diff --git a/cmd/neofs-cli/modules/control/util.go b/cmd/neofs-cli/modules/control/util.go index 38925121b..d700d6aa0 100644 --- a/cmd/neofs-cli/modules/control/util.go +++ b/cmd/neofs-cli/modules/control/util.go @@ -38,7 +38,7 @@ func verifyResponse(cmd *cobra.Command, sigV2.SetSign(sigControl.GetSign()) var sig neofscrypto.Signature - sig.ReadFromV2(sigV2) + common.ExitOnErr(cmd, "can't read signature: %w", sig.ReadFromV2(sigV2)) if !sig.Verify(body.StableMarshal(nil)) { common.ExitOnErr(cmd, "", errors.New("invalid response signature")) diff --git a/docs/release-instruction.md b/docs/release-instruction.md index 82dab329c..242a61ace 100644 --- a/docs/release-instruction.md +++ b/docs/release-instruction.md @@ -12,14 +12,14 @@ These should run successfully: ## Writing changelog -Add an entry to the `CHANGELOG.md` following the style established there. Add an +Add an entry to the `CHANGELOG.md` following the style established there. Add an optional codename, version and release date in the heading. Write a paragraph describing the most significant changes done in this release. Add `Fixed`, `Added`, `Removed` and `Updated` sections with fixed bug descriptions and changes. Describe each change in detail with a reference to GitHub issues if -possible. +possible. -Update the supported version of neofs-contract in `README.md` if there were +Update the supported version of neofs-contract in `README.md` if there were changes in releases. ## Tag the release @@ -66,7 +66,7 @@ Close corresponding vX.Y.Z GitHub milestone. ## Post-release -Prepare pull-request for +Prepare pull-request for [neofs-devenv](https://github.com/nspcc-dev/neofs-devenv). Rebuild NeoFS LOCODE database via CLI `util locode generate` command (if needed). diff --git a/go.mod b/go.mod index adfcca31f..ae821b7ff 100644 --- a/go.mod +++ b/go.mod @@ -18,8 +18,8 @@ require ( github.com/nspcc-dev/neo-go v0.99.1-pre.0.20220714084516-54849ef3e58e github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220713145417-4f184498bc42 // indirect github.com/nspcc-dev/neofs-api-go/v2 v2.13.0 - github.com/nspcc-dev/neofs-contract v0.15.1 - github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.5.0.20220706151041-0d862d8568a4 + github.com/nspcc-dev/neofs-contract v0.15.3 + github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.5.0.20220725101411-90f1cc7a1a77 github.com/nspcc-dev/tzhash v1.6.1 github.com/panjf2000/ants/v2 v2.4.0 github.com/paulmach/orb v0.2.2 diff --git a/go.sum b/go.sum index ffdf4dd5c..c7b4a7e38 100644 Binary files a/go.sum and b/go.sum differ diff --git a/pkg/morph/client/container/eacl.go b/pkg/morph/client/container/eacl.go index 8d8bd5958..c65c0cffc 100644 --- a/pkg/morph/client/container/eacl.go +++ b/pkg/morph/client/container/eacl.go @@ -87,7 +87,6 @@ func (c *Client) GetEACL(cnr cid.ID) (*container.EACL, error) { sigV2.SetSign(sig) sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256) - res.Signature.ReadFromV2(sigV2) - - return &res, nil + err = res.Signature.ReadFromV2(sigV2) + return &res, err } diff --git a/pkg/morph/client/container/get.go b/pkg/morph/client/container/get.go index 3ebb57a55..9649c51a5 100644 --- a/pkg/morph/client/container/get.go +++ b/pkg/morph/client/container/get.go @@ -12,7 +12,6 @@ import ( "github.com/nspcc-dev/neofs-node/pkg/morph/client" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" - neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto" "github.com/nspcc-dev/neofs-sdk-go/session" ) @@ -109,8 +108,6 @@ func (c *Client) Get(cid []byte) (*containercore.Container, error) { sigV2.SetSign(sigBytes) sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256) - var sig neofscrypto.Signature - sig.ReadFromV2(sigV2) - - return &cnr, nil + err = cnr.Signature.ReadFromV2(sigV2) + return &cnr, err } diff --git a/pkg/services/container/morph/executor.go b/pkg/services/container/morph/executor.go index 79923201f..dd7dc072d 100644 --- a/pkg/services/container/morph/executor.go +++ b/pkg/services/container/morph/executor.go @@ -69,7 +69,10 @@ func (s *morphExecutor) Put(_ context.Context, tokV2 *sessionV2.Token, body *con return nil, fmt.Errorf("invalid container: %w", err) } - cnr.Signature.ReadFromV2(*sigV2) + err = cnr.Signature.ReadFromV2(*sigV2) + if err != nil { + return nil, fmt.Errorf("can't read signature: %w", err) + } if tokV2 != nil { cnr.Session = new(session.Container) @@ -214,7 +217,10 @@ func (s *morphExecutor) SetExtendedACL(ctx context.Context, tokV2 *sessionV2.Tok Value: eaclSDK.NewTableFromV2(body.GetEACL()), } - eaclInfo.Signature.ReadFromV2(*sigV2) + err := eaclInfo.Signature.ReadFromV2(*sigV2) + if err != nil { + return nil, fmt.Errorf("can't read signature: %w", err) + } if tokV2 != nil { eaclInfo.Session = new(session.Container) @@ -225,7 +231,7 @@ func (s *morphExecutor) SetExtendedACL(ctx context.Context, tokV2 *sessionV2.Tok } } - err := s.wrt.PutEACL(eaclInfo) + err = s.wrt.PutEACL(eaclInfo) if err != nil { return nil, err } diff --git a/pkg/services/container/morph/executor_test.go b/pkg/services/container/morph/executor_test.go index bb6e0a973..52b0da947 100644 --- a/pkg/services/container/morph/executor_test.go +++ b/pkg/services/container/morph/executor_test.go @@ -4,6 +4,7 @@ import ( "context" "testing" + "github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neofs-api-go/v2/container" "github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-api-go/v2/session" @@ -13,6 +14,8 @@ import ( cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test" containertest "github.com/nspcc-dev/neofs-sdk-go/container/test" + neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto" + neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test" "github.com/stretchr/testify/require" ) @@ -42,6 +45,22 @@ func TestInvalidToken(t *testing.T) { var cnrV2 refs.ContainerID cnr.WriteToV2(&cnrV2) + priv, err := keys.NewPrivateKey() + require.NoError(t, err) + + sign := func(reqBody interface { + StableMarshal([]byte) []byte + SetSignature(signature *refs.Signature) + }) { + signer := neofsecdsa.Signer(priv.PrivateKey) + var sig neofscrypto.Signature + require.NoError(t, sig.Calculate(signer, reqBody.StableMarshal(nil))) + + var sigV2 refs.Signature + sig.WriteToV2(&sigV2) + reqBody.SetSignature(&sigV2) + } + var tokV2 session.Token sessiontest.ContainerSigned().WriteToV2(&tokV2) @@ -53,7 +72,6 @@ func TestInvalidToken(t *testing.T) { name: "put", op: func(e containerSvc.ServiceExecutor, tokV2 *session.Token) (err error) { var reqBody container.PutRequestBody - reqBody.SetSignature(new(refs.Signature)) cnr := containertest.Container() @@ -61,6 +79,7 @@ func TestInvalidToken(t *testing.T) { cnr.WriteToV2(&cnrV2) reqBody.SetContainer(&cnrV2) + sign(&reqBody) _, err = e.Put(context.TODO(), tokV2, &reqBody) return @@ -81,6 +100,7 @@ func TestInvalidToken(t *testing.T) { op: func(e containerSvc.ServiceExecutor, tokV2 *session.Token) (err error) { var reqBody container.SetExtendedACLRequestBody reqBody.SetSignature(new(refs.Signature)) + sign(&reqBody) _, err = e.SetExtendedACL(context.TODO(), tokV2, &reqBody) return diff --git a/pkg/services/control/ir/server/sign.go b/pkg/services/control/ir/server/sign.go index bb9625dea..ad2b18e9e 100644 --- a/pkg/services/control/ir/server/sign.go +++ b/pkg/services/control/ir/server/sign.go @@ -57,7 +57,9 @@ func (s *Server) isValidRequest(req SignedMessage) error { sigV2.SetScheme(refs.ECDSA_SHA512) var sig neofscrypto.Signature - sig.ReadFromV2(sigV2) + if err := sig.ReadFromV2(sigV2); err != nil { + return fmt.Errorf("can't read signature: %w", err) + } if !sig.Verify(binBody) { // TODO(@cthulhu-rider): #1387 use "const" error diff --git a/pkg/services/control/server/sign.go b/pkg/services/control/server/sign.go index 5d6c5d4da..b6e36b244 100644 --- a/pkg/services/control/server/sign.go +++ b/pkg/services/control/server/sign.go @@ -57,7 +57,9 @@ func (s *Server) isValidRequest(req SignedMessage) error { sigV2.SetScheme(refs.ECDSA_SHA512) var sig neofscrypto.Signature - sig.ReadFromV2(sigV2) + if err := sig.ReadFromV2(sigV2); err != nil { + return fmt.Errorf("can't read signature: %w", err) + } if !sig.Verify(binBody) { // TODO(@cthulhu-rider): #1387 use "const" error diff --git a/pkg/services/netmap/executor.go b/pkg/services/netmap/executor.go index 132556bb8..797478090 100644 --- a/pkg/services/netmap/executor.go +++ b/pkg/services/netmap/executor.go @@ -3,6 +3,7 @@ package netmap import ( "context" "errors" + "fmt" "github.com/nspcc-dev/neofs-api-go/v2/netmap" "github.com/nspcc-dev/neofs-api-go/v2/refs" @@ -61,7 +62,9 @@ func (s *executorSvc) LocalNodeInfo( } var ver versionsdk.Version - ver.ReadFromV2(*verV2) + if err := ver.ReadFromV2(*verV2); err != nil { + return nil, fmt.Errorf("can't read version: %w", err) + } ni, err := s.state.LocalNodeInfo() if err != nil { @@ -100,7 +103,9 @@ func (s *executorSvc) NetworkInfo( } var ver versionsdk.Version - ver.ReadFromV2(*verV2) + if err := ver.ReadFromV2(*verV2); err != nil { + return nil, fmt.Errorf("can't read version: %w", err) + } ni, err := s.netInfo.Dump(ver) if err != nil { diff --git a/pkg/services/object/get/v2/util.go b/pkg/services/object/get/v2/util.go index 1c736667f..17ac8d638 100644 --- a/pkg/services/object/get/v2/util.go +++ b/pkg/services/object/get/v2/util.go @@ -507,7 +507,9 @@ func (s *Service) toHeadPrm(ctx context.Context, req *objectV2.HeadRequest, resp } var sig neofscrypto.Signature - sig.ReadFromV2(*idSig) + if err := sig.ReadFromV2(*idSig); err != nil { + return nil, fmt.Errorf("can't read signature: %w", err) + } if !sig.Verify(binID) { return nil, errors.New("invalid object ID signature") diff --git a/pkg/services/tree/signature.go b/pkg/services/tree/signature.go index 65f164b37..8f97929b6 100644 --- a/pkg/services/tree/signature.go +++ b/pkg/services/tree/signature.go @@ -101,7 +101,9 @@ func verifyMessage(m message) error { sigV2.SetScheme(refs.ECDSA_SHA512) var sigSDK neofscrypto.Signature - sigSDK.ReadFromV2(sigV2) + if err := sigSDK.ReadFromV2(sigV2); err != nil { + return fmt.Errorf("can't read signature: %w", err) + } if !sigSDK.Verify(binBody) { return errors.New("invalid signature")