realloc/frostfs-api-go
1
0
Fork 0
forked from TrueCloudLab/frostfs-api-go
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix issue with Sign/VerifyRequestHeader proto.Clone

Browse source 
proto.Clone couldn't makes copy for custom fields.
We should reset and restore MetaHeader before/after Sign/Verify.
Add test coverage to check that all works like expected.
This commit is contained in:
Evgeniy Kulikov 2019-11-19 19:03:42 +03:00
parent 24e5497b1d
commit 5c344bfceb
No known key found for this signature in database
GPG key ID: BF6AEE0A2A699BF2
5 changed files with 185 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

68
service/verify.go
View file

@ -10,7 +10,7 @@ import (
)
type (
// VerifiableRequest adds possibility to sign and verify request header
// VerifiableRequest adds possibility to sign and verify request header.
VerifiableRequest interface {
proto.Message
Marshal() ([]byte, error)
@ -30,19 +30,19 @@ type (
)
const (
// ErrCannotLoadPublicKey is raised when cannot unmarshal public key from RequestVerificationHeader_Sign
// ErrCannotLoadPublicKey is raised when cannot unmarshal public key from RequestVerificationHeader_Sign.
ErrCannotLoadPublicKey = internal.Error("cannot load public key")
// ErrCannotFindOwner is raised when signatures empty in GetOwner
// ErrCannotFindOwner is raised when signatures empty in GetOwner.
ErrCannotFindOwner = internal.Error("cannot find owner public key")
)
// SetSignatures replaces signatures stored in RequestVerificationHeader
// SetSignatures replaces signatures stored in RequestVerificationHeader.
func (m *RequestVerificationHeader) SetSignatures(signatures []*RequestVerificationHeader_Signature) {
m.Signatures = signatures
}
// AddSignature adds new Signature into RequestVerificationHeader
// AddSignature adds new Signature into RequestVerificationHeader.
func (m *RequestVerificationHeader) AddSignature(sig *RequestVerificationHeader_Signature) {
if sig == nil {
return
@ -123,12 +123,14 @@ func newSignature(key *ecdsa.PrivateKey, data []byte) (*RequestVerificationHeade
// SignRequestHeader receives private key and request with RequestVerificationHeader,
// tries to marshal and sign request with passed PrivateKey, after that adds
// new signature to headers. If something went wrong, returns error.
func SignRequestHeader(key *ecdsa.PrivateKey, req VerifiableRequest) error {
msg := proto.Clone(req).(VerifiableRequest)
func SignRequestHeader(key *ecdsa.PrivateKey, msg VerifiableRequest) error {
// ignore meta header
if meta, ok := msg.(MetaHeader); ok {
meta.ResetMeta()
h := meta.ResetMeta()
defer func() {
meta.RestoreMeta(h)
}()
}
data, err := msg.Marshal()
@ -141,22 +143,28 @@ func SignRequestHeader(key *ecdsa.PrivateKey, req VerifiableRequest) error {
return err
}
req.AddSignature(signature)
msg.AddSignature(signature)
return nil
}
// VerifyRequestHeader receives request with RequestVerificationHeader,
// tries to marshal and verify each signature from request
// tries to marshal and verify each signature from request.
// If something went wrong, returns error.
func VerifyRequestHeader(req VerifiableRequest) error {
msg := proto.Clone(req).(VerifiableRequest)
func VerifyRequestHeader(msg VerifiableRequest) error {
// ignore meta header
if meta, ok := msg.(MetaHeader); ok {
meta.ResetMeta()
h := meta.ResetMeta()
defer func() {
meta.RestoreMeta(h)
}()
}
signatures := msg.GetSignatures()
defer func() {
msg.SetSignatures(signatures)
}()
for i := range signatures {
msg.SetSignatures(signatures[:i])
@ -177,3 +185,35 @@ func VerifyRequestHeader(req VerifiableRequest) error {
return nil
}
// testCustomField for test usage only.
type testCustomField [8]uint32
var _ internal.Custom = (*testCustomField)(nil)
// Reset skip, it's for test usage only.
func (t testCustomField) Reset() {}
// ProtoMessage skip, it's for test usage only.
func (t testCustomField) ProtoMessage() {}
// Size skip, it's for test usage only.
func (t testCustomField) Size() int { return 32 }
// String skip, it's for test usage only.
func (t testCustomField) String() string { return "" }
// Bytes skip, it's for test usage only.
func (t testCustomField) Bytes() []byte { return nil }
// Unmarshal skip, it's for test usage only.
func (t testCustomField) Unmarshal(data []byte) error { return nil }
// Empty skip, it's for test usage only.
func (t testCustomField) Empty() bool { return false }
// UnmarshalTo skip, it's for test usage only.
func (t testCustomField) MarshalTo(data []byte) (int, error) { return 0, nil }
// Marshal skip, it's for test usage only.
func (t testCustomField) Marshal() ([]byte, error) { return nil, nil }