 +816,8 @@ func (r *SetExtendedACLRequestBody) FromGRPCMessage(m grpc.Message) error { r.sig = new(refs.Signature) } - err = r.sig.FromGRPCMessage(sig) + r.sig.SetKey(sig.GetKey()) + r.sig.SetSign(sig.GetSign()) } return err @@ -981,7 +997,7 @@ func (r *GetExtendedACLResponseBody) ToGRPCMessage() grpc.Message { m = new(container.GetExtendedACLResponse_Body) m.SetEacl(r.eacl.ToGRPCMessage().(*aclGRPC.EACLTable)) - m.SetSignature(r.sig.ToGRPCMessage().(*refsGRPC.Signature)) + m.SetSignature(toSignatureRFC6979(r.sig)) m.SetSessionToken(r.token.ToGRPCMessage().(*sessionGRPC.SessionToken)) } @@ -1018,7 +1034,8 @@ func (r *GetExtendedACLResponseBody) FromGRPCMessage(m grpc.Message) error { r.sig = new(refs.Signature) } - err = r.sig.FromGRPCMessage(sig) + r.sig.SetKey(sig.GetKey()) + r.sig.SetSign(sig.GetSign()) } token := v.GetSessionToken() diff --git a/container/grpc/service.go b/container/grpc/service.go index 6aa854ba..09743dcc 100644 --- a/container/grpc/service.go +++ b/container/grpc/service.go @@ -14,7 +14,7 @@ func (m *PutRequest_Body) SetContainer(v *Container) { } // SetSignature sets signature of the container structure. -func (m *PutRequest_Body) SetSignature(v *refs.Signature) { +func (m *PutRequest_Body) SetSignature(v *refs.SignatureRFC6979) { if m != nil { m.Signature = v } @@ -77,7 +77,7 @@ func (m *DeleteRequest_Body) SetContainerId(v *refs.ContainerID) { } // SetSignature sets signature of the container identifier. -func (m *DeleteRequest_Body) SetSignature(v *refs.Signature) { +func (m *DeleteRequest_Body) SetSignature(v *refs.SignatureRFC6979) { if m != nil { m.Signature = v } @@ -166,8 +166,8 @@ func (m *GetResponse_Body) SetSessionToken(v *session.SessionToken) { } } -// SetSignature sets signature of the requested container. -func (m *GetResponse_Body) SetSignature(v *refs.Signature) { +// SetSignature sets signature of the container structure. +func (m *GetResponse_Body) SetSignature(v *refs.SignatureRFC6979) { if m != nil { m.Signature = v } @@ -257,8 +257,8 @@ func (m *SetExtendedACLRequest_Body) SetEacl(v *acl.EACLTable) { } } -// SetSignature sets signature of the eACL table. -func (m *SetExtendedACLRequest_Body) SetSignature(v *refs.Signature) { +// SetSignature sets signature of the eACL table structure. +func (m *SetExtendedACLRequest_Body) SetSignature(v *refs.SignatureRFC6979) { if m != nil { m.Signature = v } @@ -341,8 +341,8 @@ func (m *GetExtendedACLResponse_Body) SetEacl(v *acl.EACLTable) { } } -// SetSignature sets signature of the eACL table. -func (m *GetExtendedACLResponse_Body) SetSignature(v *refs.Signature) { +// SetSignature sets signature of the eACL table structure. +func (m *GetExtendedACLResponse_Body) SetSignature(v *refs.SignatureRFC6979) { if m != nil { m.Signature = v } diff --git a/container/grpc/service.pb.go b/container/grpc/service.pb.go index d7fa78e2..dd913949 100644 Binary files a/container/grpc/service.pb.go and b/container/grpc/service.pb.go differ diff --git a/container/types.go b/container/types.go index ea7fd9cb..4da17233 100644 --- a/container/types.go +++ b/container/types.go @@ -316,6 +316,8 @@ func (r *PutRequestBody) GetSignature() *refs.Signature { func (r *PutRequestBody) SetSignature(v *refs.Signature) { if r != nil { + // TODO: (neofs-api-go#381) avoid this hack (e.g. create refs.SignatureRFC6979 type) + v.SetScheme(0) r.sig = v } } @@ -434,6 +436,8 @@ func (r *GetResponseBody) GetSignature() *refs.Signature { // SetSignature sets signature of the requested container. func (r *GetResponseBody) SetSignature(v *refs.Signature) { if r != nil { + // TODO: (neofs-api-go#381) avoid this hack (e.g. create refs.SignatureRFC6979 type) + v.SetScheme(0) r.sig = v } } @@ -476,6 +480,8 @@ func (r *DeleteRequestBody) GetSignature() *refs.Signature { func (r *DeleteRequestBody) SetSignature(v *refs.Signature) { if r != nil { + // TODO: (neofs-api-go#381) avoid this hack (e.g. create refs.SignatureRFC6979 type) + v.SetScheme(0) r.sig = v } } @@ -588,6 +594,8 @@ func (r *SetExtendedACLRequestBody) GetSignature() *refs.Signature { func (r *SetExtendedACLRequestBody) SetSignature(v *refs.Signature) { if r != nil { + // TODO: (neofs-api-go#381) avoid this hack (e.g. create refs.SignatureRFC6979 type) + v.SetScheme(0) r.sig = v } } @@ -672,6 +680,8 @@ func (r *GetExtendedACLResponseBody) GetSignature() *refs.Signature { func (r *GetExtendedACLResponseBody) SetSignature(v *refs.Signature) { if r != nil { + // TODO: (neofs-api-go#381) avoid this hack (e.g. create refs.SignatureRFC6979 type) + v.SetScheme(0) r.sig = v } } diff --git a/refs/grpc/types.go b/refs/grpc/types.go index b1c48c1f..e191656d 100644 --- a/refs/grpc/types.go +++ b/refs/grpc/types.go @@ -84,6 +84,20 @@ func (x *Signature) SetScheme(s SignatureScheme) { } } +// SetKey sets public key in a binary format. +func (x *SignatureRFC6979) SetKey(v []byte) { + if x != nil { + x.Key = v + } +} + +// SetSign sets signature. +func (x *SignatureRFC6979) SetSign(v []byte) { + if x != nil { + x.Sign = v + } +} + // FromString parses SignatureScheme from a string representation, // It is a reverse action to String(). // diff --git a/refs/grpc/types.pb.go b/refs/grpc/types.pb.go index 7df2f05a..96f62855 100644 Binary files a/refs/grpc/types.pb.go and b/refs/grpc/types.pb.go differ diff --git a/refs/types.go b/refs/types.go index dbe307a8..7d89881c 100644 --- a/refs/types.go +++ b/refs/types.go @@ -35,8 +35,7 @@ type SignatureScheme uint32 //nolint:revive const ( - UnspecifiedScheme SignatureScheme = iota - ECDSA_SHA512 + ECDSA_SHA512 SignatureScheme = iota ECDSA_RFC6979_SHA256 ) @@ -189,7 +188,7 @@ func (s *Signature) GetScheme() SignatureScheme { if s != nil { return s.scheme } - return UnspecifiedScheme + return 0 } func (s *Signature) SetScheme(scheme SignatureScheme) { diff --git a/util/signature/data.go b/util/signature/data.go index ee2d7adf..cd02d884 100644 --- a/util/signature/data.go +++ b/util/signature/data.go @@ -41,13 +41,13 @@ func SignDataWithHandler(key *ecdsa.PrivateKey, src DataSource, handler KeySigna opts[i](cfg) } - sigData, err := sign(cfg, cfg.defaultScheme, key, data) + sigData, err := sign(cfg, key, data) if err != nil { return err } sig := new(refs.Signature) - sig.SetScheme(cfg.defaultScheme) + sig.SetScheme(cfg.scheme) sig.SetKey(crypto.MarshalPublicKey(&key.PublicKey)) sig.SetSign(sigData) handler(sig) diff --git a/util/signature/options.go b/util/signature/options.go index c77c290e..dd389866 100644 --- a/util/signature/options.go +++ b/util/signature/options.go @@ -9,51 +9,45 @@ import ( ) type cfg struct { - defaultScheme refs.SignatureScheme - restrictScheme refs.SignatureScheme + schemeFixed bool + scheme refs.SignatureScheme } func defaultCfg() *cfg { - return &cfg{ - defaultScheme: refs.ECDSA_SHA512, - restrictScheme: refs.UnspecifiedScheme, - } + return new(cfg) } func verify(cfg *cfg, data []byte, sig *refs.Signature) error { - scheme := sig.GetScheme() - if scheme == refs.UnspecifiedScheme { - scheme = cfg.defaultScheme - } - if cfg.restrictScheme != refs.UnspecifiedScheme && scheme != cfg.restrictScheme { - return fmt.Errorf("%w: unexpected signature scheme", crypto.ErrInvalidSignature) + if !cfg.schemeFixed { + cfg.scheme = sig.GetScheme() } pub := crypto.UnmarshalPublicKey(sig.GetKey()) - switch scheme { + + switch cfg.scheme { case refs.ECDSA_SHA512: return crypto.Verify(pub, data, sig.GetSign()) case refs.ECDSA_RFC6979_SHA256: return crypto.VerifyRFC6979(pub, data, sig.GetSign()) default: - return crypto.ErrInvalidSignature + return fmt.Errorf("unsupported signature scheme %s", cfg.scheme) } } -func sign(cfg *cfg, scheme refs.SignatureScheme, key *ecdsa.PrivateKey, data []byte) ([]byte, error) { - switch scheme { +func sign(cfg *cfg, key *ecdsa.PrivateKey, data []byte) ([]byte, error) { + switch cfg.scheme { case refs.ECDSA_SHA512: return crypto.Sign(key, data) case refs.ECDSA_RFC6979_SHA256: return crypto.SignRFC6979(key, data) default: - panic("unsupported scheme") + panic(fmt.Sprintf("unsupported scheme %s", cfg.scheme)) } } func SignWithRFC6979() SignOption { return func(c *cfg) { - c.defaultScheme = refs.ECDSA_RFC6979_SHA256 - c.restrictScheme = refs.ECDSA_RFC6979_SHA256 + c.schemeFixed = true + c.scheme = refs.ECDSA_RFC6979_SHA256 } }