storj/satellite/gracefulexit/validation.go

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.

package gracefulexit

import (
	"bytes"
	"context"

	"storj.io/common/identity"
	"storj.io/common/pb"
	"storj.io/common/signing"
)

func (endpoint *Endpoint) validatePendingTransfer(ctx context.Context, transfer *PendingTransfer) error {
	if transfer.SatelliteMessage == nil {
		return Error.New("Satellite message cannot be nil")
	}
	if transfer.SatelliteMessage.GetTransferPiece() == nil {
		return Error.New("Satellite message transfer piece cannot be nil")
	}
	if transfer.SatelliteMessage.GetTransferPiece().GetAddressedOrderLimit() == nil {
		return Error.New("Addressed order limit on transfer piece cannot be nil")
	}
	if transfer.SatelliteMessage.GetTransferPiece().GetAddressedOrderLimit().GetLimit() == nil {
		return Error.New("Addressed order limit on transfer piece cannot be nil")
	}
	if transfer.StreamID.IsZero() {
		return Error.New("StreamID cannot be zero")
	}
	if transfer.OriginalRootPieceID.IsZero() {
		return Error.New("could not get original root piece ID from transfer item")
	}

	return nil
}

func (endpoint *Endpoint) verifyPieceTransferred(ctx context.Context, message *pb.StorageNodeMessage_Succeeded, transfer *PendingTransfer, receivingNodePeerID *identity.PeerIdentity) error {
	originalOrderLimit := message.Succeeded.GetOriginalOrderLimit()
	if originalOrderLimit == nil {
		return ErrInvalidArgument.New("Original order limit cannot be nil")
	}
	originalPieceHash := message.Succeeded.GetOriginalPieceHash()
	if originalPieceHash == nil {
		return ErrInvalidArgument.New("Original piece hash cannot be nil")
	}
	replacementPieceHash := message.Succeeded.GetReplacementPieceHash()
	if replacementPieceHash == nil {
		return ErrInvalidArgument.New("Replacement piece hash cannot be nil")
	}

	// verify that the original piece hash and replacement piece hash match
	if !bytes.Equal(originalPieceHash.Hash, replacementPieceHash.Hash) {
		return ErrInvalidArgument.New("Piece hashes for transferred piece don't match")
	}

	// verify that the satellite signed the original order limit
	err := signing.VerifyOrderLimitSignature(ctx, endpoint.signer, originalOrderLimit)
	if err != nil {
		return ErrInvalidArgument.New("Could not validate signature from satellite on claimed original order limit: %v", err)
	}

	// verify that the public key on the order limit signed the original piece hash
	err = signing.VerifyUplinkPieceHashSignature(ctx, originalOrderLimit.UplinkPublicKey, originalPieceHash)
	if err != nil {
		return ErrInvalidArgument.New("Could not validate signature from original order limit's public key on original piece hash: %v", err)
	}

	if originalOrderLimit.PieceId != message.Succeeded.OriginalPieceId {
		return ErrInvalidArgument.New("Original piece ID in piece-transfer success message does not match piece ID in original order limit")
	}

	receivingNodeID := transfer.SatelliteMessage.GetTransferPiece().GetAddressedOrderLimit().GetLimit().StorageNodeId
	calculatedNewPieceID := transfer.OriginalRootPieceID.Derive(receivingNodeID, int32(transfer.PieceNum))
	if calculatedNewPieceID != replacementPieceHash.PieceId {
		return ErrInvalidArgument.New("Replacement piece ID does not match derived piece ID for receivingNodeID %s, PieceNum %d: %q != %q", receivingNodeID.String(), transfer.PieceNum, calculatedNewPieceID.String(), replacementPieceHash.PieceId.String())
	}

	signer := signing.SigneeFromPeerIdentity(receivingNodePeerID)

	// verify that the new node signed the replacement piece hash
	err = signing.VerifyPieceHashSignature(ctx, signer, replacementPieceHash)
	if err != nil {
		return ErrInvalidArgument.New("Could not validate signature from receiving node on replacement piece hash: %v", err)
	}
	return nil
}
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00			`// Copyright (C) 2019 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package gracefulexit`

			`import (`
			`"bytes"`
			`"context"`

common: separate repository Change-Id: Ibb89c42060450e3839481a7e495bbe3ad940610a 2019-12-27 11:48:47 +00:00			`"storj.io/common/identity"`
			`"storj.io/common/pb"`
			`"storj.io/common/signing"`
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00			`)`

satellite/gracefulexit: refactor concurrency (#3624) Update PendingMap structure to also handle concurrency control between the sending and receiving sides of the graceful exit endpoint. 2019-11-21 22:03:16 +00:00			`func (endpoint Endpoint) validatePendingTransfer(ctx context.Context, transfer PendingTransfer) error {`
			`if transfer.SatelliteMessage == nil {`
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00			`return Error.New("Satellite message cannot be nil")`
			`}`
satellite/gracefulexit: refactor concurrency (#3624) Update PendingMap structure to also handle concurrency control between the sending and receiving sides of the graceful exit endpoint. 2019-11-21 22:03:16 +00:00			`if transfer.SatelliteMessage.GetTransferPiece() == nil {`
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00			`return Error.New("Satellite message transfer piece cannot be nil")`
			`}`
satellite/gracefulexit: refactor concurrency (#3624) Update PendingMap structure to also handle concurrency control between the sending and receiving sides of the graceful exit endpoint. 2019-11-21 22:03:16 +00:00			`if transfer.SatelliteMessage.GetTransferPiece().GetAddressedOrderLimit() == nil {`
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00			`return Error.New("Addressed order limit on transfer piece cannot be nil")`
			`}`
satellite/gracefulexit: refactor concurrency (#3624) Update PendingMap structure to also handle concurrency control between the sending and receiving sides of the graceful exit endpoint. 2019-11-21 22:03:16 +00:00			`if transfer.SatelliteMessage.GetTransferPiece().GetAddressedOrderLimit().GetLimit() == nil {`
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00			`return Error.New("Addressed order limit on transfer piece cannot be nil")`
			`}`
satellite/gracefulexit: stop using gracefulexit_transfer_queue Remove the logic associated to the old transfer queue. A new transfer queue (gracefulexit_segment_transfer_queue) has been created for migration to segmentLoop. Transfers from the old queue were not moved to the new queue. Instead, it was still used for nodes which have initiated graceful exit before migration. There is no such node left, so we can remove all this logic. In a next step, we will drop the table. Change-Id: I3aa9bc29b76065d34b57a73f6e9c9d0297587f54 2021-09-05 22:29:22 +01:00			`if transfer.StreamID.IsZero() {`
			`return Error.New("StreamID cannot be zero")`
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00			`}`
satellite/gracefulexit: migrate to metabase Change-Id: I8be9cc68894124427e4a30d7631126b3afb1f281 2020-12-16 16:47:31 +00:00			`if transfer.OriginalRootPieceID.IsZero() {`
			`return Error.New("could not get original root piece ID from transfer item")`
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00			`}`

			`return nil`
			`}`

satellite/gracefulexit: refactor concurrency (#3624) Update PendingMap structure to also handle concurrency control between the sending and receiving sides of the graceful exit endpoint. 2019-11-21 22:03:16 +00:00			`func (endpoint Endpoint) verifyPieceTransferred(ctx context.Context, message pb.StorageNodeMessage_Succeeded, transfer PendingTransfer, receivingNodePeerID identity.PeerIdentity) error {`
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00			`originalOrderLimit := message.Succeeded.GetOriginalOrderLimit()`
			`if originalOrderLimit == nil {`
			`return ErrInvalidArgument.New("Original order limit cannot be nil")`
			`}`
			`originalPieceHash := message.Succeeded.GetOriginalPieceHash()`
			`if originalPieceHash == nil {`
			`return ErrInvalidArgument.New("Original piece hash cannot be nil")`
			`}`
			`replacementPieceHash := message.Succeeded.GetReplacementPieceHash()`
			`if replacementPieceHash == nil {`
			`return ErrInvalidArgument.New("Replacement piece hash cannot be nil")`
			`}`

			`// verify that the original piece hash and replacement piece hash match`
			`if !bytes.Equal(originalPieceHash.Hash, replacementPieceHash.Hash) {`
			`return ErrInvalidArgument.New("Piece hashes for transferred piece don't match")`
			`}`

			`// verify that the satellite signed the original order limit`
			`err := signing.VerifyOrderLimitSignature(ctx, endpoint.signer, originalOrderLimit)`
			`if err != nil {`
satellite/gracefulexit: better validation error messages Change-Id: I14168dbeaf17302e5e853854956f8fbcb82a0900 2020-05-26 23:25:20 +01:00			`return ErrInvalidArgument.New("Could not validate signature from satellite on claimed original order limit: %v", err)`
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00			`}`

			`// verify that the public key on the order limit signed the original piece hash`
			`err = signing.VerifyUplinkPieceHashSignature(ctx, originalOrderLimit.UplinkPublicKey, originalPieceHash)`
			`if err != nil {`
satellite/gracefulexit: better validation error messages Change-Id: I14168dbeaf17302e5e853854956f8fbcb82a0900 2020-05-26 23:25:20 +01:00			`return ErrInvalidArgument.New("Could not validate signature from original order limit's public key on original piece hash: %v", err)`
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00			`}`

			`if originalOrderLimit.PieceId != message.Succeeded.OriginalPieceId {`
satellite/gracefulexit: better validation error messages Change-Id: I14168dbeaf17302e5e853854956f8fbcb82a0900 2020-05-26 23:25:20 +01:00			`return ErrInvalidArgument.New("Original piece ID in piece-transfer success message does not match piece ID in original order limit")`
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00			`}`

satellite/gracefulexit: refactor concurrency (#3624) Update PendingMap structure to also handle concurrency control between the sending and receiving sides of the graceful exit endpoint. 2019-11-21 22:03:16 +00:00			`receivingNodeID := transfer.SatelliteMessage.GetTransferPiece().GetAddressedOrderLimit().GetLimit().StorageNodeId`
satellite/gracefulexit: migrate to metabase Change-Id: I8be9cc68894124427e4a30d7631126b3afb1f281 2020-12-16 16:47:31 +00:00			`calculatedNewPieceID := transfer.OriginalRootPieceID.Derive(receivingNodeID, int32(transfer.PieceNum))`
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00			`if calculatedNewPieceID != replacementPieceHash.PieceId {`
satellite/gracefulexit: better validation error messages Change-Id: I14168dbeaf17302e5e853854956f8fbcb82a0900 2020-05-26 23:25:20 +01:00			`return ErrInvalidArgument.New("Replacement piece ID does not match derived piece ID for receivingNodeID %s, PieceNum %d: %q != %q", receivingNodeID.String(), transfer.PieceNum, calculatedNewPieceID.String(), replacementPieceHash.PieceId.String())`
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00			`}`

satellite/gracefulexit: better validation error messages Change-Id: I14168dbeaf17302e5e853854956f8fbcb82a0900 2020-05-26 23:25:20 +01:00			`signer := signing.SigneeFromPeerIdentity(receivingNodePeerID)`
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00
			`// verify that the new node signed the replacement piece hash`
satellite/gracefulexit: better validation error messages Change-Id: I14168dbeaf17302e5e853854956f8fbcb82a0900 2020-05-26 23:25:20 +01:00			`err = signing.VerifyPieceHashSignature(ctx, signer, replacementPieceHash)`
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00			`if err != nil {`
satellite/gracefulexit: better validation error messages Change-Id: I14168dbeaf17302e5e853854956f8fbcb82a0900 2020-05-26 23:25:20 +01:00			`return ErrInvalidArgument.New("Could not validate signature from receiving node on replacement piece hash: %v", err)`
satellite/gracefulexit: separate functional code in endpoint (#3476) 2019-11-08 18:57:51 +00:00			`}`
			`return nil`
			`}`