carpawell/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Issues Pull requests Projects Releases Packages Wiki Activity

[#505] ir/container: Verify signature in check of Put container event

Browse source 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2021-05-19 19:08:07 +03:00 committed by Alex Vanin
parent ff715c8037
commit 6239d5c0c7
1 changed files with 18 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
pkg/innerring/processors/container/process_container.go
View file

@ -1,8 +1,12 @@
package container
import (
"crypto/elliptic"
"crypto/sha256"
"errors"
"fmt"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
containerSDK "github.com/nspcc-dev/neofs-api-go/pkg/container"
"github.com/nspcc-dev/neofs-node/pkg/core/container"
containerEvent "github.com/nspcc-dev/neofs-node/pkg/morph/event/container"
@ -30,10 +34,23 @@ func (cp *Processor) processContainerPut(put *containerEvent.Put) {
}
func (cp *Processor) checkPutContainer(e *containerEvent.Put) error {
// verify signature
key, err := keys.NewPublicKeyFromBytes(e.PublicKey(), elliptic.P256())
if err != nil {
return fmt.Errorf("invalid key: %w", err)
}
binCnr := e.Container()
tableHash := sha256.Sum256(binCnr)
if !key.Verify(e.Signature(), tableHash[:]) {
return errors.New("invalid signature")
}
// unmarshal container structure
cnr := containerSDK.New()
err := cnr.Unmarshal(e.Container())
err = cnr.Unmarshal(binCnr)
if err != nil {
return fmt.Errorf("invalid binary container: %w", err)
}