fyrchik/frostfs-api-go
1
0
Fork 0
forked from TrueCloudLab/frostfs-api-go
Code Issues Pull requests 12 Projects Releases Packages Wiki Activity

Merge branch 'release/0.7.5'

Browse source
This commit is contained in:
Leonard Lyubich 2020-05-16 14:39:46 +03:00
commit 40ef55524a
8 changed files with 114 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
CHANGELOG.md
View file

@ -1,6 +1,20 @@
# Changelog # Changelog
This is the changelog for NeoFS-API-Go This is the changelog for NeoFS-API-Go
## [0.7.5] - 2020-05-16
### Added
- Owner key to the `SessionToken` signed payload.
### Changed
- `OwnerKeyContainer` interface embedded to `SessionTokenInfo` interface.
### Updated
- NeoFS API v0.7.5
## [0.7.4] - 2020-05-12 ## [0.7.4] - 2020-05-12
### Added ### Added
@ -290,3 +304,4 @@ Initial public release
[0.7.0]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.6.2...v0.7.0 [0.7.0]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.6.2...v0.7.0
[0.7.1]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.0...v0.7.1 [0.7.1]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.0...v0.7.1
[0.7.4]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.1...v0.7.4 [0.7.4]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.1...v0.7.4
[0.7.5]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.4...v0.7.5

2
Makefile
View file

@ -1,4 +1,4 @@
PROTO_VERSION=v0.7.4 PROTO_VERSION=v0.7.5
PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz
B=\033[0;1m B=\033[0;1m

1
docs/service.md
View file

@ -132,6 +132,7 @@ User token granting rights for object manipulation
| Address | [refs.Address](#refs.Address) | | Address is an object address for which token is issued | | Address | [refs.Address](#refs.Address) | | Address is an object address for which token is issued |
| Lifetime | [TokenLifetime](#service.TokenLifetime) | | Lifetime is a lifetime of the session | | Lifetime | [TokenLifetime](#service.TokenLifetime) | | Lifetime is a lifetime of the session |
| SessionKey | [bytes](#bytes) | | SessionKey is a public key of session key | | SessionKey | [bytes](#bytes) | | SessionKey is a public key of session key |
| OwnerKey | [bytes](#bytes) | | OwnerKey is a public key of the token owner |
<a name="service.TokenLifetime"></a> <a name="service.TokenLifetime"></a>

59
service/token.go
View file

@ -26,6 +26,10 @@ type signDataReaderWithToken struct {
token SessionToken token SessionToken
} }
type signedSessionToken struct {
SessionToken
}
const verbSize = 4 const verbSize = 4
const fixedTokenDataSize = 0 + const fixedTokenDataSize = 0 +
@ -99,6 +103,11 @@ func (m *Token_Info) SetSessionKey(key []byte) {
m.SessionKey = key m.SessionKey = key
} }
// SetOwnerKey is an OwnerKey field setter.
func (m *Token_Info) SetOwnerKey(key []byte) {
m.OwnerKey = key
}
// SetSignature is a Signature field setter. // SetSignature is a Signature field setter.
func (m *Token) SetSignature(sig []byte) { func (m *Token) SetSignature(sig []byte) {
m.Signature = sig m.Signature = sig
@ -116,40 +125,60 @@ func (x Token_Info_Verb) Bytes() []byte {
return data return data
} }
// AddSignKey calls a Signature field setter with passed signature. // AddSignKey calls a Signature field setter of token with passed signature.
func (m *Token) AddSignKey(sig []byte, _ *ecdsa.PublicKey) { func (s signedSessionToken) AddSignKey(sig []byte, _ *ecdsa.PublicKey) {
m.SetSignature(sig) if s.SessionToken != nil {
s.SessionToken.SetSignature(sig)
}
} }
// SignedData returns token information in a binary representation. // SignedData returns token information in a binary representation.
func (m *Token) SignedData() ([]byte, error) { func (s signedSessionToken) SignedData() ([]byte, error) {
return SignedDataFromReader(m) return SignedDataFromReader(s)
}
// SignedDataSize returns the length of signed token information slice.
func (s signedSessionToken) SignedDataSize() int {
return tokenInfoSize(s.SessionToken)
} }
// ReadSignedData copies a binary representation of the token information to passed buffer. // ReadSignedData copies a binary representation of the token information to passed buffer.
// //
// If buffer length is less than required, io.ErrUnexpectedEOF returns. // If buffer length is less than required, io.ErrUnexpectedEOF returns.
func (m *Token_Info) ReadSignedData(p []byte) (int, error) { func (s signedSessionToken) ReadSignedData(p []byte) (int, error) {
sz := m.SignedDataSize() sz := s.SignedDataSize()
if len(p) < sz { if len(p) < sz {
return 0, io.ErrUnexpectedEOF return 0, io.ErrUnexpectedEOF
} }
copyTokenSignedData(p, m) copyTokenSignedData(p, s.SessionToken)
return sz, nil return sz, nil
} }
// SignedDataSize returns the length of signed token information slice. // NewSignedSessionToken wraps passed SessionToken in a component suitable for signing.
func (m *Token_Info) SignedDataSize() int { //
return tokenInfoSize(m) // Result can be used in AddSignatureWithKey function.
func NewSignedSessionToken(token SessionToken) DataWithSignKeyAccumulator {
return &signedSessionToken{
SessionToken: token,
}
} }
func tokenInfoSize(v SessionKeySource) int { // NewVerifiedSessionToken wraps passed SessionToken in a component suitable for signature verification.
//
// Result can be used in VerifySignatureWithKey function.
func NewVerifiedSessionToken(token SessionToken) DataWithSignature {
return &signedSessionToken{
SessionToken: token,
}
}
func tokenInfoSize(v SessionTokenInfo) int {
if v == nil { if v == nil {
return 0 return 0
} }
return fixedTokenDataSize + len(v.GetSessionKey()) return fixedTokenDataSize + len(v.GetSessionKey()) + len(v.GetOwnerKey())
} }
// Fills passed buffer with signing token information bytes. // Fills passed buffer with signing token information bytes.
@ -179,7 +208,9 @@ func copyTokenSignedData(buf []byte, token SessionTokenInfo) {
tokenEndianness.PutUint64(buf[off:], token.ExpirationEpoch()) tokenEndianness.PutUint64(buf[off:], token.ExpirationEpoch())
off += 8 off += 8
copy(buf[off:], token.GetSessionKey()) off += copy(buf[off:], token.GetSessionKey())
copy(buf[off:], token.GetOwnerKey())
} }
// SignedData concatenates signed data with session token information. Returns concatenation result. // SignedData concatenates signed data with session token information. Returns concatenation result.

40
service/token_test.go
View file

@ -77,6 +77,16 @@ func TestTokenGettersSetters(t *testing.T) {
require.Equal(t, key, tok.GetSessionKey()) require.Equal(t, key, tok.GetSessionKey())
} }
{
key := make([]byte, 10)
_, err := rand.Read(key)
require.NoError(t, err)
tok.SetOwnerKey(key)
require.Equal(t, key, tok.GetOwnerKey())
}
{ // Signature { // Signature
sig := make([]byte, 10) sig := make([]byte, 10)
_, err := rand.Read(sig) _, err := rand.Read(sig)
@ -89,7 +99,7 @@ func TestTokenGettersSetters(t *testing.T) {
} }
func TestSignToken(t *testing.T) { func TestSignToken(t *testing.T) {
token := new(Token) var token SessionToken = new(Token)
// create private key for signing // create private key for signing
sk := test.DecodeKey(0) sk := test.DecodeKey(0)
@ -126,9 +136,17 @@ func TestSignToken(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
token.SetSessionKey(sessionKey) token.SetSessionKey(sessionKey)
ownerKey := make([]byte, 10)
_, err = rand.Read(ownerKey[:])
require.NoError(t, err)
token.SetOwnerKey(ownerKey)
signedToken := NewSignedSessionToken(token)
verifiedToken := NewVerifiedSessionToken(token)
// sign and verify token // sign and verify token
require.NoError(t, AddSignatureWithKey(sk, token)) require.NoError(t, AddSignatureWithKey(sk, signedToken))
require.NoError(t, VerifySignatureWithKey(pk, token)) require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))
items := []struct { items := []struct {
corrupt func() corrupt func()
@ -208,12 +226,24 @@ func TestSignToken(t *testing.T) {
token.SetSessionKey(sessionKey) token.SetSessionKey(sessionKey)
}, },
}, },
{ // Owner key
corrupt: func() {
ownerKey := token.GetOwnerKey()
ownerKey[0]++
token.SetOwnerKey(ownerKey)
},
restore: func() {
ownerKey := token.GetOwnerKey()
ownerKey[0]--
token.SetOwnerKey(ownerKey)
},
},
} }
for _, v := range items { for _, v := range items {
v.corrupt() v.corrupt()
require.Error(t, VerifySignatureWithKey(pk, token)) require.Error(t, VerifySignatureWithKey(pk, verifiedToken))
v.restore() v.restore()
require.NoError(t, VerifySignatureWithKey(pk, token)) require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))
} }
} }

15
service/types.go
View file

@ -158,6 +158,17 @@ type SignatureContainer interface {
SetSignature([]byte) SetSignature([]byte)
} }
// OwnerKeySource is an interface of the container of owner key bytes with read access.
type OwnerKeySource interface {
GetOwnerKey() []byte
}
// OwnerKeyContainer is an interface of the container of owner key bytes.
type OwnerKeyContainer interface {
OwnerKeySource
SetOwnerKey([]byte)
}
// SessionTokenSource is an interface of the container of a SessionToken with read access. // SessionTokenSource is an interface of the container of a SessionToken with read access.
type SessionTokenSource interface { type SessionTokenSource interface {
GetSessionToken() SessionToken GetSessionToken() SessionToken
@ -170,7 +181,8 @@ type SessionTokenSource interface {
// - verb of the session; // - verb of the session;
// - address of the session object; // - address of the session object;
// - token lifetime; // - token lifetime;
// - public session key bytes. // - public session key bytes;
// - owner's public key bytes.
type SessionTokenInfo interface { type SessionTokenInfo interface {
TokenIDContainer TokenIDContainer
OwnerIDContainer OwnerIDContainer
@ -178,6 +190,7 @@ type SessionTokenInfo interface {
AddressContainer AddressContainer
LifetimeContainer LifetimeContainer
SessionKeyContainer SessionKeyContainer
OwnerKeyContainer
} }
// SessionToken is an interface of token information and signature pair. // SessionToken is an interface of token information and signature pair.

BIN
service/verify.pb.go
View file

Binary file not shown.

3
service/verify.proto
View file

@ -63,6 +63,9 @@ message Token {
// SessionKey is a public key of session key // SessionKey is a public key of session key
bytes SessionKey = 6; bytes SessionKey = 6;
// OwnerKey is a public key of the token owner
bytes OwnerKey = 7;
} }
// TokenInfo is a grouped information about token // TokenInfo is a grouped information about token