From 6239d5c0c742d77422164d4702114e5aa86fb1b5 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Wed, 19 May 2021 19:08:07 +0300 Subject: [PATCH] [#505] ir/container: Verify signature in check of Put container event Signed-off-by: Leonard Lyubich --- .../processors/container/process_container.go | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/pkg/innerring/processors/container/process_container.go b/pkg/innerring/processors/container/process_container.go index 26b4e4fda..1eafad29c 100644 --- a/pkg/innerring/processors/container/process_container.go +++ b/pkg/innerring/processors/container/process_container.go @@ -1,8 +1,12 @@ package container import ( + "crypto/elliptic" + "crypto/sha256" + "errors" "fmt" + "github.com/nspcc-dev/neo-go/pkg/crypto/keys" containerSDK "github.com/nspcc-dev/neofs-api-go/pkg/container" "github.com/nspcc-dev/neofs-node/pkg/core/container" containerEvent "github.com/nspcc-dev/neofs-node/pkg/morph/event/container" @@ -30,10 +34,23 @@ func (cp *Processor) processContainerPut(put *containerEvent.Put) { } func (cp *Processor) checkPutContainer(e *containerEvent.Put) error { + // verify signature + key, err := keys.NewPublicKeyFromBytes(e.PublicKey(), elliptic.P256()) + if err != nil { + return fmt.Errorf("invalid key: %w", err) + } + + binCnr := e.Container() + tableHash := sha256.Sum256(binCnr) + + if !key.Verify(e.Signature(), tableHash[:]) { + return errors.New("invalid signature") + } + // unmarshal container structure cnr := containerSDK.New() - err := cnr.Unmarshal(e.Container()) + err = cnr.Unmarshal(binCnr) if err != nil { return fmt.Errorf("invalid binary container: %w", err) }