node/object: Refactor verification of objects' signatures

cthulhu-rider · cthulhu-rider · commit f797bfa19e98 · 2025-04-02T19:02:12.000+03:00
Prolongs approach from 8d3054d to objects. The code is shared as much as possible. The panic described in nspcc-dev/neofs-sdk-go#673 is prevented in the reused code. Refs #3194. Refs #2795. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
diff --git a/internal/crypto/common.go b/internal/crypto/common.go
@@ -1,3 +1,23 @@
 package crypto
 
+import (
+	"crypto/ecdsa"
+	"fmt"
+
+	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
+)
+
 type signedDataFunc = func() []byte
+
+func verifySignature(sig neofscrypto.Signature, signedData signedDataFunc) (*ecdsa.PublicKey, error) {
+	switch scheme := sig.Scheme(); scheme {
+	default:
+		return nil, fmt.Errorf("unsupported scheme %v", scheme)
+	case neofscrypto.ECDSA_SHA512, neofscrypto.ECDSA_DETERMINISTIC_SHA256, neofscrypto.ECDSA_WALLETCONNECT:
+		pub, err := verifyECDSAFns[scheme](sig.PublicKeyBytes(), sig.Value(), signedData)
+		if err != nil {
+			return nil, schemeError(scheme, err)
+		}
+		return pub, nil
+	}
+}
diff --git a/internal/crypto/common_test.go b/internal/crypto/common_test.go
@@ -0,0 +1,25 @@
+package crypto_test
+
+import (
+	"github.com/nspcc-dev/neofs-sdk-go/user"
+)
+
+var (
+	// ECDSA private key used in tests.
+	// privECDSA = ecdsa.PrivateKey{
+	// 	PublicKey: ecdsa.PublicKey{
+	// 		Curve: elliptic.P256(),
+	// 		X: new(big.Int).SetBytes([]byte{206, 67, 193, 231, 254, 180, 127, 78, 101, 154, 23, 161, 134, 77, 122, 34, 234, 85,
+	// 			149, 44, 32, 223, 244, 140, 28, 194, 76, 214, 239, 121, 174, 40}),
+	// 		Y: new(big.Int).SetBytes([]byte{170, 190, 155, 176, 31, 11, 4, 14, 103, 210, 53, 0, 73, 46, 81, 129, 163, 217, 81, 51, 111,
+	// 			135, 223, 253, 48, 104, 240, 197, 122, 37, 197, 78}),
+	// 	},
+	// 	D: new(big.Int).SetBytes([]byte{185, 97, 226, 151, 175, 3, 234, 11, 168, 211, 53, 141, 136, 102, 100, 222, 73, 174, 234, 157,
+	// 		139, 192, 66, 145, 13, 173, 12, 120, 22, 134, 52, 180}),
+	// }
+	// corresponds to the private key.
+	pubECDSA = []byte{2, 206, 67, 193, 231, 254, 180, 127, 78, 101, 154, 23, 161, 134, 77, 122, 34, 234, 85, 149, 44, 32, 223,
+		244, 140, 28, 194, 76, 214, 239, 121, 174, 40}
+	// corresponds to pubECDSA.
+	issuer = user.ID{53, 57, 243, 96, 136, 255, 217, 227, 204, 13, 243, 228, 109, 31, 226, 226, 236, 62, 13, 190, 156, 135, 252, 236, 8}
+)
diff --git a/internal/crypto/errors.go b/internal/crypto/errors.go
@@ -9,6 +9,8 @@ import (
 
 var errIssuerMismatch = errors.New("issuer mismatches signature")
 
+var errMissingSignature = errors.New("missing signature")
+
 func schemeError(s neofscrypto.Scheme, cause error) error {
 	return fmt.Errorf("scheme %v: %w", s, cause)
 }
diff --git a/internal/crypto/object.go b/internal/crypto/object.go
@@ -0,0 +1,15 @@
+package crypto
+
+import (
+	"github.com/nspcc-dev/neofs-sdk-go/object"
+)
+
+// AuthenticateObject checks whether obj is signed correctly by its owner.
+func AuthenticateObject(obj object.Object) error {
+	sig := obj.Signature()
+	if sig == nil {
+		return errMissingSignature
+	}
+	_, err := verifySignature(*sig, obj.SignedData)
+	return err
+}
diff --git a/internal/crypto/object_test.go b/internal/crypto/object_test.go
@@ -0,0 +1,164 @@
+package crypto_test
+
+import (
+	"crypto/sha256"
+	"fmt"
+	"slices"
+	"testing"
+
+	icrypto "github.com/nspcc-dev/neofs-node/internal/crypto"
+	"github.com/nspcc-dev/neofs-sdk-go/checksum"
+	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
+	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
+	"github.com/nspcc-dev/neofs-sdk-go/object"
+	oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
+	"github.com/nspcc-dev/neofs-sdk-go/version"
+	"github.com/nspcc-dev/tzhash/tz"
+	"github.com/stretchr/testify/require"
+)
+
+func TestAuthenticateObject(t *testing.T) {
+	t.Run("without signature", func(t *testing.T) {
+		obj := getUnsignedObject()
+		require.EqualError(t, icrypto.AuthenticateObject(obj), "missing signature")
+	})
+	t.Run("unsupported scheme", func(t *testing.T) {
+		obj := objectECDSASHA512
+		sig := *obj.Signature()
+		sig.SetScheme(3)
+		obj.SetSignature(&sig)
+		require.EqualError(t, icrypto.AuthenticateObject(obj), "unsupported scheme 3")
+	})
+	t.Run("invalid public key", func(t *testing.T) {
+		for _, tc := range []struct {
+			name, err string
+			changePub func([]byte) []byte
+		}{
+			{name: "nil", err: "EOF", changePub: func([]byte) []byte { return nil }},
+			{name: "empty", err: "EOF", changePub: func([]byte) []byte { return []byte{} }},
+			{name: "undersize", err: "unexpected EOF", changePub: func(k []byte) []byte { return k[:len(k)-1] }},
+			{name: "oversize", err: "extra data", changePub: func(k []byte) []byte { return append(k, 1) }},
+			{name: "prefix 0", err: "invalid prefix 0", changePub: func(k []byte) []byte { return []byte{0x00} }},
+			{name: "prefix 1", err: "invalid prefix 1", changePub: func(k []byte) []byte { return []byte{0x01} }},
+			{name: "prefix 4", err: "EOF", changePub: func(k []byte) []byte { return []byte{0x04} }},
+			{name: "prefix 5", err: "invalid prefix 5", changePub: func(k []byte) []byte { return []byte{0x05} }},
+		} {
+			t.Run(tc.name, func(t *testing.T) {
+				obj := objectECDSASHA512
+				sig := *obj.Signature()
+				sig.SetPublicKeyBytes(tc.changePub(sig.PublicKeyBytes()))
+				obj.SetSignature(&sig)
+				err := icrypto.AuthenticateObject(obj)
+				require.EqualError(t, err, "scheme ECDSA_SHA512: decode public key: "+tc.err)
+			})
+		}
+	})
+	t.Run("signature mismatch", func(t *testing.T) {
+		for _, tc := range []struct {
+			scheme neofscrypto.Scheme
+			obj    object.Object
+		}{
+			{neofscrypto.ECDSA_SHA512, objectECDSASHA512},
+			{neofscrypto.ECDSA_DETERMINISTIC_SHA256, objectECDSARFC6979},
+			{neofscrypto.ECDSA_WALLETCONNECT, objectECDSAWalletConnect},
+		} {
+			t.Run(tc.scheme.String(), func(t *testing.T) {
+				sig := *tc.obj.Signature()
+				validSig := sig.Value()
+				for i := range validSig {
+					cp := slices.Clone(validSig)
+					cp[i]++
+					sig.SetValue(cp)
+					tc.obj.SetSignature(&sig)
+					err := icrypto.AuthenticateObject(tc.obj)
+					require.EqualError(t, err, fmt.Sprintf("scheme %s: signature mismatch", tc.scheme))
+				}
+			})
+		}
+	})
+	for _, tc := range []struct {
+		scheme neofscrypto.Scheme
+		object object.Object
+	}{
+		{scheme: neofscrypto.ECDSA_SHA512, object: objectECDSASHA512},
+		{scheme: neofscrypto.ECDSA_DETERMINISTIC_SHA256, object: objectECDSARFC6979},
+		{scheme: neofscrypto.ECDSA_WALLETCONNECT, object: objectECDSAWalletConnect},
+	} {
+		require.NoError(t, icrypto.AuthenticateObject(tc.object))
+	}
+}
+
+// set in init.
+var (
+	objectECDSASHA512        object.Object
+	objectECDSARFC6979       object.Object
+	objectECDSAWalletConnect object.Object
+)
+
+func getUnsignedObject() object.Object {
+	const creationEpoch = 1362292619
+	const typ = 43308543
+	ver := version.New(123, 456)
+	cnr := cid.ID{61, 208, 16, 128, 106, 78, 90, 196, 156, 65, 180, 142, 62, 137, 245, 242, 69, 250, 212, 176, 35, 114, 239, 114, 53,
+		231, 19, 14, 46, 67, 163, 155}
+	childPayload := []byte("Hello,")
+	payload := slices.Concat(childPayload, []byte("world!"))
+
+	var par object.Object
+	par.SetPayload(payload)
+	par.SetPayloadSize(uint64(len(payload)))
+	par.SetVersion(&ver)
+	par.SetContainerID(cnr)
+	par.SetOwner(issuer)
+	par.SetCreationEpoch(creationEpoch)
+	par.SetType(typ)
+	par.SetPayloadHomomorphicHash(checksum.NewTillichZemor(tz.Sum(payload)))
+	par.SetPayloadChecksum(checksum.NewSHA256(sha256.Sum256(payload)))
+	par.SetAttributes(*object.NewAttribute("690530953", "39483258"), *object.NewAttribute("7208331", "31080424839"))
+	par.SetID(oid.ID{156, 209, 245, 87, 177, 145, 183, 8, 181, 92, 171, 193, 58, 125, 77, 11, 28, 161, 217, 151, 17, 212, 232, 88, 6,
+		180, 184, 86, 250, 85, 25, 180})
+
+	var child object.Object
+	child.SetPayload(childPayload)
+	child.SetPayloadSize(uint64(len(childPayload)))
+	child.SetVersion(&ver)
+	child.SetContainerID(cnr)
+	child.SetOwner(issuer)
+	child.SetCreationEpoch(creationEpoch)
+	child.SetType(typ)
+	child.SetPayloadHomomorphicHash(checksum.NewTillichZemor(tz.Sum(childPayload)))
+	child.SetPayloadChecksum(checksum.NewSHA256(sha256.Sum256(childPayload)))
+	child.SetSessionToken(&objectSessionECDSASHA512)
+	child.SetAttributes(*object.NewAttribute("31429585", "689450942"), *object.NewAttribute("129849325", "859384298"))
+	child.SetParent(&par)
+	child.SetID(oid.ID{25, 17, 250, 236, 165, 250, 160, 140, 87, 82, 187, 44, 12, 8, 158, 58, 100, 16, 41, 157, 111, 174, 154, 150,
+		232, 233, 226, 172, 238, 99, 141, 247})
+
+	return child
+}
+
+func init() {
+	objectECDSASHA512 = getUnsignedObject()
+	objectECDSASHA512Sig := neofscrypto.NewSignatureFromRawKey(neofscrypto.ECDSA_SHA512, pubECDSA, []byte{
+		4, 120, 189, 133, 160, 231, 85, 45, 168, 156, 247, 131, 90, 93, 201, 80, 135, 207, 211, 4, 181, 153, 60, 59, 125, 134, 10, 176,
+		42, 211, 225, 114, 11, 148, 215, 152, 237, 37, 67, 172, 191, 210, 254, 104, 66, 140, 25, 27, 60, 63, 150, 185, 253, 238, 17,
+		124, 147, 228, 53, 117, 177, 0, 2, 76, 52,
+	})
+	objectECDSASHA512.SetSignature(&objectECDSASHA512Sig)
+
+	objectECDSARFC6979 = getUnsignedObject()
+	objectECDSARFC6979Sig := neofscrypto.NewSignatureFromRawKey(neofscrypto.ECDSA_DETERMINISTIC_SHA256, pubECDSA, []byte{
+		107, 253, 17, 84, 1, 224, 98, 101, 53, 167, 26, 89, 223, 49, 127, 98, 167, 187, 83, 0, 254, 50, 1, 155, 25, 96, 247, 197, 44,
+		65, 81, 71, 86, 248, 232, 234, 140, 157, 75, 111, 205, 226, 86, 236, 119, 67, 174, 242, 107, 239, 51, 161, 190, 46, 47, 106,
+		125, 187, 139, 136, 157, 13, 155, 226,
+	})
+	objectECDSARFC6979.SetSignature(&objectECDSARFC6979Sig)
+
+	objectECDSAWalletConnect = getUnsignedObject()
+	objectECDSAWalletConnectSig := neofscrypto.NewSignatureFromRawKey(neofscrypto.ECDSA_WALLETCONNECT, pubECDSA, []byte{
+		84, 5, 202, 158, 44, 80, 124, 72, 23, 229, 165, 239, 50, 132, 58, 19, 38, 11, 103, 133, 9, 72, 247, 40, 181, 106, 4, 127,
+		33, 7, 208, 247, 38, 4, 68, 35, 143, 94, 113, 45, 183, 33, 111, 214, 194, 132, 219, 152, 198, 52, 91, 63, 20, 228, 177, 38,
+		13, 118, 175, 115, 27, 196, 106, 86, 76, 12, 50, 243, 225, 202, 234, 92, 207, 59, 179, 225, 148, 35, 212, 200,
+	})
+	objectECDSAWalletConnect.SetSignature(&objectECDSAWalletConnectSig)
+}
diff --git a/internal/crypto/tokens.go b/internal/crypto/tokens.go
@@ -1,35 +1,29 @@
 package crypto
 
 import (
-	"crypto/ecdsa"
 	"errors"
-	"fmt"
 
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
 	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // TODO: https://github.com/nspcc-dev/neofs-node/issues/2795 after API stabilization, move some components to SDK
 
-// SignedToken is a common interface of signed NeoFS tokens.
-type SignedToken interface {
-	SignedData() []byte
-	Signature() (neofscrypto.Signature, bool)
-}
-
 // AuthenticateToken checks whether t is signed correctly by its issuer.
 func AuthenticateToken[T interface {
-	SignedToken
+	SignedData() []byte
+	Signature() (neofscrypto.Signature, bool)
 	Issuer() user.ID
 }](token T) error {
-	return authToken(token, token.Issuer())
-}
-
-func authToken[T SignedToken](token T, issuer user.ID) error {
+	issuer := token.Issuer()
 	if issuer.IsZero() {
 		return errors.New("missing issuer")
 	}
-	pub, err := verifyTokenSignature(token)
+	sig, ok := token.Signature()
+	if !ok {
+		return errMissingSignature
+	}
+	pub, err := verifySignature(sig, token.SignedData)
 	if err != nil {
 		return err
 	}
@@ -38,20 +32,3 @@ func authToken[T SignedToken](token T, issuer user.ID) error {
 	}
 	return nil
 }
-
-func verifyTokenSignature[T SignedToken](token T) (*ecdsa.PublicKey, error) {
-	sig, ok := token.Signature()
-	if !ok {
-		return nil, errors.New("missing signature")
-	}
-	switch scheme := sig.Scheme(); scheme {
-	default:
-		return nil, fmt.Errorf("unsupported scheme %v", scheme)
-	case neofscrypto.ECDSA_SHA512, neofscrypto.ECDSA_DETERMINISTIC_SHA256, neofscrypto.ECDSA_WALLETCONNECT:
-		pub, err := verifyECDSAFns[scheme](sig.PublicKeyBytes(), sig.Value(), token.SignedData)
-		if err != nil {
-			return nil, schemeError(scheme, err)
-		}
-		return pub, nil
-	}
-}
diff --git a/internal/crypto/tokens_test.go b/internal/crypto/tokens_test.go
@@ -318,26 +318,6 @@ func TestAuthenticateSessionToken_Container(t *testing.T) {
 	}
 }
 
-var (
-	// ECDSA private key used in tests.
-	// privECDSA = ecdsa.PrivateKey{
-	// 	PublicKey: ecdsa.PublicKey{
-	// 		Curve: elliptic.P256(),
-	// 		X: new(big.Int).SetBytes([]byte{206, 67, 193, 231, 254, 180, 127, 78, 101, 154, 23, 161, 134, 77, 122, 34, 234, 85,
-	// 			149, 44, 32, 223, 244, 140, 28, 194, 76, 214, 239, 121, 174, 40}),
-	// 		Y: new(big.Int).SetBytes([]byte{170, 190, 155, 176, 31, 11, 4, 14, 103, 210, 53, 0, 73, 46, 81, 129, 163, 217, 81, 51, 111,
-	// 			135, 223, 253, 48, 104, 240, 197, 122, 37, 197, 78}),
-	// 	},
-	// 	D: new(big.Int).SetBytes([]byte{185, 97, 226, 151, 175, 3, 234, 11, 168, 211, 53, 141, 136, 102, 100, 222, 73, 174, 234, 157,
-	// 		139, 192, 66, 145, 13, 173, 12, 120, 22, 134, 52, 180}),
-	// }
-	// corresponds to the private key.
-	pubECDSA = []byte{2, 206, 67, 193, 231, 254, 180, 127, 78, 101, 154, 23, 161, 134, 77, 122, 34, 234, 85, 149, 44, 32, 223,
-		244, 140, 28, 194, 76, 214, 239, 121, 174, 40}
-	// corresponds to pubECDSA.
-	issuer = user.ID{53, 57, 243, 96, 136, 255, 217, 227, 204, 13, 243, 228, 109, 31, 226, 226, 236, 62, 13, 190, 156, 135, 252, 236, 8}
-)
-
 // set in init.
 var (
 	bearerECDSASHA512        bearer.Token
diff --git a/pkg/core/object/fmt.go b/pkg/core/object/fmt.go
@@ -187,7 +187,7 @@ func validateSignature(obj *object.Object) error {
 		return errors.New("missing signature")
 	}
 
-	if !obj.VerifySignature() {
+	if err := icrypto.AuthenticateObject(*obj); err != nil {
 		return errors.New("invalid signature")
 	}
 
diff --git a/pkg/core/object/fmt_test.go b/pkg/core/object/fmt_test.go
@@ -142,21 +142,17 @@ func TestFormatValidator_Validate(t *testing.T) {
 			for _, tc := range []struct {
 				name      string
 				changePub func([]byte) []byte
-				skip      bool
 			}{
 				{name: "nil", changePub: func([]byte) []byte { return nil }},
 				{name: "empty", changePub: func([]byte) []byte { return []byte{} }},
 				{name: "undersize", changePub: func(k []byte) []byte { return k[:len(k)-1] }},
 				{name: "oversize", changePub: func(k []byte) []byte { return append(k, 1) }},
-				{name: "prefix 0", changePub: func(k []byte) []byte { return []byte{0x00} }, skip: true},
+				{name: "prefix 0", changePub: func(k []byte) []byte { return []byte{0x00} }},
 				{name: "prefix 1", changePub: func(k []byte) []byte { return []byte{0x01} }},
 				{name: "prefix 4", changePub: func(k []byte) []byte { return []byte{0x04} }},
 				{name: "prefix 5", changePub: func(k []byte) []byte { return []byte{0x05} }},
 			} {
 				t.Run(tc.name, func(t *testing.T) {
-					if tc.skip {
-						t.Skip()
-					}
 					pub := slices.Clone(signer.PublicKeyBytes)
 					sig.SetPublicKeyBytes(tc.changePub(pub))
 					obj.SetSignature(&sig)

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,8 @@ import (`
`9`	`9`
`10`	`10`	`var errIssuerMismatch = errors.New("issuer mismatches signature")`
`11`	`11`
	`12`	`+var errMissingSignature = errors.New("missing signature")`
	`13`	`+`
`12`	`14`	`func schemeError(s neofscrypto.Scheme, cause error) error {`
`13`	`15`	`return fmt.Errorf("scheme %v: %w", s, cause)`
`14`	`16`	`}`
Original file line number	Diff line number	Diff line change
`@@ -187,7 +187,7 @@ func validateSignature(obj *object.Object) error {`
`187`	`187`	`return errors.New("missing signature")`
`188`	`188`	`}`
`189`	`189`
`190`		`- if !obj.VerifySignature() {`
	`190`	`+ if err := icrypto.AuthenticateObject(*obj); err != nil {`
`191`	`191`	`return errors.New("invalid signature")`
`192`	`192`	`}`
`193`	`193`