From 5da565f68c5cd456ebee2473dc80046ee34fbce1 Mon Sep 17 00:00:00 2001 From: mcrakhman Date: Fri, 21 Apr 2023 23:21:49 +0200 Subject: [PATCH] Improve payload validation --- commonspace/payloads.go | 82 ++++++++++-------------------------- commonspace/payloads_test.go | 14 +++--- commonspace/space.go | 4 +- 3 files changed, 32 insertions(+), 68 deletions(-) diff --git a/commonspace/payloads.go b/commonspace/payloads.go index 4d601155..372d3ebd 100644 --- a/commonspace/payloads.go +++ b/commonspace/payloads.go @@ -1,7 +1,6 @@ package commonspace import ( - "fmt" "github.com/anytypeio/any-sync/commonspace/object/acl/aclrecordproto" "github.com/anytypeio/any-sync/commonspace/object/acl/list" "github.com/anytypeio/any-sync/commonspace/object/tree/objecttree" @@ -188,7 +187,7 @@ func storagePayloadForSpaceDerive(payload SpaceDerivePayload) (storagePayload sp } func validateSpaceStorageCreatePayload(payload spacestorage.SpaceStorageCreatePayload) (err error) { - err = validateCreateSpaceHeaderPayload(payload.SpaceHeaderWithId) + err = ValidateSpaceHeader(payload.SpaceHeaderWithId, nil) if err != nil { return } @@ -211,7 +210,16 @@ func validateSpaceStorageCreatePayload(payload spacestorage.SpaceStorageCreatePa return } -func validateCreateSpaceHeaderPayload(rawHeaderWithId *spacesyncproto.RawSpaceHeaderWithId) (err error) { +func ValidateSpaceHeader(rawHeaderWithId *spacesyncproto.RawSpaceHeaderWithId, identity crypto.PubKey) (err error) { + sepIdx := strings.Index(rawHeaderWithId.Id, ".") + if sepIdx == -1 { + err = objecttree.ErrIncorrectCid + return + } + if !cidutil.VerifyCid(rawHeaderWithId.RawHeader, rawHeaderWithId.Id[:sepIdx]) { + err = objecttree.ErrIncorrectCid + return + } var rawSpaceHeader spacesyncproto.RawSpaceHeader err = proto.Unmarshal(rawHeaderWithId.RawHeader, &rawSpaceHeader) if err != nil { @@ -222,14 +230,6 @@ func validateCreateSpaceHeaderPayload(rawHeaderWithId *spacesyncproto.RawSpaceHe if err != nil { return } - split := strings.Split(rawHeaderWithId.Id, ".") - if len(split) != 2 { - return spacestorage.ErrIncorrectSpaceHeader - } - if !cidutil.VerifyCid(rawHeaderWithId.RawHeader, split[0]) { - err = objecttree.ErrIncorrectCid - return - } payloadIdentity, err := crypto.UnmarshalEd25519PublicKeyProto(header.Identity) if err != nil { return @@ -239,16 +239,17 @@ func validateCreateSpaceHeaderPayload(rawHeaderWithId *spacesyncproto.RawSpaceHe err = spacestorage.ErrIncorrectSpaceHeader return } - id, err := cidutil.NewCidFromBytes(rawHeaderWithId.RawHeader) - if err != nil { - return - } - requiredSpaceId := fmt.Sprintf("%s.%s", id, strconv.FormatUint(header.ReplicationKey, 36)) - if requiredSpaceId != rawHeaderWithId.Id { + if rawHeaderWithId.Id[sepIdx+1:] != strconv.FormatUint(header.ReplicationKey, 36) { + err = spacestorage.ErrIncorrectSpaceHeader + return + } + if identity == nil { + return + } + if !payloadIdentity.Equals(identity) { err = spacestorage.ErrIncorrectSpaceHeader return } - return } @@ -295,6 +296,10 @@ func validateCreateSpaceAclPayload(rawWithId *aclrecordproto.RawAclRecordWithId) } func validateCreateSpaceSettingsPayload(rawWithId *treechangeproto.RawTreeChangeWithId) (aclHeadId string, spaceId string, err error) { + if !cidutil.VerifyCid(rawWithId.RawChange, rawWithId.Id) { + err = spacestorage.ErrIncorrectSpaceHeader + return + } var raw treechangeproto.RawTreeChange err = proto.Unmarshal(rawWithId.RawChange, &raw) if err != nil { @@ -314,49 +319,8 @@ func validateCreateSpaceSettingsPayload(rawWithId *treechangeproto.RawTreeChange err = spacestorage.ErrIncorrectSpaceHeader return } - id, err := cidutil.NewCidFromBytes(rawWithId.RawChange) - if id != rawWithId.Id { - err = spacestorage.ErrIncorrectSpaceHeader - return - } spaceId = rootChange.SpaceId aclHeadId = rootChange.AclHeadId return } - -// ValidateSpaceHeader Used in coordinator -func ValidateSpaceHeader(spaceId string, header []byte, identity crypto.PubKey) (err error) { - split := strings.Split(spaceId, ".") - if len(split) != 2 { - return spacestorage.ErrIncorrectSpaceHeader - } - if !cidutil.VerifyCid(header, split[0]) { - err = objecttree.ErrIncorrectCid - return - } - raw := &spacesyncproto.RawSpaceHeader{} - err = proto.Unmarshal(header, raw) - if err != nil { - return - } - payload := &spacesyncproto.SpaceHeader{} - err = proto.Unmarshal(raw.SpaceHeader, payload) - if err != nil { - return - } - payloadIdentity, err := crypto.UnmarshalEd25519PublicKeyProto(payload.Identity) - if err != nil { - return - } - if identity != nil && !payloadIdentity.Equals(identity) { - err = spacestorage.ErrIncorrectSpaceHeader - return - } - res, err := identity.Verify(raw.SpaceHeader, raw.Signature) - if err != nil || !res { - err = spacestorage.ErrIncorrectSpaceHeader - return - } - return -} diff --git a/commonspace/payloads_test.go b/commonspace/payloads_test.go index 13535b34..65bf917d 100644 --- a/commonspace/payloads_test.go +++ b/commonspace/payloads_test.go @@ -23,7 +23,7 @@ func TestSuccessHeaderPayloadForSpaceCreate(t *testing.T) { require.NoError(t, err) _, rawHeaderWithId, err := rawHeaderWithId(accountKeys) require.NoError(t, err) - err = validateCreateSpaceHeaderPayload(rawHeaderWithId) + err = ValidateSpaceHeader(rawHeaderWithId, nil) require.NoError(t, err) } @@ -64,7 +64,7 @@ func TestFailedHeaderPayloadForSpaceCreate_InvalidFormatSpaceId(t *testing.T) { RawHeader: marhalledRawHeader, Id: spaceId, } - err = validateCreateSpaceHeaderPayload(rawHeaderWithId) + err = ValidateSpaceHeader(rawHeaderWithId, nil) assert.EqualErrorf(t, err, spacestorage.ErrIncorrectSpaceHeader.Error(), "Error should be: %v, got: %v", spacestorage.ErrIncorrectSpaceHeader, err) } @@ -104,7 +104,7 @@ func TestFailedHeaderPayloadForSpaceCreate_CidIsWrong(t *testing.T) { RawHeader: marhalledRawHeader, Id: spaceId, } - err = validateCreateSpaceHeaderPayload(rawHeaderWithId) + err = ValidateSpaceHeader(rawHeaderWithId, nil) assert.EqualErrorf(t, err, objecttree.ErrIncorrectCid.Error(), "Error should be: %v, got: %v", objecttree.ErrIncorrectCid, err) } @@ -145,7 +145,7 @@ func TestFailedHeaderPayloadForSpaceCreate_SignedWithAnotherIdentity(t *testing. RawHeader: marhalledRawHeader, Id: spaceId, } - err = validateCreateSpaceHeaderPayload(rawHeaderWithId) + err = ValidateSpaceHeader(rawHeaderWithId, nil) assert.EqualErrorf(t, err, objecttree.ErrIncorrectCid.Error(), "Error should be: %v, got: %v", objecttree.ErrIncorrectCid, err) } @@ -637,17 +637,17 @@ func rawHeaderWithId(accountKeys *accountdata.AccountKeys) (spaceId string, rawW SpaceHeader: marhalled, Signature: signature, } - marhalledRawHeader, err := rawHeader.Marshal() + marshalledRawHeader, err := rawHeader.Marshal() if err != nil { return } - id, err := cidutil.NewCidFromBytes(marhalledRawHeader) + id, err := cidutil.NewCidFromBytes(marshalledRawHeader) if err != nil { return } spaceId = fmt.Sprintf("%s.%s", id, strconv.FormatUint(replicationKey, 36)) rawWithId = &spacesyncproto.RawSpaceHeaderWithId{ - RawHeader: marhalledRawHeader, + RawHeader: marshalledRawHeader, Id: spaceId, } diff --git a/commonspace/space.go b/commonspace/space.go index 24ca069a..aca80d02 100644 --- a/commonspace/space.go +++ b/commonspace/space.go @@ -3,7 +3,6 @@ package commonspace import ( "context" "errors" - "fmt" "github.com/anytypeio/any-sync/accountservice" "github.com/anytypeio/any-sync/app/logger" "github.com/anytypeio/any-sync/commonspace/headsync" @@ -30,6 +29,7 @@ import ( "github.com/zeebo/errs" "go.uber.org/zap" "strconv" + "strings" "sync" "sync/atomic" "time" @@ -77,7 +77,7 @@ type SpaceDescription struct { } func NewSpaceId(id string, repKey uint64) string { - return fmt.Sprintf("%s.%s", id, strconv.FormatUint(repKey, 36)) + return strings.Join([]string{id, strconv.FormatUint(repKey, 36)}, ".") } type Space interface {