realloc/frostfs-api-go
1
0
Fork 0
forked from TrueCloudLab/frostfs-api-go
Code Issues Pull requests Projects Releases Packages Wiki Activity

Resolve update conflicts

Browse source
This commit is contained in:
Leonard Lyubich 2020-04-28 13:09:18 +03:00
parent 24108f42c3
commit 4ac17201b7
13 changed files with 61 additions and 320 deletions
Download patch file Download diff file Expand all files Collapse all files

15
session/service.go
View file

@ -5,7 +5,6 @@ import (
"crypto/ecdsa"
"github.com/nspcc-dev/neofs-api-go/refs"
crypto "github.com/nspcc-dev/neofs-crypto"
)
type (
@ -31,9 +30,9 @@ type (
TokenParams struct {
FirstEpoch uint64
LastEpoch uint64
ObjectID []ObjectID
Address Address
OwnerID OwnerID
PublicKeys [][]byte
Verb Verb
}
)
@ -46,13 +45,3 @@ func NewInitRequest(t *Token) *CreateRequest {
func NewSignedRequest(t *Token) *CreateRequest {
return &CreateRequest{Message: &CreateRequest_Signed{Signed: t}}
}
// Sign signs contents of the header with the private key.
func (m *VerificationHeader) Sign(key *ecdsa.PrivateKey) error {
s, err := crypto.Sign(key, m.PublicKey)
if err != nil {
return err
}
m.KeySignature = s
return nil
}

17
session/store.go
View file

@ -7,6 +7,7 @@ import (
"sync"
"github.com/nspcc-dev/neofs-api-go/refs"
"github.com/nspcc-dev/neofs-api-go/service"
crypto "github.com/nspcc-dev/neofs-crypto"
)
@ -48,13 +49,15 @@ func (s *simpleStore) New(p TokenParams) *PToken {
t := &PToken{
mtx: new(sync.Mutex),
Token: Token{
ID: tid,
Header: VerificationHeader{PublicKey: crypto.MarshalPublicKey(&key.PublicKey)},
FirstEpoch: p.FirstEpoch,
LastEpoch: p.LastEpoch,
ObjectID: p.ObjectID,
OwnerID: p.OwnerID,
PublicKeys: p.PublicKeys,
Token_Info: service.Token_Info{
ID: tid,
OwnerID: p.OwnerID,
Verb: p.Verb,
Address: p.Address,
Created: p.FirstEpoch,
ValidUntil: p.LastEpoch,
SessionKey: crypto.MarshalPublicKey(&key.PublicKey),
},
},
PrivateKey: key,
}

95
session/store_test.go
View file

@ -1,96 +1,3 @@
package session
import (
"crypto/ecdsa"
"crypto/rand"
"testing"
"github.com/nspcc-dev/neofs-api-go/refs"
crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/stretchr/testify/require"
)
type testClient struct {
*ecdsa.PrivateKey
OwnerID OwnerID
}
func (c *testClient) Sign(data []byte) ([]byte, error) {
return crypto.Sign(c.PrivateKey, data)
}
func newTestClient(t *testing.T) *testClient {
key, err := ecdsa.GenerateKey(defaultCurve(), rand.Reader)
require.NoError(t, err)
owner, err := refs.NewOwnerID(&key.PublicKey)
require.NoError(t, err)
return &testClient{PrivateKey: key, OwnerID: owner}
}
func signToken(t *testing.T, token *PToken, c *testClient) {
require.NotNil(t, token)
token.SetPublicKeys(&c.PublicKey)
signH, err := c.Sign(token.Header.PublicKey)
require.NoError(t, err)
require.NotNil(t, signH)
// data is not yet signed
keys := UnmarshalPublicKeys(&token.Token)
require.False(t, token.Verify(keys...))
signT, err := c.Sign(token.verificationData())
require.NoError(t, err)
require.NotNil(t, signT)
token.AddSignatures(signH, signT)
require.True(t, token.Verify(keys...))
}
func TestTokenStore(t *testing.T) {
s := NewSimpleStore()
oid, err := refs.NewObjectID()
require.NoError(t, err)
c := newTestClient(t)
require.NotNil(t, c)
pk := [][]byte{crypto.MarshalPublicKey(&c.PublicKey)}
// create new token
token := s.New(TokenParams{
ObjectID: []ObjectID{oid},
OwnerID: c.OwnerID,
PublicKeys: pk,
})
signToken(t, token, c)
// check that it can be fetched
t1 := s.Fetch(token.ID)
require.NotNil(t, t1)
require.Equal(t, token, t1)
// create and sign another token by the same client
t1 = s.New(TokenParams{
ObjectID: []ObjectID{oid},
OwnerID: c.OwnerID,
PublicKeys: pk,
})
signToken(t, t1, c)
data := []byte{1, 2, 3}
sign, err := t1.SignData(data)
require.NoError(t, err)
require.Error(t, token.Header.VerifyData(data, sign))
sign, err = token.SignData(data)
require.NoError(t, err)
require.NoError(t, token.Header.VerifyData(data, sign))
s.Remove(token.ID)
require.Nil(t, s.Fetch(token.ID))
require.NotNil(t, s.Fetch(t1.ID))
}
// TODO: write unit tests

130
session/types.go
View file

@ -2,14 +2,12 @@ package session
import (
"crypto/ecdsa"
"encoding/binary"
"sync"
"github.com/nspcc-dev/neofs-api-go/chain"
"github.com/nspcc-dev/neofs-api-go/internal"
"github.com/nspcc-dev/neofs-api-go/refs"
"github.com/nspcc-dev/neofs-api-go/service"
crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/pkg/errors"
)
type (
@ -19,6 +17,12 @@ type (
OwnerID = refs.OwnerID
// TokenID type alias.
TokenID = refs.UUID
// Token type alias
Token = service.Token
// Address type alias
Address = refs.Address
// Verb is Token_Info_Verb type alias
Verb = service.Token_Info_Verb
// PToken is a wrapper around Token that allows to sign data
// and to do thread-safe manipulations.
@ -55,127 +59,7 @@ const (
ErrInvalidSignature = internal.Error("invalid signature")
)
// verificationData returns byte array to sign.
// Note: protobuf serialization is inconsistent as
// wire order is unspecified.
func (m *Token) verificationData() (data []byte) {
var size int
if l := len(m.ObjectID); l > 0 {
size = m.ObjectID[0].Size()
data = make([]byte, 16+l*size)
} else {
data = make([]byte, 16)
}
binary.BigEndian.PutUint64(data, m.FirstEpoch)
binary.BigEndian.PutUint64(data[8:], m.LastEpoch)
for i := range m.ObjectID {
copy(data[16+i*size:], m.ObjectID[i].Bytes())
}
return
}
// IsSame checks if the passed token is valid and equal to current token
func (m *Token) IsSame(t *Token) error {
switch {
case m.FirstEpoch != t.FirstEpoch:
return ErrWrongFirstEpoch
case m.LastEpoch != t.LastEpoch:
return ErrWrongLastEpoch
case !m.OwnerID.Equal(t.OwnerID):
return ErrWrongOwner
case m.Header.PublicKey == nil:
return ErrEmptyPublicKey
case len(m.ObjectID) != len(t.ObjectID):
return ErrWrongObjectsCount
default:
for i := range m.ObjectID {
if !m.ObjectID[i].Equal(t.ObjectID[i]) {
return errors.Wrapf(ErrWrongObjects, "expect %s, actual: %s", m.ObjectID[i], t.ObjectID[i])
}
}
}
return nil
}
// Sign tries to sign current Token data and stores signature inside it.
func (m *Token) Sign(key *ecdsa.PrivateKey) error {
if err := m.Header.Sign(key); err != nil {
return err
}
s, err := crypto.Sign(key, m.verificationData())
if err != nil {
return err
}
m.Signature = s
return nil
}
// SetPublicKeys sets owner's public keys to the token
func (m *Token) SetPublicKeys(keys ...*ecdsa.PublicKey) {
m.PublicKeys = m.PublicKeys[:0]
for i := range keys {
m.PublicKeys = append(m.PublicKeys, crypto.MarshalPublicKey(keys[i]))
}
}
// Verify checks if token is correct and signed.
func (m *Token) Verify(keys ...*ecdsa.PublicKey) bool {
if m.FirstEpoch > m.LastEpoch {
return false
}
ownerFromKeys := chain.KeysToAddress(keys...)
if m.OwnerID.String() != ownerFromKeys {
return false
}
for i := range keys {
if m.Header.Verify(keys[i]) && crypto.Verify(keys[i], m.verificationData(), m.Signature) == nil {
return true
}
}
return false
}
// AddSignatures adds token signatures.
func (t *PToken) AddSignatures(signH, signT []byte) {
t.mtx.Lock()
t.Header.KeySignature = signH
t.Signature = signT
t.mtx.Unlock()
}
// SignData signs data with session private key.
func (t *PToken) SignData(data []byte) ([]byte, error) {
return crypto.Sign(t.PrivateKey, data)
}
// VerifyData checks if signature of data by token is equal to sign.
func (m *VerificationHeader) VerifyData(data, sign []byte) error {
if crypto.Verify(crypto.UnmarshalPublicKey(m.PublicKey), data, sign) != nil {
return ErrInvalidSignature
}
return nil
}
// Verify checks if verification header was issued by id.
func (m *VerificationHeader) Verify(keys ...*ecdsa.PublicKey) bool {
for i := range keys {
if crypto.Verify(keys[i], m.PublicKey, m.KeySignature) == nil {
return true
}
}
return false
}
// UnmarshalPublicKeys returns unmarshal public keys from the token
func UnmarshalPublicKeys(t *Token) []*ecdsa.PublicKey {
r := make([]*ecdsa.PublicKey, 0, len(t.PublicKeys))
for i := range t.PublicKeys {
r = append(r, crypto.UnmarshalPublicKey(t.PublicKeys[i]))
}
return r
}