crypto: Instantiate neofscrypto.Signature via constructor

SDK recently provided constructor of signature instances that can be
used when the signature is transmitted differently from the NeoFS API
protocol (e.g. in smart contracts or in Control service).

Signed-off-by: Leonard Lyubich <[email protected]>

cmd/neofs-cli/modules/control/util.go

@@ -5,13 +5,13 @@ import (
 	"crypto/ecdsa"
 	"errors"
 
-	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
 	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
 	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
 	controlSvc "github.com/nspcc-dev/neofs-node/pkg/services/control/server"
 	"github.com/nspcc-dev/neofs-sdk-go/client"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
+	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
 	"github.com/spf13/cobra"
 )
 
@@ -41,14 +41,10 @@ func verifyResponse(cmd *cobra.Command,
 		common.ExitOnErr(cmd, "", errors.New("missing response signature"))
 	}
 
-	// TODO(@cthulhu-rider): #1387 use Signature message from NeoFS API to avoid conversion
-	var sigV2 refs.Signature
-	sigV2.SetScheme(refs.ECDSA_SHA512)
-	sigV2.SetKey(sigControl.GetKey())
-	sigV2.SetSign(sigControl.GetSign())
+	var pubKey neofsecdsa.PublicKey
+	common.ExitOnErr(cmd, "decode public key from signature: %w", pubKey.Decode(sigControl.GetKey()))
 
-	var sig neofscrypto.Signature
-	common.ExitOnErr(cmd, "can't read signature: %w", sig.ReadFromV2(sigV2))
+	sig := neofscrypto.NewSignature(neofscrypto.ECDSA_SHA512, &pubKey, sigControl.GetSign())
 
 	if !sig.Verify(body.StableMarshal(nil)) {
 		common.ExitOnErr(cmd, "", errors.New("invalid response signature"))

pkg/morph/client/container/client.go

@@ -7,6 +7,8 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neofs-node/pkg/morph/client"
+	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
+	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
 )
 
 // Client is a wrapper over StaticClient
@@ -126,3 +128,14 @@ func WithCustomFeeForNamedPut(fee fixedn.Fixed8) Option {
 		o.feePutNamedSet = true
 	}
 }
+
+func decodeSignature(bPubKey, sig []byte) (neofscrypto.Signature, error) {
+	var pubKey neofsecdsa.PublicKeyRFC6979
+
+	err := pubKey.Decode(bPubKey)
+	if err != nil {
+		return neofscrypto.Signature{}, fmt.Errorf("decode public key: %w", err)
+	}
+
+	return neofscrypto.NewSignature(neofscrypto.ECDSA_DETERMINISTIC_SHA256, &pubKey, sig), nil
+}

pkg/morph/client/container/eacl.go

@@ -4,7 +4,6 @@ import (
 	"crypto/sha256"
 	"fmt"
 
-	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	"github.com/nspcc-dev/neofs-node/pkg/core/container"
 	"github.com/nspcc-dev/neofs-node/pkg/morph/client"
 	apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
@@ -86,12 +85,10 @@ func (c *Client) GetEACL(cnr cid.ID) (*container.EACL, error) {
 		}
 	}
 
-	// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
-	var sigV2 refs.Signature
-	sigV2.SetKey(pub)
-	sigV2.SetSign(sig)
-	sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256)
+	res.Signature, err = decodeSignature(pub, sig)
+	if err != nil {
+		return nil, fmt.Errorf("decode signature: %w", err)
+	}
 
-	err = res.Signature.ReadFromV2(sigV2)
-	return &res, err
+	return &res, nil
 }

pkg/morph/client/container/get.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	containerContract "github.com/nspcc-dev/neofs-contract/container"
 	containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
 	core "github.com/nspcc-dev/neofs-node/pkg/core/container"
@@ -102,12 +101,10 @@ func (c *Client) Get(cid []byte) (*containercore.Container, error) {
 		}
 	}
 
-	// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
-	var sigV2 refs.Signature
-	sigV2.SetKey(pub)
-	sigV2.SetSign(sigBytes)
-	sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256)
+	cnr.Signature, err = decodeSignature(pub, sigBytes)
+	if err != nil {
+		return nil, fmt.Errorf("decode signature: %w", err)
+	}
 
-	err = cnr.Signature.ReadFromV2(sigV2)
-	return &cnr, err
+	return &cnr, nil
 }

pkg/services/control/ir/server/sign.go

@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	control "github.com/nspcc-dev/neofs-node/pkg/services/control/ir"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
 	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
@@ -50,17 +49,15 @@ func (s *Server) isValidRequest(req SignedMessage) error {
 		return fmt.Errorf("marshal request body: %w", err)
 	}
 
-	// TODO(@cthulhu-rider): #1387 use Signature message from NeoFS API to avoid conversion
-	var sigV2 refs.Signature
-	sigV2.SetKey(sign.GetKey())
-	sigV2.SetSign(sign.GetSign())
-	sigV2.SetScheme(refs.ECDSA_SHA512)
+	var pubKey neofsecdsa.PublicKey
 
-	var sig neofscrypto.Signature
-	if err := sig.ReadFromV2(sigV2); err != nil {
-		return fmt.Errorf("can't read signature: %w", err)
+	err = pubKey.Decode(sign.GetKey())
+	if err != nil {
+		return fmt.Errorf("decode public key in signature: %w", err)
 	}
 
+	sig := neofscrypto.NewSignature(neofscrypto.ECDSA_SHA512, &pubKey, sign.GetSign())
+
 	if !sig.Verify(binBody) {
 		// TODO(@cthulhu-rider): #1387 use "const" error
 		return errors.New("invalid signature")

pkg/services/control/server/sign.go

@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	"github.com/nspcc-dev/neofs-node/pkg/services/control"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
 	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
@@ -50,17 +49,15 @@ func (s *Server) isValidRequest(req SignedMessage) error {
 		return fmt.Errorf("marshal request body: %w", err)
 	}
 
-	// TODO(@cthulhu-rider): #1387 use Signature message from NeoFS API to avoid conversion
-	var sigV2 refs.Signature
-	sigV2.SetKey(sign.GetKey())
-	sigV2.SetSign(sign.GetSign())
-	sigV2.SetScheme(refs.ECDSA_SHA512)
+	var pubKey neofsecdsa.PublicKey
 
-	var sig neofscrypto.Signature
-	if err := sig.ReadFromV2(sigV2); err != nil {
-		return fmt.Errorf("can't read signature: %w", err)
+	err = pubKey.Decode(sign.GetKey())
+	if err != nil {
+		return fmt.Errorf("decode public key from signature: %w", err)
 	}
 
+	sig := neofscrypto.NewSignature(neofscrypto.ECDSA_SHA512, &pubKey, sign.GetSign())
+
 	if !sig.Verify(binBody) {
 		// TODO(@cthulhu-rider): #1387 use "const" error
 		return errors.New("invalid signature")
@@ -83,7 +80,6 @@ func SignMessage(key *ecdsa.PrivateKey, msg SignedMessage) error {
 		return fmt.Errorf("calculate signature: %w", err)
 	}
 
-	// TODO(@cthulhu-rider): #1387 use Signature message from NeoFS API to avoid conversion
 	var sigControl control.Signature
 	sigControl.SetKey(sig.PublicKeyBytes())
 	sigControl.SetSign(sig.Value())

pkg/services/tree/signature.go

@@ -8,7 +8,6 @@ import (
 	"fmt"
 
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	core "github.com/nspcc-dev/neofs-node/pkg/core/container"
 	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	statusSDK "github.com/nspcc-dev/neofs-sdk-go/client/status"
@@ -126,17 +125,15 @@ func verifyMessage(m message) error {
 
 	sig := m.GetSignature()
 
-	// TODO(@cthulhu-rider): #1387 use Signature message from NeoFS API to avoid conversion
-	var sigV2 refs.Signature
-	sigV2.SetKey(sig.GetKey())
-	sigV2.SetSign(sig.GetSign())
-	sigV2.SetScheme(refs.ECDSA_SHA512)
+	var pubKey neofsecdsa.PublicKey
 
-	var sigSDK neofscrypto.Signature
-	if err := sigSDK.ReadFromV2(sigV2); err != nil {
-		return fmt.Errorf("can't read signature: %w", err)
+	err = pubKey.Decode(sig.GetKey())
+	if err != nil {
+		return fmt.Errorf("decode public key from signature: %w", err)
 	}
 
+	sigSDK := neofscrypto.NewSignature(neofscrypto.ECDSA_SHA512, &pubKey, sig.GetKey())
+
 	if !sigSDK.Verify(binBody) {
 		return errors.New("invalid signature")
 	}