Skip to content

Commit

Permalink
neofs: Sign multipart objects in the gate
Browse files Browse the repository at this point in the history 
Closes #975.

Signed-off-by: Evgenii Baidakov <[email protected]>
  • Loading branch information
@smallhive
smallhive committed Sep 10, 2024
1 parent 55f9e7a commit b038931
Showing 1 changed file with 36 additions and 0 deletions.
36 changes: 36 additions & 0 deletions internal/neofs/neofs.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"github.com/nspcc-dev/neofs-sdk-go/container"
"github.com/nspcc-dev/neofs-sdk-go/container/acl"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
"github.com/nspcc-dev/neofs-sdk-go/eacl"
"github.com/nspcc-dev/neofs-sdk-go/object"
oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
Expand Down Expand Up @@ -246,6 +247,37 @@ func (x *NeoFS) DeleteContainer(ctx context.Context, id cid.ID, token *session.C
return nil
}

func (x *NeoFS) signMultipartObject(header *object.Object, signer neofscrypto.Signer) error {
var (
payloadChecksum = sha256.New()
sig neofscrypto.Signature
)

payloadChecksum.Write(header.Payload())
header.SetPayloadChecksum(checksum.NewFromHash(checksum.SHA256, payloadChecksum))

if x.IsHomomorphicHashingEnabled() {
var homoChecksum = tz.New()

homoChecksum.Write(header.Payload())
header.SetPayloadHomomorphicHash(checksum.NewFromHash(checksum.TillichZemor, homoChecksum))
}

Check warning on line 264 in internal/neofs/neofs.go

View check run for this annotation

Codecov / codecov/patch

internal/neofs/neofs.go#L250-L264 

Added lines #L250 - L264 were not covered by tests

id, err := header.CalculateID()
if err != nil {
return fmt.Errorf("calculate ID: %w", err)
}
header.SetID(id)

if err = sig.Calculate(signer, id.Marshal()); err != nil {
return fmt.Errorf("sign object ID: %w", err)
}

Check warning on line 274 in internal/neofs/neofs.go

View check run for this annotation

Codecov / codecov/patch

internal/neofs/neofs.go#L266-L274 

Added lines #L266 - L274 were not covered by tests

header.SetSignature(&sig)

return nil

Check warning on line 278 in internal/neofs/neofs.go

View check run for this annotation

Codecov / codecov/patch

internal/neofs/neofs.go#L276-L278 

Added lines #L276 - L278 were not covered by tests
}

// CreateObject implements neofs.NeoFS interface method.
func (x *NeoFS) CreateObject(ctx context.Context, prm layer.PrmObjectCreate) (oid.ID, error) {
attrNum := len(prm.Attributes) + 1 // + creation time
Expand Down Expand Up @@ -310,6 +342,10 @@ func (x *NeoFS) CreateObject(ctx context.Context, prm layer.PrmObjectCreate) (oi
prm.Payload = bytes.NewReader(obj.Payload())
obj.SetPayloadSize(uint64(len(obj.Payload())))

if err := x.signMultipartObject(&obj, x.signer(ctx)); err != nil {
return oid.ID{}, errors.New("object sign failed")
}

Check warning on line 347 in internal/neofs/neofs.go

View check run for this annotation

Codecov / codecov/patch

internal/neofs/neofs.go#L345-L347 

Added lines #L345 - L347 were not covered by tests

// Link object should never have a previous one.
obj.ResetPreviousID()
}
Expand Down

0 comments on commit b038931

Please sign in to comment.