From fb2064803e96ce6171fc018f5a4eb7e10da27c65 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Tue, 4 Aug 2020 18:48:15 +0300 Subject: [PATCH] [#26] object: Replace PayloadChecksum to Integrity This commit replaces PayloadChecksum field from ExtendedHeader to IntegrityHeader for assembling all verification data in one structure. Signed-off-by: Leonard Lyubich --- object/types.proto | 20 ++++++++++++++------ proto-docs/object.md | 4 ++-- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/object/types.proto b/object/types.proto index b64f75f..0baf35a 100644 --- a/object/types.proto +++ b/object/types.proto @@ -27,8 +27,6 @@ message ExtendedHeader { service.Token Token = 6; // HomoHash is a homomorphic hash of original object payload bytes HomoHash = 7; - // PayloadChecksum of actual object's payload - bytes PayloadChecksum = 8; // Integrity header with checksum of all above headers in the object IntegrityHeader Integrity = 9; // StorageGroup contains meta information for the data audit @@ -50,12 +48,22 @@ message SystemHeader { } message IntegrityHeader { - // HeadersChecksum is a checksum of all above headers in the object - bytes HeadersChecksum = 1; + // PayloadChecksum carries the checksum of object payload bytes. + // Changing any byte of the payload changes the checksum. + // It is calculated as a SHA-256 hash over payload bytes. + bytes PayloadChecksum = 1; + // HeaderChecksum carries checksum of the object header structure. + // It covers all object attributes. Changing any field of the object except + // CreatorKey and ChecksumSignature changes the checksum. + // PayloadChecksum and HeaderChecksum cannot be merged due to the need + // to verify the header in the absence of a payload (e.g. in object.Head rpc). + // It is calculated as a SHA-256 hash over marshaled object header + // with cut CreatorKey and ChecksumSignature. + bytes HeaderChecksum = 2; // CreatorKey carries public key of the object creator in a binary format. - bytes CreatorKey = 2; + bytes CreatorKey = 3; // ChecksumSignature is an user's signature of checksum to verify if it is correct - bytes ChecksumSignature = 3; + bytes ChecksumSignature = 4; } // SplitHeader groups information about spawning the object through a payload splitting. diff --git a/proto-docs/object.md b/proto-docs/object.md index 0f462e0..fc95f02 100644 --- a/proto-docs/object.md +++ b/proto-docs/object.md @@ -384,7 +384,6 @@ Attribute groups the parameters of the object attributes. | Tombstone | [Tombstone](#object.Tombstone) | | Tombstone header that set up in deleted objects | | Token | [service.Token](#service.Token) | | Token header contains token of the session within which the object was created | | HomoHash | [bytes](#bytes) | | HomoHash is a homomorphic hash of original object payload | -| PayloadChecksum | [bytes](#bytes) | | PayloadChecksum of actual object's payload | | Integrity | [IntegrityHeader](#object.IntegrityHeader) | | Integrity header with checksum of all above headers in the object | | StorageGroup | [storagegroup.StorageGroup](#storagegroup.StorageGroup) | | StorageGroup contains meta information for the data audit | @@ -409,7 +408,8 @@ Header groups the information about the NeoFS object. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | -| HeadersChecksum | [bytes](#bytes) | | HeadersChecksum is a checksum of all above headers in the object | +| PayloadChecksum | [bytes](#bytes) | | PayloadChecksum carries the checksum of object payload bytes. Changing any byte of the payload changes the checksum. | +| HeaderChecksum | [bytes](#bytes) | | HeaderChecksum carries checksum of the object header structure. It covers all object attributes. Changing any field of the object except CreatorKey and ChecksumSignature changes the checksum. PayloadChecksum and HeaderChecksum cannot be merged due to the need to verify the header in the absence of a payload (e.g. in object.Head rpc). | | CreatorKey | [bytes](#bytes) | | CreatorKey carries public key of the object creator in a binary format. | | ChecksumSignature | [bytes](#bytes) | | ChecksumSignature is an user's signature of checksum to verify if it is correct |