feat/exchange object meta's signatures #2928
Conversation
carpawell
force-pushed
the
feat/exchange-object-meta-signatures
branch
from
d6037df
to
a30127e
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #2928 +/- ##
==========================================
+ Coverage 23.88% 23.91% +0.03%
==========================================
Files 775 776 +1
Lines 45610 45714 +104
==========================================
+ Hits 10892 10932 +40
- Misses 33861 33922 +61
- Partials 857 860 +3 ☔ View full report in Codecov by Sentry. |
carpawell
requested review from
roman-khimov and
cthulhu-rider
as code owners
|
Format, @AnnaShaleva, could you, please, also take a peek at what we are planning to use as a standard message? (see #2876 also) |
There was a problem hiding this comment.
quite a large amount of work has been done, I like how it fits into the old concepts
in the commit desc u indicate that the signatures are only partially used for now, do we have any pledged proposals for further use? I would also refer to them in order to confirm the motivation for the preliminary changes
pkg/core/object/replicate.go
Outdated
| validInterval = 10 // in epoches | ||
| currentVersion = 6 // it is also a number of fields | ||
|
|
||
| cidKey = "cid" |
There was a problem hiding this comment.
not critical but i'd make a separate group for these consts
pkg/core/object/replicate.go
Outdated
| ) | ||
|
|
||
| const ( | ||
| validInterval = 10 // in epoches |
There was a problem hiding this comment.
| validInterval = 10 // in epoches | |
| validInterval = 10 // in epochs |
pkg/core/object/replicate.go
Outdated
| // "validuntil": last valid epoch number for meta information | ||
| // | ||
| // Last valid epoch is object's creation epoch + 10. | ||
| func MetaInfo(cID cid.ID, oID oid.ID, pSize uint64, deleted []oid.ID, locked []oid.ID, createdAt uint64) []byte { |
There was a problem hiding this comment.
| func MetaInfo(cID cid.ID, oID oid.ID, pSize uint64, deleted []oid.ID, locked []oid.ID, createdAt uint64) []byte { | |
| func EncodeReplicationMetaInfo(cID cid.ID, oID oid.ID, pSize uint64, deleted []oid.ID, locked []oid.ID, createdAt uint64) []byte { |
would be more clear imo
pkg/core/object/replicate.go
Outdated
| // Last valid epoch is object's creation epoch + 10. | ||
| func MetaInfo(cID cid.ID, oID oid.ID, pSize uint64, deleted []oid.ID, locked []oid.ID, createdAt uint64) []byte { | ||
| kvs := make([]stackitem.MapElement, 0, currentVersion) | ||
| kvs = append(kvs, kv(cidKey, cID[:])) |
There was a problem hiding this comment.
appends look redundant here, kvs can be initialized in one assignment
pkg/core/object/replicate.go
Outdated
| // all the errors in the stackitem relate only cases when it is | ||
| // impossible to use serialized values (too many values, unsupported | ||
| // types, etc.), unexpected errors at all | ||
| panic(err) |
There was a problem hiding this comment.
i'd also add context like
| panic(err) | |
| panic(fmt.Errorf("unexpected stackitem map serialization failure: %v", err)) |
|
|
||
| locked = make([]oid.ID, l.NumberOfMembers()) | ||
| l.ReadMembers(locked) | ||
| default: |
There was a problem hiding this comment.
forgot code or redundant?
There was a problem hiding this comment.
no, why? if we are replicating a lock/tomb object, we add IDs, but if we are adding a regular object, nothing should be done in this switch
or what you suggest here?
| @@ -178,7 +180,20 @@ func (s *Server) Replicate(_ context.Context, req *objectGRPC.ReplicateRequest) | |||
| }}, nil | |||
| } | |||
|
|
|||
| return new(objectGRPC.ReplicateResponse), nil | |||
| resp := new(objectGRPC.ReplicateResponse) | |||
| if req.GetSignObject() { | |||
There was a problem hiding this comment.
do u plan to add tests for these cases? there are few of them now
| fmt.Println("DEBUG: trying to verify signatures") | ||
|
|
||
| if !sig.Verify(t.objSharedMeta) { | ||
| return apistatus.ErrSignatureVerification |
There was a problem hiding this comment.
quite a few signatures are checked during communication, so I would add context what exact verification has failed
| default: | ||
| } | ||
|
|
||
| t.objSharedMeta = object.MetaInfo(t.obj.GetContainerID(), t.obj.GetID(), t.obj.PayloadSize(), deletedObjs, lockedObjs, t.obj.CreationEpoch()) |
There was a problem hiding this comment.
t.objSharedMeta is used conditionally while calculated unconditionally. Lets sync
There was a problem hiding this comment.
can you elaborate a little? this is calculated before any concurrent code, but is read concurrently, yes. do you mean some comments about it? or you want to see a lock here?
| return fmt.Errorf("could not close object stream: %w", err) | ||
| } | ||
|
|
||
| if !node.local { |
There was a problem hiding this comment.
shouldnt this be
| if !node.local { | |
| if t.localNodeInContainer && !node.local { |
? Seems like ur proposal would fail when request goes through a non-container node
There was a problem hiding this comment.
hm, that's interesting. what a non-contianer node should do if it faces an object whose meta signatures it should check? @roman-khimov
There was a problem hiding this comment.
Why would it be involved in replication?
There was a problem hiding this comment.
what does a node do when it is asked to sign with session key objects of a container it does not belong to?
There was a problem hiding this comment.
It's signing and passing the object to container node.
There was a problem hiding this comment.
oh, i have overthought some things in this code but yes, t.localNodeInContainer is enough, added. (also added nil signature check)
| metaInfo := objectcore.MetaInfo(o.GetContainerID(), o.GetID(), o.PayloadSize(), deleted, locked, o.CreationEpoch()) | ||
|
|
||
| var sig neofscrypto.Signature | ||
| err := sig.Calculate(s.signer, metaInfo) |
There was a problem hiding this comment.
this differs from the original protocol definition
do I understand correctly that we decided to limit the amount of information being signed, and this approach will eventually be "backported" into the protocol?
There was a problem hiding this comment.
yes, things have changed with time (or i did not get them from the beginning). we have discussed it with @roman-khimov, a custom message should be provided (see the 2. in the comment mostly)
and this approach will eventually be "backported" into the protocol?
yes, that is right. not release was done since so it should not be a problem
Yes, there should be some event contracts and contract-side validation. This is kinda the first iteration, all the other work will be done soon after this PR is discussed and approved.
Added contract issues to the commit desc. |
carpawell
force-pushed
the
feat/exchange-object-meta-signatures
branch
from
a30127e
to
96f271f
Compare
carpawell
force-pushed
the
feat/exchange-object-meta-signatures
branch
from
96f271f
to
0bcc540
Compare
It has `Replicate` with meta signatures. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
Initial replication requires nodes to sign object's main meta information and respond with it. Meta information is not sent on wire and treated as a fixed ordered NEO's map. Signatures are verified, not stored/send anywhere yet. It follows the recent API extension: nspcc-dev/neofs-api#299. Further, this extension is planned to have a contract adoption: nspcc-dev/neofs-contract#413 and nspcc-dev/neofs-contract#414. Closes #2876. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
When I wanted to use it, I wrote all the code based on `uint32` (because I knew it should be this way), and at the last moment I found that `client` package returns it as `uint64` for no reason. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
It saves from replay attacks and makes replication operation (and meta information in particular) more explicit. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
carpawell
force-pushed
the
feat/exchange-object-meta-signatures
branch
from
0bcc540
to
d7b63cb
Compare
No description provided.